[client] Allow sightings with observables

Samuel Hassine · Samuel Hassine · commit b469030c4be1 · 2021-02-13T17:43:34.000+01:00
diff --git a/pycti/__init__.py b/pycti/__init__.py
@@ -43,7 +43,11 @@
 from .utils.opencti_stix2 import OpenCTIStix2
 from .utils.opencti_stix2_splitter import OpenCTIStix2Splitter
 from .utils.opencti_stix2_update import OpenCTIStix2Update
-from .utils.opencti_stix2_utils import OpenCTIStix2Utils, SimpleObservable
+from .utils.opencti_stix2_utils import (
+    OpenCTIStix2Utils,
+    SimpleObservable,
+    StixXOpenCTIIncident,
+)
 from .utils.constants import StixCyberObservableTypes
 
 __all__ = [
@@ -87,4 +91,5 @@
     "OpenCTIStix2Utils",
     "StixCyberObservableTypes",
     "SimpleObservable",
+    "StixXOpenCTIIncident",
 ]
diff --git a/pycti/entities/opencti_stix_core_relationship.py b/pycti/entities/opencti_stix_core_relationship.py
@@ -1025,10 +1025,19 @@ def import_from_stix2(self, **kwargs):
                 stix_relation["relationship_type"] = "part-of"
             elif stix_relation["relationship_type"] == "localization":
                 stix_relation["relationship_type"] = "located-at"
-
+            source_ref = (
+                stix_relation["x_opencti_source_ref"]
+                if "x_opencti_source_ref" in stix_relation
+                else stix_relation["source_ref"]
+            )
+            target_ref = (
+                stix_relation["x_opencti_target_ref"]
+                if "x_opencti_target_ref" in stix_relation
+                else stix_relation["target_ref"]
+            )
             return self.create(
-                fromId=stix_relation["source_ref"],
-                toId=stix_relation["target_ref"],
+                fromId=source_ref,
+                toId=target_ref,
                 stix_id=stix_relation["id"],
                 relationship_type=stix_relation["relationship_type"],
                 description=self.opencti.stix2.convert_markdown(
diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py
@@ -1490,13 +1490,15 @@ def import_bundle(self, stix_bundle, update=False, types=None) -> List:
                     if "where_sighted_refs" in item:
                         for where_sighted_ref in item["where_sighted_refs"]:
                             to_ids.append(where_sighted_ref)
-
                     # Import sighting_of_ref
-                    from_id = item["sighting_of_ref"]
+                    from_id = (
+                        item["x_opencti_sighting_of_ref"]
+                        if "x_opencti_sighting_of_ref" in item
+                        else item["sighting_of_ref"]
+                    )
                     if len(to_ids) > 0:
                         for to_id in to_ids:
                             self.import_sighting(item, from_id, to_id, update)
-
                     # Import observed_data_refs
                     if "observed_data_refs" in item:
                         for observed_data_ref in item["observed_data_refs"]:
diff --git a/pycti/utils/opencti_stix2_utils.py b/pycti/utils/opencti_stix2_utils.py
@@ -4,6 +4,7 @@
     EqualityComparisonExpression,
     ObservationExpression,
     CustomObservable,
+    CustomObject,
     ExternalReference,
     properties,
 )
@@ -89,3 +90,32 @@ def generate_random_stix_id(stix_type):
 )
 class SimpleObservable:
     pass
+
+
+@CustomObject(
+    "x-opencti-incident",
+    [
+        ("name", properties.StringProperty(required=True)),
+        ("description", properties.StringProperty()),
+        ("aliases", properties.ListProperty(contained=properties.StringProperty())),
+        ("first_seen", properties.TimestampProperty()),
+        ("last_seen", properties.TimestampProperty()),
+        ("objective", properties.StringProperty()),
+        (
+            "created_by_ref",
+            properties.ReferenceProperty(valid_types="identity", spec_version="2.1"),
+        ),
+        ("labels", properties.ListProperty(properties.StringProperty)),
+        ("external_references", properties.ListProperty(ExternalReference)),
+        (
+            "object_marking_refs",
+            properties.ListProperty(
+                properties.ReferenceProperty(
+                    valid_types="marking-definition", spec_version="2.1"
+                )
+            ),
+        ),
+    ],
+)
+class StixXOpenCTIIncident:
+    pass
diff --git a/setup.py b/setup.py
@@ -5,7 +5,7 @@
 from setuptools import setup
 from setuptools.command.install import install
 
-VERSION = "4.2.1"
+VERSION = "4.2.2"
 
 with open("README.md", "r") as fh:
     long_description = fh.read()
