memory

Python STIX 2.0 Memory Source/Sink

Note

Not worrying about STIX versioning. The in memory STIX data at anytime will only hold one version of a STIX object. As such, when save() is called, the single versions of all the STIX objects are what is written to file.

class MemorySink(stix_data=None, allow_custom=True, version=None, _store=False)

Interface for adding/pushing STIX objects to an in-memory dictionary.

Designed to be paired with a MemorySource, together as the two components of a MemoryStore.

Parameters:
  • stix_data (dict OR list) – valid STIX 2.0 content in bundle or a list.
  • _store (bool) – whether the MemorySink is a part of a MemoryStore, in which case “stix_data” is a direct reference to shared memory with DataSource. Not user supplied
  • allow_custom (bool) – whether to allow custom objects/properties when exporting STIX content to file. Default: True.
_data

dict – the in-memory dict that holds STIX objects. If part of a MemoryStore, the dict is shared with a MemorySource

add(stix_data, version=None)

Add STIX objects to MemoryStore/Sink.

Adds STIX objects to an in-memory dictionary for fast lookup. Recursive function, breaks down STIX Bundles and lists.

Parameters:
  • stix_data (list OR dict OR STIX object) – STIX objects to be added
  • version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
save_to_file(file_path)

Write SITX objects from in-memory dictionary to JSON file, as a STIX Bundle.

Parameters:file_path (str) – file path to write STIX data to
class MemorySource(stix_data=None, allow_custom=True, version=None, _store=False)

Interface for searching/retrieving STIX objects from an in-memory dictionary.

Designed to be paired with a MemorySink, together as the two components of a MemoryStore.

Parameters:
  • stix_data (dict OR list OR STIX object) – valid STIX 2.0 content in bundle or list.
  • _store (bool) – if the MemorySource is a part of a MemoryStore, in which case “stix_data” is a direct reference to shared memory with DataSink. Not user supplied
  • allow_custom (bool) – whether to allow custom objects/properties when importing STIX content from file. Default: True.
_data

dict – the in-memory dict that holds STIX objects. If part of a MemoryStore, the dict is shared with a MemorySink

all_versions(stix_id, _composite_filters=None)

Retrieve STIX objects from in-memory dict via STIX ID, all versions of it

Note: Since Memory sources/sinks don’t handle multiple versions of a STIX object, this operation is unnecessary. Translate call to get().

Parameters:
  • stix_id (str) – The STIX ID of the STIX 2 object to retrieve.
  • _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
Returns:

(list)

list of STIX objects that has the supplied ID. As the

MemoryStore(i.e. MemorySink) adds STIX objects to memory as they are supplied (either as python dictionary or STIX object), it is returned in the same form as it as added

get(stix_id, _composite_filters=None)

Retrieve STIX object from in-memory dict via STIX ID.

Parameters:
  • stix_id (str) – The STIX ID of the STIX object to be retrieved.
  • _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
Returns:

(dict OR STIX object)

STIX object that has the supplied

ID. As the MemoryStore(i.e. MemorySink) adds STIX objects to memory as they are supplied (either as python dictionary or STIX object), it is returned in the same form as it as added

load_from_file(file_path, version=None)

Load STIX data from JSON file.

File format is expected to be a single JSON STIX object or JSON STIX bundle.

Parameters:
  • file_path (str) – file path to load STIX data from
  • version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
query(query=None, _composite_filters=None)

Search and retrieve STIX objects based on the complete query.

A “complete query” includes the filters from the query, the filters attached to this MemorySource, and any filters passed from a CompositeDataSource (i.e. _composite_filters).

Parameters:
  • query (list) – list of filters to search on
  • _composite_filters (FilterSet) – collection of filters passed from the CompositeDataSource, not user supplied
Returns:

(list)

list of STIX objects that matches the supplied

query. As the MemoryStore(i.e. MemorySink) adds STIX objects to memory as they are supplied (either as python dictionary or STIX object), it is returned in the same form as it as added.

class MemoryStore(stix_data=None, allow_custom=True, version=None)

Interface to an in-memory dictionary of STIX objects.

MemoryStore is a wrapper around a paired MemorySink and MemorySource.

Note: It doesn’t make sense to create a MemoryStore by passing in existing MemorySource and MemorySink because there could be data concurrency issues. As well, just as easy to create new MemoryStore.

Parameters:
  • stix_data (list OR dict OR STIX object) – STIX content to be added
  • allow_custom (bool) – whether to allow custom STIX content. Only applied when export/input functions called, i.e. load_from_file() and save_to_file(). Defaults to True.
  • version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
_data

dict – the in-memory dict that holds STIX objects

source

MemorySource – MemorySource

sink

MemorySink – MemorySink

load_from_file(*args, **kwargs)

Load STIX data from JSON file.

File format is expected to be a single JSON STIX object or JSON STIX bundle.

Parameters:
  • file_path (str) – file path to load STIX data from
  • version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
save_to_file(*args, **kwargs)

Write SITX objects from in-memory dictionary to JSON file, as a STIX Bundle.

Parameters:file_path (str) – file path to write STIX data to