pycti 6.7.20__py3-none-any.whl → 6.8.1__py3-none-any.whl

pycti/entities/opencti_data_component.py

@@ -7,6 +7,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class DataComponent:
+    """Main DataComponent class for OpenCTI
+
+    Manages MITRE ATT&CK data components in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_data_source.py

@@ -7,6 +7,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class DataSource:
+    """Main DataSource class for OpenCTI
+
+    Manages MITRE ATT&CK data sources in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_event.py

@@ -7,6 +7,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class Event:
+    """Main Event class for OpenCTI
+
+    Manages security events in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """
@@ -226,6 +233,13 @@ class Event:
 
     @staticmethod
     def generate_id(name):
+        """Generate a STIX ID for an Event.
+
+        :param name: The name of the event
+        :type name: str
+        :return: STIX ID for the event
+        :rtype: str
+        """
         name = name.lower().strip()
         data = {"name": name}
         data = canonicalize(data, utf8=False)
@@ -234,19 +248,31 @@ class Event:
 
     @staticmethod
     def generate_id_from_data(data):
+        """Generate a STIX ID from event data.
+
+        :param data: Dictionary containing 'name' key
+        :type data: dict
+        :return: STIX ID for the event
+        :rtype: str
+        """
         return Event.generate_id(data["name"])
 
-    """
-        List Event objects
+    def list(self, **kwargs):
+        """List Event objects.
 
         :param filters: the filters to apply
         :param search: the search keyword
         :param first: return the first n rows from the after ID (or the beginning if not set)
         :param after: ID of the first row for pagination
-        :return List of Event objects
-    """
-
-    def list(self, **kwargs):
+        :param orderBy: field to order results by
+        :param orderMode: ordering mode (asc/desc)
+        :param customAttributes: custom attributes to return
+        :param getAll: whether to retrieve all results
+        :param withPagination: whether to include pagination info
+        :param withFiles: whether to include files
+        :return: List of Event objects
+        :rtype: list
+        """
         filters = kwargs.get("filters", None)
         search = kwargs.get("search", None)
         first = kwargs.get("first", 100)

pycti/entities/opencti_external_reference.py

@@ -9,6 +9,14 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class ExternalReference:
+    """Main ExternalReference class for OpenCTI
+
+    Manages external references and citations in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    :param file: file handling configuration
+    """
+
     def __init__(self, opencti, file):
         self.opencti = opencti
         self.file = file

pycti/entities/opencti_feedback.py

@@ -6,6 +6,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class Feedback:
+    """Main Feedback class for OpenCTI
+
+    Manages feedback and analyst assessments in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_grouping.py

@@ -8,6 +8,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class Grouping:
+    """Main Grouping class for OpenCTI
+
+    Manages STIX grouping objects in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_identity.py

@@ -9,6 +9,13 @@ from pycti.utils.constants import IdentityTypes
 
 
 class Identity:
+    """Main Identity class for OpenCTI
+
+    Manages individual, organization, and system identities in OpenCTI.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """
@@ -258,6 +265,15 @@ class Identity:
 
     @staticmethod
     def generate_id(name, identity_class):
+        """Generate a STIX ID for an Identity.
+
+        :param name: The name of the identity
+        :type name: str
+        :param identity_class: The class of the identity (individual, group, organization, etc.)
+        :type identity_class: str
+        :return: STIX ID for the identity
+        :rtype: str
+        """
         data = {"name": name.lower().strip(), "identity_class": identity_class.lower()}
         data = canonicalize(data, utf8=False)
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
@@ -265,20 +281,32 @@ class Identity:
 
     @staticmethod
     def generate_id_from_data(data):
+        """Generate a STIX ID from identity data.
+
+        :param data: Dictionary containing 'name' and 'identity_class' keys
+        :type data: dict
+        :return: STIX ID for the identity
+        :rtype: str
+        """
         return Identity.generate_id(data["name"], data["identity_class"])
 
-    """
-        List Identity objects
+    def list(self, **kwargs):
+        """List Identity objects.
 
         :param types: the list of types
         :param filters: the filters to apply
         :param search: the search keyword
         :param first: return the first n rows from the after ID (or the beginning if not set)
         :param after: ID of the first row for pagination
-        :return List of Identity objects
-    """
-
-    def list(self, **kwargs):
+        :param orderBy: field to order results by
+        :param orderMode: ordering mode (asc/desc)
+        :param customAttributes: custom attributes to return
+        :param getAll: whether to retrieve all results
+        :param withPagination: whether to include pagination info
+        :param withFiles: whether to include files
+        :return: List of Identity objects
+        :rtype: list
+        """
         types = kwargs.get("types", None)
         filters = kwargs.get("filters", None)
         search = kwargs.get("search", None)

pycti/entities/opencti_incident.py

@@ -8,6 +8,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class Incident:
+    """Main Incident class for OpenCTI
+
+    Manages security incidents in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_indicator.py

@@ -24,6 +24,13 @@ class Indicator:
 
     @staticmethod
     def generate_id(pattern):
+        """Generate a STIX ID for an Indicator.
+
+        :param pattern: The STIX pattern
+        :type pattern: str
+        :return: STIX ID for the indicator
+        :rtype: str
+        """
         data = {"pattern": pattern.strip()}
         data = canonicalize(data, utf8=False)
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
@@ -31,6 +38,13 @@ class Indicator:
 
     @staticmethod
     def generate_id_from_data(data):
+        """Generate a STIX ID from indicator data.
+
+        :param data: Dictionary containing 'pattern' key
+        :type data: dict
+        :return: STIX ID for the indicator
+        :rtype: str
+        """
         return Indicator.generate_id(data["pattern"])
 
     def list(self, **kwargs):
@@ -301,14 +315,14 @@ class Indicator:
                 "name or pattern or pattern_type or x_opencti_main_observable_type"
             )
 
-    """
-        Update an Indicator object field
+    def update_field(self, **kwargs):
+        """Update an Indicator object field.
 
         :param id: the Indicator id
         :param input: the input of the field
-    """
-
-    def update_field(self, **kwargs):
+        :return: Updated indicator object
+        :rtype: dict or None
+        """
         id = kwargs.get("id", None)
         input = kwargs.get("input", None)
         if id is not None and input is not None:

pycti/entities/opencti_intrusion_set.py

@@ -7,6 +7,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class IntrusionSet:
+    """Main IntrusionSet class for OpenCTI
+
+    Manages intrusion sets (APT groups) in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """
@@ -232,6 +239,13 @@ class IntrusionSet:
 
     @staticmethod
     def generate_id(name):
+        """Generate a STIX ID for an Intrusion Set.
+
+        :param name: The name of the intrusion set
+        :type name: str
+        :return: STIX ID for the intrusion set
+        :rtype: str
+        """
         name = name.lower().strip()
         data = {"name": name}
         data = canonicalize(data, utf8=False)
@@ -240,19 +254,31 @@ class IntrusionSet:
 
     @staticmethod
     def generate_id_from_data(data):
+        """Generate a STIX ID from intrusion set data.
+
+        :param data: Dictionary containing 'name' key
+        :type data: dict
+        :return: STIX ID for the intrusion set
+        :rtype: str
+        """
         return IntrusionSet.generate_id(data["name"])
 
-    """
-        List Intrusion-Set objects
+    def list(self, **kwargs):
+        """List Intrusion Set objects.
 
         :param filters: the filters to apply
         :param search: the search keyword
         :param first: return the first n rows from the after ID (or the beginning if not set)
         :param after: ID of the first row for pagination
-        :return List of Intrusion-Set objects
-    """
-
-    def list(self, **kwargs):
+        :param orderBy: field to order results by
+        :param orderMode: ordering mode (asc/desc)
+        :param customAttributes: custom attributes to return
+        :param getAll: whether to retrieve all results
+        :param withPagination: whether to include pagination info
+        :param withFiles: whether to include files
+        :return: List of Intrusion Set objects
+        :rtype: list
+        """
         filters = kwargs.get("filters", None)
         search = kwargs.get("search", None)
         first = kwargs.get("first", 500)
@@ -328,15 +354,16 @@ class IntrusionSet:
                 result["data"]["intrusionSets"], with_pagination
             )
 
-    """
-        Read a Intrusion-Set object
+    def read(self, **kwargs):
+        """Read an Intrusion Set object.
 
-        :param id: the id of the Intrusion-Set
+        :param id: the id of the Intrusion Set
         :param filters: the filters to apply if no id provided
-        :return Intrusion-Set object
-    """
-
-    def read(self, **kwargs):
+        :param customAttributes: custom attributes to return
+        :param withFiles: whether to include files
+        :return: Intrusion Set object
+        :rtype: dict or None
+        """
         id = kwargs.get("id", None)
         filters = kwargs.get("filters", None)
         custom_attributes = kwargs.get("customAttributes", None)
@@ -372,14 +399,26 @@ class IntrusionSet:
             )
             return None
 
-    """
-        Create a Intrusion-Set object
+    def create(self, **kwargs):
+        """Create an Intrusion Set object.
 
         :param name: the name of the Intrusion Set
-        :return Intrusion-Set object
-    """
-
-    def create(self, **kwargs):
+        :param description: description of the intrusion set
+        :param aliases: list of aliases
+        :param first_seen: first seen date
+        :param last_seen: last seen date
+        :param goals: goals of the intrusion set
+        :param resource_level: resource level
+        :param primary_motivation: primary motivation
+        :param secondary_motivations: secondary motivations
+        :param createdBy: creator identity
+        :param objectMarking: marking definitions
+        :param objectLabel: labels
+        :param externalReferences: external references
+        :param update: whether to update existing intrusion set
+        :return: Intrusion Set object
+        :rtype: dict or None
+        """
         stix_id = kwargs.get("stix_id", None)
         created_by = kwargs.get("createdBy", None)
         object_marking = kwargs.get("objectMarking", None)

pycti/entities/opencti_kill_chain_phase.py

@@ -6,6 +6,13 @@ from pycti.utils.opencti_stix2_identifier import kill_chain_phase_generate_id
 
 
 class KillChainPhase:
+    """Main KillChainPhase class for OpenCTI
+
+    Manages kill chain phases (ATT&CK tactics) in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_label.py

@@ -7,6 +7,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class Label:
+    """Main Label class for OpenCTI
+
+    Manages labels and tags in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_language.py

@@ -7,6 +7,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class Language:
+    """Main Language class for OpenCTI
+
+    Manages language entities in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_location.py

@@ -7,6 +7,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class Location:
+    """Main Location class for OpenCTI
+
+    Manages geographic locations (countries, cities, regions) in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_malware.py

@@ -7,6 +7,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class Malware:
+    """Main Malware class for OpenCTI
+
+    Manages malware families and variants in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """
@@ -260,6 +267,13 @@ class Malware:
 
     @staticmethod
     def generate_id(name):
+        """Generate a STIX ID for a Malware.
+
+        :param name: The name of the malware
+        :type name: str
+        :return: STIX ID for the malware
+        :rtype: str
+        """
         name = name.lower().strip()
         data = {"name": name}
         data = canonicalize(data, utf8=False)
@@ -268,19 +282,31 @@ class Malware:
 
     @staticmethod
     def generate_id_from_data(data):
+        """Generate a STIX ID from malware data.
+
+        :param data: Dictionary containing 'name' key
+        :type data: dict
+        :return: STIX ID for the malware
+        :rtype: str
+        """
         return Malware.generate_id(data["name"])
 
-    """
-        List Malware objects
+    def list(self, **kwargs):
+        """List Malware objects.
 
         :param filters: the filters to apply
         :param search: the search keyword
         :param first: return the first n rows from the after ID (or the beginning if not set)
         :param after: ID of the first row for pagination
-        :return List of Malware objects
-    """
-
-    def list(self, **kwargs):
+        :param orderBy: field to order results by
+        :param orderMode: ordering mode (asc/desc)
+        :param customAttributes: custom attributes to return
+        :param getAll: whether to retrieve all results
+        :param withPagination: whether to include pagination info
+        :param withFiles: whether to include files
+        :return: List of Malware objects
+        :rtype: list
+        """
         filters = kwargs.get("filters", None)
         search = kwargs.get("search", None)
         first = kwargs.get("first", 500)
@@ -359,15 +385,16 @@ class Malware:
                 result["data"]["malwares"], with_pagination
             )
 
-    """
-        Read a Malware object
+    def read(self, **kwargs):
+        """Read a Malware object.
 
         :param id: the id of the Malware
         :param filters: the filters to apply if no id provided
-        :return Malware object
-    """
-
-    def read(self, **kwargs):
+        :param customAttributes: custom attributes to return
+        :param withFiles: whether to include files
+        :return: Malware object
+        :rtype: dict or None
+        """
         id = kwargs.get("id", None)
         filters = kwargs.get("filters", None)
         custom_attributes = kwargs.get("customAttributes", None)
@@ -403,14 +430,29 @@ class Malware:
             )
             return None
 
-    """
-        Create a Malware object
+    def create(self, **kwargs):
+        """Create a Malware object.
 
         :param name: the name of the Malware
-        :return Malware object
-    """
-
-    def create(self, **kwargs):
+        :param description: description of the malware
+        :param aliases: list of aliases
+        :param malware_types: types of malware
+        :param is_family: whether this is a malware family
+        :param first_seen: first seen date
+        :param last_seen: last seen date
+        :param architecture_execution_envs: execution environments
+        :param implementation_languages: implementation languages
+        :param capabilities: malware capabilities
+        :param killChainPhases: kill chain phases
+        :param samples: malware samples
+        :param createdBy: creator identity
+        :param objectMarking: marking definitions
+        :param objectLabel: labels
+        :param externalReferences: external references
+        :param update: whether to update existing malware
+        :return: Malware object
+        :rtype: dict or None
+        """
         stix_id = kwargs.get("stix_id", None)
         created_by = kwargs.get("createdBy", None)
         object_marking = kwargs.get("objectMarking", None)

pycti/entities/opencti_malware_analysis.py

@@ -7,6 +7,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class MalwareAnalysis:
+    """Main MalwareAnalysis class for OpenCTI
+
+    Manages malware analysis reports and results in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_marking_definition.py

@@ -7,6 +7,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class MarkingDefinition:
+    """Main MarkingDefinition class for OpenCTI
+
+    Manages marking definitions (TLP, statements) in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_narrative.py

@@ -7,6 +7,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class Narrative:
+    """Main Narrative class for OpenCTI
+
+    Manages narratives and disinformation campaigns in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_note.py

@@ -8,6 +8,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class Note:
+    """Main Note class for OpenCTI
+
+    Manages notes and annotations in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_observed_data.py

@@ -7,6 +7,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class ObservedData:
+    """Main ObservedData class for OpenCTI
+
+    Manages observed data and raw intelligence in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """

pycti/entities/opencti_opinion.py

@@ -7,6 +7,13 @@ from stix2.canonicalization.Canonicalize import canonicalize
 
 
 class Opinion:
+    """Main Opinion class for OpenCTI
+
+    Manages analyst opinions and assessments in the OpenCTI platform.
+
+    :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient`
+    """
+
     def __init__(self, opencti):
         self.opencti = opencti
         self.properties = """