Skip to content

johnwunder/elixir-stix2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
config
config
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mix.exs
mix.exs
 
 
mix.lock
mix.lock
 
 

Repository files navigation

Stix

This library is a simple module with helpers for working with STIX 2.0 content. It supports generating IDs, creating objects, and creating bundles.

Future modules may support marking data and parsing markings, patterning, or other features.

Installation

This code currently isn't in Hex. Clone the repository and then reference it as a path dependency in your mix.exs file.

{:stix, path: "../elixir-stix2"}

Usage

This is a very simple library: it has a very small set of helpers for the most common tasks. Most things with STIX2 should be easy anyway! All of the functions you need are on the Stix module.

Configuration

If you'll be creating objects, you probably want to configure your producer's identity reference used in created_by_ref. To do so, simply set the configuration key creator_id for the stix application:

config :stix, creator_id: "identity--your-UUID-here"

Creating Objects

Objects are created by type and an optional set of properties:

Stix.object("campaign")
Stix.object("campaign", title: "Shade of Palms")

Creating Bundles

Just pass in the list of objects (or a single object) to bundle:

obj = Stix.object("campaign", title: "Shade of Palms")
bundle = Stix.bundle(obj) # Or, Stix.bundle([obj, obj2, ...])

JSON

You can serialize to JSON with to_json and to_json!. These are simple delegates to the Poison library, so to_json will return the typical status/result tuple and to_json! will return the string and raise an error if it fails.

{:ok, json_string} = Stix.to_json(bundle)

Pipelining

The functions may work best as pipelines:

Stix.object("indicator", pattern: "[...]")
|> Stix.bundle()
|> Stix.to_json()

Parsing JSON

You can parse STIX as a string as well. Like serializing to JSON, this just delegates to Poison and accepts both the standard and error-raising forms.

Stix.from_string("stix string here")
Stix.from_string!("stix string here")

Parsing is pretty basic. All it really does is load the file, parse the JSON, and atomize the same keys as everything else.

Working with objects

Parsed objects will be maps that have had their standard STIX keys atomized. Custom keys will not be atomized unless originally parsed as an atom (don't do this). This means you can call them as properties:

obj = Stix.object("campaign", title: "Shade of Palms")
obj.title == "Shade of Palms" # true

Versioning

Objects can be versioned per the STIX specification with the version function. Pass the original object and the updated properties. The modified time will be updated automatically.

obj = Stix.object("campaign", title: "Shade of Palms")

obj = obj |> Stix.version(title: "Shade of Psalms")
obj.title == "Shade of Psalms" # true
obj.modified != obj.created # true

About

Very simple Elixir bindings for STIX2

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages