core

STIX2 Core Objects and Methods.

class STIXDomainObject(allow_custom=False, **kwargs)
class STIXRelationshipObject(allow_custom=False, **kwargs)
dict_to_stix2(stix_dict, allow_custom=False, version=None)

convert dictionary to full python-stix2 object

Parameters:
  • stix_dict (dict) – a python dictionary of a STIX object that (presumably) is semantically correct to be parsed into a full python-stix2 obj
  • allow_custom (bool) – Whether to allow custom properties as well unknown custom objects. Note that unknown custom objects cannot be parsed into STIX objects, and will be returned as is. Default: False.
  • version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property. If none of the above are possible, it will use the default version specified by the library.
Returns:

An instantiated Python STIX object

Warning

‘allow_custom=True’ will allow for the return of any supplied STIX dict(s) that cannot be found to map to any known STIX object types (both STIX2 domain objects or defined custom STIX2 objects); NO validation is done. This is done to allow the processing of possibly unknown custom STIX objects (example scenario: I need to query a third-party TAXII endpoint that could provide custom STIX objects that I don’t know about ahead of time)

parse(data, allow_custom=False, version=None)

Convert a string, dict or file-like object into a STIX object.

Parameters:
  • data (str, dict, file-like object) – The STIX 2 content to be parsed.
  • allow_custom (bool) – Whether to allow custom properties as well unknown custom objects. Note that unknown custom objects cannot be parsed into STIX objects, and will be returned as is. Default: False.
  • version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property. If none of the above are possible, it will use the default version specified by the library.
Returns:

An instantiated Python STIX object.

Warning

‘allow_custom=True’ will allow for the return of any supplied STIX dict(s) that cannot be found to map to any known STIX object types (both STIX2 domain objects or defined custom STIX2 objects); NO validation is done. This is done to allow the processing of possibly unknown custom STIX objects (example scenario: I need to query a third-party TAXII endpoint that could provide custom STIX objects that I don’t know about ahead of time)

parse_observable(data, _valid_refs=None, allow_custom=False, version=None)

Deserialize a string or file-like object into a STIX Cyber Observable object.

Parameters:
  • data (str, dict, file-like object) – The STIX2 content to be parsed.
  • _valid_refs – A list of object references valid for the scope of the object being parsed. Use empty list if no valid refs are present.
  • allow_custom (bool) – Whether to allow custom properties or not. Default: False.
  • version (str) – If present, it forces the parser to use the version provided. Otherwise, the default version specified by the library will be used.
Returns:

An instantiated Python STIX Cyber Observable object.