[client] Introduce notes & opinions (#73)

* [client] Add notes & opinions, prepare STIX 2.1
* [client] Fix some bugs with new entities opinions/notes

Author: Samuel Hassine

examples/import_stix2_file.py

@@ -3,8 +3,8 @@
 from pycti import OpenCTIApiClient
 
 # Variables
-api_url = "https://demo.opencti.io"
-api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
+api_url = "http://localhost:4000"
+api_token = "0b23f787-d013-41a8-8078-97bee84cc99d"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)

pycti/__init__.py

@@ -30,6 +30,8 @@
 from .entities.opencti_attack_pattern import AttackPattern
 from .entities.opencti_course_of_action import CourseOfAction
 from .entities.opencti_report import Report
+from .entities.opencti_note import Note
+from .entities.opencti_opinion import Opinion
 from .entities.opencti_indicator import Indicator
 
 from .utils.opencti_stix2 import OpenCTIStix2
@@ -64,6 +66,8 @@
     "AttackPattern",
     "CourseOfAction",
     "Report",
+    "Note",
+    "Opinion",
     "Indicator",
     "OpenCTIStix2",
     "ObservableTypes",

pycti/api/opencti_api_client.py

@@ -32,6 +32,8 @@
 from pycti.entities.opencti_attack_pattern import AttackPattern
 from pycti.entities.opencti_course_of_action import CourseOfAction
 from pycti.entities.opencti_report import Report
+from pycti.entities.opencti_note import Note
+from pycti.entities.opencti_opinion import Opinion
 from pycti.entities.opencti_indicator import Indicator
 
 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
@@ -98,6 +100,8 @@ def __init__(self, url, token, log_level="info", ssl_verify=False):
         self.attack_pattern = AttackPattern(self)
         self.course_of_action = CourseOfAction(self)
         self.report = Report(self)
+        self.note = Note(self)
+        self.opinion = Opinion(self)
         self.indicator = Indicator(self)
 
         # Check if openCTI is available
@@ -483,6 +487,7 @@ def resolve_role(self, relation_type, from_type, to_type):
                     "country": {"from_role": "source", "to_role": "target"},
                     "city": {"from_role": "source", "to_role": "target"},
                     "organization": {"from_role": "source", "to_role": "target"},
+                    "user": {"from_role": "source", "to_role": "target"},
                     "vulnerability": {"from_role": "source", "to_role": "target"},
                 },
                 "intrusion-set": {
@@ -492,6 +497,7 @@ def resolve_role(self, relation_type, from_type, to_type):
                     "country": {"from_role": "source", "to_role": "target"},
                     "city": {"from_role": "source", "to_role": "target"},
                     "organization": {"from_role": "source", "to_role": "target"},
+                    "user": {"from_role": "source", "to_role": "target"},
                     "vulnerability": {"from_role": "source", "to_role": "target"},
                 },
                 "campaign": {
@@ -501,6 +507,7 @@ def resolve_role(self, relation_type, from_type, to_type):
                     "country": {"from_role": "source", "to_role": "target"},
                     "city": {"from_role": "source", "to_role": "target"},
                     "organization": {"from_role": "source", "to_role": "target"},
+                    "user": {"from_role": "source", "to_role": "target"},
                     "vulnerability": {"from_role": "source", "to_role": "target"},
                 },
                 "incident": {
@@ -510,6 +517,7 @@ def resolve_role(self, relation_type, from_type, to_type):
                     "country": {"from_role": "source", "to_role": "target"},
                     "city": {"from_role": "source", "to_role": "target"},
                     "organization": {"from_role": "source", "to_role": "target"},
+                    "user": {"from_role": "source", "to_role": "target"},
                     "vulnerability": {"from_role": "source", "to_role": "target"},
                 },
                 "malware": {
@@ -519,6 +527,7 @@ def resolve_role(self, relation_type, from_type, to_type):
                     "country": {"from_role": "source", "to_role": "target"},
                     "city": {"from_role": "source", "to_role": "target"},
                     "organization": {"from_role": "source", "to_role": "target"},
+                    "user": {"from_role": "source", "to_role": "target"},
                     "vulnerability": {"from_role": "source", "to_role": "target"},
                 },
                 "attack-pattern": {
@@ -529,6 +538,7 @@ def resolve_role(self, relation_type, from_type, to_type):
                 "threat-actor": {
                     "identity": {"from_role": "attribution", "to_role": "origin"},
                     "organization": {"from_role": "attribution", "to_role": "origin"},
+                    "user": {"from_role": "attribution", "to_role": "origin"},
                 },
                 "intrusion-set": {
                     "identity": {"from_role": "attribution", "to_role": "origin"},

pycti/entities/opencti_attack_pattern.py

@@ -2,6 +2,7 @@
 
 import json
 from pycti.utils.constants import CustomProperties
+from pycti.utils.opencti_stix2 import SPEC_VERSION
 
 
 class AttackPattern:
@@ -498,6 +499,7 @@ def to_stix2(self, **kwargs):
             attack_pattern = dict()
             attack_pattern["id"] = entity["stix_id_key"]
             attack_pattern["type"] = "attack-pattern"
+            attack_pattern["spec_version"] = SPEC_VERSION
             if self.opencti.not_empty(entity["external_id"]):
                 attack_pattern[CustomProperties.EXTERNAL_ID] = entity["external_id"]
             attack_pattern["name"] = entity["name"]

pycti/entities/opencti_campaign.py

@@ -2,6 +2,7 @@
 
 import json
 from pycti.utils.constants import CustomProperties
+from pycti.utils.opencti_stix2 import SPEC_VERSION
 
 
 class Campaign:
@@ -376,6 +377,7 @@ def to_stix2(self, **kwargs):
             campaign = dict()
             campaign["id"] = entity["stix_id_key"]
             campaign["type"] = "campaign"
+            campaign["spec_version"] = SPEC_VERSION
             campaign["name"] = entity["name"]
             if self.opencti.not_empty(entity["stix_label"]):
                 campaign["labels"] = entity["stix_label"]

pycti/entities/opencti_course_of_action.py

@@ -2,6 +2,7 @@
 
 import json
 from pycti.utils.constants import CustomProperties
+from pycti.utils.opencti_stix2 import SPEC_VERSION
 
 
 class CourseOfAction:
@@ -344,6 +345,7 @@ def to_stix2(self, **kwargs):
             course_of_action = dict()
             course_of_action["id"] = entity["stix_id_key"]
             course_of_action["type"] = "course-of-action"
+            course_of_action["spec_version"] = SPEC_VERSION
             course_of_action["name"] = entity["name"]
             if self.opencti.not_empty(entity["stix_label"]):
                 course_of_action["labels"] = entity["stix_label"]

pycti/entities/opencti_identity.py

@@ -2,6 +2,7 @@
 
 import json
 from pycti.utils.constants import CustomProperties
+from pycti.utils.opencti_stix2 import SPEC_VERSION
 
 
 class Identity:
@@ -351,6 +352,7 @@ def to_stix2(self, **kwargs):
             identity = dict()
             identity["id"] = entity["stix_id_key"]
             identity["type"] = "identity"
+            identity["spec_version"] = SPEC_VERSION
             identity["name"] = entity["name"]
             identity["identity_class"] = identity_class
             if self.opencti.not_empty(entity["stix_label"]):
@@ -366,6 +368,7 @@ def to_stix2(self, **kwargs):
             if (
                 entity["entity_type"] == "organization"
                 and "organization_class" in entity
+                and self.opencti.not_empty(entity["organization_class"])
             ):
                 identity[CustomProperties.ORG_CLASS] = entity["organization_class"]
             identity[CustomProperties.IDENTITY_TYPE] = entity["entity_type"]

pycti/entities/opencti_incident.py

@@ -2,6 +2,7 @@
 
 import json
 from pycti.utils.constants import CustomProperties
+from pycti.utils.opencti_stix2 import SPEC_VERSION
 
 
 class Incident:
@@ -445,6 +446,7 @@ def to_stix2(self, **kwargs):
             incident = dict()
             incident["id"] = entity["stix_id_key"]
             incident["type"] = "x-opencti-incident"
+            incident["spec_version"] = SPEC_VERSION
             incident["name"] = entity["name"]
             if self.opencti.not_empty(entity["stix_label"]):
                 incident["labels"] = entity["stix_label"]

pycti/entities/opencti_indicator.py

@@ -2,6 +2,7 @@
 
 import json
 from pycti.utils.constants import CustomProperties
+from pycti.utils.opencti_stix2 import SPEC_VERSION
 
 
 class Indicator:
@@ -494,6 +495,7 @@ def to_stix2(self, **kwargs):
             indicator = dict()
             indicator["id"] = entity["stix_id_key"]
             indicator["type"] = "indicator"
+            indicator["spec_version"] = SPEC_VERSION
             indicator["name"] = entity["name"]
             if self.opencti.not_empty(entity["stix_label"]):
                 indicator["labels"] = entity["stix_label"]

pycti/entities/opencti_intrusion_set.py

@@ -3,6 +3,7 @@
 import json
 
 from pycti.utils.constants import CustomProperties
+from pycti.utils.opencti_stix2 import SPEC_VERSION
 
 
 class IntrusionSet:
@@ -448,6 +449,7 @@ def to_stix2(self, **kwargs):
             intrusion_set = dict()
             intrusion_set["id"] = entity["stix_id_key"]
             intrusion_set["type"] = "intrusion-set"
+            intrusion_set["spec_version"] = SPEC_VERSION
             intrusion_set["name"] = entity["name"]
             if self.opencti.not_empty(entity["stix_label"]):
                 intrusion_set["labels"] = entity["stix_label"]