pycti 6.1.13__py3-none-any.whl → 6.2.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pycti might be problematic. Click here for more details.

Files changed (40) hide show
  1. pycti/__init__.py +1 -1
  2. pycti/connector/opencti_connector_helper.py +3 -1
  3. pycti/entities/indicator/__init__.py +0 -0
  4. pycti/entities/indicator/opencti_indicator_properties.py +256 -0
  5. pycti/entities/opencti_attack_pattern.py +11 -0
  6. pycti/entities/opencti_campaign.py +11 -0
  7. pycti/entities/opencti_case_rfi.py +11 -0
  8. pycti/entities/opencti_case_rft.py +11 -0
  9. pycti/entities/opencti_course_of_action.py +11 -0
  10. pycti/entities/opencti_data_component.py +11 -0
  11. pycti/entities/opencti_data_source.py +11 -0
  12. pycti/entities/opencti_feedback.py +11 -0
  13. pycti/entities/opencti_grouping.py +11 -0
  14. pycti/entities/opencti_identity.py +1 -3
  15. pycti/entities/opencti_indicator.py +7 -256
  16. pycti/entities/opencti_infrastructure.py +11 -0
  17. pycti/entities/opencti_location.py +11 -0
  18. pycti/entities/opencti_malware.py +1 -3
  19. pycti/entities/opencti_narrative.py +11 -0
  20. pycti/entities/opencti_note.py +11 -0
  21. pycti/entities/opencti_observed_data.py +11 -0
  22. pycti/entities/opencti_stix_core_object.py +34 -0
  23. pycti/entities/opencti_stix_core_relationship.py +11 -2
  24. pycti/entities/opencti_stix_cyber_observable.py +29 -622
  25. pycti/entities/opencti_stix_sighting_relationship.py +6 -2
  26. pycti/entities/opencti_task.py +1 -3
  27. pycti/entities/opencti_threat_actor_group.py +11 -0
  28. pycti/entities/opencti_threat_actor_individual.py +11 -0
  29. pycti/entities/opencti_tool.py +11 -0
  30. pycti/entities/opencti_vulnerability.py +11 -0
  31. pycti/entities/stix_cyber_observable/__init__.py +0 -0
  32. pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_deprecated.py +56 -0
  33. pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py +604 -0
  34. pycti/utils/opencti_stix2.py +19 -1
  35. {pycti-6.1.13.dist-info → pycti-6.2.1.dist-info}/METADATA +4 -3
  36. pycti-6.2.1.dist-info/RECORD +73 -0
  37. {pycti-6.1.13.dist-info → pycti-6.2.1.dist-info}/WHEEL +1 -1
  38. pycti-6.1.13.dist-info/RECORD +0 -68
  39. {pycti-6.1.13.dist-info → pycti-6.2.1.dist-info}/LICENSE +0 -0
  40. {pycti-6.1.13.dist-info → pycti-6.2.1.dist-info}/top_level.txt +0 -0
pycti/entities/opencti_stix_cyber_observable.py CHANGED
@@ -6,615 +6,23 @@ import os
6
6
 
7
7
  import magic
8
8
 
9
+ from .indicator.opencti_indicator_properties import INDICATOR_PROPERTIES
10
+ from .stix_cyber_observable.opencti_stix_cyber_observable_deprecated import (
11
+ StixCyberObservableDeprecatedMixin,
12
+ )
13
+ from .stix_cyber_observable.opencti_stix_cyber_observable_properties import (
14
+ SCO_PROPERTIES,
15
+ SCO_PROPERTIES_WITH_FILES,
16
+ )
9
17
 
10
- class StixCyberObservable:
18
+
19
+ class StixCyberObservable(StixCyberObservableDeprecatedMixin):
11
20
  def __init__(self, opencti, file):
21
+
12
22
  self.opencti = opencti
13
23
  self.file = file
14
- self.properties = """
15
- id
16
- standard_id
17
- entity_type
18
- parent_types
19
- spec_version
20
- created_at
21
- updated_at
22
- objectOrganization {
23
- id
24
- standard_id
25
- name
26
- }
27
- creators {
28
- id
29
- name
30
- }
31
- createdBy {
32
- ... on Identity {
33
- id
34
- standard_id
35
- entity_type
36
- parent_types
37
- spec_version
38
- identity_class
39
- name
40
- description
41
- roles
42
- contact_information
43
- x_opencti_aliases
44
- created
45
- modified
46
- objectLabel {
47
- id
48
- value
49
- color
50
- }
51
- }
52
- ... on Organization {
53
- x_opencti_organization_type
54
- x_opencti_reliability
55
- }
56
- ... on Individual {
57
- x_opencti_firstname
58
- x_opencti_lastname
59
- }
60
- }
61
- objectMarking {
62
- id
63
- standard_id
64
- entity_type
65
- definition_type
66
- definition
67
- created
68
- modified
69
- x_opencti_order
70
- x_opencti_color
71
- }
72
- objectLabel {
73
- id
74
- value
75
- color
76
- }
77
- externalReferences {
78
- edges {
79
- node {
80
- id
81
- standard_id
82
- entity_type
83
- source_name
84
- description
85
- url
86
- hash
87
- external_id
88
- created
89
- modified
90
- }
91
- }
92
- }
93
- observable_value
94
- x_opencti_description
95
- x_opencti_score
96
- indicators {
97
- edges {
98
- node {
99
- id
100
- pattern
101
- pattern_type
102
- }
103
- }
104
- }
105
- ... on AutonomousSystem {
106
- number
107
- name
108
- rir
109
- }
110
- ... on Directory {
111
- path
112
- path_enc
113
- ctime
114
- mtime
115
- atime
116
- }
117
- ... on DomainName {
118
- value
119
- }
120
- ... on EmailAddr {
121
- value
122
- display_name
123
- }
124
- ... on EmailMessage {
125
- is_multipart
126
- attribute_date
127
- content_type
128
- message_id
129
- subject
130
- received_lines
131
- body
132
- }
133
- ... on Artifact {
134
- mime_type
135
- payload_bin
136
- url
137
- encryption_algorithm
138
- decryption_key
139
- hashes {
140
- algorithm
141
- hash
142
- }
143
- importFiles {
144
- edges {
145
- node {
146
- id
147
- name
148
- size
149
- metaData {
150
- mimetype
151
- version
152
- }
153
- }
154
- }
155
- }
156
- }
157
- ... on StixFile {
158
- extensions
159
- size
160
- name
161
- name_enc
162
- magic_number_hex
163
- mime_type
164
- ctime
165
- mtime
166
- atime
167
- x_opencti_additional_names
168
- hashes {
169
- algorithm
170
- hash
171
- }
172
- }
173
- ... on X509Certificate {
174
- is_self_signed
175
- version
176
- serial_number
177
- signature_algorithm
178
- issuer
179
- subject
180
- subject_public_key_algorithm
181
- subject_public_key_modulus
182
- subject_public_key_exponent
183
- validity_not_before
184
- validity_not_after
185
- hashes {
186
- algorithm
187
- hash
188
- }
189
- }
190
- ... on IPv4Addr {
191
- value
192
- }
193
- ... on IPv6Addr {
194
- value
195
- }
196
- ... on MacAddr {
197
- value
198
- }
199
- ... on Mutex {
200
- name
201
- }
202
- ... on NetworkTraffic {
203
- extensions
204
- start
205
- end
206
- is_active
207
- src_port
208
- dst_port
209
- protocols
210
- src_byte_count
211
- dst_byte_count
212
- src_packets
213
- dst_packets
214
- }
215
- ... on Process {
216
- extensions
217
- is_hidden
218
- pid
219
- created_time
220
- cwd
221
- command_line
222
- environment_variables
223
- }
224
- ... on Software {
225
- name
226
- cpe
227
- swid
228
- languages
229
- vendor
230
- version
231
- }
232
- ... on Url {
233
- value
234
- }
235
- ... on UserAccount {
236
- extensions
237
- user_id
238
- credential
239
- account_login
240
- account_type
241
- display_name
242
- is_service_account
243
- is_privileged
244
- can_escalate_privs
245
- is_disabled
246
- account_created
247
- account_expires
248
- credential_last_changed
249
- account_first_login
250
- account_last_login
251
- }
252
- ... on WindowsRegistryKey {
253
- attribute_key
254
- modified_time
255
- number_of_subkeys
256
- }
257
- ... on WindowsRegistryValueType {
258
- name
259
- data
260
- data_type
261
- }
262
- ... on CryptographicKey {
263
- value
264
- }
265
- ... on CryptocurrencyWallet {
266
- value
267
- }
268
- ... on Hostname {
269
- value
270
- }
271
- ... on Text {
272
- value
273
- }
274
- ... on UserAgent {
275
- value
276
- }
277
- ... on BankAccount {
278
- iban
279
- bic
280
- account_number
281
- }
282
- ... on PhoneNumber {
283
- value
284
- }
285
- ... on TrackingNumber {
286
- value
287
- }
288
- ... on Credential {
289
- value
290
- }
291
- ... on PaymentCard {
292
- card_number
293
- expiration_date
294
- cvv
295
- holder_name
296
- }
297
- ... on MediaContent {
298
- title
299
- content
300
- media_category
301
- url
302
- publication_date
303
- }
304
- """
305
- self.properties_with_files = """
306
- id
307
- standard_id
308
- entity_type
309
- parent_types
310
- spec_version
311
- created_at
312
- updated_at
313
- objectOrganization {
314
- id
315
- standard_id
316
- name
317
- }
318
- creators {
319
- id
320
- name
321
- }
322
- createdBy {
323
- ... on Identity {
324
- id
325
- standard_id
326
- entity_type
327
- parent_types
328
- spec_version
329
- identity_class
330
- name
331
- description
332
- roles
333
- contact_information
334
- x_opencti_aliases
335
- created
336
- modified
337
- objectLabel {
338
- id
339
- value
340
- color
341
- }
342
- }
343
- ... on Organization {
344
- x_opencti_organization_type
345
- x_opencti_reliability
346
- }
347
- ... on Individual {
348
- x_opencti_firstname
349
- x_opencti_lastname
350
- }
351
- }
352
- objectMarking {
353
- id
354
- standard_id
355
- entity_type
356
- definition_type
357
- definition
358
- created
359
- modified
360
- x_opencti_order
361
- x_opencti_color
362
- }
363
- objectLabel {
364
- id
365
- value
366
- color
367
- }
368
- externalReferences {
369
- edges {
370
- node {
371
- id
372
- standard_id
373
- entity_type
374
- source_name
375
- description
376
- url
377
- hash
378
- external_id
379
- created
380
- modified
381
- importFiles {
382
- edges {
383
- node {
384
- id
385
- name
386
- size
387
- metaData {
388
- mimetype
389
- version
390
- }
391
- }
392
- }
393
- }
394
- }
395
- }
396
- }
397
- observable_value
398
- x_opencti_description
399
- x_opencti_score
400
- indicators {
401
- edges {
402
- node {
403
- id
404
- pattern
405
- pattern_type
406
- }
407
- }
408
- }
409
- ... on AutonomousSystem {
410
- number
411
- name
412
- rir
413
- }
414
- ... on Directory {
415
- path
416
- path_enc
417
- ctime
418
- mtime
419
- atime
420
- }
421
- ... on DomainName {
422
- value
423
- }
424
- ... on EmailAddr {
425
- value
426
- display_name
427
- }
428
- ... on EmailMessage {
429
- is_multipart
430
- attribute_date
431
- content_type
432
- message_id
433
- subject
434
- received_lines
435
- body
436
- }
437
- ... on Artifact {
438
- mime_type
439
- payload_bin
440
- url
441
- encryption_algorithm
442
- decryption_key
443
- hashes {
444
- algorithm
445
- hash
446
- }
447
- importFiles {
448
- edges {
449
- node {
450
- id
451
- name
452
- size
453
- }
454
- }
455
- }
456
- }
457
- ... on StixFile {
458
- extensions
459
- size
460
- name
461
- name_enc
462
- magic_number_hex
463
- mime_type
464
- ctime
465
- mtime
466
- atime
467
- x_opencti_additional_names
468
- hashes {
469
- algorithm
470
- hash
471
- }
472
- }
473
- ... on X509Certificate {
474
- is_self_signed
475
- version
476
- serial_number
477
- signature_algorithm
478
- issuer
479
- subject
480
- subject_public_key_algorithm
481
- subject_public_key_modulus
482
- subject_public_key_exponent
483
- validity_not_before
484
- validity_not_after
485
- hashes {
486
- algorithm
487
- hash
488
- }
489
- }
490
- ... on IPv4Addr {
491
- value
492
- }
493
- ... on IPv6Addr {
494
- value
495
- }
496
- ... on MacAddr {
497
- value
498
- }
499
- ... on Mutex {
500
- name
501
- }
502
- ... on NetworkTraffic {
503
- extensions
504
- start
505
- end
506
- is_active
507
- src_port
508
- dst_port
509
- protocols
510
- src_byte_count
511
- dst_byte_count
512
- src_packets
513
- dst_packets
514
- }
515
- ... on Process {
516
- extensions
517
- is_hidden
518
- pid
519
- created_time
520
- cwd
521
- command_line
522
- environment_variables
523
- }
524
- ... on Software {
525
- name
526
- cpe
527
- swid
528
- languages
529
- vendor
530
- version
531
- }
532
- ... on Url {
533
- value
534
- }
535
- ... on UserAccount {
536
- extensions
537
- user_id
538
- credential
539
- account_login
540
- account_type
541
- display_name
542
- is_service_account
543
- is_privileged
544
- can_escalate_privs
545
- is_disabled
546
- account_created
547
- account_expires
548
- credential_last_changed
549
- account_first_login
550
- account_last_login
551
- }
552
- ... on WindowsRegistryKey {
553
- attribute_key
554
- modified_time
555
- number_of_subkeys
556
- }
557
- ... on WindowsRegistryValueType {
558
- name
559
- data
560
- data_type
561
- }
562
- ... on CryptographicKey {
563
- value
564
- }
565
- ... on CryptocurrencyWallet {
566
- value
567
- }
568
- ... on Hostname {
569
- value
570
- }
571
- ... on Text {
572
- value
573
- }
574
- ... on UserAgent {
575
- value
576
- }
577
- ... on BankAccount {
578
- iban
579
- bic
580
- account_number
581
- }
582
- ... on PhoneNumber {
583
- value
584
- }
585
- ... on TrackingNumber {
586
- value
587
- }
588
- ... on Credential {
589
- value
590
- }
591
- ... on PaymentCard {
592
- card_number
593
- expiration_date
594
- cvv
595
- holder_name
596
- }
597
- ... on MediaContent {
598
- title
599
- content
600
- media_category
601
- url
602
- publication_date
603
- }
604
- importFiles {
605
- edges {
606
- node {
607
- id
608
- name
609
- size
610
- metaData {
611
- mimetype
612
- version
613
- }
614
- }
615
- }
616
- }
617
- """
24
+ self.properties = SCO_PROPERTIES
25
+ self.properties_with_files = SCO_PROPERTIES_WITH_FILES
618
26
 
619
27
  """
620
28
  List StixCyberObservable objects
@@ -649,11 +57,11 @@ class StixCyberObservable:
649
57
  )
650
58
  query = (
651
59
  """
652
- query StixCyberObservables($types: [String], $filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: StixCyberObservablesOrdering, $orderMode: OrderingMode) {
653
- stixCyberObservables(types: $types, filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
654
- edges {
655
- node {
656
- """
60
+ query StixCyberObservables($types: [String], $filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: StixCyberObservablesOrdering, $orderMode: OrderingMode) {
61
+ stixCyberObservables(types: $types, filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
62
+ edges {
63
+ node {
64
+ """
657
65
  + (
658
66
  custom_attributes
659
67
  if custom_attributes is not None
@@ -734,9 +142,9 @@ class StixCyberObservable:
734
142
  self.opencti.app_logger.info("Reading StixCyberObservable", {"id": id})
735
143
  query = (
736
144
  """
737
- query StixCyberObservable($id: String!) {
738
- stixCyberObservable(id: $id) {
739
- """
145
+ query StixCyberObservable($id: String!) {
146
+ stixCyberObservable(id: $id) {
147
+ """
740
148
  + (
741
149
  custom_attributes
742
150
  if custom_attributes is not None
@@ -1859,25 +1267,24 @@ class StixCyberObservable:
1859
1267
  Promote a Stix-Observable to an Indicator
1860
1268
 
1861
1269
  :param id: the Stix-Observable id
1862
- :return void
1270
+ :return the newly created indicator
1863
1271
  """
1864
1272
 
1865
- def promote_to_indicator(self, **kwargs):
1273
+ def promote_to_indicator_v2(self, **kwargs):
1866
1274
  id = kwargs.get("id", None)
1867
1275
  custom_attributes = kwargs.get("customAttributes", None)
1868
- with_files = kwargs.get("withFiles", False)
1869
1276
  if id is not None:
1870
1277
  self.opencti.app_logger.info("Promoting Stix-Observable", {"id": id})
1871
1278
  query = (
1872
1279
  """
1873
- mutation StixCyberObservableEdit($id: ID!) {
1874
- stixCyberObservableEdit(id: $id) {
1875
- promote {
1876
- """
1280
+ mutation StixCyberObservableEdit($id: ID!) {
1281
+ stixCyberObservableEdit(id: $id) {
1282
+ promoteToIndicator {
1283
+ """
1877
1284
  + (
1878
1285
  custom_attributes
1879
1286
  if custom_attributes is not None
1880
- else (self.properties_with_files if with_files else self.properties)
1287
+ else (INDICATOR_PROPERTIES)
1881
1288
  )
1882
1289
  + """
1883
1290
  }
@@ -1887,7 +1294,7 @@ class StixCyberObservable:
1887
1294
  )
1888
1295
  result = self.opencti.query(query, {"id": id})
1889
1296
  return self.opencti.process_multiple_fields(
1890
- result["data"]["stixCyberObservableEdit"]["promote"]
1297
+ result["data"]["stixCyberObservableEdit"]["promoteToIndicator"]
1891
1298
  )
1892
1299
  else:
1893
1300
  self.opencti.app_logger.error(