[client] Introduce new functions share/unshare and rescan

richard-julien · JeremyCloarec · commit b8723100cd19 · 2025-04-15T18:01:05.000+02:00
diff --git a/pycti/entities/opencti_stix_core_object.py b/pycti/entities/opencti_stix_core_object.py
@@ -1692,7 +1692,9 @@ def rule_apply(self, **kwargs):
         rule_id = kwargs.get("rule_id", None)
         element_id = kwargs.get("element_id", None)
         if element_id is not None and rule_id is not None:
-            self.opencti.app_logger.info("Apply rule stix_core_object", {"id": element_id})
+            self.opencti.app_logger.info(
+                "Apply rule stix_core_object", {"id": element_id}
+            )
             query = """
                 mutation StixCoreApplyRule($elementId: ID!, $ruleId: ID!) {
                     ruleApply(elementId: $elementId, ruleId: $ruleId)
@@ -1715,7 +1717,9 @@ def rule_clear(self, **kwargs):
         rule_id = kwargs.get("rule_id", None)
         element_id = kwargs.get("element_id", None)
         if element_id is not None and rule_id is not None:
-            self.opencti.app_logger.info("Apply rule clear stix_core_object", {"id": element_id})
+            self.opencti.app_logger.info(
+                "Apply rule clear stix_core_object", {"id": element_id}
+            )
             query = """
                 mutation StixCoreClearRule($elementId: ID!, $ruleId: ID!) {
                     ruleClear(elementId: $elementId, ruleId: $ruleId)
@@ -1726,6 +1730,81 @@ def rule_clear(self, **kwargs):
             self.opencti.app_logger.error("[stix_core_object] Missing parameters: id")
             return None
 
+    """
+        Apply rules rescan to Stix-Core-Object object
+
+        :param element_id: the Stix-Core-Object id
+        :return void
+    """
+
+    def rules_rescan(self, **kwargs):
+        element_id = kwargs.get("element_id", None)
+        if element_id is not None:
+            self.opencti.app_logger.info(
+                "Apply rules rescan stix_core_object", {"id": element_id}
+            )
+            query = """
+                mutation StixCoreRescanRules($elementId: ID!) {
+                    rulesRescan(elementId: $elementId)
+                }
+            """
+            self.opencti.query(query, {"elementId": element_id})
+        else:
+            self.opencti.app_logger.error("[stix_core_object] Missing parameters: id")
+            return None
+
+    """
+        Share element to multiple organizations
+
+        :param entity_id: the Stix-Core-Object id
+        :param organization_id:s the organization to share with
+        :return void
+    """
+
+    def organization_share(self, entity_id, organization_ids):
+        query = """
+            mutation StixCoreObjectEdit($id: ID!, $organizationId: [ID!]!) {
+                stixCoreObjectEdit(id: $id) {
+                    restrictionOrganizationAdd(organizationId: $organizationId) {
+                      id
+                    }
+                }
+            }
+        """
+        self.opencti.query(
+            query,
+            {
+                "id": entity_id,
+                "organizationId": organization_ids,
+            },
+        )
+
+    """
+        Unshare element from multiple organizations
+
+        :param entity_id: the Stix-Core-Object id
+        :param organization_id:s the organization to share with
+        :return void
+    """
+
+    def organization_unshare(self, entity_id, organization_ids):
+        query = """
+            mutation StixCoreObjectEdit($id: ID!, $organizationId: [ID!]!) {
+                stixCoreObjectEdit(id: $id) {
+                    restrictionOrganizationDelete(organizationId: $organizationId) {
+                      id
+                    }
+                }
+            }
+        """
+        self.opencti.query(
+            query,
+            {
+                "id": entity_id,
+                "organizationId": organization_ids,
+            },
+        )
+
     """
         Delete a Stix-Core-Object object
 
diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py
@@ -2475,6 +2475,17 @@ def rule_clear(self, item):
         rule_id = item["opencti_rule"]
         self.opencti.stix_core_object.rule_clear(element_id=item["id"], rule_id=rule_id)
 
+    def rules_rescan(self, item):
+        self.opencti.stix_core_object.rules_rescan(element_id=item["id"])
+
+    def organization_share(self, item):
+        organization_ids = item["organization_ids"]
+        self.opencti.stix_core_object.organization_share(item["id"], organization_ids)
+
+    def organization_unshare(self, item):
+        organization_ids = item["organization_ids"]
+        self.opencti.stix_core_object.organization_unshare(item["id"], organization_ids)
+
     def apply_opencti_operation(self, item, operation):
         if operation == "delete":
             delete_id = item["id"]
@@ -2489,8 +2500,17 @@ def apply_opencti_operation(self, item, operation):
             self.rule_apply(item=item)
         elif operation == "rule_clear":
             self.rule_clear(item=item)
+        elif operation == "rules_rescan":
+            self.rules_rescan(item=item)
+        elif operation == "share":
+            self.organization_share(item=item)
+        elif operation == "unshare":
+            self.organization_unshare(item=item)
         else:
-            raise ValueError("Not supported opencti_operation")
+            raise ValueError(
+                "Not supported opencti_operation",
+                {"operation": operation},
+            )
 
     def import_item(
         self,
