filters¶
Filters for Python STIX 2.0 DataSources, DataSinks, DataStores
-
class
Filter¶ STIX 2 filters that support the querying functionality of STIX 2 DataStores and DataSources.
Initialized like a Python tuple.
Parameters: - property (str) – filter property name, corresponds to STIX 2 object property
- op (str) – operator of the filter
- value (str) – filter property value
Example
Filter(“id”, “=”, “malware–0f862b01-99da-47cc-9bdb-db4a86a95bb1”)
-
class
FilterSet(filters=None)¶ Internal STIX2 class to facilitate the grouping of Filters into sets. The primary motivation for this class came from the problem that Filters that had a dict as a value could not be added to a Python set as dicts are not hashable. Thus this class provides set functionality but internally stores filters in a list.
-
add(filters=None)¶ Add a Filter, FilterSet, or list of Filters to the FilterSet.
Operates like set, only adding unique stix2.Filters to the FilterSet
NOTE: method designed to be very accomodating (i.e. even accepting filters=None) as it allows for blind calls (very useful in DataStore)
Parameters: filters – stix2.Filter OR list of stix2.Filter OR stix2.FilterSet
-
remove(filters=None)¶ Remove a Filter, list of Filters, or FilterSet from the FilterSet.
NOTE: method designed to be very accomodating (i.e. even accepting filters=None) as it allows for blind calls (very useful in DataStore)
Parameters: filters – stix2.Filter OR list of stix2.Filter or stix2.FilterSet
-
-
apply_common_filters(stix_objs, query)¶ Evaluate filters against a set of STIX 2.0 objects.
Supports only STIX 2.0 common property properties.
Parameters: - stix_objs (list) – list of STIX objects to apply the query to
- query (set) – set of filters (combined form complete query)
Yields: STIX objects that successfully evaluate against the query.
-
FILTER_OPS= ['=', '!=', 'in', '>', '<', '>=', '<=']¶ Supported filter value types