cti-taxii-client is a minimal client implementation for the TAXII 2.X server. It supports the following TAXII 2.X API services:
- Server Discovery
- Get API Root Information
- Get Status
- Get Collections
- Get a Collection
- Get Objects
- Add Objects
- Get an Object
- Delete an Object (2.1 only)
- Get Object Manifests
- Get Object Versions (2.1 only)
The easiest way to install the TAXII client is with pip
$ pip install taxii2-client
The TAXII client is intended to be used as a Python library. There are no command line clients at this time.
taxii2-client provides four classes:
Each can be instantiated by passing a url, and (optional) user and password arguments. The authorization information is stored in the instance, so it need not be supplied explicitly when requesting services. By default, the latest version of the supported spec will be imported. If you need a specific version you can perform the following:
from taxii2client.v21 import Server server = Server('https://example.com/taxii2/', user='user_id', password='user_password')
Once you have instantiated a
Server object, you can get all metadata about
its contents via its properties:
This will lazily load and cache the server's information in the instance:
default(i.e. the default API root)
You can follow references to
Collection objects, and (STIX) objects in those collections.
api_root = server.api_roots collection = api_root.collections collection.add_objects(stix_bundle)
ApiRoot has attributes corresponding to its meta data
Collection has attributes corresponding to its meta data:
Collection can also be instantiated directly:
# Performing TAXII 2.0 Requests from taxii2client.v20 import Collection, as_pages collection = Collection('https://example.com/api1/collections/91a7b528-80eb-42ed-a74d-c6fbd5a26116') collection.get_object('indicator--252c7c11-daf2-42bd-843b-be65edca9f61') # For normal (no pagination) requests collection.get_objects() collection.get_manifest() # For pagination requests. for bundle in as_pages(collection.get_objects, per_request=50): print(bundle) for manifest_resource in as_pages(collection.get_manifest, per_request=50): print(manifest_resource) # ---------------------------------------------------------------- # # Performing TAXII 2.1 Requests from taxii2client.v21 import Collection collection = Collection('https://example.com/api1/collections/91a7b528-80eb-42ed-a74d-c6fbd5a26116') collection.get_object('indicator--252c7c11-daf2-42bd-843b-be65edca9f61') # For normal (no pagination) requests collection.get_objects() collection.get_manifest() # For pagination requests. envelope = collection.get_objects(limit=50) while envelope.get("more", False): envelope = collection.get_objects(limit=50, next=envelope.get("next", "")) envelope = collection.get_manifest(limit=50) while envelope.get("more", False): envelope = collection.get_manifest(limit=50, next=envelope.get("next", ""))
In addition to the object-specific properties and methods, all classes have a
refresh() method that reloads the URL corresponding to that resource, to
ensure properties have the most up-to-date values.
This GitHub public repository ( https://github.com/oasis-open/cti-taxii-client ) was created at the request of the OASIS Cyber Threat Intelligence (CTI) TC as an OASIS TC Open Repository to support development of open source resources related to Technical Committee work.
While this TC Open Repository remains associated with the sponsor TC, its development priorities, leadership, intellectual property terms, participation rules, and other matters of governance are separate and distinct from the OASIS TC Process and related policies.
All contributions made to this TC Open Repository are subject to open source license terms expressed in the BSD-3-Clause License. That license was selected as the declared "Applicable License" when the TC Open Repository was created.
As documented in "Public Participation Invited", contributions to this OASIS TC Open Repository are invited from all parties, whether affiliated with OASIS or not. Participants must have a GitHub account, but no fees or OASIS membership obligations are required. Participation is expected to be consistent with the OASIS TC Open Repository Guidelines and Procedures, the open source LICENSE designated for this particular repository, and the requirement for an Individual Contributor License Agreement that governs intellectual property.
TC Open Repository Maintainers are responsible for oversight of this project's community development activities, including evaluation of GitHub pull requests and preserving open source principles of openness and fairness. Maintainers are recognized and trusted experts who serve to implement community goals and consensus design preferences.
Initially, the associated TC members have designated one or more persons to serve as Maintainer(s); subsequently, participating community members may select additional or substitute Maintainers, per consensus agreements.
Current Maintainers of this TC Open Repository
- Chris Lenk; GitHub ID: https://github.com/clenk/; WWW: MITRE Corporation
- Rich Piazza; GitHub ID: https://github.com/rpiazza/; WWW: MITRE Corporation
- Emmanuelle Vargas-Gonzalez; GitHub ID: https://github.com/emmanvg/; WWW: MITRE Corporation
- Jason Keirstead; GitHub ID: https://github.com/JasonKeirstead; WWW: IBM
About OASIS TC Open Repositories
- TC Open Repositories: Overview and Resources
- Frequently Asked Questions
- Open Source Licenses
- Contributor License Agreements (CLAs)
- Maintainers' Guidelines and Agreement
Questions or comments about this TC Open Repository's activities should be composed as GitHub issues or comments. If use of an issue/comment is not possible or appropriate, questions may be directed by email to the Maintainer(s) listed above. Please send general questions about Open Repository participation to OASIS Staff at email@example.com and any specific CLA-related questions to firstname.lastname@example.org.