[client] Introduce background tasks support

Author: richard-julien

pycti/entities/opencti_stix_core_object.py

@@ -1680,6 +1680,52 @@ def reports(self, **kwargs):
             self.opencti.app_logger.error("Missing parameters: id")
             return None
 
+    """
+        Apply rule to Stix-Core-Object object
+
+        :param element_id: the Stix-Core-Object id
+        :param rule_id: the rule to apply
+        :return void
+    """
+
+    def rule_apply(self, **kwargs):
+        rule_id = kwargs.get("rule_id", None)
+        element_id = kwargs.get("element_id", None)
+        if element_id is not None and rule_id is not None:
+            self.opencti.app_logger.info("Apply rule stix_core_object", {"id": element_id})
+            query = """
+                mutation StixCoreApplyRule($elementId: ID!, $ruleId: ID!) {
+                    ruleApply(elementId: $elementId, ruleId: $ruleId)
+                }
+            """
+            self.opencti.query(query, {"elementId": element_id, "ruleId": rule_id})
+        else:
+            self.opencti.app_logger.error("[stix_core_object] Missing parameters: id")
+            return None
+
+    """
+        Apply rule clear to Stix-Core-Object object
+
+        :param element_id: the Stix-Core-Object id
+        :param rule_id: the rule to apply
+        :return void
+    """
+
+    def rule_clear(self, **kwargs):
+        rule_id = kwargs.get("rule_id", None)
+        element_id = kwargs.get("element_id", None)
+        if element_id is not None and rule_id is not None:
+            self.opencti.app_logger.info("Apply rule clear stix_core_object", {"id": element_id})
+            query = """
+                mutation StixCoreClearRule($elementId: ID!, $ruleId: ID!) {
+                    ruleClear(elementId: $elementId, ruleId: $ruleId)
+                }
+            """
+            self.opencti.query(query, {"elementId": element_id, "ruleId": rule_id})
+        else:
+            self.opencti.app_logger.error("[stix_core_object] Missing parameters: id")
+            return None
+
     """
         Delete a Stix-Core-Object object
 

pycti/utils/opencti_stix2.py

@@ -2467,6 +2467,14 @@ def apply_patch(self, item):
                 )
         self.apply_patch_files(item)
 
+    def rule_apply(self, item):
+        rule_id = item["opencti_rule"]
+        self.opencti.stix_core_object.rule_apply(element_id=item["id"], rule_id=rule_id)
+
+    def rule_clear(self, item):
+        rule_id = item["opencti_rule"]
+        self.opencti.stix_core_object.rule_clear(element_id=item["id"], rule_id=rule_id)
+
     def apply_opencti_operation(self, item, operation):
         if operation == "delete":
             delete_id = item["id"]
@@ -2477,6 +2485,10 @@ def apply_opencti_operation(self, item, operation):
             self.opencti.stix.merge(id=target_id, object_ids=source_ids)
         elif operation == "patch":
             self.apply_patch(item=item)
+        elif operation == "rule_apply":
+            self.rule_apply(item=item)
+        elif operation == "rule_clear":
+            self.rule_clear(item=item)
         else:
             raise ValueError("Not supported opencti_operation")
 

pycti/utils/opencti_stix2_splitter.py

@@ -176,11 +176,11 @@ def enlist_element(
         # Put in cache
         if self.cache_index.get(item_id) is None:
             # enlist only if compatible
-            if item["type"] == "relationship":
+            if item["type"] == "relationship" and item.get("opencti_operation") is None:
                 is_compatible = (
                     item["source_ref"] is not None and item["target_ref"] is not None
                 )
-            elif item["type"] == "sighting":
+            elif item["type"] == "sighting" and item.get("opencti_operation") is None:
                 is_compatible = (
                     item["sighting_of_ref"] is not None
                     and len(item["where_sighted_refs"]) > 0