pycti 6.3.13__tar.gz → 6.4.0__tar.gz

{pycti-6.3.13 → pycti-6.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pycti
-Version: 6.3.13
+Version: 6.4.0
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran

{pycti-6.3.13 → pycti-6.4.0}/pycti/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.3.13"
+__version__ = "6.4.0"
 
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector

{pycti-6.3.13 → pycti-6.4.0}/pycti/api/opencti_api_client.py

@@ -213,6 +213,9 @@ class OpenCTIApiClient:
     def set_event_id(self, event_id):
         self.request_headers["opencti-event-id"] = event_id
 
+    def set_draft_id(self, draft_id):
+        self.request_headers["opencti-draft-id"] = draft_id
+
     def set_synchronized_upsert_header(self, synchronized):
         self.request_headers["synchronized-upsert"] = (
             "true" if synchronized is True else "false"
@@ -666,6 +669,34 @@ class OpenCTIApiClient:
             self.app_logger.error("[upload] Missing parameter: file_name")
             return None
 
+    def create_draft(self, **kwargs):
+        """create a draft in OpenCTI API
+        :param `**kwargs`: arguments for file name creating draft (required: `draft_name`)
+        :return: returns the query response for the draft creation
+        :rtype: id
+        """
+
+        draft_name = kwargs.get("draft_name", None)
+        entity_id = kwargs.get("entity_id", None)
+
+        if draft_name is not None:
+            self.app_logger.info("Creating a draft.")
+            query = """
+                    mutation draftWorkspaceAdd($input: DraftWorkspaceAddInput!) {
+                        draftWorkspaceAdd(input: $input) {
+                            id
+                        }
+                    }
+                 """
+            queryResult = self.query(
+                query,
+                {"input": {"name": draft_name, "entity_id": entity_id}},
+            )
+            return queryResult["data"]["draftWorkspaceAdd"]["id"]
+        else:
+            self.app_logger.error("[create_draft] Missing parameter: draft_name")
+            return None
+
     def upload_pending_file(self, **kwargs):
         """upload a file to OpenCTI API
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/connector/opencti_connector_helper.py

@@ -253,10 +253,18 @@ class ListenQueue(threading.Thread):
             event_data = json_data["event"]
             entity_id = event_data.get("entity_id")
             entity_type = event_data.get("entity_type")
+            validation_mode = event_data.get("validation_mode", "workbench")
             # Set the API headers
-            work_id = json_data["internal"]["work_id"]
+            internal_data = json_data["internal"]
+            work_id = internal_data["work_id"]
+            draft_id = internal_data.get("draft_id", "")
             self.helper.work_id = work_id
 
+            self.helper.validation_mode = validation_mode
+            self.helper.draft_id = draft_id
+            self.helper.api.set_draft_id(draft_id)
+            self.helper.api_impersonate.set_draft_id(draft_id)
+
             self.helper.playbook = None
             self.helper.enrichment_shared_organizations = None
             if self.helper.connect_type == "INTERNAL_ENRICHMENT":
@@ -952,6 +960,8 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
             "Connector registered with ID", {"id": self.connect_id}
         )
         self.work_id = None
+        self.validation_mode = "workbench"
+        self.draft_id = None
         self.playbook = None
         self.enrichment_shared_organizations = None
         self.connector_id = connector_configuration["id"]
@@ -1550,6 +1560,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         """send a stix2 bundle to the API
 
         :param work_id: a valid work id
+        :param draft_id: a draft context to send the bundle to
         :param bundle: valid stix2 bundle
         :type bundle:
         :param entities_types: list of entities, defaults to None
@@ -1563,6 +1574,8 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         :rtype: list
         """
         work_id = kwargs.get("work_id", self.work_id)
+        validation_mode = kwargs.get("validation_mode", self.validation_mode)
+        draft_id = kwargs.get("draft_id", self.draft_id)
         entities_types = kwargs.get("entities_types", None)
         update = kwargs.get("update", False)
         event_version = kwargs.get("event_version", None)
@@ -1627,14 +1640,23 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         # Upload workbench in case of pending validation
         if not file_name and work_id:
             file_name = f"{work_id}.json"
+
         if self.connect_validate_before_import and not bypass_validation and file_name:
-            self.api.upload_pending_file(
-                file_name=file_name,
-                data=bundle,
-                mime_type="application/json",
-                entity_id=entity_id,
-            )
-            return []
+            if validation_mode == "workbench":
+                self.api.upload_pending_file(
+                    file_name=file_name,
+                    data=bundle,
+                    mime_type="application/json",
+                    entity_id=entity_id,
+                )
+                return []
+            elif validation_mode == "draft" and not draft_id:
+                draft_id = self.api.create_draft(
+                    draft_name=file_name, entity_id=entity_id
+                )
+                if not draft_id:
+                    self.connector_logger.error("Draft couldn't be created")
+                    return []
 
         # If directory setup, write the bundle to the target directory
         if bundle_send_to_directory and bundle_send_to_directory_path is not None:
@@ -1749,6 +1771,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
                         entities_types=entities_types,
                         sequence=sequence,
                         update=update,
+                        draft_id=draft_id,
                     )
                 channel.close()
                 pika_connection.close()
@@ -1774,11 +1797,14 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         :type entities_types: list, optional
         :param update: whether to update data in the database, defaults to False
         :type update: bool, optional
+        :param draft_id: if draft_id is set, bundle must be set in draft context
+        :type draft_id:
         """
         work_id = kwargs.get("work_id", None)
         sequence = kwargs.get("sequence", 0)
         update = kwargs.get("update", False)
         entities_types = kwargs.get("entities_types", None)
+        draft_id = kwargs.get("draft_id", None)
 
         if entities_types is None:
             entities_types = []
@@ -1800,6 +1826,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
                 "utf-8"
             ),
             "update": update,
+            "draft_id": draft_id,
         }
         if work_id is not None:
             message["work_id"] = work_id

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/indicator/opencti_indicator_properties.py

@@ -92,6 +92,10 @@ INDICATOR_PROPERTIES = """
     x_opencti_score
     x_opencti_detection
     x_opencti_main_observable_type
+    x_opencti_observable_values {
+        type
+        value
+    }
     x_mitre_platforms
     observables {
         edges {
@@ -220,6 +224,10 @@ INDICATOR_PROPERTIES_WITH_FILES = """
     x_opencti_score
     x_opencti_detection
     x_opencti_main_observable_type
+    x_opencti_observable_values {
+        type
+        value
+    }
     x_mitre_platforms
     observables {
         edges {

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_attack_pattern.py

@@ -222,15 +222,19 @@ class AttackPattern:
 
     @staticmethod
     def generate_id(name, x_mitre_id=None):
-        name = name.lower().strip()
         if x_mitre_id is not None:
             data = {"x_mitre_id": x_mitre_id}
         else:
-            data = {"name": name}
+            data = {"name": name.lower().strip()}
         data = canonicalize(data, utf8=False)
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "attack-pattern--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        external_id = data.get("x_mitre_id") or data.get("x_opencti_external_id")
+        return AttackPattern.generate_id(data.get("name"), external_id)
+
     """
         List Attack-Pattern objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_campaign.py

@@ -216,6 +216,10 @@ class Campaign:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "campaign--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Campaign.generate_id(data["name"])
+
     """
         List Campaign objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_case_incident.py

@@ -461,6 +461,10 @@ class CaseIncident:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "case-incident--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return CaseIncident.generate_id(data["name"], data["created"])
+
     """
         List Case Incident objects
         

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_case_rfi.py

@@ -457,6 +457,10 @@ class CaseRfi:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "case-rfi--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return CaseRfi.generate_id(data["name"], data["created"])
+
     """
         List Case Rfi objects
         

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_case_rft.py

@@ -457,6 +457,10 @@ class CaseRft:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "case-rft--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return CaseRft.generate_id(data["name"], data["created"])
+
     """
         List Case Rft objects
         

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_channel.py

@@ -212,6 +212,10 @@ class Channel:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "channel--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Channel.generate_id(data["name"])
+
     """
         List Channel objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_course_of_action.py

@@ -196,15 +196,18 @@ class CourseOfAction:
 
     @staticmethod
     def generate_id(name, x_mitre_id=None):
-        name = name.lower().strip()
         if x_mitre_id is not None:
             data = {"x_mitre_id": x_mitre_id}
         else:
-            data = {"name": name}
+            data = {"name": name.lower().strip()}
         data = canonicalize(data, utf8=False)
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "course-of-action--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return CourseOfAction.generate_id(data.get("name"), data.get("x_mitre_id"))
+
     """
         List Course-Of-Action objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_data_component.py

@@ -246,6 +246,10 @@ class DataComponent:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "data-component--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return DataComponent.generate_id(data["name"])
+
     """
         List Data-Component objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_data_source.py

@@ -204,6 +204,10 @@ class DataSource:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "data-source--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return DataSource.generate_id(data["name"])
+
     """
         List Data-Source objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_event.py

@@ -216,6 +216,10 @@ class Event:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "event--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Event.generate_id(data["name"])
+
     """
         List Event objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_external_reference.py

@@ -68,6 +68,12 @@ class ExternalReference:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "external-reference--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return ExternalReference.generate_id(
+            data.get("url"), data.get("source_name"), data.get("external_id")
+        )
+
     """
         List External-Reference objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_feedback.py

@@ -419,6 +419,10 @@ class Feedback:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "feedback--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Feedback.generate_id(data["name"])
+
     """
         List Feedback objects
         

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_grouping.py

@@ -396,16 +396,23 @@ class Grouping:
         """
 
     @staticmethod
-    def generate_id(name, context, created):
+    def generate_id(name, context, created=None):
         name = name.lower().strip()
         context = context.lower().strip()
         if isinstance(created, datetime.datetime):
             created = created.isoformat()
-        data = {"name": name, "context": context, "created": created}
+        if created is None:
+            data = {"name": name, "context": context}
+        else:
+            data = {"name": name, "context": context, "created": created}
         data = canonicalize(data, utf8=False)
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "grouping--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Grouping.generate_id(data["name"], data["context"], data["created"])
+
     """
         List Grouping objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_identity.py

@@ -226,12 +226,15 @@ class Identity:
 
     @staticmethod
     def generate_id(name, identity_class):
-        name = name.lower().strip()
-        data = {"name": name, "identity_class": identity_class}
+        data = {"name": name.lower().strip(), "identity_class": identity_class.lower()}
         data = canonicalize(data, utf8=False)
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "identity--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Identity.generate_id(data["name"], data["identity_class"])
+
     """
         List Identity objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_incident.py

@@ -225,6 +225,10 @@ class Incident:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "incident--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Incident.generate_id(data["name"], data["created"])
+
     """
         List Incident objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_indicator.py

@@ -29,6 +29,10 @@ class Indicator:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "indicator--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Indicator.generate_id(data["pattern"])
+
     def list(self, **kwargs):
         """List Indicator objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_infrastructure.py

@@ -239,6 +239,10 @@ class Infrastructure:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "infrastructure--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Infrastructure.generate_id(data["name"])
+
     def list(self, **kwargs):
         """List Infrastructure objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_intrusion_set.py

@@ -222,6 +222,10 @@ class IntrusionSet:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "intrusion-set--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return IntrusionSet.generate_id(data["name"])
+
     """
         List Intrusion-Set objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_kill_chain_phase.py

@@ -28,6 +28,10 @@ class KillChainPhase:
             phase_name=phase_name, kill_chain_name=kill_chain_name
         )
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return KillChainPhase.generate_id(data["phase_name"], data["kill_chain_name"])
+
     """
         List Kill-Chain-Phase objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_language.py

@@ -224,6 +224,10 @@ class Language:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "language--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Language.generate_id(data["name"])
+
     """
         List Language objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_location.py

@@ -210,15 +210,33 @@ class Location:
 
     @staticmethod
     def generate_id(name, x_opencti_location_type, latitude=None, longitude=None):
-        name = name.lower().strip()
-        if x_opencti_location_type == "position":
-            data = {"name": name, "latitude": latitude, "longitude": longitude}
+        if x_opencti_location_type == "Position":
+            if latitude is not None and longitude is None:
+                data = {"latitude": latitude}
+            elif latitude is None and longitude is not None:
+                data = {"longitude": longitude}
+            elif latitude is not None and longitude is not None:
+                data = {"latitude": latitude, "longitude": longitude}
+            else:
+                data = {"name": name.lower().strip()}
         else:
-            data = {"name": name, "x_opencti_location_type": x_opencti_location_type}
+            data = {
+                "name": name.lower().strip(),
+                "x_opencti_location_type": x_opencti_location_type,
+            }
         data = canonicalize(data, utf8=False)
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "location--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Location.generate_id(
+            data.get("name"),
+            data.get("x_opencti_location_type"),
+            data.get("latitude"),
+            data.get("longitude"),
+        )
+
     """
         List Location objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_malware.py

@@ -250,6 +250,10 @@ class Malware:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "malware--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Malware.generate_id(data["name"])
+
     """
         List Malware objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_malware_analysis.py

@@ -219,13 +219,21 @@ class MalwareAnalysis:
         """
 
     @staticmethod
-    def generate_id(result_name):
+    def generate_id(result_name, product=None, submitted=None):
         result_name = result_name.lower().strip()
-        data = {"result_name": result_name}
+        data = {"result_name": result_name, "product": product}
+        if submitted is not None:
+            data = {**data, "submitted": submitted}
         data = canonicalize(data, utf8=False)
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "malware-analysis--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return MalwareAnalysis.generate_id(
+            data["result_name"], data["product"], data.get("submitted")
+        )
+
     """
         List Malware analysis objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_marking_definition.py

@@ -31,6 +31,12 @@ class MarkingDefinition:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "marking-definition--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return MarkingDefinition.generate_id(
+            data["definition"], data["definition_type"]
+        )
+
     """
         List Marking-Definition objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_narrative.py

@@ -202,6 +202,10 @@ class Narrative:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "narrative--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Narrative.generate_id(data["name"])
+
     """
         List Narrative objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_note.py

@@ -436,14 +436,22 @@ class Note:
 
     @staticmethod
     def generate_id(created, content):
-        content = content.lower().strip()
-        if isinstance(created, datetime.datetime):
-            created = created.isoformat()
-        data = {"content": content, "created": created}
+        if content is None:
+            raise ValueError("content is required")
+        if created is not None:
+            if isinstance(created, datetime.datetime):
+                created = created.isoformat()
+            data = {"content": content, "created": created}
+        else:
+            data = {"content": content}
         data = canonicalize(data, utf8=False)
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "note--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Note.generate_id(data.get("created"), data["content"])
+
     """
         List Note objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_observed_data.py

@@ -439,6 +439,10 @@ class ObservedData:
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "observed-data--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return ObservedData.generate_id(data["object_refs"])
+
     """
         List ObservedData objects
 

{pycti-6.3.13 → pycti-6.4.0}/pycti/entities/opencti_opinion.py

@@ -1,8 +1,10 @@
 # coding: utf-8
-
+import datetime
 import json
 import uuid
 
+from stix2.canonicalization.Canonicalize import canonicalize
+
 
 class Opinion:
     def __init__(self, opencti):
@@ -211,8 +213,22 @@ class Opinion:
         """
 
     @staticmethod
-    def generate_id():
-        return "opinion--" + str(uuid.uuid4())
+    def generate_id(created, opinion):
+        if opinion is None:
+            raise ValueError("opinion is required")
+        if created is not None:
+            if isinstance(created, datetime.datetime):
+                created = created.isoformat()
+            data = {"opinion": opinion, "created": created}
+        else:
+            data = {"opinion": opinion}
+        data = canonicalize(data, utf8=False)
+        id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
+        return "opinion--" + id
+
+    @staticmethod
+    def generate_id_from_data(data):
+        return Opinion.generate_id(data.get("created"), data["opinion"])
 
     """
         List Opinion objects