[client] implement inferred_entity & inferred_rel

JeremyCloarec · JeremyCloarec · commit 0ccf9ce6aa97 · 2025-10-03T14:27:27.000+02:00
diff --git a/pycti/api/opencti_api_client.py b/pycti/api/opencti_api_client.py
@@ -11,6 +11,7 @@
 from pycti import __version__
 from pycti.api.opencti_api_connector import OpenCTIApiConnector
 from pycti.api.opencti_api_draft import OpenCTIApiDraft
+from pycti.api.opencti_api_inferred import OpenCTIApiInferred
 from pycti.api.opencti_api_internal_file import OpenCTIApiInternalFile
 from pycti.api.opencti_api_notification import OpenCTIApiNotification
 from pycti.api.opencti_api_pir import OpenCTIApiPir
@@ -175,6 +176,7 @@ def __init__(
         # Define the dependencies
         self.work = OpenCTIApiWork(self)
         self.notification = OpenCTIApiNotification(self)
+        self.inferred = OpenCTIApiInferred(self)
         self.trash = OpenCTIApiTrash(self)
         self.draft = OpenCTIApiDraft(self)
         self.workspace = OpenCTIApiWorkspace(self)
diff --git a/pycti/api/opencti_api_inferred.py b/pycti/api/opencti_api_inferred.py
@@ -0,0 +1,25 @@
+class OpenCTIApiInferred:
+    """OpenCTIApiInferred"""
+
+    def __init__(self, api):
+        self.api = api
+
+    def create_inferred_rel(self, **kwargs):
+        input = kwargs.get("input", None)
+        self.api.app_logger.info("Creating inferred rel", {"input": input})
+        query = """
+            mutation inferredRelationAdd($jsonInput: String!) {
+                inferredRelationAdd(jsonInput: $jsonInput)
+            }
+           """
+        self.api.query(query, {"jsonInput": input})
+
+    def create_inferred_entity(self, **kwargs):
+        input = kwargs.get("input", None)
+        self.api.app_logger.info("Creating inferred entity", {"input": input})
+        query = """
+            mutation inferredEntityAdd($jsonInput: String!) {
+                inferredEntityAdd(jsonInput: $jsonInput)
+            }
+           """
+        self.api.query(query, {"jsonInput": input})
diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py
@@ -2769,6 +2769,20 @@ def apply_opencti_operation(self, item, operation):
             self.opencti.pir.pir_unflag_element(id=id, input=input)
         elif operation == "rule_apply":
             self.rule_apply(item=item)
+        elif operation == "inferred_entity":
+            opencti_inferred_input = self.opencti.get_attribute_in_extension(
+                "opencti_inferred_input", item
+            )
+            if opencti_inferred_input is None:
+                opencti_inferred_input = item["opencti_inferred_input"]
+            self.opencti.inferred.create_inferred_entity(input=opencti_inferred_input)
+        elif operation == "inferred_rel":
+            opencti_inferred_input = self.opencti.get_attribute_in_extension(
+                "opencti_inferred_input", item
+            )
+            if opencti_inferred_input is None:
+                opencti_inferred_input = item["opencti_inferred_input"]
+            self.opencti.inferred.create_inferred_rel(input=opencti_inferred_input)
         elif operation == "rule_clear":
             self.rule_clear(item=item)
         elif operation == "rules_rescan":
