Versioning¶
To create a new version of an existing object, specify the property(ies) you want to change and their new values:
In [4]:
from stix2 import Indicator
indicator = Indicator(created="2016-01-01T08:00:00.000Z",
name="File hash for suspicious file",
labels=["anomalous-activity"],
pattern="[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']")
indicator2 = indicator.new_version(name="File hash for Foobar malware",
labels=["malicious-activity"])
print(indicator2)
Out[4]:
{
"type": "indicator",
"id": "indicator--dd052ff6-e404-444b-beb9-eae96d1e79ea",
"created": "2016-01-01T08:00:00.000Z",
"modified": "2018-04-05T20:02:51.161Z",
"name": "File hash for Foobar malware",
"pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",
"valid_from": "2018-04-05T20:02:51.138312Z",
"labels": [
"malicious-activity"
]
}
The modified time will be updated to the current time unless you provide
a specific value as a keyword argument. Note that you can’t change the
type
, id
, or created
properties.
In [5]:
indicator.new_version(id="indicator--cc42e358-8b9b-493c-9646-6ecd73b41c21")
UnmodifiablePropertyError: These properties cannot be changed when making a new version: id.
To revoke an object:
In [6]:
indicator2 = indicator2.revoke()
print(indicator2)
Out[6]:
{
"type": "indicator",
"id": "indicator--dd052ff6-e404-444b-beb9-eae96d1e79ea",
"created": "2016-01-01T08:00:00.000Z",
"modified": "2018-04-05T20:02:54.704Z",
"name": "File hash for Foobar malware",
"pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",
"valid_from": "2018-04-05T20:02:51.138312Z",
"revoked": true,
"labels": [
"malicious-activity"
]
}