pycti 6.0.10__py3-none-any.whl → 6.1.1__py3-none-any.whl

pycti/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.0.10"
+__version__ = "6.1.1"
 
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector

pycti/api/opencti_api_client.py

@@ -207,6 +207,12 @@ class OpenCTIApiClient:
     def set_applicant_id_header(self, applicant_id):
         self.request_headers["opencti-applicant-id"] = applicant_id
 
+    def set_playbook_id_header(self, playbook_id):
+        self.request_headers["opencti-playbook-id"] = playbook_id
+
+    def set_event_id(self, event_id):
+        self.request_headers["opencti-event-id"] = event_id
+
     def set_synchronized_upsert_header(self, synchronized):
         self.request_headers["synchronized-upsert"] = (
             "true" if synchronized is True else "false"
@@ -616,18 +622,19 @@ class OpenCTIApiClient:
         """upload a file to OpenCTI API
 
         :param `**kwargs`: arguments for file upload (required: `file_name` and `data`)
-        :return: returns the query respons for the file upload
+        :return: returns the query response for the file upload
         :rtype: dict
         """
 
         file_name = kwargs.get("file_name", None)
+        file_markings = kwargs.get("file_markings", None)
         data = kwargs.get("data", None)
         mime_type = kwargs.get("mime_type", "text/plain")
         if file_name is not None:
             self.app_logger.info("Uploading a file.")
             query = """
-                mutation UploadImport($file: Upload!) {
-                    uploadImport(file: $file) {
+                mutation UploadImport($file: Upload!, $fileMarkings: [String]) {
+                    uploadImport(file: $file, fileMarkings: $fileMarkings) {
                         id
                         name
                     }
@@ -639,8 +646,11 @@ class OpenCTIApiClient:
                     mime_type = "application/json"
                 else:
                     mime_type = magic.from_file(file_name, mime=True)
-
-            return self.query(query, {"file": (File(file_name, data, mime_type))})
+            query_vars = {"file": (File(file_name, data, mime_type))}
+            # optional file markings
+            if file_markings is not None:
+                query_vars["fileMarkings"] = file_markings
+            return self.query(query, query_vars)
         else:
             self.app_logger.error("[upload] Missing parameter: file_name")
             return None

pycti/api/opencti_api_playbook.py

@@ -9,14 +9,15 @@ class OpenCTIApiPlaybook:
             "Executing playbook step", {"playbook_id": playbook["playbook_id"]}
         )
         query = """
-            mutation PlaybookStepExecution($execution_id: ID!, $execution_start: DateTime!, $data_instance_id: ID!, $playbook_id: ID!, $previous_step_id: ID!, $step_id: ID!, $previous_bundle: String!, $bundle: String!) {
-                playbookStepExecution(execution_id: $execution_id, execution_start: $execution_start, data_instance_id: $data_instance_id, playbook_id: $playbook_id, previous_step_id: $previous_step_id, step_id: $step_id, previous_bundle: $previous_bundle, bundle: $bundle)
+            mutation PlaybookStepExecution($execution_id: ID!, $event_id: ID!, $execution_start: DateTime!, $data_instance_id: ID!, $playbook_id: ID!, $previous_step_id: ID!, $step_id: ID!, $previous_bundle: String!, $bundle: String!) {
+                playbookStepExecution(execution_id: $execution_id, event_id: $event_id, execution_start: $execution_start, data_instance_id: $data_instance_id, playbook_id: $playbook_id, previous_step_id: $previous_step_id, step_id: $step_id, previous_bundle: $previous_bundle, bundle: $bundle)
             }
            """
         self.api.query(
             query,
             {
                 "execution_id": playbook["execution_id"],
+                "event_id": playbook["event_id"],
                 "execution_start": playbook["execution_start"],
                 "playbook_id": playbook["playbook_id"],
                 "data_instance_id": playbook["data_instance_id"],

pycti/connector/opencti_connector_helper.py

@@ -282,18 +282,20 @@ class ListenQueue(threading.Thread):
                 is_playbook = "playbook" in json_data["internal"]
                 # If playbook, compute object on data bundle
                 if is_playbook:
-                    execution_id = json_data["internal"]["playbook"]["execution_id"]
                     execution_start = self.helper.date_now()
-                    playbook_id = json_data["internal"]["playbook"]["playbook_id"]
-                    data_instance_id = json_data["internal"]["playbook"][
+                    event_id = json_data["internal"]["playbook"].get("event_id")
+                    execution_id = json_data["internal"]["playbook"].get("execution_id")
+                    playbook_id = json_data["internal"]["playbook"].get("playbook_id")
+                    data_instance_id = json_data["internal"]["playbook"].get(
                         "data_instance_id"
-                    ]
+                    )
                     previous_bundle = json.dumps((json_data["event"]["bundle"]))
                     step_id = json_data["internal"]["playbook"]["step_id"]
                     previous_step_id = json_data["internal"]["playbook"][
                         "previous_step_id"
                     ]
                     playbook_data = {
+                        "event_id": event_id,
                         "execution_id": execution_id,
                         "execution_start": execution_start,
                         "playbook_id": playbook_id,
@@ -312,7 +314,9 @@ class ListenQueue(threading.Thread):
                     # If not playbook but enrichment, compute object on enrichment_entity
                     opencti_entity = event_data["enrichment_entity"]
                     stix_objects = self.helper.api.stix2.prepare_export(
-                        self.helper.api.stix2.generate_export(copy.copy(opencti_entity))
+                        entity=self.helper.api.stix2.generate_export(
+                            copy.copy(opencti_entity)
+                        )
                     )
                     stix_entity = [
                         e
@@ -1565,7 +1569,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         if bundle is None:
             # Generate bundle
             stix_objects = self.api.stix2.prepare_export(
-                self.api.stix2.generate_export(copy.copy(opencti_entity))
+                entity=self.api.stix2.generate_export(copy.copy(opencti_entity))
             )
         else:
             stix_objects = bundle["objects"]

pycti/entities/opencti_case_incident.py

@@ -530,7 +530,7 @@ class CaseIncident:
             data = self.opencti.process_multiple(result["data"]["caseIncidents"])
             final_data = final_data + data
             while result["data"]["caseIncidents"]["pageInfo"]["hasNextPage"]:
-                after = result["date"]["caseIncidents"]["pageInfo"]["endCursor"]
+                after = result["data"]["caseIncidents"]["pageInfo"]["endCursor"]
                 self.opencti.app_logger.info("Listing Case Incidents", {"after": after})
                 result = self.opencti.query(
                     query,

pycti/entities/opencti_intrusion_set.py

@@ -275,20 +275,40 @@ class IntrusionSet:
             }
         """
         )
-        result = self.opencti.query(
-            query,
-            {
-                "filters": filters,
-                "search": search,
-                "first": first,
-                "after": after,
-                "orderBy": order_by,
-                "orderMode": order_mode,
-            },
-        )
-        return self.opencti.process_multiple(
-            result["data"]["intrusionSets"], with_pagination
-        )
+        variables = {
+            "filters": filters,
+            "search": search,
+            "first": first,
+            "after": after,
+            "orderBy": order_by,
+            "orderMode": order_mode,
+        }
+        result = self.opencti.query(query, variables)
+        if get_all:
+            final_data = []
+            data = self.opencti.process_multiple(result["data"]["intrusionSets"])
+            final_data = final_data + data
+            while result["data"]["intrusionSets"]["pageInfo"]["hasNextPage"]:
+                after = result["data"]["intrusionSets"]["pageInfo"]["endCursor"]
+                self.opencti.app_logger.info("Listing Intrusion-Sets", {"after": after})
+                result = self.opencti.query(
+                    query,
+                    {
+                        "filters": filters,
+                        "search": search,
+                        "first": first,
+                        "after": after,
+                        "orderBy": order_by,
+                        "orderMode": order_mode,
+                    },
+                )
+                data = self.opencti.process_multiple(result["data"]["intrusionSets"])
+                final_data = final_data + data
+            return final_data
+        else:
+            return self.opencti.process_multiple(
+                result["data"]["intrusionSets"], with_pagination
+            )
 
     """
         Read a Intrusion-Set object

pycti/entities/opencti_report.py

@@ -466,6 +466,19 @@ class Report:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "report--" + id
 
+    @staticmethod
+    def generate_fixed_fake_id(name, published=None):
+        name = name.lower().strip()
+        if isinstance(published, datetime.datetime):
+            published = published.isoformat()
+        if published is not None:
+            data = {"name": name, "published": published, "fake": "fake"}
+        else:
+            data = {"name": name, "fake": "fake"}
+        data = canonicalize(data, utf8=False)
+        id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
+        return "report--" + id
+
     """
         List Report objects
 

pycti/entities/opencti_stix_core_object.py

@@ -435,9 +435,18 @@ class StixCoreObject:
                         }
                     }
                 }
-            }      
+            }
             ... on StixCyberObservable {
                 observable_value
+                indicators {
+                    edges {
+                        node {
+                            id
+                            pattern
+                            pattern_type
+                        }
+                    }
+                }
             }
             ... on AutonomousSystem {
                 number
@@ -1090,9 +1099,18 @@ class StixCoreObject:
                         }
                     }
                 }
-            }      
+            }
             ... on StixCyberObservable {
                 observable_value
+                indicators {
+                    edges {
+                        node {
+                            id
+                            pattern
+                            pattern_type
+                        }
+                    }
+                }
             }
             ... on AutonomousSystem {
                 number
@@ -1459,13 +1477,21 @@ class StixCoreObject:
         return entity["importFiles"]
 
     def push_list_export(
-        self, entity_id, entity_type, file_name, data, list_filters="", mime_type=None
+        self,
+        entity_id,
+        entity_type,
+        file_name,
+        file_markings,
+        data,
+        list_filters="",
+        mime_type=None,
     ):
         query = """
-            mutation StixCoreObjectsExportPush($entity_id: String, $entity_type: String!, $file: Upload!, $listFilters: String) {
-                stixCoreObjectsExportPush(entity_id: $entity_id, entity_type: $entity_type, file: $file, listFilters: $listFilters)
+            mutation StixCoreObjectsExportPush($entity_id: String, $entity_type: String!, $file: Upload!, $file_markings: [String]!, $listFilters: String) {
+                stixCoreObjectsExportPush(entity_id: $entity_id, entity_type: $entity_type, file: $file, file_markings: $file_markings, listFilters: $listFilters)
             }
         """
+
         if mime_type is None:
             file = self.file(file_name, data)
         else:
@@ -1476,6 +1502,7 @@ class StixCoreObject:
                 "entity_id": entity_id,
                 "entity_type": entity_type,
                 "file": file,
+                "file_markings": file_markings,
                 "listFilters": list_filters,
             },
         )

pycti/entities/opencti_stix_cyber_observable.py

@@ -2316,11 +2316,30 @@ class StixCyberObservable:
             return False
 
     def push_list_export(
-        self, entity_id, entity_type, file_name, data, list_filters="", mime_type=None
+        self,
+        entity_id,
+        entity_type,
+        file_name,
+        file_markings,
+        data,
+        list_filters="",
+        mime_type=None,
     ):
         query = """
-            mutation StixCyberObservablesExportPush($entity_id: String, $entity_type: String!, $file: Upload!, $listFilters: String) {
-                stixCyberObservablesExportPush(entity_id: $entity_id, entity_type: $entity_type, file: $file, listFilters: $listFilters)
+            mutation StixCyberObservablesExportPush(
+                $entity_id: String,
+                $entity_type: String!,
+                $file: Upload!,
+                $file_markings: [String]!,
+                $listFilters: String
+            ) {
+                stixCyberObservablesExportPush(
+                    entity_id: $entity_id,
+                    entity_type: $entity_type,
+                    file: $file,
+                    file_markings: $file_markings,
+                    listFilters: $listFilters
+                )
             }
         """
         if mime_type is None:
@@ -2333,6 +2352,7 @@ class StixCyberObservable:
                 "entity_id": entity_id,
                 "entity_type": entity_type,
                 "file": file,
+                "file_markings": file_markings,
                 "listFilters": list_filters,
             },
         )

pycti/entities/opencti_stix_domain_object.py

@@ -1325,11 +1325,18 @@ class StixDomainObject:
             return None
 
     def push_list_export(
-        self, entity_id, entity_type, file_name, data, list_filters="", mime_type=None
+        self,
+        entity_id,
+        entity_type,
+        file_name,
+        file_markings,
+        data,
+        list_filters="",
+        mime_type=None,
     ):
         query = """
-            mutation StixDomainObjectsExportPush($entity_id: String, $entity_type: String!, $file: Upload!, $listFilters: String) {
-                stixDomainObjectsExportPush(entity_id: $entity_id, entity_type: $entity_type, file: $file, listFilters: $listFilters)
+            mutation StixDomainObjectsExportPush($entity_id: String, $entity_type: String!, $file: Upload!, $file_markings: [String]!, $listFilters: String) {
+                stixDomainObjectsExportPush(entity_id: $entity_id, entity_type: $entity_type, file: $file,  file_markings: $file_markings, listFilters: $listFilters)
             }
         """
         if mime_type is None:
@@ -1342,15 +1349,26 @@ class StixDomainObject:
                 "entity_id": entity_id,
                 "entity_type": entity_type,
                 "file": file,
+                "file_markings": file_markings,
                 "listFilters": list_filters,
             },
         )
 
-    def push_entity_export(self, entity_id, file_name, data, mime_type=None):
+    def push_entity_export(
+        self, entity_id, file_name, data, file_markings=None, mime_type=None
+    ):
+        if file_markings is None:
+            file_markings = []
         query = """
-            mutation StixDomainObjectEdit($id: ID!, $file: Upload!) {
+            mutation StixDomainObjectEdit(
+                $id: ID!, $file: Upload!,
+                $file_markings: [String]!
+            ) {
                 stixDomainObjectEdit(id: $id) {
-                    exportPush(file: $file)
+                    exportPush(
+                        file: $file,
+                        file_markings: $file_markings
+                    )
                 }
             }
         """
@@ -1358,7 +1376,9 @@ class StixDomainObject:
             file = self.file(file_name, data)
         else:
             file = self.file(file_name, data, mime_type)
-        self.opencti.query(query, {"id": entity_id, "file": file})
+        self.opencti.query(
+            query, {"id": entity_id, "file": file, "file_markings": file_markings}
+        )
 
     """
         Update the Identity author of a Stix-Domain-Object object (created_by)

pycti/entities/opencti_stix_object_or_stix_relationship.py

@@ -1,3 +1,6 @@
+import json
+
+
 class StixObjectOrStixRelationship:
     def __init__(self, opencti):
         self.opencti = opencti
@@ -329,11 +332,15 @@ class StixObjectOrStixRelationship:
             }
             ... on Case {
                 name
-            }            
+            }
             ... on StixCyberObservable {
                 observable_value
             }
             ... on StixCoreRelationship {
+                id
+                standard_id
+                entity_type
+                parent_types
                 createdBy {
                     ... on Identity {
                         id
@@ -396,6 +403,10 @@ class StixObjectOrStixRelationship:
                 stop_time
             }
             ... on StixSightingRelationship {
+                id
+                standard_id
+                entity_type
+                parent_types
                 createdBy {
                     ... on Identity {
                         id
@@ -476,9 +487,9 @@ class StixObjectOrStixRelationship:
             )
             query = (
                 """
-                query StixObjectOrStixRelationship($id: String!) {
-                    stixObjectOrStixRelationship(id: $id) {
-                        """
+                    query StixObjectOrStixRelationship($id: String!) {
+                        stixObjectOrStixRelationship(id: $id) {
+                            """
                 + (
                     custom_attributes
                     if custom_attributes is not None
@@ -496,3 +507,76 @@ class StixObjectOrStixRelationship:
         else:
             self.opencti.app_logger.error("Missing parameters: id")
             return None
+
+    def list(self, **kwargs):
+        filters = kwargs.get("filters", None)
+        search = kwargs.get("search", None)
+        first = kwargs.get("first", 100)
+        after = kwargs.get("after", None)
+        get_all = kwargs.get("getAll", False)
+        with_pagination = kwargs.get("with_pagination", False)
+        custom_attributes = kwargs.get("customAttributes", None)
+
+        self.opencti.app_logger.info(
+            "Listing StixObjectOrStixRelationships with filters",
+            {"filters": json.dumps(filters)},
+        )
+        query = (
+            """
+                        query StixObjectOrStixRelationships($filters: FilterGroup, $search: String, $first: Int, $after: ID) {
+                            stixObjectOrStixRelationships(filters: $filters, search: $search, first: $first, after: $after) {
+                                edges {
+                                    node {
+                                        """
+            + (custom_attributes if custom_attributes is not None else self.properties)
+            + """
+                                }
+                            }
+                            pageInfo {
+                                startCursor
+                                endCursor
+                                hasNextPage
+                                hasPreviousPage
+                                globalCount
+                            }
+                        }
+                    }
+                """
+        )
+        variables = {
+            "filters": filters,
+            "search": search,
+            "first": first,
+            "after": after,
+        }
+        result = self.opencti.query(
+            query,
+            variables,
+        )
+
+        if get_all:
+            final_data = []
+            data = self.opencti.process_multiple(
+                result["data"]["stixObjectOrStixRelationships"]
+            )
+            final_data = final_data + data
+            while result["data"]["stixObjectOrStixRelationships"]["pageInfo"][
+                "hasNextPage"
+            ]:
+                after = result["data"]["stixObjectOrStixRelationships"]["pageInfo"][
+                    "endCursor"
+                ]
+                self.opencti.app_logger.info(
+                    "Listing stixObjectOrStixRelationships", {"after": after}
+                )
+                after_variables = {**variables, **{"after": after}}
+                result = self.opencti.query(query, after_variables)
+                data = self.opencti.process_multiple(
+                    result["data"]["stixObjectOrStixRelationships"]
+                )
+                final_data = final_data + data
+            return final_data
+        else:
+            return self.opencti.process_multiple(
+                result["data"]["stixObjectOrStixRelationships"], with_pagination
+            )

pycti/utils/constants.py

@@ -129,7 +129,6 @@ class MultipleRefRelationship(Enum):
     CHILD = "child"
     BODY_MULTIPART = "body-multipart"
     VALUES = "values"
-    LINKED = "x_opencti_linked-to"
     SERVICE_DDL = "service-dll"
     INSTALLED_SOFTWARE = "installed-software"
     RELATION_ANALYSIS_SCO = "analysis-sco"

pycti/utils/opencti_stix2.py

@@ -135,43 +135,6 @@ class OpenCTIStix2:
             return stix_object["aliases"]
         return None
 
-    def check_max_marking_definition(
-        self, max_marking_definition_entity: Dict, entity_marking_definitions: List
-    ) -> bool:
-        """checks if a list of marking definitions conforms with a given max level
-
-        :param max_marking_definition_entity: the maximum allowed marking definition level
-        :type max_marking_definition_entity: str, optional
-        :param entity_marking_definitions: list of entities to check
-        :type entity_marking_definitions: list
-        :return: `True` if the list conforms with max marking definition
-        :rtype: bool
-        """
-
-        # Max is not set, return True
-        if max_marking_definition_entity is None:
-            return True
-        # Filter entity markings definition to the max_marking_definition type
-        typed_entity_marking_definitions = []
-        for entity_marking_definition in entity_marking_definitions:
-            if (
-                entity_marking_definition["definition_type"]
-                == max_marking_definition_entity["definition_type"]
-            ):
-                typed_entity_marking_definitions.append(entity_marking_definition)
-        # No entity marking defintions of the max_marking_definition type
-        if len(typed_entity_marking_definitions) == 0:
-            return True
-
-        # Check if level is less or equal to max
-        for typed_entity_marking_definition in typed_entity_marking_definitions:
-            if (
-                typed_entity_marking_definition["x_opencti_order"]
-                <= max_marking_definition_entity["x_opencti_order"]
-            ):
-                return True
-        return False
-
     def import_bundle_from_file(
         self, file_path: str, update: bool = False, types: List = None
     ) -> Optional[List]:
@@ -680,6 +643,9 @@ class OpenCTIStix2:
 
                         author = self.resolve_author(title)
                         report = self.opencti.report.create(
+                            id=self.opencti.report.generate_fixed_fake_id(
+                                title, published
+                            ),
                             name=title,
                             createdBy=author["id"] if author is not None else None,
                             objectMarking=[object_marking_ref_result["id"]],
@@ -788,6 +754,48 @@ class OpenCTIStix2:
             "reports": reports,
         }
 
+    def get_listers(self):
+        return {
+            "Stix-Core-Object": self.opencti.stix_core_object.list,
+            "Stix-Domain-Object": self.opencti.stix_domain_object.list,
+            "Administrative-Area": self.opencti.location.list,
+            "Attack-Pattern": self.opencti.attack_pattern.list,
+            "Campaign": self.opencti.campaign.list,
+            "Channel": self.opencti.channel.list,
+            "Event": self.opencti.event.list,
+            "Note": self.opencti.note.list,
+            "Observed-Data": self.opencti.observed_data.list,
+            "Opinion": self.opencti.opinion.list,
+            "Report": self.opencti.report.list,
+            "Grouping": self.opencti.grouping.list,
+            "Case-Incident": self.opencti.case_incident.list,
+            "Feedback": self.opencti.feedback.list,
+            "Case-Rfi": self.opencti.case_rfi.list,
+            "Case-Rft": self.opencti.case_rft.list,
+            "Task": self.opencti.task.list,
+            "Course-Of-Action": self.opencti.course_of_action.list,
+            "Data-Component": self.opencti.data_component.list,
+            "Data-Source": self.opencti.data_source.list,
+            "Identity": self.opencti.identity.list,
+            "Indicator": self.opencti.indicator.list,
+            "Infrastructure": self.opencti.infrastructure.list,
+            "Intrusion-Set": self.opencti.intrusion_set.list,
+            "Location": self.opencti.location.list,
+            "Language": self.opencti.language.list,
+            "Malware": self.opencti.malware.list,
+            "Malware-Analysis": self.opencti.malware_analysis.list,
+            "Threat-Actor": self.opencti.threat_actor_group.list,
+            "Threat-Actor-Group": self.opencti.threat_actor_group.list,
+            "Threat-Actor-Individual": self.opencti.threat_actor_individual.list,
+            "Tool": self.opencti.tool.list,
+            "Narrative": self.opencti.narrative.list,
+            "Vulnerability": self.opencti.vulnerability.list,
+            "Incident": self.opencti.incident.list,
+            "Stix-Cyber-Observable": self.opencti.stix_cyber_observable.list,
+            "stix-sighting-relationship": self.opencti.stix_sighting_relationship.list,
+            "stix-core-relationship": self.opencti.stix_core_relationship.list,
+        }
+
     def get_readers(self):
         return {
             "Attack-Pattern": self.opencti.attack_pattern.read,
@@ -1512,7 +1520,7 @@ class OpenCTIStix2:
         if "tasks" in entity:
             del entity["tasks"]
 
-        if "status" in entity:
+        if "status" in entity and entity["status"] is not None:
             entity["x_opencti_workflow_id"] = entity["status"].get("id")
         if "status" in entity:
             del entity["status"]
@@ -1614,35 +1622,72 @@ class OpenCTIStix2:
 
         return {k: v for k, v in entity.items() if self.opencti.not_empty(v)}
 
+    @staticmethod
+    def prepare_id_filters_export(
+        id: Union[str, List[str]], access_filter: Dict = None
+    ) -> Dict:
+        if access_filter is not None:
+            return {
+                "mode": "and",
+                "filterGroups": [
+                    {
+                        "mode": "or",
+                        "filters": [
+                            {
+                                "key": "ids",
+                                "values": id if isinstance(id, list) else [id],
+                            }
+                        ],
+                        "filterGroups": [],
+                    },
+                    access_filter,
+                ],
+                "filters": [],
+            }
+        else:
+            return {
+                "mode": "and",
+                "filterGroups": [],
+                "filters": [
+                    {
+                        "key": "ids",
+                        "mode": "or",
+                        "values": id if isinstance(id, list) else [id],
+                    }
+                ],
+            }
+
     def prepare_export(
         self,
         entity: Dict,
         mode: str = "simple",
-        max_marking_definition_entity: Dict = None,
+        access_filter: Dict = None,
         no_custom_attributes: bool = False,
     ) -> List:
-        if (
-            self.check_max_marking_definition(
-                max_marking_definition_entity,
-                entity["objectMarking"] if "objectMarking" in entity else [],
-            )
-            is False
-        ):
-            self.opencti.app_logger.info(
-                "Marking definitions are less than max definition, not exporting.",
-                {"type": entity["type"]},
-            )
-            return []
         result = []
         objects_to_get = []
         relations_to_get = []
+
+        # Container
+        if "objects" in entity and len(entity["objects"]) > 0:
+            object_ids = list(map(lambda e: e["standard_id"], entity["objects"]))
+            export_query_filter = self.prepare_id_filters_export(
+                id=object_ids, access_filter=access_filter
+            )
+            filtered_objects = (
+                self.opencti.opencti_stix_object_or_stix_relationship.list(
+                    filters=export_query_filter, getAll=True
+                )
+            )
+            entity["objects"] = filtered_objects
+
         # CreatedByRef
         if (
             not no_custom_attributes
             and "createdBy" in entity
             and entity["createdBy"] is not None
         ):
-            created_by = self.generate_export(entity["createdBy"])
+            created_by = self.generate_export(entity=entity["createdBy"])
             if entity["type"] in STIX_CYBER_OBSERVABLE_MAPPING:
                 entity["x_opencti_created_by_ref"] = created_by["id"]
             else:
@@ -1747,7 +1792,7 @@ class OpenCTIStix2:
             and len(entity["objects"]) > 0
         ):
             entity["object_refs"] = []
-            objects_to_get = entity["objects"]
+            objects_to_get = entity["objects"]  # To do differently
             for entity_object in entity["objects"]:
                 if (
                     entity["type"] == "report"
@@ -1819,22 +1864,62 @@ class OpenCTIStix2:
             entity["type"] = "sighting"
             entity["count"] = entity["attribute_count"]
             del entity["attribute_count"]
-            entity["sighting_of_ref"] = entity["from"]["standard_id"]
-            objects_to_get.append(entity["from"])
-            entity["where_sighted_refs"] = [entity["to"]["standard_id"]]
-            objects_to_get.append(entity["to"])
+            from_to_check = entity["from"]["id"]
+            relationships_from_filter = self.prepare_id_filters_export(
+                id=from_to_check, access_filter=access_filter
+            )
+            x = self.opencti.opencti_stix_object_or_stix_relationship.list(
+                filters=relationships_from_filter
+            )
+            if len(x) > 0:
+                entity["sighting_of_ref"] = entity["from"]["id"]
+                # handle from and to separately like Stix Core Relationship and call 2 requests
+                objects_to_get.append(
+                    entity["from"]
+                )  # what happen with unauthorized objects ?
+
+            to_to_check = [entity["to"]["id"]]
+            relationships_to_filter = self.prepare_id_filters_export(
+                id=to_to_check, access_filter=access_filter
+            )
+            y = self.opencti.opencti_stix_object_or_stix_relationship.list(
+                filters=relationships_to_filter
+            )
+            if len(y) > 0:
+                entity["where_sighted_refs"] = [entity["to"]["id"]]
+                objects_to_get.append(entity["to"])
+
             del entity["from"]
             del entity["to"]
         # Stix Core Relationship
         if "from" in entity or "to" in entity:
             entity["type"] = "relationship"
         if "from" in entity:
-            entity["source_ref"] = entity["from"]["standard_id"]
-            objects_to_get.append(entity["from"])
+            from_to_check = entity["from"]["id"]
+            relationships_from_filter = self.prepare_id_filters_export(
+                id=from_to_check, access_filter=access_filter
+            )
+            x = self.opencti.opencti_stix_object_or_stix_relationship.list(
+                filters=relationships_from_filter
+            )
+            if len(x) > 0:
+                entity["source_ref"] = entity["from"]["id"]
+                # handle from and to separately like Stix Core Relationship and call 2 requests
+                objects_to_get.append(
+                    entity["from"]
+                )  # what happen with unauthorized objects ?
             del entity["from"]
         if "to" in entity:
-            entity["target_ref"] = entity["to"]["standard_id"]
-            objects_to_get.append(entity["to"])
+            to_to_check = [entity["to"]["id"]]
+            relationships_to_filter = self.prepare_id_filters_export(
+                id=to_to_check, access_filter=access_filter
+            )
+            y = self.opencti.opencti_stix_object_or_stix_relationship.list(
+                filters=relationships_to_filter
+            )
+            if len(y) > 0:
+                entity["target_ref"] = entity["to"]["id"]
+                objects_to_get.append(entity["to"])
             del entity["to"]
         # Stix Domain Object
         if "attribute_abstract" in entity:
@@ -1877,7 +1962,7 @@ class OpenCTIStix2:
 
         # StixRefRelationship
         stix_nested_ref_relationships = self.opencti.stix_nested_ref_relationship.list(
-            fromId=entity["x_opencti_id"]
+            fromId=entity["x_opencti_id"], filters=access_filter
         )
         for stix_nested_ref_relationship in stix_nested_ref_relationships:
             if "standard_id" in stix_nested_ref_relationship["to"]:
@@ -1921,8 +2006,8 @@ class OpenCTIStix2:
             return result
         elif mode == "full":
             uuids = [entity["id"]]
-            for x in result:
-                uuids.append(x["id"])
+            for y in result:
+                uuids.append(y["id"])
             # Get extra refs
             for key in entity.keys():
                 if key.endswith("_ref"):
@@ -1964,80 +2049,50 @@ class OpenCTIStix2:
                             )
             # Get extra relations (from AND to)
             stix_core_relationships = self.opencti.stix_core_relationship.list(
-                fromOrToId=entity["x_opencti_id"], getAll=True
+                fromOrToId=entity["x_opencti_id"], getAll=True, filters=access_filter
             )
             for stix_core_relationship in stix_core_relationships:
-                if self.check_max_marking_definition(
-                    max_marking_definition_entity,
-                    (
-                        stix_core_relationship["objectMarking"]
-                        if "objectMarking" in stix_core_relationship
-                        else None
-                    ),
-                ):
-                    objects_to_get.append(
-                        stix_core_relationship["to"]
-                        if stix_core_relationship["to"]["id"] != entity["x_opencti_id"]
-                        else stix_core_relationship["from"]
-                    )
-                    relation_object_data = self.prepare_export(
-                        self.generate_export(stix_core_relationship),
-                        "simple",
-                        max_marking_definition_entity,
-                    )
-                    relation_object_bundle = self.filter_objects(
-                        uuids, relation_object_data
-                    )
-                    uuids = uuids + [x["id"] for x in relation_object_bundle]
-                    result = result + relation_object_bundle
-                else:
-                    self.opencti.app_logger.info(
-                        "Marking definitions are less than max definition, "
-                        "not exporting the relation AND the target entity.",
-                        {
-                            "type": stix_core_relationship["entity_type"],
-                            "id": stix_core_relationship["id"],
-                        },
+                objects_to_get.append(
+                    stix_core_relationship["to"]
+                    if stix_core_relationship["to"]["id"] != entity["x_opencti_id"]
+                    else stix_core_relationship["from"]
+                )
+                relation_object_data = (
+                    self.prepare_export(  # ICI -> remove max marking ?
+                        entity=self.generate_export(stix_core_relationship),
+                        mode="simple",
+                        access_filter=access_filter,
                     )
+                )
+                relation_object_bundle = self.filter_objects(
+                    uuids, relation_object_data
+                )
+                uuids = uuids + [x["id"] for x in relation_object_bundle]
+                result = result + relation_object_bundle
+
             # Get sighting
             stix_sighting_relationships = self.opencti.stix_sighting_relationship.list(
-                fromOrToId=entity["x_opencti_id"],
-                getAll=True,
+                fromOrToId=entity["x_opencti_id"], getAll=True, filters=access_filter
             )
             for stix_sighting_relationship in stix_sighting_relationships:
-                if self.check_max_marking_definition(
-                    max_marking_definition_entity,
-                    (
-                        stix_sighting_relationship["objectMarking"]
-                        if "objectMarking" in stix_sighting_relationship
-                        else None
-                    ),
-                ):
-                    objects_to_get.append(
-                        stix_sighting_relationship["to"]
-                        if stix_sighting_relationship["to"]["id"]
-                        != entity["x_opencti_id"]
-                        else stix_sighting_relationship["from"]
-                    )
-                    relation_object_data = self.prepare_export(
-                        self.generate_export(stix_sighting_relationship),
-                        "simple",
-                        max_marking_definition_entity,
-                    )
-                    relation_object_bundle = self.filter_objects(
-                        uuids, relation_object_data
-                    )
-                    uuids = uuids + [x["id"] for x in relation_object_bundle]
-                    result = result + relation_object_bundle
-                else:
-                    self.opencti.app_logger.info(
-                        "Marking definitions are less than max definition, "
-                        "not exporting the relation AND the target entity.",
-                        {
-                            "type": stix_sighting_relationship["entity_type"],
-                            "id": stix_sighting_relationship["id"],
-                        },
+                objects_to_get.append(
+                    stix_sighting_relationship["to"]
+                    if stix_sighting_relationship["to"]["id"] != entity["x_opencti_id"]
+                    else stix_sighting_relationship["from"]
+                )
+                relation_object_data = (
+                    self.prepare_export(  # ICI -> remove max marking ?
+                        entity=self.generate_export(stix_sighting_relationship),
+                        mode="simple",
+                        access_filter=access_filter,
                     )
+                )
+                relation_object_bundle = self.filter_objects(
+                    uuids, relation_object_data
+                )
+                uuids = uuids + [x["id"] for x in relation_object_bundle]
+                result = result + relation_object_bundle
+
             if no_custom_attributes:
                 del entity["x_opencti_id"]
             # Export
@@ -2065,12 +2120,16 @@ class OpenCTIStix2:
                         {"type": entity_object["entity_type"]}
                     ),
                 )
-                entity_object_data = do_read(id=entity_object["id"])
+
+                query_filters = self.prepare_id_filters_export(
+                    entity_object["id"], access_filter
+                )
+                entity_object_data = do_read(filters=query_filters)
                 if entity_object_data is not None:
                     stix_entity_object = self.prepare_export(
-                        self.generate_export(entity_object_data),
-                        "simple",
-                        max_marking_definition_entity,
+                        entity=self.generate_export(entity_object_data),
+                        mode="simple",
+                        access_filter=access_filter,
                     )
                     # Add to result
                     entity_object_bundle = self.filter_objects(
@@ -2078,9 +2137,18 @@ class OpenCTIStix2:
                     )
                     uuids = uuids + [x["id"] for x in entity_object_bundle]
                     result = result + entity_object_bundle
-            for relation_object in relations_to_get:
+            for (
+                relation_object
+            ) in relations_to_get:  # never appended after initialization
+
+                def find_relation_object_data(current_relation_object):
+                    return current_relation_object.id == relation_object["id"]
+
                 relation_object_data = self.prepare_export(
-                    self.opencti.stix_core_relationship.read(id=relation_object["id"])
+                    entity=filter(
+                        find_relation_object_data,
+                        self.opencti.stix_core_relationship.list(filters=access_filter),
+                    )
                 )
                 relation_object_bundle = self.filter_objects(
                     uuids, relation_object_data
@@ -2097,7 +2165,6 @@ class OpenCTIStix2:
                         report_object_data = self.opencti.report.to_stix2(
                             entity=report,
                             mode="simple",
-                            max_marking_definition_entity=max_marking_definition_entity,
                         )
                         report_object_bundle = self.filter_objects(
                             uuids, report_object_data
@@ -2116,7 +2183,6 @@ class OpenCTIStix2:
             #            note_object_data = self.opencti.note.to_stix2(
             #                entity=note,
             #                mode="simple",
-            #                max_marking_definition_entity=max_marking_definition_entity,
             #            )
             #            note_object_bundle = self.filter_objects(
             #                uuids, note_object_data
@@ -2145,20 +2211,15 @@ class OpenCTIStix2:
         else:
             return []
 
-    def export_entity(
+    def get_stix_bundle_or_object_from_entity_id(
         self,
         entity_type: str,
         entity_id: str,
         mode: str = "simple",
-        max_marking_definition: Dict = None,
+        access_filter: Dict = None,
         no_custom_attributes: bool = False,
         only_entity: bool = False,
     ) -> Dict:
-        max_marking_definition_entity = (
-            self.opencti.marking_definition.read(id=max_marking_definition)
-            if max_marking_definition is not None
-            else None
-        )
         bundle = {
             "type": "bundle",
             "id": "bundle--" + str(uuid.uuid4()),
@@ -2174,11 +2235,8 @@ class OpenCTIStix2:
         if LocationTypes.has_value(entity_type):
             entity_type = "Location"
 
-        # Reader
-        reader = self.get_readers()
-        if StixCyberObservableTypes.has_value(entity_type):
-            entity_type = "Stix-Cyber-Observable"
-        do_read = reader.get(
+        readers = self.get_readers()
+        do_read = readers.get(
             entity_type, lambda **kwargs: self.unknown_type({"type": entity_type})
         )
         entity = do_read(id=entity_id)
@@ -2189,10 +2247,10 @@ class OpenCTIStix2:
             return bundle
         entity_standard_id = entity["standard_id"]
         stix_objects = self.prepare_export(
-            self.generate_export(entity, no_custom_attributes),
-            mode,
-            max_marking_definition_entity,
-            no_custom_attributes,
+            entity=self.generate_export(entity, no_custom_attributes),
+            mode=mode,
+            access_filter=access_filter,
+            no_custom_attributes=no_custom_attributes,
         )
         if stix_objects is not None:
             bundle["objects"].extend(stix_objects)
@@ -2202,15 +2260,35 @@ class OpenCTIStix2:
             ]
         return bundle
 
+    # Please use get_stix_bundle_or_object_from_entity_id instead
+    @DeprecationWarning
+    def export_entity(
+        self,
+        entity_type: str,
+        entity_id: str,
+        mode: str = "simple",
+        access_filter: Dict = None,
+        no_custom_attributes: bool = False,
+        only_entity: bool = False,
+    ) -> Dict:
+        return self.get_stix_bundle_or_object_from_entity_id(
+            entity_type=entity_type,
+            entity_id=entity_id,
+            mode=mode,
+            access_filter=access_filter,
+            no_custom_attributes=no_custom_attributes,
+            only_entity=only_entity,
+        )
+
     def export_entities_list(
         self,
         entity_type: str,
         search: Dict = None,
-        filters: List = None,
+        filters: Dict = None,
         orderBy: str = None,
         orderMode: str = None,
         getAll: bool = True,
-    ) -> Dict:
+    ) -> [Dict]:
         if IdentityTypes.has_value(entity_type):
             entity_type = "Identity"
 
@@ -2279,26 +2357,31 @@ class OpenCTIStix2:
         self,
         entity_type: str,
         search: Dict = None,
-        filters: List = None,
+        filters: Dict = None,
         order_by: str = None,
         order_mode: str = None,
         mode: str = "simple",
-        max_marking_definition: Dict = None,
+        access_filter: Dict = None,
     ) -> Dict:
-        max_marking_definition_entity = (
-            self.opencti.marking_definition.read(id=max_marking_definition)
-            if max_marking_definition is not None
-            else None
-        )
         bundle = {
             "type": "bundle",
             "id": "bundle--" + str(uuid.uuid4()),
             "objects": [],
         }
+        filter_groups = []
+        if filters is not None:
+            filter_groups.append(filters)
+        if access_filter is not None:
+            filter_groups.append(access_filter)
+        export_query_filter = {
+            "mode": "and",
+            "filterGroups": filter_groups,
+            "filters": [],
+        }
         entities_list = self.export_entities_list(
             entity_type=entity_type,
             search=search,
-            filters=filters,
+            filters=export_query_filter,
             orderBy=order_by,
             orderMode=order_mode,
             getAll=True,
@@ -2307,9 +2390,9 @@ class OpenCTIStix2:
             uuids = []
             for entity in entities_list:
                 entity_bundle = self.prepare_export(
-                    self.generate_export(entity),
-                    mode,
-                    max_marking_definition_entity,
+                    entity=self.generate_export(entity),
+                    mode=mode,
+                    access_filter=access_filter,
                 )
                 if entity_bundle is not None:
                     entity_bundle_filtered = self.filter_objects(uuids, entity_bundle)
@@ -2320,33 +2403,32 @@ class OpenCTIStix2:
 
     def export_selected(
         self,
-        entities_list: [str],
+        entities_list: [dict],
         mode: str = "simple",
-        max_marking_definition: Dict = None,
+        access_filter: Dict = None,
     ) -> Dict:
-        max_marking_definition_entity = (
-            self.opencti.marking_definition.read(id=max_marking_definition)
-            if max_marking_definition is not None
-            else None
-        )
+
         bundle = {
             "type": "bundle",
             "id": "bundle--" + str(uuid.uuid4()),
             "objects": [],
         }
-        if entities_list is not None:
-            uuids = []
-            for entity in entities_list:
-                entity_bundle = self.prepare_export(
-                    self.generate_export(entity),
-                    mode,
-                    max_marking_definition_entity,
-                )
-                if entity_bundle is not None:
-                    entity_bundle_filtered = self.filter_objects(uuids, entity_bundle)
-                    for x in entity_bundle_filtered:
-                        uuids.append(x["id"])
-                    bundle["objects"] = bundle["objects"] + entity_bundle_filtered
+
+        uuids = []
+        for entity in entities_list:
+            entity_bundle = self.prepare_export(
+                entity=self.generate_export(entity),
+                mode=mode,
+                access_filter=access_filter,
+            )
+            if entity_bundle is not None:
+                entity_bundle_filtered = self.filter_objects(uuids, entity_bundle)
+                for x in entity_bundle_filtered:
+                    uuids.append(x["id"])
+                bundle["objects"] = (
+                    bundle["objects"] + entity_bundle_filtered
+                )  # unsupported operand type(s) for +: 'dict' and 'list'
+
         return bundle
 
     def import_bundle(

{pycti-6.0.10.dist-info → pycti-6.1.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pycti
-Version: 6.0.10
+Version: 6.1.1
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran
@@ -42,7 +42,7 @@ Requires-Dist: pre-commit ~=3.7.0 ; extra == 'dev'
 Requires-Dist: pytest-cases ~=3.8.0 ; extra == 'dev'
 Requires-Dist: pytest-cov ~=5.0.0 ; extra == 'dev'
 Requires-Dist: pytest-randomly ~=3.15.0 ; extra == 'dev'
-Requires-Dist: pytest ~=8.1.1 ; extra == 'dev'
+Requires-Dist: pytest ~=8.2.0 ; extra == 'dev'
 Requires-Dist: types-python-dateutil ~=2.9.0 ; extra == 'dev'
 Requires-Dist: wheel ~=0.43.0 ; extra == 'dev'
 Provides-Extra: doc

{pycti-6.0.10.dist-info → pycti-6.1.1.dist-info}/RECORD

@@ -1,17 +1,17 @@
-pycti/__init__.py,sha256=Ya18bCudQaEK_R_aYZlT8maVpKNSKDVKY6QvcBR36yA,5036
+pycti/__init__.py,sha256=ef2UbUNokMidzoypuzd5uAVwhY5q-cU73jsqRdYXVEA,5035
 pycti/api/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pycti/api/opencti_api_client.py,sha256=pMOXPMF7qPo484FJqKckH1F-PHn8HWZP2XMe8NXeSSU,29072
+pycti/api/opencti_api_client.py,sha256=fDeVJjExlsrTNYRf28LYhifz901JkdOZueCdvvko36Y,29575
 pycti/api/opencti_api_connector.py,sha256=fYF0Jy9KIMFNt1RC_A1rpWomVJ-oj5HiSsBem4W0J5U,3549
-pycti/api/opencti_api_playbook.py,sha256=Wcf-G__IHmR7LwtUFVUVx4Skg9e2mcb89n_HyfWC9YM,1383
+pycti/api/opencti_api_playbook.py,sha256=OkqDawpnMYIHz5sD4djlJ_KgORkfvQ7YbJwttxE-ea8,1470
 pycti/api/opencti_api_work.py,sha256=JLfl7oy6Cq9IrYW_kUrqwzN46FoVzyIn1JJQKyK0h_w,7615
 pycti/connector/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/connector/opencti_connector.py,sha256=0vrZ8Y8ecbxegAP1YhpX6ybOZahYjjOkcId51D1oBi4,2449
-pycti/connector/opencti_connector_helper.py,sha256=m2KFgmku_EYXpud-pz03JeNGVftzlX_zAbmN3xWSAts,60399
+pycti/connector/opencti_connector_helper.py,sha256=knJ4fWDTMouVcD_o00UfjHr_jVerrzudl9Aqhu1BigM,60606
 pycti/connector/opencti_metric_handler.py,sha256=4jXHeJflomtHjuQ_YU0b36TG7o26vOWbY_jvU8Ezobs,3725
 pycti/entities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/entities/opencti_attack_pattern.py,sha256=ycAR0cReJ1dd_edQPAL6qBrFvvTx10GJFMTezyK91cg,21471
 pycti/entities/opencti_campaign.py,sha256=YHEN7hdY-E-1uVNyaZHCv9QPLALvOY08ErOzUKcvr6c,17107
-pycti/entities/opencti_case_incident.py,sha256=aoV-uj9VSvAczQot5_wao_07JomllLHjO76_deWAhUg,33699
+pycti/entities/opencti_case_incident.py,sha256=BEP22Itt7-ZxMBwMNMHO7sbS8XfNSfiy0Y7chuOgWJ4,33699
 pycti/entities/opencti_case_rfi.py,sha256=wboFfQQnE7qjnqnLsw2nxmGAjH1eYjVgayKKAk7a8pI,31876
 pycti/entities/opencti_case_rft.py,sha256=RIefvKibRZ_Qrk4uybEGxnwJ2SAquPXYm4-uJ8RUskg,32760
 pycti/entities/opencti_channel.py,sha256=cA8ltYJpB43rUSKvCPyLUJvtdb_RSJ4tuuUdi_EMF2Q,16608
@@ -26,7 +26,7 @@ pycti/entities/opencti_identity.py,sha256=YKTQugOSwyxSoMRWSdMWZkagidTbYQzi-Q1aEW
 pycti/entities/opencti_incident.py,sha256=KAaqn0mnlyIKJ2whtbK0Eg8AbfQfxKvppS9hyfn_04s,18553
 pycti/entities/opencti_indicator.py,sha256=Kcy1BQQ1-P5OcsFHSzqHHDk0KGM6MhjzPwJiPCRShO0,27581
 pycti/entities/opencti_infrastructure.py,sha256=hpzlSP8yQCSjYyOvX_oynBJq0YMp-Uq7PRhP_L6j9wk,19353
-pycti/entities/opencti_intrusion_set.py,sha256=VTRjoAI6xSGrVmSpPFzsQ5KQJwrD__QdqVog3AhLwQk,17985
+pycti/entities/opencti_intrusion_set.py,sha256=MXubQhDZ6LE69z1Wj8agAZNOrGeKiXU4IZs_9B0Expg,18957
 pycti/entities/opencti_kill_chain_phase.py,sha256=a509rFeIchPRlO5rMHPVxrxfUuTbV4znh6e_NJHC66I,8062
 pycti/entities/opencti_label.py,sha256=6RZJPIa_dXf_YNNU4xXKghfBnpNjhU5YXOaSIcB4YrM,8800
 pycti/entities/opencti_language.py,sha256=eHB7qzf_l2Mno_Wy9kF0QUdcBktWgr4kRHhb9AxT0c0,16176
@@ -38,14 +38,14 @@ pycti/entities/opencti_narrative.py,sha256=qiuFQub04pvArYf5hHJEgZtneR7p-VQq5Yywi
 pycti/entities/opencti_note.py,sha256=tGxOzSJiiHYZNrCpiVnvwY_qiBYURQ0G5wgL9dSWmhE,29938
 pycti/entities/opencti_observed_data.py,sha256=1WFOJLxOh3k-3cWvnyIiEk0hF92tpk5ohvPHeR2zVG4,30550
 pycti/entities/opencti_opinion.py,sha256=SPcY8-0zRJCMle-eDLka-CFPyAqU3CnVVBtfVYhzyJE,21837
-pycti/entities/opencti_report.py,sha256=tSMSCsAGgZny94EjFtidEws7Uf0gBI-nPHwkqPg2Elc,33037
+pycti/entities/opencti_report.py,sha256=zKoq3Kpo3afvFsw0QCBOaeVm9J_xRMBOZfJC7ZPRaRg,33580
 pycti/entities/opencti_stix.py,sha256=uMheSg8i1f2Ozx2Mk0iShWzHHjj6MMWDtV5nDjVxKEE,2275
-pycti/entities/opencti_stix_core_object.py,sha256=R6GEDfXCPYvK4qrh9XbZsUEscvDYP8yo4Rjcvqx0_W0,48868
+pycti/entities/opencti_stix_core_object.py,sha256=3jABOB_-vm2CSB6LU3ylxpSj_oixRCcfU3T10n2_MFU,49559
 pycti/entities/opencti_stix_core_relationship.py,sha256=cD825areOn2quv06M28YGE7A3bTQ8_Pxx1QW6JyoQBs,42895
-pycti/entities/opencti_stix_cyber_observable.py,sha256=WOVefLN_M_nWTZ7GOGNmPJ3F6jmuIIYb0w07DuYKMVo,106395
-pycti/entities/opencti_stix_domain_object.py,sha256=04q7gQZ-hgpsjsyvXh6VOYmRJOPwOrdAPlzUmzlM5mc,77998
+pycti/entities/opencti_stix_cyber_observable.py,sha256=EOJuXeSmFcm4oI2rPOqxZ8QZq_ej_CTkYgCTtUkZwsk,106785
+pycti/entities/opencti_stix_domain_object.py,sha256=QI6uBbefNC_PQSwl0O5KpG4cWqa-15mIju8dwREzooU,78504
 pycti/entities/opencti_stix_nested_ref_relationship.py,sha256=2r1i7cUl-WWictlnC_MJrm9sTIt_yJe2uqTpQm-yo6o,12330
-pycti/entities/opencti_stix_object_or_stix_relationship.py,sha256=NOJdUU9cm_gMBne13EZPb8cfxOhTfgVVmv8A0yasQeI,14610
+pycti/entities/opencti_stix_object_or_stix_relationship.py,sha256=x0LWqMqaqqIPgQnLgw7Q2qPoXK4fZix8-KsQnmZaIOw,17696
 pycti/entities/opencti_stix_sighting_relationship.py,sha256=AmX1LBS8cW5a_dlik_sx-nBDvUcqb193gs4m3pB9C5U,27584
 pycti/entities/opencti_task.py,sha256=y4Q2vC-eLccX-yna85GnnCFEKWFJAWQcflNbkr9BClo,24668
 pycti/entities/opencti_threat_actor.py,sha256=lRdPhXX_HsNSE5rTwkke_U5T_FAPGD22ow2-YeZdaYc,9950
@@ -55,14 +55,14 @@ pycti/entities/opencti_tool.py,sha256=RJrBywXI7TfWvgga6M9hH4YBl32dsvro2z42V_EgzG
 pycti/entities/opencti_vocabulary.py,sha256=6JfOByggvSxvkfIXk1b60T7fyWOhxZ6YFkGbSeV8F-4,5988
 pycti/entities/opencti_vulnerability.py,sha256=dzJ0fZB2XrkPwT-cANr6atzYOWXF5nk0al86X7o2ZTo,20094
 pycti/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pycti/utils/constants.py,sha256=Yj6fORQqlY7d7FTZC_lH-FS2-hvM_NvlwpCaPCy4_Gs,10636
+pycti/utils/constants.py,sha256=Gj0fz94p0ApjCUCUqBQpFTfNslT021HS2w6M8azqXBY,10601
 pycti/utils/opencti_logger.py,sha256=0dvB75V0SuPFGxL539dAQrxTt1N5Acx0A3Ogwl5WMJ8,2199
-pycti/utils/opencti_stix2.py,sha256=Xo-YDH-6ov4JFBi1MutBITcdKPeQJdkL3qwlWAozV7s,112766
+pycti/utils/opencti_stix2.py,sha256=DB48oDbAKyEwwowHU7_0_p9Y74hXRMaA0IkJ-eschYU,115786
 pycti/utils/opencti_stix2_splitter.py,sha256=Ht9Mp-W3gbwxIKEr7i_5NYpcDr3TA2gYdC4TzOz0G4c,4496
 pycti/utils/opencti_stix2_update.py,sha256=CnMyqkeVA0jgyxEcgqna8sABU4YPMjkEJ228GVurIn4,14658
 pycti/utils/opencti_stix2_utils.py,sha256=4r9qglN3AIN8JH1B9Ts2o20Qn3K203M4c5-lIPzRpZ4,4138
-pycti-6.0.10.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-pycti-6.0.10.dist-info/METADATA,sha256=A16k5ptxplOTpIyAxc4gqQB0qA7e1m9xMYb5_NPOrdQ,5314
-pycti-6.0.10.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-pycti-6.0.10.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
-pycti-6.0.10.dist-info/RECORD,,
+pycti-6.1.1.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+pycti-6.1.1.dist-info/METADATA,sha256=HiieXOK5ea_MGzOWNessuVTMkCCMbk9H4mUz9YDfED4,5313
+pycti-6.1.1.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+pycti-6.1.1.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
+pycti-6.1.1.dist-info/RECORD,,