pycti 6.1.13__tar.gz → 6.2.0__tar.gz

{pycti-6.1.13 → pycti-6.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pycti
-Version: 6.1.13
+Version: 6.2.0
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran
@@ -28,11 +28,12 @@ Requires-Dist: python-magic-bin~=0.4.14; sys_platform == "win32"
 Requires-Dist: python_json_logger~=2.0.4
 Requires-Dist: PyYAML~=6.0
 Requires-Dist: requests~=2.32.2
-Requires-Dist: setuptools~=70.0.0
+Requires-Dist: setuptools~=70.1.0
 Requires-Dist: cachetools~=5.3.0
 Requires-Dist: prometheus-client~=0.20.0
 Requires-Dist: opentelemetry-api~=1.22.0
 Requires-Dist: opentelemetry-sdk~=1.22.0
+Requires-Dist: deprecation~=2.1.0
 Requires-Dist: filigran-sseclient~=1.0.0
 Requires-Dist: stix2~=3.0.1
 Provides-Extra: dev
@@ -49,7 +50,7 @@ Requires-Dist: types-python-dateutil~=2.9.0; extra == "dev"
 Requires-Dist: wheel~=0.43.0; extra == "dev"
 Provides-Extra: doc
 Requires-Dist: autoapi~=2.0.1; extra == "doc"
-Requires-Dist: sphinx-autodoc-typehints~=2.1.0; extra == "doc"
+Requires-Dist: sphinx-autodoc-typehints~=2.2.2; extra == "doc"
 Requires-Dist: sphinx-rtd-theme~=2.0.0; extra == "doc"
 
 # OpenCTI client for Python

{pycti-6.1.13 → pycti-6.2.0}/pycti/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.1.13"
+__version__ = "6.2.0"
 
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector

{pycti-6.1.13 → pycti-6.2.0}/pycti/connector/opencti_connector_helper.py

@@ -665,7 +665,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
             "OPENCTI_TOKEN", ["opencti", "token"], config
         )
         self.opencti_ssl_verify = get_config_variable(
-            "OPENCTI_SSL_VERIFY", ["opencti", "ssl_verify"], config, False, True
+            "OPENCTI_SSL_VERIFY", ["opencti", "ssl_verify"], config, False, False
         )
         self.opencti_json_logging = get_config_variable(
             "OPENCTI_JSON_LOGGING", ["opencti", "json_logging"], config, False, True
@@ -793,6 +793,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
             self.opencti_url,
             self.opencti_token,
             self.log_level,
+            self.opencti_ssl_verify,
             json_logging=self.opencti_json_logging,
             bundle_send_to_queue=self.bundle_send_to_queue,
         )
@@ -802,6 +803,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
             self.opencti_url,
             self.opencti_token,
             self.log_level,
+            self.opencti_ssl_verify,
             json_logging=self.opencti_json_logging,
             bundle_send_to_queue=self.bundle_send_to_queue,
         )

pycti-6.2.0/pycti/entities/indicator/opencti_indicator_properties.py

@@ -0,0 +1,256 @@
+INDICATOR_PROPERTIES = """
+    id
+    standard_id
+    entity_type
+    parent_types
+    spec_version
+    created_at
+    updated_at
+    creators {
+        id
+        name
+    }
+    createdBy {
+        ... on Identity {
+            id
+            standard_id
+            entity_type
+            parent_types
+            spec_version
+            identity_class
+            name
+            description
+            roles
+            contact_information
+            x_opencti_aliases
+            created
+            modified
+            objectLabel {
+                id
+                value
+                color
+            }
+        }
+        ... on Organization {
+            x_opencti_organization_type
+            x_opencti_reliability
+        }
+        ... on Individual {
+            x_opencti_firstname
+            x_opencti_lastname
+        }
+    }
+    objectOrganization {
+        id
+        standard_id
+        name
+    }
+    objectMarking {
+        id
+        standard_id
+        entity_type
+        definition_type
+        definition
+        created
+        modified
+        x_opencti_order
+        x_opencti_color
+    }
+    objectLabel {
+        id
+        value
+        color
+    }
+    externalReferences {
+        edges {
+            node {
+                id
+                standard_id
+                entity_type
+                source_name
+                description
+                url
+                hash
+                external_id
+                created
+                modified
+            }
+        }
+    }
+    revoked
+    confidence
+    created
+    modified
+    pattern_type
+    pattern_version
+    pattern
+    name
+    description
+    indicator_types
+    valid_from
+    valid_until
+    x_opencti_score
+    x_opencti_detection
+    x_opencti_main_observable_type
+    x_mitre_platforms
+    observables {
+        edges {
+            node {
+                id
+                entity_type
+                observable_value
+            }
+        }
+    }
+    killChainPhases {
+        id
+        standard_id
+        entity_type
+        kill_chain_name
+        phase_name
+        x_opencti_order
+        created
+        modified
+    }
+"""
+INDICATOR_PROPERTIES_WITH_FILES = """
+    id
+    standard_id
+    entity_type
+    parent_types
+    spec_version
+    created_at
+    updated_at
+    creators {
+        id
+        name
+    }
+    createdBy {
+        ... on Identity {
+            id
+            standard_id
+            entity_type
+            parent_types
+            spec_version
+            identity_class
+            name
+            description
+            roles
+            contact_information
+            x_opencti_aliases
+            created
+            modified
+            objectLabel {
+                id
+                value
+                color
+            }
+        }
+        ... on Organization {
+            x_opencti_organization_type
+            x_opencti_reliability
+        }
+        ... on Individual {
+            x_opencti_firstname
+            x_opencti_lastname
+        }
+    }
+    objectOrganization {
+        id
+        standard_id
+        name
+    }
+    objectMarking {
+        id
+        standard_id
+        entity_type
+        definition_type
+        definition
+        created
+        modified
+        x_opencti_order
+        x_opencti_color
+    }
+    objectLabel {
+        id
+        value
+        color
+    }
+    externalReferences {
+        edges {
+            node {
+                id
+                standard_id
+                entity_type
+                source_name
+                description
+                url
+                hash
+                external_id
+                created
+                modified
+                importFiles {
+                    edges {
+                        node {
+                            id
+                            name
+                            size
+                            metaData {
+                                mimetype
+                                version
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+    revoked
+    confidence
+    created
+    modified
+    pattern_type
+    pattern_version
+    pattern
+    name
+    description
+    indicator_types
+    valid_from
+    valid_until
+    x_opencti_score
+    x_opencti_detection
+    x_opencti_main_observable_type
+    x_mitre_platforms
+    observables {
+        edges {
+            node {
+                id
+                entity_type
+                observable_value
+            }
+        }
+    }
+    killChainPhases {
+      id
+      standard_id
+      entity_type
+      kill_chain_name
+      phase_name
+      x_opencti_order
+      created
+      modified
+    }
+    importFiles {
+        edges {
+            node {
+                id
+                name
+                size
+                metaData {
+                    mimetype
+                    version
+                }
+            }
+        }
+    }
+"""

{pycti-6.1.13 → pycti-6.2.0}/pycti/entities/opencti_attack_pattern.py

@@ -395,6 +395,7 @@ class AttackPattern:
         kill_chain_phases = kwargs.get("killChainPhases", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         granted_refs = kwargs.get("objectOrganization", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
 
         if name is not None:
@@ -433,6 +434,7 @@ class AttackPattern:
                         "x_mitre_id": x_mitre_id,
                         "killChainPhases": kill_chain_phases,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
                     }
                 },
@@ -511,6 +513,10 @@ class AttackPattern:
                 stix_object["x_opencti_granted_refs"] = (
                     self.opencti.get_attribute_in_extension("granted_refs", stix_object)
                 )
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object["x_opencti_workflow_id"] = (
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
+                )
 
             return self.create(
                 stix_id=stix_object["id"],
@@ -579,6 +585,11 @@ class AttackPattern:
                     if "x_opencti_granted_refs" in stix_object
                     else None
                 ),
+                x_opencti_workflow_id=(
+                    stix_object["x_opencti_workflow_id"]
+                    if "x_opencti_workflow_id" in stix_object
+                    else None
+                ),
                 update=update,
             )
         else:

{pycti-6.1.13 → pycti-6.2.0}/pycti/entities/opencti_campaign.py

@@ -376,6 +376,7 @@ class Campaign:
         objective = kwargs.get("objective", None)
         granted_refs = kwargs.get("objectOrganization", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
 
         if name is not None:
@@ -412,6 +413,7 @@ class Campaign:
                         "last_seen": last_seen,
                         "objective": objective,
                         "update": update,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
                     }
                 },
@@ -443,6 +445,10 @@ class Campaign:
                 stix_object["x_opencti_granted_refs"] = (
                     self.opencti.get_attribute_in_extension("granted_refs", stix_object)
                 )
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object["x_opencti_workflow_id"] = (
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
+                )
 
             return self.create(
                 stix_id=stix_object["id"],
@@ -495,6 +501,11 @@ class Campaign:
                     if "x_opencti_granted_refs" in stix_object
                     else None
                 ),
+                x_opencti_workflow_id=(
+                    stix_object["x_opencti_workflow_id"]
+                    if "x_opencti_workflow_id" in stix_object
+                    else None
+                ),
                 update=update,
             )
         else:

{pycti-6.1.13 → pycti-6.2.0}/pycti/entities/opencti_case_rfi.py

@@ -680,6 +680,7 @@ class CaseRfi:
         description = kwargs.get("description", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         granted_refs = kwargs.get("objectOrganization", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
         information_types = kwargs.get("information_types", None)
 
@@ -714,6 +715,7 @@ class CaseRfi:
                         "name": name,
                         "description": description,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
                         "information_types": information_types,
                     }
@@ -836,6 +838,10 @@ class CaseRfi:
                 stix_object["x_opencti_granted_refs"] = (
                     self.opencti.get_attribute_in_extension("granted_refs", stix_object)
                 )
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object["x_opencti_workflow_id"] = (
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
+                )
 
             return self.create(
                 stix_id=stix_object["id"],
@@ -879,6 +885,11 @@ class CaseRfi:
                     if "x_opencti_granted_refs" in stix_object
                     else None
                 ),
+                x_opencti_workflow_id=(
+                    stix_object["x_opencti_workflow_id"]
+                    if "x_opencti_workflow_id" in stix_object
+                    else None
+                ),
                 update=update,
                 information_types=(
                     stix_object["information_types"]

{pycti-6.1.13 → pycti-6.2.0}/pycti/entities/opencti_case_rft.py

@@ -679,6 +679,7 @@ class CaseRft:
         description = kwargs.get("description", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         granted_refs = kwargs.get("objectOrganization", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
         takedown_types = kwargs.get("takedown_types", None)
 
@@ -713,6 +714,7 @@ class CaseRft:
                         "name": name,
                         "description": description,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
                         "takedown_types": takedown_types,
                     }
@@ -835,6 +837,10 @@ class CaseRft:
                 stix_object["x_opencti_granted_refs"] = (
                     self.opencti.get_attribute_in_extension("granted_refs", stix_object)
                 )
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object["x_opencti_workflow_id"] = (
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
+                )
 
             return self.create(
                 stix_id=stix_object["id"],
@@ -883,6 +889,11 @@ class CaseRft:
                     if "x_opencti_granted_refs" in stix_object
                     else None
                 ),
+                x_opencti_workflow_id=(
+                    stix_object["x_opencti_workflow_id"]
+                    if "x_opencti_workflow_id" in stix_object
+                    else None
+                ),
                 update=update,
             )
         else:

{pycti-6.1.13 → pycti-6.2.0}/pycti/entities/opencti_course_of_action.py

@@ -367,6 +367,7 @@ class CourseOfAction:
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         x_mitre_id = kwargs.get("x_mitre_id", None)
         granted_refs = kwargs.get("objectOrganization", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
 
         if name is not None:
@@ -401,6 +402,7 @@ class CourseOfAction:
                         "x_opencti_aliases": x_opencti_aliases,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
                         "x_mitre_id": x_mitre_id,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
                     }
                 },
@@ -459,6 +461,10 @@ class CourseOfAction:
                 stix_object["x_opencti_granted_refs"] = (
                     self.opencti.get_attribute_in_extension("granted_refs", stix_object)
                 )
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object["x_opencti_workflow_id"] = (
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
+                )
 
             return self.create(
                 stix_id=stix_object["id"],
@@ -503,6 +509,11 @@ class CourseOfAction:
                     if "x_opencti_granted_refs" in stix_object
                     else None
                 ),
+                x_opencti_workflow_id=(
+                    stix_object["x_opencti_workflow_id"]
+                    if "x_opencti_workflow_id" in stix_object
+                    else None
+                ),
                 update=update,
             )
         else:

{pycti-6.1.13 → pycti-6.2.0}/pycti/entities/opencti_data_component.py

@@ -406,6 +406,7 @@ class DataComponent:
         aliases = kwargs.get("aliases", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         granted_refs = kwargs.get("objectOrganization", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
 
         if name is not None:
@@ -443,6 +444,7 @@ class DataComponent:
                         "aliases": aliases,
                         "dataSource": dataSource,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
                     }
                 },
@@ -489,6 +491,10 @@ class DataComponent:
                 stix_object["x_opencti_granted_refs"] = (
                     self.opencti.get_attribute_in_extension("granted_refs", stix_object)
                 )
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object["x_opencti_workflow_id"] = (
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
+                )
 
             return self.opencti.data_component.create(
                 stix_id=stix_object["id"],
@@ -535,6 +541,11 @@ class DataComponent:
                     if "x_opencti_granted_refs" in stix_object
                     else None
                 ),
+                x_opencti_workflow_id=(
+                    stix_object["x_opencti_workflow_id"]
+                    if "x_opencti_workflow_id" in stix_object
+                    else None
+                ),
                 update=update,
             )
         else:

{pycti-6.1.13 → pycti-6.2.0}/pycti/entities/opencti_data_source.py

@@ -363,6 +363,7 @@ class DataSource:
         collection_layers = kwargs.get("collection_layers", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         granted_refs = kwargs.get("objectOrganization", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
 
         if name is not None:
@@ -399,6 +400,7 @@ class DataSource:
                         "x_mitre_platforms": platforms,
                         "collection_layers": collection_layers,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
                     }
                 },
@@ -445,6 +447,10 @@ class DataSource:
                 stix_object["x_opencti_granted_refs"] = (
                     self.opencti.get_attribute_in_extension("granted_refs", stix_object)
                 )
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object["x_opencti_workflow_id"] = (
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
+                )
 
             return self.opencti.data_source.create(
                 stix_id=stix_object["id"],
@@ -496,6 +502,11 @@ class DataSource:
                     if "x_opencti_granted_refs" in stix_object
                     else None
                 ),
+                x_opencti_workflow_id=(
+                    stix_object["x_opencti_workflow_id"]
+                    if "x_opencti_workflow_id" in stix_object
+                    else None
+                ),
                 update=update,
             )
         else:

{pycti-6.1.13 → pycti-6.2.0}/pycti/entities/opencti_feedback.py

@@ -645,6 +645,7 @@ class Feedback:
         rating = kwargs.get("rating", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         granted_refs = kwargs.get("objectOrganization", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
 
         if name is not None:
@@ -679,6 +680,7 @@ class Feedback:
                         "description": description,
                         "rating": rating,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
                     }
                 },
@@ -828,6 +830,10 @@ class Feedback:
                 stix_object["x_opencti_granted_refs"] = (
                     self.opencti.get_attribute_in_extension("granted_refs", stix_object)
                 )
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object["x_opencti_workflow_id"] = (
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
+                )
 
             return self.create(
                 stix_id=stix_object["id"],
@@ -872,6 +878,11 @@ class Feedback:
                     if "x_opencti_granted_refs" in stix_object
                     else None
                 ),
+                x_opencti_workflow_id=(
+                    stix_object["x_opencti_workflow_id"]
+                    if "x_opencti_workflow_id" in stix_object
+                    else None
+                ),
                 update=update,
             )
         else:

{pycti-6.1.13 → pycti-6.2.0}/pycti/entities/opencti_grouping.py

@@ -624,6 +624,7 @@ class Grouping:
         x_opencti_aliases = kwargs.get("x_opencti_aliases", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         granted_refs = kwargs.get("objectOrganization", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
 
         if name is not None and context is not None:
@@ -659,6 +660,7 @@ class Grouping:
                         "description": description,
                         "x_opencti_aliases": x_opencti_aliases,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
                     }
                 },
@@ -776,6 +778,10 @@ class Grouping:
                 stix_object["x_opencti_granted_refs"] = (
                     self.opencti.get_attribute_in_extension("granted_refs", stix_object)
                 )
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object["x_opencti_workflow_id"] = (
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
+                )
 
             return self.create(
                 stix_id=stix_object["id"],
@@ -821,6 +827,11 @@ class Grouping:
                     else None
                 ),
                 x_opencti_aliases=self.opencti.stix2.pick_aliases(stix_object),
+                x_opencti_workflow_id=(
+                    stix_object["x_opencti_workflow_id"]
+                    if "x_opencti_workflow_id" in stix_object
+                    else None
+                ),
                 update=update,
             )
         else:

{pycti-6.1.13 → pycti-6.2.0}/pycti/entities/opencti_identity.py

@@ -542,9 +542,7 @@ class Identity:
                 )
             if "x_opencti_workflow_id" not in stix_object:
                 stix_object["x_opencti_workflow_id"] = (
-                    self.opencti.get_attribute_in_extension(
-                        "x_opencti_workflow_id", stix_object
-                    )
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
                 )
 
             return self.create(