pycti 5.12.32__py3-none-any.whl → 6.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pycti might be problematic. Click here for more details.

Files changed (36) hide show
  1. pycti/__init__.py +1 -1
  2. pycti/connector/opencti_connector_helper.py +163 -44
  3. pycti/entities/opencti_campaign.py +10 -0
  4. pycti/entities/opencti_case_incident.py +13 -3
  5. pycti/entities/opencti_case_rfi.py +12 -0
  6. pycti/entities/opencti_case_rft.py +12 -0
  7. pycti/entities/opencti_channel.py +10 -0
  8. pycti/entities/opencti_data_component.py +10 -0
  9. pycti/entities/opencti_event.py +10 -0
  10. pycti/entities/opencti_external_reference.py +4 -2
  11. pycti/entities/opencti_grouping.py +10 -0
  12. pycti/entities/opencti_incident.py +10 -0
  13. pycti/entities/opencti_indicator.py +10 -0
  14. pycti/entities/opencti_infrastructure.py +10 -0
  15. pycti/entities/opencti_intrusion_set.py +10 -0
  16. pycti/entities/opencti_malware.py +10 -0
  17. pycti/entities/opencti_malware_analysis.py +11 -1
  18. pycti/entities/opencti_note.py +5 -0
  19. pycti/entities/opencti_observed_data.py +10 -0
  20. pycti/entities/opencti_report.py +27 -3
  21. pycti/entities/opencti_stix_core_object.py +127 -117
  22. pycti/entities/opencti_stix_core_relationship.py +12 -5
  23. pycti/entities/opencti_stix_cyber_observable.py +14 -2
  24. pycti/entities/opencti_stix_domain_object.py +14 -2
  25. pycti/entities/opencti_stix_object_or_stix_relationship.py +5 -0
  26. pycti/entities/opencti_stix_sighting_relationship.py +5 -0
  27. pycti/entities/opencti_threat_actor.py +5 -0
  28. pycti/entities/opencti_threat_actor_group.py +5 -0
  29. pycti/entities/opencti_threat_actor_individual.py +5 -0
  30. pycti/utils/opencti_stix2.py +83 -73
  31. {pycti-5.12.32.dist-info → pycti-6.0.0.dist-info}/METADATA +4 -3
  32. pycti-6.0.0.dist-info/RECORD +68 -0
  33. pycti-5.12.32.dist-info/RECORD +0 -68
  34. {pycti-5.12.32.dist-info → pycti-6.0.0.dist-info}/LICENSE +0 -0
  35. {pycti-5.12.32.dist-info → pycti-6.0.0.dist-info}/WHEEL +0 -0
  36. {pycti-5.12.32.dist-info → pycti-6.0.0.dist-info}/top_level.txt +0 -0
pycti/entities/opencti_malware_analysis.py CHANGED
@@ -47,6 +47,11 @@ class MalwareAnalysis:
47
47
  x_opencti_lastname
48
48
  }
49
49
  }
50
+ objectOrganization {
51
+ id
52
+ standard_id
53
+ name
54
+ }
50
55
  objectMarking {
51
56
  id
52
57
  standard_id
@@ -133,6 +138,11 @@ class MalwareAnalysis:
133
138
  x_opencti_lastname
134
139
  }
135
140
  }
141
+ objectOrganization {
142
+ id
143
+ standard_id
144
+ name
145
+ }
136
146
  objectMarking {
137
147
  id
138
148
  standard_id
@@ -436,7 +446,7 @@ class MalwareAnalysis:
436
446
  "hostVm": hostVm,
437
447
  "operatingSystem": operatingSystem,
438
448
  "installedSoftware": installedSoftware,
439
- "sample": sample,
449
+ "analysisSample": sample,
440
450
  "analysisSco": analysisSco,
441
451
  "x_opencti_stix_ids": x_opencti_stix_ids,
442
452
  "update": update,
pycti/entities/opencti_note.py CHANGED
@@ -48,6 +48,11 @@ class Note:
48
48
  x_opencti_lastname
49
49
  }
50
50
  }
51
+ objectOrganization {
52
+ id
53
+ standard_id
54
+ name
55
+ }
51
56
  objectMarking {
52
57
  id
53
58
  standard_id
pycti/entities/opencti_observed_data.py CHANGED
@@ -47,6 +47,11 @@ class ObservedData:
47
47
  x_opencti_lastname
48
48
  }
49
49
  }
50
+ objectOrganization {
51
+ id
52
+ standard_id
53
+ name
54
+ }
50
55
  objectMarking {
51
56
  id
52
57
  standard_id
@@ -240,6 +245,11 @@ class ObservedData:
240
245
  x_opencti_lastname
241
246
  }
242
247
  }
248
+ objectOrganization {
249
+ id
250
+ standard_id
251
+ name
252
+ }
243
253
  objectMarking {
244
254
  id
245
255
  standard_id
pycti/entities/opencti_report.py CHANGED
@@ -19,6 +19,14 @@ class Report:
19
19
  spec_version
20
20
  created_at
21
21
  updated_at
22
+ status {
23
+ id
24
+ template {
25
+ id
26
+ name
27
+ color
28
+ }
29
+ }
22
30
  createdBy {
23
31
  ... on Identity {
24
32
  id
@@ -49,6 +57,11 @@ class Report:
49
57
  x_opencti_lastname
50
58
  }
51
59
  }
60
+ objectOrganization {
61
+ id
62
+ standard_id
63
+ name
64
+ }
52
65
  objectMarking {
53
66
  id
54
67
  standard_id
@@ -215,6 +228,14 @@ class Report:
215
228
  spec_version
216
229
  created_at
217
230
  updated_at
231
+ status {
232
+ id
233
+ template {
234
+ id
235
+ name
236
+ color
237
+ }
238
+ }
218
239
  createdBy {
219
240
  ... on Identity {
220
241
  id
@@ -245,6 +266,11 @@ class Report:
245
266
  x_opencti_lastname
246
267
  }
247
268
  }
269
+ objectOrganization {
270
+ id
271
+ standard_id
272
+ name
273
+ }
248
274
  objectMarking {
249
275
  id
250
276
  standard_id
@@ -832,9 +858,7 @@ class Report:
832
858
  )
833
859
  if "x_opencti_workflow_id" not in stix_object:
834
860
  stix_object["x_opencti_workflow_id"] = (
835
- self.opencti.get_attribute_in_extension(
836
- "x_opencti_workflow_id", stix_object
837
- )
861
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
838
862
  )
839
863
  if "x_opencti_reliability" not in stix_object:
840
864
  stix_object["x_opencti_reliability"] = (
pycti/entities/opencti_stix_core_object.py CHANGED
@@ -14,69 +14,74 @@ class StixCoreObject:
14
14
  spec_version
15
15
  created_at
16
16
  updated_at
17
- ... on StixDomainObject {
18
- createdBy {
19
- ... on Identity {
20
- id
21
- standard_id
22
- entity_type
23
- parent_types
24
- spec_version
25
- identity_class
26
- name
27
- description
28
- roles
29
- contact_information
30
- x_opencti_aliases
31
- created
32
- modified
33
- objectLabel {
34
- id
35
- value
36
- color
37
- }
38
- }
39
- ... on Organization {
40
- x_opencti_organization_type
41
- x_opencti_reliability
42
- }
43
- ... on Individual {
44
- x_opencti_firstname
45
- x_opencti_lastname
46
- }
47
- }
48
- objectMarking {
17
+ objectOrganization {
18
+ id
19
+ standard_id
20
+ name
21
+ }
22
+ createdBy {
23
+ ... on Identity {
49
24
  id
50
25
  standard_id
51
26
  entity_type
52
- definition_type
53
- definition
27
+ parent_types
28
+ spec_version
29
+ identity_class
30
+ name
31
+ description
32
+ roles
33
+ contact_information
34
+ x_opencti_aliases
54
35
  created
55
36
  modified
56
- x_opencti_order
57
- x_opencti_color
37
+ objectLabel {
38
+ id
39
+ value
40
+ color
41
+ }
58
42
  }
59
- objectLabel {
60
- id
61
- value
62
- color
43
+ ... on Organization {
44
+ x_opencti_organization_type
45
+ x_opencti_reliability
63
46
  }
64
- externalReferences {
65
- edges {
66
- node {
67
- id
68
- standard_id
69
- entity_type
70
- source_name
71
- description
72
- url
73
- hash
74
- external_id
75
- created
76
- modified
77
- }
47
+ ... on Individual {
48
+ x_opencti_firstname
49
+ x_opencti_lastname
50
+ }
51
+ }
52
+ objectMarking {
53
+ id
54
+ standard_id
55
+ entity_type
56
+ definition_type
57
+ definition
58
+ created
59
+ modified
60
+ x_opencti_order
61
+ x_opencti_color
62
+ }
63
+ objectLabel {
64
+ id
65
+ value
66
+ color
67
+ }
68
+ externalReferences {
69
+ edges {
70
+ node {
71
+ id
72
+ standard_id
73
+ entity_type
74
+ source_name
75
+ description
76
+ url
77
+ hash
78
+ external_id
79
+ created
80
+ modified
78
81
  }
79
82
  }
83
+ }
84
+ ... on StixDomainObject {
80
85
  revoked
81
86
  confidence
82
87
  created
@@ -632,82 +637,87 @@ class StixCoreObject:
632
637
  spec_version
633
638
  created_at
634
639
  updated_at
635
- ... on StixDomainObject {
636
- createdBy {
637
- ... on Identity {
638
- id
639
- standard_id
640
- entity_type
641
- parent_types
642
- spec_version
643
- identity_class
644
- name
645
- description
646
- roles
647
- contact_information
648
- x_opencti_aliases
649
- created
650
- modified
651
- objectLabel {
652
- id
653
- value
654
- color
655
- }
656
- }
657
- ... on Organization {
658
- x_opencti_organization_type
659
- x_opencti_reliability
660
- }
661
- ... on Individual {
662
- x_opencti_firstname
663
- x_opencti_lastname
664
- }
665
- }
666
- objectMarking {
640
+ objectOrganization {
641
+ id
642
+ standard_id
643
+ name
644
+ }
645
+ createdBy {
646
+ ... on Identity {
667
647
  id
668
648
  standard_id
669
649
  entity_type
670
- definition_type
671
- definition
650
+ parent_types
651
+ spec_version
652
+ identity_class
653
+ name
654
+ description
655
+ roles
656
+ contact_information
657
+ x_opencti_aliases
672
658
  created
673
659
  modified
674
- x_opencti_order
675
- x_opencti_color
660
+ objectLabel {
661
+ id
662
+ value
663
+ color
664
+ }
676
665
  }
677
- objectLabel {
678
- id
679
- value
680
- color
666
+ ... on Organization {
667
+ x_opencti_organization_type
668
+ x_opencti_reliability
681
669
  }
682
- externalReferences {
683
- edges {
684
- node {
685
- id
686
- standard_id
687
- entity_type
688
- source_name
689
- description
690
- url
691
- hash
692
- external_id
693
- created
694
- modified
695
- importFiles {
696
- edges {
697
- node {
698
- id
699
- name
700
- size
701
- metaData {
702
- mimetype
703
- version
704
- }
670
+ ... on Individual {
671
+ x_opencti_firstname
672
+ x_opencti_lastname
673
+ }
674
+ }
675
+ objectMarking {
676
+ id
677
+ standard_id
678
+ entity_type
679
+ definition_type
680
+ definition
681
+ created
682
+ modified
683
+ x_opencti_order
684
+ x_opencti_color
685
+ }
686
+ objectLabel {
687
+ id
688
+ value
689
+ color
690
+ }
691
+ externalReferences {
692
+ edges {
693
+ node {
694
+ id
695
+ standard_id
696
+ entity_type
697
+ source_name
698
+ description
699
+ url
700
+ hash
701
+ external_id
702
+ created
703
+ modified
704
+ importFiles {
705
+ edges {
706
+ node {
707
+ id
708
+ name
709
+ size
710
+ metaData {
711
+ mimetype
712
+ version
705
713
  }
706
714
  }
707
715
  }
708
716
  }
709
717
  }
710
718
  }
719
+ }
720
+ ... on StixDomainObject {
711
721
  revoked
712
722
  confidence
713
723
  created
pycti/entities/opencti_stix_core_relationship.py CHANGED
@@ -67,6 +67,11 @@ class StixCoreRelationship:
67
67
  x_opencti_order
68
68
  x_opencti_color
69
69
  }
70
+ objectOrganization {
71
+ id
72
+ standard_id
73
+ name
74
+ }
70
75
  objectLabel {
71
76
  id
72
77
  value
@@ -1115,9 +1120,11 @@ class StixCoreRelationship:
1115
1120
  default_date = kwargs.get("defaultDate", False)
1116
1121
  if stix_relation is not None:
1117
1122
  # Search in extensions
1118
- if "granted_refs" not in stix_relation:
1119
- stix_relation["granted_refs"] = self.opencti.get_attribute_in_extension(
1120
- "granted_refs", stix_relation
1123
+ if "x_opencti_granted_refs" not in stix_relation:
1124
+ stix_relation["x_opencti_granted_refs"] = (
1125
+ self.opencti.get_attribute_in_extension(
1126
+ "granted_refs", stix_relation
1127
+ )
1121
1128
  )
1122
1129
 
1123
1130
  source_ref = stix_relation["source_ref"]
@@ -1179,8 +1186,8 @@ class StixCoreRelationship:
1179
1186
  else None
1180
1187
  ),
1181
1188
  objectOrganization=(
1182
- stix_relation["granted_refs"]
1183
- if "granted_refs" in stix_relation
1189
+ stix_relation["x_opencti_granted_refs"]
1190
+ if "x_opencti_granted_refs" in stix_relation
1184
1191
  else None
1185
1192
  ),
1186
1193
  update=update,
pycti/entities/opencti_stix_cyber_observable.py CHANGED
@@ -19,6 +19,11 @@ class StixCyberObservable:
19
19
  spec_version
20
20
  created_at
21
21
  updated_at
22
+ objectOrganization {
23
+ id
24
+ standard_id
25
+ name
26
+ }
22
27
  creators {
23
28
  id
24
29
  name
@@ -299,6 +304,11 @@ class StixCyberObservable:
299
304
  spec_version
300
305
  created_at
301
306
  updated_at
307
+ objectOrganization {
308
+ id
309
+ standard_id
310
+ name
311
+ }
302
312
  creators {
303
313
  id
304
314
  name
@@ -754,14 +764,15 @@ class StixCyberObservable:
754
764
  id = kwargs.get("id", None)
755
765
  file_name = kwargs.get("file_name", None)
756
766
  data = kwargs.get("data", None)
767
+ version = kwargs.get("version")
757
768
  mime_type = kwargs.get("mime_type", "text/plain")
758
769
  no_trigger_import = kwargs.get("no_trigger_import", False)
759
770
  if id is not None and file_name is not None:
760
771
  final_file_name = os.path.basename(file_name)
761
772
  query = """
762
- mutation StixCyberObservableEdit($id: ID!, $file: Upload!, $noTriggerImport: Boolean) {
773
+ mutation StixCyberObservableEdit($id: ID!, $file: Upload!, $version: String, $noTriggerImport: Boolean) {
763
774
  stixCyberObservableEdit(id: $id) {
764
- importPush(file: $file, noTriggerImport: $noTriggerImport) {
775
+ importPush(file: $file, version: $version, noTriggerImport: $noTriggerImport) {
765
776
  id
766
777
  name
767
778
  }
@@ -783,6 +794,7 @@ class StixCyberObservable:
783
794
  {
784
795
  "id": id,
785
796
  "file": (self.file(final_file_name, data, mime_type)),
797
+ "version": version,
786
798
  "noTriggerImport": (
787
799
  no_trigger_import
788
800
  if isinstance(no_trigger_import, bool)
pycti/entities/opencti_stix_domain_object.py CHANGED
@@ -18,6 +18,11 @@ class StixDomainObject:
18
18
  spec_version
19
19
  created_at
20
20
  updated_at
21
+ objectOrganization {
22
+ id
23
+ standard_id
24
+ name
25
+ }
21
26
  createdBy {
22
27
  ... on Identity {
23
28
  id
@@ -495,6 +500,11 @@ class StixDomainObject:
495
500
  spec_version
496
501
  created_at
497
502
  updated_at
503
+ objectOrganization {
504
+ id
505
+ standard_id
506
+ name
507
+ }
498
508
  createdBy {
499
509
  ... on Identity {
500
510
  id
@@ -1270,14 +1280,15 @@ class StixDomainObject:
1270
1280
  id = kwargs.get("id", None)
1271
1281
  file_name = kwargs.get("file_name", None)
1272
1282
  data = kwargs.get("data", None)
1283
+ version = kwargs.get("version")
1273
1284
  mime_type = kwargs.get("mime_type", "text/plain")
1274
1285
  no_trigger_import = kwargs.get("no_trigger_import", False)
1275
1286
  if id is not None and file_name is not None:
1276
1287
  final_file_name = os.path.basename(file_name)
1277
1288
  query = """
1278
- mutation StixDomainObjectEdit($id: ID!, $file: Upload!, $noTriggerImport: Boolean) {
1289
+ mutation StixDomainObjectEdit($id: ID!, $file: Upload!, $version: String, $noTriggerImport: Boolean) {
1279
1290
  stixDomainObjectEdit(id: $id) {
1280
- importPush(file: $file, noTriggerImport: $noTriggerImport) {
1291
+ importPush(file: $file, version: $version, noTriggerImport: $noTriggerImport) {
1281
1292
  id
1282
1293
  name
1283
1294
  }
@@ -1299,6 +1310,7 @@ class StixDomainObject:
1299
1310
  {
1300
1311
  "id": id,
1301
1312
  "file": (self.file(final_file_name, data, mime_type)),
1313
+ "version": version,
1302
1314
  "noTriggerImport": (
1303
1315
  no_trigger_import
1304
1316
  if isinstance(no_trigger_import, bool)
pycti/entities/opencti_stix_object_or_stix_relationship.py CHANGED
@@ -42,6 +42,11 @@ class StixObjectOrStixRelationship:
42
42
  x_opencti_lastname
43
43
  }
44
44
  }
45
+ objectOrganization {
46
+ id
47
+ standard_id
48
+ name
49
+ }
45
50
  objectMarking {
46
51
  id
47
52
  standard_id
pycti/entities/opencti_stix_sighting_relationship.py CHANGED
@@ -65,6 +65,11 @@ class StixSightingRelationship:
65
65
  x_opencti_order
66
66
  x_opencti_color
67
67
  }
68
+ objectOrganization {
69
+ id
70
+ standard_id
71
+ name
72
+ }
68
73
  objectLabel {
69
74
  id
70
75
  value
pycti/entities/opencti_threat_actor.py CHANGED
@@ -60,6 +60,11 @@ class ThreatActor:
60
60
  x_opencti_lastname
61
61
  }
62
62
  }
63
+ objectOrganization {
64
+ id
65
+ standard_id
66
+ name
67
+ }
63
68
  objectMarking {
64
69
  id
65
70
  standard_id
pycti/entities/opencti_threat_actor_group.py CHANGED
@@ -55,6 +55,11 @@ class ThreatActorGroup:
55
55
  x_opencti_lastname
56
56
  }
57
57
  }
58
+ objectOrganization {
59
+ id
60
+ standard_id
61
+ name
62
+ }
58
63
  objectMarking {
59
64
  id
60
65
  standard_id
pycti/entities/opencti_threat_actor_individual.py CHANGED
@@ -55,6 +55,11 @@ class ThreatActorIndividual:
55
55
  x_opencti_lastname
56
56
  }
57
57
  }
58
+ objectOrganization {
59
+ id
60
+ standard_id
61
+ name
62
+ }
58
63
  objectMarking {
59
64
  id
60
65
  standard_id