pycti 5.12.21__py3-none-any.whl → 5.12.23__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pycti might be problematic. Click here for more details.

Files changed (50) hide show
  1. pycti/__init__.py +1 -1
  2. pycti/connector/opencti_connector_helper.py +13 -11
  3. pycti/entities/opencti_attack_pattern.py +76 -58
  4. pycti/entities/opencti_campaign.py +49 -41
  5. pycti/entities/opencti_case_incident.py +62 -48
  6. pycti/entities/opencti_case_rfi.py +45 -35
  7. pycti/entities/opencti_case_rft.py +45 -35
  8. pycti/entities/opencti_channel.py +45 -35
  9. pycti/entities/opencti_course_of_action.py +43 -35
  10. pycti/entities/opencti_data_component.py +43 -35
  11. pycti/entities/opencti_data_source.py +48 -38
  12. pycti/entities/opencti_event.py +44 -38
  13. pycti/entities/opencti_external_reference.py +5 -3
  14. pycti/entities/opencti_feedback.py +40 -32
  15. pycti/entities/opencti_grouping.py +43 -35
  16. pycti/entities/opencti_identity.py +91 -73
  17. pycti/entities/opencti_incident.py +59 -47
  18. pycti/entities/opencti_indicator.py +110 -84
  19. pycti/entities/opencti_infrastructure.py +56 -44
  20. pycti/entities/opencti_intrusion_set.py +61 -47
  21. pycti/entities/opencti_language.py +30 -24
  22. pycti/entities/opencti_location.py +41 -35
  23. pycti/entities/opencti_malware.py +83 -63
  24. pycti/entities/opencti_malware_analysis.py +87 -63
  25. pycti/entities/opencti_marking_definition.py +24 -18
  26. pycti/entities/opencti_narrative.py +45 -35
  27. pycti/entities/opencti_note.py +51 -39
  28. pycti/entities/opencti_observed_data.py +70 -48
  29. pycti/entities/opencti_opinion.py +40 -32
  30. pycti/entities/opencti_report.py +74 -47
  31. pycti/entities/opencti_stix_core_object.py +10 -10
  32. pycti/entities/opencti_stix_core_relationship.py +55 -41
  33. pycti/entities/opencti_stix_cyber_observable.py +442 -318
  34. pycti/entities/opencti_stix_domain_object.py +15 -13
  35. pycti/entities/opencti_stix_object_or_stix_relationship.py +5 -5
  36. pycti/entities/opencti_task.py +44 -36
  37. pycti/entities/opencti_threat_actor_group.py +76 -56
  38. pycti/entities/opencti_threat_actor_individual.py +76 -56
  39. pycti/entities/opencti_tool.py +53 -41
  40. pycti/entities/opencti_vulnerability.py +151 -109
  41. pycti/utils/constants.py +1 -0
  42. pycti/utils/opencti_stix2.py +177 -139
  43. pycti/utils/opencti_stix2_update.py +20 -12
  44. pycti/utils/opencti_stix2_utils.py +5 -3
  45. {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/METADATA +2 -2
  46. pycti-5.12.23.dist-info/RECORD +68 -0
  47. pycti-5.12.21.dist-info/RECORD +0 -68
  48. {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/LICENSE +0 -0
  49. {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/WHEEL +0 -0
  50. {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/top_level.txt +0 -0
pycti/entities/opencti_feedback.py CHANGED
@@ -845,49 +845,57 @@ class Feedback:
845
845
  if stix_object is not None:
846
846
  # Search in extensions
847
847
  if "x_opencti_stix_ids" not in stix_object:
848
- stix_object[
849
- "x_opencti_stix_ids"
850
- ] = self.opencti.get_attribute_in_extension("stix_ids", stix_object)
848
+ stix_object["x_opencti_stix_ids"] = (
849
+ self.opencti.get_attribute_in_extension("stix_ids", stix_object)
850
+ )
851
851
  if "x_opencti_granted_refs" not in stix_object:
852
- stix_object[
853
- "x_opencti_granted_refs"
854
- ] = self.opencti.get_attribute_in_extension("granted_refs", stix_object)
852
+ stix_object["x_opencti_granted_refs"] = (
853
+ self.opencti.get_attribute_in_extension("granted_refs", stix_object)
854
+ )
855
855
 
856
856
  return self.create(
857
857
  stix_id=stix_object["id"],
858
- createdBy=extras["created_by_id"]
859
- if "created_by_id" in extras
860
- else None,
861
- objectMarking=extras["object_marking_ids"]
862
- if "object_marking_ids" in extras
863
- else None,
864
- objectLabel=extras["object_label_ids"]
865
- if "object_label_ids" in extras
866
- else None,
858
+ createdBy=(
859
+ extras["created_by_id"] if "created_by_id" in extras else None
860
+ ),
861
+ objectMarking=(
862
+ extras["object_marking_ids"]
863
+ if "object_marking_ids" in extras
864
+ else None
865
+ ),
866
+ objectLabel=(
867
+ extras["object_label_ids"] if "object_label_ids" in extras else None
868
+ ),
867
869
  objects=extras["object_ids"] if "object_ids" in extras else [],
868
- externalReferences=extras["external_references_ids"]
869
- if "external_references_ids" in extras
870
- else None,
870
+ externalReferences=(
871
+ extras["external_references_ids"]
872
+ if "external_references_ids" in extras
873
+ else None
874
+ ),
871
875
  revoked=stix_object["revoked"] if "revoked" in stix_object else None,
872
- confidence=stix_object["confidence"]
873
- if "confidence" in stix_object
874
- else None,
876
+ confidence=(
877
+ stix_object["confidence"] if "confidence" in stix_object else None
878
+ ),
875
879
  lang=stix_object["lang"] if "lang" in stix_object else None,
876
880
  created=stix_object["created"] if "created" in stix_object else None,
877
881
  modified=stix_object["modified"] if "modified" in stix_object else None,
878
882
  name=stix_object["name"],
879
- description=self.opencti.stix2.convert_markdown(
880
- stix_object["description"]
881
- )
882
- if "description" in stix_object
883
- else None,
883
+ description=(
884
+ self.opencti.stix2.convert_markdown(stix_object["description"])
885
+ if "description" in stix_object
886
+ else None
887
+ ),
884
888
  rating=stix_object["rating"] if "rating" in stix_object else None,
885
- x_opencti_stix_ids=stix_object["x_opencti_stix_ids"]
886
- if "x_opencti_stix_ids" in stix_object
887
- else None,
888
- objectOrganization=stix_object["x_opencti_granted_refs"]
889
- if "x_opencti_granted_refs" in stix_object
890
- else None,
889
+ x_opencti_stix_ids=(
890
+ stix_object["x_opencti_stix_ids"]
891
+ if "x_opencti_stix_ids" in stix_object
892
+ else None
893
+ ),
894
+ objectOrganization=(
895
+ stix_object["x_opencti_granted_refs"]
896
+ if "x_opencti_granted_refs" in stix_object
897
+ else None
898
+ ),
891
899
  update=update,
892
900
  )
893
901
  else:
pycti/entities/opencti_grouping.py CHANGED
@@ -779,53 +779,61 @@ class Grouping:
779
779
  if stix_object is not None:
780
780
  # Search in extensions
781
781
  if "x_opencti_aliases" not in stix_object:
782
- stix_object[
783
- "x_opencti_aliases"
784
- ] = self.opencti.get_attribute_in_extension("aliases", stix_object)
782
+ stix_object["x_opencti_aliases"] = (
783
+ self.opencti.get_attribute_in_extension("aliases", stix_object)
784
+ )
785
785
  if "x_opencti_stix_ids" not in stix_object:
786
- stix_object[
787
- "x_opencti_stix_ids"
788
- ] = self.opencti.get_attribute_in_extension("stix_ids", stix_object)
786
+ stix_object["x_opencti_stix_ids"] = (
787
+ self.opencti.get_attribute_in_extension("stix_ids", stix_object)
788
+ )
789
789
  if "x_opencti_granted_refs" not in stix_object:
790
- stix_object[
791
- "x_opencti_granted_refs"
792
- ] = self.opencti.get_attribute_in_extension("granted_refs", stix_object)
790
+ stix_object["x_opencti_granted_refs"] = (
791
+ self.opencti.get_attribute_in_extension("granted_refs", stix_object)
792
+ )
793
793
 
794
794
  return self.create(
795
795
  stix_id=stix_object["id"],
796
- createdBy=extras["created_by_id"]
797
- if "created_by_id" in extras
798
- else None,
799
- objectMarking=extras["object_marking_ids"]
800
- if "object_marking_ids" in extras
801
- else None,
802
- objectLabel=extras["object_label_ids"]
803
- if "object_label_ids" in extras
804
- else None,
796
+ createdBy=(
797
+ extras["created_by_id"] if "created_by_id" in extras else None
798
+ ),
799
+ objectMarking=(
800
+ extras["object_marking_ids"]
801
+ if "object_marking_ids" in extras
802
+ else None
803
+ ),
804
+ objectLabel=(
805
+ extras["object_label_ids"] if "object_label_ids" in extras else None
806
+ ),
805
807
  objects=extras["object_ids"] if "object_ids" in extras else [],
806
- externalReferences=extras["external_references_ids"]
807
- if "external_references_ids" in extras
808
- else None,
808
+ externalReferences=(
809
+ extras["external_references_ids"]
810
+ if "external_references_ids" in extras
811
+ else None
812
+ ),
809
813
  revoked=stix_object["revoked"] if "revoked" in stix_object else None,
810
- confidence=stix_object["confidence"]
811
- if "confidence" in stix_object
812
- else None,
814
+ confidence=(
815
+ stix_object["confidence"] if "confidence" in stix_object else None
816
+ ),
813
817
  lang=stix_object["lang"] if "lang" in stix_object else None,
814
818
  created=stix_object["created"] if "created" in stix_object else None,
815
819
  modified=stix_object["modified"] if "modified" in stix_object else None,
816
820
  name=stix_object["name"],
817
821
  context=stix_object["context"],
818
- description=self.opencti.stix2.convert_markdown(
819
- stix_object["description"]
820
- )
821
- if "description" in stix_object
822
- else None,
823
- x_opencti_stix_ids=stix_object["x_opencti_stix_ids"]
824
- if "x_opencti_stix_ids" in stix_object
825
- else None,
826
- objectOrganization=stix_object["x_opencti_granted_refs"]
827
- if "x_opencti_granted_refs" in stix_object
828
- else None,
822
+ description=(
823
+ self.opencti.stix2.convert_markdown(stix_object["description"])
824
+ if "description" in stix_object
825
+ else None
826
+ ),
827
+ x_opencti_stix_ids=(
828
+ stix_object["x_opencti_stix_ids"]
829
+ if "x_opencti_stix_ids" in stix_object
830
+ else None
831
+ ),
832
+ objectOrganization=(
833
+ stix_object["x_opencti_granted_refs"]
834
+ if "x_opencti_granted_refs" in stix_object
835
+ else None
836
+ ),
829
837
  x_opencti_aliases=self.opencti.stix2.pick_aliases(stix_object),
830
838
  update=update,
831
839
  )
pycti/entities/opencti_identity.py CHANGED
@@ -448,9 +448,9 @@ class Identity:
448
448
  }
449
449
  }
450
450
  """
451
- input_variables[
452
- "x_opencti_organization_type"
453
- ] = x_opencti_organization_type
451
+ input_variables["x_opencti_organization_type"] = (
452
+ x_opencti_organization_type
453
+ )
454
454
  input_variables["x_opencti_reliability"] = x_opencti_reliability
455
455
  result_data_field = "organizationAdd"
456
456
  elif type == IdentityTypes.INDIVIDUAL.value:
@@ -533,97 +533,115 @@ class Identity:
533
533
 
534
534
  # Search in extensions
535
535
  if "x_opencti_aliases" not in stix_object:
536
- stix_object[
537
- "x_opencti_aliases"
538
- ] = self.opencti.get_attribute_in_extension("aliases", stix_object)
536
+ stix_object["x_opencti_aliases"] = (
537
+ self.opencti.get_attribute_in_extension("aliases", stix_object)
538
+ )
539
539
  if "x_opencti_organization_type" not in stix_object:
540
- stix_object[
541
- "x_opencti_organization_type"
542
- ] = self.opencti.get_attribute_in_extension(
543
- "organization_type", stix_object
540
+ stix_object["x_opencti_organization_type"] = (
541
+ self.opencti.get_attribute_in_extension(
542
+ "organization_type", stix_object
543
+ )
544
544
  )
545
545
  if "x_opencti_reliability" not in stix_object:
546
- stix_object[
547
- "x_opencti_reliability"
548
- ] = self.opencti.get_attribute_in_extension("reliability", stix_object)
546
+ stix_object["x_opencti_reliability"] = (
547
+ self.opencti.get_attribute_in_extension("reliability", stix_object)
548
+ )
549
549
  if "x_opencti_organization_type" not in stix_object:
550
- stix_object[
551
- "x_opencti_organization_type"
552
- ] = self.opencti.get_attribute_in_extension(
553
- "organization_type", stix_object
550
+ stix_object["x_opencti_organization_type"] = (
551
+ self.opencti.get_attribute_in_extension(
552
+ "organization_type", stix_object
553
+ )
554
554
  )
555
555
  if "x_opencti_firstname" not in stix_object:
556
- stix_object[
557
- "x_opencti_firstname"
558
- ] = self.opencti.get_attribute_in_extension("firstname", stix_object)
556
+ stix_object["x_opencti_firstname"] = (
557
+ self.opencti.get_attribute_in_extension("firstname", stix_object)
558
+ )
559
559
  if "x_opencti_lastname" not in stix_object:
560
- stix_object[
561
- "x_opencti_lastname"
562
- ] = self.opencti.get_attribute_in_extension("lastname", stix_object)
560
+ stix_object["x_opencti_lastname"] = (
561
+ self.opencti.get_attribute_in_extension("lastname", stix_object)
562
+ )
563
563
  if "x_opencti_stix_ids" not in stix_object:
564
- stix_object[
565
- "x_opencti_stix_ids"
566
- ] = self.opencti.get_attribute_in_extension("stix_ids", stix_object)
564
+ stix_object["x_opencti_stix_ids"] = (
565
+ self.opencti.get_attribute_in_extension("stix_ids", stix_object)
566
+ )
567
567
  if "x_opencti_workflow_id" not in stix_object:
568
- stix_object[
569
- "x_opencti_workflow_id"
570
- ] = self.opencti.get_attribute_in_extension(
571
- "x_opencti_workflow_id", stix_object
568
+ stix_object["x_opencti_workflow_id"] = (
569
+ self.opencti.get_attribute_in_extension(
570
+ "x_opencti_workflow_id", stix_object
571
+ )
572
572
  )
573
573
 
574
574
  return self.create(
575
575
  type=type,
576
576
  stix_id=stix_object["id"],
577
- createdBy=extras["created_by_id"]
578
- if "created_by_id" in extras
579
- else None,
580
- objectMarking=extras["object_marking_ids"]
581
- if "object_marking_ids" in extras
582
- else None,
583
- objectLabel=extras["object_label_ids"]
584
- if "object_label_ids" in extras
585
- else None,
586
- externalReferences=extras["external_references_ids"]
587
- if "external_references_ids" in extras
588
- else None,
577
+ createdBy=(
578
+ extras["created_by_id"] if "created_by_id" in extras else None
579
+ ),
580
+ objectMarking=(
581
+ extras["object_marking_ids"]
582
+ if "object_marking_ids" in extras
583
+ else None
584
+ ),
585
+ objectLabel=(
586
+ extras["object_label_ids"] if "object_label_ids" in extras else None
587
+ ),
588
+ externalReferences=(
589
+ extras["external_references_ids"]
590
+ if "external_references_ids" in extras
591
+ else None
592
+ ),
589
593
  revoked=stix_object["revoked"] if "revoked" in stix_object else None,
590
- confidence=stix_object["confidence"]
591
- if "confidence" in stix_object
592
- else None,
594
+ confidence=(
595
+ stix_object["confidence"] if "confidence" in stix_object else None
596
+ ),
593
597
  lang=stix_object["lang"] if "lang" in stix_object else None,
594
598
  created=stix_object["created"] if "created" in stix_object else None,
595
599
  modified=stix_object["modified"] if "modified" in stix_object else None,
596
600
  name=stix_object["name"],
597
- description=self.opencti.stix2.convert_markdown(
598
- stix_object["description"]
599
- )
600
- if "description" in stix_object
601
- else None,
602
- contact_information=self.opencti.stix2.convert_markdown(
603
- stix_object["contact_information"]
604
- )
605
- if "contact_information" in stix_object
606
- else None,
601
+ description=(
602
+ self.opencti.stix2.convert_markdown(stix_object["description"])
603
+ if "description" in stix_object
604
+ else None
605
+ ),
606
+ contact_information=(
607
+ self.opencti.stix2.convert_markdown(
608
+ stix_object["contact_information"]
609
+ )
610
+ if "contact_information" in stix_object
611
+ else None
612
+ ),
607
613
  roles=stix_object["roles"] if "roles" in stix_object else None,
608
614
  x_opencti_aliases=self.opencti.stix2.pick_aliases(stix_object),
609
- x_opencti_organization_type=stix_object["x_opencti_organization_type"]
610
- if "x_opencti_organization_type" in stix_object
611
- else None,
612
- x_opencti_reliability=stix_object["x_opencti_reliability"]
613
- if "x_opencti_reliability" in stix_object
614
- else None,
615
- x_opencti_firstname=stix_object["x_opencti_firstname"]
616
- if "x_opencti_firstname" in stix_object
617
- else None,
618
- x_opencti_lastname=stix_object["x_opencti_lastname"]
619
- if "x_opencti_lastname" in stix_object
620
- else None,
621
- x_opencti_stix_ids=stix_object["x_opencti_stix_ids"]
622
- if "x_opencti_stix_ids" in stix_object
623
- else None,
624
- x_opencti_workflow_id=stix_object["x_opencti_workflow_id"]
625
- if "x_opencti_workflow_id" in stix_object
626
- else None,
615
+ x_opencti_organization_type=(
616
+ stix_object["x_opencti_organization_type"]
617
+ if "x_opencti_organization_type" in stix_object
618
+ else None
619
+ ),
620
+ x_opencti_reliability=(
621
+ stix_object["x_opencti_reliability"]
622
+ if "x_opencti_reliability" in stix_object
623
+ else None
624
+ ),
625
+ x_opencti_firstname=(
626
+ stix_object["x_opencti_firstname"]
627
+ if "x_opencti_firstname" in stix_object
628
+ else None
629
+ ),
630
+ x_opencti_lastname=(
631
+ stix_object["x_opencti_lastname"]
632
+ if "x_opencti_lastname" in stix_object
633
+ else None
634
+ ),
635
+ x_opencti_stix_ids=(
636
+ stix_object["x_opencti_stix_ids"]
637
+ if "x_opencti_stix_ids" in stix_object
638
+ else None
639
+ ),
640
+ x_opencti_workflow_id=(
641
+ stix_object["x_opencti_workflow_id"]
642
+ if "x_opencti_workflow_id" in stix_object
643
+ else None
644
+ ),
627
645
  update=update,
628
646
  )
629
647
  else:
pycti/entities/opencti_incident.py CHANGED
@@ -465,65 +465,77 @@ class Incident:
465
465
  if stix_object is not None:
466
466
  # Search in extensions
467
467
  if "x_opencti_stix_ids" not in stix_object:
468
- stix_object[
469
- "x_opencti_stix_ids"
470
- ] = self.opencti.get_attribute_in_extension("stix_ids", stix_object)
468
+ stix_object["x_opencti_stix_ids"] = (
469
+ self.opencti.get_attribute_in_extension("stix_ids", stix_object)
470
+ )
471
471
  if "x_opencti_granted_refs" not in stix_object:
472
- stix_object[
473
- "x_opencti_granted_refs"
474
- ] = self.opencti.get_attribute_in_extension("granted_refs", stix_object)
472
+ stix_object["x_opencti_granted_refs"] = (
473
+ self.opencti.get_attribute_in_extension("granted_refs", stix_object)
474
+ )
475
475
 
476
476
  return self.create(
477
477
  stix_id=stix_object["id"],
478
- createdBy=extras["created_by_id"]
479
- if "created_by_id" in extras
480
- else None,
481
- objectMarking=extras["object_marking_ids"]
482
- if "object_marking_ids" in extras
483
- else None,
484
- objectLabel=extras["object_label_ids"]
485
- if "object_label_ids" in extras
486
- else None,
487
- externalReferences=extras["external_references_ids"]
488
- if "external_references_ids" in extras
489
- else None,
478
+ createdBy=(
479
+ extras["created_by_id"] if "created_by_id" in extras else None
480
+ ),
481
+ objectMarking=(
482
+ extras["object_marking_ids"]
483
+ if "object_marking_ids" in extras
484
+ else None
485
+ ),
486
+ objectLabel=(
487
+ extras["object_label_ids"] if "object_label_ids" in extras else None
488
+ ),
489
+ externalReferences=(
490
+ extras["external_references_ids"]
491
+ if "external_references_ids" in extras
492
+ else None
493
+ ),
490
494
  revoked=stix_object["revoked"] if "revoked" in stix_object else None,
491
- confidence=stix_object["confidence"]
492
- if "confidence" in stix_object
493
- else None,
495
+ confidence=(
496
+ stix_object["confidence"] if "confidence" in stix_object else None
497
+ ),
494
498
  lang=stix_object["lang"] if "lang" in stix_object else None,
495
499
  created=stix_object["created"] if "created" in stix_object else None,
496
500
  modified=stix_object["modified"] if "modified" in stix_object else None,
497
501
  name=stix_object["name"],
498
- description=self.opencti.stix2.convert_markdown(
499
- stix_object["description"]
500
- )
501
- if "description" in stix_object
502
- else None,
502
+ description=(
503
+ self.opencti.stix2.convert_markdown(stix_object["description"])
504
+ if "description" in stix_object
505
+ else None
506
+ ),
503
507
  aliases=self.opencti.stix2.pick_aliases(stix_object),
504
- objective=stix_object["objective"]
505
- if "objective" in stix_object
506
- else None,
507
- first_seen=stix_object["first_seen"]
508
- if "first_seen" in stix_object
509
- else None,
510
- last_seen=stix_object["last_seen"]
511
- if "last_seen" in stix_object
512
- else None,
513
- incident_type=stix_object["incident_type"]
514
- if "incident_type" in stix_object
515
- else None,
508
+ objective=(
509
+ stix_object["objective"] if "objective" in stix_object else None
510
+ ),
511
+ first_seen=(
512
+ stix_object["first_seen"] if "first_seen" in stix_object else None
513
+ ),
514
+ last_seen=(
515
+ stix_object["last_seen"] if "last_seen" in stix_object else None
516
+ ),
517
+ incident_type=(
518
+ stix_object["incident_type"]
519
+ if "incident_type" in stix_object
520
+ else None
521
+ ),
516
522
  severity=stix_object["severity"] if "severity" in stix_object else None,
517
523
  source=stix_object["source"] if "source" in stix_object else None,
518
- x_opencti_stix_ids=stix_object["x_opencti_stix_ids"]
519
- if "x_opencti_stix_ids" in stix_object
520
- else None,
521
- objectOrganization=stix_object["x_opencti_granted_refs"]
522
- if "x_opencti_granted_refs" in stix_object
523
- else None,
524
- x_opencti_workflow_id=stix_object["x_opencti_workflow_id"]
525
- if "x_opencti_workflow_id" in stix_object
526
- else None,
524
+ x_opencti_stix_ids=(
525
+ stix_object["x_opencti_stix_ids"]
526
+ if "x_opencti_stix_ids" in stix_object
527
+ else None
528
+ ),
529
+ objectOrganization=(
530
+ stix_object["x_opencti_granted_refs"]
531
+ if "x_opencti_granted_refs" in stix_object
532
+ else None
533
+ ),
534
+ x_opencti_workflow_id=(
535
+ stix_object["x_opencti_workflow_id"]
536
+ if "x_opencti_workflow_id" in stix_object
537
+ else None
538
+ ),
527
539
  update=update,
528
540
  )
529
541
  else: