@@ -347,21 +347,50 @@ def create(self, **kwargs):
347347 }
348348 }
349349 ... on AttackPattern {
350+ killChainPhases {
351+ edges {
352+ node {
353+ id
354+ kill_chain_name
355+ phase_name
356+ }
357+ }
358+ }
350359 platform
351360 required_permission
352- external_id
361+ external_id
353362 }
354363 """
355- object_result = self .opencti .stix_domain_entity .get_by_stix_id_or_name (
356- types = ["Attack-Pattern" ],
357- stix_id_key = stix_id_key ,
358- name = name ,
359- customAttributes = custom_attributes ,
360- )
364+ object_result = None
365+ if stix_id_key is not None :
366+ object_result = self .read (
367+ id = stix_id_key , customAttributes = custom_attributes
368+ )
361369 if object_result is None and external_id is not None :
362370 object_result = self .read (
363371 filters = [{"key" : "external_id" , "values" : [external_id ]}]
364372 )
373+ if object_result is None and name is not None :
374+ object_result = self .read (
375+ filters = [{"key" : "name" , "values" : [name ]}],
376+ customAttributes = custom_attributes ,
377+ )
378+ if object_result is None :
379+ object_result = self .read (
380+ filters = [{"key" : "alias" , "values" : [name ]}],
381+ customAttributes = custom_attributes ,
382+ )
383+ if object_result is not None :
384+ # Check kill chain phase
385+ if kill_chain_phases is not None and len (object_result ["killChainPhasesIds" ]) > 0 :
386+ is_kill_chain_phase_match = False
387+ for kill_chain_phase in kill_chain_phases :
388+ for kill_chain_phase_id in object_result ["killChainPhasesIds" ]:
389+ if kill_chain_phase_id == kill_chain_phase :
390+ is_kill_chain_phase_match = True
391+ if not is_kill_chain_phase_match :
392+ object_result = None
393+
365394 if object_result is not None :
366395 if update or object_result ["createdByRefId" ] == created_by_ref :
367396 # name
0 commit comments