pycti 5.12.32__py3-none-any.whl → 6.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pycti might be problematic. Click here for more details.

Files changed (36) hide show
  1. pycti/__init__.py +1 -1
  2. pycti/connector/opencti_connector_helper.py +163 -44
  3. pycti/entities/opencti_campaign.py +10 -0
  4. pycti/entities/opencti_case_incident.py +13 -3
  5. pycti/entities/opencti_case_rfi.py +12 -0
  6. pycti/entities/opencti_case_rft.py +12 -0
  7. pycti/entities/opencti_channel.py +10 -0
  8. pycti/entities/opencti_data_component.py +10 -0
  9. pycti/entities/opencti_event.py +10 -0
  10. pycti/entities/opencti_external_reference.py +4 -2
  11. pycti/entities/opencti_grouping.py +10 -0
  12. pycti/entities/opencti_incident.py +10 -0
  13. pycti/entities/opencti_indicator.py +10 -0
  14. pycti/entities/opencti_infrastructure.py +10 -0
  15. pycti/entities/opencti_intrusion_set.py +10 -0
  16. pycti/entities/opencti_malware.py +10 -0
  17. pycti/entities/opencti_malware_analysis.py +11 -1
  18. pycti/entities/opencti_note.py +5 -0
  19. pycti/entities/opencti_observed_data.py +10 -0
  20. pycti/entities/opencti_report.py +27 -3
  21. pycti/entities/opencti_stix_core_object.py +127 -117
  22. pycti/entities/opencti_stix_core_relationship.py +12 -5
  23. pycti/entities/opencti_stix_cyber_observable.py +14 -2
  24. pycti/entities/opencti_stix_domain_object.py +14 -2
  25. pycti/entities/opencti_stix_object_or_stix_relationship.py +5 -0
  26. pycti/entities/opencti_stix_sighting_relationship.py +5 -0
  27. pycti/entities/opencti_threat_actor.py +5 -0
  28. pycti/entities/opencti_threat_actor_group.py +5 -0
  29. pycti/entities/opencti_threat_actor_individual.py +5 -0
  30. pycti/utils/opencti_stix2.py +83 -73
  31. {pycti-5.12.32.dist-info → pycti-6.0.0.dist-info}/METADATA +4 -3
  32. pycti-6.0.0.dist-info/RECORD +68 -0
  33. pycti-5.12.32.dist-info/RECORD +0 -68
  34. {pycti-5.12.32.dist-info → pycti-6.0.0.dist-info}/LICENSE +0 -0
  35. {pycti-5.12.32.dist-info → pycti-6.0.0.dist-info}/WHEEL +0 -0
  36. {pycti-5.12.32.dist-info → pycti-6.0.0.dist-info}/top_level.txt +0 -0
pycti/__init__.py CHANGED
@@ -1,5 +1,5 @@
1
1
  # -*- coding: utf-8 -*-
2
- __version__ = "5.12.32"
2
+ __version__ = "6.0.0"
3
3
 
4
4
  from .api.opencti_api_client import OpenCTIApiClient
5
5
  from .api.opencti_api_connector import OpenCTIApiConnector
pycti/connector/opencti_connector_helper.py CHANGED
@@ -177,7 +177,14 @@ class ListenQueue(threading.Thread):
177
177
  :type callback: callable
178
178
  """
179
179
 
180
- def __init__(self, helper, config: Dict, connector_config: Dict, callback) -> None:
180
+ def __init__(
181
+ self,
182
+ helper,
183
+ config: Dict,
184
+ connector_config: Dict,
185
+ applicant_id,
186
+ callback,
187
+ ) -> None:
181
188
  threading.Thread.__init__(self)
182
189
  self.pika_credentials = None
183
190
  self.pika_parameters = None
@@ -186,6 +193,7 @@ class ListenQueue(threading.Thread):
186
193
  self.helper = helper
187
194
  self.callback = callback
188
195
  self.config = config
196
+ self.connector_applicant_id = applicant_id
189
197
  self.host = connector_config["connection"]["host"]
190
198
  self.vhost = connector_config["connection"]["vhost"]
191
199
  self.use_ssl = connector_config["connection"]["use_ssl"]
@@ -237,42 +245,114 @@ class ListenQueue(threading.Thread):
237
245
  )
238
246
 
239
247
  def _data_handler(self, json_data) -> None:
240
- # Set the API headers
241
- work_id = json_data["internal"]["work_id"]
242
- self.helper.work_id = work_id
243
- self.helper.playbook = None
244
- if "playbook" in json_data["internal"]:
245
- execution_id = json_data["internal"]["playbook"]["execution_id"]
246
- execution_start = self.helper.date_now()
247
- playbook_id = json_data["internal"]["playbook"]["playbook_id"]
248
- data_instance_id = json_data["internal"]["playbook"]["data_instance_id"]
249
- previous_bundle = json.dumps((json_data["event"]["bundle"]))
250
- step_id = json_data["internal"]["playbook"]["step_id"]
251
- previous_step_id = json_data["internal"]["playbook"]["previous_step_id"]
252
- playbook_data = {
253
- "execution_id": execution_id,
254
- "execution_start": execution_start,
255
- "playbook_id": playbook_id,
256
- "data_instance_id": data_instance_id,
257
- "previous_step_id": previous_step_id,
258
- "previous_bundle": previous_bundle,
259
- "step_id": step_id,
260
- }
261
- self.helper.playbook = playbook_data
262
-
263
- applicant_id = json_data["internal"]["applicant_id"]
264
- if applicant_id is not None:
265
- self.helper.applicant_id = applicant_id
266
- self.helper.api_impersonate.set_applicant_id_header(applicant_id)
267
248
  # Execute the callback
268
249
  try:
250
+ event_data = json_data["event"]
251
+ entity_id = event_data.get("entity_id")
252
+ entity_type = event_data.get("entity_type")
253
+ # Set the API headers
254
+ work_id = json_data["internal"]["work_id"]
255
+ self.helper.work_id = work_id
256
+
257
+ self.helper.playbook = None
258
+ self.helper.enrichment_shared_organizations = None
259
+ if self.helper.connect_type == "INTERNAL_ENRICHMENT":
260
+ # For enrichment connectors only, pre resolve the information
261
+ if entity_id is None:
262
+ raise ValueError(
263
+ "Internal enrichment must be based on a specific id"
264
+ )
265
+ default_reader_type = "Stix-Core-Object"
266
+ readers = self.helper.api.stix2.get_readers()
267
+ reader_type = (
268
+ entity_type if entity_type is not None else default_reader_type
269
+ )
270
+ selected_reader = (
271
+ readers[reader_type]
272
+ if reader_type in readers
273
+ else readers[default_reader_type]
274
+ )
275
+ opencti_entity = selected_reader(id=entity_id, withFiles=True)
276
+ if opencti_entity is None:
277
+ raise ValueError(
278
+ "Unable to read/access to the entity, please check that the connector permission"
279
+ )
280
+ event_data["enrichment_entity"] = opencti_entity
281
+ # Handle action vs playbook behavior
282
+ is_playbook = "playbook" in json_data["internal"]
283
+ # If playbook, compute object on data bundle
284
+ if is_playbook:
285
+ execution_id = json_data["internal"]["playbook"]["execution_id"]
286
+ execution_start = self.helper.date_now()
287
+ playbook_id = json_data["internal"]["playbook"]["playbook_id"]
288
+ data_instance_id = json_data["internal"]["playbook"][
289
+ "data_instance_id"
290
+ ]
291
+ previous_bundle = json.dumps((json_data["event"]["bundle"]))
292
+ step_id = json_data["internal"]["playbook"]["step_id"]
293
+ previous_step_id = json_data["internal"]["playbook"][
294
+ "previous_step_id"
295
+ ]
296
+ playbook_data = {
297
+ "execution_id": execution_id,
298
+ "execution_start": execution_start,
299
+ "playbook_id": playbook_id,
300
+ "data_instance_id": data_instance_id,
301
+ "previous_step_id": previous_step_id,
302
+ "previous_bundle": previous_bundle,
303
+ "step_id": step_id,
304
+ }
305
+ self.helper.playbook = playbook_data
306
+ bundle = event_data["bundle"]
307
+ stix_objects = bundle["objects"]
308
+ event_data["stix_objects"] = stix_objects
309
+ stix_entity = [e for e in stix_objects if e["id"] == entity_id][0]
310
+ event_data["stix_entity"] = stix_entity
311
+ else:
312
+ # If not playbook but enrichment, compute object on enrichment_entity
313
+ opencti_entity = event_data["enrichment_entity"]
314
+ stix_objects = self.helper.api.stix2.prepare_export(
315
+ self.helper.api.stix2.generate_export(copy.copy(opencti_entity))
316
+ )
317
+ stix_entity = [
318
+ e
319
+ for e in stix_objects
320
+ if e["id"] == opencti_entity["standard_id"]
321
+ ][0]
322
+ event_data["stix_objects"] = stix_objects
323
+ event_data["stix_entity"] = stix_entity
324
+ # Handle organization propagation
325
+ # Keep the sharing to be re-apply automatically at send_stix_bundle stage
326
+ if "x_opencti_granted_refs" in event_data["stix_entity"]:
327
+ self.helper.enrichment_shared_organizations = event_data[
328
+ "stix_entity"
329
+ ]["x_opencti_granted_refs"]
330
+ else:
331
+ self.helper.enrichment_shared_organizations = (
332
+ self.helper.get_attribute_in_extension(
333
+ "granted_refs", event_data["stix_entity"]
334
+ )
335
+ )
336
+
337
+ # Handle applicant_id for in-personalization
338
+ self.helper.applicant_id = self.connector_applicant_id
339
+ self.helper.api_impersonate.set_applicant_id_header(
340
+ self.connector_applicant_id
341
+ )
342
+ applicant_id = json_data["internal"]["applicant_id"]
343
+ if applicant_id is not None:
344
+ self.helper.applicant_id = applicant_id
345
+ self.helper.api_impersonate.set_applicant_id_header(applicant_id)
346
+
269
347
  if work_id:
270
348
  self.helper.api.work.to_received(
271
349
  work_id, "Connector ready to process the operation"
272
350
  )
273
- message = self.callback(json_data["event"])
351
+ # Send the enriched to the callback
352
+ message = self.callback(event_data)
274
353
  if work_id:
275
354
  self.helper.api.work.to_processed(work_id, message)
355
+
276
356
  except Exception as e: # pylint: disable=broad-except
277
357
  self.helper.metric.inc("error_count")
278
358
  self.helper.connector_logger.error(
@@ -641,13 +721,7 @@ class OpenCTIConnectorHelper: # pylint: disable=too-many-public-methods
641
721
  self.connect_name = get_config_variable(
642
722
  "CONNECTOR_NAME", ["connector", "name"], config
643
723
  )
644
- self.connect_confidence_level = get_config_variable(
645
- "CONNECTOR_CONFIDENCE_LEVEL",
646
- ["connector", "confidence_level"],
647
- config,
648
- True,
649
- 50,
650
- )
724
+ self.connect_confidence_level = None # Deprecated since OpenCTI version >= 6.0
651
725
  self.connect_scope = get_config_variable(
652
726
  "CONNECTOR_SCOPE", ["connector", "scope"], config
653
727
  )
@@ -729,9 +803,10 @@ class OpenCTIConnectorHelper: # pylint: disable=too-many-public-methods
729
803
  self.connector_logger.info(
730
804
  "Connector registered with ID", {"id": self.connect_id}
731
805
  )
732
- self.connector_id = connector_configuration["id"]
733
806
  self.work_id = None
734
807
  self.playbook = None
808
+ self.enrichment_shared_organizations = None
809
+ self.connector_id = connector_configuration["id"]
735
810
  self.applicant_id = connector_configuration["connector_user_id"]
736
811
  self.connector_state = connector_configuration["connector_state"]
737
812
  self.connector_config = connector_configuration["config"]
@@ -842,7 +917,10 @@ class OpenCTIConnectorHelper: # pylint: disable=too-many-public-methods
842
917
  self.metric.inc("error_count")
843
918
  self.connector_logger.error("Error pinging the API", {"reason": str(e)})
844
919
 
845
- def listen(self, message_callback: Callable[[Dict], str]) -> None:
920
+ def listen(
921
+ self,
922
+ message_callback: Callable[[Dict], str],
923
+ ) -> None:
846
924
  """listen for messages and register callback function
847
925
 
848
926
  :param message_callback: callback function to process messages
@@ -850,7 +928,11 @@ class OpenCTIConnectorHelper: # pylint: disable=too-many-public-methods
850
928
  """
851
929
 
852
930
  self.listen_queue = ListenQueue(
853
- self, self.config, self.connector_config, message_callback
931
+ self,
932
+ self.config,
933
+ self.connector_config,
934
+ self.applicant_id,
935
+ message_callback,
854
936
  )
855
937
  self.listen_queue.start()
856
938
 
@@ -971,7 +1053,7 @@ class OpenCTIConnectorHelper: # pylint: disable=too-many-public-methods
971
1053
  )
972
1054
 
973
1055
  # Push Stix2 helper
974
- def send_stix2_bundle(self, bundle, **kwargs) -> list:
1056
+ def send_stix2_bundle(self, bundle: str, **kwargs) -> list:
975
1057
  """send a stix2 bundle to the API
976
1058
 
977
1059
  :param work_id: a valid work id
@@ -994,6 +1076,44 @@ class OpenCTIConnectorHelper: # pylint: disable=too-many-public-methods
994
1076
  entity_id = kwargs.get("entity_id", None)
995
1077
  file_name = kwargs.get("file_name", None)
996
1078
 
1079
+ # In case of enrichment ingestion, ensure the sharing if needed
1080
+ if self.enrichment_shared_organizations is not None:
1081
+ # Every element of the bundle must be enriched with the same organizations
1082
+ bundle_data = json.loads(bundle)
1083
+ for item in bundle_data["objects"]:
1084
+ if (
1085
+ "extensions" in item
1086
+ and "extension-definition--ea279b3e-5c71-4632-ac08-831c66a786ba"
1087
+ in item["extensions"]
1088
+ ):
1089
+ octi_extensions = item["extensions"][
1090
+ "extension-definition--ea279b3e-5c71-4632-ac08-831c66a786ba"
1091
+ ]
1092
+ if octi_extensions.get("granted_refs") is not None:
1093
+ octi_extensions["granted_refs"] = list(
1094
+ set(
1095
+ octi_extensions["granted_refs"]
1096
+ + self.enrichment_shared_organizations
1097
+ )
1098
+ )
1099
+ else:
1100
+ octi_extensions["granted_refs"] = (
1101
+ self.enrichment_shared_organizations
1102
+ )
1103
+ else:
1104
+ if item.get("x_opencti_granted_refs") is not None:
1105
+ item["x_opencti_granted_refs"] = list(
1106
+ set(
1107
+ item["x_opencti_granted_refs"]
1108
+ + self.enrichment_shared_organizations
1109
+ )
1110
+ )
1111
+ else:
1112
+ item["x_opencti_granted_refs"] = (
1113
+ self.enrichment_shared_organizations
1114
+ )
1115
+ bundle = json.dumps(bundle_data)
1116
+
997
1117
  if self.playbook is not None:
998
1118
  self.api.playbook.playbook_step_execution(self.playbook, bundle)
999
1119
  return [bundle]
@@ -1340,10 +1460,9 @@ class OpenCTIConnectorHelper: # pylint: disable=too-many-public-methods
1340
1460
  ][key]
1341
1461
  return None
1342
1462
 
1343
- def get_data_from_enrichment(self, data, opencti_entity):
1344
- stix_id = opencti_entity["standard_id"]
1463
+ def get_data_from_enrichment(self, data, standard_id, opencti_entity):
1345
1464
  bundle = data.get("bundle", None)
1346
- # Extract IPv4, IPv6 and Domain from entity data
1465
+ # Extract main entity from bundle in case of playbook
1347
1466
  if bundle is None:
1348
1467
  # Generate bundle
1349
1468
  stix_objects = self.api.stix2.prepare_export(
@@ -1351,7 +1470,7 @@ class OpenCTIConnectorHelper: # pylint: disable=too-many-public-methods
1351
1470
  )
1352
1471
  else:
1353
1472
  stix_objects = bundle["objects"]
1354
- stix_entity = [e for e in stix_objects if e["id"] == stix_id][0]
1473
+ stix_entity = [e for e in stix_objects if e["id"] == standard_id][0]
1355
1474
  return {
1356
1475
  "stix_entity": stix_entity,
1357
1476
  "stix_objects": stix_objects,
pycti/entities/opencti_campaign.py CHANGED
@@ -47,6 +47,11 @@ class Campaign:
47
47
  x_opencti_lastname
48
48
  }
49
49
  }
50
+ objectOrganization {
51
+ id
52
+ standard_id
53
+ name
54
+ }
50
55
  objectMarking {
51
56
  id
52
57
  standard_id
@@ -128,6 +133,11 @@ class Campaign:
128
133
  x_opencti_lastname
129
134
  }
130
135
  }
136
+ objectOrganization {
137
+ id
138
+ standard_id
139
+ name
140
+ }
131
141
  objectMarking {
132
142
  id
133
143
  standard_id
pycti/entities/opencti_case_incident.py CHANGED
@@ -47,6 +47,11 @@ class CaseIncident:
47
47
  x_opencti_lastname
48
48
  }
49
49
  }
50
+ objectOrganization {
51
+ id
52
+ standard_id
53
+ name
54
+ }
50
55
  objectMarking {
51
56
  id
52
57
  standard_id
@@ -96,7 +101,9 @@ class CaseIncident:
96
101
  description
97
102
  due_date
98
103
  status {
104
+ id
99
105
  template {
106
+ id
100
107
  name
101
108
  color
102
109
  }
@@ -256,6 +263,11 @@ class CaseIncident:
256
263
  x_opencti_lastname
257
264
  }
258
265
  }
266
+ objectOrganization {
267
+ id
268
+ standard_id
269
+ name
270
+ }
259
271
  objectMarking {
260
272
  id
261
273
  standard_id
@@ -843,9 +855,7 @@ class CaseIncident:
843
855
  )
844
856
  if "x_opencti_workflow_id" not in stix_object:
845
857
  stix_object["x_opencti_workflow_id"] = (
846
- self.opencti.get_attribute_in_extension(
847
- "x_opencti_workflow_id", stix_object
848
- )
858
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
849
859
  )
850
860
  if "x_opencti_assignee_ids" not in stix_object:
851
861
  stix_object["x_opencti_assignee_ids"] = (
pycti/entities/opencti_case_rfi.py CHANGED
@@ -47,6 +47,11 @@ class CaseRfi:
47
47
  x_opencti_lastname
48
48
  }
49
49
  }
50
+ objectOrganization {
51
+ id
52
+ standard_id
53
+ name
54
+ }
50
55
  objectMarking {
51
56
  id
52
57
  standard_id
@@ -95,7 +100,9 @@ class CaseRfi:
95
100
  description
96
101
  due_date
97
102
  status {
103
+ id
98
104
  template {
105
+ id
99
106
  name
100
107
  color
101
108
  }
@@ -255,6 +262,11 @@ class CaseRfi:
255
262
  x_opencti_lastname
256
263
  }
257
264
  }
265
+ objectOrganization {
266
+ id
267
+ standard_id
268
+ name
269
+ }
258
270
  objectMarking {
259
271
  id
260
272
  standard_id
pycti/entities/opencti_case_rft.py CHANGED
@@ -47,6 +47,11 @@ class CaseRft:
47
47
  x_opencti_lastname
48
48
  }
49
49
  }
50
+ objectOrganization {
51
+ id
52
+ standard_id
53
+ name
54
+ }
50
55
  objectMarking {
51
56
  id
52
57
  standard_id
@@ -95,7 +100,9 @@ class CaseRft:
95
100
  description
96
101
  due_date
97
102
  status {
103
+ id
98
104
  template {
105
+ id
99
106
  name
100
107
  color
101
108
  }
@@ -255,6 +262,11 @@ class CaseRft:
255
262
  x_opencti_lastname
256
263
  }
257
264
  }
265
+ objectOrganization {
266
+ id
267
+ standard_id
268
+ name
269
+ }
258
270
  objectMarking {
259
271
  id
260
272
  standard_id
pycti/entities/opencti_channel.py CHANGED
@@ -47,6 +47,11 @@ class Channel:
47
47
  x_opencti_lastname
48
48
  }
49
49
  }
50
+ objectOrganization {
51
+ id
52
+ standard_id
53
+ name
54
+ }
50
55
  objectMarking {
51
56
  id
52
57
  standard_id
@@ -126,6 +131,11 @@ class Channel:
126
131
  x_opencti_lastname
127
132
  }
128
133
  }
134
+ objectOrganization {
135
+ id
136
+ standard_id
137
+ name
138
+ }
129
139
  objectMarking {
130
140
  id
131
141
  standard_id
pycti/entities/opencti_data_component.py CHANGED
@@ -47,6 +47,11 @@ class DataComponent:
47
47
  x_opencti_lastname
48
48
  }
49
49
  }
50
+ objectOrganization {
51
+ id
52
+ standard_id
53
+ name
54
+ }
50
55
  objectMarking {
51
56
  id
52
57
  standard_id
@@ -143,6 +148,11 @@ class DataComponent:
143
148
  x_opencti_lastname
144
149
  }
145
150
  }
151
+ objectOrganization {
152
+ id
153
+ standard_id
154
+ name
155
+ }
146
156
  objectMarking {
147
157
  id
148
158
  standard_id
pycti/entities/opencti_event.py CHANGED
@@ -47,6 +47,11 @@ class Event:
47
47
  x_opencti_lastname
48
48
  }
49
49
  }
50
+ objectOrganization {
51
+ id
52
+ standard_id
53
+ name
54
+ }
50
55
  objectMarking {
51
56
  id
52
57
  standard_id
@@ -128,6 +133,11 @@ class Event:
128
133
  x_opencti_lastname
129
134
  }
130
135
  }
136
+ objectOrganization {
137
+ id
138
+ standard_id
139
+ name
140
+ }
131
141
  objectMarking {
132
142
  id
133
143
  standard_id
pycti/entities/opencti_external_reference.py CHANGED
@@ -268,14 +268,15 @@ class ExternalReference:
268
268
  id = kwargs.get("id", None)
269
269
  file_name = kwargs.get("file_name", None)
270
270
  data = kwargs.get("data", None)
271
+ version = kwargs.get("version")
271
272
  mime_type = kwargs.get("mime_type", "text/plain")
272
273
  no_trigger_import = kwargs.get("no_trigger_import", False)
273
274
  if id is not None and file_name is not None:
274
275
  final_file_name = os.path.basename(file_name)
275
276
  query = """
276
- mutation ExternalReferenceEdit($id: ID!, $file: Upload!, $noTriggerImport: Boolean) {
277
+ mutation ExternalReferenceEdit($id: ID!, $file: Upload!, $version: String, $noTriggerImport: Boolean) {
277
278
  externalReferenceEdit(id: $id) {
278
- importPush(file: $file, noTriggerImport: $noTriggerImport) {
279
+ importPush(file: $file, version: $version, noTriggerImport: $noTriggerImport) {
279
280
  id
280
281
  name
281
282
  }
@@ -297,6 +298,7 @@ class ExternalReference:
297
298
  {
298
299
  "id": id,
299
300
  "file": (self.file(final_file_name, data, mime_type)),
301
+ "version": version,
300
302
  "noTriggerImport": (
301
303
  no_trigger_import
302
304
  if isinstance(no_trigger_import, bool)
pycti/entities/opencti_grouping.py CHANGED
@@ -47,6 +47,11 @@ class Grouping:
47
47
  x_opencti_lastname
48
48
  }
49
49
  }
50
+ objectOrganization {
51
+ id
52
+ standard_id
53
+ name
54
+ }
50
55
  objectMarking {
51
56
  id
52
57
  standard_id
@@ -221,6 +226,11 @@ class Grouping:
221
226
  x_opencti_lastname
222
227
  }
223
228
  }
229
+ objectOrganization {
230
+ id
231
+ standard_id
232
+ name
233
+ }
224
234
  objectMarking {
225
235
  id
226
236
  standard_id
pycti/entities/opencti_incident.py CHANGED
@@ -48,6 +48,11 @@ class Incident:
48
48
  x_opencti_lastname
49
49
  }
50
50
  }
51
+ objectOrganization {
52
+ id
53
+ standard_id
54
+ name
55
+ }
51
56
  objectMarking {
52
57
  id
53
58
  standard_id
@@ -132,6 +137,11 @@ class Incident:
132
137
  x_opencti_lastname
133
138
  }
134
139
  }
140
+ objectOrganization {
141
+ id
142
+ standard_id
143
+ name
144
+ }
135
145
  objectMarking {
136
146
  id
137
147
  standard_id
pycti/entities/opencti_indicator.py CHANGED
@@ -56,6 +56,11 @@ class Indicator:
56
56
  x_opencti_lastname
57
57
  }
58
58
  }
59
+ objectOrganization {
60
+ id
61
+ standard_id
62
+ name
63
+ }
59
64
  objectMarking {
60
65
  id
61
66
  standard_id
@@ -166,6 +171,11 @@ class Indicator:
166
171
  x_opencti_lastname
167
172
  }
168
173
  }
174
+ objectOrganization {
175
+ id
176
+ standard_id
177
+ name
178
+ }
169
179
  objectMarking {
170
180
  id
171
181
  standard_id
pycti/entities/opencti_infrastructure.py CHANGED
@@ -52,6 +52,11 @@ class Infrastructure:
52
52
  x_opencti_lastname
53
53
  }
54
54
  }
55
+ objectOrganization {
56
+ id
57
+ standard_id
58
+ name
59
+ }
55
60
  objectMarking {
56
61
  id
57
62
  standard_id
@@ -142,6 +147,11 @@ class Infrastructure:
142
147
  x_opencti_lastname
143
148
  }
144
149
  }
150
+ objectOrganization {
151
+ id
152
+ standard_id
153
+ name
154
+ }
145
155
  objectMarking {
146
156
  id
147
157
  standard_id
pycti/entities/opencti_intrusion_set.py CHANGED
@@ -47,6 +47,11 @@ class IntrusionSet:
47
47
  x_opencti_lastname
48
48
  }
49
49
  }
50
+ objectOrganization {
51
+ id
52
+ standard_id
53
+ name
54
+ }
50
55
  objectMarking {
51
56
  id
52
57
  standard_id
@@ -131,6 +136,11 @@ class IntrusionSet:
131
136
  x_opencti_lastname
132
137
  }
133
138
  }
139
+ objectOrganization {
140
+ id
141
+ standard_id
142
+ name
143
+ }
134
144
  objectMarking {
135
145
  id
136
146
  standard_id
pycti/entities/opencti_malware.py CHANGED
@@ -47,6 +47,11 @@ class Malware:
47
47
  x_opencti_lastname
48
48
  }
49
49
  }
50
+ objectOrganization {
51
+ id
52
+ standard_id
53
+ name
54
+ }
50
55
  objectMarking {
51
56
  id
52
57
  standard_id
@@ -142,6 +147,11 @@ class Malware:
142
147
  x_opencti_lastname
143
148
  }
144
149
  }
150
+ objectOrganization {
151
+ id
152
+ standard_id
153
+ name
154
+ }
145
155
  objectMarking {
146
156
  id
147
157
  standard_id