pycti 6.1.12__py3-none-any.whl → 6.2.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pycti might be problematic. Click here for more details.

Files changed (41) hide show
  1. pycti/__init__.py +1 -1
  2. pycti/connector/opencti_connector_helper.py +3 -1
  3. pycti/entities/indicator/__init__.py +0 -0
  4. pycti/entities/indicator/opencti_indicator_properties.py +256 -0
  5. pycti/entities/opencti_attack_pattern.py +11 -0
  6. pycti/entities/opencti_campaign.py +11 -0
  7. pycti/entities/opencti_case_rfi.py +11 -0
  8. pycti/entities/opencti_case_rft.py +11 -0
  9. pycti/entities/opencti_course_of_action.py +11 -0
  10. pycti/entities/opencti_data_component.py +11 -0
  11. pycti/entities/opencti_data_source.py +11 -0
  12. pycti/entities/opencti_feedback.py +11 -0
  13. pycti/entities/opencti_grouping.py +11 -0
  14. pycti/entities/opencti_identity.py +1 -3
  15. pycti/entities/opencti_indicator.py +7 -256
  16. pycti/entities/opencti_infrastructure.py +11 -0
  17. pycti/entities/opencti_location.py +11 -0
  18. pycti/entities/opencti_malware.py +1 -3
  19. pycti/entities/opencti_narrative.py +11 -0
  20. pycti/entities/opencti_note.py +11 -0
  21. pycti/entities/opencti_observed_data.py +11 -0
  22. pycti/entities/opencti_report.py +6 -3
  23. pycti/entities/opencti_stix_core_object.py +34 -0
  24. pycti/entities/opencti_stix_core_relationship.py +11 -2
  25. pycti/entities/opencti_stix_cyber_observable.py +29 -622
  26. pycti/entities/opencti_stix_sighting_relationship.py +6 -2
  27. pycti/entities/opencti_task.py +1 -3
  28. pycti/entities/opencti_threat_actor_group.py +11 -0
  29. pycti/entities/opencti_threat_actor_individual.py +11 -0
  30. pycti/entities/opencti_tool.py +11 -0
  31. pycti/entities/opencti_vulnerability.py +11 -0
  32. pycti/entities/stix_cyber_observable/__init__.py +0 -0
  33. pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_deprecated.py +56 -0
  34. pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py +604 -0
  35. pycti/utils/opencti_stix2.py +23 -2
  36. {pycti-6.1.12.dist-info → pycti-6.2.0.dist-info}/METADATA +4 -3
  37. pycti-6.2.0.dist-info/RECORD +73 -0
  38. {pycti-6.1.12.dist-info → pycti-6.2.0.dist-info}/WHEEL +1 -1
  39. pycti-6.1.12.dist-info/RECORD +0 -68
  40. {pycti-6.1.12.dist-info → pycti-6.2.0.dist-info}/LICENSE +0 -0
  41. {pycti-6.1.12.dist-info → pycti-6.2.0.dist-info}/top_level.txt +0 -0
pycti/entities/opencti_indicator.py CHANGED
@@ -5,6 +5,11 @@ import uuid
5
5
 
6
6
  from stix2.canonicalization.Canonicalize import canonicalize
7
7
 
8
+ from .indicator.opencti_indicator_properties import (
9
+ INDICATOR_PROPERTIES,
10
+ INDICATOR_PROPERTIES_WITH_FILES,
11
+ )
12
+
8
13
 
9
14
  class Indicator:
10
15
  """Main Indicator class for OpenCTI
@@ -14,262 +19,8 @@ class Indicator:
14
19
 
15
20
  def __init__(self, opencti):
16
21
  self.opencti = opencti
17
- self.properties = """
18
- id
19
- standard_id
20
- entity_type
21
- parent_types
22
- spec_version
23
- created_at
24
- updated_at
25
- creators {
26
- id
27
- name
28
- }
29
- createdBy {
30
- ... on Identity {
31
- id
32
- standard_id
33
- entity_type
34
- parent_types
35
- spec_version
36
- identity_class
37
- name
38
- description
39
- roles
40
- contact_information
41
- x_opencti_aliases
42
- created
43
- modified
44
- objectLabel {
45
- id
46
- value
47
- color
48
- }
49
- }
50
- ... on Organization {
51
- x_opencti_organization_type
52
- x_opencti_reliability
53
- }
54
- ... on Individual {
55
- x_opencti_firstname
56
- x_opencti_lastname
57
- }
58
- }
59
- objectOrganization {
60
- id
61
- standard_id
62
- name
63
- }
64
- objectMarking {
65
- id
66
- standard_id
67
- entity_type
68
- definition_type
69
- definition
70
- created
71
- modified
72
- x_opencti_order
73
- x_opencti_color
74
- }
75
- objectLabel {
76
- id
77
- value
78
- color
79
- }
80
- externalReferences {
81
- edges {
82
- node {
83
- id
84
- standard_id
85
- entity_type
86
- source_name
87
- description
88
- url
89
- hash
90
- external_id
91
- created
92
- modified
93
- }
94
- }
95
- }
96
- revoked
97
- confidence
98
- created
99
- modified
100
- pattern_type
101
- pattern_version
102
- pattern
103
- name
104
- description
105
- indicator_types
106
- valid_from
107
- valid_until
108
- x_opencti_score
109
- x_opencti_detection
110
- x_opencti_main_observable_type
111
- x_mitre_platforms
112
- observables {
113
- edges {
114
- node {
115
- id
116
- entity_type
117
- observable_value
118
- }
119
- }
120
- }
121
- killChainPhases {
122
- id
123
- standard_id
124
- entity_type
125
- kill_chain_name
126
- phase_name
127
- x_opencti_order
128
- created
129
- modified
130
- }
131
- """
132
- self.properties_with_files = """
133
- id
134
- standard_id
135
- entity_type
136
- parent_types
137
- spec_version
138
- created_at
139
- updated_at
140
- creators {
141
- id
142
- name
143
- }
144
- createdBy {
145
- ... on Identity {
146
- id
147
- standard_id
148
- entity_type
149
- parent_types
150
- spec_version
151
- identity_class
152
- name
153
- description
154
- roles
155
- contact_information
156
- x_opencti_aliases
157
- created
158
- modified
159
- objectLabel {
160
- id
161
- value
162
- color
163
- }
164
- }
165
- ... on Organization {
166
- x_opencti_organization_type
167
- x_opencti_reliability
168
- }
169
- ... on Individual {
170
- x_opencti_firstname
171
- x_opencti_lastname
172
- }
173
- }
174
- objectOrganization {
175
- id
176
- standard_id
177
- name
178
- }
179
- objectMarking {
180
- id
181
- standard_id
182
- entity_type
183
- definition_type
184
- definition
185
- created
186
- modified
187
- x_opencti_order
188
- x_opencti_color
189
- }
190
- objectLabel {
191
- id
192
- value
193
- color
194
- }
195
- externalReferences {
196
- edges {
197
- node {
198
- id
199
- standard_id
200
- entity_type
201
- source_name
202
- description
203
- url
204
- hash
205
- external_id
206
- created
207
- modified
208
- importFiles {
209
- edges {
210
- node {
211
- id
212
- name
213
- size
214
- metaData {
215
- mimetype
216
- version
217
- }
218
- }
219
- }
220
- }
221
- }
222
- }
223
- }
224
- revoked
225
- confidence
226
- created
227
- modified
228
- pattern_type
229
- pattern_version
230
- pattern
231
- name
232
- description
233
- indicator_types
234
- valid_from
235
- valid_until
236
- x_opencti_score
237
- x_opencti_detection
238
- x_opencti_main_observable_type
239
- x_mitre_platforms
240
- observables {
241
- edges {
242
- node {
243
- id
244
- entity_type
245
- observable_value
246
- }
247
- }
248
- }
249
- killChainPhases {
250
- id
251
- standard_id
252
- entity_type
253
- kill_chain_name
254
- phase_name
255
- x_opencti_order
256
- created
257
- modified
258
- }
259
- importFiles {
260
- edges {
261
- node {
262
- id
263
- name
264
- size
265
- metaData {
266
- mimetype
267
- version
268
- }
269
- }
270
- }
271
- }
272
- """
22
+ self.properties = INDICATOR_PROPERTIES
23
+ self.properties_with_files = INDICATOR_PROPERTIES_WITH_FILES
273
24
 
274
25
  @staticmethod
275
26
  def generate_id(pattern):
pycti/entities/opencti_infrastructure.py CHANGED
@@ -416,6 +416,7 @@ class Infrastructure:
416
416
  kill_chain_phases = kwargs.get("killChainPhases", None)
417
417
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
418
418
  granted_refs = kwargs.get("objectOrganization", None)
419
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
419
420
  update = kwargs.get("update", False)
420
421
 
421
422
  if name is not None:
@@ -453,6 +454,7 @@ class Infrastructure:
453
454
  "last_seen": last_seen,
454
455
  "killChainPhases": kill_chain_phases,
455
456
  "x_opencti_stix_ids": x_opencti_stix_ids,
457
+ "x_opencti_workflow_id": x_opencti_workflow_id,
456
458
  "update": update,
457
459
  }
458
460
  },
@@ -487,6 +489,10 @@ class Infrastructure:
487
489
  stix_object["x_opencti_granted_refs"] = (
488
490
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
489
491
  )
492
+ if "x_opencti_workflow_id" not in stix_object:
493
+ stix_object["x_opencti_workflow_id"] = (
494
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
495
+ )
490
496
 
491
497
  return self.create(
492
498
  stix_id=stix_object["id"],
@@ -546,6 +552,11 @@ class Infrastructure:
546
552
  if "x_opencti_granted_refs" in stix_object
547
553
  else None
548
554
  ),
555
+ x_opencti_workflow_id=(
556
+ stix_object["x_opencti_workflow_id"]
557
+ if "x_opencti_workflow_id" in stix_object
558
+ else None
559
+ ),
549
560
  update=update,
550
561
  )
551
562
  else:
pycti/entities/opencti_location.py CHANGED
@@ -350,6 +350,7 @@ class Location:
350
350
  precision = kwargs.get("precision", None)
351
351
  x_opencti_aliases = kwargs.get("x_opencti_aliases", None)
352
352
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
353
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
353
354
  update = kwargs.get("update", False)
354
355
 
355
356
  if name is not None:
@@ -386,6 +387,7 @@ class Location:
386
387
  "precision": precision,
387
388
  "x_opencti_aliases": x_opencti_aliases,
388
389
  "x_opencti_stix_ids": x_opencti_stix_ids,
390
+ "x_opencti_workflow_id": x_opencti_workflow_id,
389
391
  "update": update,
390
392
  }
391
393
  },
@@ -439,6 +441,10 @@ class Location:
439
441
  stix_object["x_opencti_stix_ids"] = (
440
442
  self.opencti.get_attribute_in_extension("stix_ids", stix_object)
441
443
  )
444
+ if "x_opencti_workflow_id" not in stix_object:
445
+ stix_object["x_opencti_workflow_id"] = (
446
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
447
+ )
442
448
 
443
449
  return self.create(
444
450
  type=type,
@@ -485,6 +491,11 @@ class Location:
485
491
  else None
486
492
  ),
487
493
  x_opencti_aliases=self.opencti.stix2.pick_aliases(stix_object),
494
+ x_opencti_workflow_id=(
495
+ stix_object["x_opencti_workflow_id"]
496
+ if "x_opencti_workflow_id" in stix_object
497
+ else None
498
+ ),
488
499
  update=update,
489
500
  )
490
501
  else:
pycti/entities/opencti_malware.py CHANGED
@@ -494,9 +494,7 @@ class Malware:
494
494
  )
495
495
  if "x_opencti_workflow_id" not in stix_object:
496
496
  stix_object["x_opencti_workflow_id"] = (
497
- self.opencti.get_attribute_in_extension(
498
- "x_opencti_workflow_id", stix_object
499
- )
497
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
500
498
  )
501
499
 
502
500
  return self.create(
pycti/entities/opencti_narrative.py CHANGED
@@ -360,6 +360,7 @@ class Narrative:
360
360
  narrative_types = kwargs.get("narrative_types", None)
361
361
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
362
362
  granted_refs = kwargs.get("objectOrganization", None)
363
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
363
364
  update = kwargs.get("update", False)
364
365
 
365
366
  if name is not None:
@@ -394,6 +395,7 @@ class Narrative:
394
395
  "aliases": aliases,
395
396
  "narrative_types": narrative_types,
396
397
  "x_opencti_stix_ids": x_opencti_stix_ids,
398
+ "x_opencti_workflow_id": x_opencti_workflow_id,
397
399
  "update": update,
398
400
  }
399
401
  },
@@ -425,6 +427,10 @@ class Narrative:
425
427
  stix_object["x_opencti_granted_refs"] = (
426
428
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
427
429
  )
430
+ if "x_opencti_workflow_id" not in stix_object:
431
+ stix_object["x_opencti_workflow_id"] = (
432
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
433
+ )
428
434
 
429
435
  return self.opencti.narrative.create(
430
436
  stix_id=stix_object["id"],
@@ -473,6 +479,11 @@ class Narrative:
473
479
  if "x_opencti_granted_refs" in stix_object
474
480
  else None
475
481
  ),
482
+ x_opencti_workflow_id=(
483
+ stix_object["x_opencti_workflow_id"]
484
+ if "x_opencti_workflow_id" in stix_object
485
+ else None
486
+ ),
476
487
  update=update,
477
488
  )
478
489
  else:
pycti/entities/opencti_note.py CHANGED
@@ -636,6 +636,7 @@ class Note:
636
636
  likelihood = kwargs.get("likelihood", None)
637
637
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
638
638
  granted_refs = kwargs.get("objectOrganization", None)
639
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
639
640
  update = kwargs.get("update", False)
640
641
 
641
642
  if content is not None:
@@ -672,6 +673,7 @@ class Note:
672
673
  "note_types": note_types,
673
674
  "likelihood": likelihood,
674
675
  "x_opencti_stix_ids": x_opencti_stix_ids,
676
+ "x_opencti_workflow_id": x_opencti_workflow_id,
675
677
  "update": update,
676
678
  }
677
679
  },
@@ -798,6 +800,10 @@ class Note:
798
800
  stix_object["x_opencti_granted_refs"] = (
799
801
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
800
802
  )
803
+ if "x_opencti_workflow_id" not in stix_object:
804
+ stix_object["x_opencti_workflow_id"] = (
805
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
806
+ )
801
807
 
802
808
  return self.create(
803
809
  stix_id=stix_object["id"],
@@ -852,6 +858,11 @@ class Note:
852
858
  if "x_opencti_granted_refs" in stix_object
853
859
  else None
854
860
  ),
861
+ x_opencti_workflow_id=(
862
+ stix_object["x_opencti_workflow_id"]
863
+ if "x_opencti_workflow_id" in stix_object
864
+ else None
865
+ ),
855
866
  update=update,
856
867
  )
857
868
  else:
pycti/entities/opencti_observed_data.py CHANGED
@@ -607,6 +607,7 @@ class ObservedData:
607
607
  number_observed = kwargs.get("number_observed", None)
608
608
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
609
609
  granted_refs = kwargs.get("objectOrganization", None)
610
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
610
611
  update = kwargs.get("update", False)
611
612
 
612
613
  if (
@@ -645,6 +646,7 @@ class ObservedData:
645
646
  "last_observed": last_observed,
646
647
  "number_observed": number_observed,
647
648
  "x_opencti_stix_ids": x_opencti_stix_ids,
649
+ "x_opencti_workflow_id": x_opencti_workflow_id,
648
650
  "update": update,
649
651
  }
650
652
  },
@@ -810,6 +812,10 @@ class ObservedData:
810
812
  stix_object["x_opencti_granted_refs"] = (
811
813
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
812
814
  )
815
+ if "x_opencti_workflow_id" not in stix_object:
816
+ stix_object["x_opencti_workflow_id"] = (
817
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
818
+ )
813
819
 
814
820
  observed_data_result = self.create(
815
821
  stix_id=stix_object["id"],
@@ -862,6 +868,11 @@ class ObservedData:
862
868
  if "x_opencti_granted_refs" in stix_object
863
869
  else None
864
870
  ),
871
+ x_opencti_workflow_id=(
872
+ stix_object["x_opencti_workflow_id"]
873
+ if "x_opencti_workflow_id" in stix_object
874
+ else None
875
+ ),
865
876
  update=update,
866
877
  )
867
878
 
pycti/entities/opencti_report.py CHANGED
@@ -504,7 +504,8 @@ class Report:
504
504
  first = 100
505
505
 
506
506
  self.opencti.app_logger.info(
507
- "Listing Reports with filters", {"filters": json.dumps(filters)}
507
+ "Listing Reports with filters",
508
+ {"filters": json.dumps(filters), "with_files:": with_files},
508
509
  )
509
510
  query = (
510
511
  """
@@ -583,7 +584,9 @@ class Report:
583
584
  custom_attributes = kwargs.get("customAttributes", None)
584
585
  with_files = kwargs.get("withFiles", False)
585
586
  if id is not None:
586
- self.opencti.app_logger.info("Reading Report", {"id": id})
587
+ self.opencti.app_logger.info(
588
+ "Reading Report", {"id": id, "with_files": with_files}
589
+ )
587
590
  query = (
588
591
  """
589
592
  query Report($id: String!) {
@@ -602,7 +605,7 @@ class Report:
602
605
  result = self.opencti.query(query, {"id": id})
603
606
  return self.opencti.process_multiple_fields(result["data"]["report"])
604
607
  elif filters is not None:
605
- result = self.list(filters=filters)
608
+ result = self.list(filters=filters, withFiles=with_files)
606
609
  if len(result) > 0:
607
610
  return result[0]
608
611
  else:
pycti/entities/opencti_stix_core_object.py CHANGED
@@ -1507,6 +1507,40 @@ class StixCoreObject:
1507
1507
  },
1508
1508
  )
1509
1509
 
1510
+ def push_analysis(
1511
+ self,
1512
+ entity_id,
1513
+ file_name,
1514
+ data,
1515
+ content_source,
1516
+ content_type,
1517
+ analysis_type,
1518
+ ):
1519
+ query = """
1520
+ mutation StixCoreObjectEdit(
1521
+ $id: ID!, $file: Upload!, $contentSource: String!, $contentType: AnalysisContentType!, $analysisType: String!
1522
+ ) {
1523
+ stixCoreObjectEdit(id: $id) {
1524
+ analysisPush(file: $file,contentSource: $contentSource,contentType: $contentType,analysisType: $analysisType){
1525
+ id
1526
+ name
1527
+ }
1528
+ }
1529
+ }
1530
+ """
1531
+
1532
+ file = self.file(file_name, data)
1533
+ self.opencti.query(
1534
+ query,
1535
+ {
1536
+ "id": entity_id,
1537
+ "file": file,
1538
+ "contentSource": content_source,
1539
+ "contentType": content_type,
1540
+ "analysisType": analysis_type,
1541
+ },
1542
+ )
1543
+
1510
1544
  """
1511
1545
  Get the reports about a Stix-Core-Object object
1512
1546
 
pycti/entities/opencti_stix_core_relationship.py CHANGED
@@ -396,6 +396,7 @@ class StixCoreRelationship:
396
396
  custom_attributes = kwargs.get("customAttributes", None)
397
397
  get_all = kwargs.get("getAll", False)
398
398
  with_pagination = kwargs.get("withPagination", False)
399
+ search = kwargs.get("search", None)
399
400
  if get_all:
400
401
  first = 100
401
402
 
@@ -409,12 +410,13 @@ class StixCoreRelationship:
409
410
  "element_with_target_types": element_with_target_types,
410
411
  "from_types": from_types,
411
412
  "to_types": to_types,
413
+ "search": search,
412
414
  },
413
415
  )
414
416
  query = (
415
417
  """
416
- query StixCoreRelationships($fromOrToId: [String], $elementWithTargetTypes: [String], $fromId: [String], $fromTypes: [String], $toId: [String], $toTypes: [String], $relationship_type: [String], $startTimeStart: DateTime, $startTimeStop: DateTime, $stopTimeStart: DateTime, $stopTimeStop: DateTime, $filters: FilterGroup, $first: Int, $after: ID, $orderBy: StixCoreRelationshipsOrdering, $orderMode: OrderingMode) {
417
- stixCoreRelationships(fromOrToId: $fromOrToId, elementWithTargetTypes: $elementWithTargetTypes, fromId: $fromId, fromTypes: $fromTypes, toId: $toId, toTypes: $toTypes, relationship_type: $relationship_type, startTimeStart: $startTimeStart, startTimeStop: $startTimeStop, stopTimeStart: $stopTimeStart, stopTimeStop: $stopTimeStop, filters: $filters, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
418
+ query StixCoreRelationships($fromOrToId: [String], $elementWithTargetTypes: [String], $fromId: [String], $fromTypes: [String], $toId: [String], $toTypes: [String], $relationship_type: [String], $startTimeStart: DateTime, $startTimeStop: DateTime, $stopTimeStart: DateTime, $stopTimeStop: DateTime, $filters: FilterGroup, $first: Int, $after: ID, $orderBy: StixCoreRelationshipsOrdering, $orderMode: OrderingMode, $search: String) {
419
+ stixCoreRelationships(fromOrToId: $fromOrToId, elementWithTargetTypes: $elementWithTargetTypes, fromId: $fromId, fromTypes: $fromTypes, toId: $toId, toTypes: $toTypes, relationship_type: $relationship_type, startTimeStart: $startTimeStart, startTimeStop: $startTimeStop, stopTimeStart: $stopTimeStart, stopTimeStop: $stopTimeStop, filters: $filters, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode, search: $search) {
418
420
  edges {
419
421
  node {
420
422
  """
@@ -452,6 +454,7 @@ class StixCoreRelationship:
452
454
  "after": after,
453
455
  "orderBy": order_by,
454
456
  "orderMode": order_mode,
457
+ "search": search,
455
458
  },
456
459
  )
457
460
  if get_all:
@@ -1135,6 +1138,12 @@ class StixCoreRelationship:
1135
1138
  "granted_refs", stix_relation
1136
1139
  )
1137
1140
  )
1141
+ if "x_opencti_workflow_id" not in stix_relation:
1142
+ stix_relation["x_opencti_workflow_id"] = (
1143
+ self.opencti.get_attribute_in_extension(
1144
+ "workflow_id", stix_relation
1145
+ )
1146
+ )
1138
1147
 
1139
1148
  source_ref = stix_relation["source_ref"]
1140
1149
  target_ref = stix_relation["target_ref"]