[client] Add TrackingNumber and Credential observables (#609)

ParamConstructor · one-L-of-a-girl · richard-julien · web-flow · commit 65143355ab51 · 2024-04-05T23:38:12.000+02:00
Co-authored-by: One 'L' of a Girl &lt;132393984+one-L-of-a-girl@users.noreply.github.com&gt;
Co-authored-by: Julien Richard &lt;julien.richard@filigran.io&gt;
diff --git a/pycti/__init__.py b/pycti/__init__.py
@@ -53,9 +53,14 @@
 from .utils.constants import (
     CustomObjectCaseIncident,
     CustomObjectTask,
+    CustomObservableBankAccount,
+    CustomObservableCredential,
     CustomObservableCryptocurrencyWallet,
     CustomObservableHostname,
+    CustomObservablePaymentCard,
+    CustomObservablePhoneNumber,
     CustomObservableText,
+    CustomObservableTrackingNumber,
     CustomObservableUserAgent,
     MultipleRefRelationship,
     StixCyberObservableTypes,
@@ -128,9 +133,14 @@
     "CustomObjectCaseIncident",
     "CustomObjectTask",
     "StixCyberObservableTypes",
+    "CustomObservableCredential",
     "CustomObservableHostname",
     "CustomObservableUserAgent",
+    "CustomObservableBankAccount",
     "CustomObservableCryptocurrencyWallet",
+    "CustomObservablePaymentCard",
+    "CustomObservablePhoneNumber",
+    "CustomObservableTrackingNumber",
     "CustomObservableText",
     "STIX_EXT_MITRE",
     "STIX_EXT_OCTI_SCO",
diff --git a/pycti/entities/opencti_stix_core_object.py b/pycti/entities/opencti_stix_core_object.py
@@ -615,6 +615,12 @@ def __init__(self, opencti, file):
             ... on PhoneNumber {
                 value
             }
+            ... on TrackingNumber {
+                value
+            }
+            ... on Credential {
+                value
+            }
             ... on PaymentCard {
                 card_number
                 expiration_date
diff --git a/pycti/entities/opencti_stix_cyber_observable.py b/pycti/entities/opencti_stix_cyber_observable.py
@@ -282,6 +282,12 @@ def __init__(self, opencti, file):
             ... on PhoneNumber {
                 value
             }
+            ... on TrackingNumber {
+                value
+            }
+            ... on Credential {
+                value
+            }
             ... on PaymentCard {
                 card_number
                 expiration_date
@@ -576,6 +582,12 @@ def __init__(self, opencti, file):
             ... on PhoneNumber {
                 value
             }
+            ... on TrackingNumber {
+                value
+            }
+            ... on Credential {
+                value
+            }
             ... on PaymentCard {
                 card_number
                 expiration_date
@@ -857,6 +869,15 @@ def create(self, **kwargs):
             type = "IPv6-Addr"
         elif type.lower() == "hostname" or type.lower() == "x-opencti-hostname":
             type = "Hostname"
+        elif type.lower() == "payment-card" or type.lower() == "x-opencti-payment-card":
+            type = "Payment-Card"
+        elif type.lower() == "credential" or type.lower() == "x-opencti-credential":
+            type = "Credential"
+        elif (
+            type.lower() == "tracking-number"
+            or type.lower() == "x-opencti-tracking-number"
+        ):
+            type = "Tracking-Number"
         elif (
             type.lower() == "cryptocurrency-wallet"
             or type.lower() == "x-opencti-cryptocurrency-wallet"
@@ -974,6 +995,8 @@ def create(self, **kwargs):
                     $UserAgent: UserAgentAddInput
                     $BankAccount: BankAccountAddInput
                     $PhoneNumber: PhoneNumberAddInput
+                    $Credential: CredentialAddInput
+                    $TrackingNumber: TrackingNumberAddInput
                     $PaymentCard: PaymentCardAddInput
                     $MediaContent: MediaContentAddInput
                 ) {
@@ -1016,6 +1039,8 @@ def create(self, **kwargs):
                         UserAgent: $UserAgent
                         BankAccount: $BankAccount
                         PhoneNumber: $PhoneNumber
+                        Credential: $Credential
+                        TrackingNumber: $TrackingNumber
                         PaymentCard: $PaymentCard
                         MediaContent: $MediaContent
                     ) {
@@ -1508,15 +1533,6 @@ def create(self, **kwargs):
                         observable_data["value"] if "value" in observable_data else None
                     ),
                 }
-            elif (
-                type == "Cryptocurrency-Wallet"
-                or type == "X-OpenCTI-Cryptocurrency-Wallet"
-            ):
-                input_variables["CryptocurrencyWallet"] = {
-                    "value": (
-                        observable_data["value"] if "value" in observable_data else None
-                    ),
-                }
             elif type == "Hostname":
                 input_variables["Hostname"] = {
                     "value": (
@@ -1588,6 +1604,48 @@ def create(self, **kwargs):
                         else None
                     ),
                 }
+            elif type == "Payment-Card" or type.lower() == "x-opencti-payment-card":
+                input_variables["PaymentCard"] = {
+                    "card_number": (
+                        observable_data["card_number"]
+                        if "card_number" in observable_data
+                        else None
+                    ),
+                    "expiration_date": (
+                        observable_data["expiration_date"]
+                        if "expiration_date" in observable_data
+                        else None
+                    ),
+                    "cvv": observable_data["cvv"] if "cvv" in observable_data else None,
+                    "holder_name": (
+                        observable_data["holder_name"]
+                        if "holder_name" in observable_data
+                        else None
+                    ),
+                }
+            elif (
+                type == "Cryptocurrency-Wallet"
+                or type.lower() == "x-opencti-cryptocurrency-wallet"
+            ):
+                input_variables["CryptocurrencyWallet"] = {
+                    "value": (
+                        observable_data["value"] if "value" in observable_data else None
+                    ),
+                }
+            elif type == "Credential" or type.lower() == "x-opencti-credential":
+                input_variables["Credential"] = {
+                    "value": (
+                        observable_data["value"] if "value" in observable_data else None
+                    ),
+                }
+            elif (
+                type == "Tracking-Number" or type.lower() == "x-opencti-tracking-number"
+            ):
+                input_variables["TrackingNumber"] = {
+                    "value": (
+                        observable_data["value"] if "value" in observable_data else None
+                    ),
+                }
             result = self.opencti.query(query, input_variables)
             if "payload_bin" in observable_data and "mime/type" in observable_data:
                 self.add_file(
diff --git a/pycti/utils/constants.py b/pycti/utils/constants.py
@@ -42,6 +42,8 @@ class StixCyberObservableTypes(Enum):
     USER_AGENT = "User-Agent"
     BANK_ACCOUNT = "Bank-Account"
     PHONE_NUMBER = "Phone-Number"
+    CREDENTIAL = "Credential"
+    TRACKING_NUMBER = "Tracking-Number"
     PAYMENT_CARD = "Payment-Card"
     MEDIA_CONTENT = "Media-Content"
     SIMPLE_OBSERVABLE = "Simple-Observable"
@@ -66,6 +68,7 @@ def has_value(cls, value):
 
 class ThreatActorTypes(Enum):
     THREAT_ACTOR_GROUP = "Threat-Actor-Group"
+    THREAT_ACTOR_INDIVIDUAL = "Threat-Actor-Individual"
 
     @classmethod
     def has_value(cls, value):
@@ -263,6 +266,73 @@ class CustomObservableText:
     pass
 
 
+@CustomObservable(
+    "payment-card",
+    [
+        ("value", StringProperty(required=True)),
+        ("card_number", StringProperty(required=True)),
+        ("expiration_date", StringProperty(required=False)),
+        ("cvv", StringProperty(required=False)),
+        ("holder_name", StringProperty(required=False)),
+        ("spec_version", StringProperty(fixed="2.1")),
+        (
+            "object_marking_refs",
+            ListProperty(
+                ReferenceProperty(valid_types="marking-definition", spec_version="2.1")
+            ),
+        ),
+    ],
+    ["card_number"],
+)
+class CustomObservablePaymentCard:
+    """Payment card observable."""
+
+    pass
+
+
+@CustomObservable(
+    "bank-account",
+    [
+        ("value", StringProperty(required=True)),
+        ("iban", StringProperty(required=True)),
+        ("bic", StringProperty(required=False)),
+        ("account_number", StringProperty(required=False)),
+        ("spec_version", StringProperty(fixed="2.1")),
+        (
+            "object_marking_refs",
+            ListProperty(
+                ReferenceProperty(valid_types="marking-definition", spec_version="2.1")
+            ),
+        ),
+    ],
+    ["iban"],
+)
+class CustomObservableBankAccount:
+    """Bank Account observable."""
+
+    pass
+
+
+@CustomObservable(
+    "credential",
+    [
+        ("value", StringProperty(required=True)),
+        ("spec_version", StringProperty(fixed="2.1")),
+        (
+            "object_marking_refs",
+            ListProperty(
+                ReferenceProperty(valid_types="marking-definition", spec_version="2.1")
+            ),
+        ),
+    ],
+    ["value"],
+)
+class CustomObservableCredential:
+    """Credential observable."""
+
+    pass
+
+
 @CustomObservable(
     "cryptocurrency-wallet",
     [
@@ -283,6 +353,46 @@ class CustomObservableCryptocurrencyWallet:
     pass
 
 
+@CustomObservable(
+    "phone-number",
+    [
+        ("value", StringProperty(required=True)),
+        ("spec_version", StringProperty(fixed="2.1")),
+        (
+            "object_marking_refs",
+            ListProperty(
+                ReferenceProperty(valid_types="marking-definition", spec_version="2.1")
+            ),
+        ),
+    ],
+    ["value"],
+)
+class CustomObservablePhoneNumber:
+    """Phone number observable."""
+
+    pass
+
+
+@CustomObservable(
+    "tracking-number",
+    [
+        ("value", StringProperty(required=True)),
+        ("spec_version", StringProperty(fixed="2.1")),
+        (
+            "object_marking_refs",
+            ListProperty(
+                ReferenceProperty(valid_types="marking-definition", spec_version="2.1")
+            ),
+        ),
+    ],
+    ["value"],
+)
+class CustomObservableTrackingNumber:
+    """Tracking number observable."""
+
+    pass
+
+
 @CustomObservable(
     "user-agent",
     [
diff --git a/pycti/utils/opencti_stix2_utils.py b/pycti/utils/opencti_stix2_utils.py
@@ -7,8 +7,11 @@
     "directory": "Directory",
     "domain-name": "Domain-Name",
     "email-addr": "Email-Addr",
-    "file": "StixFile",
     "email-message": "Email-Message",
+    "email-mime-part-type": "Email-Mime-Part-Type",
+    "artifact": "Artifact",
+    "file": "StixFile",
+    "x509-certificate": "X509-Certificate",
     "ipv4-addr": "IPv4-Addr",
     "ipv6-addr": "IPv6-Addr",
     "mac-addr": "Mac-Addr",
@@ -21,8 +24,14 @@
     "windows-registry-key": "Windows-Registry-Key",
     "windows-registry-value-type": "Windows-Registry-Value-Type",
     "hostname": "Hostname",
+    "cryptographic-key": "Cryptographic-Key",
+    "cryptocurrency-wallet": "Cryptocurrency-Wallet",
+    "text": "Text",
+    "user-agent": "User-Agent",
     "bank-account": "Bank-Account",
     "phone-number": "Phone-Number",
+    "credential": "Credential",
+    "tracking-number": "Tracking-Number",
     "payment-card": "Payment-Card",
     "media-content": "Media-Content",
 }
@@ -54,6 +63,8 @@
     "Bank-Account": ["iban"],
     "Phone-Number": ["value"],
     "Payment-Card": ["card_number"],
+    "Tracking-Number": ["value"],
+    "Credential": ["value"],
     "Media-Content": ["url"],
 }
 
