pycti 6.5.0__py3-none-any.whl → 6.5.2__py3-none-any.whl

pycti/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.5.0"
+__version__ = "6.5.2"
 
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector

pycti/api/opencti_api_client.py

@@ -3,7 +3,7 @@ import base64
 import datetime
 import io
 import json
-from typing import Union
+from typing import Dict, Tuple, Union
 
 import magic
 import requests
@@ -83,13 +83,13 @@ class OpenCTIApiClient:
     :param log_level: log level for the client
     :type log_level: str, optional
     :param ssl_verify: Requiring the requests to verify the TLS certificate at the server.
-    :type ssl_verify: bool, optional
+    :type ssl_verify: bool, str, optional
     :param proxies:
     :type proxies: dict, optional, The proxy configuration, would have `http` and `https` attributes. Defaults to {}
         ```
         proxies: {
-            "http: "http://my_proxy:8080"
-            "https: "http://my_proxy:8080"
+            "http": "http://my_proxy:8080"
+            "https": "http://my_proxy:8080"
         }
         ```
     :param json_logging: format the logs as json if set to True
@@ -102,14 +102,14 @@ class OpenCTIApiClient:
 
     def __init__(
         self,
-        url,
-        token,
+        url: str,
+        token: str,
         log_level="info",
-        ssl_verify=False,
-        proxies=None,
+        ssl_verify: Union[bool, str] = False,
+        proxies: Union[Dict[str, str], None] = None,
         json_logging=False,
         bundle_send_to_queue=True,
-        cert=None,
+        cert: Union[str, Tuple[str, str], None] = None,
         auth=None,
         perform_health_check=True,
     ):
@@ -712,12 +712,13 @@ class OpenCTIApiClient:
         data = kwargs.get("data", None)
         mime_type = kwargs.get("mime_type", "text/plain")
         entity_id = kwargs.get("entity_id", None)
+        file_markings = kwargs.get("file_markings", [])
 
         if file_name is not None:
             self.app_logger.info("Uploading a file.")
             query = """
-                    mutation UploadPending($file: Upload!, $entityId: String) {
-                        uploadPending(file: $file, entityId: $entityId) {
+                    mutation UploadPending($file: Upload!, $entityId: String, $file_markings: [String!]) {
+                        uploadPending(file: $file, entityId: $entityId, file_markings: $file_markings) {
                             id
                             name
                         }
@@ -731,7 +732,11 @@ class OpenCTIApiClient:
                     mime_type = magic.from_file(file_name, mime=True)
             return self.query(
                 query,
-                {"file": (File(file_name, data, mime_type)), "entityId": entity_id},
+                {
+                    "file": (File(file_name, data, mime_type)),
+                    "entityId": entity_id,
+                    "file_markings": file_markings,
+                },
             )
         else:
             self.app_logger.error("[upload] Missing parameter: file_name")

pycti/api/opencti_api_work.py

@@ -82,6 +82,24 @@ class OpenCTIApiWork:
             except:
                 self.api.app_logger.error("Cannot report expectation")
 
+    def add_draft_context(self, work_id: str, draft_context: str):
+        if self.api.bundle_send_to_queue:
+            self.api.app_logger.info(
+                "Update draft context",
+                {"work_id": work_id, "draft_context": draft_context},
+            )
+            query = """
+                mutation addDraftContext($id: ID!, $draftContext: String) {
+                    workEdit(id: $id) {
+                        addDraftContext(draftContext: $draftContext)
+                    }
+                }
+               """
+            try:
+                self.api.query(query, {"id": work_id, "draftContext": draft_context})
+            except:
+                self.api.app_logger.error("Cannot report draft context")
+
     def initiate_work(self, connector_id: str, friendly_name: str) -> str:
         if self.api.bundle_send_to_queue:
             self.api.app_logger.info("Initiate work", {"connector_id": connector_id})

pycti/connector/opencti_connector_helper.py

@@ -769,6 +769,9 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
     def __init__(self, config: Dict, playbook_compatible=False) -> None:
         sys.excepthook = killProgramHook
 
+        # Cache
+        self.stream_collections = {}
+
         # Load API config
         self.config = config
         self.opencti_url = get_config_variable(
@@ -1063,6 +1066,9 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
                     "stream_live": True,
                     "stream_public": False,
                 }
+            # Get from cache
+            elif self.connect_live_stream_id in self.stream_collections:
+                return self.stream_collections[self.connect_live_stream_id]
             else:
                 query = """
                     query StreamCollection($id: String!) {
@@ -1076,6 +1082,10 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
                     }
                 """
                 result = self.api.query(query, {"id": self.connect_live_stream_id})
+                # Put in cache
+                self.stream_collections[self.connect_live_stream_id] = result["data"][
+                    "streamCollection"
+                ]
                 return result["data"]["streamCollection"]
         else:
             raise ValueError("This connector is not connected to any stream")
@@ -1581,6 +1591,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         event_version = kwargs.get("event_version", None)
         bypass_validation = kwargs.get("bypass_validation", False)
         entity_id = kwargs.get("entity_id", None)
+        file_markings = kwargs.get("file_markings", None)
         file_name = kwargs.get("file_name", None)
         bundle_send_to_queue = kwargs.get("send_to_queue", self.bundle_send_to_queue)
         cleanup_inconsistent_bundle = kwargs.get("cleanup_inconsistent_bundle", False)
@@ -1648,6 +1659,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
                     data=bundle,
                     mime_type="application/json",
                     entity_id=entity_id,
+                    file_markings=file_markings,
                 )
                 return []
             elif validation_mode == "draft" and not draft_id:
@@ -1732,6 +1744,8 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         if bundle_send_to_queue:
             if work_id:
                 self.api.work.add_expectations(work_id, expectations_number)
+                if draft_id:
+                    self.api.work.add_draft_context(work_id, draft_id)
             if entities_types is None:
                 entities_types = []
             if self.queue_protocol == "amqp":

pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_deprecated.py

@@ -3,7 +3,7 @@ import deprecation
 
 class StixCyberObservableDeprecatedMixin:
     """
-    deprecated [>=6.2 & <6.5]`
+    deprecated [>=6.2 & <6.8]`
     Promote a Stix-Observable to an Indicator
 
     :param id: the Stix-Observable id

pycti/utils/opencti_logger.py

@@ -1,5 +1,5 @@
-import datetime
 import logging
+from datetime import datetime, timezone
 
 from pythonjsonlogger import jsonlogger
 
@@ -9,8 +9,8 @@ class CustomJsonFormatter(jsonlogger.JsonFormatter):
         super(CustomJsonFormatter, self).add_fields(log_record, record, message_dict)
         if not log_record.get("timestamp"):
             # This doesn't use record.created, so it is slightly off
-            now = datetime.datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%fZ")
-            log_record["timestamp"] = now
+            now = datetime.now(tz=timezone.utc)
+            log_record["timestamp"] = now.strftime("%Y-%m-%dT%H:%M:%S.%fZ")
         if log_record.get("level"):
             log_record["level"] = log_record["level"].upper()
         else:

pycti/utils/opencti_stix2.py

@@ -2407,6 +2407,19 @@ class OpenCTIStix2:
 
         return bundle
 
+    def apply_patch(self, item):
+        input = item["opencti_field_patch"]
+        if item["type"] == "relationship":
+            self.opencti.stix_core_relationship.update_field(id=item["id"], input=input)
+        elif item["type"] == "sighting":
+            self.opencti.stix_sighting_relationship.update_field(
+                id=item["id"], input=input
+            )
+        elif StixCyberObservableTypes.has_value(item["type"]):
+            self.opencti.stix_cyber_observable.update_field(id=item["id"], input=input)
+        else:
+            self.opencti.stix_domain_object.update_field(id=item["id"], input=input)
+
     def import_item(
         self,
         item,
@@ -2426,6 +2439,8 @@ class OpenCTIStix2:
                     target_id = item["merge_target_id"]
                     source_ids = item["merge_source_ids"]
                     self.opencti.stix.merge(id=target_id, object_ids=source_ids)
+                elif item["opencti_operation"] == "patch":
+                    self.apply_patch(item=item)
                 else:
                     raise ValueError("Not supported opencti_operation")
             elif item["type"] == "relationship":

{pycti-6.5.0.dist-info → pycti-6.5.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: pycti
-Version: 6.5.0
+Version: 6.5.2
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran
@@ -40,8 +40,8 @@ Requires-Dist: stix2~=3.0.1
 Provides-Extra: dev
 Requires-Dist: black~=24.4.0; extra == "dev"
 Requires-Dist: build~=1.2.1; extra == "dev"
-Requires-Dist: isort~=5.13.0; extra == "dev"
-Requires-Dist: types-pytz~=2024.2.0.20241221; extra == "dev"
+Requires-Dist: isort~=6.0.0; extra == "dev"
+Requires-Dist: types-pytz~=2025.1.0.20250204; extra == "dev"
 Requires-Dist: pre-commit~=3.8.0; extra == "dev"
 Requires-Dist: pytest-cases~=3.8.0; extra == "dev"
 Requires-Dist: pytest-cov~=5.0.0; extra == "dev"

{pycti-6.5.0.dist-info → pycti-6.5.2.dist-info}/RECORD

@@ -1,12 +1,12 @@
-pycti/__init__.py,sha256=nb50J5QFy0XAEMlG0_I8V8vArmUilQt29UORF9rxK1c,5218
+pycti/__init__.py,sha256=vuINZwJahwqFmxz7ZhxCxVAk8eEKHZO6_pveLWsEQ3U,5218
 pycti/api/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pycti/api/opencti_api_client.py,sha256=OBXRNBbkYsbgqjxeY5iltHXIDeWqpFN3-SKsinkr66U,32402
+pycti/api/opencti_api_client.py,sha256=6TKvtgAk0iYQL2RaLTUV6cxCBefEgwmlL_iVHgzf_ow,32745
 pycti/api/opencti_api_connector.py,sha256=ubM_zPjTD8L33TEugCQgf_YF9zugDFg_7FgNubGlwJw,5447
 pycti/api/opencti_api_playbook.py,sha256=456We78vESukfSOi_CctfZ9dbBJEi76EHClRc2f21Js,1628
-pycti/api/opencti_api_work.py,sha256=JLfl7oy6Cq9IrYW_kUrqwzN46FoVzyIn1JJQKyK0h_w,7615
+pycti/api/opencti_api_work.py,sha256=qIRJMCfyC9odXf7LMRg9ImYizqF2WHUOU7Ty5IUFGg8,8351
 pycti/connector/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/connector/opencti_connector.py,sha256=5oVvS27KWhzRiofJAeQPDtba-EP83FziSistyEd5l-U,2561
-pycti/connector/opencti_connector_helper.py,sha256=b-6ymDF3e4pfVxRhB13vj8Vwzo3h2TcV1iud6pPrKOk,80672
+pycti/connector/opencti_connector_helper.py,sha256=ee8Ej43Ox9W7G44PEfHNGZuU_NmBVNl7dE3V3BzE4sE,81286
 pycti/connector/opencti_metric_handler.py,sha256=4jXHeJflomtHjuQ_YU0b36TG7o26vOWbY_jvU8Ezobs,3725
 pycti/entities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/entities/opencti_attack_pattern.py,sha256=rj3o2bFCoXniLmD9Ithi09S9Us8ab1G-GFLgqS8jll0,22237
@@ -57,18 +57,18 @@ pycti/entities/opencti_vulnerability.py,sha256=PxlfRKrwmkqU5E8o8WF04YRXJtCxBu5QB
 pycti/entities/indicator/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/entities/indicator/opencti_indicator_properties.py,sha256=8X8YkCshM0gkHc9sQZ_WSNvVxOA4aTJmLta8ZG93HOU,5087
 pycti/entities/stix_cyber_observable/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_deprecated.py,sha256=BH65h6xBz7naG61t5nvBdhnGYnobNuiUZf8CJC4-nnc,1847
+pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_deprecated.py,sha256=q-2G6OOqvUC1U2hSKxD8uT5T18M_IDkl72Tn1KoumQI,1847
 pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py,sha256=MN56CW8RWZwB0Pr8UiHZy_4nSzbgFbwdhSFKpsZ_d1Y,11293
 pycti/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/utils/constants.py,sha256=ZgOVxY5bnrHiNvPgOfZLWk16sSDnaE_tg8JVjZpw24Q,11831
-pycti/utils/opencti_logger.py,sha256=0dvB75V0SuPFGxL539dAQrxTt1N5Acx0A3Ogwl5WMJ8,2199
-pycti/utils/opencti_stix2.py,sha256=1b63TSl3ImiKkSJQKhNgqrUbMRIEc-o2_1GQ1G-Y5bY,116949
+pycti/utils/opencti_logger.py,sha256=BHNy9fJuTUTn_JEYSCmyvVwd6y-9ZJKxO40mY4iZ0bc,2226
+pycti/utils/opencti_stix2.py,sha256=pUx1Oglb1EnREheMzmJBrmRS17vGnZzF8PCmB-pjNM0,117680
 pycti/utils/opencti_stix2_identifier.py,sha256=k8L1z4q1xdCBfxqUba4YS_kT-MmbJFxYh0RvfGOmrOs,837
 pycti/utils/opencti_stix2_splitter.py,sha256=etnAWMDzNi2JCovSUJ5Td-XLVdzgKRdsV1XfpXOGols,11070
 pycti/utils/opencti_stix2_update.py,sha256=CnMyqkeVA0jgyxEcgqna8sABU4YPMjkEJ228GVurIn4,14658
 pycti/utils/opencti_stix2_utils.py,sha256=xgBZzm7HC76rLQYwTKkaUd_w9jJnVMoryHx7KDDIB_g,5065
-pycti-6.5.0.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-pycti-6.5.0.dist-info/METADATA,sha256=TcX9lETk9rErFrgsy_g5cLqE2uvnc2T58bWc6EHaXNc,5419
-pycti-6.5.0.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
-pycti-6.5.0.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
-pycti-6.5.0.dist-info/RECORD,,
+pycti-6.5.2.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+pycti-6.5.2.dist-info/METADATA,sha256=t7YyxQyOxdyFCqF7DF_iWCG9XK-Hj8vMWuB9vHvrRlQ,5418
+pycti-6.5.2.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
+pycti-6.5.2.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
+pycti-6.5.2.dist-info/RECORD,,