Skip to content
This repository was archived by the owner on Dec 5, 2025. It is now read-only.

Commit 5f096aa

Browse files
SamuelHassineSamuelHassine
committed
[client] More entities without files
1 parent 809fda7 commit 5f096aa

File tree

2 files changed

+429
-4
lines changed

2 files changed

+429
-4
lines changed

pycti/entities/opencti_observed_data.py

Lines changed: 213 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,211 @@ class ObservedData:
1212
def __init__(self, opencti):
1313
self.opencti = opencti
1414
self.properties = """
15+
id
16+
standard_id
17+
entity_type
18+
parent_types
19+
spec_version
20+
created_at
21+
updated_at
22+
createdBy {
23+
... on Identity {
24+
id
25+
standard_id
26+
entity_type
27+
parent_types
28+
spec_version
29+
identity_class
30+
name
31+
description
32+
roles
33+
contact_information
34+
x_opencti_aliases
35+
created
36+
modified
37+
objectLabel {
38+
edges {
39+
node {
40+
id
41+
value
42+
color
43+
}
44+
}
45+
}
46+
}
47+
... on Organization {
48+
x_opencti_organization_type
49+
x_opencti_reliability
50+
}
51+
... on Individual {
52+
x_opencti_firstname
53+
x_opencti_lastname
54+
}
55+
}
56+
objectMarking {
57+
edges {
58+
node {
59+
id
60+
standard_id
61+
entity_type
62+
definition_type
63+
definition
64+
created
65+
modified
66+
x_opencti_order
67+
x_opencti_color
68+
}
69+
}
70+
}
71+
objectLabel {
72+
edges {
73+
node {
74+
id
75+
value
76+
color
77+
}
78+
}
79+
}
80+
externalReferences {
81+
edges {
82+
node {
83+
id
84+
standard_id
85+
entity_type
86+
source_name
87+
description
88+
url
89+
hash
90+
external_id
91+
created
92+
modified
93+
}
94+
}
95+
}
96+
revoked
97+
confidence
98+
created
99+
modified
100+
first_observed
101+
last_observed
102+
number_observed
103+
objects(all: true) {
104+
edges {
105+
node {
106+
... on BasicObject {
107+
id
108+
entity_type
109+
parent_types
110+
}
111+
... on BasicRelationship {
112+
id
113+
entity_type
114+
parent_types
115+
}
116+
... on StixObject {
117+
standard_id
118+
spec_version
119+
created_at
120+
updated_at
121+
}
122+
... on AttackPattern {
123+
name
124+
}
125+
... on Campaign {
126+
name
127+
}
128+
... on CourseOfAction {
129+
name
130+
}
131+
... on Individual {
132+
name
133+
}
134+
... on Organization {
135+
name
136+
}
137+
... on Sector {
138+
name
139+
}
140+
... on System {
141+
name
142+
}
143+
... on Indicator {
144+
name
145+
}
146+
... on Infrastructure {
147+
name
148+
}
149+
... on IntrusionSet {
150+
name
151+
}
152+
... on Position {
153+
name
154+
}
155+
... on City {
156+
name
157+
}
158+
... on Country {
159+
name
160+
}
161+
... on Region {
162+
name
163+
}
164+
... on Malware {
165+
name
166+
}
167+
... on ThreatActor {
168+
name
169+
}
170+
... on Tool {
171+
name
172+
}
173+
... on Vulnerability {
174+
name
175+
}
176+
... on Incident {
177+
name
178+
}
179+
... on Event {
180+
name
181+
}
182+
... on Channel {
183+
name
184+
}
185+
... on Narrative {
186+
name
187+
}
188+
... on Language {
189+
name
190+
}
191+
... on DataComponent {
192+
name
193+
}
194+
... on DataSource {
195+
name
196+
}
197+
... on Case {
198+
name
199+
}
200+
... on StixCyberObservable {
201+
observable_value
202+
}
203+
... on StixCoreRelationship {
204+
standard_id
205+
spec_version
206+
created_at
207+
updated_at
208+
}
209+
... on StixSightingRelationship {
210+
standard_id
211+
spec_version
212+
created_at
213+
updated_at
214+
}
215+
}
216+
}
217+
}
218+
"""
219+
self.properties_with_files = """
15220
id
16221
standard_id
17222
entity_type
@@ -270,6 +475,7 @@ def list(self, **kwargs):
270475
custom_attributes = kwargs.get("customAttributes", None)
271476
get_all = kwargs.get("getAll", False)
272477
with_pagination = kwargs.get("withPagination", False)
478+
with_files = kwargs.get("withFiles", False)
273479
if get_all:
274480
first = 500
275481

@@ -281,7 +487,11 @@ def list(self, **kwargs):
281487
edges {
282488
node {
283489
"""
284-
+ (custom_attributes if custom_attributes is not None else self.properties)
490+
+ (
491+
custom_attributes
492+
if custom_attributes is not None
493+
else (self.properties_with_files if with_files else self.properties)
494+
)
285495
+ """
286496
}
287497
}
@@ -323,6 +533,7 @@ def read(self, **kwargs):
323533
id = kwargs.get("id", None)
324534
filters = kwargs.get("filters", None)
325535
custom_attributes = kwargs.get("customAttributes", None)
536+
with_files = kwargs.get("withFiles", False)
326537
if id is not None:
327538
LOGGER.info("Reading ObservedData {%s}.", id)
328539
query = (
@@ -333,7 +544,7 @@ def read(self, **kwargs):
333544
+ (
334545
custom_attributes
335546
if custom_attributes is not None
336-
else self.properties
547+
else (self.properties_with_files if with_files else self.properties)
337548
)
338549
+ """
339550
}

0 commit comments

Comments
 (0)