filesystem

Python STIX 2.0 FileSystem Source/Sink

class FileSystemSink(stix_dir, allow_custom=False, bundlify=False)

Interface for adding/pushing STIX objects to file directory of STIX objects.

Can be paired with a FileSystemSource, together as the two components of a FileSystemStore.

Parameters:
  • stix_dir (str) – path to directory of STIX objects.
  • allow_custom (bool) – Whether to allow custom STIX content to be added to the FileSystemSource. Default: False
  • bundlify (bool) – Whether to wrap objects in bundles when saving them. Default: False.
add(stix_data=None, version=None)

Add STIX objects to file directory.

Parameters:
  • stix_data (STIX object OR dict OR str OR list) – valid STIX 2.0 content in a STIX object (or list of), dict (or list of), or a STIX 2.0 json encoded string.
  • version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.

Note

stix_data can be a Bundle object, but each object in it will be saved separately; you will be able to retrieve any of the objects the Bundle contained, but not the Bundle itself.

stix_dir
class FileSystemSource(stix_dir, allow_custom=True)

Interface for searching/retrieving STIX objects from a STIX object file directory.

Can be paired with a FileSystemSink, together as the two components of a FileSystemStore.

Parameters:
  • stix_dir (str) – path to directory of STIX objects
  • allow_custom (bool) – Whether to allow custom STIX content to be added to the FileSystemSink. Default: True
all_versions(stix_id, version=None, _composite_filters=None)

Retrieve STIX object from file directory via STIX ID, all versions.

Note: Since FileSystem sources/sinks don’t handle multiple versions of a STIX object, this operation is unnecessary. Pass call to get().

Parameters:
  • stix_id (str) – The STIX ID of the STIX objects to be retrieved.
  • _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
  • version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
Returns:

(list)

of STIX objects that has the supplied STIX ID.

The STIX objects are loaded from their json files, parsed into a python STIX objects and then returned

get(stix_id, version=None, _composite_filters=None)

Retrieve STIX object from file directory via STIX ID.

Parameters:
  • stix_id (str) – The STIX ID of the STIX object to be retrieved.
  • _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
  • version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
Returns:

(STIX object)

STIX object that has the supplied STIX ID.

The STIX object is loaded from its json file, parsed into a python STIX object and then returned

query(query=None, version=None, _composite_filters=None)

Search and retrieve STIX objects based on the complete query.

A “complete query” includes the filters from the query, the filters attached to this FileSystemSource, and any filters passed from a CompositeDataSource (i.e. _composite_filters).

Parameters:
  • query (list) – list of filters to search on
  • _composite_filters (FilterSet) – collection of filters passed from the CompositeDataSource, not user supplied
  • version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
Returns:

(list)

list of STIX objects that matches the supplied

query. The STIX objects are loaded from their json files, parsed into a python STIX objects and then returned.

stix_dir
class FileSystemStore(stix_dir, allow_custom=None, bundlify=False)

Interface to a file directory of STIX objects.

FileSystemStore is a wrapper around a paired FileSystemSink and FileSystemSource.

Parameters:
  • stix_dir (str) – path to directory of STIX objects
  • allow_custom (bool) – whether to allow custom STIX content to be pushed/retrieved. Defaults to True for FileSystemSource side(retrieving data) and False for FileSystemSink side(pushing data). However, when parameter is supplied, it will be applied to both FileSystemSource and FileSystemSink.
  • bundlify (bool) – whether to wrap objects in bundles when saving them. Default: False.
source

FileSystemSource – FileSystemSource

sink

FileSystemSink – FileSystemSink