Parsing STIX Content¶

Parsing STIX content is as easy as calling the parse() function on a JSON string. It will automatically determine the type of the object. The STIX objects within bundle objects, and the cyber observables contained within observed-data objects will be parsed as well.

In [3]:

from stix2 import parse

input_string = """{
    "type": "observed-data",
    "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf",
    "created": "2016-04-06T19:58:16.000Z",
    "modified": "2016-04-06T19:58:16.000Z",
    "first_observed": "2015-12-21T19:00:00Z",
    "last_observed": "2015-12-21T19:00:00Z",
    "number_observed": 50,
    "objects": {
        "0": {
            "type": "file",
            "hashes": {
                "SHA-256": "0969de02ecf8a5f003e3f6d063d848c8a193aada092623f8ce408c15bcb5f038"
            }
        }
    }
}"""

obj = parse(input_string)
print(obj.type)
print(obj.objects["0"].hashes['SHA-256'])

observed-data
0969de02ecf8a5f003e3f6d063d848c8a193aada092623f8ce408c15bcb5f038

Parsing STIX Content¶

stix2

Navigation

Related Topics