Merge branch 'master' into renovate/pre-commit-3.x

Author: flavienSindou

.drone.yml

@@ -63,9 +63,9 @@ steps:
 
 services:
   - name: redis
-    image: redis:7.2.5
+    image: redis:7.4.1
   - name: elastic
-    image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3
+    image: docker.elastic.co/elasticsearch/elasticsearch:8.15.3
     environment:
       discovery.type: single-node
       xpack.security.enabled: false
@@ -77,7 +77,7 @@ services:
       MINIO_ROOT_PASSWORD: ChangeMe
     command: [ server, /data ]
   - name: rabbitmq
-    image: rabbitmq:3.13-management
+    image: rabbitmq:4.0-management
   - name: opencti
     image: nikolaik/python-nodejs:python3.10-nodejs18-alpine
     environment:

docs/requirements.txt

@@ -1,4 +1,4 @@
 autoapi==2.0.1
 sphinx==7.4.6
 sphinx-autodoc-typehints==2.2.3
-sphinx_rtd_theme==2.0.0
+sphinx_rtd_theme==3.0.2

pycti/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.3.8"
+__version__ = "6.4.5"
 
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector

pycti/api/opencti_api_client.py

@@ -213,6 +213,9 @@ def set_playbook_id_header(self, playbook_id):
     def set_event_id(self, event_id):
         self.request_headers["opencti-event-id"] = event_id
 
+    def set_draft_id(self, draft_id):
+        self.request_headers["opencti-draft-id"] = draft_id
+
     def set_synchronized_upsert_header(self, synchronized):
         self.request_headers["synchronized-upsert"] = (
             "true" if synchronized is True else "false"
@@ -666,6 +669,34 @@ def upload_file(self, **kwargs):
             self.app_logger.error("[upload] Missing parameter: file_name")
             return None
 
+    def create_draft(self, **kwargs):
+        """create a draft in OpenCTI API
+        :param `**kwargs`: arguments for file name creating draft (required: `draft_name`)
+        :return: returns the query response for the draft creation
+        :rtype: id
+        """
+
+        draft_name = kwargs.get("draft_name", None)
+        entity_id = kwargs.get("entity_id", None)
+
+        if draft_name is not None:
+            self.app_logger.info("Creating a draft.")
+            query = """
+                    mutation draftWorkspaceAdd($input: DraftWorkspaceAddInput!) {
+                        draftWorkspaceAdd(input: $input) {
+                            id
+                        }
+                    }
+                 """
+            queryResult = self.query(
+                query,
+                {"input": {"name": draft_name, "entity_id": entity_id}},
+            )
+            return queryResult["data"]["draftWorkspaceAdd"]["id"]
+        else:
+            self.app_logger.error("[create_draft] Missing parameter: draft_name")
+            return None
+
     def upload_pending_file(self, **kwargs):
         """upload a file to OpenCTI API
 

pycti/connector/opencti_connector_helper.py

@@ -253,10 +253,18 @@ def _data_handler(self, json_data) -> None:
             event_data = json_data["event"]
             entity_id = event_data.get("entity_id")
             entity_type = event_data.get("entity_type")
+            validation_mode = event_data.get("validation_mode", "workbench")
             # Set the API headers
-            work_id = json_data["internal"]["work_id"]
+            internal_data = json_data["internal"]
+            work_id = internal_data["work_id"]
+            draft_id = internal_data.get("draft_id", "")
             self.helper.work_id = work_id
 
+            self.helper.validation_mode = validation_mode
+            self.helper.draft_id = draft_id
+            self.helper.api.set_draft_id(draft_id)
+            self.helper.api_impersonate.set_draft_id(draft_id)
+
             self.helper.playbook = None
             self.helper.enrichment_shared_organizations = None
             if self.helper.connect_type == "INTERNAL_ENRICHMENT":
@@ -952,6 +960,8 @@ def __init__(self, config: Dict, playbook_compatible=False) -> None:
             "Connector registered with ID", {"id": self.connect_id}
         )
         self.work_id = None
+        self.validation_mode = "workbench"
+        self.draft_id = None
         self.playbook = None
         self.enrichment_shared_organizations = None
         self.connector_id = connector_configuration["id"]
@@ -1550,6 +1560,7 @@ def send_stix2_bundle(self, bundle: str, **kwargs) -> list:
         """send a stix2 bundle to the API
 
         :param work_id: a valid work id
+        :param draft_id: a draft context to send the bundle to
         :param bundle: valid stix2 bundle
         :type bundle:
         :param entities_types: list of entities, defaults to None
@@ -1563,6 +1574,8 @@ def send_stix2_bundle(self, bundle: str, **kwargs) -> list:
         :rtype: list
         """
         work_id = kwargs.get("work_id", self.work_id)
+        validation_mode = kwargs.get("validation_mode", self.validation_mode)
+        draft_id = kwargs.get("draft_id", self.draft_id)
         entities_types = kwargs.get("entities_types", None)
         update = kwargs.get("update", False)
         event_version = kwargs.get("event_version", None)
@@ -1627,14 +1640,23 @@ def send_stix2_bundle(self, bundle: str, **kwargs) -> list:
         # Upload workbench in case of pending validation
         if not file_name and work_id:
             file_name = f"{work_id}.json"
+
         if self.connect_validate_before_import and not bypass_validation and file_name:
-            self.api.upload_pending_file(
-                file_name=file_name,
-                data=bundle,
-                mime_type="application/json",
-                entity_id=entity_id,
-            )
-            return []
+            if validation_mode == "workbench":
+                self.api.upload_pending_file(
+                    file_name=file_name,
+                    data=bundle,
+                    mime_type="application/json",
+                    entity_id=entity_id,
+                )
+                return []
+            elif validation_mode == "draft" and not draft_id:
+                draft_id = self.api.create_draft(
+                    draft_name=file_name, entity_id=entity_id
+                )
+                if not draft_id:
+                    self.connector_logger.error("Draft couldn't be created")
+                    return []
 
         # If directory setup, write the bundle to the target directory
         if bundle_send_to_directory and bundle_send_to_directory_path is not None:
@@ -1749,6 +1771,7 @@ def send_stix2_bundle(self, bundle: str, **kwargs) -> list:
                         entities_types=entities_types,
                         sequence=sequence,
                         update=update,
+                        draft_id=draft_id,
                     )
                 channel.close()
                 pika_connection.close()
@@ -1774,11 +1797,14 @@ def _send_bundle(self, channel, bundle, **kwargs) -> None:
         :type entities_types: list, optional
         :param update: whether to update data in the database, defaults to False
         :type update: bool, optional
+        :param draft_id: if draft_id is set, bundle must be set in draft context
+        :type draft_id:
         """
         work_id = kwargs.get("work_id", None)
         sequence = kwargs.get("sequence", 0)
         update = kwargs.get("update", False)
         entities_types = kwargs.get("entities_types", None)
+        draft_id = kwargs.get("draft_id", None)
 
         if entities_types is None:
             entities_types = []
@@ -1800,6 +1826,7 @@ def _send_bundle(self, channel, bundle, **kwargs) -> None:
                 "utf-8"
             ),
             "update": update,
+            "draft_id": draft_id,
         }
         if work_id is not None:
             message["work_id"] = work_id

pycti/entities/indicator/opencti_indicator_properties.py

@@ -92,6 +92,10 @@
     x_opencti_score
     x_opencti_detection
     x_opencti_main_observable_type
+    x_opencti_observable_values {
+        type
+        value
+    }
     x_mitre_platforms
     observables {
         edges {
@@ -220,6 +224,10 @@
     x_opencti_score
     x_opencti_detection
     x_opencti_main_observable_type
+    x_opencti_observable_values {
+        type
+        value
+    }
     x_mitre_platforms
     observables {
         edges {

pycti/entities/opencti_attack_pattern.py

@@ -222,15 +222,19 @@ def __init__(self, opencti):
 
     @staticmethod
     def generate_id(name, x_mitre_id=None):
-        name = name.lower().strip()
         if x_mitre_id is not None:
             data = {"x_mitre_id": x_mitre_id}
         else:
-            data = {"name": name}
+            data = {"name": name.lower().strip()}
         data = canonicalize(data, utf8=False)
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "attack-pattern--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        external_id = data.get("x_mitre_id") or data.get("x_opencti_external_id")
+        return AttackPattern.generate_id(data.get("name"), external_id)
+
     """
         List Attack-Pattern objects
 

pycti/entities/opencti_campaign.py

@@ -216,6 +216,10 @@ def generate_id(name):
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "campaign--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return Campaign.generate_id(data["name"])
+
     """
         List Campaign objects
 

pycti/entities/opencti_case_incident.py

@@ -461,6 +461,10 @@ def generate_id(name, created):
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "case-incident--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return CaseIncident.generate_id(data["name"], data["created"])
+
     """
         List Case Incident objects
         
@@ -686,6 +690,7 @@ def create(self, **kwargs):
         priority = kwargs.get("priority", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         object_assignee = kwargs.get("objectAssignee", None)
+        object_participant = kwargs.get("objectParticipant", None)
         granted_refs = kwargs.get("objectOrganization", None)
         response_types = kwargs.get("response_types", None)
         x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
@@ -713,6 +718,7 @@ def create(self, **kwargs):
                         "objectLabel": object_label,
                         "objectOrganization": granted_refs,
                         "objectAssignee": object_assignee,
+                        "objectParticipant": object_participant,
                         "objects": objects,
                         "externalReferences": external_references,
                         "revoked": revoked,
@@ -861,7 +867,12 @@ def import_from_stix2(self, **kwargs):
                 stix_object["x_opencti_assignee_ids"] = (
                     self.opencti.get_attribute_in_extension("assignee_ids", stix_object)
                 )
-
+            if "x_opencti_participant_ids" not in stix_object:
+                stix_object["x_opencti_participant_ids"] = (
+                    self.opencti.get_attribute_in_extension(
+                        "participant_ids", stix_object
+                    )
+                )
             return self.create(
                 stix_id=stix_object["id"],
                 createdBy=(
@@ -916,6 +927,11 @@ def import_from_stix2(self, **kwargs):
                     if "x_opencti_assignee_ids" in stix_object
                     else None
                 ),
+                objectParticipant=(
+                    stix_object["x_opencti_participant_ids"]
+                    if "x_opencti_participant_ids" in stix_object
+                    else None
+                ),
                 x_opencti_workflow_id=(
                     stix_object["x_opencti_workflow_id"]
                     if "x_opencti_workflow_id" in stix_object

pycti/entities/opencti_case_rfi.py

@@ -457,6 +457,10 @@ def generate_id(name, created):
         id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
         return "case-rfi--" + id
 
+    @staticmethod
+    def generate_id_from_data(data):
+        return CaseRfi.generate_id(data["name"], data["created"])
+
     """
         List Case Rfi objects
         
@@ -670,6 +674,8 @@ def create(self, **kwargs):
         objects = kwargs.get("objects", None)
         object_marking = kwargs.get("objectMarking", None)
         object_label = kwargs.get("objectLabel", None)
+        object_assignee = kwargs.get("objectAssignee", None)
+        object_participant = kwargs.get("objectParticipant", None)
         external_references = kwargs.get("externalReferences", None)
         revoked = kwargs.get("revoked", None)
         confidence = kwargs.get("confidence", None)
@@ -705,6 +711,8 @@ def create(self, **kwargs):
                         "objectMarking": object_marking,
                         "objectLabel": object_label,
                         "objectOrganization": granted_refs,
+                        "objectAssignee": object_assignee,
+                        "objectParticipant": object_participant,
                         "objects": objects,
                         "externalReferences": external_references,
                         "revoked": revoked,
@@ -842,6 +850,16 @@ def import_from_stix2(self, **kwargs):
                 stix_object["x_opencti_workflow_id"] = (
                     self.opencti.get_attribute_in_extension("workflow_id", stix_object)
                 )
+            if "x_opencti_assignee_ids" not in stix_object:
+                stix_object["x_opencti_assignee_ids"] = (
+                    self.opencti.get_attribute_in_extension("assignee_ids", stix_object)
+                )
+            if "x_opencti_participant_ids" not in stix_object:
+                stix_object["x_opencti_participant_ids"] = (
+                    self.opencti.get_attribute_in_extension(
+                        "participant_ids", stix_object
+                    )
+                )
 
             return self.create(
                 stix_id=stix_object["id"],
@@ -885,6 +903,16 @@ def import_from_stix2(self, **kwargs):
                     if "x_opencti_granted_refs" in stix_object
                     else None
                 ),
+                objectAssignee=(
+                    stix_object["x_opencti_assignee_ids"]
+                    if "x_opencti_assignee_ids" in stix_object
+                    else None
+                ),
+                objectParticipant=(
+                    stix_object["x_opencti_participant_ids"]
+                    if "x_opencti_participant_ids" in stix_object
+                    else None
+                ),
                 x_opencti_workflow_id=(
                     stix_object["x_opencti_workflow_id"]
                     if "x_opencti_workflow_id" in stix_object