A python library for parsing, manipulating, and generating Structured Threat Information eXpression (STIX™) v1.2.0 content.
The python-stix library is hosted on PyPI and the most recent stable version can be installed with pip:
$ pip install stix
The python-stix library can also be installed via the distutils setup.py script included at the root directory:
$ python setup.py install
The python-stix library depends on the presence of certain packages/libraries to function. Please refer to their installation documentation for installation instructions.
Installation on Ubuntu 14.04 (and older)
$ sudo apt-get install python-dev python-pip libxml2-dev libxslt-dev zlib1g-dev $ sudo pip install stix
Installation on Windows
Download the Lxml wheel for your version of Python from http://www.lfd.uci.edu/~gohlke/pythonlibs/#lxml, then install it via "pip install <filename>.whl". For example, to install it on 64-bit Windows running Python 2.7:
$ pip install lxml-3.6.1-cp27-cp27m-win_amd64.whl $ pip install stix
Releases of the python-stix library will be given version numbers of the form
correspond to the STIX version being supported. The
revision number is used
to indicate new versions of the python-stix library itself.
The python-stix package layout is as follows:
stix/: root level package.
examples/: example python scripts that leverage the python-stix library.
stix/utils/: utility classes and modules used internally by the python-stix library.
stix/bindings/: generateDS generated xml-to-python bindings (leveraged for parsing and output of STIX XML content).
stix/campaign/: APIs for STIX Campaign constructs.
stix/coa/: APIs for STIX Course Of Action constructs.
stix/core/: APIs for core STIX constructs (e.g., STIX Header, STIX Package).
stix/common/: APIs for common STIX constructs (e.g., Structured Text, Information Source).
stix/exploit_target/: APIs for STIX Exploit Target constructs.
stix/incident/: APIs for common Incident constructs.
stix/indicator/: APIs for STIX Indicator constructs.
stix/extensions/: APIs for STIX extensions (e.g., CIQ Identity).
stix/report/: APIs for STIX Report constructs.
stix/threat_actor/: APIs for STIX Threat Actor constructs.
stix/ttp/: APIs for STIX TTP constructs.
Please refer to examples for concrete examples of how to interact with the python-stix library.