├── .gitignore ├── Dockerfile ├── LICENSE ├── MANIFEST.in ├── README.md ├── RELEASE.md ├── js ├── README.md ├── lib │ ├── embed.js │ ├── extension.js │ ├── index.js │ ├── jupyter-widget-stixview.js │ └── labplugin.js ├── package-lock.json ├── package.json └── webpack.config.js ├── jupyter-widget-stixview.json ├── jupyter_widget_stixview ├── __init__.py ├── _version.py └── widget.py ├── screen.png ├── setup.cfg ├── setup.py ├── stix2-editor.ipynb ├── stixview-narrator.ipynb ├── stixview-stix21-idioms.ipynb └── stixview-widget-showcase.ipynb /.gitignore: -------------------------------------------------------------------------------- 1 | *.egg-info/ 2 | .ipynb_checkpoints/ 3 | dist/ 4 | build/ 5 | *.py[cod] 6 | node_modules/ 7 | 8 | # Compiled javascript 9 | jupyter_widget_stixview/static/ 10 | 11 | # OS X 12 | .DS_Store 13 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # You can build a ready-made Python virtual environment with jupyterlab 2 | # and jupyter-widget-stixview, and run jupyterlab in it like this: 3 | # 4 | # VENV=$(pwd)/venv 5 | # docker build --build-arg VENV=$VENV -t jupyter-stixview . 6 | # CONTAINER=$(docker create jupyter-stixview) 7 | # docker cp $CONTAINER:$VENV $VENV 8 | # docker rm $CONTAINER 9 | # $VENV/bin/jupyter lab 10 | # 11 | FROM ubuntu:bionic 12 | 13 | RUN apt-get update && apt-get install -y curl python3-pip python3-venv 14 | 15 | RUN curl -sL https://deb.nodesource.com/setup_15.x | bash - 16 | RUN apt-get install -y --no-install-recommends nodejs 17 | 18 | ARG VENV=/tmp/venv 19 | 20 | RUN mkdir -p $VENV 21 | WORKDIR $VENV 22 | RUN chown 1000:1000 $VENV 23 | USER 1000:1000 24 | 25 | RUN python3.6 -m venv $VENV 26 | RUN bin/pip install --no-cache-dir jupyterlab 27 | 28 | COPY . jupyter_widget_stixview 29 | 30 | ENV npm_config_cache=/tmp/.npm 31 | RUN bin/pip install --no-cache-dir jupyter_widget_stixview 32 | 33 | RUN set -ex; \ 34 | export PATH=$VENV/bin:$PATH; \ 35 | jupyter labextension install @jupyter-widgets/jupyterlab-manager --no-build; \ 36 | jupyter labextension install jupyter_widget_stixview/js --no-build; \ 37 | jupyter lab build 38 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2020, Sergey Polzunov 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | * Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | * Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | * Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | recursive-include jupyter_widget_stixview/static *.* 2 | include jupyter-widget-stixview.json 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | jupyter-widget-stixview 2 | ======================= 3 | 4 | [![PyPI version](https://badge.fury.io/py/jupyter-widget-stixview.svg)](https://badge.fury.io/py/jupyter-widget-stixview) 5 | 6 | STIX2 graph widget for Jupyter notebook, powered by [stixview](https://github.com/traut/stixview) library. 7 | 8 | 9 | ![stixview widget screenshot](https://raw.githubusercontent.com/traut/jupyter-widget-stixview/master/screen.png) 10 | 11 | (see [stixview-widget-showcase.ipynb](https://nbviewer.ipython.org/github/traut/jupyter-widget-stixview/blob/master/stixview-widget-showcase.ipynb) for usage options) 12 | 13 | 14 | Installation 15 | ------------ 16 | 17 | To install use pip: 18 | 19 | $ pip install jupyter_widget_stixview 20 | $ jupyter nbextension enable --py --sys-prefix jupyter_widget_stixview 21 | 22 | To install for jupyterlab 23 | 24 | $ jupyter labextension install jupyter-widget-stixview 25 | 26 | For a development installation (requires npm), 27 | 28 | $ git clone https://github.com/traut/jupyter-widget-stixview.git 29 | $ cd jupyter-widget-stixview 30 | $ pip install -e . 31 | $ jupyter nbextension install --py --symlink --sys-prefix jupyter_widget_stixview 32 | $ jupyter nbextension enable --py --sys-prefix jupyter_widget_stixview 33 | $ jupyter labextension install js 34 | 35 | When actively developing your extension, build Jupyter Lab with the command: 36 | 37 | $ jupyter lab --watch 38 | 39 | This take a minute or so to get started, but then allows you to hot-reload your javascript extension. 40 | To see a change, save your javascript, watch the terminal for an update. 41 | 42 | Note on first `jupyter lab --watch`, you may need to touch a file to get Jupyter Lab to open. 43 | 44 | Troubleshooting 45 | --------------- 46 | In case of an error like `jlpm: not found` where a JupyterLab command is 47 | missing, make sure that the `bin` directory (of a Python virtual environment 48 | where `jupyterlab` is installed to) is on `PATH`. 49 | -------------------------------------------------------------------------------- /RELEASE.md: -------------------------------------------------------------------------------- 1 | - To release a new version of jupyter_widget_stixview on PyPI: 2 | 3 | Update _version.py (set release version, remove 'dev') 4 | git add the _version.py file and git commit 5 | `python setup.py sdist upload` 6 | `python setup.py bdist_wheel upload` 7 | `git tag -a X.X.X -m 'comment'` 8 | Update _version.py (add 'dev' and increment minor) 9 | git add and git commit 10 | git push 11 | git push --tags 12 | 13 | - To release a new version of jupyter-widget-stixview on NPM: 14 | 15 | Update `js/package.json` with new npm package version 16 | 17 | ``` 18 | # clean out the `dist` and `node_modules` directories 19 | git clean -fdx 20 | npm install 21 | npm publish 22 | ``` -------------------------------------------------------------------------------- /js/README.md: -------------------------------------------------------------------------------- 1 | Stixview library widget for Jupyter 2 | 3 | Package Install 4 | --------------- 5 | 6 | **Prerequisites** 7 | - [node](http://nodejs.org/) 8 | 9 | ```bash 10 | npm install --save jupyter-widget-stixview 11 | ``` 12 | -------------------------------------------------------------------------------- /js/lib/embed.js: -------------------------------------------------------------------------------- 1 | // Entry point for the unpkg bundle containing custom model definitions. 2 | // 3 | // It differs from the notebook bundle in that it does not need to define a 4 | // dynamic baseURL for the static assets and may load some css that would 5 | // already be loaded by the notebook otherwise. 6 | 7 | // Export widget models and views, and the npm package version number. 8 | module.exports = require('./jupyter-widget-stixview.js'); 9 | module.exports['version'] = require('../package.json').version; 10 | -------------------------------------------------------------------------------- /js/lib/extension.js: -------------------------------------------------------------------------------- 1 | // This file contains the javascript that is run when the notebook is loaded. 2 | // It contains some requirejs configuration and the `load_ipython_extension` 3 | // which is required for any notebook extension. 4 | // 5 | // Some static assets may be required by the custom widget javascript. The base 6 | // url for the notebook is not known at build time and is therefore computed 7 | // dynamically. 8 | __webpack_public_path__ = document.querySelector('body').getAttribute('data-base-url') + 'nbextensions/jupyter-widget-stixview'; 9 | 10 | 11 | // Configure requirejs 12 | if (window.require) { 13 | window.require.config({ 14 | map: { 15 | "*" : { 16 | "jupyter-widget-stixview": "nbextensions/jupyter-widget-stixview/index", 17 | } 18 | } 19 | }); 20 | } 21 | 22 | // Export the required load_ipython_extension 23 | module.exports = { 24 | load_ipython_extension: function() {} 25 | }; 26 | -------------------------------------------------------------------------------- /js/lib/index.js: -------------------------------------------------------------------------------- 1 | // Export widget models and views, and the npm package version number. 2 | module.exports = require('./jupyter-widget-stixview.js'); 3 | module.exports['version'] = require('../package.json').version; 4 | -------------------------------------------------------------------------------- /js/lib/jupyter-widget-stixview.js: -------------------------------------------------------------------------------- 1 | var widgets = require('@jupyter-widgets/base'); 2 | var _ = require('lodash'); 3 | 4 | var stixview = require('stixview'); 5 | 6 | const version = '1.0.2'; 7 | 8 | 9 | var StixviewGraphModel = widgets.DOMWidgetModel.extend({ 10 | defaults: _.extend(widgets.DOMWidgetModel.prototype.defaults(), { 11 | _model_name : 'StixviewGraphModel', 12 | _view_name : 'StixviewGraphView', 13 | _model_module : 'jupyter-widget-stixview', 14 | _view_module : 'jupyter-widget-stixview', 15 | _model_module_version : version, 16 | _view_module_version : version, 17 | 18 | properties: null, 19 | 20 | bundle: null, 21 | gist_id: null, 22 | gist_file: null, 23 | url: null, 24 | }) 25 | }); 26 | 27 | 28 | var StixviewGraphView = widgets.DOMWidgetView.extend({ 29 | render: function() { 30 | 31 | const element = this.el; 32 | 33 | const bundle = this.model.get('bundle'); 34 | const gist_id = this.model.get('gist_id'); 35 | const gist_file = this.model.get('gist_file'); 36 | const url = this.model.get('url'); 37 | 38 | const renderTimeout = this.model.get('timeout'); 39 | 40 | const properties = { 41 | layout: 'cola', 42 | hideFooter: false, 43 | showSidebar: true, 44 | allowDragDrop: false, 45 | graphWidth: 800, 46 | graphHeight: 600, 47 | ...this.model.get('properties'), 48 | }; 49 | 50 | if (this.graph) { 51 | this.graph.cy.destroy() 52 | }; 53 | 54 | this.graph = stixview.init(element, properties, function(graph) { 55 | // timeout for Jupyter to render the DOM element, so that 56 | // layout algorythms can run 57 | const timeout = renderTimeout || ((element.offsetParent === null) ? 1200 : 50); 58 | if (bundle && bundle.id) { 59 | setTimeout(() => graph.loadData(bundle), timeout); 60 | } else if (gist_id) { 61 | setTimeout(() => { 62 | graph.loadDataFromGist(gist_id, gist_file); 63 | }, timeout); 64 | } else if (url) { 65 | setTimeout(() => graph.loadDataFromUrl(url), timeout); 66 | } 67 | }); 68 | }, 69 | }) 70 | 71 | module.exports = { 72 | StixviewGraphModel: StixviewGraphModel, 73 | StixviewGraphView: StixviewGraphView, 74 | }; 75 | -------------------------------------------------------------------------------- /js/lib/labplugin.js: -------------------------------------------------------------------------------- 1 | var plugin = require('./index'); 2 | var base = require('@jupyter-widgets/base'); 3 | 4 | module.exports = { 5 | id: 'jupyter-widget-stixview', 6 | requires: [base.IJupyterWidgetRegistry], 7 | activate: function(app, widgets) { 8 | widgets.registerWidget({ 9 | name: 'jupyter-widget-stixview', 10 | version: plugin.version, 11 | exports: plugin 12 | }); 13 | }, 14 | autoStart: true 15 | }; 16 | 17 | -------------------------------------------------------------------------------- /js/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "jupyter-widget-stixview", 3 | "version": "1.1.0", 4 | "description": "Stixview library widget for Jupyter", 5 | "author": "Sergey Polzunov", 6 | "main": "lib/index.js", 7 | "license": "BSD-3-Clause", 8 | "repository": { 9 | "type": "git", 10 | "url": "https://github.com/traut/jupyter-widget-stixview.git" 11 | }, 12 | "keywords": [ 13 | "jupyter", 14 | "widgets", 15 | "ipython", 16 | "ipywidgets", 17 | "jupyterlab-extension" 18 | ], 19 | "files": [ 20 | "lib/**/*.js", 21 | "dist/*.js" 22 | ], 23 | "scripts": { 24 | "clean": "rimraf dist/", 25 | "prepublish": "webpack", 26 | "build": "webpack", 27 | "watch": "webpack --watch --mode=development", 28 | "test": "echo \"Error: no test specified\" && exit 1" 29 | }, 30 | "devDependencies": { 31 | "css-loader": "^4.3.0", 32 | "rimraf": "^3.0.2", 33 | "style-loader": "^1.3.0", 34 | "webpack": "^4.44.2", 35 | "webpack-cli": "^3.3.12" 36 | }, 37 | "dependencies": { 38 | "@jupyter-widgets/base": "^3", 39 | "lodash": "^4.17.20", 40 | "stixview": "^1.4.0", 41 | "svg-inline-loader": "^0.8.2", 42 | "yarn": "^1.22.10" 43 | }, 44 | "jupyterlab": { 45 | "extension": "lib/labplugin" 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /js/webpack.config.js: -------------------------------------------------------------------------------- 1 | var path = require('path'); 2 | var version = require('./package.json').version; 3 | 4 | // Custom webpack rules are generally the same for all webpack bundles, hence 5 | // stored in a separate local variable. 6 | var rules = [ 7 | { test: /\.css$/, use: ['style-loader', 'css-loader']}, 8 | { test: /\.svg$/, loader: 'svg-inline-loader'}, 9 | ] 10 | 11 | module.exports = [ 12 | {// Notebook extension 13 | // 14 | // This bundle only contains the part of the JavaScript that is run on 15 | // load of the notebook. This section generally only performs 16 | // some configuration for requirejs, and provides the legacy 17 | // "load_ipython_extension" function which is required for any notebook 18 | // extension. 19 | // 20 | entry: './lib/extension.js', 21 | output: { 22 | filename: 'extension.js', 23 | path: path.resolve(__dirname, '..', 'jupyter_widget_stixview', 'static'), 24 | libraryTarget: 'amd' 25 | }, 26 | mode: 'development', 27 | }, 28 | {// Bundle for the notebook containing the custom widget views and models 29 | // 30 | // This bundle contains the implementation for the custom widget views and 31 | // custom widget. 32 | // It must be an amd module 33 | // 34 | entry: './lib/index.js', 35 | // entry: { 36 | // index: [ 37 | // './lib/index.js', 38 | // './node_modules/stixview/src/main.css', 39 | // ], 40 | // }, 41 | mode: 'development', 42 | output: { 43 | filename: 'index.js', 44 | path: path.resolve(__dirname, '..', 'jupyter_widget_stixview', 'static'), 45 | libraryTarget: 'amd' 46 | }, 47 | devtool: 'source-map', 48 | module: { 49 | rules: rules, 50 | }, 51 | externals: ['@jupyter-widgets/base'] 52 | }, 53 | {// Embeddable jupyter-widget-stixview bundle 54 | // 55 | // This bundle is generally almost identical to the notebook bundle 56 | // containing the custom widget views and models. 57 | // 58 | // The only difference is in the configuration of the webpack public path 59 | // for the static assets. 60 | // 61 | // It will be automatically distributed by unpkg to work with the static 62 | // widget embedder. 63 | // 64 | // The target bundle is always `dist/index.js`, which is the path required 65 | // by the custom widget embedder. 66 | // 67 | entry: './lib/embed.js', 68 | // entry: { 69 | // index: [ 70 | // './lib/embed.js', 71 | // './node_modules/stixview/src/main.css', 72 | // ], 73 | // }, 74 | mode: 'development', 75 | output: { 76 | filename: 'index.js', 77 | path: path.resolve(__dirname, 'dist'), 78 | libraryTarget: 'amd', 79 | publicPath: 'https://unpkg.com/jupyter-widget-stixview@' + version + '/dist/' 80 | }, 81 | devtool: 'source-map', 82 | module: { 83 | rules: rules 84 | }, 85 | externals: ['@jupyter-widgets/base'] 86 | } 87 | ]; 88 | -------------------------------------------------------------------------------- /jupyter-widget-stixview.json: -------------------------------------------------------------------------------- 1 | { 2 | "load_extensions": { 3 | "jupyter-widget-stixview/extension": true 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /jupyter_widget_stixview/__init__.py: -------------------------------------------------------------------------------- 1 | from ._version import version_info, __version__ 2 | 3 | from .widget import * 4 | 5 | def _jupyter_nbextension_paths(): 6 | """Called by Jupyter Notebook Server to detect if it is a valid nbextension and 7 | to install the widget 8 | 9 | Returns 10 | ======= 11 | section: The section of the Jupyter Notebook Server to change. 12 | Must be 'notebook' for widget extensions 13 | src: Source directory name to copy files from. Webpack outputs generated files 14 | into this directory and Jupyter Notebook copies from this directory during 15 | widget installation 16 | dest: Destination directory name to install widget files to. Jupyter Notebook copies 17 | from `src` directory into /nbextensions/ directory 18 | during widget installation 19 | require: Path to importable AMD Javascript module inside the 20 | /nbextensions/ directory 21 | """ 22 | return [{ 23 | 'section': 'notebook', 24 | 'src': 'static', 25 | 'dest': 'jupyter-widget-stixview', 26 | 'require': 'jupyter-widget-stixview/extension' 27 | }] 28 | -------------------------------------------------------------------------------- /jupyter_widget_stixview/_version.py: -------------------------------------------------------------------------------- 1 | # Module version 2 | version_info = (1, 0, 3, 'final', 0) 3 | 4 | # Module version stage suffix map 5 | _specifier_ = {'alpha': 'a', 'beta': 'b', 'candidate': 'rc', 'final': ''} 6 | 7 | # Module version accessible using jupyter_widget_stixview.__version__ 8 | __version__ = '%s.%s.%s%s'%(version_info[0], version_info[1], version_info[2], 9 | '' if version_info[3]=='final' else _specifier_[version_info[3]]+str(version_info[4])) 10 | -------------------------------------------------------------------------------- /jupyter_widget_stixview/widget.py: -------------------------------------------------------------------------------- 1 | import ipywidgets as widgets 2 | from traitlets import Unicode, default, Dict, Long 3 | 4 | version = '^1.0.3' 5 | 6 | class StixviewGraph(widgets.DOMWidget): 7 | 8 | _view_name = Unicode('StixviewGraphView').tag(sync=True) 9 | _model_name = Unicode('StixviewGraphModel').tag(sync=True) 10 | _view_module = Unicode('jupyter-widget-stixview').tag(sync=True) 11 | _model_module = Unicode('jupyter-widget-stixview').tag(sync=True) 12 | _view_module_version = Unicode(version).tag(sync=True) 13 | _model_module_version = Unicode(version).tag(sync=True) 14 | 15 | properties = Dict().tag(sync=True) 16 | 17 | gist_id = Unicode().tag(sync=True) 18 | gist_file = Unicode().tag(sync=True) 19 | url = Unicode().tag(sync=True) 20 | bundle = Dict().tag(sync=True) 21 | timeout = Long().tag(sync=True) 22 | -------------------------------------------------------------------------------- /screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/traut/jupyter-widget-stixview/d172c917f2de90f9deb516e950e602fdefc3ab3b/screen.png -------------------------------------------------------------------------------- /setup.cfg: -------------------------------------------------------------------------------- 1 | [bdist_wheel] 2 | universal=1 3 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | from __future__ import print_function 2 | from setuptools import setup, find_packages, Command 3 | from setuptools.command.sdist import sdist 4 | from setuptools.command.build_py import build_py 5 | from setuptools.command.egg_info import egg_info 6 | from subprocess import check_call 7 | import os 8 | import sys 9 | import platform 10 | 11 | here = os.path.dirname(os.path.abspath(__file__)) 12 | node_root = os.path.join(here, 'js') 13 | is_repo = os.path.exists(os.path.join(here, '.git')) 14 | 15 | npm_path = os.pathsep.join([ 16 | os.path.join( 17 | node_root, 'node_modules', '.bin'), os.environ.get('PATH', os.defpath), 18 | ]) 19 | 20 | from distutils import log 21 | log.set_verbosity(log.DEBUG) 22 | log.info('setup.py entered') 23 | log.info('$PATH=%s' % os.environ['PATH']) 24 | 25 | LONG_DESCRIPTION = 'Stixview library widget for Jupyter' 26 | 27 | 28 | def js_prerelease(command, strict=False): 29 | """decorator for building minified js/css prior to another command""" 30 | class DecoratedCommand(command): 31 | def run(self): 32 | jsdeps = self.distribution.get_command_obj('jsdeps') 33 | if not is_repo and all(os.path.exists(t) for t in jsdeps.targets): 34 | # sdist, nothing to do 35 | command.run(self) 36 | return 37 | 38 | try: 39 | self.distribution.run_command('jsdeps') 40 | except Exception as e: 41 | missing = [t for t in jsdeps.targets if not os.path.exists(t)] 42 | if strict or missing: 43 | log.warn('rebuilding js and css failed') 44 | if missing: 45 | log.error('missing files: %s' % missing) 46 | raise e 47 | else: 48 | log.warn('rebuilding js and css failed (not a problem)') 49 | log.warn(str(e)) 50 | command.run(self) 51 | update_package_data(self.distribution) 52 | return DecoratedCommand 53 | 54 | 55 | def update_package_data(distribution): 56 | """update package_data to catch changes during setup""" 57 | build_py = distribution.get_command_obj('build_py') 58 | # distribution.package_data = find_package_data() 59 | # re-init build_py options which load package_data 60 | build_py.finalize_options() 61 | 62 | 63 | class NPM(Command): 64 | description = 'install package.json dependencies using npm' 65 | 66 | user_options = [] 67 | 68 | node_modules = os.path.join(node_root, 'node_modules') 69 | 70 | targets = [ 71 | os.path.join(here, 'jupyter_widget_stixview', 'static', 'extension.js'), 72 | os.path.join(here, 'jupyter_widget_stixview', 'static', 'index.js') 73 | ] 74 | 75 | def initialize_options(self): 76 | pass 77 | 78 | def finalize_options(self): 79 | pass 80 | 81 | def get_npm_name(self): 82 | npmName = 'npm'; 83 | if platform.system() == 'Windows': 84 | npmName = 'npm.cmd' 85 | return npmName 86 | 87 | def has_npm(self): 88 | npmName = self.get_npm_name() 89 | try: 90 | check_call([npmName, '--version']) 91 | return True 92 | except: 93 | return False 94 | 95 | def should_run_npm_install(self): 96 | package_json = os.path.join(node_root, 'package.json') 97 | node_modules_exists = os.path.exists(self.node_modules) 98 | return self.has_npm() 99 | 100 | def run(self): 101 | has_npm = self.has_npm() 102 | if not has_npm: 103 | log.error("`npm` unavailable. If you're running this command using sudo, make sure `npm` is available to sudo") 104 | 105 | env = os.environ.copy() 106 | env['PATH'] = npm_path 107 | 108 | if self.should_run_npm_install(): 109 | log.info("Installing build dependencies with npm. This may take a while...") 110 | npmName = self.get_npm_name(); 111 | check_call([npmName, 'install'], cwd=node_root, stdout=sys.stdout, stderr=sys.stderr) 112 | os.utime(self.node_modules, None) 113 | 114 | for t in self.targets: 115 | if not os.path.exists(t): 116 | msg = 'Missing file: %s' % t 117 | if not has_npm: 118 | msg += '\nnpm is required to build a development version of a widget extension' 119 | raise ValueError(msg) 120 | 121 | # update package data in case this created new files 122 | update_package_data(self.distribution) 123 | 124 | version_ns = {} 125 | with open(os.path.join(here, 'jupyter_widget_stixview', '_version.py')) as f: 126 | exec(f.read(), {}, version_ns) 127 | 128 | setup_args = { 129 | 'name': 'jupyter_widget_stixview', 130 | 'version': version_ns['__version__'], 131 | 'description': 'Stixview library widget for Jupyter', 132 | 'long_description': LONG_DESCRIPTION, 133 | 'include_package_data': True, 134 | 'data_files': [ 135 | ('share/jupyter/nbextensions/jupyter-widget-stixview', [ 136 | 'jupyter_widget_stixview/static/extension.js', 137 | 'jupyter_widget_stixview/static/index.js', 138 | 'jupyter_widget_stixview/static/index.js.map', 139 | ],), 140 | ('etc/jupyter/nbconfig/notebook.d', ['jupyter-widget-stixview.json']) 141 | ], 142 | 'install_requires': [ 143 | 'ipywidgets>=7.0.0', 144 | ], 145 | 'packages': find_packages(), 146 | 'zip_safe': False, 147 | 'cmdclass': { 148 | 'build_py': js_prerelease(build_py), 149 | 'egg_info': js_prerelease(egg_info), 150 | 'sdist': js_prerelease(sdist, strict=True), 151 | 'jsdeps': NPM, 152 | }, 153 | 154 | 'author': 'Sergey Polzunov', 155 | 'author_email': 'sergey@polzunov.com', 156 | 'url': 'https://github.com/traut/jupyter-widget-stixview', 157 | 'keywords': [ 158 | 'ipython', 159 | 'jupyter', 160 | 'widgets', 161 | ], 162 | 'classifiers': [ 163 | 'Development Status :: 4 - Beta', 164 | 'Framework :: IPython', 165 | 'Intended Audience :: Developers', 166 | 'Intended Audience :: Science/Research', 167 | 'Topic :: Multimedia :: Graphics', 168 | 'Programming Language :: Python :: 2', 169 | 'Programming Language :: Python :: 2.7', 170 | 'Programming Language :: Python :: 3', 171 | 'Programming Language :: Python :: 3.3', 172 | 'Programming Language :: Python :: 3.4', 173 | 'Programming Language :: Python :: 3.5', 174 | 'Programming Language :: Python :: 3.6', 175 | 'Programming Language :: Python :: 3.7', 176 | ], 177 | } 178 | 179 | setup(**setup_args) 180 | -------------------------------------------------------------------------------- /stix2-editor.ipynb: -------------------------------------------------------------------------------- 1 | { 2 | "cells": [ 3 | { 4 | "cell_type": "code", 5 | "execution_count": 1, 6 | "metadata": {}, 7 | "outputs": [], 8 | "source": [ 9 | "import json\n", 10 | "from jupyter_widget_stixview.widget import StixviewGraph\n", 11 | "\n", 12 | "from stix2 import (\n", 13 | " Bundle, Indicator, Malware, Relationship,\n", 14 | " AttackPattern, Campaign, ThreatActor)\n", 15 | "\n", 16 | "\n", 17 | "def as_bundle(objects):\n", 18 | " bundle_obj = Bundle(*objects)\n", 19 | " return json.loads(bundle_obj.serialize())" 20 | ] 21 | }, 22 | { 23 | "cell_type": "code", 24 | "execution_count": 2, 25 | "metadata": {}, 26 | "outputs": [ 27 | { 28 | "data": { 29 | "application/vnd.jupyter.widget-view+json": { 30 | "model_id": "4add0171fb2248a3abd0d329f8edd5d5", 31 | "version_major": 2, 32 | "version_minor": 0 33 | }, 34 | "text/plain": [ 35 | "StixviewGraph(bundle={'objects': [{'name': 'File hash for malware variant X', 'labels': ['malicious-activity']…" 36 | ] 37 | }, 38 | "metadata": {}, 39 | "output_type": "display_data" 40 | } 41 | ], 42 | "source": [ 43 | "indicator = Indicator(\n", 44 | " name=\"File hash for malware variant X\",\n", 45 | " labels=[\"malicious-activity\"],\n", 46 | " pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n", 47 | "\n", 48 | "malware = Malware(\n", 49 | " name=\"Malware Variant X\",\n", 50 | " labels=['remote-access-trojan'])\n", 51 | "\n", 52 | "rel1 = Relationship(\n", 53 | " source_ref=indicator.id,\n", 54 | " relationship_type='indicates',\n", 55 | " target_ref=malware.id)\n", 56 | "\n", 57 | "objects = [indicator, malware, rel1]\n", 58 | "\n", 59 | "StixviewGraph(\n", 60 | " bundle=as_bundle(objects),\n", 61 | " properties={\"graphHeight\": 300})" 62 | ] 63 | }, 64 | { 65 | "cell_type": "code", 66 | "execution_count": 3, 67 | "metadata": { 68 | "scrolled": false 69 | }, 70 | "outputs": [ 71 | { 72 | "data": { 73 | "application/vnd.jupyter.widget-view+json": { 74 | "model_id": "c15f9d5f901f418eb3548c7c7e1b2713", 75 | "version_major": 2, 76 | "version_minor": 0 77 | }, 78 | "text/plain": [ 79 | "StixviewGraph(bundle={'objects': [{'name': 'File hash for malware variant X', 'labels': ['malicious-activity']…" 80 | ] 81 | }, 82 | "metadata": {}, 83 | "output_type": "display_data" 84 | } 85 | ], 86 | "source": [ 87 | "indicator = Indicator(\n", 88 | " name=\"File hash for malware variant X\",\n", 89 | " labels=[\"malicious-activity\"],\n", 90 | " pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n", 91 | "\n", 92 | "malware = Malware(\n", 93 | " name=\"Malware Variant X\",\n", 94 | " labels=['remote-access-trojan'])\n", 95 | "\n", 96 | "rel1 = Relationship(\n", 97 | " source_ref=indicator.id,\n", 98 | " relationship_type='indicates',\n", 99 | " target_ref=malware.id)\n", 100 | "\n", 101 | "campaign = Campaign(name=\"Campaign Y\")\n", 102 | "\n", 103 | "rel2 = Relationship(\n", 104 | " source_ref=campaign.id,\n", 105 | " relationship_type='uses',\n", 106 | " target_ref=malware.id)\n", 107 | "\n", 108 | "actor = ThreatActor(\n", 109 | " name='Actor Z',\n", 110 | " labels=['criminal'])\n", 111 | "\n", 112 | "rel3 = Relationship(\n", 113 | " source_ref=campaign.id,\n", 114 | " relationship_type='attributed-to',\n", 115 | " target_ref=actor.id)\n", 116 | "\n", 117 | "objects = [indicator, malware, rel1, campaign, rel2, actor, rel3]\n", 118 | "\n", 119 | "StixviewGraph(\n", 120 | " bundle=as_bundle(objects),\n", 121 | " properties={\"graphHeight\": 300})" 122 | ] 123 | }, 124 | { 125 | "cell_type": "code", 126 | "execution_count": null, 127 | "metadata": {}, 128 | "outputs": [], 129 | "source": [] 130 | } 131 | ], 132 | "metadata": { 133 | "hide_input": false, 134 | "kernelspec": { 135 | "display_name": "Python 3", 136 | "language": "python", 137 | "name": "python3" 138 | }, 139 | "language_info": { 140 | "codemirror_mode": { 141 | "name": "ipython", 142 | "version": 3 143 | }, 144 | "file_extension": ".py", 145 | "mimetype": "text/x-python", 146 | "name": "python", 147 | "nbconvert_exporter": "python", 148 | "pygments_lexer": "ipython3", 149 | "version": "3.7.6" 150 | }, 151 | "widgets": { 152 | "application/vnd.jupyter.widget-state+json": { 153 | "state": { 154 | "1a4bd92070ed4102b9eb78804ea512e1": { 155 | "model_module": "@jupyter-widgets/base", 156 | "model_module_version": "1.2.0", 157 | "model_name": "LayoutModel", 158 | "state": {} 159 | }, 160 | "4add0171fb2248a3abd0d329f8edd5d5": { 161 | "model_module": "jupyter-widget-stixview", 162 | "model_module_version": "^1.0.2", 163 | "model_name": "StixviewGraphModel", 164 | "state": { 165 | "_model_module_version": "^1.0.2", 166 | "_view_module_version": "^1.0.2", 167 | "bundle": { 168 | "id": "bundle--5f51dc93-aa6e-49b5-b067-bbcb77631776", 169 | "objects": [ 170 | { 171 | "created": "2020-05-04T13:16:09.078Z", 172 | "id": "indicator--b00f130a-693a-45da-8afd-cae874d93758", 173 | "labels": [ 174 | "malicious-activity" 175 | ], 176 | "modified": "2020-05-04T13:16:09.078Z", 177 | "name": "File hash for malware variant X", 178 | "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']", 179 | "type": "indicator", 180 | "valid_from": "2020-05-04T13:16:09.078226Z" 181 | }, 182 | { 183 | "created": "2020-05-04T13:16:09.099Z", 184 | "id": "malware--ec4ec648-ffb1-438b-8a40-ab5c50b69430", 185 | "labels": [ 186 | "remote-access-trojan" 187 | ], 188 | "modified": "2020-05-04T13:16:09.099Z", 189 | "name": "Malware Variant X", 190 | "type": "malware" 191 | }, 192 | { 193 | "created": "2020-05-04T13:16:09.099Z", 194 | "id": "relationship--fa614a85-311a-4bb3-b996-47aaf31e1563", 195 | "modified": "2020-05-04T13:16:09.099Z", 196 | "relationship_type": "indicates", 197 | "source_ref": "indicator--b00f130a-693a-45da-8afd-cae874d93758", 198 | "target_ref": "malware--ec4ec648-ffb1-438b-8a40-ab5c50b69430", 199 | "type": "relationship" 200 | } 201 | ], 202 | "spec_version": "2.0", 203 | "type": "bundle" 204 | }, 205 | "gist_file": "", 206 | "gist_id": "", 207 | "layout": "IPY_MODEL_84e18ebf61f841bb8192a69873720a2d", 208 | "properties": { 209 | "graphHeight": 300 210 | }, 211 | "timeout": 0, 212 | "url": "" 213 | } 214 | }, 215 | "84e18ebf61f841bb8192a69873720a2d": { 216 | "model_module": "@jupyter-widgets/base", 217 | "model_module_version": "1.2.0", 218 | "model_name": "LayoutModel", 219 | "state": {} 220 | }, 221 | "c15f9d5f901f418eb3548c7c7e1b2713": { 222 | "model_module": "jupyter-widget-stixview", 223 | "model_module_version": "^1.0.2", 224 | "model_name": "StixviewGraphModel", 225 | "state": { 226 | "_model_module_version": "^1.0.2", 227 | "_view_module_version": "^1.0.2", 228 | "bundle": { 229 | "id": "bundle--a3c4bf22-dac2-49d7-9ee9-b26be8d61443", 230 | "objects": [ 231 | { 232 | "created": "2020-05-04T13:16:10.952Z", 233 | "id": "indicator--44db888f-8ab1-4fd3-9eea-c62e75c334f4", 234 | "labels": [ 235 | "malicious-activity" 236 | ], 237 | "modified": "2020-05-04T13:16:10.952Z", 238 | "name": "File hash for malware variant X", 239 | "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']", 240 | "type": "indicator", 241 | "valid_from": "2020-05-04T13:16:10.952308Z" 242 | }, 243 | { 244 | "created": "2020-05-04T13:16:10.953Z", 245 | "id": "malware--0ab7498e-2f0c-4e21-b5c2-d536a0e2ba4c", 246 | "labels": [ 247 | "remote-access-trojan" 248 | ], 249 | "modified": "2020-05-04T13:16:10.953Z", 250 | "name": "Malware Variant X", 251 | "type": "malware" 252 | }, 253 | { 254 | "created": "2020-05-04T13:16:10.954Z", 255 | "id": "relationship--24348621-ffe2-4637-b86a-6909e4482b57", 256 | "modified": "2020-05-04T13:16:10.954Z", 257 | "relationship_type": "indicates", 258 | "source_ref": "indicator--44db888f-8ab1-4fd3-9eea-c62e75c334f4", 259 | "target_ref": "malware--0ab7498e-2f0c-4e21-b5c2-d536a0e2ba4c", 260 | "type": "relationship" 261 | }, 262 | { 263 | "created": "2020-05-04T13:16:10.954Z", 264 | "id": "campaign--70ca8a90-9436-4aee-88fb-fafdd392d43a", 265 | "modified": "2020-05-04T13:16:10.954Z", 266 | "name": "Campaign Y", 267 | "type": "campaign" 268 | }, 269 | { 270 | "created": "2020-05-04T13:16:10.954Z", 271 | "id": "relationship--e0c91bb5-ee48-4ee1-826d-69e85a6ad8e0", 272 | "modified": "2020-05-04T13:16:10.954Z", 273 | "relationship_type": "uses", 274 | "source_ref": "campaign--70ca8a90-9436-4aee-88fb-fafdd392d43a", 275 | "target_ref": "malware--0ab7498e-2f0c-4e21-b5c2-d536a0e2ba4c", 276 | "type": "relationship" 277 | }, 278 | { 279 | "created": "2020-05-04T13:16:10.954Z", 280 | "id": "threat-actor--e6e0e6fa-9a6e-432c-aff8-e75121a29e6d", 281 | "labels": [ 282 | "criminal" 283 | ], 284 | "modified": "2020-05-04T13:16:10.954Z", 285 | "name": "Actor Z", 286 | "type": "threat-actor" 287 | }, 288 | { 289 | "created": "2020-05-04T13:16:10.954Z", 290 | "id": "relationship--afd4ca86-1a07-4aa7-95da-3279e6aecbe2", 291 | "modified": "2020-05-04T13:16:10.954Z", 292 | "relationship_type": "attributed-to", 293 | "source_ref": "campaign--70ca8a90-9436-4aee-88fb-fafdd392d43a", 294 | "target_ref": "threat-actor--e6e0e6fa-9a6e-432c-aff8-e75121a29e6d", 295 | "type": "relationship" 296 | } 297 | ], 298 | "spec_version": "2.0", 299 | "type": "bundle" 300 | }, 301 | "gist_file": "", 302 | "gist_id": "", 303 | "layout": "IPY_MODEL_1a4bd92070ed4102b9eb78804ea512e1", 304 | "properties": { 305 | "graphHeight": 300 306 | }, 307 | "timeout": 0, 308 | "url": "" 309 | } 310 | } 311 | }, 312 | "version_major": 2, 313 | "version_minor": 0 314 | } 315 | } 316 | }, 317 | "nbformat": 4, 318 | "nbformat_minor": 4 319 | } 320 | -------------------------------------------------------------------------------- /stixview-narrator.ipynb: -------------------------------------------------------------------------------- 1 | { 2 | "cells": [ 3 | { 4 | "cell_type": "code", 5 | "execution_count": 51, 6 | "metadata": {}, 7 | "outputs": [], 8 | "source": [ 9 | "from IPython.display import display, HTML\n", 10 | "\n", 11 | "import json\n", 12 | "import requests\n", 13 | "from jupyter_widget_stixview.widget import StixviewGraph\n", 14 | "\n", 15 | "from stix2 import (\n", 16 | " Bundle, Indicator, Malware, Relationship,\n", 17 | " AttackPattern, Campaign, ThreatActor)\n", 18 | "\n", 19 | "\n", 20 | "narrator_api = \"https://polzunov.com/narrator/report/\"\n", 21 | "\n", 22 | "\n", 23 | "def as_bundle(objects):\n", 24 | " bundle_obj = Bundle(*objects)\n", 25 | " return json.loads(bundle_obj.serialize())\n", 26 | "\n", 27 | "\n", 28 | "def get_report(data):\n", 29 | " r = requests.post(narrator_api, json=data)\n", 30 | " r.raise_for_status()\n", 31 | " response = r.json()\n", 32 | " return response['text']\n", 33 | "\n", 34 | "\n", 35 | "def render_html(html):\n", 36 | " display(HTML(html))" 37 | ] 38 | }, 39 | { 40 | "cell_type": "code", 41 | "execution_count": 54, 42 | "metadata": {}, 43 | "outputs": [ 44 | { 45 | "data": { 46 | "application/vnd.jupyter.widget-view+json": { 47 | "model_id": "f522a42f4b7d4c42a0518dd1928887f0", 48 | "version_major": 2, 49 | "version_minor": 0 50 | }, 51 | "text/plain": [ 52 | "StixviewGraph(bundle={'objects': [{'name': 'File hash for malware variant X', 'labels': ['malicious-activity']…" 53 | ] 54 | }, 55 | "metadata": {}, 56 | "output_type": "display_data" 57 | } 58 | ], 59 | "source": [ 60 | "indicator = Indicator(\n", 61 | " name=\"File hash for malware variant X\",\n", 62 | " labels=[\"malicious-activity\"],\n", 63 | " pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n", 64 | "\n", 65 | "malware = Malware(\n", 66 | " name=\"Malware Variant X\",\n", 67 | " labels=['remote-access-trojan'])\n", 68 | "\n", 69 | "rel1 = Relationship(\n", 70 | " source_ref=indicator.id,\n", 71 | " relationship_type='indicates',\n", 72 | " target_ref=malware.id)\n", 73 | "\n", 74 | "campaign = Campaign(name=\"Campaign Y\")\n", 75 | "\n", 76 | "rel2 = Relationship(\n", 77 | " source_ref=campaign.id,\n", 78 | " relationship_type='uses',\n", 79 | " target_ref=malware.id)\n", 80 | "\n", 81 | "actor = ThreatActor(\n", 82 | " name='Actor Z',\n", 83 | " labels=['criminal'])\n", 84 | "\n", 85 | "rel3 = Relationship(\n", 86 | " source_ref=campaign.id,\n", 87 | " relationship_type='attributed-to',\n", 88 | " target_ref=actor.id)\n", 89 | "\n", 90 | "objects = [indicator, malware, rel1, campaign, rel2, actor, rel3]\n", 91 | "\n", 92 | "StixviewGraph(\n", 93 | " bundle=as_bundle(objects),\n", 94 | " properties={\"graphHeight\": 300})" 95 | ] 96 | }, 97 | { 98 | "cell_type": "code", 99 | "execution_count": 55, 100 | "metadata": {}, 101 | "outputs": [ 102 | { 103 | "data": { 104 | "text/html": [ 105 | "

Timeline Overview.

In May, 2020, 1 indicators, 1 malwares, 1 campaigns and 1 threat actors had been published.

May, 2020.

In May, 2020, 1 indicators, 1 malwares, 1 campaigns and 1 threat actors had been publicly released.

\"File hash for malware variant X\".

File hash for malware variant X has been published on May 5, 2020. Its indicator type is not provided. The indicator's description is not provided.

Its pattern type is not provided. The indicator's pattern is 

[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']

Its \"valid from\" time is May 5, 2020. The indicator's \"valid until\" time is not provided.

Its kill chain phase is not provided.

Malware Variant X.

Malware Variant X has been released on May 5, 2020. Its description is not provided. Its kill chain phase is not provided.

Campaign Y.

Campaign Y alias is not provided. The campaign's objective is not provided. The campaign's description is not provided. Its first seen time is not provided. Its last seen time is not provided.

Actor Z has been released on May 5, 2020. Its description is not provided.

" 106 | ], 107 | "text/plain": [ 108 | "" 109 | ] 110 | }, 111 | "metadata": {}, 112 | "output_type": "display_data" 113 | } 114 | ], 115 | "source": [ 116 | "render_html(get_report({\n", 117 | " \"bundle\": as_bundle(objects),\n", 118 | " \"type\": \"timeline\",\n", 119 | " \"seed\": None,\n", 120 | "}))" 121 | ] 122 | }, 123 | { 124 | "cell_type": "code", 125 | "execution_count": 56, 126 | "metadata": {}, 127 | "outputs": [ 128 | { 129 | "data": { 130 | "text/html": [ 131 | "

Overview of Malware Variant X.

Malware Variant X.

The malware has been publicly released on May 5, 2020. The malware's description is not provided. Its kill chain phase is not provided.

Associated campaigns.

The malware is related to 1 campaign.

Campaign Y.

Campaign Y alias is not provided. The campaign's objective is not provided. Its description is not provided. The campaign's first seen time is not provided. Its last seen time is not provided.

Associated MITRE ATT&CK TTPs.

No entities found.

Associated indicators.

It is related to 1 indicator.

  • File hash for malware variant X.
" 132 | ], 133 | "text/plain": [ 134 | "" 135 | ] 136 | }, 137 | "metadata": {}, 138 | "output_type": "display_data" 139 | } 140 | ], 141 | "source": [ 142 | "render_html(get_report({\n", 143 | " \"bundle\": as_bundle(objects),\n", 144 | " \"type\": \"entity-overview\",\n", 145 | " \"seed\": str(malware.id),\n", 146 | "}))" 147 | ] 148 | }, 149 | { 150 | "cell_type": "code", 151 | "execution_count": null, 152 | "metadata": {}, 153 | "outputs": [], 154 | "source": [] 155 | } 156 | ], 157 | "metadata": { 158 | "hide_input": false, 159 | "kernelspec": { 160 | "display_name": "Python 3", 161 | "language": "python", 162 | "name": "python3" 163 | }, 164 | "language_info": { 165 | "codemirror_mode": { 166 | "name": "ipython", 167 | "version": 3 168 | }, 169 | "file_extension": ".py", 170 | "mimetype": "text/x-python", 171 | "name": "python", 172 | "nbconvert_exporter": "python", 173 | "pygments_lexer": "ipython3", 174 | "version": "3.7.6" 175 | }, 176 | "widgets": { 177 | "application/vnd.jupyter.widget-state+json": { 178 | "state": { 179 | "1f6e79dd1186499da76fc294c3412b11": { 180 | "model_module": "jupyter-widget-stixview", 181 | "model_module_version": "^1.0.2", 182 | "model_name": "StixviewGraphModel", 183 | "state": { 184 | "_model_module_version": "^1.0.2", 185 | "_view_module_version": "^1.0.2", 186 | "bundle": { 187 | "id": "bundle--e14ab4b1-f591-442c-bc71-402afe279590", 188 | "objects": [ 189 | { 190 | "created": "2020-05-04T13:17:25.224Z", 191 | "id": "indicator--cca316f6-8eea-413e-aaef-e5ba5f3b3bbb", 192 | "labels": [ 193 | "malicious-activity" 194 | ], 195 | "modified": "2020-05-04T13:17:25.224Z", 196 | "name": "File hash for malware variant X", 197 | "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']", 198 | "type": "indicator", 199 | "valid_from": "2020-05-04T13:17:25.224408Z" 200 | }, 201 | { 202 | "created": "2020-05-04T13:17:25.225Z", 203 | "id": "malware--c0a19a05-d158-45b3-8878-4d9046146c69", 204 | "labels": [ 205 | "remote-access-trojan" 206 | ], 207 | "modified": "2020-05-04T13:17:25.225Z", 208 | "name": "Malware Variant X", 209 | "type": "malware" 210 | }, 211 | { 212 | "created": "2020-05-04T13:17:25.226Z", 213 | "id": "relationship--7057f0df-d292-4b78-8094-aec14db7078d", 214 | "modified": "2020-05-04T13:17:25.226Z", 215 | "relationship_type": "indicates", 216 | "source_ref": "indicator--cca316f6-8eea-413e-aaef-e5ba5f3b3bbb", 217 | "target_ref": "malware--c0a19a05-d158-45b3-8878-4d9046146c69", 218 | "type": "relationship" 219 | } 220 | ], 221 | "spec_version": "2.0", 222 | "type": "bundle" 223 | }, 224 | "gist_file": "", 225 | "gist_id": "", 226 | "layout": "IPY_MODEL_f8777f32a61949429726762e384baba2", 227 | "properties": { 228 | "graphHeight": 300 229 | }, 230 | "timeout": 0, 231 | "url": "" 232 | } 233 | }, 234 | "282575e2ff5d456fb33858b68929d6d4": { 235 | "model_module": "jupyter-widget-stixview", 236 | "model_module_version": "^1.0.2", 237 | "model_name": "StixviewGraphModel", 238 | "state": { 239 | "_model_module_version": "^1.0.2", 240 | "_view_module_version": "^1.0.2", 241 | "bundle": { 242 | "id": "bundle--4bef9e7b-ddb9-4e03-8a16-ffa972913fdf", 243 | "objects": [ 244 | { 245 | "created": "2020-05-05T11:34:06.504Z", 246 | "id": "indicator--accb14b8-84a5-4b47-aad9-cff4dbc8c7b3", 247 | "labels": [ 248 | "malicious-activity" 249 | ], 250 | "modified": "2020-05-05T11:34:06.504Z", 251 | "name": "File hash for malware variant X", 252 | "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']", 253 | "type": "indicator", 254 | "valid_from": "2020-05-05T11:34:06.504246Z" 255 | }, 256 | { 257 | "created": "2020-05-05T11:34:06.512Z", 258 | "id": "malware--987fb9fc-857f-4900-a556-80c54820a929", 259 | "labels": [ 260 | "remote-access-trojan" 261 | ], 262 | "modified": "2020-05-05T11:34:06.512Z", 263 | "name": "Malware Variant X", 264 | "type": "malware" 265 | }, 266 | { 267 | "created": "2020-05-05T11:34:06.512Z", 268 | "id": "relationship--d39f9c5a-cdec-4c6d-9e9d-de83ff5fa911", 269 | "modified": "2020-05-05T11:34:06.512Z", 270 | "relationship_type": "indicates", 271 | "source_ref": "indicator--accb14b8-84a5-4b47-aad9-cff4dbc8c7b3", 272 | "target_ref": "malware--987fb9fc-857f-4900-a556-80c54820a929", 273 | "type": "relationship" 274 | } 275 | ], 276 | "spec_version": "2.0", 277 | "type": "bundle" 278 | }, 279 | "gist_file": "", 280 | "gist_id": "", 281 | "layout": "IPY_MODEL_357687625e254bd190b6d6ba60ba7ce5", 282 | "properties": { 283 | "graphHeight": 300 284 | }, 285 | "timeout": 0, 286 | "url": "" 287 | } 288 | }, 289 | "2e1daaee6a69415896e879dd1bc48110": { 290 | "model_module": "@jupyter-widgets/base", 291 | "model_module_version": "1.2.0", 292 | "model_name": "LayoutModel", 293 | "state": {} 294 | }, 295 | "357687625e254bd190b6d6ba60ba7ce5": { 296 | "model_module": "@jupyter-widgets/base", 297 | "model_module_version": "1.2.0", 298 | "model_name": "LayoutModel", 299 | "state": {} 300 | }, 301 | "40d75a69d46f489da2043cb01c770b66": { 302 | "model_module": "jupyter-widget-stixview", 303 | "model_module_version": "^1.0.2", 304 | "model_name": "StixviewGraphModel", 305 | "state": { 306 | "_model_module_version": "^1.0.2", 307 | "_view_module_version": "^1.0.2", 308 | "bundle": { 309 | "id": "bundle--39dec7ba-fca8-4bb0-8707-d5ee15ce4541", 310 | "objects": [ 311 | { 312 | "created": "2020-05-05T09:26:06.992Z", 313 | "id": "indicator--4884df85-e0b1-4295-8705-8cba946c1c37", 314 | "labels": [ 315 | "malicious-activity" 316 | ], 317 | "modified": "2020-05-05T09:26:06.992Z", 318 | "name": "File hash for malware variant X", 319 | "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']", 320 | "type": "indicator", 321 | "valid_from": "2020-05-05T09:26:06.992745Z" 322 | }, 323 | { 324 | "created": "2020-05-05T09:26:06.994Z", 325 | "id": "malware--40f03d83-6c76-4bab-820d-c2a5b8e90abb", 326 | "labels": [ 327 | "remote-access-trojan" 328 | ], 329 | "modified": "2020-05-05T09:26:06.994Z", 330 | "name": "Malware Variant X", 331 | "type": "malware" 332 | }, 333 | { 334 | "created": "2020-05-05T09:26:06.994Z", 335 | "id": "relationship--109a1015-2528-446d-ba64-d9d9be7a67fd", 336 | "modified": "2020-05-05T09:26:06.994Z", 337 | "relationship_type": "indicates", 338 | "source_ref": "indicator--4884df85-e0b1-4295-8705-8cba946c1c37", 339 | "target_ref": "malware--40f03d83-6c76-4bab-820d-c2a5b8e90abb", 340 | "type": "relationship" 341 | } 342 | ], 343 | "spec_version": "2.0", 344 | "type": "bundle" 345 | }, 346 | "gist_file": "", 347 | "gist_id": "", 348 | "layout": "IPY_MODEL_b23143f49c6c43f6bab1b6fe27304077", 349 | "properties": { 350 | "graphHeight": 300 351 | }, 352 | "timeout": 0, 353 | "url": "" 354 | } 355 | }, 356 | "419b9324d15a48a78585693c99c3770c": { 357 | "model_module": "@jupyter-widgets/base", 358 | "model_module_version": "1.2.0", 359 | "model_name": "LayoutModel", 360 | "state": {} 361 | }, 362 | "556a607d57554927b7afee0d37b8229b": { 363 | "model_module": "@jupyter-widgets/base", 364 | "model_module_version": "1.2.0", 365 | "model_name": "LayoutModel", 366 | "state": {} 367 | }, 368 | "5b6d596efe2c4dd1ad72bba2e728f671": { 369 | "model_module": "jupyter-widget-stixview", 370 | "model_module_version": "^1.0.2", 371 | "model_name": "StixviewGraphModel", 372 | "state": { 373 | "_model_module_version": "^1.0.2", 374 | "_view_module_version": "^1.0.2", 375 | "bundle": { 376 | "id": "bundle--033c72e9-0411-44e9-9848-29f3a33c0dfe", 377 | "objects": [ 378 | { 379 | "created": "2020-05-05T09:33:14.873Z", 380 | "id": "indicator--a33f213b-7b31-47e2-a810-630bfe55dfd5", 381 | "labels": [ 382 | "malicious-activity" 383 | ], 384 | "modified": "2020-05-05T09:33:14.873Z", 385 | "name": "File hash for malware variant X", 386 | "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']", 387 | "type": "indicator", 388 | "valid_from": "2020-05-05T09:33:14.873868Z" 389 | }, 390 | { 391 | "created": "2020-05-05T09:33:14.875Z", 392 | "id": "malware--a5f6a40f-75ba-4514-a9e4-285f0c96fc9b", 393 | "labels": [ 394 | "remote-access-trojan" 395 | ], 396 | "modified": "2020-05-05T09:33:14.875Z", 397 | "name": "Malware Variant X", 398 | "type": "malware" 399 | }, 400 | { 401 | "created": "2020-05-05T09:33:14.875Z", 402 | "id": "relationship--2955d85a-27c6-4ec2-b858-817cac8bd1ed", 403 | "modified": "2020-05-05T09:33:14.875Z", 404 | "relationship_type": "indicates", 405 | "source_ref": "indicator--a33f213b-7b31-47e2-a810-630bfe55dfd5", 406 | "target_ref": "malware--a5f6a40f-75ba-4514-a9e4-285f0c96fc9b", 407 | "type": "relationship" 408 | } 409 | ], 410 | "spec_version": "2.0", 411 | "type": "bundle" 412 | }, 413 | "gist_file": "", 414 | "gist_id": "", 415 | "layout": "IPY_MODEL_419b9324d15a48a78585693c99c3770c", 416 | "properties": { 417 | "graphHeight": 300 418 | }, 419 | "timeout": 0, 420 | "url": "" 421 | } 422 | }, 423 | "6436551f9ee84a7fb6c77f952ef4c358": { 424 | "model_module": "@jupyter-widgets/base", 425 | "model_module_version": "1.2.0", 426 | "model_name": "LayoutModel", 427 | "state": {} 428 | }, 429 | "64fa3c5bbd7243e9893f0da6a357313a": { 430 | "model_module": "@jupyter-widgets/base", 431 | "model_module_version": "1.2.0", 432 | "model_name": "LayoutModel", 433 | "state": {} 434 | }, 435 | "7e763b465cc5449398c906b5012a50cf": { 436 | "model_module": "@jupyter-widgets/base", 437 | "model_module_version": "1.2.0", 438 | "model_name": "LayoutModel", 439 | "state": {} 440 | }, 441 | "7f0746d8c9244ef1a1f983d771644608": { 442 | "model_module": "jupyter-widget-stixview", 443 | "model_module_version": "^1.0.2", 444 | "model_name": "StixviewGraphModel", 445 | "state": { 446 | "_model_module_version": "^1.0.2", 447 | "_view_module_version": "^1.0.2", 448 | "bundle": { 449 | "id": "bundle--01a18d46-4f7b-4311-9eb4-fede23174fe1", 450 | "objects": [ 451 | { 452 | "created": "2020-05-04T13:17:19.222Z", 453 | "id": "indicator--85a492aa-c645-484a-b0cf-feaad0170e0d", 454 | "labels": [ 455 | "malicious-activity" 456 | ], 457 | "modified": "2020-05-04T13:17:19.222Z", 458 | "name": "File hash for malware variant X", 459 | "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']", 460 | "type": "indicator", 461 | "valid_from": "2020-05-04T13:17:19.222145Z" 462 | }, 463 | { 464 | "created": "2020-05-04T13:17:19.223Z", 465 | "id": "malware--cb37b9ee-c968-47c5-ae46-862426a99644", 466 | "labels": [ 467 | "remote-access-trojan" 468 | ], 469 | "modified": "2020-05-04T13:17:19.223Z", 470 | "name": "Malware Variant X", 471 | "type": "malware" 472 | }, 473 | { 474 | "created": "2020-05-04T13:17:19.224Z", 475 | "id": "relationship--4bafbb2a-5470-4dfb-9a6d-7429f871122c", 476 | "modified": "2020-05-04T13:17:19.224Z", 477 | "relationship_type": "indicates", 478 | "source_ref": "indicator--85a492aa-c645-484a-b0cf-feaad0170e0d", 479 | "target_ref": "malware--cb37b9ee-c968-47c5-ae46-862426a99644", 480 | "type": "relationship" 481 | } 482 | ], 483 | "spec_version": "2.0", 484 | "type": "bundle" 485 | }, 486 | "gist_file": "", 487 | "gist_id": "", 488 | "layout": "IPY_MODEL_7e763b465cc5449398c906b5012a50cf", 489 | "properties": { 490 | "graphHeight": 300 491 | }, 492 | "timeout": 0, 493 | "url": "" 494 | } 495 | }, 496 | "80bd06a70bca4a1fa069fb6d017c1fb1": { 497 | "model_module": "jupyter-widget-stixview", 498 | "model_module_version": "^1.0.2", 499 | "model_name": "StixviewGraphModel", 500 | "state": { 501 | "_model_module_version": "^1.0.2", 502 | "_view_module_version": "^1.0.2", 503 | "bundle": { 504 | "id": "bundle--fd9280b1-79ed-4c82-a3aa-1ebee5e366f9", 505 | "objects": [ 506 | { 507 | "created": "2020-05-05T18:36:57.323Z", 508 | "id": "indicator--9dcfbb58-3711-4090-89b3-e3594fc0168e", 509 | "labels": [ 510 | "malicious-activity" 511 | ], 512 | "modified": "2020-05-05T18:36:57.323Z", 513 | "name": "File hash for malware variant X", 514 | "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']", 515 | "type": "indicator", 516 | "valid_from": "2020-05-05T18:36:57.323402Z" 517 | }, 518 | { 519 | "created": "2020-05-05T18:36:57.325Z", 520 | "id": "malware--a39c0a10-5575-4d2f-9627-6f7111cb9cd4", 521 | "labels": [ 522 | "remote-access-trojan" 523 | ], 524 | "modified": "2020-05-05T18:36:57.325Z", 525 | "name": "Malware Variant X", 526 | "type": "malware" 527 | }, 528 | { 529 | "created": "2020-05-05T18:36:57.325Z", 530 | "id": "relationship--e172c0ea-67dc-452a-9d02-2767ef647668", 531 | "modified": "2020-05-05T18:36:57.325Z", 532 | "relationship_type": "indicates", 533 | "source_ref": "indicator--9dcfbb58-3711-4090-89b3-e3594fc0168e", 534 | "target_ref": "malware--a39c0a10-5575-4d2f-9627-6f7111cb9cd4", 535 | "type": "relationship" 536 | }, 537 | { 538 | "created": "2020-05-05T18:36:57.325Z", 539 | "id": "campaign--76dd05be-2822-482e-86f1-ed6d9ff20fba", 540 | "modified": "2020-05-05T18:36:57.325Z", 541 | "name": "Campaign Y", 542 | "type": "campaign" 543 | }, 544 | { 545 | "created": "2020-05-05T18:36:57.326Z", 546 | "id": "relationship--641c5ec4-9a39-4dae-b9b5-7f5000153d9d", 547 | "modified": "2020-05-05T18:36:57.326Z", 548 | "relationship_type": "uses", 549 | "source_ref": "campaign--76dd05be-2822-482e-86f1-ed6d9ff20fba", 550 | "target_ref": "malware--a39c0a10-5575-4d2f-9627-6f7111cb9cd4", 551 | "type": "relationship" 552 | }, 553 | { 554 | "created": "2020-05-05T18:36:57.326Z", 555 | "id": "threat-actor--faa07e5f-8a5b-4fd0-b03c-232df13667b2", 556 | "labels": [ 557 | "criminal" 558 | ], 559 | "modified": "2020-05-05T18:36:57.326Z", 560 | "name": "Actor Z", 561 | "type": "threat-actor" 562 | }, 563 | { 564 | "created": "2020-05-05T18:36:57.326Z", 565 | "id": "relationship--f6225a86-fa6a-41d7-9e3b-72accff21c93", 566 | "modified": "2020-05-05T18:36:57.326Z", 567 | "relationship_type": "attributed-to", 568 | "source_ref": "campaign--76dd05be-2822-482e-86f1-ed6d9ff20fba", 569 | "target_ref": "threat-actor--faa07e5f-8a5b-4fd0-b03c-232df13667b2", 570 | "type": "relationship" 571 | } 572 | ], 573 | "spec_version": "2.0", 574 | "type": "bundle" 575 | }, 576 | "gist_file": "", 577 | "gist_id": "", 578 | "layout": "IPY_MODEL_556a607d57554927b7afee0d37b8229b", 579 | "properties": { 580 | "graphHeight": 300 581 | }, 582 | "timeout": 0, 583 | "url": "" 584 | } 585 | }, 586 | "ae588313f97645a093d7448c107d67d2": { 587 | "model_module": "jupyter-widget-stixview", 588 | "model_module_version": "^1.0.2", 589 | "model_name": "StixviewGraphModel", 590 | "state": { 591 | "_model_module_version": "^1.0.2", 592 | "_view_module_version": "^1.0.2", 593 | "bundle": { 594 | "id": "bundle--b17ae7d9-55b3-433c-8222-075a3eae03ac", 595 | "objects": [ 596 | { 597 | "created": "2020-05-04T13:17:22.414Z", 598 | "id": "indicator--dbda81b9-750b-4380-9db4-fb3e1f6c935d", 599 | "labels": [ 600 | "malicious-activity" 601 | ], 602 | "modified": "2020-05-04T13:17:22.414Z", 603 | "name": "File hash for malware variant X", 604 | "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']", 605 | "type": "indicator", 606 | "valid_from": "2020-05-04T13:17:22.414076Z" 607 | }, 608 | { 609 | "created": "2020-05-04T13:17:22.415Z", 610 | "id": "malware--45516d59-0f2f-445c-bc01-ff2bbcbc11cf", 611 | "labels": [ 612 | "remote-access-trojan" 613 | ], 614 | "modified": "2020-05-04T13:17:22.415Z", 615 | "name": "Malware Variant X", 616 | "type": "malware" 617 | }, 618 | { 619 | "created": "2020-05-04T13:17:22.415Z", 620 | "id": "relationship--be16dd00-1a1a-47f6-ba85-309ccf7c8729", 621 | "modified": "2020-05-04T13:17:22.415Z", 622 | "relationship_type": "indicates", 623 | "source_ref": "indicator--dbda81b9-750b-4380-9db4-fb3e1f6c935d", 624 | "target_ref": "malware--45516d59-0f2f-445c-bc01-ff2bbcbc11cf", 625 | "type": "relationship" 626 | } 627 | ], 628 | "spec_version": "2.0", 629 | "type": "bundle" 630 | }, 631 | "gist_file": "", 632 | "gist_id": "", 633 | "layout": "IPY_MODEL_6436551f9ee84a7fb6c77f952ef4c358", 634 | "properties": { 635 | "graphHeight": 300 636 | }, 637 | "timeout": 0, 638 | "url": "" 639 | } 640 | }, 641 | "b23143f49c6c43f6bab1b6fe27304077": { 642 | "model_module": "@jupyter-widgets/base", 643 | "model_module_version": "1.2.0", 644 | "model_name": "LayoutModel", 645 | "state": {} 646 | }, 647 | "d636cd36a56c4f6c9f05f8e30fff9c71": { 648 | "model_module": "jupyter-widget-stixview", 649 | "model_module_version": "^1.0.2", 650 | "model_name": "StixviewGraphModel", 651 | "state": { 652 | "_model_module_version": "^1.0.2", 653 | "_view_module_version": "^1.0.2", 654 | "bundle": { 655 | "id": "bundle--6770c9b8-b3cc-45e8-98e4-3851f0b446dc", 656 | "objects": [ 657 | { 658 | "created": "2020-05-04T13:17:00.301Z", 659 | "id": "indicator--37f72884-fcf0-4c07-a550-384db3fe4659", 660 | "labels": [ 661 | "malicious-activity" 662 | ], 663 | "modified": "2020-05-04T13:17:00.301Z", 664 | "name": "File hash for malware variant X", 665 | "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']", 666 | "type": "indicator", 667 | "valid_from": "2020-05-04T13:17:00.301784Z" 668 | }, 669 | { 670 | "created": "2020-05-04T13:17:00.318Z", 671 | "id": "malware--4d165c39-27bc-4613-af51-935f8a35e3c9", 672 | "labels": [ 673 | "remote-access-trojan" 674 | ], 675 | "modified": "2020-05-04T13:17:00.318Z", 676 | "name": "Malware Variant X", 677 | "type": "malware" 678 | }, 679 | { 680 | "created": "2020-05-04T13:17:00.319Z", 681 | "id": "relationship--2df5403d-1cf6-4884-bf4d-203f67e5db48", 682 | "modified": "2020-05-04T13:17:00.319Z", 683 | "relationship_type": "indicates", 684 | "source_ref": "indicator--37f72884-fcf0-4c07-a550-384db3fe4659", 685 | "target_ref": "malware--4d165c39-27bc-4613-af51-935f8a35e3c9", 686 | "type": "relationship" 687 | } 688 | ], 689 | "spec_version": "2.0", 690 | "type": "bundle" 691 | }, 692 | "gist_file": "", 693 | "gist_id": "", 694 | "layout": "IPY_MODEL_64fa3c5bbd7243e9893f0da6a357313a", 695 | "properties": { 696 | "graphHeight": 300 697 | }, 698 | "timeout": 0, 699 | "url": "" 700 | } 701 | }, 702 | "f522a42f4b7d4c42a0518dd1928887f0": { 703 | "model_module": "jupyter-widget-stixview", 704 | "model_module_version": "^1.0.2", 705 | "model_name": "StixviewGraphModel", 706 | "state": { 707 | "_model_module_version": "^1.0.2", 708 | "_view_module_version": "^1.0.2", 709 | "bundle": { 710 | "id": "bundle--60528871-ca25-4299-885b-c4598d544682", 711 | "objects": [ 712 | { 713 | "created": "2020-05-05T18:37:23.275Z", 714 | "id": "indicator--e0900e53-e3cb-4f2e-be20-05ff8bd9ad3b", 715 | "labels": [ 716 | "malicious-activity" 717 | ], 718 | "modified": "2020-05-05T18:37:23.275Z", 719 | "name": "File hash for malware variant X", 720 | "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']", 721 | "type": "indicator", 722 | "valid_from": "2020-05-05T18:37:23.275568Z" 723 | }, 724 | { 725 | "created": "2020-05-05T18:37:23.277Z", 726 | "id": "malware--7123dba3-df71-4aea-b567-2f5bbd1f3d5e", 727 | "labels": [ 728 | "remote-access-trojan" 729 | ], 730 | "modified": "2020-05-05T18:37:23.277Z", 731 | "name": "Malware Variant X", 732 | "type": "malware" 733 | }, 734 | { 735 | "created": "2020-05-05T18:37:23.277Z", 736 | "id": "relationship--55536bcb-f3e2-452a-998e-9f90c9355331", 737 | "modified": "2020-05-05T18:37:23.277Z", 738 | "relationship_type": "indicates", 739 | "source_ref": "indicator--e0900e53-e3cb-4f2e-be20-05ff8bd9ad3b", 740 | "target_ref": "malware--7123dba3-df71-4aea-b567-2f5bbd1f3d5e", 741 | "type": "relationship" 742 | }, 743 | { 744 | "created": "2020-05-05T18:37:23.277Z", 745 | "id": "campaign--a3352e84-6d83-4d8e-87df-513d1133312c", 746 | "modified": "2020-05-05T18:37:23.277Z", 747 | "name": "Campaign Y", 748 | "type": "campaign" 749 | }, 750 | { 751 | "created": "2020-05-05T18:37:23.277Z", 752 | "id": "relationship--5208b9d1-66d6-4418-a4ab-ab8ca51602f5", 753 | "modified": "2020-05-05T18:37:23.277Z", 754 | "relationship_type": "uses", 755 | "source_ref": "campaign--a3352e84-6d83-4d8e-87df-513d1133312c", 756 | "target_ref": "malware--7123dba3-df71-4aea-b567-2f5bbd1f3d5e", 757 | "type": "relationship" 758 | }, 759 | { 760 | "created": "2020-05-05T18:37:23.277Z", 761 | "id": "threat-actor--cccb1276-01b6-4f26-a4c1-1e1e2547045a", 762 | "labels": [ 763 | "criminal" 764 | ], 765 | "modified": "2020-05-05T18:37:23.277Z", 766 | "name": "Actor Z", 767 | "type": "threat-actor" 768 | }, 769 | { 770 | "created": "2020-05-05T18:37:23.278Z", 771 | "id": "relationship--75912ff3-8ddf-4f39-ab4e-6af9e8a440f1", 772 | "modified": "2020-05-05T18:37:23.278Z", 773 | "relationship_type": "attributed-to", 774 | "source_ref": "campaign--a3352e84-6d83-4d8e-87df-513d1133312c", 775 | "target_ref": "threat-actor--cccb1276-01b6-4f26-a4c1-1e1e2547045a", 776 | "type": "relationship" 777 | } 778 | ], 779 | "spec_version": "2.0", 780 | "type": "bundle" 781 | }, 782 | "gist_file": "", 783 | "gist_id": "", 784 | "layout": "IPY_MODEL_2e1daaee6a69415896e879dd1bc48110", 785 | "properties": { 786 | "graphHeight": 300 787 | }, 788 | "timeout": 0, 789 | "url": "" 790 | } 791 | }, 792 | "f8777f32a61949429726762e384baba2": { 793 | "model_module": "@jupyter-widgets/base", 794 | "model_module_version": "1.2.0", 795 | "model_name": "LayoutModel", 796 | "state": {} 797 | } 798 | }, 799 | "version_major": 2, 800 | "version_minor": 0 801 | } 802 | } 803 | }, 804 | "nbformat": 4, 805 | "nbformat_minor": 4 806 | } 807 | -------------------------------------------------------------------------------- /stixview-widget-showcase.ipynb: -------------------------------------------------------------------------------- 1 | { 2 | "cells": [ 3 | { 4 | "cell_type": "code", 5 | "execution_count": 2, 6 | "metadata": {}, 7 | "outputs": [], 8 | "source": [ 9 | "from jupyter_widget_stixview.widget import StixviewGraph" 10 | ] 11 | }, 12 | { 13 | "cell_type": "code", 14 | "execution_count": 3, 15 | "metadata": {}, 16 | "outputs": [ 17 | { 18 | "data": { 19 | "application/vnd.jupyter.widget-view+json": { 20 | "model_id": "eabc0e08ab274b30a1432d10d492abaa", 21 | "version_major": 2, 22 | "version_minor": 0 23 | }, 24 | "text/plain": [ 25 | "StixviewGraph(gist_id='6a0fbb0f6e7faf063c748b23f9c7dc62')" 26 | ] 27 | }, 28 | "metadata": {}, 29 | "output_type": "display_data" 30 | } 31 | ], 32 | "source": [ 33 | "# Loading data from Gist -- https://gist.github.com/CaitlinHuey/6a0fbb0f6e7faf063c748b23f9c7dc62\n", 34 | "\n", 35 | "StixviewGraph(gist_id=\"6a0fbb0f6e7faf063c748b23f9c7dc62\")" 36 | ] 37 | }, 38 | { 39 | "cell_type": "code", 40 | "execution_count": 4, 41 | "metadata": { 42 | "code_folding": [] 43 | }, 44 | "outputs": [ 45 | { 46 | "data": { 47 | "application/vnd.jupyter.widget-view+json": { 48 | "model_id": "089bed70770f4b6baf5f5567dead033c", 49 | "version_major": 2, 50 | "version_minor": 0 51 | }, 52 | "text/plain": [ 53 | "StixviewGraph(bundle={'type': 'bundle', 'id': 'bundle--ac946f1d-6a0e-4a9d-bc83-3f1f3bfda6ba', 'spec_version': …" 54 | ] 55 | }, 56 | "metadata": {}, 57 | "output_type": "display_data" 58 | } 59 | ], 60 | "source": [ 61 | "# Rendering the graph from data in python\n", 62 | "\n", 63 | "bundle_data = {\n", 64 | " \"type\": \"bundle\",\n", 65 | " \"id\": \"bundle--ac946f1d-6a0e-4a9d-bc83-3f1f3bfda6ba\",\n", 66 | " \"spec_version\": \"2.0\",\n", 67 | " \"objects\": [\n", 68 | " {\n", 69 | " \"type\": \"malware\",\n", 70 | " \"id\": \"malware--591f0cb7-d66f-4e14-a8e6-5927b597f920\",\n", 71 | " \"created\": \"2015-05-15T09:12:16.432Z\",\n", 72 | " \"modified\": \"2015-05-15T09:12:16.432Z\",\n", 73 | " \"name\": \"Poison Ivy\",\n", 74 | " \"description\": \"Poison Ivy is a remote access tool, first released in 2005 but unchanged since 2008. It includes features common to most Windows-based RATs, including key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying.\",\n", 75 | " \"labels\": [\"remote-access-trojan\"]\n", 76 | " },\n", 77 | " {\n", 78 | " \"type\": \"relationship\",\n", 79 | " \"id\": \"relationship--134c393e-cbe0-433c-9a7a-95263ed8578f\",\n", 80 | " \"created\": \"2015-05-15T09:12:16.432Z\",\n", 81 | " \"modified\": \"2015-05-15T09:12:16.432Z\",\n", 82 | " \"relationship_type\": \"mitigates\",\n", 83 | " \"source_ref\": \"course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b\",\n", 84 | " \"target_ref\": \"malware--591f0cb7-d66f-4e14-a8e6-5927b597f920\"\n", 85 | " },\n", 86 | " {\n", 87 | " \"type\": \"course-of-action\",\n", 88 | " \"id\": \"course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b\",\n", 89 | " \"created_by_ref\": \"identity--81cade27-7df8-4730-836b-62d880e6d9d3\",\n", 90 | " \"created\": \"2015-05-15T09:12:16.432Z\",\n", 91 | " \"modified\": \"2015-05-15T09:12:16.432Z\",\n", 92 | " \"name\": \"Analyze with FireEye Calamine Toolset\",\n", 93 | " \"description\": \"Calamine is a set of free tools to help organizations detect and examine Poison Ivy infections on their systems. The package includes these components: PIVY callback-decoding tool (ChopShop Module) and PIVY memory-decoding tool (PIVY PyCommand Script).\",\n", 94 | " \"external_references\": []\n", 95 | " },\n", 96 | " {\n", 97 | " \"type\": \"identity\",\n", 98 | " \"id\": \"identity--81cade27-7df8-4730-836b-62d880e6d9d3\",\n", 99 | " \"created\": \"2015-05-15T09:12:16.432Z\",\n", 100 | " \"modified\": \"2015-05-15T09:12:16.432Z\",\n", 101 | " \"name\": \"FireEye, Inc.\",\n", 102 | " \"identity_class\": \"organization\",\n", 103 | " \"sectors\": [\n", 104 | " \"technology\"\n", 105 | " ]\n", 106 | " },\n", 107 | " ]\n", 108 | "}\n", 109 | "StixviewGraph(\n", 110 | " bundle=bundle_data,\n", 111 | " properties={\n", 112 | " \"graphHeight\": 400,\n", 113 | " \"caption\": \"Custom STIX2 bundle\"\n", 114 | " })" 115 | ] 116 | }, 117 | { 118 | "cell_type": "code", 119 | "execution_count": 5, 120 | "metadata": {}, 121 | "outputs": [ 122 | { 123 | "data": { 124 | "application/vnd.jupyter.widget-view+json": { 125 | "model_id": "e42d35d56c1946d8a65c24746e35068e", 126 | "version_major": 2, 127 | "version_minor": 0 128 | }, 129 | "text/plain": [ 130 | "StixviewGraph(properties={'graphHeight': 600, 'caption': 'Showing a selection of data loaded from URL, without…" 131 | ] 132 | }, 133 | "metadata": {}, 134 | "output_type": "display_data" 135 | } 136 | ], 137 | "source": [ 138 | "# Rendering selected entities from a bundle, loaded from remote location\n", 139 | "\n", 140 | "poison_ivy_url = \"https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/master/examples/threat-reports/poisonivy.json\"\n", 141 | "\n", 142 | "StixviewGraph(\n", 143 | " url=poison_ivy_url,\n", 144 | " properties={\n", 145 | " \"graphHeight\": 600,\n", 146 | " \"caption\": \"Showing a selection of data loaded from URL, without a footer\",\n", 147 | " \"hideFooter\": True,\n", 148 | " \"highlightedObjects\": [\n", 149 | " \"course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b\",\n", 150 | " \"identity--81cade27-7df8-4730-836b-62d880e6d9d3\",\n", 151 | " \"malware--591f0cb7-d66f-4e14-a8e6-5927b597f920\",\n", 152 | " \"report--f2b63e80-b523-4747-a069-35c002c690db\",\n", 153 | " \"malware--40e15fa5-df8d-4771-a682-21dab0a024fd\",\n", 154 | " ]\n", 155 | " })" 156 | ] 157 | }, 158 | { 159 | "cell_type": "code", 160 | "execution_count": 6, 161 | "metadata": {}, 162 | "outputs": [ 163 | { 164 | "data": { 165 | "application/vnd.jupyter.widget-view+json": { 166 | "model_id": "32676f7889d544b589a29d935275f303", 167 | "version_major": 2, 168 | "version_minor": 0 169 | }, 170 | "text/plain": [ 171 | "StixviewGraph(gist_id='6a0fbb0f6e7faf063c748b23f9c7dc62', properties={'disableMouseZoom': True})" 172 | ] 173 | }, 174 | "metadata": {}, 175 | "output_type": "display_data" 176 | } 177 | ], 178 | "source": [ 179 | "# A different way to initiate the graph view\n", 180 | "\n", 181 | "graph = StixviewGraph()\n", 182 | "graph.gist_id = \"6a0fbb0f6e7faf063c748b23f9c7dc62\"\n", 183 | "graph.properties = {\n", 184 | " \"disableMouseZoom\": True\n", 185 | "}\n", 186 | "\n", 187 | "graph" 188 | ] 189 | }, 190 | { 191 | "cell_type": "code", 192 | "execution_count": null, 193 | "metadata": {}, 194 | "outputs": [], 195 | "source": [] 196 | } 197 | ], 198 | "metadata": { 199 | "hide_input": false, 200 | "kernelspec": { 201 | "display_name": "Python 3", 202 | "language": "python", 203 | "name": "python3" 204 | }, 205 | "language_info": { 206 | "codemirror_mode": { 207 | "name": "ipython", 208 | "version": 3 209 | }, 210 | "file_extension": ".py", 211 | "mimetype": "text/x-python", 212 | "name": "python", 213 | "nbconvert_exporter": "python", 214 | "pygments_lexer": "ipython3", 215 | "version": "3.8.6" 216 | }, 217 | "widgets": { 218 | "application/vnd.jupyter.widget-state+json": { 219 | "state": { 220 | "089bed70770f4b6baf5f5567dead033c": { 221 | "model_module": "jupyter-widget-stixview", 222 | "model_module_version": "^1.0.3", 223 | "model_name": "StixviewGraphModel", 224 | "state": { 225 | "_model_module_version": "^1.0.3", 226 | "_view_module_version": "^1.0.3", 227 | "bundle": { 228 | "id": "bundle--ac946f1d-6a0e-4a9d-bc83-3f1f3bfda6ba", 229 | "objects": [ 230 | { 231 | "created": "2015-05-15T09:12:16.432Z", 232 | "description": "Poison Ivy is a remote access tool, first released in 2005 but unchanged since 2008. It includes features common to most Windows-based RATs, including key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying.", 233 | "id": "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 234 | "labels": [ 235 | "remote-access-trojan" 236 | ], 237 | "modified": "2015-05-15T09:12:16.432Z", 238 | "name": "Poison Ivy", 239 | "type": "malware" 240 | }, 241 | { 242 | "created": "2015-05-15T09:12:16.432Z", 243 | "id": "relationship--134c393e-cbe0-433c-9a7a-95263ed8578f", 244 | "modified": "2015-05-15T09:12:16.432Z", 245 | "relationship_type": "mitigates", 246 | "source_ref": "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 247 | "target_ref": "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 248 | "type": "relationship" 249 | }, 250 | { 251 | "created": "2015-05-15T09:12:16.432Z", 252 | "created_by_ref": "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 253 | "description": "Calamine is a set of free tools to help organizations detect and examine Poison Ivy infections on their systems. The package includes these components: PIVY callback-decoding tool (ChopShop Module) and PIVY memory-decoding tool (PIVY PyCommand Script).", 254 | "external_references": [], 255 | "id": "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 256 | "modified": "2015-05-15T09:12:16.432Z", 257 | "name": "Analyze with FireEye Calamine Toolset", 258 | "type": "course-of-action" 259 | }, 260 | { 261 | "created": "2015-05-15T09:12:16.432Z", 262 | "id": "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 263 | "identity_class": "organization", 264 | "modified": "2015-05-15T09:12:16.432Z", 265 | "name": "FireEye, Inc.", 266 | "sectors": [ 267 | "technology" 268 | ], 269 | "type": "identity" 270 | } 271 | ], 272 | "spec_version": "2.0", 273 | "type": "bundle" 274 | }, 275 | "gist_file": "", 276 | "gist_id": "", 277 | "layout": "IPY_MODEL_bfcd2dc260a04f3b9c9307789298f35b", 278 | "properties": { 279 | "caption": "Custom STIX2 bundle", 280 | "graphHeight": 400 281 | }, 282 | "timeout": 0, 283 | "url": "" 284 | } 285 | }, 286 | "0a50785f96f84cc9b09819f219395083": { 287 | "model_module": "jupyter-widget-stixview", 288 | "model_module_version": "^1.0.0", 289 | "model_name": "StixviewGraphModel", 290 | "state": { 291 | "_model_module_version": "^1.0.0", 292 | "_view_module_version": "^1.0.0", 293 | "bundle": {}, 294 | "gist_file": "", 295 | "gist_id": "6a0fbb0f6e7faf063c748b23f9c7dc62", 296 | "layout": "IPY_MODEL_ef62c086122547cb8d59bad63b70e747", 297 | "properties": {}, 298 | "timeout": 0, 299 | "url": "" 300 | } 301 | }, 302 | "0d50fafd1cef4cc8a927cd99b0ba9e5e": { 303 | "model_module": "jupyter-widget-stixview", 304 | "model_module_version": "^1.0.2", 305 | "model_name": "StixviewGraphModel", 306 | "state": { 307 | "_model_module_version": "^1.0.2", 308 | "_view_module_version": "^1.0.2", 309 | "bundle": {}, 310 | "gist_file": "", 311 | "gist_id": "6a0fbb0f6e7faf063c748b23f9c7dc62", 312 | "layout": "IPY_MODEL_315f2f00f74f4558b998b8687f894f47", 313 | "properties": {}, 314 | "timeout": 0, 315 | "url": "" 316 | } 317 | }, 318 | "1285cf7949bf469dbacb3f8e4b63bd15": { 319 | "model_module": "@jupyter-widgets/base", 320 | "model_module_version": "1.2.0", 321 | "model_name": "LayoutModel", 322 | "state": {} 323 | }, 324 | "13a3d8519ddb4c43bd12cd6a11f59e44": { 325 | "model_module": "jupyter-widget-stixview", 326 | "model_module_version": "^1.0.2", 327 | "model_name": "StixviewGraphModel", 328 | "state": { 329 | "_model_module_version": "^1.0.2", 330 | "_view_module_version": "^1.0.2", 331 | "bundle": {}, 332 | "gist_file": "", 333 | "gist_id": "6a0fbb0f6e7faf063c748b23f9c7dc62", 334 | "layout": "IPY_MODEL_b49f625f1efa4c8781b95f4afc9a1dca", 335 | "properties": { 336 | "disableMouseZoom": true 337 | }, 338 | "timeout": 0, 339 | "url": "" 340 | } 341 | }, 342 | "28af246f387b4e2ab8ce29affdcf1d58": { 343 | "model_module": "@jupyter-widgets/base", 344 | "model_module_version": "1.2.0", 345 | "model_name": "LayoutModel", 346 | "state": {} 347 | }, 348 | "297e581af20c469b9074b98c8975c6aa": { 349 | "model_module": "@jupyter-widgets/base", 350 | "model_module_version": "1.2.0", 351 | "model_name": "LayoutModel", 352 | "state": {} 353 | }, 354 | "2c6d8358325342728e89b64e5a3b374e": { 355 | "model_module": "@jupyter-widgets/base", 356 | "model_module_version": "1.2.0", 357 | "model_name": "LayoutModel", 358 | "state": {} 359 | }, 360 | "315f2f00f74f4558b998b8687f894f47": { 361 | "model_module": "@jupyter-widgets/base", 362 | "model_module_version": "1.2.0", 363 | "model_name": "LayoutModel", 364 | "state": {} 365 | }, 366 | "32676f7889d544b589a29d935275f303": { 367 | "model_module": "jupyter-widget-stixview", 368 | "model_module_version": "^1.0.3", 369 | "model_name": "StixviewGraphModel", 370 | "state": { 371 | "_model_module_version": "^1.0.3", 372 | "_view_module_version": "^1.0.3", 373 | "bundle": {}, 374 | "gist_file": "", 375 | "gist_id": "6a0fbb0f6e7faf063c748b23f9c7dc62", 376 | "layout": "IPY_MODEL_b57ed5019ffd4bed832e986e88650717", 377 | "properties": { 378 | "disableMouseZoom": true 379 | }, 380 | "timeout": 0, 381 | "url": "" 382 | } 383 | }, 384 | "32d516efd25b4395a51f4748cbef372b": { 385 | "model_module": "@jupyter-widgets/base", 386 | "model_module_version": "1.2.0", 387 | "model_name": "LayoutModel", 388 | "state": {} 389 | }, 390 | "3f54655a502f4c3bbac026dc3c35b580": { 391 | "model_module": "@jupyter-widgets/base", 392 | "model_module_version": "1.2.0", 393 | "model_name": "LayoutModel", 394 | "state": {} 395 | }, 396 | "4a51129d15d0410ea4d442e952f022ce": { 397 | "model_module": "jupyter-widget-stixview", 398 | "model_module_version": "^1.0.0", 399 | "model_name": "StixviewGraphModel", 400 | "state": { 401 | "_model_module_version": "^1.0.0", 402 | "_view_module_version": "^1.0.0", 403 | "bundle": { 404 | "id": "bundle--ac946f1d-6a0e-4a9d-bc83-3f1f3bfda6ba", 405 | "objects": [ 406 | { 407 | "created": "2015-05-15T09:12:16.432Z", 408 | "description": "Poison Ivy is a remote access tool, first released in 2005 but unchanged since 2008. It includes features common to most Windows-based RATs, including key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying.", 409 | "id": "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 410 | "labels": [ 411 | "remote-access-trojan" 412 | ], 413 | "modified": "2015-05-15T09:12:16.432Z", 414 | "name": "Poison Ivy", 415 | "type": "malware" 416 | }, 417 | { 418 | "created": "2015-05-15T09:12:16.432Z", 419 | "id": "relationship--134c393e-cbe0-433c-9a7a-95263ed8578f", 420 | "modified": "2015-05-15T09:12:16.432Z", 421 | "relationship_type": "mitigates", 422 | "source_ref": "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 423 | "target_ref": "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 424 | "type": "relationship" 425 | }, 426 | { 427 | "created": "2015-05-15T09:12:16.432Z", 428 | "created_by_ref": "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 429 | "description": "Calamine is a set of free tools to help organizations detect and examine Poison Ivy infections on their systems. The package includes these components: PIVY callback-decoding tool (ChopShop Module) and PIVY memory-decoding tool (PIVY PyCommand Script).", 430 | "external_references": [], 431 | "id": "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 432 | "modified": "2015-05-15T09:12:16.432Z", 433 | "name": "Analyze with FireEye Calamine Toolset", 434 | "type": "course-of-action" 435 | }, 436 | { 437 | "created": "2015-05-15T09:12:16.432Z", 438 | "id": "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 439 | "identity_class": "organization", 440 | "modified": "2015-05-15T09:12:16.432Z", 441 | "name": "FireEye, Inc.", 442 | "sectors": [ 443 | "technology" 444 | ], 445 | "type": "identity" 446 | } 447 | ], 448 | "spec_version": "2.0", 449 | "type": "bundle" 450 | }, 451 | "gist_file": "", 452 | "gist_id": "", 453 | "layout": "IPY_MODEL_2c6d8358325342728e89b64e5a3b374e", 454 | "properties": { 455 | "caption": "Custom STIX2 bundle", 456 | "graphHeight": 400 457 | }, 458 | "timeout": 0, 459 | "url": "" 460 | } 461 | }, 462 | "62415e5a8eb84542b24f4ca2e65a44b0": { 463 | "model_module": "jupyter-widget-stixview", 464 | "model_module_version": "^1.0.0", 465 | "model_name": "StixviewGraphModel", 466 | "state": { 467 | "_model_module_version": "^1.0.0", 468 | "_view_module_version": "^1.0.0", 469 | "bundle": {}, 470 | "gist_file": "", 471 | "gist_id": "", 472 | "layout": "IPY_MODEL_b1bf6231ff4743f5bf9c7d8756856977", 473 | "properties": { 474 | "caption": "Showing a selection of data loaded from URL, without a footer", 475 | "graphHeight": 600, 476 | "hideFooter": true, 477 | "highlightedObjects": [ 478 | "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 479 | "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 480 | "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 481 | "report--f2b63e80-b523-4747-a069-35c002c690db", 482 | "malware--40e15fa5-df8d-4771-a682-21dab0a024fd" 483 | ] 484 | }, 485 | "timeout": 0, 486 | "url": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/master/examples/threat-reports/poisonivy.json" 487 | } 488 | }, 489 | "62c630c3c0b842a08facb7daaf6cc326": { 490 | "model_module": "jupyter-widget-stixview", 491 | "model_module_version": "^1.0.0", 492 | "model_name": "StixviewGraphModel", 493 | "state": { 494 | "_model_module_version": "^1.0.0", 495 | "_view_module_version": "^1.0.0", 496 | "bundle": {}, 497 | "gist_file": "", 498 | "gist_id": "6a0fbb0f6e7faf063c748b23f9c7dc62", 499 | "layout": "IPY_MODEL_73dd81188ea24414abeb15b79642518f", 500 | "properties": { 501 | "disableMouseZoom": true 502 | }, 503 | "timeout": 0, 504 | "url": "" 505 | } 506 | }, 507 | "6acba81595784c359c4041bbd850b386": { 508 | "model_module": "jupyter-widget-stixview", 509 | "model_module_version": "^1.0.2", 510 | "model_name": "StixviewGraphModel", 511 | "state": { 512 | "_model_module_version": "^1.0.2", 513 | "_view_module_version": "^1.0.2", 514 | "bundle": {}, 515 | "gist_file": "", 516 | "gist_id": "6a0fbb0f6e7faf063c748b23f9c7dc62", 517 | "layout": "IPY_MODEL_92249aa7495946109898eb7e3cdf240c", 518 | "properties": { 519 | "disableMouseZoom": true 520 | }, 521 | "timeout": 0, 522 | "url": "" 523 | } 524 | }, 525 | "73a37fdaaba54fd4b91cde3930fb8bbc": { 526 | "model_module": "jupyter-widget-stixview", 527 | "model_module_version": "^1.0.2", 528 | "model_name": "StixviewGraphModel", 529 | "state": { 530 | "_model_module_version": "^1.0.2", 531 | "_view_module_version": "^1.0.2", 532 | "bundle": {}, 533 | "gist_file": "", 534 | "gist_id": "", 535 | "layout": "IPY_MODEL_297e581af20c469b9074b98c8975c6aa", 536 | "properties": { 537 | "caption": "Showing a selection of data loaded from URL, without a footer", 538 | "graphHeight": 600, 539 | "hideFooter": true, 540 | "highlightedObjects": [ 541 | "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 542 | "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 543 | "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 544 | "report--f2b63e80-b523-4747-a069-35c002c690db", 545 | "malware--40e15fa5-df8d-4771-a682-21dab0a024fd" 546 | ] 547 | }, 548 | "timeout": 0, 549 | "url": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/master/examples/threat-reports/poisonivy.json" 550 | } 551 | }, 552 | "73dd81188ea24414abeb15b79642518f": { 553 | "model_module": "@jupyter-widgets/base", 554 | "model_module_version": "1.2.0", 555 | "model_name": "LayoutModel", 556 | "state": {} 557 | }, 558 | "8c65d86189994983b53bbb78bba36d29": { 559 | "model_module": "@jupyter-widgets/base", 560 | "model_module_version": "1.2.0", 561 | "model_name": "LayoutModel", 562 | "state": {} 563 | }, 564 | "92249aa7495946109898eb7e3cdf240c": { 565 | "model_module": "@jupyter-widgets/base", 566 | "model_module_version": "1.2.0", 567 | "model_name": "LayoutModel", 568 | "state": {} 569 | }, 570 | "ab37f5c11477494381d52a973eaeb38f": { 571 | "model_module": "@jupyter-widgets/base", 572 | "model_module_version": "1.2.0", 573 | "model_name": "LayoutModel", 574 | "state": {} 575 | }, 576 | "ace89c00e7a3464b8dbc8ed2a51d8379": { 577 | "model_module": "jupyter-widget-stixview", 578 | "model_module_version": "^1.0.2", 579 | "model_name": "StixviewGraphModel", 580 | "state": { 581 | "_model_module_version": "^1.0.2", 582 | "_view_module_version": "^1.0.2", 583 | "bundle": {}, 584 | "gist_file": "", 585 | "gist_id": "6a0fbb0f6e7faf063c748b23f9c7dc62", 586 | "layout": "IPY_MODEL_ecbc90819272416a9b65cde13a465b7a", 587 | "properties": { 588 | "disableMouseZoom": true 589 | }, 590 | "timeout": 0, 591 | "url": "" 592 | } 593 | }, 594 | "b1b7028de7b947c3a9f0e502a1ad2a07": { 595 | "model_module": "jupyter-widget-stixview", 596 | "model_module_version": "^1.0.2", 597 | "model_name": "StixviewGraphModel", 598 | "state": { 599 | "_model_module_version": "^1.0.2", 600 | "_view_module_version": "^1.0.2", 601 | "bundle": { 602 | "id": "bundle--ac946f1d-6a0e-4a9d-bc83-3f1f3bfda6ba", 603 | "objects": [ 604 | { 605 | "created": "2015-05-15T09:12:16.432Z", 606 | "description": "Poison Ivy is a remote access tool, first released in 2005 but unchanged since 2008. It includes features common to most Windows-based RATs, including key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying.", 607 | "id": "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 608 | "labels": [ 609 | "remote-access-trojan" 610 | ], 611 | "modified": "2015-05-15T09:12:16.432Z", 612 | "name": "Poison Ivy", 613 | "type": "malware" 614 | }, 615 | { 616 | "created": "2015-05-15T09:12:16.432Z", 617 | "id": "relationship--134c393e-cbe0-433c-9a7a-95263ed8578f", 618 | "modified": "2015-05-15T09:12:16.432Z", 619 | "relationship_type": "mitigates", 620 | "source_ref": "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 621 | "target_ref": "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 622 | "type": "relationship" 623 | }, 624 | { 625 | "created": "2015-05-15T09:12:16.432Z", 626 | "created_by_ref": "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 627 | "description": "Calamine is a set of free tools to help organizations detect and examine Poison Ivy infections on their systems. The package includes these components: PIVY callback-decoding tool (ChopShop Module) and PIVY memory-decoding tool (PIVY PyCommand Script).", 628 | "external_references": [], 629 | "id": "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 630 | "modified": "2015-05-15T09:12:16.432Z", 631 | "name": "Analyze with FireEye Calamine Toolset", 632 | "type": "course-of-action" 633 | }, 634 | { 635 | "created": "2015-05-15T09:12:16.432Z", 636 | "id": "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 637 | "identity_class": "organization", 638 | "modified": "2015-05-15T09:12:16.432Z", 639 | "name": "FireEye, Inc.", 640 | "sectors": [ 641 | "technology" 642 | ], 643 | "type": "identity" 644 | } 645 | ], 646 | "spec_version": "2.0", 647 | "type": "bundle" 648 | }, 649 | "gist_file": "", 650 | "gist_id": "", 651 | "layout": "IPY_MODEL_3f54655a502f4c3bbac026dc3c35b580", 652 | "properties": { 653 | "caption": "Custom STIX2 bundle", 654 | "graphHeight": 400 655 | }, 656 | "timeout": 0, 657 | "url": "" 658 | } 659 | }, 660 | "b1bf6231ff4743f5bf9c7d8756856977": { 661 | "model_module": "@jupyter-widgets/base", 662 | "model_module_version": "1.2.0", 663 | "model_name": "LayoutModel", 664 | "state": {} 665 | }, 666 | "b49f625f1efa4c8781b95f4afc9a1dca": { 667 | "model_module": "@jupyter-widgets/base", 668 | "model_module_version": "1.2.0", 669 | "model_name": "LayoutModel", 670 | "state": {} 671 | }, 672 | "b57ed5019ffd4bed832e986e88650717": { 673 | "model_module": "@jupyter-widgets/base", 674 | "model_module_version": "1.2.0", 675 | "model_name": "LayoutModel", 676 | "state": {} 677 | }, 678 | "befe2eed038647d1aa81c78936b16cf7": { 679 | "model_module": "@jupyter-widgets/base", 680 | "model_module_version": "1.2.0", 681 | "model_name": "LayoutModel", 682 | "state": {} 683 | }, 684 | "bfcd2dc260a04f3b9c9307789298f35b": { 685 | "model_module": "@jupyter-widgets/base", 686 | "model_module_version": "1.2.0", 687 | "model_name": "LayoutModel", 688 | "state": {} 689 | }, 690 | "c55b8decd01c492eb4e7b4345cd217e4": { 691 | "model_module": "jupyter-widget-stixview", 692 | "model_module_version": "^1.0.2", 693 | "model_name": "StixviewGraphModel", 694 | "state": { 695 | "_model_module_version": "^1.0.2", 696 | "_view_module_version": "^1.0.2", 697 | "bundle": { 698 | "id": "bundle--ac946f1d-6a0e-4a9d-bc83-3f1f3bfda6ba", 699 | "objects": [ 700 | { 701 | "created": "2015-05-15T09:12:16.432Z", 702 | "description": "Poison Ivy is a remote access tool, first released in 2005 but unchanged since 2008. It includes features common to most Windows-based RATs, including key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying.", 703 | "id": "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 704 | "labels": [ 705 | "remote-access-trojan" 706 | ], 707 | "modified": "2015-05-15T09:12:16.432Z", 708 | "name": "Poison Ivy", 709 | "type": "malware" 710 | }, 711 | { 712 | "created": "2015-05-15T09:12:16.432Z", 713 | "id": "relationship--134c393e-cbe0-433c-9a7a-95263ed8578f", 714 | "modified": "2015-05-15T09:12:16.432Z", 715 | "relationship_type": "mitigates", 716 | "source_ref": "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 717 | "target_ref": "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 718 | "type": "relationship" 719 | }, 720 | { 721 | "created": "2015-05-15T09:12:16.432Z", 722 | "created_by_ref": "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 723 | "description": "Calamine is a set of free tools to help organizations detect and examine Poison Ivy infections on their systems. The package includes these components: PIVY callback-decoding tool (ChopShop Module) and PIVY memory-decoding tool (PIVY PyCommand Script).", 724 | "external_references": [], 725 | "id": "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 726 | "modified": "2015-05-15T09:12:16.432Z", 727 | "name": "Analyze with FireEye Calamine Toolset", 728 | "type": "course-of-action" 729 | }, 730 | { 731 | "created": "2015-05-15T09:12:16.432Z", 732 | "id": "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 733 | "identity_class": "organization", 734 | "modified": "2015-05-15T09:12:16.432Z", 735 | "name": "FireEye, Inc.", 736 | "sectors": [ 737 | "technology" 738 | ], 739 | "type": "identity" 740 | } 741 | ], 742 | "spec_version": "2.0", 743 | "type": "bundle" 744 | }, 745 | "gist_file": "", 746 | "gist_id": "", 747 | "layout": "IPY_MODEL_8c65d86189994983b53bbb78bba36d29", 748 | "properties": { 749 | "caption": "Custom STIX2 bundle", 750 | "graphHeight": 400 751 | }, 752 | "timeout": 0, 753 | "url": "" 754 | } 755 | }, 756 | "c8504342a37348a1aa3c0a53f6662d89": { 757 | "model_module": "@jupyter-widgets/base", 758 | "model_module_version": "1.2.0", 759 | "model_name": "LayoutModel", 760 | "state": {} 761 | }, 762 | "cc1a87374ad0440eb0517b1af2e9cf86": { 763 | "model_module": "jupyter-widget-stixview", 764 | "model_module_version": "^1.0.2", 765 | "model_name": "StixviewGraphModel", 766 | "state": { 767 | "_model_module_version": "^1.0.2", 768 | "_view_module_version": "^1.0.2", 769 | "bundle": {}, 770 | "gist_file": "", 771 | "gist_id": "", 772 | "layout": "IPY_MODEL_1285cf7949bf469dbacb3f8e4b63bd15", 773 | "properties": { 774 | "caption": "Showing a selection of data loaded from URL, without a footer", 775 | "graphHeight": 600, 776 | "hideFooter": true, 777 | "highlightedObjects": [ 778 | "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 779 | "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 780 | "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 781 | "report--f2b63e80-b523-4747-a069-35c002c690db", 782 | "malware--40e15fa5-df8d-4771-a682-21dab0a024fd" 783 | ] 784 | }, 785 | "timeout": 0, 786 | "url": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/master/examples/threat-reports/poisonivy.json" 787 | } 788 | }, 789 | "db4febb56d6e405eb0b99d1b65ae366f": { 790 | "model_module": "jupyter-widget-stixview", 791 | "model_module_version": "^1.0.2", 792 | "model_name": "StixviewGraphModel", 793 | "state": { 794 | "_model_module_version": "^1.0.2", 795 | "_view_module_version": "^1.0.2", 796 | "bundle": {}, 797 | "gist_file": "", 798 | "gist_id": "6a0fbb0f6e7faf063c748b23f9c7dc62", 799 | "layout": "IPY_MODEL_32d516efd25b4395a51f4748cbef372b", 800 | "properties": { 801 | "disableMouseZoom": true 802 | }, 803 | "timeout": 0, 804 | "url": "" 805 | } 806 | }, 807 | "dbb66a66fd8a43f08c4b8cba803ca484": { 808 | "model_module": "jupyter-widget-stixview", 809 | "model_module_version": "^1.0.2", 810 | "model_name": "StixviewGraphModel", 811 | "state": { 812 | "_model_module_version": "^1.0.2", 813 | "_view_module_version": "^1.0.2", 814 | "bundle": { 815 | "id": "bundle--ac946f1d-6a0e-4a9d-bc83-3f1f3bfda6ba", 816 | "objects": [ 817 | { 818 | "created": "2015-05-15T09:12:16.432Z", 819 | "description": "Poison Ivy is a remote access tool, first released in 2005 but unchanged since 2008. It includes features common to most Windows-based RATs, including key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying.", 820 | "id": "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 821 | "labels": [ 822 | "remote-access-trojan" 823 | ], 824 | "modified": "2015-05-15T09:12:16.432Z", 825 | "name": "Poison Ivy", 826 | "type": "malware" 827 | }, 828 | { 829 | "created": "2015-05-15T09:12:16.432Z", 830 | "id": "relationship--134c393e-cbe0-433c-9a7a-95263ed8578f", 831 | "modified": "2015-05-15T09:12:16.432Z", 832 | "relationship_type": "mitigates", 833 | "source_ref": "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 834 | "target_ref": "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 835 | "type": "relationship" 836 | }, 837 | { 838 | "created": "2015-05-15T09:12:16.432Z", 839 | "created_by_ref": "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 840 | "description": "Calamine is a set of free tools to help organizations detect and examine Poison Ivy infections on their systems. The package includes these components: PIVY callback-decoding tool (ChopShop Module) and PIVY memory-decoding tool (PIVY PyCommand Script).", 841 | "external_references": [], 842 | "id": "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 843 | "modified": "2015-05-15T09:12:16.432Z", 844 | "name": "Analyze with FireEye Calamine Toolset", 845 | "type": "course-of-action" 846 | }, 847 | { 848 | "created": "2015-05-15T09:12:16.432Z", 849 | "id": "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 850 | "identity_class": "organization", 851 | "modified": "2015-05-15T09:12:16.432Z", 852 | "name": "FireEye, Inc.", 853 | "sectors": [ 854 | "technology" 855 | ], 856 | "type": "identity" 857 | } 858 | ], 859 | "spec_version": "2.0", 860 | "type": "bundle" 861 | }, 862 | "gist_file": "", 863 | "gist_id": "", 864 | "layout": "IPY_MODEL_e43be8302eed444eba0cf4922d328d04", 865 | "properties": { 866 | "caption": "Custom STIX2 bundle", 867 | "graphHeight": 400 868 | }, 869 | "timeout": 0, 870 | "url": "" 871 | } 872 | }, 873 | "e42d35d56c1946d8a65c24746e35068e": { 874 | "model_module": "jupyter-widget-stixview", 875 | "model_module_version": "^1.0.3", 876 | "model_name": "StixviewGraphModel", 877 | "state": { 878 | "_model_module_version": "^1.0.3", 879 | "_view_module_version": "^1.0.3", 880 | "bundle": {}, 881 | "gist_file": "", 882 | "gist_id": "", 883 | "layout": "IPY_MODEL_befe2eed038647d1aa81c78936b16cf7", 884 | "properties": { 885 | "caption": "Showing a selection of data loaded from URL, without a footer", 886 | "graphHeight": 600, 887 | "hideFooter": true, 888 | "highlightedObjects": [ 889 | "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 890 | "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 891 | "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 892 | "report--f2b63e80-b523-4747-a069-35c002c690db", 893 | "malware--40e15fa5-df8d-4771-a682-21dab0a024fd" 894 | ] 895 | }, 896 | "timeout": 0, 897 | "url": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/master/examples/threat-reports/poisonivy.json" 898 | } 899 | }, 900 | "e43be8302eed444eba0cf4922d328d04": { 901 | "model_module": "@jupyter-widgets/base", 902 | "model_module_version": "1.2.0", 903 | "model_name": "LayoutModel", 904 | "state": {} 905 | }, 906 | "e70cd962b174455c9bf7b23282fa5d2b": { 907 | "model_module": "@jupyter-widgets/base", 908 | "model_module_version": "1.2.0", 909 | "model_name": "LayoutModel", 910 | "state": {} 911 | }, 912 | "eabc0e08ab274b30a1432d10d492abaa": { 913 | "model_module": "jupyter-widget-stixview", 914 | "model_module_version": "^1.0.3", 915 | "model_name": "StixviewGraphModel", 916 | "state": { 917 | "_model_module_version": "^1.0.3", 918 | "_view_module_version": "^1.0.3", 919 | "bundle": {}, 920 | "gist_file": "", 921 | "gist_id": "6a0fbb0f6e7faf063c748b23f9c7dc62", 922 | "layout": "IPY_MODEL_28af246f387b4e2ab8ce29affdcf1d58", 923 | "properties": {}, 924 | "timeout": 0, 925 | "url": "" 926 | } 927 | }, 928 | "ecbc90819272416a9b65cde13a465b7a": { 929 | "model_module": "@jupyter-widgets/base", 930 | "model_module_version": "1.2.0", 931 | "model_name": "LayoutModel", 932 | "state": {} 933 | }, 934 | "edf1950a24954889b97a54fa8b4c47be": { 935 | "model_module": "jupyter-widget-stixview", 936 | "model_module_version": "^1.0.2", 937 | "model_name": "StixviewGraphModel", 938 | "state": { 939 | "_model_module_version": "^1.0.2", 940 | "_view_module_version": "^1.0.2", 941 | "bundle": {}, 942 | "gist_file": "", 943 | "gist_id": "6a0fbb0f6e7faf063c748b23f9c7dc62", 944 | "layout": "IPY_MODEL_e70cd962b174455c9bf7b23282fa5d2b", 945 | "properties": {}, 946 | "timeout": 0, 947 | "url": "" 948 | } 949 | }, 950 | "eec6a09964e3429eb05f83e4a15a38ca": { 951 | "model_module": "jupyter-widget-stixview", 952 | "model_module_version": "^1.0.2", 953 | "model_name": "StixviewGraphModel", 954 | "state": { 955 | "_model_module_version": "^1.0.2", 956 | "_view_module_version": "^1.0.2", 957 | "bundle": {}, 958 | "gist_file": "", 959 | "gist_id": "6a0fbb0f6e7faf063c748b23f9c7dc62", 960 | "layout": "IPY_MODEL_c8504342a37348a1aa3c0a53f6662d89", 961 | "properties": {}, 962 | "timeout": 0, 963 | "url": "" 964 | } 965 | }, 966 | "ef62c086122547cb8d59bad63b70e747": { 967 | "model_module": "@jupyter-widgets/base", 968 | "model_module_version": "1.2.0", 969 | "model_name": "LayoutModel", 970 | "state": {} 971 | }, 972 | "fbbe5659361b41709bbb1f899a4d218e": { 973 | "model_module": "jupyter-widget-stixview", 974 | "model_module_version": "^1.0.2", 975 | "model_name": "StixviewGraphModel", 976 | "state": { 977 | "_model_module_version": "^1.0.2", 978 | "_view_module_version": "^1.0.2", 979 | "bundle": {}, 980 | "gist_file": "", 981 | "gist_id": "", 982 | "layout": "IPY_MODEL_ab37f5c11477494381d52a973eaeb38f", 983 | "properties": { 984 | "caption": "Showing a selection of data loaded from URL, without a footer", 985 | "graphHeight": 600, 986 | "hideFooter": true, 987 | "highlightedObjects": [ 988 | "course-of-action--70b3d5f6-374b-4488-8688-729b6eedac5b", 989 | "identity--81cade27-7df8-4730-836b-62d880e6d9d3", 990 | "malware--591f0cb7-d66f-4e14-a8e6-5927b597f920", 991 | "report--f2b63e80-b523-4747-a069-35c002c690db", 992 | "malware--40e15fa5-df8d-4771-a682-21dab0a024fd" 993 | ] 994 | }, 995 | "timeout": 0, 996 | "url": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/master/examples/threat-reports/poisonivy.json" 997 | } 998 | } 999 | }, 1000 | "version_major": 2, 1001 | "version_minor": 0 1002 | } 1003 | } 1004 | }, 1005 | "nbformat": 4, 1006 | "nbformat_minor": 4 1007 | } 1008 | --------------------------------------------------------------------------------