This is an OASIS TC Open Repository. See the Governance section for more information.
This repository provides Python APIs for serializing and de-serializing STIX2 JSON content, along with higher-level APIs for common tasks, including data markings, versioning, and for resolving STIX IDs across multiple data sources.
For more information, see the documentation on ReadTheDocs.
Install with pip:
$ pip install stix2
To create a STIX object, provide keyword arguments to the type's constructor.
Certain required attributes of all objects, such as type
or id
, will
be set automatically if not provided as keyword arguments.
from stix2 import Indicator
indicator = Indicator(name="File hash for malware variant",
labels=["malicious-activity"],
pattern="[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']")
To parse a STIX JSON string into a Python STIX object, use parse()
:
from stix2 import parse
indicator = parse("""{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dbcbd659-c927-4f9a-994f-0a2632274394",
"created": "2017-09-26T23:33:39.829Z",
"modified": "2017-09-26T23:33:39.829Z",
"name": "File hash for malware variant",
"indicator_types": [
"malicious-activity"
],
"pattern": "[file:hashes.md5 ='d41d8cd98f00b204e9800998ecf8427e']",
"valid_from": "2017-09-26T23:33:39.829952Z"
}""")
print(indicator)
For more in-depth documentation, please see https://stix2.readthedocs.io/.
This version of python-stix2 brings initial support to STIX 2.1 currently at the CSD level. The intention is to help debug components of the library and also check for problems that should be fixed in the specification.
The stix2 Python library is built to support multiple versions of the STIX
Technical Specification. With every major release of stix2 the import stix2
statement will automatically load the SDO/SROs equivalent to the most recent
supported 2.X Committee Specification. Please see the library documentation for
more details.
This GitHub public repository (https://github.com/oasis-open/cti-python-stix2) was proposed and approved [bis] by the OASIS Cyber Threat Intelligence (CTI) TC as an OASIS TC Open Repository to support development of open source resources related to Technical Committee work.
While this TC Open Repository remains associated with the sponsor TC, its development priorities, leadership, intellectual property terms, participation rules, and other matters of governance are separate and distinct from the OASIS TC Process and related policies.
All contributions made to this TC Open Repository are subject to open source license terms expressed in the BSD-3-Clause License. That license was selected as the declared "Applicable License" when the TC Open Repository was created.
As documented in "Public Participation Invited", contributions to this OASIS TC Open Repository are invited from all parties, whether affiliated with OASIS or not. Participants must have a GitHub account, but no fees or OASIS membership obligations are required. Participation is expected to be consistent with the OASIS TC Open Repository Guidelines and Procedures, the open source LICENSE designated for this particular repository, and the requirement for an Individual Contributor License Agreement that governs intellectual property.
TC Open Repository Maintainers are responsible for oversight of this project's community development activities, including evaluation of GitHub pull requests and preserving open source principles of openness and fairness. Maintainers are recognized and trusted experts who serve to implement community goals and consensus design preferences.
Initially, the associated TC members have designated one or more persons to serve as Maintainer(s); subsequently, participating community members may select additional or substitute Maintainers, per consensus agreements.
Current Maintainers of this TC Open Repository
- Chris Lenk; GitHub ID: https://github.com/clenk/; WWW: MITRE Corporation
- Emmanuelle Vargas-Gonzalez; GitHub ID: https://github.com/emmanvg/; WWW: MITRE Corporation
- Jason Keirstead; GitHub ID: https://github.com/JasonKeirstead; WWW: IBM
- TC Open Repositories: Overview and Resources
- Frequently Asked Questions
- Open Source Licenses
- Contributor License Agreements (CLAs)
- Maintainers' Guidelines and Agreement
Questions or comments about this TC Open Repository's activities should be composed as GitHub issues or comments. If use of an issue/comment is not possible or appropriate, questions may be directed by email to the Maintainer(s) listed above. Please send general questions about TC Open Repository participation to OASIS Staff at repository-admin@oasis-open.org and any specific CLA-related questions to repository-cla@oasis-open.org.