# OpenSTIX
OpenSTIX is an **unofficial STIX 2.1 library and toolkit** built upon the foundations of the [STIX2 library](https://github.com/oasis-open/cti-python-stix2/), aimed at enhancing the efficiency and productivity of cybersecurity professionals. It's developed and maintained by AbuseTotal, a startup committed to delivering high-quality software solutions in the cybersecurity domain.
[](https://badge.fury.io/py/openstix)
## Features
- **Modular Design**: Organizes the functionalities provided by STIX2 library into modules for easy consumption and extension.
- **Workspace Class**: Extends the `Environment` class into a `Workspace` class to facilitate seamless creation, removal, and management of STIX SDOs (Structured Data Objects) based on contributing properties.
- **Static Namespace Management**: Allows users to define a static namespace for their organization, ensuring consistent identification and management across STIX objects.
- **Contributing Properties-based ID Management**: Enables operations on STIX SDOs with identical IDs, governed by specific contributing properties.
- **Built-in Datasets**: Provides ready-to-use datasets including MITRE frameworks, geolocations, custom TLP markings, and industries to expedite the analytical process.
- **Custom Objects and Extensions**: Offers custom objects and extensions to assist analysts with additional informational resources such as Whois and DNS-Records.
## Installation
```bash
pip install openstix
```
## Usage
Import the necessary modules and get started with creating and managing STIX objects within your defined workspace.
#### Start workspace
```python
from openstix.toolkit.workspace import Workspace
# Create a new workspace with your organization's namespace
workspace = Workspace(namespace="<your-namespace-uuid>")
```
#### Parse and load stix data into workspace
```python
data = """
{
"type": "bundle",
"id": "bundle--0ef10afc-6a6b-4df7-bc4b-099977bfcba8",
"objects": [
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--9076dffc-9b97-55f6-a720-bc115b25fe31",
"value": "openstix.dev"
}
]
}
"""
# Parse STIX data and load automatically the objects in workspace
workspace.parse(data)
```
#### Create SCO within workspace
```python
from openstix.objects import DomainName
# Add STIX observable object (SCO)
domain = self.workspace.create(Domain, value="abusetotal.com")
```
#### Remove object from workspace
```python
# Remove STIX observable object (SCO)
self.workspace.remove(domain.id)
```
#### Create SDO within workspace
```python
from openstix.objects import Malware
# Add STIX domain object (SDO)
self.workspace.create(Malware, name="Malicious", is_family=False)
```
#### Filter workspace objects using presets filters
```python
from openstix.toolkit.filters.presets import MALWARE_FILTER
# Filter objects using presets
malwares = self.workspace.query(MALWARE_FILTER)
```
#### Download STIX datasets
```bash
$ openstix datasets download --all
```
#### Get MITRE TTP using MITRE Datasets
**Note:** make sure you have downloaded the dataset using openstix cli
```python
from openstix.datasets import MITREDataset
dataset = MITREDataset()
dataset.load()
# Use Attack Pattern objects from MITRE Dataset
attack_pattern = dataset.attack_pattern("T1090")
```
#### Get country and regions objects using GeoLocation Datasets
**Note:** make sure you have downloaded the dataset using openstix cli
```python
from openstix.datasets import GeoLocationsDataset
dataset = GeoLocationsDataset()
dataset.load()
# Use Location objects from GeoLocation Dataset
country = dataset.country("PT")
region = dataset.region("Europe")
```
## Contributing
We welcome contributions to OpenSTIX! Whether you're reporting bugs, proposing new features, or contributing code, we appreciate your help. Please make sure to read our Contributing Guidelines before making a contribution.
## License
OpenSTIX is licensed under the Apache 2.0.
## Contact
For any inquiries, issues, or support related to OpenSTIX, feel free to reach out to us at support@abusetotal.com.
## Acknowledgements
OpenSTIX is an initiative by AbuseTotal to foster the development of cybersecurity tools and libraries. We thank the OASIS Cyber Threat Intelligence Technical Committee and all STIX community for laying down the robust foundation upon which OpenSTIX is built.
Raw data
{
"_id": null,
"home_page": "",
"name": "openstix",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": "",
"keywords": "CTI,IOC,STIX2,TTPs,cybersecurity,library,malware-analysis,network-security,python,threat-indicators,threat-intelligence,toolkit",
"author": "",
"author_email": "Tom\u00e1s Lima <tomas@abusetotal.com>, Adrian Dinis <adrian@abusetotal.com>",
"download_url": "https://files.pythonhosted.org/packages/5b/99/582e3f54c81daae283c8ca60a7971640bbe226b5a0e2410ccc437e169549/openstix-0.1.7.tar.gz",
"platform": null,
"description": "# OpenSTIX\n\nOpenSTIX is an **unofficial STIX 2.1 library and toolkit** built upon the foundations of the [STIX2 library](https://github.com/oasis-open/cti-python-stix2/), aimed at enhancing the efficiency and productivity of cybersecurity professionals. It's developed and maintained by AbuseTotal, a startup committed to delivering high-quality software solutions in the cybersecurity domain.\n\n[](https://badge.fury.io/py/openstix)\n\n## Features\n\n- **Modular Design**: Organizes the functionalities provided by STIX2 library into modules for easy consumption and extension.\n- **Workspace Class**: Extends the `Environment` class into a `Workspace` class to facilitate seamless creation, removal, and management of STIX SDOs (Structured Data Objects) based on contributing properties.\n- **Static Namespace Management**: Allows users to define a static namespace for their organization, ensuring consistent identification and management across STIX objects.\n- **Contributing Properties-based ID Management**: Enables operations on STIX SDOs with identical IDs, governed by specific contributing properties.\n- **Built-in Datasets**: Provides ready-to-use datasets including MITRE frameworks, geolocations, custom TLP markings, and industries to expedite the analytical process.\n- **Custom Objects and Extensions**: Offers custom objects and extensions to assist analysts with additional informational resources such as Whois and DNS-Records.\n\n\n## Installation\n\n```bash\npip install openstix\n```\n\n## Usage\n\nImport the necessary modules and get started with creating and managing STIX objects within your defined workspace.\n\n#### Start workspace\n```python\nfrom openstix.toolkit.workspace import Workspace\n\n# Create a new workspace with your organization's namespace\nworkspace = Workspace(namespace=\"<your-namespace-uuid>\")\n```\n\n#### Parse and load stix data into workspace\n```python\ndata = \"\"\"\n{\n \"type\": \"bundle\",\n \"id\": \"bundle--0ef10afc-6a6b-4df7-bc4b-099977bfcba8\",\n \"objects\": [\n {\n \"type\": \"domain-name\",\n \"spec_version\": \"2.1\",\n \"id\": \"domain-name--9076dffc-9b97-55f6-a720-bc115b25fe31\",\n \"value\": \"openstix.dev\"\n }\n ]\n}\n\"\"\"\n\n# Parse STIX data and load automatically the objects in workspace\nworkspace.parse(data)\n```\n\n\n#### Create SCO within workspace\n```python\nfrom openstix.objects import DomainName\n\n# Add STIX observable object (SCO)\ndomain = self.workspace.create(Domain, value=\"abusetotal.com\")\n```\n\n#### Remove object from workspace\n```python\n# Remove STIX observable object (SCO)\nself.workspace.remove(domain.id)\n```\n\n#### Create SDO within workspace\n```python\nfrom openstix.objects import Malware\n\n# Add STIX domain object (SDO)\nself.workspace.create(Malware, name=\"Malicious\", is_family=False)\n```\n\n#### Filter workspace objects using presets filters\n```python\nfrom openstix.toolkit.filters.presets import MALWARE_FILTER\n\n# Filter objects using presets\nmalwares = self.workspace.query(MALWARE_FILTER)\n```\n\n#### Download STIX datasets\n\n```bash\n$ openstix datasets download --all\n```\n\n#### Get MITRE TTP using MITRE Datasets\n\n**Note:** make sure you have downloaded the dataset using openstix cli\n\n```python\nfrom openstix.datasets import MITREDataset\n\ndataset = MITREDataset()\ndataset.load()\n\n# Use Attack Pattern objects from MITRE Dataset\nattack_pattern = dataset.attack_pattern(\"T1090\")\n```\n\n#### Get country and regions objects using GeoLocation Datasets\n\n**Note:** make sure you have downloaded the dataset using openstix cli\n\n```python\nfrom openstix.datasets import GeoLocationsDataset\n\ndataset = GeoLocationsDataset()\ndataset.load()\n\n# Use Location objects from GeoLocation Dataset\ncountry = dataset.country(\"PT\")\nregion = dataset.region(\"Europe\")\n```\n\n## Contributing\n\nWe welcome contributions to OpenSTIX! Whether you're reporting bugs, proposing new features, or contributing code, we appreciate your help. Please make sure to read our Contributing Guidelines before making a contribution.\n\n## License\n\nOpenSTIX is licensed under the Apache 2.0.\n\n## Contact\n\nFor any inquiries, issues, or support related to OpenSTIX, feel free to reach out to us at support@abusetotal.com.\n\n## Acknowledgements\n\nOpenSTIX is an initiative by AbuseTotal to foster the development of cybersecurity tools and libraries. We thank the OASIS Cyber Threat Intelligence Technical Committee and all STIX community for laying down the robust foundation upon which OpenSTIX is built.",
"bugtrack_url": null,
"license": "",
"summary": "OpenSTIX aims to make STIX easy and accessible for analysts",
"version": "0.1.7",
"project_urls": {
"Homepage": "https://github.com/abusetotal/openstix",
"Source": "https://github.com/abusetotal/openstix",
"Sponsor": "https://github.com/sponsors/abusetotal",
"Tracker": "https://github.com/abusetotal/openstix/issues"
},
"split_keywords": [
"cti",
"ioc",
"stix2",
"ttps",
"cybersecurity",
"library",
"malware-analysis",
"network-security",
"python",
"threat-indicators",
"threat-intelligence",
"toolkit"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "90169964bbbd893f173f8fa1a1bf08b27be0622c0992bfad810173d51793d6d2",
"md5": "b75efa30a652b789ebac6a2fc9d85584",
"sha256": "683524570884f1519a6e7e31b40a1cb6795d02e5674eabb720817d4adfd51b5e"
},
"downloads": -1,
"filename": "openstix-0.1.7-py3-none-any.whl",
"has_sig": false,
"md5_digest": "b75efa30a652b789ebac6a2fc9d85584",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 22999,
"upload_time": "2023-11-24T18:05:32",
"upload_time_iso_8601": "2023-11-24T18:05:32.590206Z",
"url": "https://files.pythonhosted.org/packages/90/16/9964bbbd893f173f8fa1a1bf08b27be0622c0992bfad810173d51793d6d2/openstix-0.1.7-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "5b99582e3f54c81daae283c8ca60a7971640bbe226b5a0e2410ccc437e169549",
"md5": "7b4879cf9db11659ccae2bf467b78433",
"sha256": "b3900083300a60deae87c229befcbc56c286331480f5d52d068cf10e3237736c"
},
"downloads": -1,
"filename": "openstix-0.1.7.tar.gz",
"has_sig": false,
"md5_digest": "7b4879cf9db11659ccae2bf467b78433",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 16533,
"upload_time": "2023-11-24T18:05:34",
"upload_time_iso_8601": "2023-11-24T18:05:34.491695Z",
"url": "https://files.pythonhosted.org/packages/5b/99/582e3f54c81daae283c8ca60a7971640bbe226b5a0e2410ccc437e169549/openstix-0.1.7.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-11-24 18:05:34",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "abusetotal",
"github_project": "openstix",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "openstix"
}
JSON
