Skip to content

Commit a6b0c61

Browse files
author
Samuel Hassine
committed
OpenCTI-Platform#3 Fix STIX2 export and keep stix_id in all circonstances
1 parent 5d3f0d8 commit a6b0c61

File tree

4 files changed

+282
-224
lines changed

4 files changed

+282
-224
lines changed

examples/stix2/export.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,13 +10,13 @@
1010
config = yaml.load(open(os.path.dirname(__file__) + '/../config.yml'))
1111

1212
# Export file
13-
export_file = './exports/IntrusionSets.json'
13+
export_file = './exports/report.json'
1414

1515
# OpenCTI initialization
1616
opencti = OpenCTI(config['opencti']['api_url'], config['opencti']['api_key'], config['opencti']['log_file'], config['opencti']['verbose'])
1717

1818
# Import the bundle
19-
bundle = opencti.stix2_export_entity('report', '{ENTITY_ID}', 'full')
19+
bundle = opencti.stix2_export_entity('report', '{REPORT_ID}', 'full')
2020

2121
with open(export_file, 'w') as file:
2222
json.dump(bundle, file, indent=4)

pycti/opencti.py

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -334,6 +334,7 @@ def get_stix_relation_by_stix_id(self, stix_id):
334334
edges {
335335
node {
336336
id
337+
entity_type
337338
}
338339
}
339340
}
@@ -377,7 +378,8 @@ def get_stix_relation_by_id(self, id):
377378
result = self.query(query, {'id': id})
378379
return result['data']['stixRelation']
379380

380-
def get_stix_relations(self, from_id=None, to_id=None, type='stix_relation', first_seen=None, last_seen=None):
381+
def get_stix_relations(self, from_id=None, to_id=None, type='stix_relation', first_seen=None, last_seen=None, inferred=False):
382+
self.log('Getting relations, from: ' + from_id + ', to: ' + to_id + '...')
381383
if type == 'revoked-by':
382384
return []
383385

@@ -395,8 +397,8 @@ def get_stix_relations(self, from_id=None, to_id=None, type='stix_relation', fir
395397
last_seen_stop = None
396398

397399
query = """
398-
query StixRelations($fromId: String, $toId: String, $relationType: String, $firstSeenStart: DateTime, $firstSeenStop: DateTime, $lastSeenStart: DateTime, $lastSeenStop: DateTime) {
399-
stixRelations(fromId: $fromId, toId: $toId, relationType: $relationType, firstSeenStart: $firstSeenStart, firstSeenStop: $firstSeenStop, lastSeenStart: $lastSeenStart, lastSeenStop: $lastSeenStop) {
400+
query StixRelations($fromId: String, $toId: String, $relationType: String, $firstSeenStart: DateTime, $firstSeenStop: DateTime, $lastSeenStart: DateTime, $lastSeenStop: DateTime, $inferred: Boolean) {
401+
stixRelations(fromId: $fromId, toId: $toId, relationType: $relationType, firstSeenStart: $firstSeenStart, firstSeenStop: $firstSeenStop, lastSeenStart: $lastSeenStart, lastSeenStop: $lastSeenStop, inferred: $inferred) {
400402
edges {
401403
node {
402404
id
@@ -432,7 +434,8 @@ def get_stix_relations(self, from_id=None, to_id=None, type='stix_relation', fir
432434
'firstSeenStart': first_seen_start,
433435
'firstSeenStop': first_seen_stop,
434436
'lastSeenStart': last_seen_start,
435-
'lastSeenStop': last_seen_stop
437+
'lastSeenStop': last_seen_stop,
438+
'inferred': inferred
436439
})
437440
return self.parse_multiple(result['data']['stixRelations'])
438441

@@ -587,6 +590,7 @@ def get_marking_definition_by_stix_id(self, stix_id):
587590
edges {
588591
node {
589592
id
593+
entity_type
590594
}
591595
}
592596
}
@@ -605,6 +609,7 @@ def get_marking_definition_by_definition(self, definition_type, definition):
605609
edges {
606610
node {
607611
id
612+
entity_type
608613
}
609614
}
610615
}
@@ -631,6 +636,7 @@ def create_marking_definition(self,
631636
mutation MarkingDefinitionAdd($input: MarkingDefinitionAddInput) {
632637
markingDefinitionAdd(input: $input) {
633638
id
639+
entity_type
634640
}
635641
}
636642
"""
@@ -3474,7 +3480,12 @@ def resolve_role(self, relation_type, from_type, to_type):
34743480
},
34753481
'city': {
34763482
'country': {'from_role': 'localized', 'to_role': 'location'}
3477-
}
3483+
},
3484+
'organization': {
3485+
'region': {'from_role': 'localized', 'to_role': 'location'},
3486+
'country': {'from_role': 'localized', 'to_role': 'location'},
3487+
'city': {'from_role': 'localized', 'to_role': 'location'}
3488+
},
34783489
},
34793490
'indicates': {
34803491
'observable': {

0 commit comments

Comments
 (0)