pycti 5.12.21__py3-none-any.whl → 5.12.23__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pycti might be problematic. Click here for more details.

Files changed (50) hide show
  1. pycti/__init__.py +1 -1
  2. pycti/connector/opencti_connector_helper.py +13 -11
  3. pycti/entities/opencti_attack_pattern.py +76 -58
  4. pycti/entities/opencti_campaign.py +49 -41
  5. pycti/entities/opencti_case_incident.py +62 -48
  6. pycti/entities/opencti_case_rfi.py +45 -35
  7. pycti/entities/opencti_case_rft.py +45 -35
  8. pycti/entities/opencti_channel.py +45 -35
  9. pycti/entities/opencti_course_of_action.py +43 -35
  10. pycti/entities/opencti_data_component.py +43 -35
  11. pycti/entities/opencti_data_source.py +48 -38
  12. pycti/entities/opencti_event.py +44 -38
  13. pycti/entities/opencti_external_reference.py +5 -3
  14. pycti/entities/opencti_feedback.py +40 -32
  15. pycti/entities/opencti_grouping.py +43 -35
  16. pycti/entities/opencti_identity.py +91 -73
  17. pycti/entities/opencti_incident.py +59 -47
  18. pycti/entities/opencti_indicator.py +110 -84
  19. pycti/entities/opencti_infrastructure.py +56 -44
  20. pycti/entities/opencti_intrusion_set.py +61 -47
  21. pycti/entities/opencti_language.py +30 -24
  22. pycti/entities/opencti_location.py +41 -35
  23. pycti/entities/opencti_malware.py +83 -63
  24. pycti/entities/opencti_malware_analysis.py +87 -63
  25. pycti/entities/opencti_marking_definition.py +24 -18
  26. pycti/entities/opencti_narrative.py +45 -35
  27. pycti/entities/opencti_note.py +51 -39
  28. pycti/entities/opencti_observed_data.py +70 -48
  29. pycti/entities/opencti_opinion.py +40 -32
  30. pycti/entities/opencti_report.py +74 -47
  31. pycti/entities/opencti_stix_core_object.py +10 -10
  32. pycti/entities/opencti_stix_core_relationship.py +55 -41
  33. pycti/entities/opencti_stix_cyber_observable.py +442 -318
  34. pycti/entities/opencti_stix_domain_object.py +15 -13
  35. pycti/entities/opencti_stix_object_or_stix_relationship.py +5 -5
  36. pycti/entities/opencti_task.py +44 -36
  37. pycti/entities/opencti_threat_actor_group.py +76 -56
  38. pycti/entities/opencti_threat_actor_individual.py +76 -56
  39. pycti/entities/opencti_tool.py +53 -41
  40. pycti/entities/opencti_vulnerability.py +151 -109
  41. pycti/utils/constants.py +1 -0
  42. pycti/utils/opencti_stix2.py +177 -139
  43. pycti/utils/opencti_stix2_update.py +20 -12
  44. pycti/utils/opencti_stix2_utils.py +5 -3
  45. {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/METADATA +2 -2
  46. pycti-5.12.23.dist-info/RECORD +68 -0
  47. pycti-5.12.21.dist-info/RECORD +0 -68
  48. {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/LICENSE +0 -0
  49. {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/WHEEL +0 -0
  50. {pycti-5.12.21.dist-info → pycti-5.12.23.dist-info}/top_level.txt +0 -0
pycti/entities/opencti_vulnerability.py CHANGED
@@ -111,12 +111,12 @@ class Vulnerability:
111
111
  name
112
112
  description
113
113
  x_opencti_aliases
114
- x_opencti_base_score
115
- x_opencti_base_severity
116
- x_opencti_attack_vector
117
- x_opencti_integrity_impact
118
- x_opencti_availability_impact
119
- x_opencti_confidentiality_impact
114
+ x_opencti_cvss_base_score
115
+ x_opencti_cvss_base_severity
116
+ x_opencti_cvss_attack_vector
117
+ x_opencti_cvss_integrity_impact
118
+ x_opencti_cvss_availability_impact
119
+ x_opencti_cvss_confidentiality_impact
120
120
  importFiles {
121
121
  edges {
122
122
  node {
@@ -292,15 +292,17 @@ class Vulnerability:
292
292
  name = kwargs.get("name", None)
293
293
  description = kwargs.get("description", None)
294
294
  x_opencti_aliases = kwargs.get("x_opencti_aliases", None)
295
- x_opencti_base_score = kwargs.get("x_opencti_base_score", None)
296
- x_opencti_base_severity = kwargs.get("x_opencti_base_severity", None)
297
- x_opencti_attack_vector = kwargs.get("x_opencti_attack_vector", None)
298
- x_opencti_integrity_impact = kwargs.get("x_opencti_integrity_impact", None)
299
- x_opencti_availability_impact = kwargs.get(
300
- "x_opencti_availability_impact", None
295
+ x_opencti_cvss_base_score = kwargs.get("x_opencti_cvss_base_score", None)
296
+ x_opencti_cvss_base_severity = kwargs.get("x_opencti_cvss_base_severity", None)
297
+ x_opencti_cvss_attack_vector = kwargs.get("x_opencti_cvss_attack_vector", None)
298
+ x_opencti_cvss_integrity_impact = kwargs.get(
299
+ "x_opencti_cvss_integrity_impact", None
301
300
  )
302
- x_opencti_confidentiality_impact = kwargs.get(
303
- "x_opencti_confidentiality_impact", None
301
+ x_opencti_cvss_availability_impact = kwargs.get(
302
+ "x_opencti_cvss_availability_impact", None
303
+ )
304
+ x_opencti_cvss_confidentiality_impact = kwargs.get(
305
+ "x_opencti_cvss_confidentiality_impact", None
304
306
  )
305
307
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
306
308
  granted_refs = kwargs.get("objectOrganization", None)
@@ -336,12 +338,12 @@ class Vulnerability:
336
338
  "name": name,
337
339
  "description": description,
338
340
  "x_opencti_aliases": x_opencti_aliases,
339
- "x_opencti_base_score": x_opencti_base_score,
340
- "x_opencti_base_severity": x_opencti_base_severity,
341
- "x_opencti_attack_vector": x_opencti_attack_vector,
342
- "x_opencti_integrity_impact": x_opencti_integrity_impact,
343
- "x_opencti_availability_impact": x_opencti_availability_impact,
344
- "x_opencti_confidentiality_impact": x_opencti_confidentiality_impact,
341
+ "x_opencti_cvss_base_score": x_opencti_cvss_base_score,
342
+ "x_opencti_cvss_base_severity": x_opencti_cvss_base_severity,
343
+ "x_opencti_cvss_attack_vector": x_opencti_cvss_attack_vector,
344
+ "x_opencti_cvss_integrity_impact": x_opencti_cvss_integrity_impact,
345
+ "x_opencti_cvss_availability_impact": x_opencti_cvss_availability_impact,
346
+ "x_opencti_cvss_confidentiality_impact": x_opencti_cvss_confidentiality_impact,
345
347
  "x_opencti_stix_ids": x_opencti_stix_ids,
346
348
  "update": update,
347
349
  }
@@ -366,112 +368,152 @@ class Vulnerability:
366
368
  stix_object = kwargs.get("stixObject", None)
367
369
  extras = kwargs.get("extras", {})
368
370
  update = kwargs.get("update", False)
371
+
369
372
  if stix_object is not None:
370
- # Search in extensions
371
- if "x_opencti_aliases" not in stix_object:
372
- stix_object[
373
- "x_opencti_aliases"
374
- ] = self.opencti.get_attribute_in_extension("aliases", stix_object)
375
- if "x_opencti_base_score" not in stix_object:
376
- stix_object[
373
+ # Retro compatibility
374
+ if "x_opencti_base_score" in stix_object:
375
+ stix_object["x_opencti_cvss_base_score"] = stix_object[
377
376
  "x_opencti_base_score"
378
- ] = self.opencti.get_attribute_in_extension("base_score", stix_object)
379
- if "x_opencti_base_severity" not in stix_object:
380
- stix_object[
377
+ ]
378
+ stix_object["x_opencti_cvss_base_severity"] = stix_object[
381
379
  "x_opencti_base_severity"
382
- ] = self.opencti.get_attribute_in_extension(
383
- "base_severity", stix_object
384
- )
385
- if "x_opencti_attack_vector" not in stix_object:
386
- stix_object[
380
+ ]
381
+ stix_object["x_opencti_cvss_attack_vector"] = stix_object[
387
382
  "x_opencti_attack_vector"
388
- ] = self.opencti.get_attribute_in_extension(
389
- "attack_vector", stix_object
390
- )
391
- if "x_opencti_integrity_impact" not in stix_object:
392
- stix_object[
383
+ ]
384
+ stix_object["x_opencti_cvss_integrity_impact"] = stix_object[
393
385
  "x_opencti_integrity_impact"
394
- ] = self.opencti.get_attribute_in_extension(
395
- "integrity_impact", stix_object
396
- )
397
- if "x_opencti_availability_impact" not in stix_object:
398
- stix_object[
386
+ ]
387
+ stix_object["x_opencti_cvss_availability_impact"] = stix_object[
399
388
  "x_opencti_availability_impact"
400
- ] = self.opencti.get_attribute_in_extension(
401
- "availability_impact", stix_object
402
- )
403
- if "x_opencti_confidentiality_impact" not in stix_object:
404
- stix_object[
389
+ ]
390
+ stix_object["x_opencti_cvss_confidentiality_impact"] = stix_object[
405
391
  "x_opencti_confidentiality_impact"
406
- ] = self.opencti.get_attribute_in_extension(
407
- "confidentiality_impact", stix_object
392
+ ]
393
+
394
+ # Search in extensions
395
+ if "x_opencti_aliases" not in stix_object:
396
+ stix_object["x_opencti_aliases"] = (
397
+ self.opencti.get_attribute_in_extension("aliases", stix_object)
398
+ )
399
+ if "x_opencti_cvss_base_score" not in stix_object:
400
+ stix_object["x_opencti_cvss_base_score"] = (
401
+ self.opencti.get_attribute_in_extension("base_score", stix_object)
402
+ )
403
+ if "x_opencti_cvss_base_severity" not in stix_object:
404
+ stix_object["x_opencti_cvss_base_severity"] = (
405
+ self.opencti.get_attribute_in_extension(
406
+ "base_severity", stix_object
407
+ )
408
+ )
409
+ if "x_opencti_cvss_attack_vector" not in stix_object:
410
+ stix_object["x_opencti_cvss_attack_vector"] = (
411
+ self.opencti.get_attribute_in_extension(
412
+ "attack_vector", stix_object
413
+ )
414
+ )
415
+ if "x_opencti_cvss_integrity_impact" not in stix_object:
416
+ stix_object["x_opencti_cvss_integrity_impact"] = (
417
+ self.opencti.get_attribute_in_extension(
418
+ "integrity_impact", stix_object
419
+ )
420
+ )
421
+ if "x_opencti_cvss_availability_impact" not in stix_object:
422
+ stix_object["x_opencti_cvss_availability_impact"] = (
423
+ self.opencti.get_attribute_in_extension(
424
+ "availability_impact", stix_object
425
+ )
426
+ )
427
+ if "x_opencti_cvss_confidentiality_impact" not in stix_object:
428
+ stix_object["x_opencti_cvss_confidentiality_impact"] = (
429
+ self.opencti.get_attribute_in_extension(
430
+ "confidentiality_impact", stix_object
431
+ )
408
432
  )
409
433
  if "x_opencti_stix_ids" not in stix_object:
410
- stix_object[
411
- "x_opencti_stix_ids"
412
- ] = self.opencti.get_attribute_in_extension("stix_ids", stix_object)
434
+ stix_object["x_opencti_stix_ids"] = (
435
+ self.opencti.get_attribute_in_extension("stix_ids", stix_object)
436
+ )
413
437
  if "x_opencti_granted_refs" not in stix_object:
414
- stix_object[
415
- "x_opencti_granted_refs"
416
- ] = self.opencti.get_attribute_in_extension("granted_refs", stix_object)
438
+ stix_object["x_opencti_granted_refs"] = (
439
+ self.opencti.get_attribute_in_extension("granted_refs", stix_object)
440
+ )
417
441
  return self.create(
418
442
  stix_id=stix_object["id"],
419
- createdBy=extras["created_by_id"]
420
- if "created_by_id" in extras
421
- else None,
422
- objectMarking=extras["object_marking_ids"]
423
- if "object_marking_ids" in extras
424
- else None,
425
- objectLabel=extras["object_label_ids"]
426
- if "object_label_ids" in extras
427
- else None,
428
- externalReferences=extras["external_references_ids"]
429
- if "external_references_ids" in extras
430
- else None,
443
+ createdBy=(
444
+ extras["created_by_id"] if "created_by_id" in extras else None
445
+ ),
446
+ objectMarking=(
447
+ extras["object_marking_ids"]
448
+ if "object_marking_ids" in extras
449
+ else None
450
+ ),
451
+ objectLabel=(
452
+ extras["object_label_ids"] if "object_label_ids" in extras else None
453
+ ),
454
+ externalReferences=(
455
+ extras["external_references_ids"]
456
+ if "external_references_ids" in extras
457
+ else None
458
+ ),
431
459
  revoked=stix_object["revoked"] if "revoked" in stix_object else None,
432
- confidence=stix_object["confidence"]
433
- if "confidence" in stix_object
434
- else None,
460
+ confidence=(
461
+ stix_object["confidence"] if "confidence" in stix_object else None
462
+ ),
435
463
  lang=stix_object["lang"] if "lang" in stix_object else None,
436
464
  created=stix_object["created"] if "created" in stix_object else None,
437
465
  modified=stix_object["modified"] if "modified" in stix_object else None,
438
466
  name=stix_object["name"],
439
- description=self.opencti.stix2.convert_markdown(
440
- stix_object["description"]
441
- )
442
- if "description" in stix_object
443
- else None,
444
- x_opencti_aliases=stix_object["x_opencti_aliases"]
445
- if "x_opencti_aliases" in stix_object
446
- else None,
447
- x_opencti_base_score=stix_object["x_opencti_base_score"]
448
- if "x_opencti_base_score" in stix_object
449
- else None,
450
- x_opencti_base_severity=stix_object["x_opencti_base_severity"]
451
- if "x_opencti_base_severity" in stix_object
452
- else None,
453
- x_opencti_attack_vector=stix_object["x_opencti_attack_vector"]
454
- if "x_opencti_attack_vector" in stix_object
455
- else None,
456
- x_opencti_integrity_impact=stix_object["x_opencti_integrity_impact"]
457
- if "x_opencti_integrity_impact" in stix_object
458
- else None,
459
- x_opencti_availability_impact=stix_object[
460
- "x_opencti_availability_impact"
461
- ]
462
- if "x_opencti_availability_impact" in stix_object
463
- else None,
464
- x_opencti_confidentiality_impact=stix_object[
465
- "x_opencti_confidentiality_impact"
466
- ]
467
- if "x_opencti_confidentiality_impact" in stix_object
468
- else None,
469
- x_opencti_stix_ids=stix_object["x_opencti_stix_ids"]
470
- if "x_opencti_stix_ids" in stix_object
471
- else None,
472
- objectOrganization=stix_object["x_opencti_granted_refs"]
473
- if "x_opencti_granted_refs" in stix_object
474
- else None,
467
+ description=(
468
+ self.opencti.stix2.convert_markdown(stix_object["description"])
469
+ if "description" in stix_object
470
+ else None
471
+ ),
472
+ x_opencti_aliases=(
473
+ stix_object["x_opencti_aliases"]
474
+ if "x_opencti_aliases" in stix_object
475
+ else None
476
+ ),
477
+ x_opencti_cvss_base_score=(
478
+ stix_object["x_opencti_cvss_base_score"]
479
+ if "x_opencti_cvss_base_score" in stix_object
480
+ else None
481
+ ),
482
+ x_opencti_cvss_base_severity=(
483
+ stix_object["x_opencti_cvss_base_severity"]
484
+ if "x_opencti_cvss_base_severity" in stix_object
485
+ else None
486
+ ),
487
+ x_opencti_cvss_attack_vector=(
488
+ stix_object["x_opencti_cvss_attack_vector"]
489
+ if "x_opencti_cvss_attack_vector" in stix_object
490
+ else None
491
+ ),
492
+ x_opencti_cvss_integrity_impact=(
493
+ stix_object["x_opencti_cvss_integrity_impact"]
494
+ if "x_opencti_cvss_integrity_impact" in stix_object
495
+ else None
496
+ ),
497
+ x_opencti_cvss_availability_impact=(
498
+ stix_object["x_opencti_cvss_availability_impact"]
499
+ if "x_opencti_cvss_availability_impact" in stix_object
500
+ else None
501
+ ),
502
+ x_opencti_cvss_confidentiality_impact=(
503
+ stix_object["x_opencti_cvss_confidentiality_impact"]
504
+ if "x_opencti_cvss_confidentiality_impact" in stix_object
505
+ else None
506
+ ),
507
+ x_opencti_stix_ids=(
508
+ stix_object["x_opencti_stix_ids"]
509
+ if "x_opencti_stix_ids" in stix_object
510
+ else None
511
+ ),
512
+ objectOrganization=(
513
+ stix_object["x_opencti_granted_refs"]
514
+ if "x_opencti_granted_refs" in stix_object
515
+ else None
516
+ ),
475
517
  update=update,
476
518
  )
477
519
  else:
pycti/utils/constants.py CHANGED
@@ -1,6 +1,7 @@
1
1
  """These are the custom STIX properties and observation types used internally by OpenCTI.
2
2
 
3
3
  """
4
+
4
5
  from enum import Enum
5
6
 
6
7
  from stix2 import CustomObject, CustomObservable, ExternalReference