pycti 5.12.21__py3-none-any.whl → 5.12.23__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pycti might be problematic. Click here for more details.

Files changed (50) hide show
  1. pycti/__init__.py +1 -1
  2. pycti/connector/opencti_connector_helper.py +13 -11
  3. pycti/entities/opencti_attack_pattern.py +76 -58
  4. pycti/entities/opencti_campaign.py +49 -41
  5. pycti/entities/opencti_case_incident.py +62 -48
  6. pycti/entities/opencti_case_rfi.py +45 -35
  7. pycti/entities/opencti_case_rft.py +45 -35
  8. pycti/entities/opencti_channel.py +45 -35
  9. pycti/entities/opencti_course_of_action.py +43 -35
  10. pycti/entities/opencti_data_component.py +43 -35
  11. pycti/entities/opencti_data_source.py +48 -38
  12. pycti/entities/opencti_event.py +44 -38
  13. pycti/entities/opencti_external_reference.py +5 -3
  14. pycti/entities/opencti_feedback.py +40 -32
  15. pycti/entities/opencti_grouping.py +43 -35
  16. pycti/entities/opencti_identity.py +91 -73
  17. pycti/entities/opencti_incident.py +59 -47
  18. pycti/entities/opencti_indicator.py +110 -84
  19. pycti/entities/opencti_infrastructure.py +56 -44
  20. pycti/entities/opencti_intrusion_set.py +61 -47
  21. pycti/entities/opencti_language.py +30 -24
  22. pycti/entities/opencti_location.py +41 -35
  23. pycti/entities/opencti_malware.py +83 -63
  24. pycti/entities/opencti_malware_analysis.py +87 -63
  25. pycti/entities/opencti_marking_definition.py +24 -18
  26. pycti/entities/opencti_narrative.py +45 -35
  27. pycti/entities/opencti_note.py +51 -39
  28. pycti/entities/opencti_observed_data.py +70 -48
  29. pycti/entities/opencti_opinion.py +40 -32
  30. pycti/entities/opencti_report.py +74 -47
  31. pycti/entities/opencti_stix_core_object.py +10 -10
  32. pycti/entities/opencti_stix_core_relationship.py +55 -41
  33. pycti/entities/opencti_stix_cyber_observable.py +442 -318
  34. pycti/entities/opencti_stix_domain_object.py +15 -13
  35. pycti/entities/opencti_stix_object_or_stix_relationship.py +5 -5
  36. pycti/entities/opencti_task.py +44 -36
  37. pycti/entities/opencti_threat_actor_group.py +76 -56
  38. pycti/entities/opencti_threat_actor_individual.py +76 -56
  39. pycti/entities/opencti_tool.py +53 -41
  40. pycti/entities/opencti_vulnerability.py +151 -109
  41. pycti/utils/constants.py +1 -0
  42. pycti/utils/opencti_stix2.py +177 -139
  43. pycti/utils/opencti_stix2_update.py +20 -12
  44. pycti/utils/opencti_stix2_utils.py +5 -3
  45. {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/METADATA +2 -2
  46. pycti-5.12.23.dist-info/RECORD +68 -0
  47. pycti-5.12.21.dist-info/RECORD +0 -68
  48. {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/LICENSE +0 -0
  49. {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/WHEEL +0 -0
  50. {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/top_level.txt +0 -0
pycti/entities/opencti_observed_data.py CHANGED
@@ -789,18 +789,26 @@ class ObservedData:
789
789
  stix_observable_results.append(
790
790
  self.opencti.stix_cyber_observable.create(
791
791
  observableData=observable_item,
792
- createdBy=extras["created_by_id"]
793
- if "created_by_id" in extras
794
- else None,
795
- objectMarking=extras["object_marking_ids"]
796
- if "object_marking_ids" in extras
797
- else None,
798
- objectLabel=extras["object_label_ids"]
799
- if "object_label_ids" in extras
800
- else None,
801
- objectOrganization=extras["granted_refs_ids"]
802
- if "granted_refs_ids" in extras
803
- else None,
792
+ createdBy=(
793
+ extras["created_by_id"]
794
+ if "created_by_id" in extras
795
+ else None
796
+ ),
797
+ objectMarking=(
798
+ extras["object_marking_ids"]
799
+ if "object_marking_ids" in extras
800
+ else None
801
+ ),
802
+ objectLabel=(
803
+ extras["object_label_ids"]
804
+ if "object_label_ids" in extras
805
+ else None
806
+ ),
807
+ objectOrganization=(
808
+ extras["granted_refs_ids"]
809
+ if "granted_refs_ids" in extras
810
+ else None
811
+ ),
804
812
  )
805
813
  )
806
814
  for item in stix_observable_results:
@@ -809,51 +817,65 @@ class ObservedData:
809
817
  if stix_object is not None:
810
818
  # Search in extensions
811
819
  if "x_opencti_stix_ids" not in stix_object:
812
- stix_object[
813
- "x_opencti_stix_ids"
814
- ] = self.opencti.get_attribute_in_extension("stix_ids", stix_object)
820
+ stix_object["x_opencti_stix_ids"] = (
821
+ self.opencti.get_attribute_in_extension("stix_ids", stix_object)
822
+ )
815
823
  if "x_opencti_granted_refs" not in stix_object:
816
- stix_object[
817
- "x_opencti_granted_refs"
818
- ] = self.opencti.get_attribute_in_extension("granted_refs", stix_object)
824
+ stix_object["x_opencti_granted_refs"] = (
825
+ self.opencti.get_attribute_in_extension("granted_refs", stix_object)
826
+ )
819
827
 
820
828
  observed_data_result = self.create(
821
829
  stix_id=stix_object["id"],
822
- createdBy=extras["created_by_id"]
823
- if "created_by_id" in extras
824
- else None,
825
- objectMarking=extras["object_marking_ids"]
826
- if "object_marking_ids" in extras
827
- else None,
828
- objectLabel=extras["object_label_ids"]
829
- if "object_label_ids" in extras
830
- else None,
830
+ createdBy=(
831
+ extras["created_by_id"] if "created_by_id" in extras else None
832
+ ),
833
+ objectMarking=(
834
+ extras["object_marking_ids"]
835
+ if "object_marking_ids" in extras
836
+ else None
837
+ ),
838
+ objectLabel=(
839
+ extras["object_label_ids"] if "object_label_ids" in extras else None
840
+ ),
831
841
  objects=object_refs,
832
- externalReferences=extras["external_references_ids"]
833
- if "external_references_ids" in extras
834
- else None,
842
+ externalReferences=(
843
+ extras["external_references_ids"]
844
+ if "external_references_ids" in extras
845
+ else None
846
+ ),
835
847
  revoked=stix_object["revoked"] if "revoked" in stix_object else None,
836
- confidence=stix_object["confidence"]
837
- if "confidence" in stix_object
838
- else None,
848
+ confidence=(
849
+ stix_object["confidence"] if "confidence" in stix_object else None
850
+ ),
839
851
  lang=stix_object["lang"] if "lang" in stix_object else None,
840
852
  created=stix_object["created"] if "created" in stix_object else None,
841
853
  modified=stix_object["modified"] if "modified" in stix_object else None,
842
- first_observed=stix_object["first_observed"]
843
- if "first_observed" in stix_object
844
- else None,
845
- last_observed=stix_object["last_observed"]
846
- if "last_observed" in stix_object
847
- else None,
848
- number_observed=stix_object["number_observed"]
849
- if "number_observed" in stix_object
850
- else None,
851
- x_opencti_stix_ids=stix_object["x_opencti_stix_ids"]
852
- if "x_opencti_stix_ids" in stix_object
853
- else None,
854
- objectOrganization=stix_object["x_opencti_granted_refs"]
855
- if "x_opencti_granted_refs" in stix_object
856
- else None,
854
+ first_observed=(
855
+ stix_object["first_observed"]
856
+ if "first_observed" in stix_object
857
+ else None
858
+ ),
859
+ last_observed=(
860
+ stix_object["last_observed"]
861
+ if "last_observed" in stix_object
862
+ else None
863
+ ),
864
+ number_observed=(
865
+ stix_object["number_observed"]
866
+ if "number_observed" in stix_object
867
+ else None
868
+ ),
869
+ x_opencti_stix_ids=(
870
+ stix_object["x_opencti_stix_ids"]
871
+ if "x_opencti_stix_ids" in stix_object
872
+ else None
873
+ ),
874
+ objectOrganization=(
875
+ stix_object["x_opencti_granted_refs"]
876
+ if "x_opencti_granted_refs" in stix_object
877
+ else None
878
+ ),
857
879
  update=update,
858
880
  )
859
881
 
pycti/entities/opencti_opinion.py CHANGED
@@ -565,49 +565,57 @@ class Opinion:
565
565
  if stix_object is not None:
566
566
  # Search in extensions
567
567
  if "x_opencti_stix_ids" not in stix_object:
568
- stix_object[
569
- "x_opencti_stix_ids"
570
- ] = self.opencti.get_attribute_in_extension("stix_ids", stix_object)
568
+ stix_object["x_opencti_stix_ids"] = (
569
+ self.opencti.get_attribute_in_extension("stix_ids", stix_object)
570
+ )
571
571
  if "x_opencti_granted_refs" not in stix_object:
572
- stix_object[
573
- "x_opencti_granted_refs"
574
- ] = self.opencti.get_attribute_in_extension("granted_refs", stix_object)
572
+ stix_object["x_opencti_granted_refs"] = (
573
+ self.opencti.get_attribute_in_extension("granted_refs", stix_object)
574
+ )
575
575
 
576
576
  return self.create(
577
577
  stix_id=stix_object["id"],
578
- createdBy=extras["created_by_id"]
579
- if "created_by_id" in extras
580
- else None,
581
- objectMarking=extras["object_marking_ids"]
582
- if "object_marking_ids" in extras
583
- else None,
584
- objectLabel=extras["object_label_ids"]
585
- if "object_label_ids" in extras
586
- else None,
578
+ createdBy=(
579
+ extras["created_by_id"] if "created_by_id" in extras else None
580
+ ),
581
+ objectMarking=(
582
+ extras["object_marking_ids"]
583
+ if "object_marking_ids" in extras
584
+ else None
585
+ ),
586
+ objectLabel=(
587
+ extras["object_label_ids"] if "object_label_ids" in extras else None
588
+ ),
587
589
  objects=extras["object_ids"] if "object_ids" in extras else [],
588
- externalReferences=extras["external_references_ids"]
589
- if "external_references_ids" in extras
590
- else None,
590
+ externalReferences=(
591
+ extras["external_references_ids"]
592
+ if "external_references_ids" in extras
593
+ else None
594
+ ),
591
595
  revoked=stix_object["revoked"] if "revoked" in stix_object else None,
592
- confidence=stix_object["confidence"]
593
- if "confidence" in stix_object
594
- else None,
596
+ confidence=(
597
+ stix_object["confidence"] if "confidence" in stix_object else None
598
+ ),
595
599
  lang=stix_object["lang"] if "lang" in stix_object else None,
596
600
  created=stix_object["created"] if "created" in stix_object else None,
597
601
  modified=stix_object["modified"] if "modified" in stix_object else None,
598
- explanation=self.opencti.stix2.convert_markdown(
599
- stix_object["explanation"]
600
- )
601
- if "explanation" in stix_object
602
- else None,
602
+ explanation=(
603
+ self.opencti.stix2.convert_markdown(stix_object["explanation"])
604
+ if "explanation" in stix_object
605
+ else None
606
+ ),
603
607
  authors=stix_object["authors"] if "authors" in stix_object else None,
604
- x_opencti_stix_ids=stix_object["x_opencti_stix_ids"]
605
- if "x_opencti_stix_ids" in stix_object
606
- else None,
608
+ x_opencti_stix_ids=(
609
+ stix_object["x_opencti_stix_ids"]
610
+ if "x_opencti_stix_ids" in stix_object
611
+ else None
612
+ ),
607
613
  opinion=stix_object["opinion"] if "opinion" in stix_object else None,
608
- objectOrganization=stix_object["x_opencti_granted_refs"]
609
- if "x_opencti_granted_refs" in stix_object
610
- else None,
614
+ objectOrganization=(
615
+ stix_object["x_opencti_granted_refs"]
616
+ if "x_opencti_granted_refs" in stix_object
617
+ else None
618
+ ),
611
619
  update=update,
612
620
  )
613
621
  else:
pycti/entities/opencti_report.py CHANGED
@@ -691,6 +691,7 @@ class Report:
691
691
  x_opencti_reliability = kwargs.get("x_opencti_reliability", None)
692
692
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
693
693
  granted_refs = kwargs.get("objectOrganization", None)
694
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
694
695
  update = kwargs.get("update", False)
695
696
 
696
697
  if name is not None and published is not None:
@@ -728,6 +729,7 @@ class Report:
728
729
  "published": published,
729
730
  "x_opencti_reliability": x_opencti_reliability,
730
731
  "x_opencti_stix_ids": x_opencti_stix_ids,
732
+ "x_opencti_workflow_id": x_opencti_workflow_id,
731
733
  "update": update,
732
734
  }
733
735
  },
@@ -845,64 +847,89 @@ class Report:
845
847
  if stix_object is not None:
846
848
  # Search in extensions
847
849
  if "x_opencti_stix_ids" not in stix_object:
848
- stix_object[
849
- "x_opencti_stix_ids"
850
- ] = self.opencti.get_attribute_in_extension("stix_ids", stix_object)
850
+ stix_object["x_opencti_stix_ids"] = (
851
+ self.opencti.get_attribute_in_extension("stix_ids", stix_object)
852
+ )
851
853
  if "x_opencti_granted_refs" not in stix_object:
852
- stix_object[
853
- "x_opencti_granted_refs"
854
- ] = self.opencti.get_attribute_in_extension("granted_refs", stix_object)
854
+ stix_object["x_opencti_granted_refs"] = (
855
+ self.opencti.get_attribute_in_extension("granted_refs", stix_object)
856
+ )
857
+ if "x_opencti_workflow_id" not in stix_object:
858
+ stix_object["x_opencti_workflow_id"] = (
859
+ self.opencti.get_attribute_in_extension(
860
+ "x_opencti_workflow_id", stix_object
861
+ )
862
+ )
855
863
  if "x_opencti_reliability" not in stix_object:
856
- stix_object[
857
- "x_opencti_reliability"
858
- ] = self.opencti.get_attribute_in_extension("reliability", stix_object)
864
+ stix_object["x_opencti_reliability"] = (
865
+ self.opencti.get_attribute_in_extension("reliability", stix_object)
866
+ )
859
867
 
860
868
  return self.create(
861
869
  stix_id=stix_object["id"],
862
- createdBy=extras["created_by_id"]
863
- if "created_by_id" in extras
864
- else None,
865
- objectMarking=extras["object_marking_ids"]
866
- if "object_marking_ids" in extras
867
- else None,
868
- objectLabel=extras["object_label_ids"]
869
- if "object_label_ids" in extras
870
- else None,
870
+ createdBy=(
871
+ extras["created_by_id"] if "created_by_id" in extras else None
872
+ ),
873
+ objectMarking=(
874
+ extras["object_marking_ids"]
875
+ if "object_marking_ids" in extras
876
+ else None
877
+ ),
878
+ objectLabel=(
879
+ extras["object_label_ids"] if "object_label_ids" in extras else None
880
+ ),
871
881
  objects=extras["object_ids"] if "object_ids" in extras else [],
872
- externalReferences=extras["external_references_ids"]
873
- if "external_references_ids" in extras
874
- else None,
882
+ externalReferences=(
883
+ extras["external_references_ids"]
884
+ if "external_references_ids" in extras
885
+ else None
886
+ ),
875
887
  revoked=stix_object["revoked"] if "revoked" in stix_object else None,
876
- confidence=stix_object["confidence"]
877
- if "confidence" in stix_object
878
- else None,
888
+ confidence=(
889
+ stix_object["confidence"] if "confidence" in stix_object else None
890
+ ),
879
891
  lang=stix_object["lang"] if "lang" in stix_object else None,
880
892
  created=stix_object["created"] if "created" in stix_object else None,
881
893
  modified=stix_object["modified"] if "modified" in stix_object else None,
882
894
  name=stix_object["name"],
883
- description=self.opencti.stix2.convert_markdown(
884
- stix_object["description"]
885
- )
886
- if "description" in stix_object
887
- else None,
888
- content=self.opencti.stix2.convert_markdown(stix_object["content"])
889
- if "content" in stix_object
890
- else None,
891
- report_types=stix_object["report_types"]
892
- if "report_types" in stix_object
893
- else None,
894
- published=stix_object["published"]
895
- if "published" in stix_object
896
- else None,
897
- x_opencti_stix_ids=stix_object["x_opencti_stix_ids"]
898
- if "x_opencti_stix_ids" in stix_object
899
- else None,
900
- x_opencti_reliability=stix_object["x_opencti_reliability"]
901
- if "x_opencti_reliability" in stix_object
902
- else None,
903
- objectOrganization=stix_object["x_opencti_granted_refs"]
904
- if "x_opencti_granted_refs" in stix_object
905
- else None,
895
+ description=(
896
+ self.opencti.stix2.convert_markdown(stix_object["description"])
897
+ if "description" in stix_object
898
+ else None
899
+ ),
900
+ content=(
901
+ self.opencti.stix2.convert_markdown(stix_object["content"])
902
+ if "content" in stix_object
903
+ else None
904
+ ),
905
+ report_types=(
906
+ stix_object["report_types"]
907
+ if "report_types" in stix_object
908
+ else None
909
+ ),
910
+ published=(
911
+ stix_object["published"] if "published" in stix_object else None
912
+ ),
913
+ x_opencti_stix_ids=(
914
+ stix_object["x_opencti_stix_ids"]
915
+ if "x_opencti_stix_ids" in stix_object
916
+ else None
917
+ ),
918
+ x_opencti_reliability=(
919
+ stix_object["x_opencti_reliability"]
920
+ if "x_opencti_reliability" in stix_object
921
+ else None
922
+ ),
923
+ objectOrganization=(
924
+ stix_object["x_opencti_granted_refs"]
925
+ if "x_opencti_granted_refs" in stix_object
926
+ else None
927
+ ),
928
+ x_opencti_workflow_id=(
929
+ stix_object["x_opencti_workflow_id"]
930
+ if "x_opencti_workflow_id" in stix_object
931
+ else None
932
+ ),
906
933
  update=update,
907
934
  )
908
935
  else:
pycti/entities/opencti_stix_core_object.py CHANGED
@@ -373,11 +373,11 @@ class StixCoreObject:
373
373
  ... on Vulnerability {
374
374
  name
375
375
  description
376
- x_opencti_base_score
377
- x_opencti_base_severity
378
- x_opencti_attack_vector
379
- x_opencti_integrity_impact
380
- x_opencti_availability_impact
376
+ x_opencti_cvss_base_score
377
+ x_opencti_cvss_base_severity
378
+ x_opencti_cvss_attack_vector
379
+ x_opencti_cvss_integrity_impact
380
+ x_opencti_cvss_availability_impact
381
381
  }
382
382
  ... on Incident {
383
383
  name
@@ -1041,11 +1041,11 @@ class StixCoreObject:
1041
1041
  ... on Vulnerability {
1042
1042
  name
1043
1043
  description
1044
- x_opencti_base_score
1045
- x_opencti_base_severity
1046
- x_opencti_attack_vector
1047
- x_opencti_integrity_impact
1048
- x_opencti_availability_impact
1044
+ x_opencti_cvss_base_score
1045
+ x_opencti_cvss_base_severity
1046
+ x_opencti_cvss_attack_vector
1047
+ x_opencti_cvss_integrity_impact
1048
+ x_opencti_cvss_availability_impact
1049
1049
  }
1050
1050
  ... on Incident {
1051
1051
  name
pycti/entities/opencti_stix_core_relationship.py CHANGED
@@ -1143,48 +1143,62 @@ class StixCoreRelationship:
1143
1143
  toId=target_ref,
1144
1144
  stix_id=stix_relation["id"],
1145
1145
  relationship_type=stix_relation["relationship_type"],
1146
- description=self.opencti.stix2.convert_markdown(
1147
- stix_relation["description"]
1148
- )
1149
- if "description" in stix_relation
1150
- else None,
1151
- start_time=stix_relation["start_time"]
1152
- if "start_time" in stix_relation
1153
- else default_date,
1154
- stop_time=stix_relation["stop_time"]
1155
- if "stop_time" in stix_relation
1156
- else default_date,
1157
- revoked=stix_relation["revoked"]
1158
- if "revoked" in stix_relation
1159
- else None,
1160
- confidence=stix_relation["confidence"]
1161
- if "confidence" in stix_relation
1162
- else None,
1146
+ description=(
1147
+ self.opencti.stix2.convert_markdown(stix_relation["description"])
1148
+ if "description" in stix_relation
1149
+ else None
1150
+ ),
1151
+ start_time=(
1152
+ stix_relation["start_time"]
1153
+ if "start_time" in stix_relation
1154
+ else default_date
1155
+ ),
1156
+ stop_time=(
1157
+ stix_relation["stop_time"]
1158
+ if "stop_time" in stix_relation
1159
+ else default_date
1160
+ ),
1161
+ revoked=(
1162
+ stix_relation["revoked"] if "revoked" in stix_relation else None
1163
+ ),
1164
+ confidence=(
1165
+ stix_relation["confidence"]
1166
+ if "confidence" in stix_relation
1167
+ else None
1168
+ ),
1163
1169
  lang=stix_relation["lang"] if "lang" in stix_relation else None,
1164
- created=stix_relation["created"]
1165
- if "created" in stix_relation
1166
- else None,
1167
- modified=stix_relation["modified"]
1168
- if "modified" in stix_relation
1169
- else None,
1170
- createdBy=extras["created_by_id"]
1171
- if "created_by_id" in extras
1172
- else None,
1173
- objectMarking=extras["object_marking_ids"]
1174
- if "object_marking_ids" in extras
1175
- else None,
1176
- objectLabel=extras["object_label_ids"]
1177
- if "object_label_ids" in extras
1178
- else None,
1179
- externalReferences=extras["external_references_ids"]
1180
- if "external_references_ids" in extras
1181
- else None,
1182
- killChainPhases=extras["kill_chain_phases_ids"]
1183
- if "kill_chain_phases_ids" in extras
1184
- else None,
1185
- objectOrganization=stix_relation["granted_refs"]
1186
- if "granted_refs" in stix_relation
1187
- else None,
1170
+ created=(
1171
+ stix_relation["created"] if "created" in stix_relation else None
1172
+ ),
1173
+ modified=(
1174
+ stix_relation["modified"] if "modified" in stix_relation else None
1175
+ ),
1176
+ createdBy=(
1177
+ extras["created_by_id"] if "created_by_id" in extras else None
1178
+ ),
1179
+ objectMarking=(
1180
+ extras["object_marking_ids"]
1181
+ if "object_marking_ids" in extras
1182
+ else None
1183
+ ),
1184
+ objectLabel=(
1185
+ extras["object_label_ids"] if "object_label_ids" in extras else None
1186
+ ),
1187
+ externalReferences=(
1188
+ extras["external_references_ids"]
1189
+ if "external_references_ids" in extras
1190
+ else None
1191
+ ),
1192
+ killChainPhases=(
1193
+ extras["kill_chain_phases_ids"]
1194
+ if "kill_chain_phases_ids" in extras
1195
+ else None
1196
+ ),
1197
+ objectOrganization=(
1198
+ stix_relation["granted_refs"]
1199
+ if "granted_refs" in stix_relation
1200
+ else None
1201
+ ),
1188
1202
  update=update,
1189
1203
  )
1190
1204
  else: