pycti 6.8.6__py3-none-any.whl → 6.8.8__py3-none-any.whl

pycti/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.8.6"
+__version__ = "6.8.8"
 
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector

pycti/api/opencti_api_connector.py

@@ -79,6 +79,7 @@ class OpenCTIApiConnector:
                         push
                         push_exchange
                         push_routing
+                        dead_letter_routing
                     }
                 }
             }

pycti/api/opencti_api_work.py

@@ -204,6 +204,15 @@ class OpenCTIApiWork:
         result = self.api.query(query, {"id": work_id}, True)
         return result["data"]["work"]
 
+    def get_is_work_alive(self, work_id: str) -> Dict:
+        query = """
+        query WorkAliveQuery($id: ID!) {
+            isWorkAlive(id: $id)
+        }
+        """
+        result = self.api.query(query, {"id": work_id}, True)
+        return result["data"]["isWorkAlive"]
+
     def get_connector_works(self, connector_id: str) -> List[Dict]:
         query = """
         query ConnectorWorksQuery(

pycti/entities/opencti_case_incident.py

@@ -707,6 +707,7 @@ class CaseIncident:
         modified = kwargs.get("modified", None)
         name = kwargs.get("name", None)
         description = kwargs.get("description", None)
+        content = kwargs.get("content", None)
         severity = kwargs.get("severity", None)
         priority = kwargs.get("priority", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
@@ -749,6 +750,7 @@ class CaseIncident:
                         "modified": modified,
                         "name": name,
                         "description": description,
+                        "content": content,
                         "severity": severity,
                         "priority": priority,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
@@ -884,6 +886,12 @@ class CaseIncident:
                 stix_object["x_opencti_workflow_id"] = (
                     self.opencti.get_attribute_in_extension("workflow_id", stix_object)
                 )
+            if "x_opencti_content" not in stix_object or "content" not in stix_object:
+                stix_object["content"] = self.opencti.get_attribute_in_extension(
+                    "content", stix_object
+                )
+            if "x_opencti_content" in stix_object:
+                stix_object["content"] = stix_object["x_opencti_content"]
             if "x_opencti_assignee_ids" not in stix_object:
                 stix_object["x_opencti_assignee_ids"] = (
                     self.opencti.get_attribute_in_extension("assignee_ids", stix_object)
@@ -926,6 +934,11 @@ class CaseIncident:
                     if "description" in stix_object
                     else None
                 ),
+                content=(
+                    self.opencti.stix2.convert_markdown(stix_object["content"])
+                    if "content" in stix_object
+                    else None
+                ),
                 severity=stix_object["severity"] if "severity" in stix_object else None,
                 priority=stix_object["priority"] if "priority" in stix_object else None,
                 response_types=(

pycti/utils/opencti_stix2.py

@@ -8,7 +8,7 @@ import random
 import time
 import traceback
 import uuid
-from typing import Any, Dict, List, Optional, Union
+from typing import Any, Dict, List, Optional, Tuple, Union
 
 import datefinder
 import dateutil.parser
@@ -32,6 +32,7 @@ from pycti.utils.opencti_stix2_utils import (
     STIX_CORE_OBJECTS,
     STIX_CYBER_OBSERVABLE_MAPPING,
     STIX_META_OBJECTS,
+    OpenCTIStix2Utils,
 )
 
 datefinder.ValueError = ValueError, OverflowError
@@ -196,7 +197,7 @@ class OpenCTIStix2:
         file_path: str,
         update: bool = False,
         types: List = None,
-    ) -> Optional[List]:
+    ) -> Optional[Tuple[list, list]]:
         """import a stix2 bundle from a file
 
         :param file_path: valid path to the file
@@ -221,7 +222,8 @@ class OpenCTIStix2:
         update: bool = False,
         types: List = None,
         work_id: str = None,
-    ) -> List:
+        objects_max_refs: int = 0,
+    ) -> Tuple[list, list]:
         """import a stix2 bundle from JSON data
 
         :param json_data: JSON data
@@ -231,11 +233,13 @@ class OpenCTIStix2:
         :param types: list of stix2 types, defaults to None
         :type types: list, optional
         :param work_id work_id: str, optional
-        :return: list of imported stix2 objects
-        :rtype: List
+        :param objects_max_refs: max deps amount of objects, reject object import if larger than configured amount
+        :type objects_max_refs: int, optional
+        :return: list of imported stix2 objects and a list of stix2 objects with too many deps
+        :rtype: Tuple[List,List]
         """
         data = json.loads(json_data)
-        return self.import_bundle(data, update, types, work_id)
+        return self.import_bundle(data, update, types, work_id, objects_max_refs)
 
     def resolve_author(self, title: str) -> Optional[Identity]:
         if "fireeye" in title.lower() or "mandiant" in title.lower():
@@ -3060,7 +3064,8 @@ class OpenCTIStix2:
         update: bool = False,
         types: List = None,
         work_id: str = None,
-    ) -> List:
+        objects_max_refs: int = 0,
+    ) -> Tuple[list, list]:
         # Check if the bundle is correctly formatted
         if "type" not in stix_bundle or stix_bundle["type"] != "bundle":
             raise ValueError("JSON data type is not a STIX2 bundle")
@@ -3094,12 +3099,27 @@ class OpenCTIStix2:
 
         # Import every element in a specific order
         imported_elements = []
+        too_large_elements_bundles = []
         for bundle in bundles:
             for item in bundle["objects"]:
-                self.import_item(item, update, types, 0, work_id)
-                imported_elements.append({"id": item["id"], "type": item["type"]})
+                # If item is considered too large, meaning that it has a number of refs higher than inputted objects_max_refs, do not import it
+                nb_refs = OpenCTIStix2Utils.compute_object_refs_number(item)
+                if 0 < objects_max_refs <= nb_refs:
+                    self.opencti.work.report_expectation(
+                        work_id,
+                        {
+                            "error": "Too large element in bundle",
+                            "source": "Element "
+                            + item["id"]
+                            + " is too large and couldn't be processed",
+                        },
+                    )
+                    too_large_elements_bundles.append(item)
+                else:
+                    self.import_item(item, update, types, 0, work_id)
+                    imported_elements.append({"id": item["id"], "type": item["type"]})
 
-        return imported_elements
+        return imported_elements, too_large_elements_bundles
 
     @staticmethod
     def put_attribute_in_extension(

pycti/utils/opencti_stix2_splitter.py

@@ -196,6 +196,7 @@ class OpenCTIStix2Splitter:
                 )
             else:
                 is_compatible = is_id_supported(item_id)
+
             if is_compatible:
                 self.elements.append(item)
             else:
@@ -262,7 +263,11 @@ class OpenCTIStix2Splitter:
                 )
             )
 
-        return number_expectations, self.incompatible_items, bundles
+        return (
+            number_expectations,
+            self.incompatible_items,
+            bundles,
+        )
 
     @deprecated("Use split_bundle_with_expectations instead")
     def split_bundle(self, bundle, use_json=True, event_version=None) -> list:

pycti/utils/opencti_stix2_utils.py

@@ -233,3 +233,17 @@ class OpenCTIStix2Utils:
                 if hasattr(attribute, method):
                     return attribute
         return None
+
+    @staticmethod
+    def compute_object_refs_number(entity: Dict):
+        refs_number = 0
+        for key in list(entity.keys()):
+            if key.endswith("_refs") and entity[key] is not None:
+                refs_number += len(entity[key])
+            elif key.endswith("_ref"):
+                refs_number += 1
+            elif key == "external_references" and entity[key] is not None:
+                refs_number += len(entity[key])
+            elif key == "kill_chain_phases" and entity[key] is not None:
+                refs_number += len(entity[key])
+        return refs_number

{pycti-6.8.6.dist-info → pycti-6.8.8.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pycti
-Version: 6.8.6
+Version: 6.8.8
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran

{pycti-6.8.6.dist-info → pycti-6.8.8.dist-info}/RECORD

@@ -1,7 +1,7 @@
-pycti/__init__.py,sha256=RmMRMV_0c9FhoOOlFN7CRNHh2wKSMdbI0N02SyXsQ7U,5676
+pycti/__init__.py,sha256=5LvHzMfpp2PQ9_yBONK0Dcej_TnePHuDpK_uwzwt4S4,5676
 pycti/api/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/api/opencti_api_client.py,sha256=lbygp2fOsmTKIrM-8Y7GxFzCZzdFStC0dhxyKYs0Wzo,35368
-pycti/api/opencti_api_connector.py,sha256=8xwHuLINP3ZCImzE9_K_iCR9QEA3K6aHpK4bJhcZf20,5582
+pycti/api/opencti_api_connector.py,sha256=MbOHtU9uQy6v_cI7bph9gZYGnpTaJlyTFnvP1bConuk,5626
 pycti/api/opencti_api_draft.py,sha256=ZFrva6p7VZA7rCtIpyfyA-KTWvcTaWvpy51_Edi9rG4,428
 pycti/api/opencti_api_internal_file.py,sha256=v_IFGZC3tngrZiaf9K64lnJbQgczgjym2NUECmdV_jk,802
 pycti/api/opencti_api_notification.py,sha256=uTBSjym2RfSYHTnfBIVmWj5kATrzQ2lRQ178Jy5bsu0,1375
@@ -9,7 +9,7 @@ pycti/api/opencti_api_pir.py,sha256=3yDfUNVe9G_G9OrCcL3pBTE31kcstKXhXCiSrGhpUYY,
 pycti/api/opencti_api_playbook.py,sha256=yKg54sRaE4gtmQURQ_7jFjcyQJqchWsn-Uepe6MZUfs,2183
 pycti/api/opencti_api_public_dashboard.py,sha256=aa4trEuaf7WstmiS4WAHoe1qmYmaFWmbO0N4N_iXPGM,711
 pycti/api/opencti_api_trash.py,sha256=r_zi57n5TfLw9LYs2UFg33Nvyy3Huc6CjpK2mRQsmao,1065
-pycti/api/opencti_api_work.py,sha256=uV1mbPz3zmNZjoNHVmX6SyWPQKEHkpSDXkb_a2NIOA4,8982
+pycti/api/opencti_api_work.py,sha256=IucltT8DcZtJV3NO4RbVi6tnGtjbyxD78_FIHAPYmK0,9261
 pycti/api/opencti_api_workspace.py,sha256=ycqOTEXeUHF2k8H4jhoYDd1W6ijFcNUjYf4eSdLpH0k,611
 pycti/connector/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/connector/opencti_connector.py,sha256=8lCZFvcA9-S1x6vFl756hgWAlzKfrnq-C4AIdDJr-Kg,2715
@@ -19,7 +19,7 @@ pycti/entities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/entities/opencti_attack_pattern.py,sha256=Mf5ltnxG5XIgMdaplhSBFhuMBwsjGFZvkfhTX7jpTOw,23580
 pycti/entities/opencti_campaign.py,sha256=MhkzqwMsu1w9VnOUHq4dQVViLh6KeAAI3YmLOAqJYhg,18969
 pycti/entities/opencti_capability.py,sha256=mAR3AT__w6ULuAgc4T_QYxDwW9Jz8bsXQ8SDKF2BCL4,1515
-pycti/entities/opencti_case_incident.py,sha256=GESR5355ED9jE83uDNVTKsWJF2ClU9L53mMX_--3Nd0,34937
+pycti/entities/opencti_case_incident.py,sha256=vM-MEdgPMOb-DRRSuf9buV71qr87gXSfiKxf5eemZrw,35585
 pycti/entities/opencti_case_rfi.py,sha256=0pcujjHV5xbysASPXDceQVkuRS77Gl97HI6ron7XhkU,35251
 pycti/entities/opencti_case_rft.py,sha256=eai_CkcEEl2NquhfJOhGoyUii92CITkQR8YfkDP6fgY,36171
 pycti/entities/opencti_channel.py,sha256=zBb9YzpNCWrC1lx8b3q8X9Xif7ijlJXqwxoXge_Z-14,16891
@@ -74,13 +74,13 @@ pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py
 pycti/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/utils/constants.py,sha256=VRYRvDm6hkTR0ZcHHWMzQBwqlPRskYnusBpgoX0S05A,12854
 pycti/utils/opencti_logger.py,sha256=MApWthWJrSeBI0rumnhLhBtanjrtmfP6PJqOiQjcCOY,4091
-pycti/utils/opencti_stix2.py,sha256=nBBZ4kN1tds6rkd-z4LUuUsaLMIBzWt4WYaipbm_PVs,135837
+pycti/utils/opencti_stix2.py,sha256=Pu7bGrlRVeYcp1Qtta6D6NHhxH5klJKALZKFrjps4hM,137042
 pycti/utils/opencti_stix2_identifier.py,sha256=k8L1z4q1xdCBfxqUba4YS_kT-MmbJFxYh0RvfGOmrOs,837
-pycti/utils/opencti_stix2_splitter.py,sha256=wOOgPM5FYYbCEhFAg9om54AzyNRwK_RzocsJJ6kViqY,11489
+pycti/utils/opencti_stix2_splitter.py,sha256=nMGbFPtGz2Vaeb6asWyPiOntHFNjREzJnbLEJHDV_T0,11539
 pycti/utils/opencti_stix2_update.py,sha256=CnMyqkeVA0jgyxEcgqna8sABU4YPMjkEJ228GVurIn4,14658
-pycti/utils/opencti_stix2_utils.py,sha256=10CF7ip1XEURyd6EUMDpBHPQvmi5uGUxh1QDOw6LKJk,6955
-pycti-6.8.6.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-pycti-6.8.6.dist-info/METADATA,sha256=fjVMkY90N5znQZiqNXTuorkUiNwdfVzCh427EO5IzkQ,5808
-pycti-6.8.6.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-pycti-6.8.6.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
-pycti-6.8.6.dist-info/RECORD,,
+pycti/utils/opencti_stix2_utils.py,sha256=fV-BHI55UF8tF6Ar9WHCqWy1mFPBZOph9bPlqHyA6W0,7545
+pycti-6.8.8.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+pycti-6.8.8.dist-info/METADATA,sha256=gCpB8nxmgWc0e35p6rySTph_lBvk2MCyFogQko1bMaM,5808
+pycti-6.8.8.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+pycti-6.8.8.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
+pycti-6.8.8.dist-info/RECORD,,