tessl/pypi-taxii2-client
Python TAXII 2.X client library for sharing cyber threat intelligence via STIX protocol
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-taxii2-client@2.3.0index.mddocs/
TAXII2-Client
A Python client library for interacting with TAXII 2.X (Trusted Automated eXchange of Indicator Information) servers. This library enables cyber threat intelligence sharing through the standardized TAXII protocol, supporting both TAXII 2.0 and 2.1 specifications for consuming and sharing structured threat data in STIX format.
Package Information
- Package Name: taxii2-client
- Language: Python
- Installation:
pip install taxii2-client - Requirements: Python 3.6+
Core Imports
from taxii2client import Server, ApiRoot, Collection, Status, as_pagesFor TAXII 2.1 (default/latest):
from taxii2client.v21 import Server, ApiRoot, Collection, Status, as_pagesFor TAXII 2.0 (legacy):
from taxii2client.v20 import Server, ApiRoot, Collection, Status, as_pagesAuthentication and utilities:
from taxii2client.common import TokenAuth
from taxii2client.exceptions import TAXIIServiceException, AccessError, ValidationErrorBasic Usage
from taxii2client import Server, Collection
import json
# Connect to a TAXII server
server = Server(
url="https://example.com/taxii2/",
user="username",
password="password"
)
# Get server information
print(f"Server: {server.title}")
print(f"Available API Roots: {len(server.api_roots)}")
# Access the default API root
api_root = server.default or server.api_roots[0]
print(f"API Root: {api_root.title}")
# List available collections
for collection in api_root.collections:
print(f"Collection: {collection.title} (ID: {collection.id})")
print(f" Can Read: {collection.can_read}, Can Write: {collection.can_write}")
# Work with a specific collection
collection = api_root.collections[0] # Get first collection
# Get objects from the collection
if collection.can_read:
objects = collection.get_objects()
print(f"Retrieved {len(objects.get('objects', []))} objects")
# Get paginated results
for page in as_pages(collection.get_objects, per_request=100):
objects = page.get('objects', [])
print(f"Page contains {len(objects)} objects")
# Add objects to collection (if allowed)
if collection.can_write:
# STIX bundle/envelope to add
envelope = {
"objects": [
{
"type": "indicator",
"id": "indicator--12345678-1234-5678-9012-123456789012",
"created": "2023-01-01T00:00:00.000Z",
"modified": "2023-01-01T00:00:00.000Z",
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
"labels": ["malicious-activity"]
}
]
}
# Add objects and wait for completion
status = collection.add_objects(envelope, wait_for_completion=True)
print(f"Add status: {status.status}")
print(f"Success count: {status.success_count}")Architecture
TAXII2-Client follows the TAXII protocol hierarchy:
- Server: Discovery endpoint providing server information and available API roots
- ApiRoot: Container for collections with version and capability information
- Collection: Repository for STIX objects supporting read/write operations
- Status: Tracks asynchronous operation progress and results
The library supports both TAXII 2.0 and 2.1 protocols with nearly identical APIs, automatically handling protocol differences including pagination mechanisms, media types, and endpoint variations.
Capabilities
Server Discovery
Server-level operations for discovering TAXII services, API roots, and server capabilities. Provides the entry point for all TAXII interactions.
class Server:
def __init__(self, url, conn=None, user=None, password=None, verify=True,
proxies=None, auth=None, cert=None): ...
@property
def title(self) -> str: ...
@property
def description(self) -> str: ...
@property
def contact(self) -> str: ...
@property
def default(self) -> ApiRoot: ...
@property
def api_roots(self) -> list[ApiRoot]: ...
def refresh(self) -> None: ...API Root Management
API root operations for managing collections, checking capabilities, and retrieving status information within a specific TAXII API root.
class ApiRoot:
def __init__(self, url, conn=None, user=None, password=None, verify=True,
proxies=None, auth=None, cert=None): ...
@property
def title(self) -> str: ...
@property
def description(self) -> str: ...
@property
def versions(self) -> list[str]: ...
@property
def max_content_length(self) -> int: ...
@property
def collections(self) -> list[Collection]: ...
def refresh(self, accept=None) -> None: ...
def refresh_information(self, accept=None) -> None: ...
def refresh_collections(self, accept=None) -> None: ...
def get_status(self, status_id, accept=None) -> Status: ...Collection Operations
Collection-level operations for managing STIX objects including retrieval, addition, deletion, and manifest operations.
class Collection:
def __init__(self, url, conn=None, user=None, password=None, verify=True,
proxies=None, collection_info=None, auth=None, cert=None): ...
@property
def id(self) -> str: ...
@property
def title(self) -> str: ...
@property
def can_read(self) -> bool: ...
@property
def can_write(self) -> bool: ...
def get_objects(self, accept=None, **filter_kwargs) -> dict: ...
def get_object(self, obj_id, accept=None, **filter_kwargs) -> dict: ...
def add_objects(self, envelope, wait_for_completion=True, poll_interval=1,
timeout=60, accept=None, content_type=None) -> Status: ...
def get_manifest(self, accept=None, **filter_kwargs) -> dict: ...
# TAXII 2.1 only:
def delete_object(self, obj_id, accept=None, **filter_kwargs) -> dict: ...
def object_versions(self, obj_id, accept=None, **filter_kwargs) -> dict: ...Status Monitoring
Status tracking for asynchronous operations including polling, completion checking, and result analysis.
class Status:
def __init__(self, url, conn=None, user=None, password=None, verify=True,
proxies=None, status_info=None, auth=None, cert=None): ...
@property
def id(self) -> str: ...
@property
def status(self) -> str: ...
@property
def total_count(self) -> int: ...
@property
def success_count(self) -> int: ...
@property
def failure_count(self) -> int: ...
@property
def pending_count(self) -> int: ...
@property
def successes(self) -> list: ...
@property
def failures(self) -> list: ...
@property
def pendings(self) -> list: ...
def refresh(self, accept=None) -> None: ...
def wait_until_final(self, poll_interval=1, timeout=60) -> None: ...
def __bool__(self) -> bool: ...Pagination Support
Pagination utilities for handling large result sets across different TAXII versions with automatic page traversal.
def as_pages(func, per_request=0, *args, **kwargs):
"""
Generator for TAXII endpoints supporting pagination.
Parameters:
- func: Collection method supporting pagination (get_objects, get_manifest)
- per_request: Items per request (0 for server default)
Yields:
dict: Response envelope/bundle for each page
"""Authentication & Connection
Authentication mechanisms and connection management including basic auth, token auth, and SSL client certificates.
class TokenAuth:
def __init__(self, key: str): ...
def __call__(self, r): ...Constants
DEFAULT_USER_AGENT: str = "taxii2-client/2.3.0"
MEDIA_TYPE_STIX_V20: str = "application/vnd.oasis.stix+json; version=2.0"
MEDIA_TYPE_TAXII_V20: str = "application/vnd.oasis.taxii+json; version=2.0"
MEDIA_TYPE_TAXII_V21: str = "application/taxii+json;version=2.1"Exception Types
class TAXIIServiceException(Exception):
"""Base exception for all TAXII client errors."""
class InvalidArgumentsError(TAXIIServiceException):
"""Invalid arguments passed to method."""
class AccessError(TAXIIServiceException):
"""Read/write access denied to collection."""
class ValidationError(TAXIIServiceException):
"""Data validation failed."""
class InvalidJSONError(TAXIIServiceException):
"""Invalid JSON received from server."""