pycti 6.0.10__tar.gz → 6.1.1__tar.gz

{pycti-6.0.10 → pycti-6.1.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pycti
-Version: 6.0.10
+Version: 6.1.1
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran
@@ -42,7 +42,7 @@ Requires-Dist: pre-commit~=3.7.0; extra == "dev"
 Requires-Dist: pytest-cases~=3.8.0; extra == "dev"
 Requires-Dist: pytest-cov~=5.0.0; extra == "dev"
 Requires-Dist: pytest_randomly~=3.15.0; extra == "dev"
-Requires-Dist: pytest~=8.1.1; extra == "dev"
+Requires-Dist: pytest~=8.2.0; extra == "dev"
 Requires-Dist: types-python-dateutil~=2.9.0; extra == "dev"
 Requires-Dist: wheel~=0.43.0; extra == "dev"
 Provides-Extra: doc

{pycti-6.0.10 → pycti-6.1.1}/pycti/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.0.10"
+__version__ = "6.1.1"
 
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector

{pycti-6.0.10 → pycti-6.1.1}/pycti/api/opencti_api_client.py

@@ -207,6 +207,12 @@ class OpenCTIApiClient:
     def set_applicant_id_header(self, applicant_id):
         self.request_headers["opencti-applicant-id"] = applicant_id
 
+    def set_playbook_id_header(self, playbook_id):
+        self.request_headers["opencti-playbook-id"] = playbook_id
+
+    def set_event_id(self, event_id):
+        self.request_headers["opencti-event-id"] = event_id
+
     def set_synchronized_upsert_header(self, synchronized):
         self.request_headers["synchronized-upsert"] = (
             "true" if synchronized is True else "false"
@@ -616,18 +622,19 @@ class OpenCTIApiClient:
         """upload a file to OpenCTI API
 
         :param `**kwargs`: arguments for file upload (required: `file_name` and `data`)
-        :return: returns the query respons for the file upload
+        :return: returns the query response for the file upload
         :rtype: dict
         """
 
         file_name = kwargs.get("file_name", None)
+        file_markings = kwargs.get("file_markings", None)
         data = kwargs.get("data", None)
         mime_type = kwargs.get("mime_type", "text/plain")
         if file_name is not None:
             self.app_logger.info("Uploading a file.")
             query = """
-                mutation UploadImport($file: Upload!) {
-                    uploadImport(file: $file) {
+                mutation UploadImport($file: Upload!, $fileMarkings: [String]) {
+                    uploadImport(file: $file, fileMarkings: $fileMarkings) {
                         id
                         name
                     }
@@ -639,8 +646,11 @@ class OpenCTIApiClient:
                     mime_type = "application/json"
                 else:
                     mime_type = magic.from_file(file_name, mime=True)
-
-            return self.query(query, {"file": (File(file_name, data, mime_type))})
+            query_vars = {"file": (File(file_name, data, mime_type))}
+            # optional file markings
+            if file_markings is not None:
+                query_vars["fileMarkings"] = file_markings
+            return self.query(query, query_vars)
         else:
             self.app_logger.error("[upload] Missing parameter: file_name")
             return None

{pycti-6.0.10 → pycti-6.1.1}/pycti/api/opencti_api_playbook.py

@@ -9,14 +9,15 @@ class OpenCTIApiPlaybook:
             "Executing playbook step", {"playbook_id": playbook["playbook_id"]}
         )
         query = """
-            mutation PlaybookStepExecution($execution_id: ID!, $execution_start: DateTime!, $data_instance_id: ID!, $playbook_id: ID!, $previous_step_id: ID!, $step_id: ID!, $previous_bundle: String!, $bundle: String!) {
-                playbookStepExecution(execution_id: $execution_id, execution_start: $execution_start, data_instance_id: $data_instance_id, playbook_id: $playbook_id, previous_step_id: $previous_step_id, step_id: $step_id, previous_bundle: $previous_bundle, bundle: $bundle)
+            mutation PlaybookStepExecution($execution_id: ID!, $event_id: ID!, $execution_start: DateTime!, $data_instance_id: ID!, $playbook_id: ID!, $previous_step_id: ID!, $step_id: ID!, $previous_bundle: String!, $bundle: String!) {
+                playbookStepExecution(execution_id: $execution_id, event_id: $event_id, execution_start: $execution_start, data_instance_id: $data_instance_id, playbook_id: $playbook_id, previous_step_id: $previous_step_id, step_id: $step_id, previous_bundle: $previous_bundle, bundle: $bundle)
             }
            """
         self.api.query(
             query,
             {
                 "execution_id": playbook["execution_id"],
+                "event_id": playbook["event_id"],
                 "execution_start": playbook["execution_start"],
                 "playbook_id": playbook["playbook_id"],
                 "data_instance_id": playbook["data_instance_id"],

{pycti-6.0.10 → pycti-6.1.1}/pycti/connector/opencti_connector_helper.py

@@ -282,18 +282,20 @@ class ListenQueue(threading.Thread):
                 is_playbook = "playbook" in json_data["internal"]
                 # If playbook, compute object on data bundle
                 if is_playbook:
-                    execution_id = json_data["internal"]["playbook"]["execution_id"]
                     execution_start = self.helper.date_now()
-                    playbook_id = json_data["internal"]["playbook"]["playbook_id"]
-                    data_instance_id = json_data["internal"]["playbook"][
+                    event_id = json_data["internal"]["playbook"].get("event_id")
+                    execution_id = json_data["internal"]["playbook"].get("execution_id")
+                    playbook_id = json_data["internal"]["playbook"].get("playbook_id")
+                    data_instance_id = json_data["internal"]["playbook"].get(
                         "data_instance_id"
-                    ]
+                    )
                     previous_bundle = json.dumps((json_data["event"]["bundle"]))
                     step_id = json_data["internal"]["playbook"]["step_id"]
                     previous_step_id = json_data["internal"]["playbook"][
                         "previous_step_id"
                     ]
                     playbook_data = {
+                        "event_id": event_id,
                         "execution_id": execution_id,
                         "execution_start": execution_start,
                         "playbook_id": playbook_id,
@@ -312,7 +314,9 @@ class ListenQueue(threading.Thread):
                     # If not playbook but enrichment, compute object on enrichment_entity
                     opencti_entity = event_data["enrichment_entity"]
                     stix_objects = self.helper.api.stix2.prepare_export(
-                        self.helper.api.stix2.generate_export(copy.copy(opencti_entity))
+                        entity=self.helper.api.stix2.generate_export(
+                            copy.copy(opencti_entity)
+                        )
                     )
                     stix_entity = [
                         e
@@ -1565,7 +1569,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         if bundle is None:
             # Generate bundle
             stix_objects = self.api.stix2.prepare_export(
-                self.api.stix2.generate_export(copy.copy(opencti_entity))
+                entity=self.api.stix2.generate_export(copy.copy(opencti_entity))
             )
         else:
             stix_objects = bundle["objects"]

{pycti-6.0.10 → pycti-6.1.1}/pycti/entities/opencti_case_incident.py

@@ -530,7 +530,7 @@ class CaseIncident:
             data = self.opencti.process_multiple(result["data"]["caseIncidents"])
             final_data = final_data + data
             while result["data"]["caseIncidents"]["pageInfo"]["hasNextPage"]:
-                after = result["date"]["caseIncidents"]["pageInfo"]["endCursor"]
+                after = result["data"]["caseIncidents"]["pageInfo"]["endCursor"]
                 self.opencti.app_logger.info("Listing Case Incidents", {"after": after})
                 result = self.opencti.query(
                     query,

{pycti-6.0.10 → pycti-6.1.1}/pycti/entities/opencti_intrusion_set.py

@@ -275,20 +275,40 @@ class IntrusionSet:
             }
         """
         )
-        result = self.opencti.query(
-            query,
-            {
-                "filters": filters,
-                "search": search,
-                "first": first,
-                "after": after,
-                "orderBy": order_by,
-                "orderMode": order_mode,
-            },
-        )
-        return self.opencti.process_multiple(
-            result["data"]["intrusionSets"], with_pagination
-        )
+        variables = {
+            "filters": filters,
+            "search": search,
+            "first": first,
+            "after": after,
+            "orderBy": order_by,
+            "orderMode": order_mode,
+        }
+        result = self.opencti.query(query, variables)
+        if get_all:
+            final_data = []
+            data = self.opencti.process_multiple(result["data"]["intrusionSets"])
+            final_data = final_data + data
+            while result["data"]["intrusionSets"]["pageInfo"]["hasNextPage"]:
+                after = result["data"]["intrusionSets"]["pageInfo"]["endCursor"]
+                self.opencti.app_logger.info("Listing Intrusion-Sets", {"after": after})
+                result = self.opencti.query(
+                    query,
+                    {
+                        "filters": filters,
+                        "search": search,
+                        "first": first,
+                        "after": after,
+                        "orderBy": order_by,
+                        "orderMode": order_mode,
+                    },
+                )
+                data = self.opencti.process_multiple(result["data"]["intrusionSets"])
+                final_data = final_data + data
+            return final_data
+        else:
+            return self.opencti.process_multiple(
+                result["data"]["intrusionSets"], with_pagination
+            )
 
     """
         Read a Intrusion-Set object

{pycti-6.0.10 → pycti-6.1.1}/pycti/entities/opencti_report.py

@@ -466,6 +466,19 @@ class Report:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "report--" + id
 
+    @staticmethod
+    def generate_fixed_fake_id(name, published=None):
+        name = name.lower().strip()
+        if isinstance(published, datetime.datetime):
+            published = published.isoformat()
+        if published is not None:
+            data = {"name": name, "published": published, "fake": "fake"}
+        else:
+            data = {"name": name, "fake": "fake"}
+        data = canonicalize(data, utf8=False)
+        id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
+        return "report--" + id
+
     """
         List Report objects
 

{pycti-6.0.10 → pycti-6.1.1}/pycti/entities/opencti_stix_core_object.py

@@ -435,9 +435,18 @@ class StixCoreObject:
                         }
                     }
                 }
-            }      
+            }
             ... on StixCyberObservable {
                 observable_value
+                indicators {
+                    edges {
+                        node {
+                            id
+                            pattern
+                            pattern_type
+                        }
+                    }
+                }
             }
             ... on AutonomousSystem {
                 number
@@ -1090,9 +1099,18 @@ class StixCoreObject:
                         }
                     }
                 }
-            }      
+            }
             ... on StixCyberObservable {
                 observable_value
+                indicators {
+                    edges {
+                        node {
+                            id
+                            pattern
+                            pattern_type
+                        }
+                    }
+                }
             }
             ... on AutonomousSystem {
                 number
@@ -1459,13 +1477,21 @@ class StixCoreObject:
         return entity["importFiles"]
 
     def push_list_export(
-        self, entity_id, entity_type, file_name, data, list_filters="", mime_type=None
+        self,
+        entity_id,
+        entity_type,
+        file_name,
+        file_markings,
+        data,
+        list_filters="",
+        mime_type=None,
     ):
         query = """
-            mutation StixCoreObjectsExportPush($entity_id: String, $entity_type: String!, $file: Upload!, $listFilters: String) {
-                stixCoreObjectsExportPush(entity_id: $entity_id, entity_type: $entity_type, file: $file, listFilters: $listFilters)
+            mutation StixCoreObjectsExportPush($entity_id: String, $entity_type: String!, $file: Upload!, $file_markings: [String]!, $listFilters: String) {
+                stixCoreObjectsExportPush(entity_id: $entity_id, entity_type: $entity_type, file: $file, file_markings: $file_markings, listFilters: $listFilters)
             }
         """
+
         if mime_type is None:
             file = self.file(file_name, data)
         else:
@@ -1476,6 +1502,7 @@ class StixCoreObject:
                 "entity_id": entity_id,
                 "entity_type": entity_type,
                 "file": file,
+                "file_markings": file_markings,
                 "listFilters": list_filters,
             },
         )

{pycti-6.0.10 → pycti-6.1.1}/pycti/entities/opencti_stix_cyber_observable.py

@@ -2316,11 +2316,30 @@ class StixCyberObservable:
             return False
 
     def push_list_export(
-        self, entity_id, entity_type, file_name, data, list_filters="", mime_type=None
+        self,
+        entity_id,
+        entity_type,
+        file_name,
+        file_markings,
+        data,
+        list_filters="",
+        mime_type=None,
     ):
         query = """
-            mutation StixCyberObservablesExportPush($entity_id: String, $entity_type: String!, $file: Upload!, $listFilters: String) {
-                stixCyberObservablesExportPush(entity_id: $entity_id, entity_type: $entity_type, file: $file, listFilters: $listFilters)
+            mutation StixCyberObservablesExportPush(
+                $entity_id: String,
+                $entity_type: String!,
+                $file: Upload!,
+                $file_markings: [String]!,
+                $listFilters: String
+            ) {
+                stixCyberObservablesExportPush(
+                    entity_id: $entity_id,
+                    entity_type: $entity_type,
+                    file: $file,
+                    file_markings: $file_markings,
+                    listFilters: $listFilters
+                )
             }
         """
         if mime_type is None:
@@ -2333,6 +2352,7 @@ class StixCyberObservable:
                 "entity_id": entity_id,
                 "entity_type": entity_type,
                 "file": file,
+                "file_markings": file_markings,
                 "listFilters": list_filters,
             },
         )

{pycti-6.0.10 → pycti-6.1.1}/pycti/entities/opencti_stix_domain_object.py

@@ -1325,11 +1325,18 @@ class StixDomainObject:
             return None
 
     def push_list_export(
-        self, entity_id, entity_type, file_name, data, list_filters="", mime_type=None
+        self,
+        entity_id,
+        entity_type,
+        file_name,
+        file_markings,
+        data,
+        list_filters="",
+        mime_type=None,
     ):
         query = """
-            mutation StixDomainObjectsExportPush($entity_id: String, $entity_type: String!, $file: Upload!, $listFilters: String) {
-                stixDomainObjectsExportPush(entity_id: $entity_id, entity_type: $entity_type, file: $file, listFilters: $listFilters)
+            mutation StixDomainObjectsExportPush($entity_id: String, $entity_type: String!, $file: Upload!, $file_markings: [String]!, $listFilters: String) {
+                stixDomainObjectsExportPush(entity_id: $entity_id, entity_type: $entity_type, file: $file,  file_markings: $file_markings, listFilters: $listFilters)
             }
         """
         if mime_type is None:
@@ -1342,15 +1349,26 @@ class StixDomainObject:
                 "entity_id": entity_id,
                 "entity_type": entity_type,
                 "file": file,
+                "file_markings": file_markings,
                 "listFilters": list_filters,
             },
         )
 
-    def push_entity_export(self, entity_id, file_name, data, mime_type=None):
+    def push_entity_export(
+        self, entity_id, file_name, data, file_markings=None, mime_type=None
+    ):
+        if file_markings is None:
+            file_markings = []
         query = """
-            mutation StixDomainObjectEdit($id: ID!, $file: Upload!) {
+            mutation StixDomainObjectEdit(
+                $id: ID!, $file: Upload!,
+                $file_markings: [String]!
+            ) {
                 stixDomainObjectEdit(id: $id) {
-                    exportPush(file: $file)
+                    exportPush(
+                        file: $file,
+                        file_markings: $file_markings
+                    )
                 }
             }
         """
@@ -1358,7 +1376,9 @@ class StixDomainObject:
             file = self.file(file_name, data)
         else:
             file = self.file(file_name, data, mime_type)
-        self.opencti.query(query, {"id": entity_id, "file": file})
+        self.opencti.query(
+            query, {"id": entity_id, "file": file, "file_markings": file_markings}
+        )
 
     """
         Update the Identity author of a Stix-Domain-Object object (created_by)

{pycti-6.0.10 → pycti-6.1.1}/pycti/entities/opencti_stix_object_or_stix_relationship.py

@@ -1,3 +1,6 @@
+import json
+
+
 class StixObjectOrStixRelationship:
     def __init__(self, opencti):
         self.opencti = opencti
@@ -329,11 +332,15 @@ class StixObjectOrStixRelationship:
             }
             ... on Case {
                 name
-            }            
+            }
             ... on StixCyberObservable {
                 observable_value
             }
             ... on StixCoreRelationship {
+                id
+                standard_id
+                entity_type
+                parent_types
                 createdBy {
                     ... on Identity {
                         id
@@ -396,6 +403,10 @@ class StixObjectOrStixRelationship:
                 stop_time
             }
             ... on StixSightingRelationship {
+                id
+                standard_id
+                entity_type
+                parent_types
                 createdBy {
                     ... on Identity {
                         id
@@ -476,9 +487,9 @@ class StixObjectOrStixRelationship:
             )
             query = (
                 """
-                query StixObjectOrStixRelationship($id: String!) {
-                    stixObjectOrStixRelationship(id: $id) {
-                        """
+                    query StixObjectOrStixRelationship($id: String!) {
+                        stixObjectOrStixRelationship(id: $id) {
+                            """
                 + (
                     custom_attributes
                     if custom_attributes is not None
@@ -496,3 +507,76 @@ class StixObjectOrStixRelationship:
         else:
             self.opencti.app_logger.error("Missing parameters: id")
             return None
+
+    def list(self, **kwargs):
+        filters = kwargs.get("filters", None)
+        search = kwargs.get("search", None)
+        first = kwargs.get("first", 100)
+        after = kwargs.get("after", None)
+        get_all = kwargs.get("getAll", False)
+        with_pagination = kwargs.get("with_pagination", False)
+        custom_attributes = kwargs.get("customAttributes", None)
+
+        self.opencti.app_logger.info(
+            "Listing StixObjectOrStixRelationships with filters",
+            {"filters": json.dumps(filters)},
+        )
+        query = (
+            """
+                        query StixObjectOrStixRelationships($filters: FilterGroup, $search: String, $first: Int, $after: ID) {
+                            stixObjectOrStixRelationships(filters: $filters, search: $search, first: $first, after: $after) {
+                                edges {
+                                    node {
+                                        """
+            + (custom_attributes if custom_attributes is not None else self.properties)
+            + """
+                                }
+                            }
+                            pageInfo {
+                                startCursor
+                                endCursor
+                                hasNextPage
+                                hasPreviousPage
+                                globalCount
+                            }
+                        }
+                    }
+                """
+        )
+        variables = {
+            "filters": filters,
+            "search": search,
+            "first": first,
+            "after": after,
+        }
+        result = self.opencti.query(
+            query,
+            variables,
+        )
+
+        if get_all:
+            final_data = []
+            data = self.opencti.process_multiple(
+                result["data"]["stixObjectOrStixRelationships"]
+            )
+            final_data = final_data + data
+            while result["data"]["stixObjectOrStixRelationships"]["pageInfo"][
+                "hasNextPage"
+            ]:
+                after = result["data"]["stixObjectOrStixRelationships"]["pageInfo"][
+                    "endCursor"
+                ]
+                self.opencti.app_logger.info(
+                    "Listing stixObjectOrStixRelationships", {"after": after}
+                )
+                after_variables = {**variables, **{"after": after}}
+                result = self.opencti.query(query, after_variables)
+                data = self.opencti.process_multiple(
+                    result["data"]["stixObjectOrStixRelationships"]
+                )
+                final_data = final_data + data
+            return final_data
+        else:
+            return self.opencti.process_multiple(
+                result["data"]["stixObjectOrStixRelationships"], with_pagination
+            )

{pycti-6.0.10 → pycti-6.1.1}/pycti/utils/constants.py

@@ -129,7 +129,6 @@ class MultipleRefRelationship(Enum):
     CHILD = "child"
     BODY_MULTIPART = "body-multipart"
     VALUES = "values"
-    LINKED = "x_opencti_linked-to"
     SERVICE_DDL = "service-dll"
     INSTALLED_SOFTWARE = "installed-software"
     RELATION_ANALYSIS_SCO = "analysis-sco"