pycti 5.12.21__py3-none-any.whl → 5.12.23__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of pycti might be problematic. Click here for more details.
- pycti/__init__.py +1 -1
- pycti/connector/opencti_connector_helper.py +13 -11
- pycti/entities/opencti_attack_pattern.py +76 -58
- pycti/entities/opencti_campaign.py +49 -41
- pycti/entities/opencti_case_incident.py +62 -48
- pycti/entities/opencti_case_rfi.py +45 -35
- pycti/entities/opencti_case_rft.py +45 -35
- pycti/entities/opencti_channel.py +45 -35
- pycti/entities/opencti_course_of_action.py +43 -35
- pycti/entities/opencti_data_component.py +43 -35
- pycti/entities/opencti_data_source.py +48 -38
- pycti/entities/opencti_event.py +44 -38
- pycti/entities/opencti_external_reference.py +5 -3
- pycti/entities/opencti_feedback.py +40 -32
- pycti/entities/opencti_grouping.py +43 -35
- pycti/entities/opencti_identity.py +91 -73
- pycti/entities/opencti_incident.py +59 -47
- pycti/entities/opencti_indicator.py +110 -84
- pycti/entities/opencti_infrastructure.py +56 -44
- pycti/entities/opencti_intrusion_set.py +61 -47
- pycti/entities/opencti_language.py +30 -24
- pycti/entities/opencti_location.py +41 -35
- pycti/entities/opencti_malware.py +83 -63
- pycti/entities/opencti_malware_analysis.py +87 -63
- pycti/entities/opencti_marking_definition.py +24 -18
- pycti/entities/opencti_narrative.py +45 -35
- pycti/entities/opencti_note.py +51 -39
- pycti/entities/opencti_observed_data.py +70 -48
- pycti/entities/opencti_opinion.py +40 -32
- pycti/entities/opencti_report.py +74 -47
- pycti/entities/opencti_stix_core_object.py +10 -10
- pycti/entities/opencti_stix_core_relationship.py +55 -41
- pycti/entities/opencti_stix_cyber_observable.py +442 -318
- pycti/entities/opencti_stix_domain_object.py +15 -13
- pycti/entities/opencti_stix_object_or_stix_relationship.py +5 -5
- pycti/entities/opencti_task.py +44 -36
- pycti/entities/opencti_threat_actor_group.py +76 -56
- pycti/entities/opencti_threat_actor_individual.py +76 -56
- pycti/entities/opencti_tool.py +53 -41
- pycti/entities/opencti_vulnerability.py +151 -109
- pycti/utils/constants.py +1 -0
- pycti/utils/opencti_stix2.py +177 -139
- pycti/utils/opencti_stix2_update.py +20 -12
- pycti/utils/opencti_stix2_utils.py +5 -3
- {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/METADATA +2 -2
- pycti-5.12.23.dist-info/RECORD +68 -0
- pycti-5.12.21.dist-info/RECORD +0 -68
- {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/LICENSE +0 -0
- {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/WHEEL +0 -0
- {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/top_level.txt +0 -0
pycti/utils/opencti_stix2.py
CHANGED
|
@@ -345,13 +345,11 @@ class OpenCTIStix2:
|
|
|
345
345
|
)["name"]
|
|
346
346
|
)
|
|
347
347
|
else:
|
|
348
|
-
object_open_vocabularies[
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
)
|
|
353
|
-
"name"
|
|
354
|
-
]
|
|
348
|
+
object_open_vocabularies[f["key"]] = (
|
|
349
|
+
self.opencti.vocabulary.handle_vocab(
|
|
350
|
+
stix_object[f["key"]], self.mapping_cache_permanent, field=f
|
|
351
|
+
)["name"]
|
|
352
|
+
)
|
|
355
353
|
|
|
356
354
|
# Object Labels
|
|
357
355
|
object_label_ids = []
|
|
@@ -431,20 +429,22 @@ class OpenCTIStix2:
|
|
|
431
429
|
)
|
|
432
430
|
is not None
|
|
433
431
|
):
|
|
434
|
-
kill_chain_phase[
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
432
|
+
kill_chain_phase["x_opencti_order"] = (
|
|
433
|
+
self.opencti.get_attribute_in_extension(
|
|
434
|
+
"order", kill_chain_phase
|
|
435
|
+
)
|
|
438
436
|
)
|
|
439
437
|
kill_chain_phase = self.opencti.kill_chain_phase.create(
|
|
440
438
|
kill_chain_name=kill_chain_phase["kill_chain_name"],
|
|
441
439
|
phase_name=kill_chain_phase["phase_name"],
|
|
442
|
-
x_opencti_order=
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
440
|
+
x_opencti_order=(
|
|
441
|
+
kill_chain_phase["x_opencti_order"]
|
|
442
|
+
if "x_opencti_order" in kill_chain_phase
|
|
443
|
+
else 0
|
|
444
|
+
),
|
|
445
|
+
stix_id=(
|
|
446
|
+
kill_chain_phase["id"] if "id" in kill_chain_phase else None
|
|
447
|
+
),
|
|
448
448
|
)
|
|
449
449
|
self.mapping_cache[
|
|
450
450
|
kill_chain_phase["kill_chain_name"]
|
|
@@ -472,20 +472,22 @@ class OpenCTIStix2:
|
|
|
472
472
|
)
|
|
473
473
|
is not None
|
|
474
474
|
):
|
|
475
|
-
kill_chain_phase[
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
475
|
+
kill_chain_phase["x_opencti_order"] = (
|
|
476
|
+
self.opencti.get_attribute_in_extension(
|
|
477
|
+
"order", kill_chain_phase
|
|
478
|
+
)
|
|
479
479
|
)
|
|
480
480
|
kill_chain_phase = self.opencti.kill_chain_phase.create(
|
|
481
481
|
kill_chain_name=kill_chain_phase["kill_chain_name"],
|
|
482
482
|
phase_name=kill_chain_phase["phase_name"],
|
|
483
|
-
x_opencti_order=
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
483
|
+
x_opencti_order=(
|
|
484
|
+
kill_chain_phase["x_opencti_order"]
|
|
485
|
+
if "x_opencti_order" in kill_chain_phase
|
|
486
|
+
else 0
|
|
487
|
+
),
|
|
488
|
+
stix_id=(
|
|
489
|
+
kill_chain_phase["id"] if "id" in kill_chain_phase else None
|
|
490
|
+
),
|
|
489
491
|
)
|
|
490
492
|
self.mapping_cache[
|
|
491
493
|
kill_chain_phase["kill_chain_name"]
|
|
@@ -509,10 +511,10 @@ class OpenCTIStix2:
|
|
|
509
511
|
)
|
|
510
512
|
is not None
|
|
511
513
|
):
|
|
512
|
-
stix_object[
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
|
|
514
|
+
stix_object["external_references"] = (
|
|
515
|
+
self.opencti.get_attribute_in_extension(
|
|
516
|
+
"external_references", stix_object
|
|
517
|
+
)
|
|
516
518
|
)
|
|
517
519
|
if "external_references" in stix_object:
|
|
518
520
|
for external_reference in stix_object["external_references"]:
|
|
@@ -544,9 +546,11 @@ class OpenCTIStix2:
|
|
|
544
546
|
source_name=source_name,
|
|
545
547
|
url=url,
|
|
546
548
|
external_id=external_id,
|
|
547
|
-
description=
|
|
548
|
-
|
|
549
|
-
|
|
549
|
+
description=(
|
|
550
|
+
external_reference["description"]
|
|
551
|
+
if "description" in external_reference
|
|
552
|
+
else None
|
|
553
|
+
),
|
|
550
554
|
)["id"]
|
|
551
555
|
if "x_opencti_files" in external_reference:
|
|
552
556
|
for file in external_reference["x_opencti_files"]:
|
|
@@ -669,9 +673,11 @@ class OpenCTIStix2:
|
|
|
669
673
|
createdBy=author["id"] if author is not None else None,
|
|
670
674
|
objectMarking=[object_marking_ref_result["id"]],
|
|
671
675
|
externalReferences=[external_reference_id],
|
|
672
|
-
description=
|
|
673
|
-
|
|
674
|
-
|
|
676
|
+
description=(
|
|
677
|
+
external_reference["description"]
|
|
678
|
+
if "description" in external_reference
|
|
679
|
+
else ""
|
|
680
|
+
),
|
|
675
681
|
report_types="threat-report",
|
|
676
682
|
published=published,
|
|
677
683
|
update=True,
|
|
@@ -704,9 +710,11 @@ class OpenCTIStix2:
|
|
|
704
710
|
source_name=source_name,
|
|
705
711
|
url=url,
|
|
706
712
|
external_id=external_id,
|
|
707
|
-
description=
|
|
708
|
-
|
|
709
|
-
|
|
713
|
+
description=(
|
|
714
|
+
external_reference["description"]
|
|
715
|
+
if "description" in external_reference
|
|
716
|
+
else None
|
|
717
|
+
),
|
|
710
718
|
)["id"]
|
|
711
719
|
if "x_opencti_files" in external_reference:
|
|
712
720
|
for file in external_reference["x_opencti_files"]:
|
|
@@ -860,16 +868,20 @@ class OpenCTIStix2:
|
|
|
860
868
|
self.mapping_cache[stix_object["id"]] = {
|
|
861
869
|
"id": stix_object_result["id"],
|
|
862
870
|
"type": stix_object_result["entity_type"],
|
|
863
|
-
"observables":
|
|
864
|
-
|
|
865
|
-
|
|
871
|
+
"observables": (
|
|
872
|
+
stix_object_result["observables"]
|
|
873
|
+
if "observables" in stix_object_result
|
|
874
|
+
else []
|
|
875
|
+
),
|
|
866
876
|
}
|
|
867
877
|
self.mapping_cache[stix_object_result["id"]] = {
|
|
868
878
|
"id": stix_object_result["id"],
|
|
869
879
|
"type": stix_object_result["entity_type"],
|
|
870
|
-
"observables":
|
|
871
|
-
|
|
872
|
-
|
|
880
|
+
"observables": (
|
|
881
|
+
stix_object_result["observables"]
|
|
882
|
+
if "observables" in stix_object_result
|
|
883
|
+
else []
|
|
884
|
+
),
|
|
873
885
|
}
|
|
874
886
|
# Add reports from external references
|
|
875
887
|
for external_reference_id in external_references_ids:
|
|
@@ -935,53 +947,67 @@ class OpenCTIStix2:
|
|
|
935
947
|
stix_observable_result = self.opencti.stix_cyber_observable.create(
|
|
936
948
|
simple_observable_id=stix_object["id"],
|
|
937
949
|
simple_observable_key=stix_object["key"],
|
|
938
|
-
simple_observable_value=
|
|
939
|
-
|
|
940
|
-
|
|
941
|
-
|
|
942
|
-
|
|
943
|
-
|
|
944
|
-
|
|
945
|
-
|
|
946
|
-
|
|
947
|
-
|
|
948
|
-
|
|
949
|
-
|
|
950
|
-
|
|
951
|
-
|
|
952
|
-
|
|
953
|
-
|
|
954
|
-
|
|
955
|
-
|
|
956
|
-
|
|
957
|
-
|
|
958
|
-
|
|
959
|
-
|
|
960
|
-
|
|
961
|
-
|
|
962
|
-
|
|
963
|
-
|
|
964
|
-
|
|
950
|
+
simple_observable_value=(
|
|
951
|
+
stix_object["value"]
|
|
952
|
+
if stix_object["key"] not in OBSERVABLES_VALUE_INT
|
|
953
|
+
else int(stix_object["value"])
|
|
954
|
+
),
|
|
955
|
+
simple_observable_description=(
|
|
956
|
+
stix_object["description"] if "description" in stix_object else None
|
|
957
|
+
),
|
|
958
|
+
x_opencti_score=(
|
|
959
|
+
stix_object["x_opencti_score"]
|
|
960
|
+
if "x_opencti_score" in stix_object
|
|
961
|
+
else None
|
|
962
|
+
),
|
|
963
|
+
createdBy=(
|
|
964
|
+
extras["created_by_id"] if "created_by_id" in extras else None
|
|
965
|
+
),
|
|
966
|
+
objectMarking=(
|
|
967
|
+
extras["object_marking_ids"]
|
|
968
|
+
if "object_marking_ids" in extras
|
|
969
|
+
else []
|
|
970
|
+
),
|
|
971
|
+
objectLabel=(
|
|
972
|
+
extras["object_label_ids"] if "object_label_ids" in extras else None
|
|
973
|
+
),
|
|
974
|
+
externalReferences=(
|
|
975
|
+
extras["external_references_ids"]
|
|
976
|
+
if "external_references_ids" in extras
|
|
977
|
+
else None
|
|
978
|
+
),
|
|
979
|
+
createIndicator=(
|
|
980
|
+
stix_object["x_opencti_create_indicator"]
|
|
981
|
+
if "x_opencti_create_indicator" in stix_object
|
|
982
|
+
else None
|
|
983
|
+
),
|
|
984
|
+
objectOrganization=(
|
|
985
|
+
extras["granted_refs_ids"] if "granted_refs_ids" in extras else []
|
|
986
|
+
),
|
|
965
987
|
update=update,
|
|
966
988
|
)
|
|
967
989
|
else:
|
|
968
990
|
stix_observable_result = self.opencti.stix_cyber_observable.create(
|
|
969
991
|
observableData=stix_object,
|
|
970
|
-
createdBy=
|
|
971
|
-
|
|
972
|
-
|
|
973
|
-
objectMarking=
|
|
974
|
-
|
|
975
|
-
|
|
976
|
-
|
|
977
|
-
|
|
978
|
-
|
|
979
|
-
|
|
980
|
-
|
|
981
|
-
|
|
982
|
-
|
|
983
|
-
|
|
984
|
-
|
|
992
|
+
createdBy=(
|
|
993
|
+
extras["created_by_id"] if "created_by_id" in extras else None
|
|
994
|
+
),
|
|
995
|
+
objectMarking=(
|
|
996
|
+
extras["object_marking_ids"]
|
|
997
|
+
if "object_marking_ids" in extras
|
|
998
|
+
else []
|
|
999
|
+
),
|
|
1000
|
+
objectLabel=(
|
|
1001
|
+
extras["object_label_ids"] if "object_label_ids" in extras else None
|
|
1002
|
+
),
|
|
1003
|
+
externalReferences=(
|
|
1004
|
+
extras["external_references_ids"]
|
|
1005
|
+
if "external_references_ids" in extras
|
|
1006
|
+
else None
|
|
1007
|
+
),
|
|
1008
|
+
objectOrganization=(
|
|
1009
|
+
extras["granted_refs_ids"] if "granted_refs_ids" in extras else []
|
|
1010
|
+
),
|
|
985
1011
|
update=update,
|
|
986
1012
|
)
|
|
987
1013
|
if stix_observable_result is not None:
|
|
@@ -1222,48 +1248,56 @@ class OpenCTIStix2:
|
|
|
1222
1248
|
and self.opencti.get_attribute_in_extension("negative", stix_sighting)
|
|
1223
1249
|
is not None
|
|
1224
1250
|
):
|
|
1225
|
-
stix_sighting[
|
|
1226
|
-
"
|
|
1227
|
-
|
|
1251
|
+
stix_sighting["x_opencti_negative"] = (
|
|
1252
|
+
self.opencti.get_attribute_in_extension("negative", stix_sighting)
|
|
1253
|
+
)
|
|
1228
1254
|
stix_sighting_result = self.opencti.stix_sighting_relationship.create(
|
|
1229
1255
|
fromId=final_from_id,
|
|
1230
1256
|
toId=final_to_id,
|
|
1231
1257
|
stix_id=stix_sighting["id"] if "id" in stix_sighting else None,
|
|
1232
|
-
description=
|
|
1233
|
-
|
|
1234
|
-
|
|
1235
|
-
|
|
1236
|
-
|
|
1237
|
-
|
|
1238
|
-
|
|
1239
|
-
|
|
1240
|
-
|
|
1258
|
+
description=(
|
|
1259
|
+
self.convert_markdown(stix_sighting["description"])
|
|
1260
|
+
if "description" in stix_sighting
|
|
1261
|
+
else None
|
|
1262
|
+
),
|
|
1263
|
+
first_seen=(
|
|
1264
|
+
stix_sighting["first_seen"] if "first_seen" in stix_sighting else None
|
|
1265
|
+
),
|
|
1266
|
+
last_seen=(
|
|
1267
|
+
stix_sighting["last_seen"] if "last_seen" in stix_sighting else None
|
|
1268
|
+
),
|
|
1241
1269
|
count=stix_sighting["count"] if "count" in stix_sighting else 1,
|
|
1242
|
-
x_opencti_negative=
|
|
1243
|
-
|
|
1244
|
-
|
|
1270
|
+
x_opencti_negative=(
|
|
1271
|
+
stix_sighting["x_opencti_negative"]
|
|
1272
|
+
if "x_opencti_negative" in stix_sighting
|
|
1273
|
+
else False
|
|
1274
|
+
),
|
|
1245
1275
|
created=stix_sighting["created"] if "created" in stix_sighting else None,
|
|
1246
1276
|
modified=stix_sighting["modified"] if "modified" in stix_sighting else None,
|
|
1247
|
-
confidence=
|
|
1248
|
-
|
|
1249
|
-
|
|
1277
|
+
confidence=(
|
|
1278
|
+
stix_sighting["confidence"] if "confidence" in stix_sighting else 15
|
|
1279
|
+
),
|
|
1250
1280
|
createdBy=extras["created_by_id"] if "created_by_id" in extras else None,
|
|
1251
|
-
objectMarking=
|
|
1252
|
-
|
|
1253
|
-
|
|
1254
|
-
objectLabel=
|
|
1255
|
-
|
|
1256
|
-
|
|
1257
|
-
externalReferences=
|
|
1258
|
-
|
|
1259
|
-
|
|
1260
|
-
|
|
1261
|
-
|
|
1262
|
-
|
|
1281
|
+
objectMarking=(
|
|
1282
|
+
extras["object_marking_ids"] if "object_marking_ids" in extras else []
|
|
1283
|
+
),
|
|
1284
|
+
objectLabel=(
|
|
1285
|
+
extras["object_label_ids"] if "object_label_ids" in extras else None
|
|
1286
|
+
),
|
|
1287
|
+
externalReferences=(
|
|
1288
|
+
extras["external_references_ids"]
|
|
1289
|
+
if "external_references_ids" in extras
|
|
1290
|
+
else None
|
|
1291
|
+
),
|
|
1292
|
+
objectOrganization=(
|
|
1293
|
+
extras["granted_refs_ids"] if "granted_refs_ids" in extras else []
|
|
1294
|
+
),
|
|
1263
1295
|
update=update,
|
|
1264
|
-
ignore_dates=
|
|
1265
|
-
|
|
1266
|
-
|
|
1296
|
+
ignore_dates=(
|
|
1297
|
+
stix_sighting["x_opencti_ignore_dates"]
|
|
1298
|
+
if "x_opencti_ignore_dates" in stix_sighting
|
|
1299
|
+
else None
|
|
1300
|
+
),
|
|
1267
1301
|
)
|
|
1268
1302
|
if stix_sighting_result is not None:
|
|
1269
1303
|
self.mapping_cache[stix_sighting["id"]] = {
|
|
@@ -1810,9 +1844,11 @@ class OpenCTIStix2:
|
|
|
1810
1844
|
for stix_core_relationship in stix_core_relationships:
|
|
1811
1845
|
if self.check_max_marking_definition(
|
|
1812
1846
|
max_marking_definition_entity,
|
|
1813
|
-
|
|
1814
|
-
|
|
1815
|
-
|
|
1847
|
+
(
|
|
1848
|
+
stix_core_relationship["objectMarking"]
|
|
1849
|
+
if "objectMarking" in stix_core_relationship
|
|
1850
|
+
else None
|
|
1851
|
+
),
|
|
1816
1852
|
):
|
|
1817
1853
|
objects_to_get.append(
|
|
1818
1854
|
stix_core_relationship["to"]
|
|
@@ -1846,9 +1882,11 @@ class OpenCTIStix2:
|
|
|
1846
1882
|
for stix_sighting_relationship in stix_sighting_relationships:
|
|
1847
1883
|
if self.check_max_marking_definition(
|
|
1848
1884
|
max_marking_definition_entity,
|
|
1849
|
-
|
|
1850
|
-
|
|
1851
|
-
|
|
1885
|
+
(
|
|
1886
|
+
stix_sighting_relationship["objectMarking"]
|
|
1887
|
+
if "objectMarking" in stix_sighting_relationship
|
|
1888
|
+
else None
|
|
1889
|
+
),
|
|
1852
1890
|
):
|
|
1853
1891
|
objects_to_get.append(
|
|
1854
1892
|
stix_sighting_relationship["to"]
|
|
@@ -2342,9 +2380,9 @@ class OpenCTIStix2:
|
|
|
2342
2380
|
stix_id=item["id"],
|
|
2343
2381
|
name=item["name"],
|
|
2344
2382
|
category=item["category"],
|
|
2345
|
-
description=
|
|
2346
|
-
|
|
2347
|
-
|
|
2383
|
+
description=(
|
|
2384
|
+
item["description"] if "description" in item else None
|
|
2385
|
+
),
|
|
2348
2386
|
aliases=item["aliases"] if "aliases" in item else None,
|
|
2349
2387
|
x_opencti_stix_ids=stix_ids,
|
|
2350
2388
|
update=update,
|
|
@@ -2353,16 +2391,16 @@ class OpenCTIStix2:
|
|
|
2353
2391
|
stix_ids = self.opencti.get_attribute_in_extension("stix_ids", item)
|
|
2354
2392
|
self.opencti.external_reference.create(
|
|
2355
2393
|
stix_id=item["id"],
|
|
2356
|
-
source_name=
|
|
2357
|
-
|
|
2358
|
-
|
|
2394
|
+
source_name=(
|
|
2395
|
+
item["source_name"] if "source_name" in item else None
|
|
2396
|
+
),
|
|
2359
2397
|
url=item["url"] if "url" in item else None,
|
|
2360
|
-
external_id=
|
|
2361
|
-
|
|
2362
|
-
|
|
2363
|
-
description=
|
|
2364
|
-
|
|
2365
|
-
|
|
2398
|
+
external_id=(
|
|
2399
|
+
item["external_id"] if "external_id" in item else None
|
|
2400
|
+
),
|
|
2401
|
+
description=(
|
|
2402
|
+
item["description"] if "description" in item else None
|
|
2403
|
+
),
|
|
2366
2404
|
x_opencti_stix_ids=stix_ids,
|
|
2367
2405
|
update=update,
|
|
2368
2406
|
)
|
|
@@ -69,12 +69,16 @@ class OpenCTIStix2Update:
|
|
|
69
69
|
external_reference_id = self.opencti.external_reference.create(
|
|
70
70
|
source_name=source_name,
|
|
71
71
|
url=url,
|
|
72
|
-
external_id=
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
72
|
+
external_id=(
|
|
73
|
+
external_reference["external_id"]
|
|
74
|
+
if "external_id" in external_reference
|
|
75
|
+
else None
|
|
76
|
+
),
|
|
77
|
+
description=(
|
|
78
|
+
external_reference["description"]
|
|
79
|
+
if "description" in external_reference
|
|
80
|
+
else None
|
|
81
|
+
),
|
|
78
82
|
)["id"]
|
|
79
83
|
if entity_type == "relationship":
|
|
80
84
|
self.opencti.stix_core_relationship.add_external_reference(
|
|
@@ -111,9 +115,11 @@ class OpenCTIStix2Update:
|
|
|
111
115
|
kill_chain_phase_id = self.opencti.kill_chain_phase.create(
|
|
112
116
|
kill_chain_name=kill_chain_phase["kill_chain_name"],
|
|
113
117
|
phase_name=kill_chain_phase["phase_name"],
|
|
114
|
-
x_opencti_order=
|
|
115
|
-
|
|
116
|
-
|
|
118
|
+
x_opencti_order=(
|
|
119
|
+
kill_chain_phase["x_opencti_order"]
|
|
120
|
+
if "x_opencti_order" in kill_chain_phase
|
|
121
|
+
else 0
|
|
122
|
+
),
|
|
117
123
|
stix_id=kill_chain_phase["id"] if "id" in kill_chain_phase else None,
|
|
118
124
|
)["id"]
|
|
119
125
|
if entity_type == "relationship":
|
|
@@ -280,9 +286,11 @@ class OpenCTIStix2Update:
|
|
|
280
286
|
if type(current_val) is list:
|
|
281
287
|
values = list(
|
|
282
288
|
map(
|
|
283
|
-
lambda x:
|
|
284
|
-
|
|
285
|
-
|
|
289
|
+
lambda x: (
|
|
290
|
+
x["value"]
|
|
291
|
+
if (type(current_val) is dict and "value" in x)
|
|
292
|
+
else x
|
|
293
|
+
),
|
|
286
294
|
str(current_val),
|
|
287
295
|
)
|
|
288
296
|
)
|
|
@@ -76,9 +76,11 @@ class OpenCTIStix2Utils:
|
|
|
76
76
|
def create_stix_pattern(observable_type, observable_value):
|
|
77
77
|
if observable_type in PATTERN_MAPPING:
|
|
78
78
|
lhs = ObjectPath(
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
79
|
+
(
|
|
80
|
+
observable_type.lower()
|
|
81
|
+
if "_" not in observable_type
|
|
82
|
+
else observable_type.split("_")[0].lower()
|
|
83
|
+
),
|
|
82
84
|
PATTERN_MAPPING[observable_type],
|
|
83
85
|
)
|
|
84
86
|
ece = ObservationExpression(
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: pycti
|
|
3
|
-
Version: 5.12.
|
|
3
|
+
Version: 5.12.23
|
|
4
4
|
Summary: Python API client for OpenCTI.
|
|
5
5
|
Home-page: https://github.com/OpenCTI-Platform/client-python
|
|
6
6
|
Author: Filigran
|
|
@@ -34,7 +34,7 @@ Requires-Dist: cachetools ~=5.3.0
|
|
|
34
34
|
Requires-Dist: python-magic ~=0.4.27 ; sys_platform == "linux" or sys_platform == "darwin"
|
|
35
35
|
Requires-Dist: python-magic-bin ~=0.4.14 ; sys_platform == "win32"
|
|
36
36
|
Provides-Extra: dev
|
|
37
|
-
Requires-Dist: black ~=
|
|
37
|
+
Requires-Dist: black ~=24.1.0 ; extra == 'dev'
|
|
38
38
|
Requires-Dist: build ~=1.0.3 ; extra == 'dev'
|
|
39
39
|
Requires-Dist: isort ~=5.13.0 ; extra == 'dev'
|
|
40
40
|
Requires-Dist: types-pytz ~=2023.3.1.0 ; extra == 'dev'
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
pycti/__init__.py,sha256=hoF49aRem6g88zf0RJ0LO1hiI_VY3E30Mw0KNG-WmRU,4693
|
|
2
|
+
pycti/api/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
3
|
+
pycti/api/opencti_api_client.py,sha256=7N2dUApNQlZpd8iBYS16N-G5YHbc_LOVIGKzKYZ9PPk,27965
|
|
4
|
+
pycti/api/opencti_api_connector.py,sha256=fYF0Jy9KIMFNt1RC_A1rpWomVJ-oj5HiSsBem4W0J5U,3549
|
|
5
|
+
pycti/api/opencti_api_playbook.py,sha256=Wcf-G__IHmR7LwtUFVUVx4Skg9e2mcb89n_HyfWC9YM,1383
|
|
6
|
+
pycti/api/opencti_api_work.py,sha256=ow30gswv4k5zLlZGlvLAn47ZM07RLsYvEV-KwtwedQg,7109
|
|
7
|
+
pycti/connector/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
8
|
+
pycti/connector/opencti_connector.py,sha256=0vrZ8Y8ecbxegAP1YhpX6ybOZahYjjOkcId51D1oBi4,2449
|
|
9
|
+
pycti/connector/opencti_connector_helper.py,sha256=0de0p4kIDBbBCrbXDAXfGATBxYYlYvV_W6c0TiIAj6Y,50183
|
|
10
|
+
pycti/connector/opencti_metric_handler.py,sha256=4jXHeJflomtHjuQ_YU0b36TG7o26vOWbY_jvU8Ezobs,3725
|
|
11
|
+
pycti/entities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
12
|
+
pycti/entities/opencti_attack_pattern.py,sha256=hb5o2PsSOY7Q-bUWgtH2xw1Q8sCX8CepL0BsktypWr4,23039
|
|
13
|
+
pycti/entities/opencti_campaign.py,sha256=Hc0x9rQ-7wLzHqXD05A1BJSKDut7NVnSaRypKbDRnX4,17727
|
|
14
|
+
pycti/entities/opencti_case_incident.py,sha256=cZdYCLehzzv33cWldd2m9VL3TzjX7xo2clQ5kdNcYss,34315
|
|
15
|
+
pycti/entities/opencti_case_rfi.py,sha256=kyvGFu2RzI83v9UN7nCcNptnWjzuRoZ385jdYhlwXJ0,32436
|
|
16
|
+
pycti/entities/opencti_case_rft.py,sha256=uU39tSTWB2GhzVfeOGxvpVL9JgPgq3LEEyZ1wah4VF8,33348
|
|
17
|
+
pycti/entities/opencti_channel.py,sha256=CXt4-MFrOx1olzQC4Hx2dUwT4T3fNsgWn44E0gOdhGc,17228
|
|
18
|
+
pycti/entities/opencti_course_of_action.py,sha256=VyLjCbJ2qep6twFQ6U86O3f2fjnOUhnk5iE6PnCid4M,18851
|
|
19
|
+
pycti/entities/opencti_data_component.py,sha256=Zeg28BN-ZPyKGKAXr-22kVC-KWnf5UkQyzLvOEBSGH4,19202
|
|
20
|
+
pycti/entities/opencti_data_source.py,sha256=RQC28NFrxVs59XjgOMAl6ze48HI72TGErhsBedsN2f8,18320
|
|
21
|
+
pycti/entities/opencti_event.py,sha256=EJGzmn0VERNh3mbWFQammXRQvkK82HzlCuLQPt-jiQU,17326
|
|
22
|
+
pycti/entities/opencti_external_reference.py,sha256=JN6QPb7hQUarVOdydpPH73hBZR6qn5togpyoPZ7Iqw8,13091
|
|
23
|
+
pycti/entities/opencti_feedback.py,sha256=sretL6rq8MVCqn7NlHN5oMrhEQHCZFGbA0HPOkJ87X4,32588
|
|
24
|
+
pycti/entities/opencti_grouping.py,sha256=p0zlQgosnWwN3wuLwlDEKMcPm9ataGoefvTiD3bsKeE,29940
|
|
25
|
+
pycti/entities/opencti_identity.py,sha256=BJ2tPC4a9lF4TKEoB2agmG9iZ7YDkDopfutXKP6UIgQ,23729
|
|
26
|
+
pycti/entities/opencti_incident.py,sha256=jwc5j0b3Vq-kSYhkwr99_7uhQXixzqqnX032d3d2Vh0,18951
|
|
27
|
+
pycti/entities/opencti_indicator.py,sha256=2QmtYe8syjsdHFzJjQesY2wGYoNsZQ0-Ky8nHjDQOVI,27967
|
|
28
|
+
pycti/entities/opencti_infrastructure.py,sha256=W_AJ5KeGInZP38VjJKCE51WriIQxCHNb3z83ctiMQhY,20315
|
|
29
|
+
pycti/entities/opencti_intrusion_set.py,sha256=z8bdxs6cwLxTD1S89_BC62Axah24ijVMNe1OjAqYonI,18012
|
|
30
|
+
pycti/entities/opencti_kill_chain_phase.py,sha256=a509rFeIchPRlO5rMHPVxrxfUuTbV4znh6e_NJHC66I,8062
|
|
31
|
+
pycti/entities/opencti_label.py,sha256=6RZJPIa_dXf_YNNU4xXKghfBnpNjhU5YXOaSIcB4YrM,8800
|
|
32
|
+
pycti/entities/opencti_language.py,sha256=2Z3LBjIPat1YKQUbsW78hctybSv75unAkP-5eNq6S7s,17026
|
|
33
|
+
pycti/entities/opencti_location.py,sha256=1uqXtVqBazFak2fxdzzacbUIckGwINFhG8TJNj7TXX4,17820
|
|
34
|
+
pycti/entities/opencti_malware.py,sha256=e7TnjxMCQJei3GRPwBfrijNxd8TMsXB2z6C-Dnz67pM,21089
|
|
35
|
+
pycti/entities/opencti_malware_analysis.py,sha256=M0ApxY0-klrghk23cpVEFdNEGPl3toqzRkGdEXTCxKE,21516
|
|
36
|
+
pycti/entities/opencti_marking_definition.py,sha256=2HkU58XWOZHuEFXrscshQIHW-KVyZSr02JRzBQYZirI,12862
|
|
37
|
+
pycti/entities/opencti_narrative.py,sha256=u4TSF7o3AjafOkB6dXwyVY_X799ja59UWt00OPcI8Ak,17318
|
|
38
|
+
pycti/entities/opencti_note.py,sha256=NRlG0sEXSlQVC5NZn1m-JeiERnUNzReVo7XSwM-CKzc,30673
|
|
39
|
+
pycti/entities/opencti_observed_data.py,sha256=OGc4nMV5JzVOUrG-FfLx1lBwCKfN-dlVR6b3uVegq1s,31170
|
|
40
|
+
pycti/entities/opencti_opinion.py,sha256=Dl3DLbLYebf-qMSwvRF5KeEg_wisFyy5gCViAwcN0F8,22262
|
|
41
|
+
pycti/entities/opencti_report.py,sha256=ziO9mhyoEDen-OkJNvPkf0jGsY2qb6C8yXrI6YMAqks,33379
|
|
42
|
+
pycti/entities/opencti_stix.py,sha256=uMheSg8i1f2Ozx2Mk0iShWzHHjj6MMWDtV5nDjVxKEE,2275
|
|
43
|
+
pycti/entities/opencti_stix_core_object.py,sha256=ZdiOdgvA2KwD4zPHDEVNXFzVsdDASWxJipYR4ZAhRE8,51827
|
|
44
|
+
pycti/entities/opencti_stix_core_relationship.py,sha256=jYT0-YrNXcfMWFxlCdv-yDi9SlorJ1XUFEB_7NzSbBk,43296
|
|
45
|
+
pycti/entities/opencti_stix_cyber_observable.py,sha256=qQOZCzx3qHDMr_A-3pTrw3IorDeDXzsdWs1ahQk3trU,107424
|
|
46
|
+
pycti/entities/opencti_stix_domain_object.py,sha256=VgNtuJc094hhYkud68SIBLAd4pit9I11GjDmj8L7B5s,81981
|
|
47
|
+
pycti/entities/opencti_stix_nested_ref_relationship.py,sha256=2r1i7cUl-WWictlnC_MJrm9sTIt_yJe2uqTpQm-yo6o,12330
|
|
48
|
+
pycti/entities/opencti_stix_object_or_stix_relationship.py,sha256=fXo2xFK-Voz8NbF-lG1kkvjRchZ1TFZ11DLOtudrYdA,16129
|
|
49
|
+
pycti/entities/opencti_stix_sighting_relationship.py,sha256=zAiZkImXCDdSTJv6L6G7d4OlOWqohYRaPMs7im6dkec,28073
|
|
50
|
+
pycti/entities/opencti_task.py,sha256=StnSPKS1kLmgQir7poQ8HykJ_2yyNRHOYBq4QG4cYpU,25093
|
|
51
|
+
pycti/entities/opencti_threat_actor.py,sha256=a0ISQ3OZAJW_1rs1bf_Ss4VJ8YmdFMpLZZAwPjZE64c,10260
|
|
52
|
+
pycti/entities/opencti_threat_actor_group.py,sha256=I1cFlWHaERNLpJ-Jx-M3i7TFbbh0i-sGHWCRZYcbZDw,19306
|
|
53
|
+
pycti/entities/opencti_threat_actor_individual.py,sha256=xC4XwN3HODr0EjeXcTnkNk-i4O3RhHzLDdn91tsINI4,19548
|
|
54
|
+
pycti/entities/opencti_tool.py,sha256=SxG31ed_rLyHyrqE08vNGU_p_Fgb5yGkK8vFAg325sw,15257
|
|
55
|
+
pycti/entities/opencti_vocabulary.py,sha256=6JfOByggvSxvkfIXk1b60T7fyWOhxZ6YFkGbSeV8F-4,5988
|
|
56
|
+
pycti/entities/opencti_vulnerability.py,sha256=0nTIWdRnf6ldNKCRJtyLZcOMeN1UB0eRO8MmQ32hczk,20213
|
|
57
|
+
pycti/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
58
|
+
pycti/utils/constants.py,sha256=mAAeNGXyHU89yp8lihXBKF9fKncQCKwyxD2PVz5D2wI,7915
|
|
59
|
+
pycti/utils/opencti_logger.py,sha256=0dvB75V0SuPFGxL539dAQrxTt1N5Acx0A3Ogwl5WMJ8,2199
|
|
60
|
+
pycti/utils/opencti_stix2.py,sha256=_YUxvAh1_Stk_3E67DLV4woqUGKEwnVBTPx9rnot7tw,110705
|
|
61
|
+
pycti/utils/opencti_stix2_splitter.py,sha256=Ht9Mp-W3gbwxIKEr7i_5NYpcDr3TA2gYdC4TzOz0G4c,4496
|
|
62
|
+
pycti/utils/opencti_stix2_update.py,sha256=CnMyqkeVA0jgyxEcgqna8sABU4YPMjkEJ228GVurIn4,14658
|
|
63
|
+
pycti/utils/opencti_stix2_utils.py,sha256=_ijIz6SRP2OeIaWJcXJt8go510MUEGfWE3KY-I_9QZc,3725
|
|
64
|
+
pycti-5.12.23.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
|
|
65
|
+
pycti-5.12.23.dist-info/METADATA,sha256=B_S6rzAEhTlsJSV-ISR2ENTW585LrKkQdJ2iXwzNbMw,5297
|
|
66
|
+
pycti-5.12.23.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
|
|
67
|
+
pycti-5.12.23.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
|
|
68
|
+
pycti-5.12.23.dist-info/RECORD,,
|