pycti 6.2.10__tar.gz → 6.2.12__tar.gz

{pycti-6.2.10 → pycti-6.2.12}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pycti
-Version: 6.2.10
+Version: 6.2.12
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran
@@ -23,6 +23,7 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: datefinder~=0.7.3
 Requires-Dist: pika~=1.3.0
+Requires-Dist: pydantic~=2.8.2
 Requires-Dist: python-magic~=0.4.27; sys_platform == "linux" or sys_platform == "darwin"
 Requires-Dist: python-magic-bin~=0.4.14; sys_platform == "win32"
 Requires-Dist: python_json_logger~=2.0.4

{pycti-6.2.10 → pycti-6.2.12}/pycti/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.2.10"
+__version__ = "6.2.12"
 
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector

{pycti-6.2.10 → pycti-6.2.12}/pycti/api/opencti_api_connector.py

@@ -10,6 +10,43 @@ class OpenCTIApiConnector:
     def __init__(self, api):
         self.api = api
 
+    def read(self, connector_id: str) -> Dict:
+        """Reading the connector and its details
+
+        :return: return all the connector details
+        :rtype: dict
+        """
+        self.api.app_logger.info("[INFO] Getting connector details ...")
+        query = """
+            query GetConnector($id: String!) {
+                connector(id: $id) {
+                    id
+                    name
+                    active
+                    auto
+                    only_contextual
+                    connector_type
+                    connector_scope
+                    connector_state
+                    connector_queue_details {
+                        messages_number
+                        messages_size
+                    }
+                updated_at
+                created_at
+                config {
+                    listen
+                    listen_exchange
+                    push
+                    push_exchange
+                  }
+                built_in
+                }
+              }
+        """
+        result = self.api.query(query, {"id": connector_id})
+        return result["data"]["connector"]
+
     def list(self) -> Dict:
         """list available connectors
 
@@ -41,27 +78,44 @@ class OpenCTIApiConnector:
         result = self.api.query(query)
         return result["data"]["connectorsForWorker"]
 
-    def ping(self, connector_id: str, connector_state: Any) -> Dict:
+    def ping(
+        self, connector_id: str, connector_state: Any, connector_info: Dict
+    ) -> Dict:
         """pings a connector by id and state
 
         :param connector_id: the connectors id
         :type connector_id: str
         :param connector_state: state for the connector
         :type connector_state:
+        :param connector_info: all details connector
+        :type connector_info: Dict
         :return: the response pingConnector data dict
         :rtype: dict
         """
 
         query = """
-            mutation PingConnector($id: ID!, $state: String) {
-                pingConnector(id: $id, state: $state) {
+            mutation PingConnector($id: ID!, $state: String, $connectorInfo: ConnectorInfoInput ) {
+                pingConnector(id: $id, state: $state, connectorInfo: $connectorInfo) {
                     id
                     connector_state
+                    connector_info {
+                        run_and_terminate
+                        buffering
+                        queue_threshold
+                        queue_messages_size
+                        next_run_datetime
+                        last_run_datetime
+                    }   
                 }
             }
            """
         result = self.api.query(
-            query, {"id": connector_id, "state": json.dumps(connector_state)}
+            query,
+            {
+                "id": connector_id,
+                "state": json.dumps(connector_state),
+                "connectorInfo": connector_info,
+            },
         )
         return result["data"]["pingConnector"]
 

{pycti-6.2.10 → pycti-6.2.12}/pycti/connector/opencti_connector_helper.py

@@ -5,6 +5,7 @@ import datetime
 import json
 import os
 import queue
+import sched
 import signal
 import ssl
 import sys
@@ -12,12 +13,14 @@ import tempfile
 import threading
 import time
 import uuid
+from enum import Enum
 from queue import Queue
 from typing import Callable, Dict, List, Optional, Union
 
 import pika
 from filigran_sseclient import SSEClient
 from pika.exceptions import NackError, UnroutableError
+from pydantic import TypeAdapter
 
 from pycti.api.opencti_api_client import OpenCTIApiClient
 from pycti.connector.opencti_connector import OpenCTIConnector
@@ -419,7 +422,14 @@ class ListenQueue(threading.Thread):
 
 class PingAlive(threading.Thread):
     def __init__(
-        self, connector_logger, connector_id, api, get_state, set_state, metric
+        self,
+        connector_logger,
+        connector_id,
+        api,
+        get_state,
+        set_state,
+        metric,
+        connector_info,
     ) -> None:
         threading.Thread.__init__(self, daemon=True)
         self.connector_logger = connector_logger
@@ -430,13 +440,20 @@ class PingAlive(threading.Thread):
         self.set_state = set_state
         self.exit_event = threading.Event()
         self.metric = metric
+        self.connector_info = connector_info
 
     def ping(self) -> None:
         while not self.exit_event.is_set():
             try:
                 self.connector_logger.debug("PingAlive running.")
                 initial_state = self.get_state()
-                result = self.api.connector.ping(self.connector_id, initial_state)
+                connector_info = self.connector_info.all_details
+                self.connector_logger.debug(
+                    "PingAlive ConnectorInfo", {"connector_info": connector_info}
+                )
+                result = self.api.connector.ping(
+                    self.connector_id, initial_state, connector_info
+                )
                 remote_state = (
                     json.loads(result["connector_state"])
                     if result["connector_state"] is not None
@@ -646,6 +663,83 @@ class ListenStream(threading.Thread):
         self.exit_event.set()
 
 
+class ConnectorInfo:
+    def __init__(
+        self,
+        run_and_terminate: bool = False,
+        buffering: bool = False,
+        queue_threshold: float = 500,
+        queue_messages_size: float = 0,
+        next_run_datetime: datetime = None,
+        last_run_datetime: datetime = None,
+    ):
+        self._run_and_terminate = run_and_terminate
+        self._buffering = buffering
+        self._queue_threshold = queue_threshold
+        self._queue_messages_size = queue_messages_size
+        self._next_run_datetime = next_run_datetime
+        self._last_run_datetime = last_run_datetime
+
+    @property
+    def all_details(self):
+        return {
+            "run_and_terminate": self._run_and_terminate,
+            "buffering": self._buffering,
+            "queue_threshold": self._queue_threshold,
+            "queue_messages_size": self._queue_messages_size,
+            "next_run_datetime": self._next_run_datetime,
+            "last_run_datetime": self._last_run_datetime,
+        }
+
+    @property
+    def run_and_terminate(self) -> bool:
+        return self._run_and_terminate
+
+    @run_and_terminate.setter
+    def run_and_terminate(self, value):
+        self._run_and_terminate = value
+
+    @property
+    def buffering(self) -> bool:
+        return self._buffering
+
+    @buffering.setter
+    def buffering(self, value):
+        self._buffering = value
+
+    @property
+    def queue_threshold(self) -> float:
+        return self._queue_threshold
+
+    @queue_threshold.setter
+    def queue_threshold(self, value):
+        self._queue_threshold = value
+
+    @property
+    def queue_messages_size(self) -> float:
+        return self._queue_messages_size
+
+    @queue_messages_size.setter
+    def queue_messages_size(self, value):
+        self._queue_messages_size = value
+
+    @property
+    def next_run_datetime(self) -> datetime:
+        return self._next_run_datetime
+
+    @next_run_datetime.setter
+    def next_run_datetime(self, value):
+        self._next_run_datetime = value
+
+    @property
+    def last_run_datetime(self) -> datetime:
+        return self._last_run_datetime
+
+    @last_run_datetime.setter
+    def last_run_datetime(self, value):
+        self._last_run_datetime = value
+
+
 class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
     """Python API for OpenCTI connector
 
@@ -653,6 +747,14 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
     :type config: Dict
     """
 
+    class TimeUnit(Enum):
+        SECONDS = 1
+        MINUTES = 60
+        HOURS = 3600
+        DAYS = 86400
+        WEEKS = 604800
+        YEARS = 31536000
+
     def __init__(self, config: Dict, playbook_compatible=False) -> None:
         sys.excepthook = killProgramHook
 
@@ -677,6 +779,15 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         self.connect_type = get_config_variable(
             "CONNECTOR_TYPE", ["connector", "type"], config
         )
+        self.connect_queue_threshold = get_config_variable(
+            "CONNECTOR_QUEUE_THRESHOLD",
+            ["connector", "queue_threshold"],
+            config,
+            default=500,  # Mo
+        )
+        self.connect_duration_period = get_config_variable(
+            "CONNECTOR_DURATION_PERIOD", ["connector", "duration_period"], config
+        )
         self.connect_live_stream_id = get_config_variable(
             "CONNECTOR_LIVE_STREAM_ID",
             ["connector", "live_stream_id"],
@@ -775,6 +886,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
             False,
             False,
         )
+        self.scheduler = sched.scheduler(time.time, time.sleep)
         # Start up the server to expose the metrics.
         expose_metrics = get_config_variable(
             "CONNECTOR_EXPOSE_METRICS",
@@ -786,7 +898,8 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         metrics_port = get_config_variable(
             "CONNECTOR_METRICS_PORT", ["connector", "metrics_port"], config, True, 9095
         )
-
+        # Initialize ConnectorInfo instance
+        self.connector_info = ConnectorInfo()
         # Initialize configuration
         # - Classic API that will be directly attached to the connector rights
         self.api = OpenCTIApiClient(
@@ -881,15 +994,34 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
 
         # Start ping thread
         if not self.connect_run_and_terminate:
-            self.ping = PingAlive(
-                self.connector_logger,
-                self.connector.id,
-                self.api,
-                self.get_state,
-                self.set_state,
-                self.metric,
-            )
-            self.ping.start()
+
+            is_run_and_terminate = False
+            if self.connect_duration_period == 0:
+                is_run_and_terminate = True
+
+            if isinstance(self.connect_duration_period, str):
+                if self.connect_duration_period == "0":
+                    is_run_and_terminate = True
+                else:
+                    # Calculates and validate the duration period in seconds
+                    timedelta_adapter = TypeAdapter(datetime.timedelta)
+                    td = timedelta_adapter.validate_python(self.connect_duration_period)
+                    duration_period_in_seconds = int(td.total_seconds())
+
+                    if duration_period_in_seconds == 0:
+                        is_run_and_terminate = True
+
+            if self.connect_duration_period is None or not is_run_and_terminate:
+                self.ping = PingAlive(
+                    self.connector_logger,
+                    self.connector.id,
+                    self.api,
+                    self.get_state,
+                    self.set_state,
+                    self.metric,
+                    self.connector_info,
+                )
+                self.ping.start()
 
         # self.listen_stream = None
         self.listen_queue = None
@@ -972,7 +1104,13 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
     def force_ping(self):
         try:
             initial_state = self.get_state()
-            result = self.api.connector.ping(self.connector_id, initial_state)
+            connector_info = self.connector_info.all_details
+            self.connector_logger.debug(
+                "ForcePing ConnectorInfo", {"connector_info": connector_info}
+            )
+            result = self.api.connector.ping(
+                self.connector_id, initial_state, connector_info
+            )
             remote_state = (
                 json.loads(result["connector_state"])
                 if result["connector_state"] is not None
@@ -980,11 +1118,292 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
                 else None
             )
             if initial_state != remote_state:
-                self.api.connector.ping(self.connector_id, initial_state)
+                self.api.connector.ping(
+                    self.connector_id, initial_state, connector_info
+                )
         except Exception as e:  # pylint: disable=broad-except
             self.metric.inc("error_count")
             self.connector_logger.error("Error pinging the API", {"reason": str(e)})
 
+    def next_run_datetime(self, duration_period_in_seconds: Union[int, float]) -> None:
+        """
+        Lets you know what the next run of the scheduler will be in iso datetime format
+
+        :param duration_period_in_seconds: Duration in seconds
+        :return: None
+        """
+        try:
+            duration_timedelta = datetime.timedelta(seconds=duration_period_in_seconds)
+            next_datetime = datetime.datetime.utcnow() + duration_timedelta
+            # Set next_run_datetime
+            self.connector_info.next_run_datetime = next_datetime.strftime(
+                "%Y-%m-%dT%H:%M:%SZ"
+            )
+            self.connector_logger.info(
+                "[INFO] Schedule next run of connector: ",
+                {"next_run_datetime": self.connector_info.next_run_datetime},
+            )
+            return
+        except Exception as err:
+            self.metric.inc("error_count")
+            self.connector_logger.error(
+                "[ERROR] An error occurred while calculating the next run in datetime",
+                {"reason": str(err)},
+            )
+            sys.excepthook(*sys.exc_info())
+
+    def last_run_datetime(self) -> None:
+        """
+        Lets you know what the last run of the connector the scheduler processed, will be in iso datetime format
+
+        :return: None
+        """
+        try:
+            current_datetime = datetime.datetime.utcnow()
+            # Set last_run_datetime
+            self.connector_info.last_run_datetime = current_datetime.strftime(
+                "%Y-%m-%dT%H:%M:%SZ"
+            )
+            return
+        except Exception as err:
+            self.metric.inc("error_count")
+            self.connector_logger.error(
+                "[ERROR] An error occurred while converting the last run in datetime",
+                {"reason": str(err)},
+            )
+            sys.excepthook(*sys.exc_info())
+
+    def check_connector_buffering(self) -> bool:
+        """
+        Lets you know if the RabbitMQ queue has exceeded the allowed threshold defined by the connector or not
+        :return: boolean
+        """
+        try:
+            connector_details = self.api.connector.read(connector_id=self.connector_id)
+
+            if connector_details and connector_details.get("id") is not None:
+                connector_queue_id = connector_details["id"]
+                connector_queue_details = connector_details["connector_queue_details"]
+
+                queue_messages_size_byte = connector_queue_details["messages_size"]
+                queue_threshold = self.connect_queue_threshold
+
+                # Convert queue_messages_size to Mo (decimal)
+                queue_messages_size_mo = queue_messages_size_byte / 1000000
+
+                self.connector_logger.debug(
+                    "[DEBUG] Connector queue details ...",
+                    {
+                        "connector_queue_id": connector_queue_id,
+                        "queue_threshold": queue_threshold,
+                        "messages_number": connector_queue_details["messages_number"],
+                        "queue_messages_size": queue_messages_size_mo,
+                    },
+                )
+
+                # Set the connector info
+                self.connector_info.queue_messages_size = queue_messages_size_mo
+                self.connector_info.queue_threshold = queue_threshold
+
+                if float(queue_messages_size_mo) < float(queue_threshold):
+                    # Set buffering
+                    self.connector_info.buffering = False
+                    return False
+                else:
+                    self.connector_logger.info(
+                        "[INFO] Connector will not run until the queue messages size is reduced under queue threshold"
+                    )
+                    # Set buffering
+                    self.connector_info.buffering = True
+                    return True
+
+            else:
+                self.metric.inc("error_count")
+                self.connector_logger.error(
+                    "[ERROR] An error occurred while retrieving connector details"
+                )
+                sys.excepthook(*sys.exc_info())
+        except Exception as err:
+            self.metric.inc("error_count")
+            self.connector_logger.error(
+                "[ERROR] An error occurred while checking the queue size",
+                {"reason": str(err)},
+            )
+            sys.excepthook(*sys.exc_info())
+
+    def schedule_unit(
+        self,
+        message_callback: Callable[[], None],
+        duration_period: Union[int, float, str],
+        time_unit: TimeUnit,
+    ) -> None:
+        """
+        This (deprecated) method is there to manage backward compatibility of intervals on connectors,
+        allows you to calculate the duration period of connectors in seconds with time_unit and will be
+        replaced by the "schedule_iso" method. It uses a TimeUnit enum.
+
+        :param message_callback: Corresponds to the connector process
+        :param duration_period: Corresponds to the connector interval, it can vary depending on the connector
+        configuration.
+        :param time_unit: The unit of time for the duration_period.
+        Enum TimeUnit Valid (YEARS, WEEKS, DAYS, HOURS, MINUTES, SECONDS)
+        :return: None
+        """
+        try:
+            # Calculates the duration period in seconds
+            time_unit_in_seconds = time_unit.value
+            duration_period_in_seconds = float(duration_period) * time_unit_in_seconds
+
+            # Start schedule_process
+            self.schedule_process(message_callback, duration_period_in_seconds)
+
+        except Exception as err:
+            self.metric.inc("error_count")
+            self.connector_logger.error(
+                "[ERROR] An unexpected error occurred during schedule_unit",
+                {"reason": str(err)},
+            )
+            sys.excepthook(*sys.exc_info())
+
+    def schedule_iso(
+        self, message_callback: Callable[[], None], duration_period: str
+    ) -> None:
+        """
+        This method allows you to calculate the duration period of connectors in seconds from ISO 8601 format
+        and start the scheduler process.
+
+        :param message_callback: Corresponds to the connector process
+        :param duration_period: Corresponds to a string in ISO 8601 format "P18Y9W4DT11H9M8S"
+        :return: None
+        """
+        try:
+            if duration_period == "0":
+                duration_period_in_seconds = 0
+            else:
+                # Calculates and validate the duration period in seconds
+                timedelta_adapter = TypeAdapter(datetime.timedelta)
+                td = timedelta_adapter.validate_python(duration_period)
+                duration_period_in_seconds = int(td.total_seconds())
+
+            # Start schedule_process
+            self.schedule_process(message_callback, duration_period_in_seconds)
+
+        except Exception as err:
+            self.metric.inc("error_count")
+            self.connector_logger.error(
+                "[ERROR] An unexpected error occurred during schedule_iso",
+                {"reason": str(err)},
+            )
+            sys.excepthook(*sys.exc_info())
+
+    def _schedule_process(
+        self,
+        scheduler: sched.scheduler,
+        message_callback: Callable[[], None],
+        duration_period: Union[int, float],
+    ) -> None:
+        """
+        When scheduling, the function retrieves the details of the connector queue,
+        and the connector process starts only if the size of the queue messages is less than or
+        equal to the queue_threshold variable.
+
+        :param scheduler: Scheduler contains a list of all tasks to be started
+        :param message_callback: Corresponds to the connector process
+        :param duration_period: Corresponds to the connector's interval
+        :return: None
+        """
+        try:
+            self.connector_logger.info("[INFO] Starting schedule")
+            check_connector_buffering = self.check_connector_buffering()
+
+            if not check_connector_buffering:
+                # Start running the connector
+                message_callback()
+                # Lets you know what is the last run of the connector datetime
+                self.last_run_datetime()
+
+        except Exception as err:
+            self.metric.inc("error_count")
+            self.connector_logger.error(
+                "[ERROR] An error occurred while checking the queue size",
+                {"reason": str(err)},
+            )
+            sys.excepthook(*sys.exc_info())
+
+        finally:
+            # Lets you know what the next run of the scheduler will be
+            self.next_run_datetime(duration_period)
+            # Then schedule the next execution
+            scheduler.enter(
+                duration_period,
+                1,
+                self._schedule_process,
+                (scheduler, message_callback, duration_period),
+            )
+
+    def schedule_process(
+        self, message_callback: Callable[[], None], duration_period: Union[int, float]
+    ) -> None:
+        """
+        This method schedules the execution of a connector process.
+        If `duration_period' is zero or `self.connect_run_and_terminate' is True, the process will run and terminate.
+        Otherwise, it schedules the next run based on the interval.
+
+        :param message_callback: Corresponds to the connector process
+        :param duration_period: Corresponds to the connector's interval in seconds
+        :return: None
+        """
+        try:
+            # In the case where the duration_period_converted is zero, we consider it to be a run and terminate
+            if self.connect_run_and_terminate or duration_period == 0:
+                self.connector_logger.info("[INFO] Starting run and terminate")
+                # Set run_and_terminate
+                self.connector_info.run_and_terminate = True
+                check_connector_buffering = self.check_connector_buffering()
+
+                if not check_connector_buffering:
+                    # Start running the connector
+                    message_callback()
+
+                # Lets you know what is the last run of the connector datetime
+                self.last_run_datetime()
+                self.connector_logger.info("[INFO] Closing run and terminate")
+                self.force_ping()
+                sys.exit(0)
+            else:
+                # Start running the connector
+                message_callback()
+                # Set queue_threshold and queue_messages_size for the first run
+                self.check_connector_buffering()
+                # Lets you know what is the last run of the connector datetime
+                self.last_run_datetime()
+                # Lets you know what the next run of the scheduler will be
+                self.next_run_datetime(duration_period)
+
+                # Then schedule the next execution
+                self.scheduler.enter(
+                    duration_period,
+                    1,
+                    self._schedule_process,
+                    (self.scheduler, message_callback, duration_period),
+                )
+                self.scheduler.run()
+
+        except SystemExit:
+            self.connector_logger.info("SystemExit caught, stopping the scheduler")
+            if self.connect_run_and_terminate:
+                self.connector_logger.info("[INFO] Closing run and terminate")
+                self.force_ping()
+                sys.exit(0)
+
+        except Exception as err:
+            self.metric.inc("error_count")
+            self.connector_logger.error(
+                "[ERROR] An unexpected error occurred during schedule",
+                {"reason": str(err)},
+            )
+            sys.excepthook(*sys.exc_info())
+
     def listen(
         self,
         message_callback: Callable[[Dict], str],

{pycti-6.2.10 → pycti-6.2.12}/pycti/entities/opencti_stix_core_object.py

@@ -359,6 +359,9 @@ class StixCoreObject:
                 x_opencti_cvss_attack_vector
                 x_opencti_cvss_integrity_impact
                 x_opencti_cvss_availability_impact
+                x_opencti_cisa_kev
+                x_opencti_epss_score
+                x_opencti_epss_percentile
             }
             ... on Incident {
                 name
@@ -1023,6 +1026,9 @@ class StixCoreObject:
                 x_opencti_cvss_attack_vector
                 x_opencti_cvss_integrity_impact
                 x_opencti_cvss_availability_impact
+                x_opencti_cisa_kev
+                x_opencti_epss_score
+                x_opencti_epss_percentile
             }
             ... on Incident {
                 name

{pycti-6.2.10 → pycti-6.2.12}/pycti/entities/opencti_stix_domain_object.py

@@ -482,6 +482,9 @@ class StixDomainObject:
                 x_opencti_cvss_attack_vector
                 x_opencti_cvss_integrity_impact
                 x_opencti_cvss_availability_impact
+                x_opencti_cisa_kev
+                x_opencti_epss_score
+                x_opencti_epss_percentile
             }
             ... on Incident {
                 name
@@ -977,6 +980,9 @@ class StixDomainObject:
                 x_opencti_cvss_attack_vector
                 x_opencti_cvss_integrity_impact
                 x_opencti_cvss_availability_impact
+                x_opencti_cisa_kev
+                x_opencti_epss_score
+                x_opencti_epss_percentile
             }
             ... on Incident {
                 name

{pycti-6.2.10 → pycti-6.2.12}/pycti/entities/opencti_stix_object_or_stix_relationship.py

@@ -298,6 +298,9 @@ class StixObjectOrStixRelationship:
                 x_opencti_cvss_attack_vector
                 x_opencti_cvss_integrity_impact
                 x_opencti_cvss_availability_impact
+                x_opencti_cisa_kev
+                x_opencti_epss_score
+                x_opencti_epss_percentile
             }
             ... on Incident {
                 name

{pycti-6.2.10 → pycti-6.2.12}/pycti/entities/opencti_vulnerability.py

@@ -106,6 +106,8 @@ class Vulnerability:
             x_opencti_cvss_availability_impact
             x_opencti_cvss_confidentiality_impact
             x_opencti_cisa_kev
+            x_opencti_epss_score
+            x_opencti_epss_percentile
             importFiles {
                 edges {
                     node {
@@ -285,6 +287,8 @@ class Vulnerability:
         x_opencti_cvss_base_severity = kwargs.get("x_opencti_cvss_base_severity", None)
         x_opencti_cvss_attack_vector = kwargs.get("x_opencti_cvss_attack_vector", None)
         x_opencti_cisa_kev = kwargs.get("x_opencti_cisa_kev", None)
+        x_opencti_epss_score = kwargs.get("x_opencti_epss_score", None)
+        x_opencti_epss_percentile = kwargs.get("x_opencti_epss_percentile", None)
         x_opencti_cvss_integrity_impact = kwargs.get(
             "x_opencti_cvss_integrity_impact", None
         )
@@ -336,6 +340,8 @@ class Vulnerability:
                         "x_opencti_cvss_availability_impact": x_opencti_cvss_availability_impact,
                         "x_opencti_cvss_confidentiality_impact": x_opencti_cvss_confidentiality_impact,
                         "x_opencti_cisa_kev": x_opencti_cisa_kev,
+                        "x_opencti_epss_score": x_opencti_epss_score,
+                        "x_opencti_epss_percentile": x_opencti_epss_percentile,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
                         "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
@@ -444,6 +450,16 @@ class Vulnerability:
                 stix_object["x_opencti_cisa_kev"] = (
                     self.opencti.get_attribute_in_extension("cisa_kev", stix_object)
                 )
+            if "x_opencti_epss_score" not in stix_object:
+                stix_object["x_opencti_epss_score"] = (
+                    self.opencti.get_attribute_in_extension("epss_score", stix_object)
+                )
+            if "x_opencti_epss_percentile" not in stix_object:
+                stix_object["x_opencti_epss_percentile"] = (
+                    self.opencti.get_attribute_in_extension(
+                        "epss_percentile", stix_object
+                    )
+                )
 
             return self.create(
                 stix_id=stix_object["id"],
@@ -531,6 +547,16 @@ class Vulnerability:
                     if "x_opencti_cisa_kev" in stix_object
                     else None
                 ),
+                x_opencti_epss_score=(
+                    stix_object["x_opencti_epss_score"]
+                    if "x_opencti_epss_score" in stix_object
+                    else None
+                ),
+                x_opencti_epss_percentile=(
+                    stix_object["x_opencti_epss_percentile"]
+                    if "x_opencti_epss_percentile" in stix_object
+                    else None
+                ),
                 update=update,
             )
         else:

{pycti-6.2.10 → pycti-6.2.12}/pycti.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pycti
-Version: 6.2.10
+Version: 6.2.12
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran
@@ -23,6 +23,7 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: datefinder~=0.7.3
 Requires-Dist: pika~=1.3.0
+Requires-Dist: pydantic~=2.8.2
 Requires-Dist: python-magic~=0.4.27; sys_platform == "linux" or sys_platform == "darwin"
 Requires-Dist: python-magic-bin~=0.4.14; sys_platform == "win32"
 Requires-Dist: python_json_logger~=2.0.4

{pycti-6.2.10 → pycti-6.2.12}/pycti.egg-info/requires.txt

@@ -1,5 +1,6 @@
 datefinder~=0.7.3
 pika~=1.3.0
+pydantic~=2.8.2
 python_json_logger~=2.0.4
 PyYAML~=6.0
 requests~=2.32.2

{pycti-6.2.10 → pycti-6.2.12}/setup.cfg

@@ -36,6 +36,7 @@ include_package_data = True
 install_requires = 
 	datefinder~=0.7.3
 	pika~=1.3.0
+	pydantic~=2.8.2
 	python-magic~=0.4.27; sys_platform == 'linux' or sys_platform == 'darwin'
 	python-magic-bin~=0.4.14; sys_platform == 'win32'
 	python_json_logger~=2.0.4