Skip to main content
Python Software Foundation 20th Year Anniversary Fundraiser  Donate today!

A data marking API for STIX 1 content.

Project description

A Python API for marking STIX data.


Travis CI Build Status Code Health PyPI Package Index

Data Markings Concept

Learn more about the Data Markings concept here.


The following examples demonstrate the intended use of the stixmarx library.

Adding Markings

# stixmarx imports
import stixmarx

# python-stix imports
from stix.indicator import Indicator
from stix.data_marking import MarkingSpecification
from stix.extensions.marking.tlp import TLPMarkingStructure as TLP

# Create a new stixmarx MarkingContainer with a
# new STIXPackage object contained within it.
container =

# Get the associated STIX Package
package = container.package

# Create an Indicator object
indicator = Indicator(title='Indicator Title', description='Gonna Mark This')

# Add the Indicator object to our STIX Package

# Build MarkingSpecification and add TLP MarkingStructure
red_marking = MarkingSpecification(marking_structures=TLP(color="RED"))
amber_marking = MarkingSpecification(marking_structures=TLP(color="AMBER"))
green_marking = MarkingSpecification(marking_structures=TLP(color="GREEN"))

# Mark the indicator with our TLP RED marking
# This is the equivalent of a component marking. Applies to all descendants
# nodes, text and attributes.
container.add_marking(indicator, red_marking, descendants=True)

# Mark the indicator with TLP GREEN. If descendants is false, the marking
# will only apply to the indicator node. Does NOT include text, attributes
# or descendants.
container.add_marking(indicator, green_marking)

# Mark the description text.
# >>> type(indicator.description.value)  <type 'str'>
indicator.description.value = container.add_marking(indicator.description.value, amber_marking)
# >>> type(indicator.description.value)  <class 'stixmarx.api.types.MarkableBytes'>

# Mark the indicator timestamp attribute.
# >>> type(indicator.timestamp)  <type 'datetime.datetime'>
indicator.timestamp = container.add_marking(indicator.timestamp, amber_marking)
# >>> type(indicator.timestamp)  <type 'stixmarx.api.types.MarkableDateTime'>

# Print the XML!
print container.to_xml()

Retrieving Markings

# stixmarx
import stixmarx

# Parse the input into a MarkingContainer
container = stixmarx.parse("stix-document.xml")

# Get container package
package = container.package

# Get the markings that apply to the entire XML document
global_markings = container.get_markings(package)

# Print the dictionary representation for our only global marking
marking = global_markings[0]
print marking.to_dict()

# Get our only indicator from the STIX Package
indicator = package.indicators[0]

# Get the markings from the Indicator.
# Note: This will include the global markings and any other markings
# applied by an ancestor!
indicator_markings = container.get_markings(indicator)

# Print the Indicator markings!
for marking in indicator_markings:
    print marking.to_dict()


This software was produced for the U. S. Government, and is subject to the Rights in Data-General Clause 52.227-14, Alt. IV (DEC 2007).

Copyright (c) 2017, The MITRE Corporation. All Rights Reserved.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for stixmarx, version 1.0.8
Filename, size File type Python version Upload date Hashes
Filename, size stixmarx-1.0.8-py2.py3-none-any.whl (32.3 kB) File type Wheel Python version py2.py3 Upload date Hashes View
Filename, size stixmarx-1.0.8.tar.gz (27.7 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page