pycti 6.5.11__py3-none-any.whl → 6.6.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pycti might be problematic. Click here for more details.

Files changed (15) hide show
  1. pycti/__init__.py +13 -1
  2. pycti/api/opencti_api_client.py +13 -0
  3. pycti/connector/opencti_connector_helper.py +24 -6
  4. pycti/entities/opencti_capability.py +52 -0
  5. pycti/entities/opencti_group.py +716 -0
  6. pycti/entities/opencti_indicator.py +6 -0
  7. pycti/entities/opencti_role.py +408 -0
  8. pycti/entities/opencti_settings.py +385 -0
  9. pycti/entities/opencti_user.py +803 -0
  10. pycti/utils/opencti_stix2.py +90 -22
  11. {pycti-6.5.11.dist-info → pycti-6.6.1.dist-info}/METADATA +1 -1
  12. {pycti-6.5.11.dist-info → pycti-6.6.1.dist-info}/RECORD +15 -10
  13. {pycti-6.5.11.dist-info → pycti-6.6.1.dist-info}/WHEEL +0 -0
  14. {pycti-6.5.11.dist-info → pycti-6.6.1.dist-info}/licenses/LICENSE +0 -0
  15. {pycti-6.5.11.dist-info → pycti-6.6.1.dist-info}/top_level.txt +0 -0
pycti/utils/opencti_stix2.py CHANGED
@@ -40,6 +40,7 @@ SPEC_VERSION = "2.1"
40
40
  ERROR_TYPE_LOCK = "LOCK_ERROR"
41
41
  ERROR_TYPE_MISSING_REFERENCE = "MISSING_REFERENCE_ERROR"
42
42
  ERROR_TYPE_BAD_GATEWAY = "Bad Gateway"
43
+ ERROR_TYPE_DRAFT_LOCK = "DRAFT_LOCKED"
43
44
  ERROR_TYPE_TIMEOUT = "Request timed out"
44
45
 
45
46
  # Extensions
@@ -2407,18 +2408,77 @@ class OpenCTIStix2:
2407
2408
 
2408
2409
  return bundle
2409
2410
 
2411
+ def apply_patch_files(self, item):
2412
+ field_patch = self.opencti.get_attribute_in_extension(
2413
+ "opencti_field_patch", item
2414
+ )
2415
+ if field_patch is None:
2416
+ field_patch = item["opencti_field_patch"]
2417
+ field_patch_files = next(
2418
+ (op for op in field_patch if op["key"] == "x_opencti_files"), None
2419
+ )
2420
+ do_add_file = self.opencti.stix_domain_object.add_file
2421
+ if StixCyberObservableTypes.has_value(item["type"]):
2422
+ do_add_file = self.opencti.stix_cyber_observable.add_file
2423
+ elif item["type"] == "external-reference":
2424
+ do_add_file = self.opencti.external_reference.add_file
2425
+ if field_patch_files is not None:
2426
+ for file in field_patch_files["value"]:
2427
+ if "data" in file:
2428
+ do_add_file(
2429
+ id=item["id"],
2430
+ file_name=file["name"],
2431
+ version=file.get("version", None),
2432
+ data=base64.b64decode(file["data"]),
2433
+ fileMarkings=file.get("object_marking_refs", None),
2434
+ mime_type=file.get("mime_type", None),
2435
+ no_trigger_import=file.get("no_trigger_import", False),
2436
+ )
2437
+
2410
2438
  def apply_patch(self, item):
2411
- input = item["opencti_field_patch"]
2412
- if item["type"] == "relationship":
2413
- self.opencti.stix_core_relationship.update_field(id=item["id"], input=input)
2414
- elif item["type"] == "sighting":
2415
- self.opencti.stix_sighting_relationship.update_field(
2416
- id=item["id"], input=input
2417
- )
2418
- elif StixCyberObservableTypes.has_value(item["type"]):
2419
- self.opencti.stix_cyber_observable.update_field(id=item["id"], input=input)
2439
+ field_patch = self.opencti.get_attribute_in_extension(
2440
+ "opencti_field_patch", item
2441
+ )
2442
+ if field_patch is None:
2443
+ field_patch = item["opencti_field_patch"]
2444
+ field_patch_without_files = [
2445
+ op for op in field_patch if op["key"] != "x_opencti_files"
2446
+ ]
2447
+ if len(field_patch_without_files) > 0:
2448
+ if item["type"] == "relationship":
2449
+ self.opencti.stix_core_relationship.update_field(
2450
+ id=item["id"], input=field_patch_without_files
2451
+ )
2452
+ elif item["type"] == "sighting":
2453
+ self.opencti.stix_sighting_relationship.update_field(
2454
+ id=item["id"], input=field_patch_without_files
2455
+ )
2456
+ elif StixCyberObservableTypes.has_value(item["type"]):
2457
+ self.opencti.stix_cyber_observable.update_field(
2458
+ id=item["id"], input=field_patch_without_files
2459
+ )
2460
+ elif item["type"] == "external-reference":
2461
+ self.opencti.external_reference.update_field(
2462
+ id=item["id"], input=field_patch_without_files
2463
+ )
2464
+ else:
2465
+ self.opencti.stix_domain_object.update_field(
2466
+ id=item["id"], input=field_patch_without_files
2467
+ )
2468
+ self.apply_patch_files(item)
2469
+
2470
+ def apply_opencti_operation(self, item, operation):
2471
+ if operation == "delete":
2472
+ delete_id = item["id"]
2473
+ self.opencti.stix.delete(id=delete_id)
2474
+ elif operation == "merge":
2475
+ target_id = item["merge_target_id"]
2476
+ source_ids = item["merge_source_ids"]
2477
+ self.opencti.stix.merge(id=target_id, object_ids=source_ids)
2478
+ elif operation == "patch":
2479
+ self.apply_patch(item=item)
2420
2480
  else:
2421
- self.opencti.stix_domain_object.update_field(id=item["id"], input=input)
2481
+ raise ValueError("Not supported opencti_operation")
2422
2482
 
2423
2483
  def import_item(
2424
2484
  self,
@@ -2431,18 +2491,13 @@ class OpenCTIStix2:
2431
2491
  worker_logger = self.opencti.logger_class("worker")
2432
2492
  try:
2433
2493
  self.opencti.set_retry_number(processing_count)
2434
- if "opencti_operation" in item:
2435
- if item["opencti_operation"] == "delete":
2436
- delete_id = item["id"]
2437
- self.opencti.stix.delete(id=delete_id)
2438
- elif item["opencti_operation"] == "merge":
2439
- target_id = item["merge_target_id"]
2440
- source_ids = item["merge_source_ids"]
2441
- self.opencti.stix.merge(id=target_id, object_ids=source_ids)
2442
- elif item["opencti_operation"] == "patch":
2443
- self.apply_patch(item=item)
2444
- else:
2445
- raise ValueError("Not supported opencti_operation")
2494
+ opencti_operation = self.opencti.get_attribute_in_extension(
2495
+ "opencti_operation", item
2496
+ )
2497
+ if opencti_operation is not None:
2498
+ self.apply_opencti_operation(item, opencti_operation)
2499
+ elif "opencti_operation" in item:
2500
+ self.apply_opencti_operation(item, item["opencti_operation"])
2446
2501
  elif item["type"] == "relationship":
2447
2502
  # Import relationship
2448
2503
  self.import_relationship(item, update, types)
@@ -2621,6 +2676,19 @@ class OpenCTIStix2:
2621
2676
  return self.import_item(
2622
2677
  item, update, types, processing_count + 1, work_id
2623
2678
  )
2679
+ # A draft lock error occurs
2680
+ elif ERROR_TYPE_DRAFT_LOCK in error_msg:
2681
+ bundles_technical_error_counter.add(1)
2682
+ if work_id is not None:
2683
+ self.opencti.work.api.set_draft_id("")
2684
+ self.opencti.work.report_expectation(
2685
+ work_id,
2686
+ {
2687
+ "error": error,
2688
+ "source": "Draft in read only",
2689
+ },
2690
+ )
2691
+ return False
2624
2692
  # Platform does not know what to do and raises an error:
2625
2693
  # That also works for missing reference with too much execution
2626
2694
  else:
{pycti-6.5.11.dist-info → pycti-6.6.1.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: pycti
3
- Version: 6.5.11
3
+ Version: 6.6.1
4
4
  Summary: Python API client for OpenCTI.
5
5
  Home-page: https://github.com/OpenCTI-Platform/client-python
6
6
  Author: Filigran
{pycti-6.5.11.dist-info → pycti-6.6.1.dist-info}/RECORD RENAMED
@@ -1,16 +1,17 @@
1
- pycti/__init__.py,sha256=JNwV6ItYqfE23jEOzRbt0Txjfcj286tCyATTf_1U9sE,5219
1
+ pycti/__init__.py,sha256=0E2jc4ywYDuvV6jNy8PqYifMGETvsXhcGxt8DVDVZYw,5538
2
2
  pycti/api/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
3
- pycti/api/opencti_api_client.py,sha256=3_opNMGfx90QNMw4_ULQEKazsblLYBtJLVaTHo2_I9A,32846
3
+ pycti/api/opencti_api_client.py,sha256=Q9qiHyv-qXtA4z9Dut40nCNF32IzT6wQy9kqbBLbas0,33356
4
4
  pycti/api/opencti_api_connector.py,sha256=8xwHuLINP3ZCImzE9_K_iCR9QEA3K6aHpK4bJhcZf20,5582
5
5
  pycti/api/opencti_api_playbook.py,sha256=456We78vESukfSOi_CctfZ9dbBJEi76EHClRc2f21Js,1628
6
6
  pycti/api/opencti_api_work.py,sha256=qIRJMCfyC9odXf7LMRg9ImYizqF2WHUOU7Ty5IUFGg8,8351
7
7
  pycti/connector/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
8
8
  pycti/connector/opencti_connector.py,sha256=8lCZFvcA9-S1x6vFl756hgWAlzKfrnq-C4AIdDJr-Kg,2715
9
- pycti/connector/opencti_connector_helper.py,sha256=GlWxo2npQjg2R3Ey2WRqLp3M2DtKPNL71we0tUap6P4,87795
9
+ pycti/connector/opencti_connector_helper.py,sha256=O1HFLQVoJcN3vxhZ7bZ-50kVFst4FjR5sCFV6QnCuYA,88453
10
10
  pycti/connector/opencti_metric_handler.py,sha256=4jXHeJflomtHjuQ_YU0b36TG7o26vOWbY_jvU8Ezobs,3725
11
11
  pycti/entities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
12
12
  pycti/entities/opencti_attack_pattern.py,sha256=QXJaMMZlnVCxxHGZNGSKPLmHL3TgM08aUIS8SypmIek,22193
13
13
  pycti/entities/opencti_campaign.py,sha256=y2kk95eQxRyE3iu1FJ-RV_hEWCg_XDUgYuWbAyakRx0,17745
14
+ pycti/entities/opencti_capability.py,sha256=mAR3AT__w6ULuAgc4T_QYxDwW9Jz8bsXQ8SDKF2BCL4,1515
14
15
  pycti/entities/opencti_case_incident.py,sha256=6duPTxOPkwRlygH_lF7f34cNe7oOn929w0f48lBu1ag,34397
15
16
  pycti/entities/opencti_case_rfi.py,sha256=v8n2iHFeTZE87tTWtrVyamlUGzZZxWym5upFyaxaFUM,34055
16
17
  pycti/entities/opencti_case_rft.py,sha256=yV9fqNa9juLocJtOtylLM_Nuj4dPSWkTjEmT_89szbY,34946
@@ -21,10 +22,11 @@ pycti/entities/opencti_data_source.py,sha256=abXeSHtBeaViuCqh5sZRZ6PZ_QchPBfUev0
21
22
  pycti/entities/opencti_event.py,sha256=owGBWodcYFfurAq1LxaTSj3JIMXbdvFG4cr-joy-nak,16765
22
23
  pycti/entities/opencti_external_reference.py,sha256=zSsGOUajrTgSG9T0MHUzq-16XalJ0BHHC54RvBaTD48,13524
23
24
  pycti/entities/opencti_feedback.py,sha256=Duu3oXiQcTbJ6Tyk7k8wWt0wTK0U1Dtow1Hhht7tZeo,32376
25
+ pycti/entities/opencti_group.py,sha256=X7NfJ7-0Nwzggh9BqlA0GiKHc7v2PhmJnNQsffAeVA0,26172
24
26
  pycti/entities/opencti_grouping.py,sha256=WPLIt3dB4jMFkai4sDxaUq27VxjouOP1FT6LJQ8td2E,30235
25
27
  pycti/entities/opencti_identity.py,sha256=trQsvyzc2kIoZcZQn5GMQmutCNt7qRt39twg1EmWD2o,23759
26
28
  pycti/entities/opencti_incident.py,sha256=OFWUX1mtQ2lM2f15DU6FlriTZ9bXkb3Ql7oLCVLEmFk,18632
27
- pycti/entities/opencti_indicator.py,sha256=h_WW5OXTkvTJx_Iq8pXvkGZKSUH1ccti1q-WaZjKBCo,21180
29
+ pycti/entities/opencti_indicator.py,sha256=BcfuS9zfdjDEtbW_nKGLU_nK9KCnObsLnQiEONqvTRM,21444
28
30
  pycti/entities/opencti_infrastructure.py,sha256=TXnofpQskioYSKAhVzH5bj17aWk2y7rsmlG57uhoxK4,19997
29
31
  pycti/entities/opencti_intrusion_set.py,sha256=2vIk2jfvrTL8H83UkpdpHwax_DYhO4lUAAlz_Ec1N3k,19023
30
32
  pycti/entities/opencti_kill_chain_phase.py,sha256=acNzuFdxhwI_8fvZOTEHhP8fC6EGY_r6jcKpA-nKa8Q,7991
@@ -39,6 +41,8 @@ pycti/entities/opencti_note.py,sha256=QHmA-067V1kXdgWpQD3m_GtSyv7Y5d-MqpQ-PIur7O
39
41
  pycti/entities/opencti_observed_data.py,sha256=va8frxFZfHVGR6vgmcZpB8blATmQ-zXhy4bQEsfwAp8,31043
40
42
  pycti/entities/opencti_opinion.py,sha256=SHD6oepJYF7dS5yorbaEilRdnasWmjDGcnAxHZnGdfk,22459
41
43
  pycti/entities/opencti_report.py,sha256=LY2wB6zcdchBD8URYoNqGWENMqnalOrmxoNKz306EDM,35303
44
+ pycti/entities/opencti_role.py,sha256=ryfPmZ_ch2sRGgqEr6_qxChTcGoeqvHW0MvlGHkLgdw,14039
45
+ pycti/entities/opencti_settings.py,sha256=3dArFaPPdcFTV44uGRffjHpnDE-MKIXgd496QZcH6Bw,13547
42
46
  pycti/entities/opencti_stix.py,sha256=uMheSg8i1f2Ozx2Mk0iShWzHHjj6MMWDtV5nDjVxKEE,2275
43
47
  pycti/entities/opencti_stix_core_object.py,sha256=eyhsNAWaQO5X55Wn91b21j_d6bydBxfN29s2eQHrXkI,51639
44
48
  pycti/entities/opencti_stix_core_relationship.py,sha256=Ab3jJhhpmGFSTA4GaC11XoAsuUnujDCc8zSvwRUEwiQ,44742
@@ -52,6 +56,7 @@ pycti/entities/opencti_threat_actor.py,sha256=vFPeo0pOYSqHBKVlWc4o8RjuP2PP0A09KW
52
56
  pycti/entities/opencti_threat_actor_group.py,sha256=ANvs1C_ugpYv_jNwW9mOwn4jXKTmkV7tL5wdPgt3PXA,20661
53
57
  pycti/entities/opencti_threat_actor_individual.py,sha256=i41YIdC7Mc5qMzdYmzItI1qVdDqngqsA1kMWGngRDGo,21011
54
58
  pycti/entities/opencti_tool.py,sha256=YbOp0Ur5Do7ToLzfIKGX-MtlBQf-Dt9Qtgk1lI9Q7aU,15295
59
+ pycti/entities/opencti_user.py,sha256=zJKhJCvC2N5-3E92uFad2CwiQhCWVAHYrgomzqBwD-s,29735
55
60
  pycti/entities/opencti_vocabulary.py,sha256=xupdHJ6TznCmvI3sVYU261SnfblSNc1nwg19MG9yrao,6499
56
61
  pycti/entities/opencti_vulnerability.py,sha256=ssMH7EB7WC--Nv2bq-D-_wLBGXMgP3ZLK-X8SslpVJQ,22614
57
62
  pycti/entities/indicator/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -62,13 +67,13 @@ pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py
62
67
  pycti/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
63
68
  pycti/utils/constants.py,sha256=zlt4nPytB-PIVd91X0RGh3bY6qWcCOn3hnuM9TuDWEw,11829
64
69
  pycti/utils/opencti_logger.py,sha256=BHNy9fJuTUTn_JEYSCmyvVwd6y-9ZJKxO40mY4iZ0bc,2226
65
- pycti/utils/opencti_stix2.py,sha256=pUx1Oglb1EnREheMzmJBrmRS17vGnZzF8PCmB-pjNM0,117680
70
+ pycti/utils/opencti_stix2.py,sha256=pVzQpDNe3A0ZTBJjVa5oBKAh9j6hyJG7GdpB0Rj5KWg,120589
66
71
  pycti/utils/opencti_stix2_identifier.py,sha256=k8L1z4q1xdCBfxqUba4YS_kT-MmbJFxYh0RvfGOmrOs,837
67
72
  pycti/utils/opencti_stix2_splitter.py,sha256=etnAWMDzNi2JCovSUJ5Td-XLVdzgKRdsV1XfpXOGols,11070
68
73
  pycti/utils/opencti_stix2_update.py,sha256=CnMyqkeVA0jgyxEcgqna8sABU4YPMjkEJ228GVurIn4,14658
69
74
  pycti/utils/opencti_stix2_utils.py,sha256=xgBZzm7HC76rLQYwTKkaUd_w9jJnVMoryHx7KDDIB_g,5065
70
- pycti-6.5.11.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
71
- pycti-6.5.11.dist-info/METADATA,sha256=BzaGtd1tfiCVUSo2K1bwFgZ_EHedIeI0AmhgFKizWdk,5565
72
- pycti-6.5.11.dist-info/WHEEL,sha256=CmyFI0kx5cdEMTLiONQRbGQwjIoR1aIYB7eCAQ4KPJ0,91
73
- pycti-6.5.11.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
74
- pycti-6.5.11.dist-info/RECORD,,
75
+ pycti-6.6.1.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
76
+ pycti-6.6.1.dist-info/METADATA,sha256=fknOiej3wY0piWNg4chO_2IcZhmZxOMzM2HFAPpjnfs,5564
77
+ pycti-6.6.1.dist-info/WHEEL,sha256=CmyFI0kx5cdEMTLiONQRbGQwjIoR1aIYB7eCAQ4KPJ0,91
78
+ pycti-6.6.1.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
79
+ pycti-6.6.1.dist-info/RECORD,,
{pycti-6.5.11.dist-info → pycti-6.6.1.dist-info}/WHEEL RENAMED
File without changes