taxii

Python STIX2 TAXIICollection Source/Sink

class TAXIICollectionSink(collection, allow_custom=False)

Provides an interface for pushing STIX objects to a local/remote TAXII Collection endpoint.

Parameters:
  • collection (taxii2.Collection) – TAXII2 Collection instance
  • allow_custom (bool) – Whether to allow custom STIX content to be added to the TAXIICollectionSink. Default: False
add(stix_data, version=None)

Add/push STIX content to TAXII Collection endpoint

Parameters:
  • stix_data (STIX object OR dict OR str OR list) – valid STIX2 content in a STIX object (or Bundle), STIX object dict (or Bundle dict), or a STIX2 json encoded string, or list of any of the following.
  • version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
class TAXIICollectionSource(collection, allow_custom=True, items_per_page=5000)

Provides an interface for searching/retrieving STIX objects from a local/remote TAXII Collection endpoint.

Parameters:
  • collection (taxii2.Collection) – TAXII Collection instance
  • allow_custom (bool) – Whether to allow custom STIX content to be added to the FileSystemSink. Default: True
  • items_per_page (int) – How many STIX objects to request per call to TAXII Server. The value can be tuned, but servers may override if their internal limit is surpassed.
all_versions(stix_id, version=None, _composite_filters=None)

Retrieve STIX object from local/remote TAXII Collection endpoint, all versions of it

Parameters:
  • stix_id (str) – The STIX ID of the STIX objects to be retrieved.
  • version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
  • _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
Returns:

(see query() as all_versions() is just a wrapper)

get(stix_id, version=None, _composite_filters=None)

Retrieve STIX object from local/remote STIX Collection endpoint.

Parameters:
  • stix_id (str) – The STIX ID of the STIX object to be retrieved.
  • version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
  • _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
Returns:

(STIX object)

STIX object that has the supplied STIX ID.

The STIX object is received from TAXII has dict, parsed into a python STIX object and then returned

query(query=None, version=None, _composite_filters=None)

Search and retreive STIX objects based on the complete query

A “complete query” includes the filters from the query, the filters attached to MemorySource, and any filters passed from a CompositeDataSource (i.e. _composite_filters)

Parameters:
  • query (list) – list of filters to search on
  • version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
  • _composite_filters (FilterSet) – collection of filters passed from the CompositeDataSource, not user supplied
Returns:

(list)

list of STIX objects that matches the supplied

query. The STIX objects are received from TAXII as dicts, parsed into python STIX objects and then returned.

class TAXIICollectionStore(collection, allow_custom=None, items_per_page=5000)

Provides an interface to a local/remote TAXII Collection of STIX data. TAXIICollectionStore is a wrapper around a paired TAXIICollectionSink and TAXIICollectionSource.

Parameters:
  • collection (taxii2.Collection) – TAXII Collection instance
  • allow_custom (bool) – whether to allow custom STIX content to be pushed/retrieved. Defaults to True for TAXIICollectionSource side(retrieving data) and False for TAXIICollectionSink side(pushing data). However, when parameter is supplied, it will be applied to both TAXIICollectionSource/Sink.
  • items_per_page (int) – How many STIX objects to request per call to TAXII Server. The value can be tuned, but servers may override if their internal limit is surpassed. Used by TAXIICollectionSource