pycti 6.1.13__py3-none-any.whl → 6.2.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pycti might be problematic. Click here for more details.

Files changed (40) hide show
  1. pycti/__init__.py +1 -1
  2. pycti/connector/opencti_connector_helper.py +3 -1
  3. pycti/entities/indicator/__init__.py +0 -0
  4. pycti/entities/indicator/opencti_indicator_properties.py +256 -0
  5. pycti/entities/opencti_attack_pattern.py +11 -0
  6. pycti/entities/opencti_campaign.py +11 -0
  7. pycti/entities/opencti_case_rfi.py +11 -0
  8. pycti/entities/opencti_case_rft.py +11 -0
  9. pycti/entities/opencti_course_of_action.py +11 -0
  10. pycti/entities/opencti_data_component.py +11 -0
  11. pycti/entities/opencti_data_source.py +11 -0
  12. pycti/entities/opencti_feedback.py +11 -0
  13. pycti/entities/opencti_grouping.py +11 -0
  14. pycti/entities/opencti_identity.py +1 -3
  15. pycti/entities/opencti_indicator.py +7 -256
  16. pycti/entities/opencti_infrastructure.py +11 -0
  17. pycti/entities/opencti_location.py +11 -0
  18. pycti/entities/opencti_malware.py +1 -3
  19. pycti/entities/opencti_narrative.py +11 -0
  20. pycti/entities/opencti_note.py +11 -0
  21. pycti/entities/opencti_observed_data.py +11 -0
  22. pycti/entities/opencti_stix_core_object.py +34 -0
  23. pycti/entities/opencti_stix_core_relationship.py +11 -2
  24. pycti/entities/opencti_stix_cyber_observable.py +29 -622
  25. pycti/entities/opencti_stix_sighting_relationship.py +6 -2
  26. pycti/entities/opencti_task.py +1 -3
  27. pycti/entities/opencti_threat_actor_group.py +11 -0
  28. pycti/entities/opencti_threat_actor_individual.py +11 -0
  29. pycti/entities/opencti_tool.py +11 -0
  30. pycti/entities/opencti_vulnerability.py +11 -0
  31. pycti/entities/stix_cyber_observable/__init__.py +0 -0
  32. pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_deprecated.py +56 -0
  33. pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py +604 -0
  34. pycti/utils/opencti_stix2.py +19 -1
  35. {pycti-6.1.13.dist-info → pycti-6.2.0.dist-info}/METADATA +4 -3
  36. pycti-6.2.0.dist-info/RECORD +73 -0
  37. pycti-6.1.13.dist-info/RECORD +0 -68
  38. {pycti-6.1.13.dist-info → pycti-6.2.0.dist-info}/LICENSE +0 -0
  39. {pycti-6.1.13.dist-info → pycti-6.2.0.dist-info}/WHEEL +0 -0
  40. {pycti-6.1.13.dist-info → pycti-6.2.0.dist-info}/top_level.txt +0 -0
pycti/__init__.py CHANGED
@@ -1,5 +1,5 @@
1
1
  # -*- coding: utf-8 -*-
2
- __version__ = "6.1.13"
2
+ __version__ = "6.2.0"
3
3
 
4
4
  from .api.opencti_api_client import OpenCTIApiClient
5
5
  from .api.opencti_api_connector import OpenCTIApiConnector
pycti/connector/opencti_connector_helper.py CHANGED
@@ -665,7 +665,7 @@ class OpenCTIConnectorHelper: # pylint: disable=too-many-public-methods
665
665
  "OPENCTI_TOKEN", ["opencti", "token"], config
666
666
  )
667
667
  self.opencti_ssl_verify = get_config_variable(
668
- "OPENCTI_SSL_VERIFY", ["opencti", "ssl_verify"], config, False, True
668
+ "OPENCTI_SSL_VERIFY", ["opencti", "ssl_verify"], config, False, False
669
669
  )
670
670
  self.opencti_json_logging = get_config_variable(
671
671
  "OPENCTI_JSON_LOGGING", ["opencti", "json_logging"], config, False, True
@@ -793,6 +793,7 @@ class OpenCTIConnectorHelper: # pylint: disable=too-many-public-methods
793
793
  self.opencti_url,
794
794
  self.opencti_token,
795
795
  self.log_level,
796
+ self.opencti_ssl_verify,
796
797
  json_logging=self.opencti_json_logging,
797
798
  bundle_send_to_queue=self.bundle_send_to_queue,
798
799
  )
@@ -802,6 +803,7 @@ class OpenCTIConnectorHelper: # pylint: disable=too-many-public-methods
802
803
  self.opencti_url,
803
804
  self.opencti_token,
804
805
  self.log_level,
806
+ self.opencti_ssl_verify,
805
807
  json_logging=self.opencti_json_logging,
806
808
  bundle_send_to_queue=self.bundle_send_to_queue,
807
809
  )
pycti/entities/indicator/__init__.py ADDED
File without changes
pycti/entities/indicator/opencti_indicator_properties.py ADDED
@@ -0,0 +1,256 @@
1
+ INDICATOR_PROPERTIES = """
2
+ id
3
+ standard_id
4
+ entity_type
5
+ parent_types
6
+ spec_version
7
+ created_at
8
+ updated_at
9
+ creators {
10
+ id
11
+ name
12
+ }
13
+ createdBy {
14
+ ... on Identity {
15
+ id
16
+ standard_id
17
+ entity_type
18
+ parent_types
19
+ spec_version
20
+ identity_class
21
+ name
22
+ description
23
+ roles
24
+ contact_information
25
+ x_opencti_aliases
26
+ created
27
+ modified
28
+ objectLabel {
29
+ id
30
+ value
31
+ color
32
+ }
33
+ }
34
+ ... on Organization {
35
+ x_opencti_organization_type
36
+ x_opencti_reliability
37
+ }
38
+ ... on Individual {
39
+ x_opencti_firstname
40
+ x_opencti_lastname
41
+ }
42
+ }
43
+ objectOrganization {
44
+ id
45
+ standard_id
46
+ name
47
+ }
48
+ objectMarking {
49
+ id
50
+ standard_id
51
+ entity_type
52
+ definition_type
53
+ definition
54
+ created
55
+ modified
56
+ x_opencti_order
57
+ x_opencti_color
58
+ }
59
+ objectLabel {
60
+ id
61
+ value
62
+ color
63
+ }
64
+ externalReferences {
65
+ edges {
66
+ node {
67
+ id
68
+ standard_id
69
+ entity_type
70
+ source_name
71
+ description
72
+ url
73
+ hash
74
+ external_id
75
+ created
76
+ modified
77
+ }
78
+ }
79
+ }
80
+ revoked
81
+ confidence
82
+ created
83
+ modified
84
+ pattern_type
85
+ pattern_version
86
+ pattern
87
+ name
88
+ description
89
+ indicator_types
90
+ valid_from
91
+ valid_until
92
+ x_opencti_score
93
+ x_opencti_detection
94
+ x_opencti_main_observable_type
95
+ x_mitre_platforms
96
+ observables {
97
+ edges {
98
+ node {
99
+ id
100
+ entity_type
101
+ observable_value
102
+ }
103
+ }
104
+ }
105
+ killChainPhases {
106
+ id
107
+ standard_id
108
+ entity_type
109
+ kill_chain_name
110
+ phase_name
111
+ x_opencti_order
112
+ created
113
+ modified
114
+ }
115
+ """
116
+ INDICATOR_PROPERTIES_WITH_FILES = """
117
+ id
118
+ standard_id
119
+ entity_type
120
+ parent_types
121
+ spec_version
122
+ created_at
123
+ updated_at
124
+ creators {
125
+ id
126
+ name
127
+ }
128
+ createdBy {
129
+ ... on Identity {
130
+ id
131
+ standard_id
132
+ entity_type
133
+ parent_types
134
+ spec_version
135
+ identity_class
136
+ name
137
+ description
138
+ roles
139
+ contact_information
140
+ x_opencti_aliases
141
+ created
142
+ modified
143
+ objectLabel {
144
+ id
145
+ value
146
+ color
147
+ }
148
+ }
149
+ ... on Organization {
150
+ x_opencti_organization_type
151
+ x_opencti_reliability
152
+ }
153
+ ... on Individual {
154
+ x_opencti_firstname
155
+ x_opencti_lastname
156
+ }
157
+ }
158
+ objectOrganization {
159
+ id
160
+ standard_id
161
+ name
162
+ }
163
+ objectMarking {
164
+ id
165
+ standard_id
166
+ entity_type
167
+ definition_type
168
+ definition
169
+ created
170
+ modified
171
+ x_opencti_order
172
+ x_opencti_color
173
+ }
174
+ objectLabel {
175
+ id
176
+ value
177
+ color
178
+ }
179
+ externalReferences {
180
+ edges {
181
+ node {
182
+ id
183
+ standard_id
184
+ entity_type
185
+ source_name
186
+ description
187
+ url
188
+ hash
189
+ external_id
190
+ created
191
+ modified
192
+ importFiles {
193
+ edges {
194
+ node {
195
+ id
196
+ name
197
+ size
198
+ metaData {
199
+ mimetype
200
+ version
201
+ }
202
+ }
203
+ }
204
+ }
205
+ }
206
+ }
207
+ }
208
+ revoked
209
+ confidence
210
+ created
211
+ modified
212
+ pattern_type
213
+ pattern_version
214
+ pattern
215
+ name
216
+ description
217
+ indicator_types
218
+ valid_from
219
+ valid_until
220
+ x_opencti_score
221
+ x_opencti_detection
222
+ x_opencti_main_observable_type
223
+ x_mitre_platforms
224
+ observables {
225
+ edges {
226
+ node {
227
+ id
228
+ entity_type
229
+ observable_value
230
+ }
231
+ }
232
+ }
233
+ killChainPhases {
234
+ id
235
+ standard_id
236
+ entity_type
237
+ kill_chain_name
238
+ phase_name
239
+ x_opencti_order
240
+ created
241
+ modified
242
+ }
243
+ importFiles {
244
+ edges {
245
+ node {
246
+ id
247
+ name
248
+ size
249
+ metaData {
250
+ mimetype
251
+ version
252
+ }
253
+ }
254
+ }
255
+ }
256
+ """
pycti/entities/opencti_attack_pattern.py CHANGED
@@ -395,6 +395,7 @@ class AttackPattern:
395
395
  kill_chain_phases = kwargs.get("killChainPhases", None)
396
396
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
397
397
  granted_refs = kwargs.get("objectOrganization", None)
398
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
398
399
  update = kwargs.get("update", False)
399
400
 
400
401
  if name is not None:
@@ -433,6 +434,7 @@ class AttackPattern:
433
434
  "x_mitre_id": x_mitre_id,
434
435
  "killChainPhases": kill_chain_phases,
435
436
  "x_opencti_stix_ids": x_opencti_stix_ids,
437
+ "x_opencti_workflow_id": x_opencti_workflow_id,
436
438
  "update": update,
437
439
  }
438
440
  },
@@ -511,6 +513,10 @@ class AttackPattern:
511
513
  stix_object["x_opencti_granted_refs"] = (
512
514
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
513
515
  )
516
+ if "x_opencti_workflow_id" not in stix_object:
517
+ stix_object["x_opencti_workflow_id"] = (
518
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
519
+ )
514
520
 
515
521
  return self.create(
516
522
  stix_id=stix_object["id"],
@@ -579,6 +585,11 @@ class AttackPattern:
579
585
  if "x_opencti_granted_refs" in stix_object
580
586
  else None
581
587
  ),
588
+ x_opencti_workflow_id=(
589
+ stix_object["x_opencti_workflow_id"]
590
+ if "x_opencti_workflow_id" in stix_object
591
+ else None
592
+ ),
582
593
  update=update,
583
594
  )
584
595
  else:
pycti/entities/opencti_campaign.py CHANGED
@@ -376,6 +376,7 @@ class Campaign:
376
376
  objective = kwargs.get("objective", None)
377
377
  granted_refs = kwargs.get("objectOrganization", None)
378
378
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
379
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
379
380
  update = kwargs.get("update", False)
380
381
 
381
382
  if name is not None:
@@ -412,6 +413,7 @@ class Campaign:
412
413
  "last_seen": last_seen,
413
414
  "objective": objective,
414
415
  "update": update,
416
+ "x_opencti_workflow_id": x_opencti_workflow_id,
415
417
  "x_opencti_stix_ids": x_opencti_stix_ids,
416
418
  }
417
419
  },
@@ -443,6 +445,10 @@ class Campaign:
443
445
  stix_object["x_opencti_granted_refs"] = (
444
446
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
445
447
  )
448
+ if "x_opencti_workflow_id" not in stix_object:
449
+ stix_object["x_opencti_workflow_id"] = (
450
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
451
+ )
446
452
 
447
453
  return self.create(
448
454
  stix_id=stix_object["id"],
@@ -495,6 +501,11 @@ class Campaign:
495
501
  if "x_opencti_granted_refs" in stix_object
496
502
  else None
497
503
  ),
504
+ x_opencti_workflow_id=(
505
+ stix_object["x_opencti_workflow_id"]
506
+ if "x_opencti_workflow_id" in stix_object
507
+ else None
508
+ ),
498
509
  update=update,
499
510
  )
500
511
  else:
pycti/entities/opencti_case_rfi.py CHANGED
@@ -680,6 +680,7 @@ class CaseRfi:
680
680
  description = kwargs.get("description", None)
681
681
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
682
682
  granted_refs = kwargs.get("objectOrganization", None)
683
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
683
684
  update = kwargs.get("update", False)
684
685
  information_types = kwargs.get("information_types", None)
685
686
 
@@ -714,6 +715,7 @@ class CaseRfi:
714
715
  "name": name,
715
716
  "description": description,
716
717
  "x_opencti_stix_ids": x_opencti_stix_ids,
718
+ "x_opencti_workflow_id": x_opencti_workflow_id,
717
719
  "update": update,
718
720
  "information_types": information_types,
719
721
  }
@@ -836,6 +838,10 @@ class CaseRfi:
836
838
  stix_object["x_opencti_granted_refs"] = (
837
839
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
838
840
  )
841
+ if "x_opencti_workflow_id" not in stix_object:
842
+ stix_object["x_opencti_workflow_id"] = (
843
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
844
+ )
839
845
 
840
846
  return self.create(
841
847
  stix_id=stix_object["id"],
@@ -879,6 +885,11 @@ class CaseRfi:
879
885
  if "x_opencti_granted_refs" in stix_object
880
886
  else None
881
887
  ),
888
+ x_opencti_workflow_id=(
889
+ stix_object["x_opencti_workflow_id"]
890
+ if "x_opencti_workflow_id" in stix_object
891
+ else None
892
+ ),
882
893
  update=update,
883
894
  information_types=(
884
895
  stix_object["information_types"]
pycti/entities/opencti_case_rft.py CHANGED
@@ -679,6 +679,7 @@ class CaseRft:
679
679
  description = kwargs.get("description", None)
680
680
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
681
681
  granted_refs = kwargs.get("objectOrganization", None)
682
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
682
683
  update = kwargs.get("update", False)
683
684
  takedown_types = kwargs.get("takedown_types", None)
684
685
 
@@ -713,6 +714,7 @@ class CaseRft:
713
714
  "name": name,
714
715
  "description": description,
715
716
  "x_opencti_stix_ids": x_opencti_stix_ids,
717
+ "x_opencti_workflow_id": x_opencti_workflow_id,
716
718
  "update": update,
717
719
  "takedown_types": takedown_types,
718
720
  }
@@ -835,6 +837,10 @@ class CaseRft:
835
837
  stix_object["x_opencti_granted_refs"] = (
836
838
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
837
839
  )
840
+ if "x_opencti_workflow_id" not in stix_object:
841
+ stix_object["x_opencti_workflow_id"] = (
842
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
843
+ )
838
844
 
839
845
  return self.create(
840
846
  stix_id=stix_object["id"],
@@ -883,6 +889,11 @@ class CaseRft:
883
889
  if "x_opencti_granted_refs" in stix_object
884
890
  else None
885
891
  ),
892
+ x_opencti_workflow_id=(
893
+ stix_object["x_opencti_workflow_id"]
894
+ if "x_opencti_workflow_id" in stix_object
895
+ else None
896
+ ),
886
897
  update=update,
887
898
  )
888
899
  else:
pycti/entities/opencti_course_of_action.py CHANGED
@@ -367,6 +367,7 @@ class CourseOfAction:
367
367
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
368
368
  x_mitre_id = kwargs.get("x_mitre_id", None)
369
369
  granted_refs = kwargs.get("objectOrganization", None)
370
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
370
371
  update = kwargs.get("update", False)
371
372
 
372
373
  if name is not None:
@@ -401,6 +402,7 @@ class CourseOfAction:
401
402
  "x_opencti_aliases": x_opencti_aliases,
402
403
  "x_opencti_stix_ids": x_opencti_stix_ids,
403
404
  "x_mitre_id": x_mitre_id,
405
+ "x_opencti_workflow_id": x_opencti_workflow_id,
404
406
  "update": update,
405
407
  }
406
408
  },
@@ -459,6 +461,10 @@ class CourseOfAction:
459
461
  stix_object["x_opencti_granted_refs"] = (
460
462
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
461
463
  )
464
+ if "x_opencti_workflow_id" not in stix_object:
465
+ stix_object["x_opencti_workflow_id"] = (
466
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
467
+ )
462
468
 
463
469
  return self.create(
464
470
  stix_id=stix_object["id"],
@@ -503,6 +509,11 @@ class CourseOfAction:
503
509
  if "x_opencti_granted_refs" in stix_object
504
510
  else None
505
511
  ),
512
+ x_opencti_workflow_id=(
513
+ stix_object["x_opencti_workflow_id"]
514
+ if "x_opencti_workflow_id" in stix_object
515
+ else None
516
+ ),
506
517
  update=update,
507
518
  )
508
519
  else:
pycti/entities/opencti_data_component.py CHANGED
@@ -406,6 +406,7 @@ class DataComponent:
406
406
  aliases = kwargs.get("aliases", None)
407
407
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
408
408
  granted_refs = kwargs.get("objectOrganization", None)
409
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
409
410
  update = kwargs.get("update", False)
410
411
 
411
412
  if name is not None:
@@ -443,6 +444,7 @@ class DataComponent:
443
444
  "aliases": aliases,
444
445
  "dataSource": dataSource,
445
446
  "x_opencti_stix_ids": x_opencti_stix_ids,
447
+ "x_opencti_workflow_id": x_opencti_workflow_id,
446
448
  "update": update,
447
449
  }
448
450
  },
@@ -489,6 +491,10 @@ class DataComponent:
489
491
  stix_object["x_opencti_granted_refs"] = (
490
492
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
491
493
  )
494
+ if "x_opencti_workflow_id" not in stix_object:
495
+ stix_object["x_opencti_workflow_id"] = (
496
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
497
+ )
492
498
 
493
499
  return self.opencti.data_component.create(
494
500
  stix_id=stix_object["id"],
@@ -535,6 +541,11 @@ class DataComponent:
535
541
  if "x_opencti_granted_refs" in stix_object
536
542
  else None
537
543
  ),
544
+ x_opencti_workflow_id=(
545
+ stix_object["x_opencti_workflow_id"]
546
+ if "x_opencti_workflow_id" in stix_object
547
+ else None
548
+ ),
538
549
  update=update,
539
550
  )
540
551
  else:
pycti/entities/opencti_data_source.py CHANGED
@@ -363,6 +363,7 @@ class DataSource:
363
363
  collection_layers = kwargs.get("collection_layers", None)
364
364
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
365
365
  granted_refs = kwargs.get("objectOrganization", None)
366
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
366
367
  update = kwargs.get("update", False)
367
368
 
368
369
  if name is not None:
@@ -399,6 +400,7 @@ class DataSource:
399
400
  "x_mitre_platforms": platforms,
400
401
  "collection_layers": collection_layers,
401
402
  "x_opencti_stix_ids": x_opencti_stix_ids,
403
+ "x_opencti_workflow_id": x_opencti_workflow_id,
402
404
  "update": update,
403
405
  }
404
406
  },
@@ -445,6 +447,10 @@ class DataSource:
445
447
  stix_object["x_opencti_granted_refs"] = (
446
448
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
447
449
  )
450
+ if "x_opencti_workflow_id" not in stix_object:
451
+ stix_object["x_opencti_workflow_id"] = (
452
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
453
+ )
448
454
 
449
455
  return self.opencti.data_source.create(
450
456
  stix_id=stix_object["id"],
@@ -496,6 +502,11 @@ class DataSource:
496
502
  if "x_opencti_granted_refs" in stix_object
497
503
  else None
498
504
  ),
505
+ x_opencti_workflow_id=(
506
+ stix_object["x_opencti_workflow_id"]
507
+ if "x_opencti_workflow_id" in stix_object
508
+ else None
509
+ ),
499
510
  update=update,
500
511
  )
501
512
  else:
pycti/entities/opencti_feedback.py CHANGED
@@ -645,6 +645,7 @@ class Feedback:
645
645
  rating = kwargs.get("rating", None)
646
646
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
647
647
  granted_refs = kwargs.get("objectOrganization", None)
648
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
648
649
  update = kwargs.get("update", False)
649
650
 
650
651
  if name is not None:
@@ -679,6 +680,7 @@ class Feedback:
679
680
  "description": description,
680
681
  "rating": rating,
681
682
  "x_opencti_stix_ids": x_opencti_stix_ids,
683
+ "x_opencti_workflow_id": x_opencti_workflow_id,
682
684
  "update": update,
683
685
  }
684
686
  },
@@ -828,6 +830,10 @@ class Feedback:
828
830
  stix_object["x_opencti_granted_refs"] = (
829
831
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
830
832
  )
833
+ if "x_opencti_workflow_id" not in stix_object:
834
+ stix_object["x_opencti_workflow_id"] = (
835
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
836
+ )
831
837
 
832
838
  return self.create(
833
839
  stix_id=stix_object["id"],
@@ -872,6 +878,11 @@ class Feedback:
872
878
  if "x_opencti_granted_refs" in stix_object
873
879
  else None
874
880
  ),
881
+ x_opencti_workflow_id=(
882
+ stix_object["x_opencti_workflow_id"]
883
+ if "x_opencti_workflow_id" in stix_object
884
+ else None
885
+ ),
875
886
  update=update,
876
887
  )
877
888
  else:
pycti/entities/opencti_grouping.py CHANGED
@@ -624,6 +624,7 @@ class Grouping:
624
624
  x_opencti_aliases = kwargs.get("x_opencti_aliases", None)
625
625
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
626
626
  granted_refs = kwargs.get("objectOrganization", None)
627
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
627
628
  update = kwargs.get("update", False)
628
629
 
629
630
  if name is not None and context is not None:
@@ -659,6 +660,7 @@ class Grouping:
659
660
  "description": description,
660
661
  "x_opencti_aliases": x_opencti_aliases,
661
662
  "x_opencti_stix_ids": x_opencti_stix_ids,
663
+ "x_opencti_workflow_id": x_opencti_workflow_id,
662
664
  "update": update,
663
665
  }
664
666
  },
@@ -776,6 +778,10 @@ class Grouping:
776
778
  stix_object["x_opencti_granted_refs"] = (
777
779
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
778
780
  )
781
+ if "x_opencti_workflow_id" not in stix_object:
782
+ stix_object["x_opencti_workflow_id"] = (
783
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
784
+ )
779
785
 
780
786
  return self.create(
781
787
  stix_id=stix_object["id"],
@@ -821,6 +827,11 @@ class Grouping:
821
827
  else None
822
828
  ),
823
829
  x_opencti_aliases=self.opencti.stix2.pick_aliases(stix_object),
830
+ x_opencti_workflow_id=(
831
+ stix_object["x_opencti_workflow_id"]
832
+ if "x_opencti_workflow_id" in stix_object
833
+ else None
834
+ ),
824
835
  update=update,
825
836
  )
826
837
  else:
pycti/entities/opencti_identity.py CHANGED
@@ -542,9 +542,7 @@ class Identity:
542
542
  )
543
543
  if "x_opencti_workflow_id" not in stix_object:
544
544
  stix_object["x_opencti_workflow_id"] = (
545
- self.opencti.get_attribute_in_extension(
546
- "x_opencti_workflow_id", stix_object
547
- )
545
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
548
546
  )
549
547
 
550
548
  return self.create(