taxii

Python STIX 2.x TAXIICollectionStore

class TAXIICollectionSink(collection, allow_custom=False)

Provides an interface for pushing STIX objects to a local/remote TAXII Collection endpoint.

Parameters:
  • collection (taxii2.Collection) – TAXII2 Collection instance
  • allow_custom (bool) – Whether to allow custom STIX content to be added to the TAXIICollectionSink. Default: False
add(stix_data, version=None)

Add/push STIX content to TAXII Collection endpoint

Parameters:
  • stix_data (STIX object OR dict OR str OR list) – valid STIX 2.0 content in a STIX object (or Bundle), STIX onject dict (or Bundle dict), or a STIX 2.0 json encoded string, or list of any of the following
  • version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
class TAXIICollectionSource(collection, allow_custom=True)

Provides an interface for searching/retrieving STIX objects from a local/remote TAXII Collection endpoint.

Parameters:
  • collection (taxii2.Collection) – TAXII Collection instance
  • allow_custom (bool) – Whether to allow custom STIX content to be added to the FileSystemSink. Default: True
all_versions(stix_id, version=None, _composite_filters=None)

Retrieve STIX object from local/remote TAXII Collection endpoint, all versions of it

Parameters:
  • stix_id (str) – The STIX ID of the STIX objects to be retrieved.
  • _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
  • version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
Returns:

(see query() as all_versions() is just a wrapper)

get(stix_id, version=None, _composite_filters=None)

Retrieve STIX object from local/remote STIX Collection endpoint.

Parameters:
  • stix_id (str) – The STIX ID of the STIX object to be retrieved.
  • _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
  • version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
Returns:

(STIX object)

STIX object that has the supplied STIX ID.

The STIX object is received from TAXII has dict, parsed into a python STIX object and then returned

query(query=None, version=None, _composite_filters=None)

Search and retreive STIX objects based on the complete query

A “complete query” includes the filters from the query, the filters attached to MemorySource, and any filters passed from a CompositeDataSource (i.e. _composite_filters)

Parameters:
  • query (list) – list of filters to search on
  • _composite_filters (FilterSet) – collection of filters passed from the CompositeDataSource, not user supplied
  • version (str) – Which STIX2 version to use. (e.g. “2.0”, “2.1”). If None, use latest version.
Returns:

(list)

list of STIX objects that matches the supplied

query. The STIX objects are received from TAXII as dicts, parsed into python STIX objects and then returned.

class TAXIICollectionStore(collection, allow_custom=None)

Provides an interface to a local/remote TAXII Collection of STIX data. TAXIICollectionStore is a wrapper around a paired TAXIICollectionSink and TAXIICollectionSource.

Parameters:
  • collection (taxii2.Collection) – TAXII Collection instance
  • allow_custom (bool) – whether to allow custom STIX content to be pushed/retrieved. Defaults to True for TAXIICollectionSource side(retrieving data) and False for TAXIICollectionSink side(pushing data). However, when parameter is supplied, it will be applied to both TAXIICollectionSource/Sink.