[client] Migration incidents

Author: Samuel Hassine

pycti/entities/opencti_incident.py

@@ -163,11 +163,11 @@ def list(self, **kwargs):
         )
 
     """
-        Read a X-OpenCTI-Incident object
+        Read a Incident object
         
-        :param id: the id of the X-OpenCTI-Incident
+        :param id: the id of the Incident
         :param filters: the filters to apply if no id provided
-        :return X-OpenCTI-Incident object
+        :return Incident object
     """
 
     def read(self, **kwargs):
@@ -272,10 +272,10 @@ def create(self, **kwargs):
             self.opencti.log("error", "Missing parameters: name and description")
 
     """
-        Import a X-OpenCTI-Incident object from a STIX2 object
+        Import a Incident object from a STIX2 object
 
-        :param stixObject: the Stix-Object X-OpenCTI-Incident
-        :return X-OpenCTI-Incident object
+        :param stixObject: the Stix-Object Incident
+        :return Incident object
     """
 
     def import_from_stix2(self, **kwargs):

pycti/utils/opencti_stix2.py

@@ -366,7 +366,7 @@ def extract_embedded_relationships(self, stix_object, types=None) -> dict:
                         "threat-actor",
                         "intrusion-set",
                         "campaign",
-                        "x-opencti-incident",
+                        "incident",
                         "malware",
                         "relationship",
                     ]
@@ -524,7 +524,7 @@ def import_object(self, stix_object, update=False, types=None) -> list:
             "threat-actor": self.opencti.threat_actor.import_from_stix2,
             "tool": self.opencti.tool.import_from_stix2,
             "vulnerability": self.opencti.vulnerability.import_from_stix2,
-            "x-opencti-incident": self.opencti.incident.import_from_stix2,
+            "incident": self.opencti.incident.import_from_stix2,
         }
 
         # TODO: Remove this, compatibility with V3
@@ -1235,7 +1235,7 @@ def prepare_export(
                 "Threat-Actor": self.opencti.threat_actor.read,
                 "Tool": self.opencti.tool.read,
                 "Vulnerability": self.opencti.vulnerability.read,
-                "X-OpenCTI-Incident": self.opencti.incident.read,
+                "Incident": self.opencti.incident.read,
                 "Stix-Cyber-Observable": self.opencti.stix_cyber_observable.read,
                 "stix_core_relationship": self.opencti.stix_core_relationship.read,
             }
@@ -1371,7 +1371,7 @@ def export_entity(
             "Threat-Actor": self.opencti.threat_actor.read,
             "Tool": self.opencti.tool.read,
             "Vulnerability": self.opencti.vulnerability.read,
-            "X-OpenCTI-Incident": self.opencti.incident.read,
+            "Incident": self.opencti.incident.read,
         }
         do_read = reader.get(
             entity_type, lambda **kwargs: self.unknown_type({"type": entity_type})
@@ -1453,7 +1453,7 @@ def export_list(
             "Threat-Actor": self.opencti.threat_actor.list,
             "Tool": self.opencti.tool.list,
             "Vulnerability": self.opencti.vulnerability.list,
-            "X-OpenCTI-Incident": self.opencti.incident.list,
+            "Incident": self.opencti.incident.list,
             "Stix-Cyber-Observable": self.opencti.stix_cyber_observable.list,
         }
         do_list = lister.get(

tests/data/DATA-TEST-STIX2_v2.json

@@ -272,10 +272,10 @@
     },
     {
       "id": "incident--0b626d41-1d8d-4b96-86fa-ad49cea2cfd4",
-      "type": "x-opencti-incident",
+      "type": "incident",
       "spec_version": "2.1",
       "name": "A new incident",
-      "labels": ["x-opencti-incident"],
+      "labels": ["incident"],
       "description": "A test incident",
       "first_seen": "2020-02-27T08:45:47.779Z",
       "last_seen": "2020-02-27T08:45:47.779Z",