filesystem¶
Python STIX 2.0 FileSystem Source/Sink
-
class
FileSystemSink
(stix_dir, allow_custom=False, bundlify=False)¶ Interface for adding/pushing STIX objects to file directory of STIX objects.
Can be paired with a FileSystemSource, together as the two components of a FileSystemStore.
Parameters: - stix_dir (str) – path to directory of STIX objects.
- allow_custom (bool) – Whether to allow custom STIX content to be added to the FileSystemSource. Default: False
- bundlify (bool) – Whether to wrap objects in bundles when saving them. Default: False.
-
add
(stix_data=None, version=None)¶ Add STIX objects to file directory.
Parameters: - stix_data (STIX object OR dict OR str OR list) – valid STIX 2.0 content in a STIX object (or list of), dict (or list of), or a STIX 2.0 json encoded string.
- version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
Note
stix_data
can be a Bundle object, but each object in it will be saved separately; you will be able to retrieve any of the objects the Bundle contained, but not the Bundle itself.
-
stix_dir
¶
-
class
FileSystemSource
(stix_dir, allow_custom=True)¶ Interface for searching/retrieving STIX objects from a STIX object file directory.
Can be paired with a FileSystemSink, together as the two components of a FileSystemStore.
Parameters: - stix_dir (str) – path to directory of STIX objects
- allow_custom (bool) – Whether to allow custom STIX content to be added to the FileSystemSink. Default: True
-
all_versions
(stix_id, version=None, _composite_filters=None)¶ Retrieve STIX object from file directory via STIX ID, all versions.
Note: Since FileSystem sources/sinks don’t handle multiple versions of a STIX object, this operation is unnecessary. Pass call to get().
Parameters: - stix_id (str) – The STIX ID of the STIX objects to be retrieved.
- _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
- version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
Returns: (list) –
- of STIX objects that has the supplied STIX ID.
The STIX objects are loaded from their json files, parsed into a python STIX objects and then returned
-
get
(stix_id, version=None, _composite_filters=None)¶ Retrieve STIX object from file directory via STIX ID.
Parameters: - stix_id (str) – The STIX ID of the STIX object to be retrieved.
- _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
- version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
Returns: (STIX object) –
- STIX object that has the supplied STIX ID.
The STIX object is loaded from its json file, parsed into a python STIX object and then returned
-
query
(query=None, version=None, _composite_filters=None)¶ Search and retrieve STIX objects based on the complete query.
A “complete query” includes the filters from the query, the filters attached to this FileSystemSource, and any filters passed from a CompositeDataSource (i.e. _composite_filters).
Parameters: - query (list) – list of filters to search on
- _composite_filters (FilterSet) – collection of filters passed from the CompositeDataSource, not user supplied
- version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
Returns: (list) –
- list of STIX objects that matches the supplied
query. The STIX objects are loaded from their json files, parsed into a python STIX objects and then returned.
-
stix_dir
¶
-
class
FileSystemStore
(stix_dir, allow_custom=None, bundlify=False)¶ Interface to a file directory of STIX objects.
FileSystemStore is a wrapper around a paired FileSystemSink and FileSystemSource.
Parameters: - stix_dir (str) – path to directory of STIX objects
- allow_custom (bool) – whether to allow custom STIX content to be pushed/retrieved. Defaults to True for FileSystemSource side(retrieving data) and False for FileSystemSink side(pushing data). However, when parameter is supplied, it will be applied to both FileSystemSource and FileSystemSink.
- bundlify (bool) – whether to wrap objects in bundles when saving them. Default: False.
-
source
¶ FileSystemSource – FileSystemSource
-
sink
¶ FileSystemSink – FileSystemSink