In [1]:

    

# Delete this cell to re-enable tracebacks
import sys
ipython = get_ipython()

def hide_traceback(exc_tuple=None, filename=None, tb_offset=None,
                   exception_only=False, running_compiled_code=False):
    etype, value, tb = sys.exc_info()
    value.__cause__ = None  # suppress chained exceptions
    return ipython._showtraceback(etype, value, ipython.InteractiveTB.get_exception_only(etype, value))

ipython.showtraceback = hide_traceback


    

In [2]:

    

# JSON output syntax highlighting
from __future__ import print_function
from pygments import highlight
from pygments.lexers import JsonLexer, TextLexer
from pygments.formatters import HtmlFormatter
from IPython.display import display, HTML
from IPython.core.interactiveshell import InteractiveShell

InteractiveShell.ast_node_interactivity = "all"

def json_print(inpt):
    string = str(inpt)
    formatter = HtmlFormatter()
    if string[0] == '{':
        lexer = JsonLexer()
    else:
        lexer = TextLexer()
    return HTML('<style type="text/css">{}</style>{}'.format(
                formatter.get_style_defs('.highlight'),
                highlight(string, lexer, formatter)))

globals()['print'] = json_print


    

In [4]:

    

from stix2 import Indicator

indicator = Indicator(created="2016-01-01T08:00:00.000Z",
                      name="File hash for suspicious file",
                      description="A file indicator",
                      indicator_types=["anomalous-activity"],
                      pattern_type="stix",
                      pattern="[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']")

indicator2 = indicator.new_version(name="File hash for Foobar malware",
                                   labels=["malicious-activity"])
print(indicator2)


    

    
Out[4]:




{
    "type": "indicator",
    "spec_version": "2.1",
    "id": "indicator--6a7f1c8a-3c9a-471f-8ef0-e95e51457c3f",
    "created": "2016-01-01T08:00:00.000Z",
    "modified": "2020-06-26T19:27:20.792845Z",
    "name": "File hash for Foobar malware",
    "description": "A file indicator",
    "indicator_types": [
        "anomalous-activity"
    ],
    "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",
    "pattern_type": "stix",
    "pattern_version": "2.1",
    "valid_from": "2020-06-26T19:27:20.759788Z",
    "labels": [
        "malicious-activity"
    ]
}

In [5]:

    

indicator.new_version(id="indicator--cc42e358-8b9b-493c-9646-6ecd73b41c21")


    

    




UnmodifiablePropertyError: These properties cannot be changed when making a new version: id.

In [6]:

    

indicator3 = indicator.new_version(description=None)
print(indicator3)


    

    
Out[6]:




{
    "type": "indicator",
    "spec_version": "2.1",
    "id": "indicator--6a7f1c8a-3c9a-471f-8ef0-e95e51457c3f",
    "created": "2016-01-01T08:00:00.000Z",
    "modified": "2020-06-26T19:29:37.055139Z",
    "name": "File hash for suspicious file",
    "indicator_types": [
        "anomalous-activity"
    ],
    "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",
    "pattern_type": "stix",
    "pattern_version": "2.1",
    "valid_from": "2020-06-26T19:27:20.759788Z"
}

In [7]:

    

indicator4 = indicator3.revoke()
print(indicator4)


    

    
Out[7]:




{
    "type": "indicator",
    "spec_version": "2.1",
    "id": "indicator--6a7f1c8a-3c9a-471f-8ef0-e95e51457c3f",
    "created": "2016-01-01T08:00:00.000Z",
    "modified": "2020-06-26T19:29:38.943037Z",
    "name": "File hash for suspicious file",
    "indicator_types": [
        "anomalous-activity"
    ],
    "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",
    "pattern_type": "stix",
    "pattern_version": "2.1",
    "valid_from": "2020-06-26T19:27:20.759788Z",
    "revoked": true
}