PyPI - pycti - Versions diffs - 6.3.2__tar.gz → 6.3.4__tar.gz - Mend

pycti 6.3.2tar.gz → 6.3.4tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pycti might be problematic. Click here for more details.

Files changed (79) hide show

{pycti-6.3.2 → pycti-6.3.4}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pycti
-Version: 6.3.2
+Version: 6.3.4
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran

{pycti-6.3.2 → pycti-6.3.4}/pycti/__init__.py RENAMED Viewed

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.3.2"
+__version__ = "6.3.4"
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector

{pycti-6.3.2 → pycti-6.3.4}/pycti/utils/opencti_stix2.py RENAMED Viewed

@@ -2280,6 +2280,12 @@ class OpenCTIStix2:
         do_list = lister.get(
             entity_type, lambda **kwargs: self.unknown_type({"type": entity_type})
         )
+        if getAll and (orderBy is None or orderBy == "_score"):
+            orderBy = "created_at"
+            if orderMode is None:
+                orderMode = "desc"
         # noinspection PyTypeChecker
         return do_list(
             search=search,

{pycti-6.3.2 → pycti-6.3.4}/pycti/utils/opencti_stix2_splitter.py RENAMED Viewed

@@ -10,19 +10,24 @@ from pycti.utils.opencti_stix2_identifier import (
 )
 from pycti.utils.opencti_stix2_utils import (
     STIX_CYBER_OBSERVABLE_MAPPING,
-    SUPPORTED_STIX_DOMAIN_OBJECTS,
+    SUPPORTED_STIX_ENTITY_OBJECTS,
 )
+OPENCTI_EXTENSION = "extension-definition--ea279b3e-5c71-4632-ac08-831c66a786ba"
 supported_types = (
-    SUPPORTED_STIX_DOMAIN_OBJECTS  # entities
+    SUPPORTED_STIX_ENTITY_OBJECTS  # entities
     + list(STIX_CYBER_OBSERVABLE_MAPPING.keys())  # observables
     + ["relationship", "sighting"]  # relationships
 )
 def is_id_supported(key):
-    id_type = key.split("--")[0]
-    return id_type in supported_types
+    if "--" in key:
+        id_type = key.split("--")[0]
+        return id_type in supported_types
+    # If not a stix id, don't try to filter
+    return True
 class OpenCTIStix2Splitter:
@@ -31,6 +36,18 @@ class OpenCTIStix2Splitter:
         self.cache_refs = {}
         self.elements = []
+    def get_internal_ids_in_extension(self, item):
+        ids = []
+        if item.get("x_opencti_id"):
+            ids.append(item["x_opencti_id"])
+        if (
+            item.get("extensions")
+            and item["extensions"].get(OPENCTI_EXTENSION)
+            and item["extensions"].get(OPENCTI_EXTENSION).get("id")
+        ):
+            ids.append(item["extensions"][OPENCTI_EXTENSION]["id"])
+        return ids
     def enlist_element(
         self, item_id, raw_data, cleanup_inconsistent_bundle, parent_acc
     ):
@@ -173,6 +190,8 @@ class OpenCTIStix2Splitter:
             if is_compatible:
                 self.elements.append(item)
             self.cache_index[item_id] = item
+            for internal_id in self.get_internal_ids_in_extension(item):
+                self.cache_index[internal_id] = item
         return nb_deps
@@ -202,6 +221,8 @@ class OpenCTIStix2Splitter:
         # Build flat list of elements
         for item in bundle_data["objects"]:
             raw_data[item["id"]] = item
+            for internal_id in self.get_internal_ids_in_extension(item):
+                raw_data[internal_id] = item
         for item in bundle_data["objects"]:
             self.enlist_element(item["id"], raw_data, cleanup_inconsistent_bundle, [])

{pycti-6.3.2 → pycti-6.3.4}/pycti/utils/opencti_stix2_utils.py RENAMED Viewed

@@ -2,44 +2,49 @@ from typing import Any, Dict
 from stix2 import EqualityComparisonExpression, ObjectPath, ObservationExpression
-SUPPORTED_STIX_DOMAIN_OBJECTS = [
-    "marking-definition",
+SUPPORTED_STIX_ENTITY_OBJECTS = [
     "attack-pattern",
     "campaign",
-    "channel",
-    "event",
-    "note",
-    "observed-data",
-    "opinion",
-    "report",
-    "grouping",
+    "case-incident",
+    "x-opencti-case-incident",
     "case-rfi",
     "x-opencti-case-rfi",
     "case-rft",
     "x-opencti-case-rft",
-    "task",
-    "x-opencti-task",
-    "case-incident",
-    "x-opencti-case-incident",
-    "feedback",
-    "x-opencti-feedback",
+    "channel",
     "course-of-action",
     "data-component",
     "x-mitre-data-component",
     "data-source",
     "x-mitre-data-source",
+    "event",
+    "external-reference",
+    "feedback",
+    "x-opencti-feedback",
+    "grouping",
     "identity",
+    "incident",
     "indicator",
     "infrastructure",
     "intrusion-set",
+    "kill-chain-phase",
+    "label",
+    "language",
     "location",
     "malware",
     "malware-analysis",
+    "marking-definition",
+    "narrative",
+    "note",
+    "observed-data",
+    "opinion",
+    "report",
+    "task",
+    "x-opencti-task",
     "threat-actor",
     "tool",
-    "narrative",
+    "vocabulary",
     "vulnerability",
-    "incident",
 ]
 STIX_CYBER_OBSERVABLE_MAPPING = {
@@ -74,6 +79,8 @@ STIX_CYBER_OBSERVABLE_MAPPING = {
     "tracking-number": "Tracking-Number",
     "payment-card": "Payment-Card",
     "media-content": "Media-Content",
+    "simple-observable": "Simple-Observable",
+    "persona": "Persona",
 }
 PATTERN_MAPPING = {

{pycti-6.3.2 → pycti-6.3.4}/pycti.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pycti
-Version: 6.3.2
+Version: 6.3.4
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran