Version: 1.2.0.7
stix.core.stix_package
Module¶
Overview¶
The stix.core.stix_package
module implements STIXPackage
.
STIXType defines a bundle of information characterized in the Structured Threat Information eXpression (STIX) language.
Documentation Resources¶
Classes¶
-
class
stix.core.stix_package.
STIXPackage
(id_=None, idref=None, timestamp=None, stix_header=None, courses_of_action=None, exploit_targets=None, indicators=None, observables=None, incidents=None, threat_actors=None, ttps=None, campaigns=None, related_packages=None, reports=None)¶ Bases:
stix.base.Entity
A STIX Package object.
Parameters: - id (optional) – An identifier. If
None
, a value will be generated viamixbox.idgen.create_id()
. If set, this will unset theidref
property. - idref – DEPRECATED An identifier reference. If set this will unset
the
id_
property. - timestamp – DEPRECATED A timestamp value. Can be an instance of
datetime.datetime
orstr
. - header – A Report
Header
object. - campaigns – A collection of
Campaign
objects. - course_of_action – A collection of
CourseOfAction
objects. - exploit_targets – A collection of
ExploitTarget
objects. - incidents – A collection of
Incident
objects. - indicators – A collection of
Indicator
objects. - threat_actors – A collection of
ThreatActor
objects. - ttps – A collection of
TTP
objects. - related_packages – DEPRECATED. A collection of
RelatedPackage
objects. - reports – A collection of
Report
objects.
-
add
(entity)¶ Adds entity to a top-level collection. For example, if entity is an Indicator object, the entity will be added to the
indicators
top-level collection.
-
add_campaign
(campaign)¶ Adds a
Campaign
object to thecampaigns
collection.
-
add_course_of_action
(course_of_action)¶ Adds an
CourseOfAction
object to thecourses_of_action
collection.
-
add_exploit_target
(exploit_target)¶ Adds an
ExploitTarget
object to theexploit_targets
collection.
-
add_observable
(observable)¶ Adds an
Observable
object to theobservables
collection.If observable is not an
Observable
instance, an effort will be made to convert it to one.
Adds a
RelatedPackage
object to therelated_packages
collection.
-
add_threat_actor
(threat_actor)¶ Adds an
ThreatActor
object to thethreat_actors
collection.
-
find
(id_)¶ Searches the children of a
Entity
implementation for an object with anid_
property that matches id_.
-
classmethod
from_xml
(xml_file, encoding=None)¶ Parses the xml_file file-like object and returns a
STIXPackage
instance.Parameters: - xml_file – A file, file-like object, etree._Element, or etree._ElementTree instance.
- encoding – The character encoding of the xml_file input. If
None
, an attempt will be made to determine the input character encoding. Default isNone
.
Returns: An instance of
STIXPackage
.
-
to_dict
()¶ Convert to a
dict
Subclasses can override this function.
Returns: Python dict with keys set from this Entity.
-
to_dict
() Convert to a
dict
Subclasses can override this function.
Returns: Python dict with keys set from this Entity.
-
to_json
()¶ Export an object as a JSON String.
-
to_obj
(ns_info=None)¶ Convert to a GenerateDS binding object.
Subclasses can override this function.
Returns: An instance of this Entity’s _binding_class
with properties set from this Entity.
-
to_obj
(ns_info=None) Convert to a GenerateDS binding object.
Subclasses can override this function.
Returns: An instance of this Entity’s _binding_class
with properties set from this Entity.
-
to_xml
(include_namespaces=True, include_schemalocs=False, ns_dict=None, schemaloc_dict=None, pretty=True, auto_namespace=True, encoding='utf-8')¶ Serializes a
Entity
instance to an XML string.The default character encoding is
utf-8
and can be set via the encoding parameter. If encoding isNone
, a string (unicode in Python 2, str in Python 3) is returned.Parameters: - auto_namespace – Automatically discover and export XML namespaces
for a STIX
Entity
instance. - include_namespaces – Export namespace definitions in the output
XML. Default is
True
. - include_schemalocs – Export
xsi:schemaLocation
attribute in the output document. This will attempt to associate namespaces declared in the STIX document with schema locations. If a namespace cannot be resolved to a schemaLocation, a Python warning will be raised. Schemalocations will only be exported if include_namespaces is alsoTrue
. - ns_dict – Dictionary of XML definitions (namespace is key, alias is
value) to include in the exported document. This must be
passed in if auto_namespace is
False
. - schemaloc_dict – Dictionary of XML
namespace: schema location
mappings to include in the exported document. These will only be included if auto_namespace isFalse
. - pretty – Pretty-print the XML.
- encoding – The output character encoding. Default is
utf-8
. If encoding is set toNone
, a string (unicode in Python 2, str in Python 3) is returned.
Returns: An XML string for this
Entity
instance. Default character encoding isutf-8
.- auto_namespace – Automatically discover and export XML namespaces
for a STIX
- id (optional) – An identifier. If
-
class
stix.core.stix_package.
RelatedPackages
(scope=None, *args)¶