Skip to content

mitre/stixmarx

BranchesTags

Repository files navigation

stixmarx

A Python API for marking STIX data.

Source:https://github.com/mitre/stixmarx/
Documentation:https://stixmarx.readthedocs.org/
Information:https://stixproject.github.io/

Travis CI Build Status Landscape.io Code Health PyPI Package Index

Data Markings Concept

Learn more about the Data Markings concept here.

Examples

The following examples demonstrate the intended use of the stixmarx library.

Adding Markings

# stixmarx imports
import stixmarx

# python-stix imports
from stix.indicator import Indicator
from stix.data_marking import MarkingSpecification
from stix.extensions.marking.tlp import TLPMarkingStructure as TLP


# Create a new stixmarx MarkingContainer with a
# new STIXPackage object contained within it.
container = stixmarx.new()

# Get the associated STIX Package
package = container.package

# Create an Indicator object
indicator = Indicator(title='Indicator Title', description='Gonna Mark This')

# Add the Indicator object to our STIX Package
package.add(indicator)

# Build MarkingSpecification and add TLP MarkingStructure
red_marking = MarkingSpecification(marking_structures=TLP(color="RED"))
amber_marking = MarkingSpecification(marking_structures=TLP(color="AMBER"))
green_marking = MarkingSpecification(marking_structures=TLP(color="GREEN"))


# Mark the indicator with our TLP RED marking
# This is the equivalent of a component marking. Applies to all descendants
# nodes, text and attributes.
container.add_marking(indicator, red_marking, descendants=True)


# Mark the indicator with TLP GREEN. If descendants is false, the marking
# will only apply to the indicator node. Does NOT include text, attributes
# or descendants.
container.add_marking(indicator, green_marking)


# Mark the description text.
# >>> type(indicator.description.value)  <type 'str'>
indicator.description.value = container.add_marking(indicator.description.value, amber_marking)
# >>> type(indicator.description.value)  <class 'stixmarx.api.types.MarkableBytes'>


# Mark the indicator timestamp attribute.
# >>> type(indicator.timestamp)  <type 'datetime.datetime'>
indicator.timestamp = container.add_marking(indicator.timestamp, amber_marking)
# >>> type(indicator.timestamp)  <type 'stixmarx.api.types.MarkableDateTime'>

# Print the XML!
print container.to_xml()

Retrieving Markings

# stixmarx
import stixmarx

# Parse the input into a MarkingContainer
container = stixmarx.parse("stix-document.xml")

# Get container package
package = container.package

# Get the markings that apply to the entire XML document
global_markings = container.get_markings(package)

# Print the dictionary representation for our only global marking
marking = global_markings[0]
print marking.to_dict()

# Get our only indicator from the STIX Package
indicator = package.indicators[0]

# Get the markings from the Indicator.
# Note: This will include the global markings and any other markings
# applied by an ancestor!
indicator_markings = container.get_markings(indicator)

# Print the Indicator markings!
for marking in indicator_markings:
    print marking.to_dict()

Notice

This software was produced for the U. S. Government, and is subject to the Rights in Data-General Clause 52.227-14, Alt. IV (DEC 2007).

Copyright (c) 2017, The MITRE Corporation. All Rights Reserved.

About

Data Markings API for STIX 1.x

Resources

Readme

License

View license
Activity
Custom properties

Stars

9 stars

Watchers

12 watching

Forks

7 forks
Report repository

Releases 7

Version 1.0.8 Latest
Nov 18, 2020
+ 6 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages