filters

Filters for Python STIX2 DataSources, DataSinks, DataStores

class Filter

STIX 2 filters that support the querying functionality of STIX 2 DataStores and DataSources.

Initialized like a Python tuple.

Parameters:
  • property (str) – filter property name, corresponds to STIX 2 object property
  • op (str) – operator of the filter
  • value (str) – filter property value

Example

Filter(“id”, “=”, “malware–0f862b01-99da-47cc-9bdb-db4a86a95bb1”)

class FilterSet(filters=None)

Internal STIX2 class to facilitate the grouping of Filters into sets. The primary motivation for this class came from the problem that Filters that had a dict as a value could not be added to a Python set as dicts are not hashable. Thus this class provides set functionality but internally stores filters in a list.

add(filters=None)

Add a Filter, FilterSet, or list of Filters to the FilterSet.

Operates like set, only adding unique stix2.Filters to the FilterSet

Note

method designed to be very accomodating (i.e. even accepting filters=None) as it allows for blind calls (very useful in DataStore)

Parameters:filters – stix2.Filter OR list of stix2.Filter OR stix2.FilterSet
remove(filters=None)

Remove a Filter, list of Filters, or FilterSet from the FilterSet.

Note

method designed to be very accomodating (i.e. even accepting filters=None) as it allows for blind calls (very useful in DataStore)

Parameters:filters – stix2.Filter OR list of stix2.Filter or stix2.FilterSet
apply_common_filters(stix_objs, query)

Evaluate filters against a set of STIX 2.0 objects.

Supports only STIX 2.0 common property properties.

Parameters:
  • stix_objs (iterable) – iterable of STIX objects to apply the query to
  • query (non-iterator iterable) – iterable of filters. Can’t be an iterator (e.g. generator iterators won’t work), since this is used in an inner loop of a nested loop. So we require the ability to traverse the filters repeatedly.
Yields:

STIX objects that successfully evaluate against the query.

FILTER_OPS = ['=', '!=', 'in', '>', '<', '>=', '<=', 'contains']

Supported filter value types