Version: 1.2.0.5.dev0

stix.core.stix_package Module

Overview

The stix.core.stix_package module implements STIXPackage.

STIXType defines a bundle of information characterized in the Structured Threat Information eXpression (STIX) language.

Documentation Resources

Classes

class stix.core.stix_package.STIXPackage(id_=None, idref=None, timestamp=None, stix_header=None, courses_of_action=None, exploit_targets=None, indicators=None, observables=None, incidents=None, threat_actors=None, ttps=None, campaigns=None, related_packages=None, reports=None)

Bases: stix.base.Entity

A STIX Package object.

Parameters:
  • id (optional) – An identifier. If None, a value will be generated via mixbox.idgen.create_id(). If set, this will unset the idref property.
  • idrefDEPRECATED An identifier reference. If set this will unset the id_ property.
  • timestampDEPRECATED A timestamp value. Can be an instance of datetime.datetime or str.
  • header – A Report Header object.
  • campaigns – A collection of Campaign objects.
  • course_of_action – A collection of CourseOfAction objects.
  • exploit_targets – A collection of ExploitTarget objects.
  • incidents – A collection of Incident objects.
  • indicators – A collection of Indicator objects.
  • threat_actors – A collection of ThreatActor objects.
  • ttps – A collection of TTP objects.
  • related_packagesDEPRECATED. A collection of RelatedPackage objects.
  • reports – A collection of Report objects.
add(entity)

Adds entity to a top-level collection. For example, if entity is an Indicator object, the entity will be added to the indicators top-level collection.

add_campaign(campaign)

Adds a Campaign object to the campaigns collection.

add_course_of_action(course_of_action)

Adds an CourseOfAction object to the courses_of_action collection.

add_exploit_target(exploit_target)

Adds an ExploitTarget object to the exploit_targets collection.

add_incident(incident)

Adds an Incident object to the incidents collection.

add_indicator(indicator)

Adds an Indicator object to the indicators collection.

add_observable(observable)

Adds an Observable object to the observables collection.

If observable is not an Observable instance, an effort will be made to convert it to one.

Adds a RelatedPackage object to the related_packages collection.

add_report(report)

Adds a Report object to the reports collection.

add_threat_actor(threat_actor)

Adds an ThreatActor object to the threat_actors collection.

add_ttp(ttp)

Adds an TTP object to the ttps collection.

find(id_)

Searches the children of a Entity implementation for an object with an id_ property that matches id_.

classmethod from_xml(xml_file, encoding=None)

Parses the xml_file file-like object and returns a STIXPackage instance.

Parameters:
  • xml_file – A file, file-like object, etree._Element, or etree._ElementTree instance.
  • encoding – The character encoding of the xml_file input. If None, an attempt will be made to determine the input character encoding. Default is None.
Returns:

An instance of STIXPackage.

to_dict()

Convert to a dict

Subclasses can override this function.

Returns:Python dict with keys set from this Entity.
to_dict()

Convert to a dict

Subclasses can override this function.

Returns:Python dict with keys set from this Entity.
to_json()

Export an object as a JSON String.

to_obj(ns_info=None)

Convert to a GenerateDS binding object.

Subclasses can override this function.

Returns:An instance of this Entity’s _binding_class with properties set from this Entity.
to_obj(ns_info=None)

Convert to a GenerateDS binding object.

Subclasses can override this function.

Returns:An instance of this Entity’s _binding_class with properties set from this Entity.
to_xml(include_namespaces=True, include_schemalocs=False, ns_dict=None, schemaloc_dict=None, pretty=True, auto_namespace=True, encoding='utf-8')

Serializes a Entity instance to an XML string.

The default character encoding is utf-8 and can be set via the encoding parameter. If encoding is None, a string (unicode in Python 2, str in Python 3) is returned.

Parameters:
  • auto_namespace – Automatically discover and export XML namespaces for a STIX Entity instance.
  • include_namespaces – Export namespace definitions in the output XML. Default is True.
  • include_schemalocs – Export xsi:schemaLocation attribute in the output document. This will attempt to associate namespaces declared in the STIX document with schema locations. If a namespace cannot be resolved to a schemaLocation, a Python warning will be raised. Schemalocations will only be exported if include_namespaces is also True.
  • ns_dict – Dictionary of XML definitions (namespace is key, alias is value) to include in the exported document. This must be passed in if auto_namespace is False.
  • schemaloc_dict – Dictionary of XML namespace: schema location mappings to include in the exported document. These will only be included if auto_namespace is False.
  • pretty – Pretty-print the XML.
  • encoding – The output character encoding. Default is utf-8. If encoding is set to None, a string (unicode in Python 2, str in Python 3) is returned.
Returns:

An XML string for this Entity instance. Default character encoding is utf-8.

class stix.core.stix_package.RelatedPackages(scope=None, *args)

Bases: stix.common.related.GenericRelationshipList