Skip to content
This repository was archived by the owner on Dec 5, 2025. It is now read-only.

Commit 3933857

Browse files
author
Samuel Hassine
committed
Fix IDs of indicators
1 parent 8045fe8 commit 3933857

File tree

2 files changed

+18
-11
lines changed

2 files changed

+18
-11
lines changed

pycti/opencti.py

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1717,10 +1717,8 @@ def create_incident_if_not_exists(self,
17171717
object_result = self.check_existing_stix_domain_entity(stix_id, name, 'Incident')
17181718
if object_result is not None:
17191719
self.update_stix_domain_entity_field(object_result['id'], 'name', name)
1720-
description is not None and self.update_stix_domain_entity_field(object_result['id'], 'description',
1721-
description)
1722-
first_seen is not None and self.update_stix_domain_entity_field(object_result['id'], 'first_seen',
1723-
first_seen)
1720+
description is not None and self.update_stix_domain_entity_field(object_result['id'], 'description', description)
1721+
first_seen is not None and self.update_stix_domain_entity_field(object_result['id'], 'first_seen', first_seen)
17241722
last_seen is not None and self.update_stix_domain_entity_field(object_result['id'], 'last_seen', last_seen)
17251723
return object_result
17261724
else:
@@ -2511,8 +2509,7 @@ def create_course_of_action(self, name, description, id=None, stix_id=None, crea
25112509
})
25122510
return result['data']['courseOfActionAdd']
25132511

2514-
def create_course_of_action_if_not_exists(self, name, description, id=None, stix_id=None, created=None,
2515-
modified=None):
2512+
def create_course_of_action_if_not_exists(self, name, description, id=None, stix_id=None, created=None, modified=None):
25162513
object_result = self.check_existing_stix_domain_entity(stix_id, name, 'Course-Of-Action')
25172514
if object_result is not None:
25182515
return object_result
@@ -3661,8 +3658,7 @@ def stix2_export_bundle(self, types=[]):
36613658
if 'Course-Of-Action' in types:
36623659
course_of_actions = self.get_course_of_actions()
36633660
for course_of_action in course_of_actions:
3664-
course_of_action_bundle = stix2.filter_objects(uuids,
3665-
stix2.export_course_of_action(course_of_action))
3661+
course_of_action_bundle = stix2.filter_objects(uuids, stix2.export_course_of_action(course_of_action))
36663662
uuids = uuids + [x['id'] for x in course_of_action_bundle]
36673663
bundle['objects'] = bundle['objects'] + course_of_action_bundle
36683664
if 'Report' in types:

pycti/opencti_stix2.py

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -411,7 +411,11 @@ def import_object(self, stix_object, update=False):
411411

412412
# Add embedded relationships
413413
if stix_object_result is not None:
414-
self.mapping_cache[stix_object['id']] = {'id': stix_object_result['id'], 'type': stix_object_result['entity_type']}
414+
if stix_object['type'] == 'indicator':
415+
stix_object_result_type = 'observable'
416+
else:
417+
stix_object_result_type = stix_object_result['entity_type']
418+
self.mapping_cache[stix_object['id']] = {'id': stix_object_result['id'], 'type': stix_object_result_type}
415419
# Add aliases
416420
if 'aliases' in stix_object:
417421
new_aliases = stix_object_result['alias'] + list(
@@ -797,14 +801,19 @@ def export_course_of_action(self, entity):
797801
return self.prepare_export(entity, course_of_action)
798802

799803
def create_course_of_action(self, stix_object, update=False):
800-
return self.opencti.create_course_of_action_if_not_exists(
804+
course_of_action = self.opencti.create_course_of_action_if_not_exists(
801805
stix_object['name'],
802806
self.convert_markdown(stix_object['description']) if 'description' in stix_object else '',
803807
stix_object['x_opencti_id'] if 'x_opencti_id' in stix_object else None,
804808
stix_object['id'] if 'id' in stix_object else None,
805809
stix_object['created'] if 'created' in stix_object else None,
806810
stix_object['modified'] if 'modified' in stix_object else None,
807811
)
812+
if update:
813+
self.opencti.update_stix_domain_entity_field(course_of_action['id'], 'name', stix_object['name'])
814+
if 'description' in stix_object:
815+
self.opencti.update_stix_domain_entity_field(course_of_action['id'], 'description', stix_object['description'])
816+
return course_of_action
808817

809818
def export_report(self, entity, mode='simple'):
810819
report = dict()
@@ -870,6 +879,7 @@ def create_indicator(self, stix_object, update=False):
870879
stix_object['x_opencti_observable_type'],
871880
stix_object['x_opencti_observable_value'],
872881
self.convert_markdown(stix_object['description']) if 'description' in stix_object else '',
882+
stix_object['x_opencti_id'] if 'x_opencti_id' in stix_object else None,
873883
stix_object['id'] if 'id' in stix_object else None,
874884
stix_object['created'] if 'created' in stix_object else None,
875885
stix_object['modified'] if 'modified' in stix_object else None,
@@ -907,7 +917,7 @@ def import_relationship(self, stix_relation, update=False):
907917
# Check entities
908918
if stix_relation['source_ref'] in self.mapping_cache:
909919
source_id = self.mapping_cache[stix_relation['source_ref']]['id']
910-
source_type = self.mapping_cache[stix_relation['source_ref']]['type'] if stix_relation['relationship_type'] != 'indicates' else 'observable'
920+
source_type = self.mapping_cache[stix_relation['source_ref']]['type']
911921
else:
912922
if 'x_opencti_source_ref' in stix_relation:
913923
stix_object_result = self.opencti.get_stix_domain_entity_by_id(stix_relation['x_opencti_source_ref'])
@@ -1126,6 +1136,7 @@ def not_empty(self, value):
11261136
return False
11271137

11281138
def import_bundle(self, stix_bundle, update=False, types=[]):
1139+
self.mapping_cache = {}
11291140
# Check if the bundle is correctly formated
11301141
if 'type' not in stix_bundle or stix_bundle['type'] != 'bundle':
11311142
self.opencti.log('JSON data type is not a STIX2 bundle')

0 commit comments

Comments
 (0)