[client] Addition of STIX Cyber Observables examples (#147)

* Added relevant CyberObservable examples
* Removed empty example

Author: SyeedHasan

examples/add_label_to_observable.py

@@ -0,0 +1,30 @@
+# coding: utf-8
+
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = "https://demo.opencti.io"
+api_token = "YOUR_TOKEN"
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# Create the observable
+url = opencti_api_client.stix_cyber_observable.create(
+    observableData={
+        "type": "url",
+        "value": "http://johndoe.com"
+    }
+)
+# Create the tag (if not exists)
+label = opencti_api_client.label.create(
+    value="Suspicious",
+    color="#ffa500",
+)
+
+# Add the tag
+opencti_api_client.stix_cyber_observable.add_label(id=url["id"], label_id=label["id"])
+
+# Read the observable
+obs = opencti_api_client.stix_cyber_observable.read(id=url["id"])
+print(obs)

examples/create_ip_address_resolves_domain.py

@@ -0,0 +1,49 @@
+# coding: utf-8
+
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = "https://demo.opencti.io"
+api_token = "YOUR_TOKEN"
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+observable = opencti_api_client.stix_cyber_observable.create(
+    observableData={
+        "type": "file",
+        "hashes": {
+            "md5": "16b3f663d0f0371a4706642c6ac04e42",
+            "sha1": "3a1f908941311fc357051b5c35fd2a4e0c834e37",
+            "sha256": "bcc70a49fab005b4cdbe0cbd87863ec622c6b2c656987d201adbb0e05ec03e56",
+        },
+    }
+)
+
+process = opencti_api_client.stix_cyber_observable.create(
+    observableData = {
+        "type": "Process",
+        "x_opencti_description": "A process",
+        "cwd": "C:\Process.exe",
+        "pid": "19000",
+        "command_line": "--run exe",
+        "x_opencti_score": 90
+    }
+)
+
+author = opencti_api_client.identity.create(
+    name="John's Work",
+    description="Automated Toolkit",
+    type="Organization",
+)
+
+opencti_api_client.stix_core_relationship.create(
+    toId=observable["id"],
+    toType="StixFile",
+    fromId=process["id"],
+    fromType="Process",
+    confidence=90,
+    createdBy=author["id"],
+    relationship_type="related-to",
+    description="Relation between the File and Process objects"
+)

examples/create_observable_relationships.py

@@ -0,0 +1,23 @@
+# coding: utf-8
+
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = "https://demo.opencti.io"
+api_token = "YOUR_TOKEN"
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+process = opencti_api_client.stix_cyber_observable.create(
+    observableData = {
+        "type": "Process",
+        "x_opencti_description": "A process",
+        "cwd": "C:\Process.exe",
+        "pid": "19000",
+        "command_line": "--run exe",
+        "x_opencti_score": 90
+    }
+)
+
+print(process)

examples/create_process_observable.py

@@ -0,0 +1,57 @@
+# coding: utf-8
+
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = "https://demo.opencti.io"
+api_token = "YOUR_TOKEN"
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# Create an observable
+observable =  opencti_api_client.stix_cyber_observable.create(
+    observableData = {
+        "type": "file",
+        "x_opencti_description":"A malicious file",
+        "hashes": {
+            "MD5": "348aefbb6142d4fff8cf26fc5dc97f8a",
+            "SHA-1": "486e7e66c3a098c1c8f42e26c78f259d6b3108a6",
+            "SHA-256": "42c5e1fe01e689e550ba700b3c5dd4a04a84798c1868ba53c02abcbe21491515"
+        },
+        "x_opencti_score": "90"
+    })
+
+# Update the fields
+
+reference = opencti_api_client.external_reference.create(
+        source_name="Jen",
+        url="https://janedoe.com",
+        description="Sample Report"
+)
+
+opencti_api_client.stix_cyber_observable.add_external_reference(
+    id=observable["id"],
+    external_reference_id=reference["id"]
+)
+
+label = opencti_api_client.label.create(
+    value="Suspicious",
+    color="#ffa500",
+)
+
+opencti_api_client.stix_cyber_observable.add_marking_definition(
+    id=observable["id"],
+    marking_definition_id=label["id"]
+)
+
+author = opencti_api_client.identity.create(
+    name="John's Work",
+    description="Automated Toolkit",
+    type="Organization",
+)
+
+opencti_api_client.stix_cyber_observable.update_created_by(
+    id=observable["id"],
+    identity_id=author["id"]
+)