[examples] Add an example to link hashes together

Samuel Hassine · Samuel Hassine · commit b9045e4f1129 · 2019-12-04T20:14:15.000+01:00
diff --git a/examples/link_hashes_together.py b/examples/link_hashes_together.py
@@ -0,0 +1,60 @@
+# coding: utf-8
+
+import datetime
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = 'http://localhost:4000'
+api_token = 'c2d944bb-aea6-4bd6-b3d7-6c10451e2256'
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# Create observables
+hash_md5 = opencti_api_client.stix_observable.create(
+    type='File-MD5',
+    observable_value='16b3f663d0f0371a4706642c6ac04e42',
+    description='Hash linked to Emotet',
+    update=True
+)
+print(hash_md5)
+hash_sha1 = opencti_api_client.stix_observable.create(
+    type='File-SHA1',
+    observable_value='3a1f908941311fc357051b5c35fd2a4e0c834e37',
+    description='Hash linked to Emotet',
+    update=True
+)
+print(hash_sha1)
+hash_sha256 = opencti_api_client.stix_observable.create(
+    type='File-SHA256',
+    observable_value='bcc70a49fab005b4cdbe0cbd87863ec622c6b2c656987d201adbb0e05ec03e56',
+    description='Hash linked to Emotet',
+    update=True
+)
+print(hash_sha256)
+
+# Create relations
+opencti_api_client.stix_observable_relation.create(
+    relationship_type='corresponds',
+    fromType='File-MD5',
+    fromId=hash_md5['id'],
+    toType='File-SHA1',
+    toId=hash_sha1['id'],
+    ignore_dates=True
+)
+opencti_api_client.stix_observable_relation.create(
+    relationship_type='corresponds',
+    fromType='File-MD5',
+    fromId=hash_md5['id'],
+    toType='File-SHA256',
+    toId=hash_sha256['id'],
+    ignore_dates=True
+)
+opencti_api_client.stix_observable_relation.create(
+    relationship_type='corresponds',
+    fromType='File-SHA1',
+    fromId=hash_sha1['id'],
+    toType='File-SHA256',
+    toId=hash_sha256['id'],
+    ignore_dates=True
+)
diff --git a/pycti/entities/opencti_stix_observable.py b/pycti/entities/opencti_stix_observable.py
@@ -179,9 +179,7 @@ def create_raw(self, **kwargs):
             query = """
                mutation StixObservableAdd($input: StixObservableAddInput) {
                    stixObservableAdd(input: $input) {
-                       id
-                       entity_type
-                       observable_value
+                       """ + self.properties + """
                    }
                }
             """
diff --git a/pycti/entities/opencti_stix_observable_relation.py b/pycti/entities/opencti_stix_observable_relation.py
@@ -241,7 +241,7 @@ def create_raw(self, **kwargs):
         query = """
                     mutation StixObservableRelationAdd($input: StixObservableRelationAddInput!) {
                         stixObservableRelationAdd(input: $input) {
-                            id
+                            """ + self.properties + """
                         }
                     }
                 """

Original file line number	Diff line number	Diff line change
`@@ -179,9 +179,7 @@ def create_raw(self, **kwargs):`
`179`	`179`	`query = """`
`180`	`180`	`mutation StixObservableAdd($input: StixObservableAddInput) {`
`181`	`181`	`stixObservableAdd(input: $input) {`
`182`		`- id`
`183`		`- entity_type`
`184`		`- observable_value`
	`182`	`+ """ + self.properties + """`
`185`	`183`	`}`
`186`	`184`	`}`
`187`	`185`	`"""`
Original file line number	Diff line number	Diff line change
`@@ -241,7 +241,7 @@ def create_raw(self, **kwargs):`
`241`	`241`	`query = """`
`242`	`242`	`mutation StixObservableRelationAdd($input: StixObservableRelationAddInput!) {`
`243`	`243`	`stixObservableRelationAdd(input: $input) {`
`244`		`- id`
	`244`	`+ """ + self.properties + """`
`245`	`245`	`}`
`246`	`246`	`}`
`247`	`247`	`"""`