@@ -441,6 +441,47 @@ def extract_embedded_relationships(
441441 "type" : kill_chain_phase ["entity_type" ],
442442 }
443443 kill_chain_phases_ids .append (kill_chain_phase ["id" ])
444+ elif "x_opencti_kill_chain_phases" in stix_object :
445+ for kill_chain_phase in stix_object ["x_opencti_kill_chain_phases" ]:
446+ if (
447+ kill_chain_phase ["kill_chain_name" ] + kill_chain_phase ["phase_name" ]
448+ in self .mapping_cache
449+ ):
450+ kill_chain_phase = self .mapping_cache [
451+ kill_chain_phase ["kill_chain_name" ]
452+ + kill_chain_phase ["phase_name" ]
453+ ]
454+ else :
455+ if (
456+ "x_opencti_order" not in kill_chain_phase
457+ and self .opencti .get_attribute_in_extension (
458+ "order" , kill_chain_phase
459+ )
460+ is not None
461+ ):
462+ kill_chain_phase [
463+ "x_opencti_order"
464+ ] = self .opencti .get_attribute_in_extension (
465+ "order" , kill_chain_phase
466+ )
467+ kill_chain_phase = self .opencti .kill_chain_phase .create (
468+ kill_chain_name = kill_chain_phase ["kill_chain_name" ],
469+ phase_name = kill_chain_phase ["phase_name" ],
470+ x_opencti_order = kill_chain_phase ["x_opencti_order" ]
471+ if "x_opencti_order" in kill_chain_phase
472+ else 0 ,
473+ stix_id = kill_chain_phase ["id" ]
474+ if "id" in kill_chain_phase
475+ else None ,
476+ )
477+ self .mapping_cache [
478+ kill_chain_phase ["kill_chain_name" ]
479+ + kill_chain_phase ["phase_name" ]
480+ ] = {
481+ "id" : kill_chain_phase ["id" ],
482+ "type" : kill_chain_phase ["entity_type" ],
483+ }
484+ kill_chain_phases_ids .append (kill_chain_phase ["id" ])
444485 # Object refs
445486 object_refs_ids = (
446487 stix_object ["object_refs" ] if "object_refs" in stix_object else []
@@ -599,6 +640,58 @@ def extract_embedded_relationships(
599640 update = True ,
600641 )
601642 reports [external_reference_id ] = report
643+ elif "x_opencti_external_references" in stix_object :
644+ for external_reference in stix_object ["x_opencti_external_references" ]:
645+ url = external_reference ["url" ] if "url" in external_reference else None
646+ source_name = (
647+ external_reference ["source_name" ]
648+ if "source_name" in external_reference
649+ else None
650+ )
651+ external_id = (
652+ external_reference ["external_id" ]
653+ if "external_id" in external_reference
654+ else None
655+ )
656+ generated_ref_id = self .opencti .external_reference .generate_id (
657+ url , source_name , external_id
658+ )
659+ if generated_ref_id is None :
660+ continue
661+ if generated_ref_id in self .mapping_cache :
662+ external_reference_id = self .mapping_cache [generated_ref_id ]
663+ else :
664+ external_reference_id = self .opencti .external_reference .create (
665+ source_name = source_name ,
666+ url = url ,
667+ external_id = external_id ,
668+ description = external_reference ["description" ]
669+ if "description" in external_reference
670+ else None ,
671+ )["id" ]
672+ if "x_opencti_files" in external_reference :
673+ for file in external_reference ["x_opencti_files" ]:
674+ self .opencti .external_reference .add_file (
675+ id = external_reference_id ,
676+ file_name = file ["name" ],
677+ data = base64 .b64decode (file ["data" ]),
678+ mime_type = file ["mime_type" ],
679+ )
680+ if (
681+ self .opencti .get_attribute_in_extension ("files" , external_reference )
682+ is not None
683+ ):
684+ for file in self .opencti .get_attribute_in_extension (
685+ "files" , external_reference
686+ ):
687+ self .opencti .external_reference .add_file (
688+ id = external_reference_id ,
689+ file_name = file ["name" ],
690+ data = base64 .b64decode (file ["data" ]),
691+ mime_type = file ["mime_type" ],
692+ )
693+ self .mapping_cache [generated_ref_id ] = generated_ref_id
694+ external_references_ids .append (external_reference_id )
602695 # Granted refs
603696 granted_refs_ids = []
604697 if (
0 commit comments