PyPI - pycti - Versions diffs - 6.6.17__tar.gz → 6.7.0__tar.gz - Mend

pycti 6.6.17tar.gz → 6.7.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pycti might be problematic. Click here for more details.

Files changed (91) hide show

{pycti-6.6.17 → pycti-6.7.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pycti
-Version: 6.6.17
+Version: 6.7.0
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran
@@ -29,7 +29,7 @@ Requires-Dist: python-magic-bin~=0.4.14; sys_platform == "win32"
 Requires-Dist: python_json_logger~=3.3.0
 Requires-Dist: PyYAML~=6.0
 Requires-Dist: requests~=2.32.3
-Requires-Dist: setuptools~=78.1.0
+Requires-Dist: setuptools~=80.9.0
 Requires-Dist: cachetools~=5.5.0
 Requires-Dist: prometheus-client~=0.21.1
 Requires-Dist: opentelemetry-api~=1.32.0
@@ -46,9 +46,9 @@ Requires-Dist: isort~=6.0.0; extra == "dev"
 Requires-Dist: types-pytz~=2025.2.0.20250326; extra == "dev"
 Requires-Dist: pre-commit~=4.2.0; extra == "dev"
 Requires-Dist: pytest-cases~=3.8.0; extra == "dev"
-Requires-Dist: pytest-cov~=6.1.1; extra == "dev"
+Requires-Dist: pytest-cov~=6.2.1; extra == "dev"
 Requires-Dist: pytest_randomly~=3.16.0; extra == "dev"
-Requires-Dist: pytest~=8.3.4; extra == "dev"
+Requires-Dist: pytest~=8.4.1; extra == "dev"
 Requires-Dist: types-python-dateutil~=2.9.0; extra == "dev"
 Requires-Dist: wheel~=0.45.1; extra == "dev"
 Provides-Extra: doc

{pycti-6.6.17 → pycti-6.7.0}/pycti/__init__.py RENAMED Viewed

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.6.17"
+__version__ = "6.7.0"
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector

{pycti-6.6.17 → pycti-6.7.0}/pycti/api/opencti_api_client.py RENAMED Viewed

@@ -10,8 +10,14 @@ import requests
 from pycti import __version__
 from pycti.api.opencti_api_connector import OpenCTIApiConnector
+from pycti.api.opencti_api_draft import OpenCTIApiDraft
+from pycti.api.opencti_api_notification import OpenCTIApiNotification
+from pycti.api.opencti_api_pir import OpenCTIApiPir
 from pycti.api.opencti_api_playbook import OpenCTIApiPlaybook
+from pycti.api.opencti_api_public_dashboard import OpenCTIApiPublicDashboard
+from pycti.api.opencti_api_trash import OpenCTIApiTrash
 from pycti.api.opencti_api_work import OpenCTIApiWork
+from pycti.api.opencti_api_workspace import OpenCTIApiWorkspace
 from pycti.entities.opencti_attack_pattern import AttackPattern
 from pycti.entities.opencti_campaign import Campaign
 from pycti.entities.opencti_capability import Capability
@@ -167,9 +173,15 @@ class OpenCTIApiClient:
         self.session = requests.session()
         # Define the dependencies
         self.work = OpenCTIApiWork(self)
+        self.notification = OpenCTIApiNotification(self)
+        self.trash = OpenCTIApiTrash(self)
+        self.draft = OpenCTIApiDraft(self)
+        self.workspace = OpenCTIApiWorkspace(self)
+        self.public_dashboard = OpenCTIApiPublicDashboard(self)
         self.playbook = OpenCTIApiPlaybook(self)
         self.connector = OpenCTIApiConnector(self)
         self.stix2 = OpenCTIStix2(self)
+        self.pir = OpenCTIApiPir(self)
         # Define the entities
         self.vocabulary = Vocabulary(self)

pycti-6.7.0/pycti/api/opencti_api_draft.py ADDED Viewed

@@ -0,0 +1,19 @@
+class OpenCTIApiDraft:
+    """OpenCTIApiDraft"""
+    def __init__(self, api):
+        self.api = api
+    def delete(self, **kwargs):
+        id = kwargs.get("id", None)
+        query = """
+            mutation DraftWorkspaceDelete($id: ID!) {
+                draftWorkspaceDelete(id: $id)
+            }
+           """
+        self.api.query(
+            query,
+            {
+                "id": id,
+            },
+        )

pycti-6.7.0/pycti/api/opencti_api_notification.py ADDED Viewed

@@ -0,0 +1,39 @@
+class OpenCTIApiNotification:
+    """OpenCTIApiJob"""
+    def __init__(self, api):
+        self.api = api
+    def delete(self, **kwargs):
+        notification_id = kwargs.get("id", None)
+        self.api.app_logger.info(
+            "Deleting notifcation", {"notification_id": notification_id}
+        )
+        query = """
+            mutation notificationDelete($id: ID!) {
+                notificationDelete(id: $id)
+            }
+           """
+        self.api.query(query, {"id": notification_id})
+    def update_field(self, **kwargs):
+        notification_id = kwargs.get("id", None)
+        input = kwargs.get("input", None)
+        for input_value in input:
+            if input_value["key"] == "is_read":
+                is_read_value = bool(input_value["value"][0])
+                self.mark_as_read(notification_id, is_read_value)
+    def mark_as_read(self, notification_id: str, read: bool):
+        self.api.app_logger.info(
+            "Marking notifcation as read",
+            {"notification_id": notification_id, "read": read},
+        )
+        query = """
+                mutation notificationMarkRead($id: ID!, $read: Boolean!) {
+                    notificationMarkRead(id: $id, read: $read) {
+                        id
+                    }
+                }
+               """
+        self.api.query(query, {"id": notification_id, "read": read})

pycti-6.7.0/pycti/api/opencti_api_pir.py ADDED Viewed

@@ -0,0 +1,37 @@
+class OpenCTIApiPir:
+    """OpenCTIApiPir"""
+    def __init__(self, api):
+        self.api = api
+    def pir_flag_element(self, **kwargs):
+        id = kwargs.get("id", None)
+        input = kwargs.get("input", None)
+        query = """
+            mutation PirFlagElement($id: ID!, $input: PirFlagElementInput!) {
+                pirFlagElement(id: $id, input: $input)
+            }
+           """
+        self.api.query(
+            query,
+            {
+                "id": id,
+                "input": input,
+            },
+        )
+    def pir_unflag_element(self, **kwargs):
+        id = kwargs.get("id", None)
+        input = kwargs.get("input", None)
+        query = """
+            mutation PirUnflagElement($id: ID!, $input: PirUnflagElementInput!) {
+                pirUnflagElement(id: $id, input: $input)
+            }
+           """
+        self.api.query(
+            query,
+            {
+                "id": id,
+                "input": input,
+            },
+        )

{pycti-6.6.17 → pycti-6.7.0}/pycti/api/opencti_api_playbook.py RENAMED Viewed

@@ -32,3 +32,23 @@ class OpenCTIApiPlaybook:
                 "bundle": bundle,
             },
         )
+    def delete(self, **kwargs):
+        id = kwargs.get("id", None)
+        if id is not None:
+            query = """
+                mutation PlaybookDelete($id: ID!) {
+                    playbookDelete(id: $id)
+                }
+               """
+            self.api.query(
+                query,
+                {
+                    "id": id,
+                },
+            )
+        else:
+            self.opencti.app_logger.error(
+                "[stix_playbook] Cant delete playbook, missing parameters: id"
+            )
+            return None

pycti-6.7.0/pycti/api/opencti_api_public_dashboard.py ADDED Viewed

@@ -0,0 +1,25 @@
+class OpenCTIApiPublicDashboard:
+    """OpenCTIApiPublicDashboard"""
+    def __init__(self, api):
+        self.api = api
+    def delete(self, **kwargs):
+        id = kwargs.get("id", None)
+        if id is not None:
+            query = """
+                mutation PublicDashboardDelete($id: ID!) {
+                    publicDashboardDelete(id: $id)
+                }
+               """
+            self.api.query(
+                query,
+                {
+                    "id": id,
+                },
+            )
+        else:
+            self.opencti.app_logger.error(
+                "[stix_public_dashboard] Cant delete public dashboard, missing parameters: id"
+            )
+            return None

pycti-6.7.0/pycti/api/opencti_api_trash.py ADDED Viewed

@@ -0,0 +1,42 @@
+class OpenCTIApiTrash:
+    """OpenCTIApiTrash"""
+    def __init__(self, api):
+        self.api = api
+    def restore(self, operation_id: str):
+        query = """
+            mutation DeleteOperationRestore($id: ID!) {
+                deleteOperationRestore(id: $id)
+            }
+           """
+        self.api.query(
+            query,
+            {
+                "id": operation_id,
+            },
+        )
+    def delete(self, **kwargs):
+        """Delete a trash item given its ID
+        :param id: ID for the delete operation on the platform.
+        :type id: str
+        """
+        id = kwargs.get("id", None)
+        if id is None:
+            self.api.admin_logger.error(
+                "[opencti_trash] Cant confirm delete, missing parameter: id"
+            )
+            return None
+        query = """
+            mutation DeleteOperationConfirm($id: ID!) {
+                deleteOperationConfirm(id: $id)
+            }
+        """
+        self.api.query(
+            query,
+            {
+                "id": id,
+            },
+        )

{pycti-6.6.17 → pycti-6.7.0}/pycti/api/opencti_api_work.py RENAMED Viewed

@@ -131,6 +131,25 @@ class OpenCTIApiWork:
         work = self.api.query(query, {"workId": work_id}, True)
         return work["data"]
+    def delete(self, **kwargs):
+        id = kwargs.get("id", None)
+        if id is None:
+            self.opencti.admin_logger.error(
+                "[opencti_work] Cant delete work, missing parameter: id"
+            )
+            return None
+        query = """
+        mutation ConnectorWorksMutation($workId: ID!) {
+            workEdit(id: $workId) {
+                delete
+            }
+        }"""
+        work = self.api.query(
+            query,
+            {"workId": id},
+        )
+        return work["data"]
     def wait_for_work_to_finish(self, work_id: str):
         status = ""
         cnt = 0

pycti-6.7.0/pycti/api/opencti_api_workspace.py ADDED Viewed

@@ -0,0 +1,24 @@
+class OpenCTIApiWorkspace:
+    """OpenCTIApiWorkspace"""
+    def __init__(self, api):
+        self.api = api
+    def delete(self, **kwargs):
+        id = kwargs.get("id", None)
+        if id is None:
+            self.api.admin_logger.error(
+                "[opencti_workspace] Cant delete workspace, missing parameter: id"
+            )
+            return None
+        query = """
+            mutation WorkspaceDelete($id: ID!) {
+                workspaceDelete(id: $id)
+            }
+           """
+        self.api.query(
+            query,
+            {
+                "id": id,
+            },
+        )

{pycti-6.6.17 → pycti-6.7.0}/pycti/connector/opencti_connector_helper.py RENAMED Viewed

@@ -1918,14 +1918,13 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
             os.rename(write_file, final_write_file)
         stix2_splitter = OpenCTIStix2Splitter()
-        (
-            expectations_number,
-            bundles,
-        ) = stix2_splitter.split_bundle_with_expectations(
-            bundle=bundle,
-            use_json=True,
-            event_version=event_version,
-            cleanup_inconsistent_bundle=cleanup_inconsistent_bundle,
+        (expectations_number, _, bundles) = (
+            stix2_splitter.split_bundle_with_expectations(
+                bundle=bundle,
+                use_json=True,
+                event_version=event_version,
+                cleanup_inconsistent_bundle=cleanup_inconsistent_bundle,
+            )
         )
         if len(bundles) == 0:

{pycti-6.6.17 → pycti-6.7.0}/pycti/entities/opencti_group.py RENAMED Viewed

@@ -315,12 +315,18 @@ class Group:
         )
         return self.opencti.process_multiple_fields(result["data"]["groupAdd"])
-    def delete(self, id: str):
+    def delete(self, **kwargs):
         """Delete a given group from OpenCTI
         :param id: ID of the group to delete.
         :type id: str
         """
+        id = kwargs.get("id", None)
+        if id is None:
+            self.opencti.admin_logger.error(
+                "[opencti_group] Cant delete group, missing parameter: id"
+            )
+            return None
         self.opencti.admin_logger.info("Deleting group", {"id": id})
         query = """
             mutation GroupDelete($id: ID!) {

{pycti-6.6.17 → pycti-6.7.0}/pycti/entities/opencti_identity.py RENAMED Viewed

@@ -51,11 +51,15 @@ class Identity:
                 }
                 ... on Organization {
                     x_opencti_organization_type
+                    x_opencti_score
                 }
                 ... on Individual {
                     x_opencti_firstname
                     x_opencti_lastname
                 }
+                ... on SecurityPlatform {
+                    security_platform_type
+                }
             }
             objectMarking {
                 id
@@ -110,6 +114,10 @@ class Identity:
             }
             ... on Organization {
                 x_opencti_organization_type
+                x_opencti_score
+            }
+            ... on SecurityPlatform {
+                security_platform_type
             }
         """
         self.properties_with_files = """
@@ -152,11 +160,15 @@ class Identity:
                 }
                 ... on Organization {
                     x_opencti_organization_type
+                    x_opencti_score
                 }
                 ... on Individual {
                     x_opencti_firstname
                     x_opencti_lastname
                 }
+                ... on SecurityPlatform {
+                    security_platform_type
+                }
             }
             objectMarking {
                 id
@@ -224,6 +236,10 @@ class Identity:
             }
             ... on Organization {
                 x_opencti_organization_type
+                x_opencti_score
+            }
+            ... on SecurityPlatform {
+                security_platform_type
             }
             importFiles {
                 edges {
@@ -410,8 +426,10 @@ class Identity:
         contact_information = kwargs.get("contact_information", None)
         roles = kwargs.get("roles", None)
         x_opencti_aliases = kwargs.get("x_opencti_aliases", None)
+        security_platform_type = kwargs.get("security_platform_type", None)
         x_opencti_organization_type = kwargs.get("x_opencti_organization_type", None)
         x_opencti_reliability = kwargs.get("x_opencti_reliability", None)
+        x_opencti_score = kwargs.get("x_opencti_score", None)
         x_opencti_firstname = kwargs.get("x_opencti_firstname", None)
         x_opencti_lastname = kwargs.get("x_opencti_lastname", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
@@ -456,7 +474,26 @@ class Identity:
                     x_opencti_organization_type
                 )
                 input_variables["x_opencti_reliability"] = x_opencti_reliability
+                input_variables["x_opencti_score"] = x_opencti_score
                 result_data_field = "organizationAdd"
+            elif type == IdentityTypes.SECURITYPLATFORM.value:
+                query = """
+                    mutation SecurityPlatformAdd($input: SecurityPlatformAddInput!) {
+                        securityPlatformAdd(input: $input) {
+                            id
+                            standard_id
+                            entity_type
+                            parent_types
+                        }
+                    }
+                """
+                input_variables["security_platform_type"] = security_platform_type
+                # no need for these attributes for security platform
+                del input_variables["contact_information"]
+                del input_variables["lang"]
+                del input_variables["roles"]
+                del input_variables["x_opencti_aliases"]
+                result_data_field = "securityPlatformAdd"
             elif type == IdentityTypes.INDIVIDUAL.value:
                 query = """
                     mutation IndividualAdd($input: IndividualAddInput!) {
@@ -536,6 +573,8 @@ class Identity:
                     type = "Sector"
                 elif stix_object["identity_class"] == "system":
                     type = "System"
+                elif stix_object["identity_class"] == "securityplatform":
+                    type = "SecurityPlatform"
             # Search in extensions
             if "x_opencti_aliases" not in stix_object:
@@ -548,10 +587,20 @@ class Identity:
                         "organization_type", stix_object
                     )
                 )
+            if "security_platform_type" not in stix_object:
+                stix_object["security_platform_type"] = (
+                    self.opencti.get_attribute_in_extension(
+                        "security_platform_type", stix_object
+                    )
+                )
             if "x_opencti_reliability" not in stix_object:
                 stix_object["x_opencti_reliability"] = (
                     self.opencti.get_attribute_in_extension("reliability", stix_object)
                 )
+            if "x_opencti_score" not in stix_object:
+                stix_object["x_opencti_score"] = (
+                    self.opencti.get_attribute_in_extension("score", stix_object)
+                )
             if "x_opencti_organization_type" not in stix_object:
                 stix_object["x_opencti_organization_type"] = (
                     self.opencti.get_attribute_in_extension(
@@ -625,11 +674,21 @@ class Identity:
                     if "x_opencti_organization_type" in stix_object
                     else None
                 ),
+                security_platform_type=(
+                    stix_object["security_platform_type"]
+                    if "security_platform_type" in stix_object
+                    else None
+                ),
                 x_opencti_reliability=(
                     stix_object["x_opencti_reliability"]
                     if "x_opencti_reliability" in stix_object
                     else None
                 ),
+                x_opencti_score=(
+                    stix_object["x_opencti_score"]
+                    if "x_opencti_score" in stix_object
+                    else None
+                ),
                 x_opencti_firstname=(
                     stix_object["x_opencti_firstname"]
                     if "x_opencti_firstname" in stix_object

{pycti-6.6.17 → pycti-6.7.0}/pycti/entities/opencti_indicator.py RENAMED Viewed

@@ -301,6 +301,43 @@ class Indicator:
                 "name or pattern or pattern_type or x_opencti_main_observable_type"
             )
+    """
+        Update an Indicator object field
+        :param id: the Indicator id
+        :param input: the input of the field
+    """
+    def update_field(self, **kwargs):
+        id = kwargs.get("id", None)
+        input = kwargs.get("input", None)
+        if id is not None and input is not None:
+            self.opencti.app_logger.info("Updating Indicator", {"id": id})
+            query = """
+                        mutation IndicatorFieldPatch($id: ID!, $input: [EditInput!]!) {
+                            indicatorFieldPatch(id: $id, input: $input) {
+                                id
+                                standard_id
+                                entity_type
+                            }
+                        }
+                    """
+            result = self.opencti.query(
+                query,
+                {
+                    "id": id,
+                    "input": input,
+                },
+            )
+            return self.opencti.process_multiple_fields(
+                result["data"]["indicatorFieldPatch"]
+            )
+        else:
+            self.opencti.app_logger.error(
+                "[opencti_stix_domain_object] Cant update indicator field, missing parameters: id and input"
+            )
+            return None
     def add_stix_cyber_observable(self, **kwargs):
         """
         Add a Stix-Cyber-Observable object to Indicator object (based-on)

{pycti-6.6.17 → pycti-6.7.0}/pycti/entities/opencti_stix.py RENAMED Viewed

@@ -11,16 +11,17 @@ class Stix:
     def delete(self, **kwargs):
         id = kwargs.get("id", None)
+        force_delete = kwargs.get("force_delete", True)
         if id is not None:
             self.opencti.app_logger.info("Deleting Stix element", {"id": id})
             query = """
-                 mutation StixEdit($id: ID!) {
+                 mutation StixEdit($id: ID!, $forceDelete: Boolean) {
                      stixEdit(id: $id) {
-                         delete
+                         delete(forceDelete: $forceDelete)
                      }
                  }
              """
-            self.opencti.query(query, {"id": id})
+            self.opencti.query(query, {"id": id, "forceDelete": force_delete})
         else:
             self.opencti.app_logger.error("[opencti_stix] Missing parameters: id")
             return None

pycti 6.6.17__tar.gz → 6.7.0__tar.gz

Potentially problematic release.

pycti 6.6.17tar.gz → 6.7.0tar.gz