pycti 6.1.12__py3-none-any.whl → 6.2.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pycti might be problematic. Click here for more details.

Files changed (41) hide show
  1. pycti/__init__.py +1 -1
  2. pycti/connector/opencti_connector_helper.py +3 -1
  3. pycti/entities/indicator/__init__.py +0 -0
  4. pycti/entities/indicator/opencti_indicator_properties.py +256 -0
  5. pycti/entities/opencti_attack_pattern.py +11 -0
  6. pycti/entities/opencti_campaign.py +11 -0
  7. pycti/entities/opencti_case_rfi.py +11 -0
  8. pycti/entities/opencti_case_rft.py +11 -0
  9. pycti/entities/opencti_course_of_action.py +11 -0
  10. pycti/entities/opencti_data_component.py +11 -0
  11. pycti/entities/opencti_data_source.py +11 -0
  12. pycti/entities/opencti_feedback.py +11 -0
  13. pycti/entities/opencti_grouping.py +11 -0
  14. pycti/entities/opencti_identity.py +1 -3
  15. pycti/entities/opencti_indicator.py +7 -256
  16. pycti/entities/opencti_infrastructure.py +11 -0
  17. pycti/entities/opencti_location.py +11 -0
  18. pycti/entities/opencti_malware.py +1 -3
  19. pycti/entities/opencti_narrative.py +11 -0
  20. pycti/entities/opencti_note.py +11 -0
  21. pycti/entities/opencti_observed_data.py +11 -0
  22. pycti/entities/opencti_report.py +6 -3
  23. pycti/entities/opencti_stix_core_object.py +34 -0
  24. pycti/entities/opencti_stix_core_relationship.py +11 -2
  25. pycti/entities/opencti_stix_cyber_observable.py +29 -622
  26. pycti/entities/opencti_stix_sighting_relationship.py +6 -2
  27. pycti/entities/opencti_task.py +1 -3
  28. pycti/entities/opencti_threat_actor_group.py +11 -0
  29. pycti/entities/opencti_threat_actor_individual.py +11 -0
  30. pycti/entities/opencti_tool.py +11 -0
  31. pycti/entities/opencti_vulnerability.py +11 -0
  32. pycti/entities/stix_cyber_observable/__init__.py +0 -0
  33. pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_deprecated.py +56 -0
  34. pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py +604 -0
  35. pycti/utils/opencti_stix2.py +23 -2
  36. {pycti-6.1.12.dist-info → pycti-6.2.0.dist-info}/METADATA +4 -3
  37. pycti-6.2.0.dist-info/RECORD +73 -0
  38. {pycti-6.1.12.dist-info → pycti-6.2.0.dist-info}/WHEEL +1 -1
  39. pycti-6.1.12.dist-info/RECORD +0 -68
  40. {pycti-6.1.12.dist-info → pycti-6.2.0.dist-info}/LICENSE +0 -0
  41. {pycti-6.1.12.dist-info → pycti-6.2.0.dist-info}/top_level.txt +0 -0
pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py ADDED
@@ -0,0 +1,604 @@
1
+ SCO_PROPERTIES = """
2
+ id
3
+ standard_id
4
+ entity_type
5
+ parent_types
6
+ spec_version
7
+ created_at
8
+ updated_at
9
+ objectOrganization {
10
+ id
11
+ standard_id
12
+ name
13
+ }
14
+ creators {
15
+ id
16
+ name
17
+ }
18
+ createdBy {
19
+ ... on Identity {
20
+ id
21
+ standard_id
22
+ entity_type
23
+ parent_types
24
+ spec_version
25
+ identity_class
26
+ name
27
+ description
28
+ roles
29
+ contact_information
30
+ x_opencti_aliases
31
+ created
32
+ modified
33
+ objectLabel {
34
+ id
35
+ value
36
+ color
37
+ }
38
+ }
39
+ ... on Organization {
40
+ x_opencti_organization_type
41
+ x_opencti_reliability
42
+ }
43
+ ... on Individual {
44
+ x_opencti_firstname
45
+ x_opencti_lastname
46
+ }
47
+ }
48
+ objectMarking {
49
+ id
50
+ standard_id
51
+ entity_type
52
+ definition_type
53
+ definition
54
+ created
55
+ modified
56
+ x_opencti_order
57
+ x_opencti_color
58
+ }
59
+ objectLabel {
60
+ id
61
+ value
62
+ color
63
+ }
64
+ externalReferences {
65
+ edges {
66
+ node {
67
+ id
68
+ standard_id
69
+ entity_type
70
+ source_name
71
+ description
72
+ url
73
+ hash
74
+ external_id
75
+ created
76
+ modified
77
+ }
78
+ }
79
+ }
80
+ observable_value
81
+ x_opencti_description
82
+ x_opencti_score
83
+ indicators {
84
+ edges {
85
+ node {
86
+ id
87
+ pattern
88
+ pattern_type
89
+ }
90
+ }
91
+ }
92
+ ... on AutonomousSystem {
93
+ number
94
+ name
95
+ rir
96
+ }
97
+ ... on Directory {
98
+ path
99
+ path_enc
100
+ ctime
101
+ mtime
102
+ atime
103
+ }
104
+ ... on DomainName {
105
+ value
106
+ }
107
+ ... on EmailAddr {
108
+ value
109
+ display_name
110
+ }
111
+ ... on EmailMessage {
112
+ is_multipart
113
+ attribute_date
114
+ content_type
115
+ message_id
116
+ subject
117
+ received_lines
118
+ body
119
+ }
120
+ ... on Artifact {
121
+ mime_type
122
+ payload_bin
123
+ url
124
+ encryption_algorithm
125
+ decryption_key
126
+ hashes {
127
+ algorithm
128
+ hash
129
+ }
130
+ importFiles {
131
+ edges {
132
+ node {
133
+ id
134
+ name
135
+ size
136
+ metaData {
137
+ mimetype
138
+ version
139
+ }
140
+ }
141
+ }
142
+ }
143
+ }
144
+ ... on StixFile {
145
+ extensions
146
+ size
147
+ name
148
+ name_enc
149
+ magic_number_hex
150
+ mime_type
151
+ ctime
152
+ mtime
153
+ atime
154
+ x_opencti_additional_names
155
+ hashes {
156
+ algorithm
157
+ hash
158
+ }
159
+ }
160
+ ... on X509Certificate {
161
+ is_self_signed
162
+ version
163
+ serial_number
164
+ signature_algorithm
165
+ issuer
166
+ subject
167
+ subject_public_key_algorithm
168
+ subject_public_key_modulus
169
+ subject_public_key_exponent
170
+ validity_not_before
171
+ validity_not_after
172
+ hashes {
173
+ algorithm
174
+ hash
175
+ }
176
+ }
177
+ ... on IPv4Addr {
178
+ value
179
+ }
180
+ ... on IPv6Addr {
181
+ value
182
+ }
183
+ ... on MacAddr {
184
+ value
185
+ }
186
+ ... on Mutex {
187
+ name
188
+ }
189
+ ... on NetworkTraffic {
190
+ extensions
191
+ start
192
+ end
193
+ is_active
194
+ src_port
195
+ dst_port
196
+ protocols
197
+ src_byte_count
198
+ dst_byte_count
199
+ src_packets
200
+ dst_packets
201
+ }
202
+ ... on Process {
203
+ extensions
204
+ is_hidden
205
+ pid
206
+ created_time
207
+ cwd
208
+ command_line
209
+ environment_variables
210
+ }
211
+ ... on Software {
212
+ name
213
+ cpe
214
+ swid
215
+ languages
216
+ vendor
217
+ version
218
+ }
219
+ ... on Url {
220
+ value
221
+ }
222
+ ... on UserAccount {
223
+ extensions
224
+ user_id
225
+ credential
226
+ account_login
227
+ account_type
228
+ display_name
229
+ is_service_account
230
+ is_privileged
231
+ can_escalate_privs
232
+ is_disabled
233
+ account_created
234
+ account_expires
235
+ credential_last_changed
236
+ account_first_login
237
+ account_last_login
238
+ }
239
+ ... on WindowsRegistryKey {
240
+ attribute_key
241
+ modified_time
242
+ number_of_subkeys
243
+ }
244
+ ... on WindowsRegistryValueType {
245
+ name
246
+ data
247
+ data_type
248
+ }
249
+ ... on CryptographicKey {
250
+ value
251
+ }
252
+ ... on CryptocurrencyWallet {
253
+ value
254
+ }
255
+ ... on Hostname {
256
+ value
257
+ }
258
+ ... on Text {
259
+ value
260
+ }
261
+ ... on UserAgent {
262
+ value
263
+ }
264
+ ... on BankAccount {
265
+ iban
266
+ bic
267
+ account_number
268
+ }
269
+ ... on PhoneNumber {
270
+ value
271
+ }
272
+ ... on TrackingNumber {
273
+ value
274
+ }
275
+ ... on Credential {
276
+ value
277
+ }
278
+ ... on PaymentCard {
279
+ card_number
280
+ expiration_date
281
+ cvv
282
+ holder_name
283
+ }
284
+ ... on MediaContent {
285
+ title
286
+ content
287
+ media_category
288
+ url
289
+ publication_date
290
+ }
291
+ """
292
+ SCO_PROPERTIES_WITH_FILES = """
293
+ id
294
+ standard_id
295
+ entity_type
296
+ parent_types
297
+ spec_version
298
+ created_at
299
+ updated_at
300
+ objectOrganization {
301
+ id
302
+ standard_id
303
+ name
304
+ }
305
+ creators {
306
+ id
307
+ name
308
+ }
309
+ createdBy {
310
+ ... on Identity {
311
+ id
312
+ standard_id
313
+ entity_type
314
+ parent_types
315
+ spec_version
316
+ identity_class
317
+ name
318
+ description
319
+ roles
320
+ contact_information
321
+ x_opencti_aliases
322
+ created
323
+ modified
324
+ objectLabel {
325
+ id
326
+ value
327
+ color
328
+ }
329
+ }
330
+ ... on Organization {
331
+ x_opencti_organization_type
332
+ x_opencti_reliability
333
+ }
334
+ ... on Individual {
335
+ x_opencti_firstname
336
+ x_opencti_lastname
337
+ }
338
+ }
339
+ objectMarking {
340
+ id
341
+ standard_id
342
+ entity_type
343
+ definition_type
344
+ definition
345
+ created
346
+ modified
347
+ x_opencti_order
348
+ x_opencti_color
349
+ }
350
+ objectLabel {
351
+ id
352
+ value
353
+ color
354
+ }
355
+ externalReferences {
356
+ edges {
357
+ node {
358
+ id
359
+ standard_id
360
+ entity_type
361
+ source_name
362
+ description
363
+ url
364
+ hash
365
+ external_id
366
+ created
367
+ modified
368
+ importFiles {
369
+ edges {
370
+ node {
371
+ id
372
+ name
373
+ size
374
+ metaData {
375
+ mimetype
376
+ version
377
+ }
378
+ }
379
+ }
380
+ }
381
+ }
382
+ }
383
+ }
384
+ observable_value
385
+ x_opencti_description
386
+ x_opencti_score
387
+ indicators {
388
+ edges {
389
+ node {
390
+ id
391
+ pattern
392
+ pattern_type
393
+ }
394
+ }
395
+ }
396
+ ... on AutonomousSystem {
397
+ number
398
+ name
399
+ rir
400
+ }
401
+ ... on Directory {
402
+ path
403
+ path_enc
404
+ ctime
405
+ mtime
406
+ atime
407
+ }
408
+ ... on DomainName {
409
+ value
410
+ }
411
+ ... on EmailAddr {
412
+ value
413
+ display_name
414
+ }
415
+ ... on EmailMessage {
416
+ is_multipart
417
+ attribute_date
418
+ content_type
419
+ message_id
420
+ subject
421
+ received_lines
422
+ body
423
+ }
424
+ ... on Artifact {
425
+ mime_type
426
+ payload_bin
427
+ url
428
+ encryption_algorithm
429
+ decryption_key
430
+ hashes {
431
+ algorithm
432
+ hash
433
+ }
434
+ importFiles {
435
+ edges {
436
+ node {
437
+ id
438
+ name
439
+ size
440
+ }
441
+ }
442
+ }
443
+ }
444
+ ... on StixFile {
445
+ extensions
446
+ size
447
+ name
448
+ name_enc
449
+ magic_number_hex
450
+ mime_type
451
+ ctime
452
+ mtime
453
+ atime
454
+ x_opencti_additional_names
455
+ hashes {
456
+ algorithm
457
+ hash
458
+ }
459
+ }
460
+ ... on X509Certificate {
461
+ is_self_signed
462
+ version
463
+ serial_number
464
+ signature_algorithm
465
+ issuer
466
+ subject
467
+ subject_public_key_algorithm
468
+ subject_public_key_modulus
469
+ subject_public_key_exponent
470
+ validity_not_before
471
+ validity_not_after
472
+ hashes {
473
+ algorithm
474
+ hash
475
+ }
476
+ }
477
+ ... on IPv4Addr {
478
+ value
479
+ }
480
+ ... on IPv6Addr {
481
+ value
482
+ }
483
+ ... on MacAddr {
484
+ value
485
+ }
486
+ ... on Mutex {
487
+ name
488
+ }
489
+ ... on NetworkTraffic {
490
+ extensions
491
+ start
492
+ end
493
+ is_active
494
+ src_port
495
+ dst_port
496
+ protocols
497
+ src_byte_count
498
+ dst_byte_count
499
+ src_packets
500
+ dst_packets
501
+ }
502
+ ... on Process {
503
+ extensions
504
+ is_hidden
505
+ pid
506
+ created_time
507
+ cwd
508
+ command_line
509
+ environment_variables
510
+ }
511
+ ... on Software {
512
+ name
513
+ cpe
514
+ swid
515
+ languages
516
+ vendor
517
+ version
518
+ }
519
+ ... on Url {
520
+ value
521
+ }
522
+ ... on UserAccount {
523
+ extensions
524
+ user_id
525
+ credential
526
+ account_login
527
+ account_type
528
+ display_name
529
+ is_service_account
530
+ is_privileged
531
+ can_escalate_privs
532
+ is_disabled
533
+ account_created
534
+ account_expires
535
+ credential_last_changed
536
+ account_first_login
537
+ account_last_login
538
+ }
539
+ ... on WindowsRegistryKey {
540
+ attribute_key
541
+ modified_time
542
+ number_of_subkeys
543
+ }
544
+ ... on WindowsRegistryValueType {
545
+ name
546
+ data
547
+ data_type
548
+ }
549
+ ... on CryptographicKey {
550
+ value
551
+ }
552
+ ... on CryptocurrencyWallet {
553
+ value
554
+ }
555
+ ... on Hostname {
556
+ value
557
+ }
558
+ ... on Text {
559
+ value
560
+ }
561
+ ... on UserAgent {
562
+ value
563
+ }
564
+ ... on BankAccount {
565
+ iban
566
+ bic
567
+ account_number
568
+ }
569
+ ... on PhoneNumber {
570
+ value
571
+ }
572
+ ... on TrackingNumber {
573
+ value
574
+ }
575
+ ... on Credential {
576
+ value
577
+ }
578
+ ... on PaymentCard {
579
+ card_number
580
+ expiration_date
581
+ cvv
582
+ holder_name
583
+ }
584
+ ... on MediaContent {
585
+ title
586
+ content
587
+ media_category
588
+ url
589
+ publication_date
590
+ }
591
+ importFiles {
592
+ edges {
593
+ node {
594
+ id
595
+ name
596
+ size
597
+ metaData {
598
+ mimetype
599
+ version
600
+ }
601
+ }
602
+ }
603
+ }
604
+ """
pycti/utils/opencti_stix2.py CHANGED
@@ -1355,6 +1355,10 @@ class OpenCTIStix2:
1355
1355
  stix_sighting["x_opencti_negative"] = (
1356
1356
  self.opencti.get_attribute_in_extension("negative", stix_sighting)
1357
1357
  )
1358
+ if "x_opencti_workflow_id" not in stix_sighting:
1359
+ stix_sighting["x_opencti_workflow_id"] = (
1360
+ self.opencti.get_attribute_in_extension("workflow_id", stix_sighting)
1361
+ )
1358
1362
  stix_sighting_result = self.opencti.stix_sighting_relationship.create(
1359
1363
  fromId=final_from_id,
1360
1364
  toId=final_to_id,
@@ -1396,6 +1400,11 @@ class OpenCTIStix2:
1396
1400
  objectOrganization=(
1397
1401
  extras["granted_refs_ids"] if "granted_refs_ids" in extras else []
1398
1402
  ),
1403
+ x_opencti_workflow_id=(
1404
+ stix_sighting["x_opencti_workflow_id"]
1405
+ if "x_opencti_workflow_id" in stix_sighting
1406
+ else None
1407
+ ),
1399
1408
  update=update,
1400
1409
  ignore_dates=(
1401
1410
  stix_sighting["x_opencti_ignore_dates"]
@@ -1507,7 +1516,16 @@ class OpenCTIStix2:
1507
1516
  and "valid_until" in entity
1508
1517
  and entity["valid_from"] == entity["valid_until"]
1509
1518
  ):
1510
- del entity["valid_from"]
1519
+ valid_until_converted_datetime = datetime.datetime.strptime(
1520
+ entity["valid_until"], "%Y-%m-%dT%H:%M:%S.%fZ"
1521
+ )
1522
+ new_valid_until = valid_until_converted_datetime + datetime.timedelta(
1523
+ seconds=1
1524
+ )
1525
+ valid_until_converted_string = new_valid_until.strftime(
1526
+ "%Y-%m-%dT%H:%M:%S.%fZ"
1527
+ )
1528
+ entity["valid_until"] = valid_until_converted_string
1511
1529
 
1512
1530
  # Flatten
1513
1531
  if "tasks" in entity:
@@ -2188,7 +2206,7 @@ class OpenCTIStix2:
2188
2206
  "objects": [],
2189
2207
  }
2190
2208
  do_read = self.get_reader(entity_type)
2191
- entity = do_read(id=entity_id)
2209
+ entity = do_read(id=entity_id, withFiles=(mode == "full"))
2192
2210
  if entity is None:
2193
2211
  self.opencti.app_logger.error(
2194
2212
  "Cannot export entity (not found)", {"id": entity_id}
@@ -2237,6 +2255,7 @@ class OpenCTIStix2:
2237
2255
  orderBy: str = None,
2238
2256
  orderMode: str = None,
2239
2257
  getAll: bool = True,
2258
+ withFiles: bool = False,
2240
2259
  ) -> [Dict]:
2241
2260
  if IdentityTypes.has_value(entity_type):
2242
2261
  entity_type = "Identity"
@@ -2300,6 +2319,7 @@ class OpenCTIStix2:
2300
2319
  orderBy=orderBy,
2301
2320
  orderMode=orderMode,
2302
2321
  getAll=getAll,
2322
+ withFiles=withFiles,
2303
2323
  )
2304
2324
 
2305
2325
  def export_list(
@@ -2334,6 +2354,7 @@ class OpenCTIStix2:
2334
2354
  orderBy=order_by,
2335
2355
  orderMode=order_mode,
2336
2356
  getAll=True,
2357
+ withFiles=(mode == "full"),
2337
2358
  )
2338
2359
  if entities_list is not None:
2339
2360
  uuids = []
{pycti-6.1.12.dist-info → pycti-6.2.0.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: pycti
3
- Version: 6.1.12
3
+ Version: 6.2.0
4
4
  Summary: Python API client for OpenCTI.
5
5
  Home-page: https://github.com/OpenCTI-Platform/client-python
6
6
  Author: Filigran
@@ -26,11 +26,12 @@ Requires-Dist: pika ~=1.3.0
26
26
  Requires-Dist: python-json-logger ~=2.0.4
27
27
  Requires-Dist: PyYAML ~=6.0
28
28
  Requires-Dist: requests ~=2.32.2
29
- Requires-Dist: setuptools ~=70.0.0
29
+ Requires-Dist: setuptools ~=70.1.0
30
30
  Requires-Dist: cachetools ~=5.3.0
31
31
  Requires-Dist: prometheus-client ~=0.20.0
32
32
  Requires-Dist: opentelemetry-api ~=1.22.0
33
33
  Requires-Dist: opentelemetry-sdk ~=1.22.0
34
+ Requires-Dist: deprecation ~=2.1.0
34
35
  Requires-Dist: filigran-sseclient ~=1.0.0
35
36
  Requires-Dist: stix2 ~=3.0.1
36
37
  Requires-Dist: python-magic ~=0.4.27 ; sys_platform == "linux" or sys_platform == "darwin"
@@ -49,7 +50,7 @@ Requires-Dist: types-python-dateutil ~=2.9.0 ; extra == 'dev'
49
50
  Requires-Dist: wheel ~=0.43.0 ; extra == 'dev'
50
51
  Provides-Extra: doc
51
52
  Requires-Dist: autoapi ~=2.0.1 ; extra == 'doc'
52
- Requires-Dist: sphinx-autodoc-typehints ~=2.1.0 ; extra == 'doc'
53
+ Requires-Dist: sphinx-autodoc-typehints ~=2.2.2 ; extra == 'doc'
53
54
  Requires-Dist: sphinx-rtd-theme ~=2.0.0 ; extra == 'doc'
54
55
 
55
56
  # OpenCTI client for Python