pycti 6.8.8__py3-none-any.whl → 6.8.9__py3-none-any.whl

pycti/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.8.8"
+__version__ = "6.8.9"
 
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector

pycti/api/opencti_api_client.py

@@ -52,6 +52,7 @@ from pycti.entities.opencti_observed_data import ObservedData
 from pycti.entities.opencti_opinion import Opinion
 from pycti.entities.opencti_report import Report
 from pycti.entities.opencti_role import Role
+from pycti.entities.opencti_security_coverage import SecurityCoverage
 from pycti.entities.opencti_settings import Settings
 from pycti.entities.opencti_stix import Stix
 from pycti.entities.opencti_stix_core_object import StixCoreObject
@@ -223,6 +224,7 @@ class OpenCTIApiClient:
         self.narrative = Narrative(self)
         self.language = Language(self)
         self.vulnerability = Vulnerability(self)
+        self.security_coverage = SecurityCoverage(self)
         self.attack_pattern = AttackPattern(self)
         self.course_of_action = CourseOfAction(self)
         self.data_component = DataComponent(self)

pycti/api/opencti_api_connector.py

@@ -64,6 +64,7 @@ class OpenCTIApiConnector:
                     connector_user {
                       api_token
                     }
+                    connector_priority_group
                     config {
                         connection {
                             host

pycti/connector/opencti_connector.py

@@ -43,6 +43,8 @@ class OpenCTIConnector:
         auto: bool,
         only_contextual: bool,
         playbook_compatible: bool,
+        auto_update: bool,
+        enrichment_resolution: str,
         listen_callback_uri=None,
     ):
         self.id = connector_id
@@ -55,6 +57,8 @@ class OpenCTIConnector:
         else:
             self.scope = []
         self.auto = auto
+        self.auto_update = auto_update
+        self.enrichment_resolution = enrichment_resolution
         self.only_contextual = only_contextual
         self.playbook_compatible = playbook_compatible
         self.listen_callback_uri = listen_callback_uri
@@ -72,6 +76,8 @@ class OpenCTIConnector:
                 "type": self.type.name,
                 "scope": self.scope,
                 "auto": self.auto,
+                "auto_update": self.auto_update,
+                "enrichment_resolution": self.enrichment_resolution,
                 "only_contextual": self.only_contextual,
                 "playbook_compatible": self.playbook_compatible,
                 "listen_callback_uri": self.listen_callback_uri,

pycti/connector/opencti_connector_helper.py

@@ -365,6 +365,16 @@ class ListenQueue(threading.Thread):
             event_data = json_data["event"]
             entity_id = event_data.get("entity_id")
             entity_type = event_data.get("entity_type")
+            stix_entity = (
+                json.loads(event_data.get("stix_entity"))
+                if event_data.get("stix_entity")
+                else None
+            )
+            stix_objects = (
+                json.loads(event_data.get("stix_objects"))
+                if event_data.get("stix_objects")
+                else None
+            )
             validation_mode = event_data.get("validation_mode", "workbench")
             force_validation = event_data.get("force_validation", False)
             # Set the API headers
@@ -430,17 +440,18 @@ class ListenQueue(threading.Thread):
                 else:
                     # If not playbook but enrichment, compute object on enrichment_entity
                     opencti_entity = event_data["enrichment_entity"]
-                    stix_objects = self.helper.api.stix2.prepare_export(
-                        entity=self.helper.api.stix2.generate_export(
-                            copy.copy(opencti_entity)
+                    if stix_objects is None:
+                        stix_objects = self.helper.api.stix2.prepare_export(
+                            entity=self.helper.api.stix2.generate_export(
+                                copy.copy(opencti_entity)
+                            )
                         )
-                    )
-                    stix_entity = [
-                        e
-                        for e in stix_objects
-                        if e["id"] == opencti_entity["standard_id"]
-                        or e["id"] == "x-opencti-" + opencti_entity["standard_id"]
-                    ][0]
+                        stix_entity = [
+                            e
+                            for e in stix_objects
+                            if e["id"] == opencti_entity["standard_id"]
+                            or e["id"] == "x-opencti-" + opencti_entity["standard_id"]
+                        ][0]
                     event_data["stix_objects"] = stix_objects
                     event_data["stix_entity"] = stix_entity
                 # Handle organization propagation
@@ -1116,6 +1127,15 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         self.connect_auto = get_config_variable(
             "CONNECTOR_AUTO", ["connector", "auto"], config, default=False
         )
+        self.connect_auto_update = get_config_variable(
+            "CONNECTOR_AUTO_UPDATE", ["connector", "auto_update"], config, default=False
+        )
+        self.connect_enrichment_resolution = get_config_variable(
+            "CONNECTOR_ENRICHMENT_RESOLUTION",
+            ["connector", "enrichment_resolution"],
+            config,
+            default="none",
+        )
         self.bundle_send_to_queue = get_config_variable(
             "CONNECTOR_SEND_TO_QUEUE",
             ["connector", "send_to_queue"],
@@ -1231,14 +1251,16 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         )
         # Register the connector in OpenCTI
         self.connector = OpenCTIConnector(
-            self.connect_id,
-            self.connect_name,
-            self.connect_type,
-            self.connect_scope,
-            self.connect_auto,
-            self.connect_only_contextual,
-            playbook_compatible,
-            (
+            connector_id=self.connect_id,
+            connector_name=self.connect_name,
+            connector_type=self.connect_type,
+            scope=self.connect_scope,
+            auto=self.connect_auto,
+            only_contextual=self.connect_only_contextual,
+            playbook_compatible=playbook_compatible,
+            auto_update=self.connect_auto_update,
+            enrichment_resolution=self.connect_enrichment_resolution,
+            listen_callback_uri=(
                 self.listen_protocol_api_uri + self.listen_protocol_api_path
                 if self.listen_protocol == "API"
                 else None

pycti/entities/opencti_security_coverage.py

@@ -0,0 +1,336 @@
+# coding: utf-8
+
+import json
+import uuid
+
+from stix2.canonicalization.Canonicalize import canonicalize
+
+
+class SecurityCoverage:
+    def __init__(self, opencti):
+        self.opencti = opencti
+        self.properties = """
+            id
+            standard_id
+            entity_type
+            parent_types
+            spec_version
+            created_at
+            updated_at
+            external_uri
+            objectCovered {
+                __typename
+                ... on StixCoreObject {
+                  id
+                }
+            }
+            objectMarking {
+                id
+                standard_id
+                entity_type
+                definition_type
+                definition
+                created
+                modified
+                x_opencti_order
+                x_opencti_color
+            }
+        """
+
+    @staticmethod
+    def generate_id(covered_ref):
+        data = {"covered_ref": covered_ref.lower().strip()}
+        data = canonicalize(data, utf8=False)
+        id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
+        return "security-coverage--" + id
+
+    @staticmethod
+    def generate_id_from_data(data):
+        return SecurityCoverage.generate_id(data["covered_ref"])
+
+    """
+        List securityCoverage objects
+
+        :param filters: the filters to apply
+        :param search: the search keyword
+        :param first: return the first n rows from the after ID (or the beginning if not set)
+        :param after: ID of the first row for pagination
+        :return List of SecurityCoverage objects
+    """
+
+    def list(self, **kwargs):
+        filters = kwargs.get("filters", None)
+        search = kwargs.get("search", None)
+        first = kwargs.get("first", 100)
+        after = kwargs.get("after", None)
+        order_by = kwargs.get("orderBy", None)
+        order_mode = kwargs.get("orderMode", None)
+        custom_attributes = kwargs.get("customAttributes", None)
+        get_all = kwargs.get("getAll", False)
+        with_pagination = kwargs.get("withPagination", False)
+
+        self.opencti.app_logger.info(
+            "Listing SecurityCoverage with filters", {"filters": json.dumps(filters)}
+        )
+        query = (
+            """
+                query SecurityCoverage($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: SecurityCoverageOrdering, $orderMode: OrderingMode) {
+                    securityCoverages(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
+                        edges {
+                            node {
+                                """
+            + (custom_attributes if custom_attributes is not None else self.properties)
+            + """
+                        }
+                    }
+                    pageInfo {
+                        startCursor
+                        endCursor
+                        hasNextPage
+                        hasPreviousPage
+                        globalCount
+                    }
+                }
+            }
+        """
+        )
+        result = self.opencti.query(
+            query,
+            {
+                "filters": filters,
+                "search": search,
+                "first": first,
+                "after": after,
+                "orderBy": order_by,
+                "orderMode": order_mode,
+            },
+        )
+
+        if get_all:
+            final_data = []
+            data = self.opencti.process_multiple(result["data"]["securityCoverages"])
+            final_data = final_data + data
+            while result["data"]["securityCoverages"]["pageInfo"]["hasNextPage"]:
+                after = result["data"]["securityCoverages"]["pageInfo"]["endCursor"]
+                self.opencti.app_logger.info(
+                    "Listing SecurityCoverage", {"after": after}
+                )
+                result = self.opencti.query(
+                    query,
+                    {
+                        "filters": filters,
+                        "search": search,
+                        "first": first,
+                        "after": after,
+                        "orderBy": order_by,
+                        "orderMode": order_mode,
+                    },
+                )
+                data = self.opencti.process_multiple(
+                    result["data"]["securityCoverages"]
+                )
+                final_data = final_data + data
+            return final_data
+        else:
+            return self.opencti.process_multiple(
+                result["data"]["securityCoverages"], with_pagination
+            )
+
+    """
+        Read a SecurityCoverage object
+
+        :param id: the id of the SecurityCoverage
+        :param filters: the filters to apply if no id provided
+        :return SecurityCoverage object
+    """
+
+    def read(self, **kwargs):
+        id = kwargs.get("id", None)
+        filters = kwargs.get("filters", None)
+        custom_attributes = kwargs.get("customAttributes", None)
+        if id is not None:
+            self.opencti.app_logger.info("Reading SecurityCoverage", {"id": id})
+            query = (
+                """
+                    query SecurityCoverage($id: String!) {
+                        securityCoverage(id: $id) {
+                            """
+                + (
+                    custom_attributes
+                    if custom_attributes is not None
+                    else self.properties
+                )
+                + """
+                    }
+                }
+             """
+            )
+            result = self.opencti.query(query, {"id": id})
+            return self.opencti.process_multiple_fields(
+                result["data"]["securityCoverage"]
+            )
+        elif filters is not None:
+            result = self.list(filters=filters)
+            if len(result) > 0:
+                return result[0]
+            else:
+                return None
+        else:
+            self.opencti.app_logger.error(
+                "[opencti_security_coverage] Missing parameters: id or filters"
+            )
+            return None
+
+    """
+        Create a Security coverage object
+
+        :return Security Coverage object
+    """
+
+    def create(self, **kwargs):
+        stix_id = kwargs.get("stix_id", None)
+        name = kwargs.get("name", None)
+        description = kwargs.get("description", None)
+        created_by = kwargs.get("createdBy", None)
+        object_marking = kwargs.get("objectMarking", None)
+        object_label = kwargs.get("objectLabel", None)
+        object_covered = kwargs.get("objectCovered", None)
+        external_references = kwargs.get("externalReferences", None)
+        external_uri = kwargs.get("external_uri", None)
+        coverage_last_result = kwargs.get("coverage_last_result", None)
+        coverage_valid_from = kwargs.get("coverage_valid_from", None)
+        coverage_valid_to = kwargs.get("coverage_valid_to", None)
+        coverage_information = kwargs.get("coverage_information", None)
+        auto_enrichment_disable = kwargs.get("auto_enrichment_disable", None)
+
+        if name is not None and object_covered is not None:
+            self.opencti.app_logger.info("Creating Security Coverage", {"name": name})
+            query = """
+                mutation SecurityCoverageAdd($input: SecurityCoverageAddInput!) {
+                    securityCoverageAdd(input: $input) {
+                        id
+                        standard_id
+                        entity_type
+                        parent_types
+                    }
+                }
+            """
+            result = self.opencti.query(
+                query,
+                {
+                    "input": {
+                        "stix_id": stix_id,
+                        "name": name,
+                        "description": description,
+                        "createdBy": created_by,
+                        "objectMarking": object_marking,
+                        "objectLabel": object_label,
+                        "objectCovered": object_covered,
+                        "external_uri": external_uri,
+                        "externalReferences": external_references,
+                        "coverage_last_result": coverage_last_result,
+                        "coverage_valid_from": coverage_valid_from,
+                        "coverage_valid_to": coverage_valid_to,
+                        "coverage_information": coverage_information,
+                        "auto_enrichment_disable": auto_enrichment_disable,
+                    }
+                },
+            )
+            return self.opencti.process_multiple_fields(
+                result["data"]["securityCoverageAdd"]
+            )
+        else:
+            self.opencti.app_logger.error(
+                "[opencti_security_coverage] "
+                "Missing parameters: name or object_covered"
+            )
+
+    """
+        Import a Security coverage from a STIX2 object
+
+        :param stixObject: the Stix-Object Security coverage
+        :return Security coverage object
+    """
+
+    def import_from_stix2(self, **kwargs):
+        stix_object = kwargs.get("stixObject", None)
+        extras = kwargs.get("extras", {})
+        if stix_object is not None:
+            # Search in extensions
+            if "x_opencti_stix_ids" not in stix_object:
+                stix_object["x_opencti_stix_ids"] = (
+                    self.opencti.get_attribute_in_extension("stix_ids", stix_object)
+                )
+            if "x_opencti_granted_refs" not in stix_object:
+                stix_object["x_opencti_granted_refs"] = (
+                    self.opencti.get_attribute_in_extension("granted_refs", stix_object)
+                )
+
+            raw_coverages = stix_object["coverage"] if "coverage" in stix_object else []
+            coverage_information = list(
+                map(
+                    lambda cov: {
+                        "coverage_name": cov["name"],
+                        "coverage_score": cov["score"],
+                    },
+                    raw_coverages,
+                )
+            )
+
+            return self.create(
+                stix_id=stix_object["id"],
+                name=stix_object["name"],
+                external_uri=(
+                    stix_object["external_uri"]
+                    if "external_uri" in stix_object
+                    else None
+                ),
+                auto_enrichment_disable=(
+                    stix_object["auto_enrichment_disable"]
+                    if "auto_enrichment_disable" in stix_object
+                    else False
+                ),
+                coverage_last_result=(
+                    stix_object["last_result"] if "last_result" in stix_object else None
+                ),
+                coverage_valid_from=(
+                    stix_object["valid_from"] if "valid_from" in stix_object else None
+                ),
+                coverage_valid_to=(
+                    stix_object["valid_to"] if "valid_to" in stix_object else None
+                ),
+                coverage_information=coverage_information,
+                description=(
+                    self.opencti.stix2.convert_markdown(stix_object["description"])
+                    if "description" in stix_object
+                    else None
+                ),
+                createdBy=(
+                    extras["created_by_id"] if "created_by_id" in extras else None
+                ),
+                objectMarking=(
+                    extras["object_marking_ids"]
+                    if "object_marking_ids" in extras
+                    else None
+                ),
+                objectLabel=(
+                    extras["object_label_ids"] if "object_label_ids" in extras else None
+                ),
+                objectCovered=(
+                    stix_object["covered_ref"] if "covered_ref" in stix_object else None
+                ),
+                externalReferences=(
+                    extras["external_references_ids"]
+                    if "external_references_ids" in extras
+                    else None
+                ),
+                x_opencti_stix_ids=(
+                    stix_object["x_opencti_stix_ids"]
+                    if "x_opencti_stix_ids" in stix_object
+                    else None
+                ),
+            )
+        else:
+            self.opencti.app_logger.error(
+                "[opencti_security_coverage] Missing parameters: stixObject"
+            )

pycti/entities/opencti_settings.py

@@ -60,11 +60,9 @@ class Settings:
             platform_theme_light_logo_login
             platform_map_tile_server_dark
             platform_map_tile_server_light
-            platform_openbas_url
-            platform_openbas_disable_display
-            platform_openerm_url
-            platform_openmtd_url
             platform_ai_enabled
+            platform_openaev_url
+            platform_opengrc_url
             platform_ai_type
             platform_ai_model
             platform_ai_has_token

pycti/entities/opencti_stix_core_relationship.py

@@ -624,6 +624,7 @@ class StixCoreRelationship:
         granted_refs = kwargs.get("objectOrganization", None)
         x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
+        coverage_information = kwargs.get("coverage_information", None)
         update = kwargs.get("update", False)
 
         self.opencti.app_logger.info(
@@ -668,6 +669,7 @@ class StixCoreRelationship:
                     "killChainPhases": kill_chain_phases,
                     "x_opencti_workflow_id": x_opencti_workflow_id,
                     "x_opencti_stix_ids": x_opencti_stix_ids,
+                    "coverage_information": coverage_information,
                     "update": update,
                 }
             },
@@ -1175,6 +1177,19 @@ class StixCoreRelationship:
                     )
                 )
 
+            raw_coverages = (
+                stix_relation["coverage"] if "coverage" in stix_relation else []
+            )
+            coverage_information = list(
+                map(
+                    lambda cov: {
+                        "coverage_name": cov["name"],
+                        "coverage_score": cov["score"],
+                    },
+                    raw_coverages,
+                )
+            )
+
             source_ref = stix_relation["source_ref"]
             target_ref = stix_relation["target_ref"]
             return self.create(
@@ -1197,6 +1212,7 @@ class StixCoreRelationship:
                     if "stop_time" in stix_relation
                     else default_date
                 ),
+                coverage_information=coverage_information,
                 revoked=(
                     stix_relation["revoked"] if "revoked" in stix_relation else None
                 ),

pycti/utils/opencti_stix2.py

@@ -885,6 +885,7 @@ class OpenCTIStix2:
             "Tool": self.opencti.tool.read,
             "Vocabulary": self.opencti.vocabulary.read,
             "Vulnerability": self.opencti.vulnerability.read,
+            "Security-Coverage": self.opencti.security_coverage.read,
         }
 
     def get_reader(self, entity_type: str):
@@ -961,6 +962,7 @@ class OpenCTIStix2:
             "narrative": self.opencti.narrative,
             "task": self.opencti.task,
             "x-opencti-task": self.opencti.task,
+            "security-coverage": self.opencti.security_coverage,
             "vocabulary": self.opencti.vocabulary,
             # relationships
             "relationship": self.opencti.stix_core_relationship,

pycti/utils/opencti_stix2_utils.py

@@ -64,6 +64,7 @@ STIX_CORE_OBJECTS = [
     "threat-actor",
     "tool",
     "vulnerability",
+    "security-coverage",
 ]
 
 SUPPORTED_STIX_ENTITY_OBJECTS = STIX_META_OBJECTS + STIX_CORE_OBJECTS

{pycti-6.8.8.dist-info → pycti-6.8.9.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pycti
-Version: 6.8.8
+Version: 6.8.9
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran

{pycti-6.8.8.dist-info → pycti-6.8.9.dist-info}/RECORD

@@ -1,7 +1,7 @@
-pycti/__init__.py,sha256=5LvHzMfpp2PQ9_yBONK0Dcej_TnePHuDpK_uwzwt4S4,5676
+pycti/__init__.py,sha256=mxG2AQCaVdFshDTHXdIWR-Y1Bg7JsZpYHSLK7QhDKNo,5676
 pycti/api/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pycti/api/opencti_api_client.py,sha256=lbygp2fOsmTKIrM-8Y7GxFzCZzdFStC0dhxyKYs0Wzo,35368
-pycti/api/opencti_api_connector.py,sha256=MbOHtU9uQy6v_cI7bph9gZYGnpTaJlyTFnvP1bConuk,5626
+pycti/api/opencti_api_client.py,sha256=rAUEOYU8ND1oEw4w_hgbRbkpxF_5xVy3inV5Vo9QIfg,35494
+pycti/api/opencti_api_connector.py,sha256=k2Rq1PS9cmVfy822eKUBHL4ebPv3Zh9BTfxzkNt26O8,5671
 pycti/api/opencti_api_draft.py,sha256=ZFrva6p7VZA7rCtIpyfyA-KTWvcTaWvpy51_Edi9rG4,428
 pycti/api/opencti_api_internal_file.py,sha256=v_IFGZC3tngrZiaf9K64lnJbQgczgjym2NUECmdV_jk,802
 pycti/api/opencti_api_notification.py,sha256=uTBSjym2RfSYHTnfBIVmWj5kATrzQ2lRQ178Jy5bsu0,1375
@@ -12,8 +12,8 @@ pycti/api/opencti_api_trash.py,sha256=r_zi57n5TfLw9LYs2UFg33Nvyy3Huc6CjpK2mRQsma
 pycti/api/opencti_api_work.py,sha256=IucltT8DcZtJV3NO4RbVi6tnGtjbyxD78_FIHAPYmK0,9261
 pycti/api/opencti_api_workspace.py,sha256=ycqOTEXeUHF2k8H4jhoYDd1W6ijFcNUjYf4eSdLpH0k,611
 pycti/connector/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pycti/connector/opencti_connector.py,sha256=8lCZFvcA9-S1x6vFl756hgWAlzKfrnq-C4AIdDJr-Kg,2715
-pycti/connector/opencti_connector_helper.py,sha256=ZxVZnPqhpJtaPqrludIppnG06ohMZUYNnNifiagsink,94765
+pycti/connector/opencti_connector.py,sha256=TQpyCH2y3GZgvoniLbAn4Lkf039WzIj5mYQdcMvlj24,2994
+pycti/connector/opencti_connector_helper.py,sha256=VsA-Gj9wasFStQEGG1vjMEMkYcOe72lDabOb1NUqkGg,95815
 pycti/connector/opencti_metric_handler.py,sha256=piykdwqNUh5klpPAogsbo7tn0N7sa3wU4D2BQieNEso,4725
 pycti/entities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/entities/opencti_attack_pattern.py,sha256=Mf5ltnxG5XIgMdaplhSBFhuMBwsjGFZvkfhTX7jpTOw,23580
@@ -49,10 +49,11 @@ pycti/entities/opencti_observed_data.py,sha256=ME1YvnU2-y8M-88LfwvnkNKsZbNK7_BJR
 pycti/entities/opencti_opinion.py,sha256=1kG6J5WhxgPi8NpNmyAyy4bZjEMc4h8Jl8OzB7s6XNc,22852
 pycti/entities/opencti_report.py,sha256=AT88ZBipX2LqrR4gFEK7btifcZ12fKtfy1zRZoQkufc,35507
 pycti/entities/opencti_role.py,sha256=ryfPmZ_ch2sRGgqEr6_qxChTcGoeqvHW0MvlGHkLgdw,14039
-pycti/entities/opencti_settings.py,sha256=3dArFaPPdcFTV44uGRffjHpnDE-MKIXgd496QZcH6Bw,13547
+pycti/entities/opencti_security_coverage.py,sha256=1rEs-8NFFj1D8R_IMpaEPyIM4CS_jZgnKx_8Ykkw1Oo,12487
+pycti/entities/opencti_settings.py,sha256=aCbVUACuOK7AXvHp1tPDf3HBftFzJrZ60vHFu_pudAA,13469
 pycti/entities/opencti_stix.py,sha256=W8DQSg1QfWFNU1hR4jHiSbzB_N9BMakSlQTl-yOVQbQ,2616
 pycti/entities/opencti_stix_core_object.py,sha256=EAAdFkAd3jKSNXSqV2oSLtDhSMYf0iID7oQwEvI7Xb0,63719
-pycti/entities/opencti_stix_core_relationship.py,sha256=d5m__t5XjFo7gKFX-3oWFaSHPr4QEiYNCx98dlsJhAc,48012
+pycti/entities/opencti_stix_core_relationship.py,sha256=wgPvzVvFRb4plQVfDebrtI4SSqcr2abpqLeV0VcpZuM,48631
 pycti/entities/opencti_stix_cyber_observable.py,sha256=2k7PRSP6DQEpOH37T_pkxoq4hRtTGI_PQruVM55C7XM,93698
 pycti/entities/opencti_stix_domain_object.py,sha256=6VGill8b0Vr22yUe8fAP0dOpWDXaDtteJ4rqhLqwzKM,83173
 pycti/entities/opencti_stix_nested_ref_relationship.py,sha256=81mS3ccqlsiZf20ssvhTPmtDvoTsBWPUSXe2pkulQVc,12705
@@ -74,13 +75,13 @@ pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py
 pycti/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pycti/utils/constants.py,sha256=VRYRvDm6hkTR0ZcHHWMzQBwqlPRskYnusBpgoX0S05A,12854
 pycti/utils/opencti_logger.py,sha256=MApWthWJrSeBI0rumnhLhBtanjrtmfP6PJqOiQjcCOY,4091
-pycti/utils/opencti_stix2.py,sha256=Pu7bGrlRVeYcp1Qtta6D6NHhxH5klJKALZKFrjps4hM,137042
+pycti/utils/opencti_stix2.py,sha256=R0_VRGmd8xaCpSjbol79y8jn0CRrjatd1T2FuUhbIos,137177
 pycti/utils/opencti_stix2_identifier.py,sha256=k8L1z4q1xdCBfxqUba4YS_kT-MmbJFxYh0RvfGOmrOs,837
 pycti/utils/opencti_stix2_splitter.py,sha256=nMGbFPtGz2Vaeb6asWyPiOntHFNjREzJnbLEJHDV_T0,11539
 pycti/utils/opencti_stix2_update.py,sha256=CnMyqkeVA0jgyxEcgqna8sABU4YPMjkEJ228GVurIn4,14658
-pycti/utils/opencti_stix2_utils.py,sha256=fV-BHI55UF8tF6Ar9WHCqWy1mFPBZOph9bPlqHyA6W0,7545
-pycti-6.8.8.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-pycti-6.8.8.dist-info/METADATA,sha256=gCpB8nxmgWc0e35p6rySTph_lBvk2MCyFogQko1bMaM,5808
-pycti-6.8.8.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-pycti-6.8.8.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
-pycti-6.8.8.dist-info/RECORD,,
+pycti/utils/opencti_stix2_utils.py,sha256=J9DCD11bETq4Dowur3RovddbHOIMBeXBg13gLPHRLkA,7570
+pycti-6.8.9.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+pycti-6.8.9.dist-info/METADATA,sha256=FzK12UjBPNtUfHcP_7EaAduU2WvmFVMssZl6EmZ0V4Q,5808
+pycti-6.8.9.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+pycti-6.8.9.dist-info/top_level.txt,sha256=cqEpxitAhHP4VgSA6xmrak6Yk9MeBkwoMTB6k7d2ZnE,6
+pycti-6.8.9.dist-info/RECORD,,