pycti 6.6.11__py3-none-any.whl → 6.6.15__py3-none-any.whl

pycti/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.6.11"
+__version__ = "6.6.15"
 
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector
@@ -65,9 +65,11 @@ from .utils.constants import (
     CustomObservableBankAccount,
     CustomObservableCredential,
     CustomObservableCryptocurrencyWallet,
+    CustomObservableCryptographicKey,
     CustomObservableHostname,
     CustomObservableMediaContent,
     CustomObservablePaymentCard,
+    CustomObservablePersona,
     CustomObservablePhoneNumber,
     CustomObservableText,
     CustomObservableTrackingNumber,
@@ -149,8 +151,10 @@ __all__ = [
     "CustomObservableHostname",
     "CustomObservableUserAgent",
     "CustomObservableBankAccount",
+    "CustomObservableCryptographicKey",
     "CustomObservableCryptocurrencyWallet",
     "CustomObservablePaymentCard",
+    "CustomObservablePersona",
     "CustomObservablePhoneNumber",
     "CustomObservableTrackingNumber",
     "CustomObservableText",

pycti/api/opencti_api_client.py

@@ -264,13 +264,15 @@ class OpenCTIApiClient:
             "" if retry_number is None else str(retry_number)
         )
 
-    def query(self, query, variables=None):
+    def query(self, query, variables=None, disable_impersonate=False):
         """submit a query to the OpenCTI GraphQL API
 
         :param query: GraphQL query string
         :type query: str
         :param variables: GraphQL query variables, defaults to {}
         :type variables: dict, optional
+        :param disable_impersonate: removes impersonate header if set to True, defaults to False
+        :type disable_impersonate: bool, optional
         :return: returns the response json content
         :rtype: Any
         """
@@ -295,6 +297,9 @@ class OpenCTIApiClient:
             else:
                 query_var[key] = val
 
+        query_headers = self.request_headers.copy()
+        if disable_impersonate and "opencti-applicant-id" in query_headers:
+            del query_headers["opencti-applicant-id"]
         # If yes, transform variable (file to null) and create multipart query
         if len(files_vars) > 0:
             multipart_data = {
@@ -361,7 +366,7 @@ class OpenCTIApiClient:
                 self.api_url,
                 data=multipart_data,
                 files=multipart_files,
-                headers=self.request_headers,
+                headers=query_headers,
                 verify=self.ssl_verify,
                 cert=self.cert,
                 proxies=self.proxies,
@@ -372,7 +377,7 @@ class OpenCTIApiClient:
             r = self.session.post(
                 self.api_url,
                 json={"query": query, "variables": variables},
-                headers=self.request_headers,
+                headers=query_headers,
                 verify=self.ssl_verify,
                 cert=self.cert,
                 proxies=self.proxies,

pycti/api/opencti_api_work.py

@@ -20,7 +20,7 @@ class OpenCTIApiWork:
                     }
                 }
                """
-            self.api.query(query, {"id": work_id, "message": message})
+            self.api.query(query, {"id": work_id, "message": message}, True)
 
     def to_processed(self, work_id: str, message: str, in_error: bool = False):
         if self.api.bundle_send_to_queue:
@@ -35,7 +35,7 @@ class OpenCTIApiWork:
                 }
                """
             self.api.query(
-                query, {"id": work_id, "message": message, "inError": in_error}
+                query, {"id": work_id, "message": message, "inError": in_error}, True
             )
 
     def ping(self, work_id: str):
@@ -60,7 +60,7 @@ class OpenCTIApiWork:
                 }
                """
             try:
-                self.api.query(query, {"id": work_id, "error": error})
+                self.api.query(query, {"id": work_id, "error": error}, True)
             except:
                 self.api.app_logger.error("Cannot report expectation")
 
@@ -78,7 +78,9 @@ class OpenCTIApiWork:
                 }
                """
             try:
-                self.api.query(query, {"id": work_id, "expectations": expectations})
+                self.api.query(
+                    query, {"id": work_id, "expectations": expectations}, True
+                )
             except:
                 self.api.app_logger.error("Cannot report expectation")
 
@@ -96,7 +98,9 @@ class OpenCTIApiWork:
                 }
                """
             try:
-                self.api.query(query, {"id": work_id, "draftContext": draft_context})
+                self.api.query(
+                    query, {"id": work_id, "draftContext": draft_context}, True
+                )
             except:
                 self.api.app_logger.error("Cannot report draft context")
 
@@ -111,7 +115,9 @@ class OpenCTIApiWork:
                 }
                """
             work = self.api.query(
-                query, {"connectorId": connector_id, "friendlyName": friendly_name}
+                query,
+                {"connectorId": connector_id, "friendlyName": friendly_name},
+                True,
             )
             return work["data"]["workAdd"]["id"]
 
@@ -122,10 +128,7 @@ class OpenCTIApiWork:
                 delete
             }
         }"""
-        work = self.api.query(
-            query,
-            {"workId": work_id},
-        )
+        work = self.api.query(query, {"workId": work_id}, True)
         return work["data"]
 
     def wait_for_work_to_finish(self, work_id: str):
@@ -179,10 +182,7 @@ class OpenCTIApiWork:
             }
         }
         """
-        result = self.api.query(
-            query,
-            {"id": work_id},
-        )
+        result = self.api.query(query, {"id": work_id}, True)
         return result["data"]["work"]
 
     def get_connector_works(self, connector_id: str) -> List[Dict]:
@@ -243,6 +243,7 @@ class OpenCTIApiWork:
                     "filterGroups": [],
                 },
             },
+            True,
         )
         result = result["data"]["works"]["edges"]
         return_value = []

pycti/entities/opencti_attack_pattern.py

@@ -239,7 +239,7 @@ class AttackPattern:
     @staticmethod
     def generate_id(name, x_mitre_id=None):
         if x_mitre_id is not None:
-            data = {"x_mitre_id": x_mitre_id}
+            data = {"x_mitre_id": x_mitre_id.strip()}
         else:
             data = {"name": name.lower().strip()}
         data = canonicalize(data, utf8=False)

pycti/entities/opencti_indicator.py

@@ -24,7 +24,7 @@ class Indicator:
 
     @staticmethod
     def generate_id(pattern):
-        data = {"pattern": pattern}
+        data = {"pattern": pattern.strip()}
         data = canonicalize(data, utf8=False)
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "indicator--" + id

pycti/entities/opencti_note.py

@@ -457,9 +457,9 @@ class Note:
         if created is not None:
             if isinstance(created, datetime.datetime):
                 created = created.isoformat()
-            data = {"content": content, "created": created}
+            data = {"content": content.strip(), "created": created}
         else:
-            data = {"content": content}
+            data = {"content": content.strip()}
         data = canonicalize(data, utf8=False)
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "note--" + id

pycti/entities/opencti_opinion.py

@@ -227,9 +227,9 @@ class Opinion:
         if created is not None:
             if isinstance(created, datetime.datetime):
                 created = created.isoformat()
-            data = {"opinion": opinion, "created": created}
+            data = {"opinion": opinion.strip(), "created": created}
         else:
-            data = {"opinion": opinion}
+            data = {"opinion": opinion.strip()}
         data = canonicalize(data, utf8=False)
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "opinion--" + id

pycti/entities/opencti_stix_cyber_observable.py

@@ -747,6 +747,16 @@ class StixCyberObservable(StixCyberObservableDeprecatedMixin):
                         if "dst_port" in observable_data
                         else None
                     ),
+                    "networkSrc": (
+                        observable_data["src_ref"]
+                        if "src_ref" in observable_data
+                        else None
+                    ),
+                    "networkDst": (
+                        observable_data["dst_ref"]
+                        if "dst_ref" in observable_data
+                        else None
+                    ),
                     "protocols": (
                         observable_data["protocols"]
                         if "protocols" in observable_data

pycti/utils/constants.py

@@ -453,3 +453,44 @@ class CustomObservableMediaContent:
     """Media-Content observable."""
 
     pass
+
+
+@CustomObservable(
+    "persona",
+    [
+        ("persona_name", StringProperty(required=True)),
+        ("persona_type", StringProperty(required=True)),
+        ("spec_version", StringProperty(fixed="2.1")),
+        (
+            "object_marking_refs",
+            ListProperty(
+                ReferenceProperty(valid_types="marking-definition", spec_version="2.1")
+            ),
+        ),
+    ],
+    ["persona_name", "persona_type"],
+)
+class CustomObservablePersona:
+    """Persona observable."""
+
+    pass
+
+
+@CustomObservable(
+    "cryptographic-key",
+    [
+        ("value", StringProperty(required=True)),
+        ("spec_version", StringProperty(fixed="2.1")),
+        (
+            "object_marking_refs",
+            ListProperty(
+                ReferenceProperty(valid_types="marking-definition", spec_version="2.1")
+            ),
+        ),
+    ],
+    ["value"],
+)
+class CustomObservableCryptographicKey:
+    """Cryptographic-Key observable."""
+
+    pass

{pycti-6.6.11.dist-info → pycti-6.6.15.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pycti
-Version: 6.6.11
+Version: 6.6.15
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran
@@ -53,7 +53,7 @@ Requires-Dist: types-python-dateutil~=2.9.0; extra == "dev"
 Requires-Dist: wheel~=0.45.1; extra == "dev"
 Provides-Extra: doc
 Requires-Dist: autoapi~=2.0.1; extra == "doc"
-Requires-Dist: sphinx-autodoc-typehints~=3.1.0; extra == "doc"
+Requires-Dist: sphinx-autodoc-typehints~=3.2.0; extra == "doc"
 Requires-Dist: sphinx-rtd-theme~=3.0.2; extra == "doc"
 Dynamic: license-file
 

{pycti-6.6.11.dist-info → pycti-6.6.15.dist-info}/RECORD

@@ -1,15 +1,15 @@
-pycti/__init__.py,sha256=QOpKHKU-Lb0LzYXDDpkUKt8QxmTSLvgle6BdIoZhrCo,5539
+pycti/__init__.py,sha256=BHiX31DCegXtP42RaXqDjFXgTcQ-mLrYGmwUwbxTA-k,5677
 pycti/api/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pycti/api/opencti_api_client.py,sha256=MWswVagpg_0giX-XnhfmsTO06UGLIYfsDCAaRavPhds,34225
+pycti/api/opencti_api_client.py,sha256=yV8noIFiy-wtMbJ64KKZ7G7wUFZ10L6tYInmL_fKkMw,34567
 pycti/api/opencti_api_connector.py,sha256=8xwHuLINP3ZCImzE9_K_iCR9QEA3K6aHpK4bJhcZf20,5582
 pycti/api/opencti_api_playbook.py,sha256=456We78vESukfSOi_CctfZ9dbBJEi76EHClRc2f21Js,1628
-pycti/api/opencti_api_work.py,sha256=qIRJMCfyC9odXf7LMRg9ImYizqF2WHUOU7Ty5IUFGg8,8351
+pycti/api/opencti_api_work.py,sha256=V8n8KaLNiOUYTXYE251bC-yHMHiXSR_sf_0jk2RgANY,8456
 pycti/connector/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/connector/opencti_connector.py,sha256=8lCZFvcA9-S1x6vFl756hgWAlzKfrnq-C4AIdDJr-Kg,2715
 pycti/connector/opencti_connector_helper.py,sha256=7LXAEIvEcStXK0tr199EBU4grn-ejf93ogbMU3tiyq8,88534
 pycti/connector/opencti_metric_handler.py,sha256=4jXHeJflomtHjuQ_YU0b36TG7o26vOWbY_jvU8Ezobs,3725
 pycti/entities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pycti/entities/opencti_attack_pattern.py,sha256=IQ238VBSLKhROQRdYrxuJMBEDdbAWe0-xi9DiexbpJ4,22527
+pycti/entities/opencti_attack_pattern.py,sha256=HVfLhtd8rlT42xutRS8qOkDsG5_Ws4EoGfObLW5mQl4,22535
 pycti/entities/opencti_campaign.py,sha256=FIweLdt2oL70m2meamV-9NDheihL8EofjQ6G1oLLqfY,18079
 pycti/entities/opencti_capability.py,sha256=mAR3AT__w6ULuAgc4T_QYxDwW9Jz8bsXQ8SDKF2BCL4,1515
 pycti/entities/opencti_case_incident.py,sha256=N-9fSJawE7cK-AW2mE1wvB3oXjzJrim6G_UIioIAI7M,34731
@@ -26,7 +26,7 @@ pycti/entities/opencti_group.py,sha256=X7NfJ7-0Nwzggh9BqlA0GiKHc7v2PhmJnNQsffAeV
 pycti/entities/opencti_grouping.py,sha256=cjXfgmRma0laGAP5j1oYMtZzVsQxrNvZ0o0-MsToufg,30569
 pycti/entities/opencti_identity.py,sha256=1OveaX1uFOzMPBWbMqK0a_Bz3FT77GzOmanmQALArpg,24093
 pycti/entities/opencti_incident.py,sha256=mQn2PN2enf9CYoM2vFD3f8S2hIZj8pbiBUZOQ4cMT7Q,18966
-pycti/entities/opencti_indicator.py,sha256=BcfuS9zfdjDEtbW_nKGLU_nK9KCnObsLnQiEONqvTRM,21444
+pycti/entities/opencti_indicator.py,sha256=8-ZJRJvHZ387s5CZtSBGCROtZm_5vhJpvIDP8cGVb-8,21452
 pycti/entities/opencti_infrastructure.py,sha256=-vuGCDiwWH60GmLOpUelVDPtvM9XB9DhfGDwM0S2OpI,20331
 pycti/entities/opencti_intrusion_set.py,sha256=Jg-kkh6_kfyUIL6XsRYWg_d7Nejrp9kniJlI-SlAph0,19357
 pycti/entities/opencti_kill_chain_phase.py,sha256=acNzuFdxhwI_8fvZOTEHhP8fC6EGY_r6jcKpA-nKa8Q,7991
@@ -37,16 +37,16 @@ pycti/entities/opencti_malware.py,sha256=dRol60QdZMmxcMLeG48r2fq2-mpplAwQ8K5hhxT
 pycti/entities/opencti_malware_analysis.py,sha256=xC-sF1emTx5ym9Tq_iBTgVn6Rkx6PKZCX7LPdog2GQs,22088
 pycti/entities/opencti_marking_definition.py,sha256=JYNodKOe94a22NbNf8YNI3xhh2q-D-5JuohLMM1njlE,13695
 pycti/entities/opencti_narrative.py,sha256=LtUI2g8Hle3pTGDDopt4evnRlL7ZFVyWH1JC9Z6kjmI,17441
-pycti/entities/opencti_note.py,sha256=ze4tAY-XyCApnBiZl1NDfkOcd2XXXh8AjlyuGjPbWmU,31066
+pycti/entities/opencti_note.py,sha256=MzCGSSNz-UXiiPPYbOASyfCjLr5c6k-I8Fx-HxqU3Z8,31082
 pycti/entities/opencti_observed_data.py,sha256=7k8g2gopNUDKqjUa6PWZH0md9D4juOGOHeUy4q4Pmn8,31377
-pycti/entities/opencti_opinion.py,sha256=cTT0fuzBC9xdFGquwYSK47_Hdm5WW1ZeYFGICuKHKT8,22626
+pycti/entities/opencti_opinion.py,sha256=QwYIcRemOmFVmoVHRnCEUGzSt4NoIHufCU_qh0Djexs,22642
 pycti/entities/opencti_report.py,sha256=LY2wB6zcdchBD8URYoNqGWENMqnalOrmxoNKz306EDM,35303
 pycti/entities/opencti_role.py,sha256=ryfPmZ_ch2sRGgqEr6_qxChTcGoeqvHW0MvlGHkLgdw,14039
 pycti/entities/opencti_settings.py,sha256=3dArFaPPdcFTV44uGRffjHpnDE-MKIXgd496QZcH6Bw,13547
 pycti/entities/opencti_stix.py,sha256=uMheSg8i1f2Ozx2Mk0iShWzHHjj6MMWDtV5nDjVxKEE,2275
 pycti/entities/opencti_stix_core_object.py,sha256=eyhsNAWaQO5X55Wn91b21j_d6bydBxfN29s2eQHrXkI,51639
 pycti/entities/opencti_stix_core_relationship.py,sha256=xHyJSW89ef9OV0PJhQRynm-c1MSO0tUFPPzQiXYeukk,44909
-pycti/entities/opencti_stix_cyber_observable.py,sha256=W_vs-VmO7HMVu7kGcL9NPuHXhioCeEwDJRBB8Q3XsBI,92049
+pycti/entities/opencti_stix_cyber_observable.py,sha256=ZbJ4XXXTlCP34hrgC9Jfov_9m1bPUiTj_s2tUjSauEA,92449
 pycti/entities/opencti_stix_domain_object.py,sha256=-7Dec8kTqeJA_sr1KrRohgQzitOC51dOd4035EXRALw,78850
 pycti/entities/opencti_stix_nested_ref_relationship.py,sha256=7USJlfTanPFY16aFIH2YONdRakrfoBuIbB0d0I52PSM,12479
 pycti/entities/opencti_stix_object_or_stix_relationship.py,sha256=5qutzML6SyYzDhZ-QpI9Vh23hzLEs-xeFAAZOpGHZ2g,18049
@@ -65,15 +65,15 @@ pycti/entities/stix_cyber_observable/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeu
 pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_deprecated.py,sha256=q-2G6OOqvUC1U2hSKxD8uT5T18M_IDkl72Tn1KoumQI,1847
 pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py,sha256=MN56CW8RWZwB0Pr8UiHZy_4nSzbgFbwdhSFKpsZ_d1Y,11293
 pycti/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pycti/utils/constants.py,sha256=zlt4nPytB-PIVd91X0RGh3bY6qWcCOn3hnuM9TuDWEw,11829
+pycti/utils/constants.py,sha256=AfECYKzdwos6Z6yUGXaUGtip_bRsVQaCKBw6nwSmNqE,12799
 pycti/utils/opencti_logger.py,sha256=BHNy9fJuTUTn_JEYSCmyvVwd6y-9ZJKxO40mY4iZ0bc,2226
 pycti/utils/opencti_stix2.py,sha256=Fg7xPAqek4lJrfYh2LLQkdsmTCJHM-uwCS4Mye12khw,121492
 pycti/utils/opencti_stix2_identifier.py,sha256=k8L1z4q1xdCBfxqUba4YS_kT-MmbJFxYh0RvfGOmrOs,837
 pycti/utils/opencti_stix2_splitter.py,sha256=etnAWMDzNi2JCovSUJ5Td-XLVdzgKRdsV1XfpXOGols,11070
 pycti/utils/opencti_stix2_update.py,sha256=CnMyqkeVA0jgyxEcgqna8sABU4YPMjkEJ228GVurIn4,14658
 pycti/utils/opencti_stix2_utils.py,sha256=xgBZzm7HC76rLQYwTKkaUd_w9jJnVMoryHx7KDDIB_g,5065
-pycti-6.6.11.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-pycti-6.6.11.dist-info/METADATA,sha256=eXRgs2FSzjhuC2tJ0ZSr9tFw1cyfjhnZRFiIVLyktpQ,5531
-pycti-6.6.11.dist-info/WHEEL,sha256=DnLRTWE75wApRYVsjgc6wsVswC54sMSJhAEd4xhDpBk,91
-pycti-6.6.11.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
-pycti-6.6.11.dist-info/RECORD,,
+pycti-6.6.15.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+pycti-6.6.15.dist-info/METADATA,sha256=7Af10YSevhbl-AUeqtvjkQetbzqWZaTmSZhSyVck2Sw,5531
+pycti-6.6.15.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+pycti-6.6.15.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
+pycti-6.6.15.dist-info/RECORD,,

{pycti-6.6.11.dist-info → pycti-6.6.15.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (80.4.0)
+Generator: setuptools (80.9.0)
 Root-Is-Purelib: true
 Tag: py3-none-any