Creating, handling, and parsing TAXII 1.0 messages.
Note
The examples on this page assume that you have run the equivalent of
import datetime
from dateutil.tz import tzutc
import libtaxii as t
import libtaxii.messages_10 as tm10
A TAXII Status message.
Parameters: |
|
---|
Example:
status_message1 = tm10.StatusMessage(
message_id=tm10.generate_message_id(),
in_response_to="12345",
status_type=tm10.ST_SUCCESS,
status_detail='Machine-processable info here!',
message='This is a message.')
A TAXII Discovery Request message.
Parameters: |
|
---|
Example:
ext_headers = {'name1': 'val1', 'name2': 'val2'}
discovery_request = tm10.DiscoveryRequest(
message_id=tm10.generate_message_id(),
extended_headers=ext_headers)
A TAXII Discovery Response message.
Parameters: |
|
---|
The Service Instance component of a TAXII Discovery Response Message.
Parameters: |
|
---|
The message_bindings list must contain at least one value.
Example:
discovery_response = tm10.DiscoveryResponse(
message_id=tm10.generate_message_id(),
in_response_to=discovery_request.message_id)
service_instance = tm10.ServiceInstance(
service_type=tm10.SVC_INBOX,
services_version=t.VID_TAXII_SERVICES_10,
protocol_binding=t.VID_TAXII_HTTPS_10,
service_address='https://example.com/inbox/',
message_bindings=[t.VID_TAXII_XML_10],
inbox_service_accepted_content=[t.CB_STIX_XML_10],
available=True,
message='This is a sample inbox service instance')
discovery_response.service_instances.append(service_instance)
# Alternatively, you could define the service instance(s) first and use the
# following:
service_instance_list = [service_instance]
discovery_response = tm10.DiscoveryResponse(
message_id=tm10.generate_message_id(),
in_response_to=discovery_request.message_id,
service_instances=service_instance_list)
A TAXII Feed Information Request message.
Parameters: |
|
---|
Example:
ext_headers = {'name1': 'val1', 'name2': 'val2'}
feed_information_request= tm10.FeedInformationRequest(
message_id=tm10.generate_message_id(),
extended_headers=ext_headers)
A TAXII Feed Information Response message.
Parameters: |
|
---|
The Feed Information component of a TAXII Feed Information Response Message.
Parameters: |
|
---|
The absense of push_methods indicates no push methods. The absense of polling_service_instances indicates no polling services. At least one of push_methods and polling_service_instances must not be empty. The absense of subscription_methods indicates no subscription services.
The Push Method component of a TAXII Feed Information component.
Parameters: |
|
---|
The Polling Service Instance component of a TAXII Feed Information component.
Parameters: |
|
---|
The Subscription Method component of a TAXII Feed Information component.
Parameters: |
|
---|
Example:
push_method1 = tm10.PushMethod(
push_protocol=t.VID_TAXII_HTTP_10,
push_message_bindings=[t.VID_TAXII_XML_10])
polling_service1 = tm10.PollingServiceInstance(
poll_protocol=t.VID_TAXII_HTTP_10,
poll_address='http://example.com/PollService/',
poll_message_bindings=[t.VID_TAXII_XML_10])
subscription_service1 = tm10.SubscriptionMethod(
subscription_protocol=t.VID_TAXII_HTTP_10,
subscription_address='http://example.com/SubsService/',
subscription_message_bindings=[t.VID_TAXII_XML_10])
feed1 = tm10.FeedInformation(
feed_name='Feed1',
feed_description='Description of a feed',
supported_contents=[t.CB_STIX_XML_10],
available=True,
push_methods=[push_method1],
polling_service_instances=[polling_service1],
subscription_methods=[subscription_service1])
feed_information_response1 = tm10.FeedInformationResponse(
message_id=tm10.generate_message_id(),
in_response_to=tm10.generate_message_id(),
feed_informations=[feed1])
A TAXII Manage Feed Subscription Request message.
Parameters: |
|
---|
Example:
delivery_parameters1 = tm10.DeliveryParameters(
inbox_protocol=t.VID_TAXII_HTTP_10,
inbox_address='http://example.com/inbox',
delivery_message_binding=t.VID_TAXII_XML_10,
content_bindings=[t.CB_STIX_XML_10])
manage_feed_subscription_request1 = tm10.ManageFeedSubscriptionRequest(
message_id=tm10.generate_message_id(),
feed_name='SomeFeedName',
action=tm10.ACT_UNSUBSCRIBE,
subscription_id='SubsId056',
delivery_parameters=delivery_parameters1)
A TAXII Manage Feed Subscription Response message.
Parameters: |
|
---|
The Subscription Instance component of the Manage Feed Subscription Response message.
Parameters: |
|
---|
The Poll Instance component of the Manage Feed Subscription Response message.
Parameters: |
|
---|
Example:
poll_instance1 = tm10.PollInstance(
poll_protocol=t.VID_TAXII_HTTP_10,
poll_address='http://example.com/poll',
poll_message_bindings=[t.VID_TAXII_XML_10])
subscription_instance1 = tm10.SubscriptionInstance(
subscription_id='SubsId234',
delivery_parameters=[delivery_parameters1],
poll_instances=[poll_instance1])
manage_feed_subscription_response1 = tm10.ManageFeedSubscriptionResponse(
message_id=tm10.generate_message_id(),
in_response_to="12345",
feed_name='Feed001',
message='This is a message',
subscription_instances=[subscription_instance1])
A TAXII Poll Request message.
Parameters: |
|
---|
Example:
poll_request1 = tm10.PollRequest(
message_id=tm10.generate_message_id(),
feed_name='TheFeedToPoll',
exclusive_begin_timestamp_label=datetime.datetime.now(tzutc()),
inclusive_end_timestamp_label=datetime.datetime.now(tzutc()),
subscription_id='SubsId002',
content_bindings=[t.CB_STIX_XML_10])
A TAXII Poll Response message.
Parameters: |
|
---|
Example:
poll_response1 = tm10.PollResponse(
message_id=tm10.generate_message_id(),
in_response_to="12345",
feed_name='FeedName',
inclusive_begin_timestamp_label=datetime.datetime.now(tzutc()),
inclusive_end_timestamp_label=datetime.datetime.now(tzutc()),
subscription_id='SubsId001',
message='This is a message.',
content_blocks=[])
A TAXII Inbox message.
Parameters: |
|
---|
The Subscription Information component of a TAXII Inbox message.
Parameters: |
|
---|
Example:
cb1 = tm10.ContentBlock(t.CB_STIX_XML_11, "")
subscription_information1 = tm10.SubscriptionInformation(
feed_name='SomeFeedName',
subscription_id='SubsId021',
inclusive_begin_timestamp_label=datetime.datetime.now(tzutc()),
inclusive_end_timestamp_label=datetime.datetime.now(tzutc()))
inbox_message1 = tm10.InboxMessage(
message_id=tm10.generate_message_id(),
message='This is a message.',
subscription_information=subscription_information1,
content_blocks=[cb1])
Encapsulate properties common to all TAXII Messages (such as headers).
This class is extended by each Message Type (e.g., DiscoveryRequest), with each subclass containing subclass-specific information
A TAXII Content Block.
Parameters: |
|
---|
Example:
cb1 = tm10.ContentBlock(
content_binding=t.CB_STIX_XML_10,
content='<stix:STIX_Package xmlns:stix="http://stix.mitre.org/stix-1"/>')
Delivery Parameters.
Parameters: |
|
---|
Generate a TAXII Message ID.
Parameters: | maxlen (int) – maximum length of the ID, in characters |
---|
Example
msg_id = tm11.generate_message_id()
message = tm11.DiscoveryRequest(msg_id)
# Or...
message = tm11.DiscoveryRequest(tm11.generate_message_id())
Note that this function has been deprecated. Please see libtaxii.validators.SchemaValidator.
Validate XML with the TAXII XML Schema 1.0.
Parameters: | xml_string (str) – The XML to validate. |
---|
Example
is_valid = tm10.validate_xml(message.to_xml())
Create a TAXIIMessage object from an XML string.
This function automatically detects which type of Message should be created based on the XML.
Parameters: | xml_string (str) – The XML to parse into a TAXII message. |
---|
Example
message_xml = message.to_xml()
new_message = tm10.get_message_from_xml(message_xml)
Create a TAXIIMessage object from a dictonary.
This function automatically detects which type of Message should be created based on the ‘message_type’ key in the dictionary.
Parameters: | d (dict) – The dictionary to build the TAXII message from. |
---|
Example
message_dict = message.to_dict()
new_message = tm10.get_message_from_dict(message_dict)
Create a TAXIIMessage object from a JSON string.
This function automatically detects which type of Message should be created based on the JSON.
Parameters: | json_string (str) – The JSON to parse into a TAXII message. |
---|