[client] New specific operations for PIR (opencti #10032)

lndrtrbn · Archidoit · SouadHadjiat · web-flow · commit 826d85f184d0 · 2025-05-27T15:23:46.000+02:00
Co-authored-by: Cathia Archidoit &lt;cathia.archidoit@filigran.io&gt;
Co-authored-by: Souad Hadjiat &lt;souad.hadjiat@filigran.io&gt;
diff --git a/pycti/api/opencti_api_client.py b/pycti/api/opencti_api_client.py
@@ -10,6 +10,7 @@
 
 from pycti import __version__
 from pycti.api.opencti_api_connector import OpenCTIApiConnector
+from pycti.api.opencti_api_pir import OpenCTIApiPir
 from pycti.api.opencti_api_playbook import OpenCTIApiPlaybook
 from pycti.api.opencti_api_work import OpenCTIApiWork
 from pycti.entities.opencti_attack_pattern import AttackPattern
@@ -170,6 +171,7 @@ def __init__(
         self.playbook = OpenCTIApiPlaybook(self)
         self.connector = OpenCTIApiConnector(self)
         self.stix2 = OpenCTIStix2(self)
+        self.pir = OpenCTIApiPir(self)
 
         # Define the entities
         self.vocabulary = Vocabulary(self)
diff --git a/pycti/api/opencti_api_pir.py b/pycti/api/opencti_api_pir.py
@@ -0,0 +1,37 @@
+class OpenCTIApiPir:
+    """OpenCTIApiPir"""
+
+    def __init__(self, api):
+        self.api = api
+
+    def pir_flag_element(self, **kwargs):
+        id = kwargs.get("id", None)
+        input = kwargs.get("input", None)
+        query = """
+            mutation PirFlagElement($id: ID!, $input: PirFlagElementInput!) {
+                pirFlagElement(id: $id, input: $input)
+            }
+           """
+        self.api.query(
+            query,
+            {
+                "id": id,
+                "input": input,
+            },
+        )
+
+    def pir_unflag_element(self, **kwargs):
+        id = kwargs.get("id", None)
+        input = kwargs.get("input", None)
+        query = """
+            mutation PirUnflagElement($id: ID!, $input: PirUnflagElementInput!) {
+                pirUnflagElement(id: $id, input: $input)
+            }
+           """
+        self.api.query(
+            query,
+            {
+                "id": id,
+                "input": input,
+            },
+        )
diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py
@@ -2484,6 +2484,14 @@ def apply_opencti_operation(self, item, operation):
             self.opencti.stix.merge(id=target_id, object_ids=source_ids)
         elif operation == "patch":
             self.apply_patch(item=item)
+        elif operation == "pir_flag_element":
+            id = item["id"]
+            input = item["input"]
+            self.opencti.pir.pir_flag_element(id=id, input=input)
+        elif operation == "pir_unflag_element":
+            id = item["id"]
+            input = item["input"]
+            self.opencti.pir.pir_unflag_element(id=id, input=input)
         else:
             raise ValueError("Not supported opencti_operation")
 
diff --git a/pycti/utils/opencti_stix2_splitter.py b/pycti/utils/opencti_stix2_splitter.py
@@ -19,6 +19,7 @@
     SUPPORTED_STIX_ENTITY_OBJECTS  # entities
     + list(STIX_CYBER_OBSERVABLE_MAPPING.keys())  # observables
     + ["relationship", "sighting"]  # relationships
+    + ["pir"]
 )
 
 

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@`
`19`	`19`	`SUPPORTED_STIX_ENTITY_OBJECTS # entities`
`20`	`20`	`+ list(STIX_CYBER_OBSERVABLE_MAPPING.keys()) # observables`
`21`	`21`	`+ ["relationship", "sighting"] # relationships`
	`22`	`+ + ["pir"]`
`22`	`23`	`)`
`23`	`24`
`24`	`25`