pycti 6.1.13__py3-none-any.whl → 6.2.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pycti might be problematic. Click here for more details.

Files changed (40) hide show
  1. pycti/__init__.py +1 -1
  2. pycti/connector/opencti_connector_helper.py +3 -1
  3. pycti/entities/indicator/__init__.py +0 -0
  4. pycti/entities/indicator/opencti_indicator_properties.py +256 -0
  5. pycti/entities/opencti_attack_pattern.py +11 -0
  6. pycti/entities/opencti_campaign.py +11 -0
  7. pycti/entities/opencti_case_rfi.py +11 -0
  8. pycti/entities/opencti_case_rft.py +11 -0
  9. pycti/entities/opencti_course_of_action.py +11 -0
  10. pycti/entities/opencti_data_component.py +11 -0
  11. pycti/entities/opencti_data_source.py +11 -0
  12. pycti/entities/opencti_feedback.py +11 -0
  13. pycti/entities/opencti_grouping.py +11 -0
  14. pycti/entities/opencti_identity.py +1 -3
  15. pycti/entities/opencti_indicator.py +7 -256
  16. pycti/entities/opencti_infrastructure.py +11 -0
  17. pycti/entities/opencti_location.py +11 -0
  18. pycti/entities/opencti_malware.py +1 -3
  19. pycti/entities/opencti_narrative.py +11 -0
  20. pycti/entities/opencti_note.py +11 -0
  21. pycti/entities/opencti_observed_data.py +11 -0
  22. pycti/entities/opencti_stix_core_object.py +34 -0
  23. pycti/entities/opencti_stix_core_relationship.py +11 -2
  24. pycti/entities/opencti_stix_cyber_observable.py +29 -622
  25. pycti/entities/opencti_stix_sighting_relationship.py +6 -2
  26. pycti/entities/opencti_task.py +1 -3
  27. pycti/entities/opencti_threat_actor_group.py +11 -0
  28. pycti/entities/opencti_threat_actor_individual.py +11 -0
  29. pycti/entities/opencti_tool.py +11 -0
  30. pycti/entities/opencti_vulnerability.py +11 -0
  31. pycti/entities/stix_cyber_observable/__init__.py +0 -0
  32. pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_deprecated.py +56 -0
  33. pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py +604 -0
  34. pycti/utils/opencti_stix2.py +19 -1
  35. {pycti-6.1.13.dist-info → pycti-6.2.0.dist-info}/METADATA +4 -3
  36. pycti-6.2.0.dist-info/RECORD +73 -0
  37. pycti-6.1.13.dist-info/RECORD +0 -68
  38. {pycti-6.1.13.dist-info → pycti-6.2.0.dist-info}/LICENSE +0 -0
  39. {pycti-6.1.13.dist-info → pycti-6.2.0.dist-info}/WHEEL +0 -0
  40. {pycti-6.1.13.dist-info → pycti-6.2.0.dist-info}/top_level.txt +0 -0
pycti/entities/opencti_stix_sighting_relationship.py CHANGED
@@ -316,6 +316,7 @@ class StixSightingRelationship:
316
316
  custom_attributes = kwargs.get("customAttributes", None)
317
317
  get_all = kwargs.get("getAll", False)
318
318
  with_pagination = kwargs.get("withPagination", False)
319
+ search = kwargs.get("search", None)
319
320
  if get_all:
320
321
  first = 100
321
322
 
@@ -325,8 +326,8 @@ class StixSightingRelationship:
325
326
  )
326
327
  query = (
327
328
  """
328
- query StixSightingRelationships($fromOrToId: String, $fromId: StixRef, $fromTypes: [String], $toId: StixRef, $toTypes: [String], $firstSeenStart: DateTime, $firstSeenStop: DateTime, $lastSeenStart: DateTime, $lastSeenStop: DateTime, $filters: FilterGroup, $first: Int, $after: ID, $orderBy: StixSightingRelationshipsOrdering, $orderMode: OrderingMode) {
329
- stixSightingRelationships(fromOrToId: $fromOrToId, fromId: $fromId, fromTypes: $fromTypes, toId: $toId, toTypes: $toTypes, firstSeenStart: $firstSeenStart, firstSeenStop: $firstSeenStop, lastSeenStart: $lastSeenStart, lastSeenStop: $lastSeenStop, filters: $filters, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
329
+ query StixSightingRelationships($fromOrToId: String, $fromId: StixRef, $fromTypes: [String], $toId: StixRef, $toTypes: [String], $firstSeenStart: DateTime, $firstSeenStop: DateTime, $lastSeenStart: DateTime, $lastSeenStop: DateTime, $filters: FilterGroup, $first: Int, $after: ID, $orderBy: StixSightingRelationshipsOrdering, $orderMode: OrderingMode, $search: String) {
330
+ stixSightingRelationships(fromOrToId: $fromOrToId, fromId: $fromId, fromTypes: $fromTypes, toId: $toId, toTypes: $toTypes, firstSeenStart: $firstSeenStart, firstSeenStop: $firstSeenStop, lastSeenStart: $lastSeenStart, lastSeenStop: $lastSeenStop, filters: $filters, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode, search: $search) {
330
331
  edges {
331
332
  node {
332
333
  """
@@ -362,6 +363,7 @@ class StixSightingRelationship:
362
363
  "after": after,
363
364
  "orderBy": order_by,
364
365
  "orderMode": order_mode,
366
+ "search": search,
365
367
  },
366
368
  )
367
369
  if get_all:
@@ -501,6 +503,7 @@ class StixSightingRelationship:
501
503
  object_label = kwargs.get("objectLabel", None)
502
504
  external_references = kwargs.get("externalReferences", None)
503
505
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
506
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
504
507
  update = kwargs.get("update", False)
505
508
 
506
509
  self.opencti.app_logger.info(
@@ -536,6 +539,7 @@ class StixSightingRelationship:
536
539
  "objectLabel": object_label,
537
540
  "externalReferences": external_references,
538
541
  "x_opencti_stix_ids": x_opencti_stix_ids,
542
+ "x_opencti_workflow_id": x_opencti_workflow_id,
539
543
  "update": update,
540
544
  }
541
545
  },
pycti/entities/opencti_task.py CHANGED
@@ -619,9 +619,7 @@ class Task:
619
619
  )
620
620
  if "x_opencti_workflow_id" not in stix_object:
621
621
  stix_object["x_opencti_workflow_id"] = (
622
- self.opencti.get_attribute_in_extension(
623
- "x_opencti_workflow_id", stix_object
624
- )
622
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
625
623
  )
626
624
  if "x_opencti_assignee_ids" not in stix_object:
627
625
  stix_object["x_opencti_assignee_ids"] = (
pycti/entities/opencti_threat_actor_group.py CHANGED
@@ -324,6 +324,7 @@ class ThreatActorGroup:
324
324
  personal_motivations = kwargs.get("personal_motivations", None)
325
325
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
326
326
  granted_refs = kwargs.get("objectOrganization", None)
327
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
327
328
  update = kwargs.get("update", False)
328
329
 
329
330
  if name is not None:
@@ -366,6 +367,7 @@ class ThreatActorGroup:
366
367
  "secondary_motivations": secondary_motivations,
367
368
  "personal_motivations": personal_motivations,
368
369
  "x_opencti_stix_ids": x_opencti_stix_ids,
370
+ "x_opencti_workflow_id": x_opencti_workflow_id,
369
371
  "update": update,
370
372
  }
371
373
  },
@@ -399,6 +401,10 @@ class ThreatActorGroup:
399
401
  stix_object["x_opencti_granted_refs"] = (
400
402
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
401
403
  )
404
+ if "x_opencti_workflow_id" not in stix_object:
405
+ stix_object["x_opencti_workflow_id"] = (
406
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
407
+ )
402
408
 
403
409
  return self.create(
404
410
  stix_id=stix_object["id"],
@@ -479,6 +485,11 @@ class ThreatActorGroup:
479
485
  if "x_opencti_granted_refs" in stix_object
480
486
  else None
481
487
  ),
488
+ x_opencti_workflow_id=(
489
+ stix_object["x_opencti_workflow_id"]
490
+ if "x_opencti_workflow_id" in stix_object
491
+ else None
492
+ ),
482
493
  update=update,
483
494
  )
484
495
  else:
pycti/entities/opencti_threat_actor_individual.py CHANGED
@@ -325,6 +325,7 @@ class ThreatActorIndividual:
325
325
  personal_motivations = kwargs.get("personal_motivations", None)
326
326
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
327
327
  granted_refs = kwargs.get("objectOrganization", None)
328
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
328
329
  update = kwargs.get("update", False)
329
330
 
330
331
  if name is not None:
@@ -369,6 +370,7 @@ class ThreatActorIndividual:
369
370
  "secondary_motivations": secondary_motivations,
370
371
  "personal_motivations": personal_motivations,
371
372
  "x_opencti_stix_ids": x_opencti_stix_ids,
373
+ "x_opencti_workflow_id": x_opencti_workflow_id,
372
374
  "update": update,
373
375
  }
374
376
  },
@@ -402,6 +404,10 @@ class ThreatActorIndividual:
402
404
  stix_object["x_opencti_granted_refs"] = (
403
405
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
404
406
  )
407
+ if "x_opencti_workflow_id" not in stix_object:
408
+ stix_object["x_opencti_workflow_id"] = (
409
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
410
+ )
405
411
 
406
412
  return self.create(
407
413
  stix_id=stix_object["id"],
@@ -482,6 +488,11 @@ class ThreatActorIndividual:
482
488
  if "x_opencti_granted_refs" in stix_object
483
489
  else None
484
490
  ),
491
+ x_opencti_workflow_id=(
492
+ stix_object["x_opencti_workflow_id"]
493
+ if "x_opencti_workflow_id" in stix_object
494
+ else None
495
+ ),
485
496
  update=update,
486
497
  )
487
498
  else:
pycti/entities/opencti_tool.py CHANGED
@@ -288,6 +288,7 @@ class Tool:
288
288
  kill_chain_phases = kwargs.get("killChainPhases", None)
289
289
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
290
290
  granted_refs = kwargs.get("objectOrganization", None)
291
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
291
292
  update = kwargs.get("update", False)
292
293
 
293
294
  if name is not None:
@@ -324,6 +325,7 @@ class Tool:
324
325
  "tool_version": tool_version,
325
326
  "killChainPhases": kill_chain_phases,
326
327
  "x_opencti_stix_ids": x_opencti_stix_ids,
328
+ "x_opencti_workflow_id": x_opencti_workflow_id,
327
329
  "update": update,
328
330
  }
329
331
  },
@@ -355,6 +357,10 @@ class Tool:
355
357
  stix_object["x_opencti_granted_refs"] = (
356
358
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
357
359
  )
360
+ if "x_opencti_workflow_id" not in stix_object:
361
+ stix_object["x_opencti_workflow_id"] = (
362
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
363
+ )
358
364
 
359
365
  return self.opencti.tool.create(
360
366
  stix_id=stix_object["id"],
@@ -411,6 +417,11 @@ class Tool:
411
417
  if "x_opencti_granted_refs" in stix_object
412
418
  else None
413
419
  ),
420
+ x_opencti_workflow_id=(
421
+ stix_object["x_opencti_workflow_id"]
422
+ if "x_opencti_workflow_id" in stix_object
423
+ else None
424
+ ),
414
425
  update=update,
415
426
  )
416
427
  else:
pycti/entities/opencti_vulnerability.py CHANGED
@@ -294,6 +294,7 @@ class Vulnerability:
294
294
  )
295
295
  x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
296
296
  granted_refs = kwargs.get("objectOrganization", None)
297
+ x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
297
298
  update = kwargs.get("update", False)
298
299
 
299
300
  if name is not None:
@@ -333,6 +334,7 @@ class Vulnerability:
333
334
  "x_opencti_cvss_availability_impact": x_opencti_cvss_availability_impact,
334
335
  "x_opencti_cvss_confidentiality_impact": x_opencti_cvss_confidentiality_impact,
335
336
  "x_opencti_stix_ids": x_opencti_stix_ids,
337
+ "x_opencti_workflow_id": x_opencti_workflow_id,
336
338
  "update": update,
337
339
  }
338
340
  },
@@ -431,6 +433,10 @@ class Vulnerability:
431
433
  stix_object["x_opencti_granted_refs"] = (
432
434
  self.opencti.get_attribute_in_extension("granted_refs", stix_object)
433
435
  )
436
+ if "x_opencti_workflow_id" not in stix_object:
437
+ stix_object["x_opencti_workflow_id"] = (
438
+ self.opencti.get_attribute_in_extension("workflow_id", stix_object)
439
+ )
434
440
  return self.create(
435
441
  stix_id=stix_object["id"],
436
442
  createdBy=(
@@ -507,6 +513,11 @@ class Vulnerability:
507
513
  if "x_opencti_granted_refs" in stix_object
508
514
  else None
509
515
  ),
516
+ x_opencti_workflow_id=(
517
+ stix_object["x_opencti_workflow_id"]
518
+ if "x_opencti_workflow_id" in stix_object
519
+ else None
520
+ ),
510
521
  update=update,
511
522
  )
512
523
  else:
pycti/entities/stix_cyber_observable/__init__.py ADDED
File without changes
pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_deprecated.py ADDED
@@ -0,0 +1,56 @@
1
+ import deprecation
2
+
3
+
4
+ class StixCyberObservableDeprecatedMixin:
5
+ """
6
+ deprecated [>=6.2 & <6.5]`
7
+ Promote a Stix-Observable to an Indicator
8
+
9
+ :param id: the Stix-Observable id
10
+ :return the observable
11
+ """
12
+
13
+ @deprecation.deprecated(
14
+ deprecated_in="6.2",
15
+ removed_in="6.5",
16
+ details="Use promote_to_indicator_v2 instead.",
17
+ )
18
+ def promote_to_indicator(self, **kwargs):
19
+ id = kwargs.get("id", None)
20
+ custom_attributes = kwargs.get("customAttributes", None)
21
+ with_files = kwargs.get("withFiles", False)
22
+ if id is not None:
23
+ self.opencti.app_logger.info(
24
+ "Promoting Stix-Observable",
25
+ {
26
+ "id": id,
27
+ "withFiles": with_files,
28
+ "customAttributes": custom_attributes,
29
+ },
30
+ )
31
+ query = (
32
+ """
33
+ mutation StixCyberObservableEdit($id: ID!) {
34
+ stixCyberObservableEdit(id: $id) {
35
+ promote {
36
+ """
37
+ + (
38
+ custom_attributes
39
+ if custom_attributes is not None
40
+ else (self.properties_with_files if with_files else self.properties)
41
+ )
42
+ + """
43
+ }
44
+ }
45
+ }
46
+ """
47
+ )
48
+ result = self.opencti.query(query, {"id": id})
49
+ return self.opencti.process_multiple_fields(
50
+ result["data"]["stixCyberObservableEdit"]["promote"]
51
+ )
52
+ else:
53
+ self.opencti.app_logger.error(
54
+ "[opencti_stix_cyber_observable_promote] Missing parameters: id"
55
+ )
56
+ return None