pycti 6.6.17__py3-none-any.whl → 6.7.0__py3-none-any.whl

pycti/utils/constants.py

@@ -48,7 +48,7 @@ class StixCyberObservableTypes(Enum):
     PERSONA = "Persona"
 
     @classmethod
-    def has_value(cls, value):
+    def has_value(cls, value: str) -> bool:
         lower_attr = list(map(lambda x: x.lower(), cls._value2member_map_))
         return value.lower() in lower_attr
 
@@ -58,6 +58,7 @@ class IdentityTypes(Enum):
     ORGANIZATION = "Organization"
     INDIVIDUAL = "Individual"
     SYSTEM = "System"
+    SECURITYPLATFORM = "SecurityPlatform"
 
     @classmethod
     def has_value(cls, value):

pycti/utils/opencti_stix2.py

@@ -29,7 +29,9 @@ from pycti.utils.opencti_stix2_splitter import OpenCTIStix2Splitter
 from pycti.utils.opencti_stix2_update import OpenCTIStix2Update
 from pycti.utils.opencti_stix2_utils import (
     OBSERVABLES_VALUE_INT,
+    STIX_CORE_OBJECTS,
     STIX_CYBER_OBSERVABLE_MAPPING,
+    STIX_META_OBJECTS,
 )
 
 datefinder.ValueError = ValueError, OverflowError
@@ -418,7 +420,10 @@ class OpenCTIStix2:
             stix_object["kill_chain_phases"] = self.opencti.get_attribute_in_extension(
                 "kill_chain_phases", stix_object
             )
-        if "kill_chain_phases" in stix_object:
+        if (
+            "kill_chain_phases" in stix_object
+            and stix_object["kill_chain_phases"] is not None
+        ):
             for kill_chain_phase in stix_object["kill_chain_phases"]:
                 if (
                     kill_chain_phase["kill_chain_name"] + kill_chain_phase["phase_name"]
@@ -461,7 +466,10 @@ class OpenCTIStix2:
                         "type": kill_chain_phase["entity_type"],
                     }
                 kill_chain_phases_ids.append(kill_chain_phase["id"])
-        elif "x_opencti_kill_chain_phases" in stix_object:
+        elif (
+            "x_opencti_kill_chain_phases" in stix_object
+            and stix_object["x_opencti_kill_chain_phases"] is not None
+        ):
             for kill_chain_phase in stix_object["x_opencti_kill_chain_phases"]:
                 if (
                     kill_chain_phase["kill_chain_name"] + kill_chain_phase["phase_name"]
@@ -523,7 +531,10 @@ class OpenCTIStix2:
                     "external_references", stix_object
                 )
             )
-        if "external_references" in stix_object:
+        if (
+            "external_references" in stix_object
+            and stix_object["external_references"] is not None
+        ):
             for external_reference in stix_object["external_references"]:
                 try:
                     url = (
@@ -704,7 +715,10 @@ class OpenCTIStix2:
                     self.opencti.app_logger.warning(
                         "Cannot generate external reference"
                     )
-        elif "x_opencti_external_references" in stix_object:
+        elif (
+            "x_opencti_external_references" in stix_object
+            and stix_object["x_opencti_external_references"] is not None
+        ):
             for external_reference in stix_object["x_opencti_external_references"]:
                 url = external_reference["url"] if "url" in external_reference else None
                 source_name = (
@@ -773,7 +787,10 @@ class OpenCTIStix2:
             granted_refs_ids = self.opencti.get_attribute_in_extension(
                 "granted_refs", stix_object
             )
-        elif "x_opencti_granted_refs" in stix_object:
+        elif (
+            "x_opencti_granted_refs" in stix_object
+            and stix_object["x_opencti_granted_refs"] is not None
+        ):
             granted_refs_ids = stix_object["x_opencti_granted_refs"]
         # Sample refs
         sample_refs_ids = (
@@ -909,6 +926,23 @@ class OpenCTIStix2:
             "sighting": self.opencti.stix_sighting_relationship,
         }
 
+    def get_internal_helper(self):
+        # Import
+        return {
+            "user": self.opencti.user,
+            "group": self.opencti.group,
+            "capability": self.opencti.capability,
+            "role": self.opencti.role,
+            "settings": self.opencti.settings,
+            "work": self.opencti.work,
+            "deleteoperation": self.opencti.trash,
+            "draftworkspace": self.opencti.draft,
+            "playbook": self.opencti.playbook,
+            "workspace": self.opencti.workspace,
+            "publicdashboard": self.opencti.public_dashboard,
+            "notification": self.opencti.notification,
+        }
+
     def generate_standard_id_from_stix(self, data):
         stix_helpers = self.get_stix_helper()
         helper = stix_helpers.get(data["type"])
@@ -2468,24 +2502,173 @@ class OpenCTIStix2:
                 self.opencti.external_reference.update_field(
                     id=item_id, input=field_patch_without_files
                 )
+            elif item["type"] == "indicator":
+                self.opencti.indicator.update_field(
+                    id=item_id, input=field_patch_without_files
+                )
+            elif item["type"] == "notification":
+                self.opencti.notification.update_field(
+                    id=item_id, input=field_patch_without_files
+                )
             else:
                 self.opencti.stix_domain_object.update_field(
                     id=item_id, input=field_patch_without_files
                 )
         self.apply_patch_files(item)
 
+    def rule_apply(self, item):
+        rule_id = self.opencti.get_attribute_in_extension("opencti_rule", item)
+        if rule_id is None:
+            rule_id = item["opencti_rule"]
+        self.opencti.stix_core_object.rule_apply(element_id=item["id"], rule_id=rule_id)
+
+    def rule_clear(self, item):
+        rule_id = self.opencti.get_attribute_in_extension("opencti_rule", item)
+        if rule_id is None:
+            rule_id = item["opencti_rule"]
+        self.opencti.stix_core_object.rule_clear(element_id=item["id"], rule_id=rule_id)
+
+    def rules_rescan(self, item):
+        self.opencti.stix_core_object.rules_rescan(element_id=item["id"])
+
+    def organization_share(self, item):
+        organization_ids = self.opencti.get_attribute_in_extension(
+            "sharing_organization_ids", item
+        )
+        if organization_ids is None:
+            organization_ids = item["sharing_organization_ids"]
+        sharing_direct_container = self.opencti.get_attribute_in_extension(
+            "sharing_direct_container", item
+        )
+        if sharing_direct_container is None:
+            sharing_direct_container = item["sharing_direct_container"]
+
+        if item["type"] == "relationship":
+            self.opencti.stix_core_relationship.organization_share(
+                item["id"], organization_ids, sharing_direct_container
+            )
+        elif item["type"] == "sighting":
+            self.opencti.stix_sighting_relationship.organization_share(
+                item["id"], organization_ids, sharing_direct_container
+            )
+        else:
+            # Element is considered stix core object
+            self.opencti.stix_core_object.organization_share(
+                item["id"], organization_ids, sharing_direct_container
+            )
+
+    def organization_unshare(self, item):
+        organization_ids = self.opencti.get_attribute_in_extension(
+            "sharing_organization_ids", item
+        )
+        if organization_ids is None:
+            organization_ids = item["sharing_organization_ids"]
+        sharing_direct_container = self.opencti.get_attribute_in_extension(
+            "sharing_direct_container", item
+        )
+        if sharing_direct_container is None:
+            sharing_direct_container = item["sharing_direct_container"]
+        if item["type"] == "relationship":
+            self.opencti.stix_core_relationship.organization_unshare(
+                item["id"], organization_ids, sharing_direct_container
+            )
+        elif item["type"] == "sighting":
+            self.opencti.stix_sighting_relationship.organization_unshare(
+                item["id"], organization_ids, sharing_direct_container
+            )
+        else:
+            # Element is considered stix core object
+            self.opencti.stix_core_object.organization_unshare(
+                item["id"], organization_ids, sharing_direct_container
+            )
+
+    def element_operation_delete(self, item, operation):
+        # If data is stix, just use the generic stix function for deletion
+        force_delete = operation == "delete_force"
+        if item["type"] == "relationship":
+            self.opencti.stix_core_relationship.delete(id=item["id"])
+        elif item["type"] == "sighting":
+            self.opencti.stix_sighting_relationship.delete(id=item["id"])
+        elif item["type"] in STIX_META_OBJECTS:
+            self.opencti.stix.delete(id=item["id"], force_delete=force_delete)
+        elif item["type"] in list(STIX_CYBER_OBSERVABLE_MAPPING.keys()):
+            self.opencti.stix_cyber_observable.delete(id=item["id"])
+        elif item["type"] in STIX_CORE_OBJECTS:
+            self.opencti.stix_core_object.delete(id=item["id"])
+        else:
+            # Element is not knowledge we need to use the right api
+            stix_helper = self.get_internal_helper().get(item["type"])
+            if stix_helper and hasattr(stix_helper, "delete"):
+                stix_helper.delete(id=item["id"])
+            else:
+                raise ValueError(
+                    "Delete operation or not found stix helper", {"type": item["type"]}
+                )
+
+    def element_remove_from_draft(self, item):
+        if item["type"] == "relationship":
+            self.opencti.stix_core_relationship.remove_from_draft(id=item["id"])
+        elif item["type"] == "sighting":
+            self.opencti.stix_sighting_relationship.remove_from_draft(id=item["id"])
+        else:
+            # Element is considered stix core object
+            self.opencti.stix_core_object.remove_from_draft(id=item["id"])
+
     def apply_opencti_operation(self, item, operation):
-        if operation == "delete":
-            delete_id = item["id"]
-            self.opencti.stix.delete(id=delete_id)
+        if operation == "delete" or operation == "delete_force":
+            self.element_operation_delete(item=item, operation=operation)
+        elif operation == "revert_draft":
+            self.element_remove_from_draft(item=item)
+        elif operation == "restore":
+            self.opencti.trash.restore(item["id"])
         elif operation == "merge":
-            target_id = item["merge_target_id"]
-            source_ids = item["merge_source_ids"]
+            target_id = self.opencti.get_attribute_in_extension("merge_target_id", item)
+            if target_id is None:
+                target_id = item["merge_target_id"]
+            source_ids = self.opencti.get_attribute_in_extension(
+                "merge_source_ids", item
+            )
+            if source_ids is None:
+                source_ids = item["merge_source_ids"]
             self.opencti.stix.merge(id=target_id, object_ids=source_ids)
         elif operation == "patch":
             self.apply_patch(item=item)
+        elif operation == "pir_flag_element":
+            id = item["id"]
+            input = item["input"]
+            self.opencti.pir.pir_flag_element(id=id, input=input)
+        elif operation == "pir_unflag_element":
+            id = item["id"]
+            input = item["input"]
+            self.opencti.pir.pir_unflag_element(id=id, input=input)
+        elif operation == "rule_apply":
+            self.rule_apply(item=item)
+        elif operation == "rule_clear":
+            self.rule_clear(item=item)
+        elif operation == "rules_rescan":
+            self.rules_rescan(item=item)
+        elif operation == "share":
+            self.organization_share(item=item)
+        elif operation == "unshare":
+            self.organization_unshare(item=item)
+        elif operation == "clear_access_restriction":
+            self.opencti.stix_core_object.clear_access_restriction(
+                element_id=item["id"]
+            )
+        elif operation == "enrichment":
+            connector_ids = self.opencti.get_attribute_in_extension(
+                "connector_ids", item
+            )
+            if connector_ids is None:
+                connector_ids = item["connector_ids"]
+            self.opencti.stix_core_object.ask_enrichments(
+                element_id=item["id"], connector_ids=connector_ids
+            )
         else:
-            raise ValueError("Not supported opencti_operation")
+            raise ValueError(
+                "Not supported opencti_operation",
+                {"operation": operation},
+            )
 
     def import_item(
         self,
@@ -2748,9 +2931,25 @@ class OpenCTIStix2:
         )
 
         stix2_splitter = OpenCTIStix2Splitter()
-        _, bundles = stix2_splitter.split_bundle_with_expectations(
-            stix_bundle, False, event_version
+        _, incompatible_elements, bundles = (
+            stix2_splitter.split_bundle_with_expectations(
+                stix_bundle, False, event_version
+            )
         )
+
+        # Report every element ignored during bundle splitting
+        if work_id is not None:
+            for incompatible_element in incompatible_elements:
+                self.opencti.work.report_expectation(
+                    work_id,
+                    {
+                        "error": "Incompatible element in bundle",
+                        "source": "Element "
+                        + incompatible_element["id"]
+                        + " is incompatible and couldn't be processed",
+                    },
+                )
+
         # Import every element in a specific order
         imported_elements = []
         for bundle in bundles:

pycti/utils/opencti_stix2_splitter.py

@@ -10,6 +10,7 @@ from pycti.utils.opencti_stix2_identifier import (
 )
 from pycti.utils.opencti_stix2_utils import (
     STIX_CYBER_OBSERVABLE_MAPPING,
+    SUPPORTED_INTERNAL_OBJECTS,
     SUPPORTED_STIX_ENTITY_OBJECTS,
 )
 
@@ -17,8 +18,10 @@ OPENCTI_EXTENSION = "extension-definition--ea279b3e-5c71-4632-ac08-831c66a786ba"
 
 supported_types = (
     SUPPORTED_STIX_ENTITY_OBJECTS  # entities
+    + SUPPORTED_INTERNAL_OBJECTS  # internals
     + list(STIX_CYBER_OBSERVABLE_MAPPING.keys())  # observables
     + ["relationship", "sighting"]  # relationships
+    + ["pir"]
 )
 
 
@@ -35,6 +38,7 @@ class OpenCTIStix2Splitter:
         self.cache_index = {}
         self.cache_refs = {}
         self.elements = []
+        self.incompatible_items = []
 
     def get_internal_ids_in_extension(self, item):
         ids = []
@@ -65,7 +69,7 @@ class OpenCTIStix2Splitter:
         for key in list(item.keys()):
             value = item[key]
             # Recursive enlist for every refs
-            if key.endswith("_refs"):
+            if key.endswith("_refs") and item[key] is not None:
                 to_keep = []
                 for element_ref in item[key]:
                     # We need to check if this ref is not already a reference
@@ -119,7 +123,7 @@ class OpenCTIStix2Splitter:
                 else:
                     item[key] = None
             # Case for embedded elements (deduplicating and cleanup)
-            elif key == "external_references":
+            elif key == "external_references" and item[key] is not None:
                 # specific case of splitting external references
                 # reference_ids = []
                 deduplicated_references = []
@@ -145,7 +149,7 @@ class OpenCTIStix2Splitter:
                         #     reference_ids.append(reference_id)
                         # nb_deps += self.enlist_element(reference_id, raw_data)
                 item[key] = deduplicated_references
-            elif key == "kill_chain_phases":
+            elif key == "kill_chain_phases" and item[key] is not None:
                 # specific case of splitting kill_chain phases
                 # kill_chain_ids = []
                 deduplicated_kill_chain = []
@@ -189,6 +193,8 @@ class OpenCTIStix2Splitter:
                 is_compatible = is_id_supported(item_id)
             if is_compatible:
                 self.elements.append(item)
+            else:
+                self.incompatible_items.append(item)
             self.cache_index[item_id] = item
             for internal_id in self.get_internal_ids_in_extension(item):
                 self.cache_index[internal_id] = item
@@ -201,7 +207,7 @@ class OpenCTIStix2Splitter:
         use_json=True,
         event_version=None,
         cleanup_inconsistent_bundle=False,
-    ) -> Tuple[int, list]:
+    ) -> Tuple[int, list, list]:
         """splits a valid stix2 bundle into a list of bundles"""
         if use_json:
             try:
@@ -251,11 +257,11 @@ class OpenCTIStix2Splitter:
                 )
             )
 
-        return number_expectations, bundles
+        return number_expectations, self.incompatible_items, bundles
 
     @deprecated("Use split_bundle_with_expectations instead")
     def split_bundle(self, bundle, use_json=True, event_version=None) -> list:
-        expectations, bundles = self.split_bundle_with_expectations(
+        _, _, bundles = self.split_bundle_with_expectations(
             bundle, use_json, event_version
         )
         return bundles

pycti/utils/opencti_stix2_utils.py

@@ -2,7 +2,29 @@ from typing import Any, Dict
 
 from stix2 import EqualityComparisonExpression, ObjectPath, ObservationExpression
 
-SUPPORTED_STIX_ENTITY_OBJECTS = [
+SUPPORTED_INTERNAL_OBJECTS = [
+    "user",
+    "group",
+    "capability",
+    "role",
+    "settings",
+    "notification",
+    "work",
+    "trash",
+    "draftworkspace",
+    "playbook",
+    "deleteoperation",
+    "workspace",
+    "publicdashboard",
+]
+
+STIX_META_OBJECTS = [
+    "label",
+    "vocabulary",
+    "kill-chain-phase",
+]
+
+STIX_CORE_OBJECTS = [
     "attack-pattern",
     "campaign",
     "case-incident",
@@ -27,8 +49,6 @@ SUPPORTED_STIX_ENTITY_OBJECTS = [
     "indicator",
     "infrastructure",
     "intrusion-set",
-    "kill-chain-phase",
-    "label",
     "language",
     "location",
     "malware",
@@ -43,10 +63,11 @@ SUPPORTED_STIX_ENTITY_OBJECTS = [
     "x-opencti-task",
     "threat-actor",
     "tool",
-    "vocabulary",
     "vulnerability",
 ]
 
+SUPPORTED_STIX_ENTITY_OBJECTS = STIX_META_OBJECTS + STIX_CORE_OBJECTS
+
 STIX_CYBER_OBSERVABLE_MAPPING = {
     "autonomous-system": "Autonomous-System",
     "directory": "Directory",
@@ -83,6 +104,12 @@ STIX_CYBER_OBSERVABLE_MAPPING = {
     "persona": "Persona",
 }
 
+STIX_OBJECTS = (
+    SUPPORTED_STIX_ENTITY_OBJECTS  # entities
+    + list(STIX_CYBER_OBSERVABLE_MAPPING.keys())  # observables
+    + ["relationship", "sighting"]  # relationships
+)
+
 PATTERN_MAPPING = {
     "Autonomous-System": ["number"],
     "Directory": ["path"],

{pycti-6.6.17.dist-info → pycti-6.7.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pycti
-Version: 6.6.17
+Version: 6.7.0
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran
@@ -29,7 +29,7 @@ Requires-Dist: python-magic-bin~=0.4.14; sys_platform == "win32"
 Requires-Dist: python_json_logger~=3.3.0
 Requires-Dist: PyYAML~=6.0
 Requires-Dist: requests~=2.32.3
-Requires-Dist: setuptools~=78.1.0
+Requires-Dist: setuptools~=80.9.0
 Requires-Dist: cachetools~=5.5.0
 Requires-Dist: prometheus-client~=0.21.1
 Requires-Dist: opentelemetry-api~=1.32.0
@@ -46,9 +46,9 @@ Requires-Dist: isort~=6.0.0; extra == "dev"
 Requires-Dist: types-pytz~=2025.2.0.20250326; extra == "dev"
 Requires-Dist: pre-commit~=4.2.0; extra == "dev"
 Requires-Dist: pytest-cases~=3.8.0; extra == "dev"
-Requires-Dist: pytest-cov~=6.1.1; extra == "dev"
+Requires-Dist: pytest-cov~=6.2.1; extra == "dev"
 Requires-Dist: pytest_randomly~=3.16.0; extra == "dev"
-Requires-Dist: pytest~=8.3.4; extra == "dev"
+Requires-Dist: pytest~=8.4.1; extra == "dev"
 Requires-Dist: types-python-dateutil~=2.9.0; extra == "dev"
 Requires-Dist: wheel~=0.45.1; extra == "dev"
 Provides-Extra: doc

{pycti-6.6.17.dist-info → pycti-6.7.0.dist-info}/RECORD

@@ -1,12 +1,18 @@
-pycti/__init__.py,sha256=bHXKwLjwVZQYGuHRhxZOHqEajspKcy-YkHHDW1aa7uE,5677
+pycti/__init__.py,sha256=BQeMBUpJroFUdRqvvmrtA2LxiUu0IbYvX4_oGT-G6Fo,5676
 pycti/api/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pycti/api/opencti_api_client.py,sha256=yV8noIFiy-wtMbJ64KKZ7G7wUFZ10L6tYInmL_fKkMw,34567
+pycti/api/opencti_api_client.py,sha256=EKv6nKNHPNMzF_dBoeZXsO5NJWH-nWH6GN-BFdWH-3s,35239
 pycti/api/opencti_api_connector.py,sha256=8xwHuLINP3ZCImzE9_K_iCR9QEA3K6aHpK4bJhcZf20,5582
-pycti/api/opencti_api_playbook.py,sha256=456We78vESukfSOi_CctfZ9dbBJEi76EHClRc2f21Js,1628
-pycti/api/opencti_api_work.py,sha256=V8n8KaLNiOUYTXYE251bC-yHMHiXSR_sf_0jk2RgANY,8456
+pycti/api/opencti_api_draft.py,sha256=ZFrva6p7VZA7rCtIpyfyA-KTWvcTaWvpy51_Edi9rG4,428
+pycti/api/opencti_api_notification.py,sha256=uTBSjym2RfSYHTnfBIVmWj5kATrzQ2lRQ178Jy5bsu0,1375
+pycti/api/opencti_api_pir.py,sha256=3yDfUNVe9G_G9OrCcL3pBTE31kcstKXhXCiSrGhpUYY,992
+pycti/api/opencti_api_playbook.py,sha256=9I_x_S4_pj12QUK0x5qC_7sl0-i8AHKtyAb9P0-fCr8,2187
+pycti/api/opencti_api_public_dashboard.py,sha256=aa4trEuaf7WstmiS4WAHoe1qmYmaFWmbO0N4N_iXPGM,711
+pycti/api/opencti_api_trash.py,sha256=r_zi57n5TfLw9LYs2UFg33Nvyy3Huc6CjpK2mRQsmao,1065
+pycti/api/opencti_api_work.py,sha256=uV1mbPz3zmNZjoNHVmX6SyWPQKEHkpSDXkb_a2NIOA4,8982
+pycti/api/opencti_api_workspace.py,sha256=ycqOTEXeUHF2k8H4jhoYDd1W6ijFcNUjYf4eSdLpH0k,611
 pycti/connector/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/connector/opencti_connector.py,sha256=8lCZFvcA9-S1x6vFl756hgWAlzKfrnq-C4AIdDJr-Kg,2715
-pycti/connector/opencti_connector_helper.py,sha256=7LXAEIvEcStXK0tr199EBU4grn-ejf93ogbMU3tiyq8,88534
+pycti/connector/opencti_connector_helper.py,sha256=JAmoPXjBv_35aMrwVBwtavpkv9bMBfOj64EEYigz8vg,88546
 pycti/connector/opencti_metric_handler.py,sha256=4jXHeJflomtHjuQ_YU0b36TG7o26vOWbY_jvU8Ezobs,3725
 pycti/entities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/entities/opencti_attack_pattern.py,sha256=HVfLhtd8rlT42xutRS8qOkDsG5_Ws4EoGfObLW5mQl4,22535
@@ -22,11 +28,11 @@ pycti/entities/opencti_data_source.py,sha256=OqgeOkQl463aREDb8CkFwVrYngKTNYnUTyg
 pycti/entities/opencti_event.py,sha256=lGqxCnurlcbIXDMdKIFI2gaxjq2LNJoj8k8HGQnKHXo,17099
 pycti/entities/opencti_external_reference.py,sha256=zSsGOUajrTgSG9T0MHUzq-16XalJ0BHHC54RvBaTD48,13524
 pycti/entities/opencti_feedback.py,sha256=MyFs1CuC6_SZvjLOPyWwe6mWMoUmyoGKJ73o237j-Mg,32710
-pycti/entities/opencti_group.py,sha256=X7NfJ7-0Nwzggh9BqlA0GiKHc7v2PhmJnNQsffAeVA0,26172
+pycti/entities/opencti_group.py,sha256=GgtA1zZunjXjxPdXc3wOV8Veitte0IGmRF1WwFYWs80,26390
 pycti/entities/opencti_grouping.py,sha256=cjXfgmRma0laGAP5j1oYMtZzVsQxrNvZ0o0-MsToufg,30569
-pycti/entities/opencti_identity.py,sha256=1OveaX1uFOzMPBWbMqK0a_Bz3FT77GzOmanmQALArpg,24093
+pycti/entities/opencti_identity.py,sha256=Ih2LvYrDKXXFoQOjcsFv0ipTW3PBCtNtrBkyGWU-__8,26703
 pycti/entities/opencti_incident.py,sha256=mQn2PN2enf9CYoM2vFD3f8S2hIZj8pbiBUZOQ4cMT7Q,18966
-pycti/entities/opencti_indicator.py,sha256=8-ZJRJvHZ387s5CZtSBGCROtZm_5vhJpvIDP8cGVb-8,21452
+pycti/entities/opencti_indicator.py,sha256=DX-erowuSw3yfAGacIK5CGKUsIhiUfoTER8NwVH7myI,22732
 pycti/entities/opencti_infrastructure.py,sha256=-vuGCDiwWH60GmLOpUelVDPtvM9XB9DhfGDwM0S2OpI,20331
 pycti/entities/opencti_intrusion_set.py,sha256=Jg-kkh6_kfyUIL6XsRYWg_d7Nejrp9kniJlI-SlAph0,19357
 pycti/entities/opencti_kill_chain_phase.py,sha256=acNzuFdxhwI_8fvZOTEHhP8fC6EGY_r6jcKpA-nKa8Q,7991
@@ -43,14 +49,14 @@ pycti/entities/opencti_opinion.py,sha256=QwYIcRemOmFVmoVHRnCEUGzSt4NoIHufCU_qh0D
 pycti/entities/opencti_report.py,sha256=LY2wB6zcdchBD8URYoNqGWENMqnalOrmxoNKz306EDM,35303
 pycti/entities/opencti_role.py,sha256=ryfPmZ_ch2sRGgqEr6_qxChTcGoeqvHW0MvlGHkLgdw,14039
 pycti/entities/opencti_settings.py,sha256=3dArFaPPdcFTV44uGRffjHpnDE-MKIXgd496QZcH6Bw,13547
-pycti/entities/opencti_stix.py,sha256=uMheSg8i1f2Ozx2Mk0iShWzHHjj6MMWDtV5nDjVxKEE,2275
-pycti/entities/opencti_stix_core_object.py,sha256=eyhsNAWaQO5X55Wn91b21j_d6bydBxfN29s2eQHrXkI,51639
-pycti/entities/opencti_stix_core_relationship.py,sha256=xHyJSW89ef9OV0PJhQRynm-c1MSO0tUFPPzQiXYeukk,44909
+pycti/entities/opencti_stix.py,sha256=9jVg21hXXaKMl5U8Mh6Df3U8IIjP7k9py5VGzn1qFzk,2410
+pycti/entities/opencti_stix_core_object.py,sha256=1E7yRR18_y4dYGcv5ZSAIcusMUh_hAW9QEujNRHwbPg,63413
+pycti/entities/opencti_stix_core_relationship.py,sha256=aqguOR9n9jyL7Ez7xRoAO5EQ3wA6XcgTXxrYDGjw3cI,47786
 pycti/entities/opencti_stix_cyber_observable.py,sha256=ZbJ4XXXTlCP34hrgC9Jfov_9m1bPUiTj_s2tUjSauEA,92449
-pycti/entities/opencti_stix_domain_object.py,sha256=-7Dec8kTqeJA_sr1KrRohgQzitOC51dOd4035EXRALw,78850
+pycti/entities/opencti_stix_domain_object.py,sha256=f-n_4i1uNkSBT6f2UD8isgB_OR2MbQwhN56Ypp_5Dd8,82748
 pycti/entities/opencti_stix_nested_ref_relationship.py,sha256=7USJlfTanPFY16aFIH2YONdRakrfoBuIbB0d0I52PSM,12479
-pycti/entities/opencti_stix_object_or_stix_relationship.py,sha256=5qutzML6SyYzDhZ-QpI9Vh23hzLEs-xeFAAZOpGHZ2g,18049
-pycti/entities/opencti_stix_sighting_relationship.py,sha256=8rncZGYnDrmqAmwVKhy4lmbYoplvxEKkpIAH3yQzGig,28903
+pycti/entities/opencti_stix_object_or_stix_relationship.py,sha256=7USO_fkHkiXBMMalQee1ZNIE99IJfFUmzVRFBvRrdOo,19998
+pycti/entities/opencti_stix_sighting_relationship.py,sha256=JZo9t_nyF2psVZ3Flg6Gkyf3gD5422kQLAByr1qiBAs,31720
 pycti/entities/opencti_task.py,sha256=QOGuPTpH5rI80i9kwhHJ7Lgdr6bKTdAs-jwQ3kQ2Yjo,25457
 pycti/entities/opencti_threat_actor.py,sha256=vFPeo0pOYSqHBKVlWc4o8RjuP2PP0A09KWU6rsYXnvA,11201
 pycti/entities/opencti_threat_actor_group.py,sha256=dV28sDfADoDpATyk8w2fN1ZGOoad3LCk7lnij3nFBY8,20828
@@ -58,22 +64,22 @@ pycti/entities/opencti_threat_actor_individual.py,sha256=l-E0RShOofXTZgw2HUyrDpr
 pycti/entities/opencti_tool.py,sha256=GXeTfWkTgNxFnNGPsO03BOK2dsZGCp5IT-leQHiFWtw,15462
 pycti/entities/opencti_user.py,sha256=zJKhJCvC2N5-3E92uFad2CwiQhCWVAHYrgomzqBwD-s,29735
 pycti/entities/opencti_vocabulary.py,sha256=xupdHJ6TznCmvI3sVYU261SnfblSNc1nwg19MG9yrao,6499
-pycti/entities/opencti_vulnerability.py,sha256=LAha8HDTN-r9Eddugt7-CEtTZvXw7Z2za-6fkKyvnfw,22781
+pycti/entities/opencti_vulnerability.py,sha256=roG0TPPfGRbkp1qZF7W7bqqcKxafDUX5Y33wPF4St8g,52240
 pycti/entities/indicator/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/entities/indicator/opencti_indicator_properties.py,sha256=iQvSeMHB-vSTzINnRxqIJfC3OgMHyhbXUVF2juU7DoE,5219
 pycti/entities/stix_cyber_observable/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_deprecated.py,sha256=q-2G6OOqvUC1U2hSKxD8uT5T18M_IDkl72Tn1KoumQI,1847
 pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py,sha256=MN56CW8RWZwB0Pr8UiHZy_4nSzbgFbwdhSFKpsZ_d1Y,11293
 pycti/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pycti/utils/constants.py,sha256=AfECYKzdwos6Z6yUGXaUGtip_bRsVQaCKBw6nwSmNqE,12799
+pycti/utils/constants.py,sha256=VRYRvDm6hkTR0ZcHHWMzQBwqlPRskYnusBpgoX0S05A,12854
 pycti/utils/opencti_logger.py,sha256=BHNy9fJuTUTn_JEYSCmyvVwd6y-9ZJKxO40mY4iZ0bc,2226
-pycti/utils/opencti_stix2.py,sha256=Fg7xPAqek4lJrfYh2LLQkdsmTCJHM-uwCS4Mye12khw,121492
+pycti/utils/opencti_stix2.py,sha256=BzD5R2EqZWgyVMkqc6_TJfvlpSHFsF1KjebwCFZ-EYE,130062
 pycti/utils/opencti_stix2_identifier.py,sha256=k8L1z4q1xdCBfxqUba4YS_kT-MmbJFxYh0RvfGOmrOs,837
-pycti/utils/opencti_stix2_splitter.py,sha256=etnAWMDzNi2JCovSUJ5Td-XLVdzgKRdsV1XfpXOGols,11070
+pycti/utils/opencti_stix2_splitter.py,sha256=sjD9mN6jEea7Zr1k17rNiYaozLcDU4qg0HgIixXRHt4,11371
 pycti/utils/opencti_stix2_update.py,sha256=CnMyqkeVA0jgyxEcgqna8sABU4YPMjkEJ228GVurIn4,14658
-pycti/utils/opencti_stix2_utils.py,sha256=xgBZzm7HC76rLQYwTKkaUd_w9jJnVMoryHx7KDDIB_g,5065
-pycti-6.6.17.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-pycti-6.6.17.dist-info/METADATA,sha256=7SQd_Rc2V1v0EJR9iDyuSNLFTFtziw1tE0END2Hppeg,5531
-pycti-6.6.17.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-pycti-6.6.17.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
-pycti-6.6.17.dist-info/RECORD,,
+pycti/utils/opencti_stix2_utils.py,sha256=4vu-j3weP9IS3Ky31exOIw4t3fBg00emCTRlVpevrTU,5582
+pycti-6.7.0.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+pycti-6.7.0.dist-info/METADATA,sha256=Pn7elqBNJWq1aCOjdej2KeqjFGfV7GSsIrRb0arM5HU,5530
+pycti-6.7.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+pycti-6.7.0.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
+pycti-6.7.0.dist-info/RECORD,,