taxii¶
Python STIX2 TAXIICollection Source/Sink
-
class
TAXIICollectionSink
(collection, allow_custom=False)¶ Provides an interface for pushing STIX objects to a local/remote TAXII Collection endpoint.
Parameters: - collection (taxii2.Collection) – TAXII2 Collection instance
- allow_custom (bool) – Whether to allow custom STIX content to be added to the TAXIICollectionSink. Default: False
-
add
(stix_data, version=None)¶ Add/push STIX content to TAXII Collection endpoint
Parameters: - stix_data (STIX object OR dict OR str OR list) – valid STIX2 content in a STIX object (or Bundle), STIX object dict (or Bundle dict), or a STIX2 json encoded string, or list of any of the following.
- version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
-
class
TAXIICollectionSource
(collection, allow_custom=True)¶ Provides an interface for searching/retrieving STIX objects from a local/remote TAXII Collection endpoint.
Parameters: - collection (taxii2.Collection) – TAXII Collection instance
- allow_custom (bool) – Whether to allow custom STIX content to be added to the FileSystemSink. Default: True
-
all_versions
(stix_id, version=None, _composite_filters=None)¶ Retrieve STIX object from local/remote TAXII Collection endpoint, all versions of it
Parameters: - stix_id (str) – The STIX ID of the STIX objects to be retrieved.
- version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
- _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
Returns: (see query() as all_versions() is just a wrapper)
-
get
(stix_id, version=None, _composite_filters=None)¶ Retrieve STIX object from local/remote STIX Collection endpoint.
Parameters: - stix_id (str) – The STIX ID of the STIX object to be retrieved.
- version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
- _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
Returns: (STIX object) –
- STIX object that has the supplied STIX ID.
The STIX object is received from TAXII has dict, parsed into a python STIX object and then returned
-
query
(query=None, version=None, _composite_filters=None)¶ Search and retreive STIX objects based on the complete query
A “complete query” includes the filters from the query, the filters attached to MemorySource, and any filters passed from a CompositeDataSource (i.e. _composite_filters)
Parameters: - query (list) – list of filters to search on
- version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
- _composite_filters (FilterSet) – collection of filters passed from the CompositeDataSource, not user supplied
Returns: (list) –
- list of STIX objects that matches the supplied
query. The STIX objects are received from TAXII as dicts, parsed into python STIX objects and then returned.
-
class
TAXIICollectionStore
(collection, allow_custom=None)¶ Provides an interface to a local/remote TAXII Collection of STIX data. TAXIICollectionStore is a wrapper around a paired TAXIICollectionSink and TAXIICollectionSource.
Parameters: - collection (taxii2.Collection) – TAXII Collection instance
- allow_custom (bool) – whether to allow custom STIX content to be pushed/retrieved. Defaults to True for TAXIICollectionSource side(retrieving data) and False for TAXIICollectionSink side(pushing data). However, when parameter is supplied, it will be applied to both TAXIICollectionSource/Sink.