Skip to content
This repository was archived by the owner on Dec 5, 2025. It is now read-only.

Commit c862dbc

Browse files
author
Samuel Hassine
committed
[client] Fix stix cyber observable relationships management (#144)
1 parent 5968c94 commit c862dbc

File tree

3 files changed

+48
-87
lines changed

3 files changed

+48
-87
lines changed

examples/create_observable_relationships.py

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,9 +39,7 @@
3939

4040
opencti_api_client.stix_core_relationship.create(
4141
toId=observable["id"],
42-
toType="StixFile",
4342
fromId=process["id"],
44-
fromType="Process",
4543
confidence=90,
4644
createdBy=author["id"],
4745
relationship_type="related-to",

pycti/api/opencti_api_client.py

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ def __init__(self, url, token, log_level="info", ssl_verify=False, proxies={}):
119119
self.stix_cyber_observable = StixCyberObservable(self, File)
120120
self.stix_core_relationship = StixCoreRelationship(self)
121121
self.stix_sighting_relationship = StixSightingRelationship(self)
122-
self.stix_observable_relationship = StixCyberObservableRelationship(self)
122+
self.stix_cyber_observable_relationship = StixCyberObservableRelationship(self)
123123
self.identity = Identity(self)
124124
self.location = Location(self)
125125
self.threat_actor = ThreatActor(self)
@@ -263,7 +263,11 @@ def query(self, query, variables={}):
263263
result = r.json()
264264
if "errors" in result:
265265
main_error = result["errors"][0]
266-
error_name = main_error["name"]
266+
error_name = (
267+
main_error["name"]
268+
if "name" in main_error
269+
else main_error["message"]
270+
)
267271
if "data" in main_error and "reason" in main_error["data"]:
268272
logging.error(main_error["data"]["reason"])
269273
raise ValueError(

pycti/entities/opencti_stix_cyber_observable_relationship.py

Lines changed: 42 additions & 83 deletions
Original file line numberDiff line numberDiff line change
@@ -15,56 +15,22 @@ def __init__(self, opencti):
1515
relationship_type
1616
start_time
1717
stop_time
18-
revoked
19-
confidence
20-
lang
21-
created
22-
modified
2318
from {
24-
id
25-
standard_id
26-
entity_type
27-
parent_types
28-
observable_value
19+
... on StixCyberObservable {
20+
id
21+
standard_id
22+
entity_type
23+
parent_types
24+
observable_value
25+
}
2926
}
3027
to {
31-
id
32-
standard_id
33-
entity_type
34-
parent_types
35-
observable_value
36-
}
37-
createdBy {
38-
... on Identity {
28+
... on StixCyberObservable {
3929
id
4030
standard_id
4131
entity_type
4232
parent_types
43-
spec_version
44-
name
45-
description
46-
roles
47-
contact_information
48-
x_opencti_aliases
49-
created
50-
modified
51-
objectLabel {
52-
edges {
53-
node {
54-
id
55-
value
56-
color
57-
}
58-
}
59-
}
60-
}
61-
... on Organization {
62-
x_opencti_organization_type
63-
x_opencti_reliability
64-
}
65-
... on Individual {
66-
x_opencti_firstname
67-
x_opencti_lastname
33+
observable_value
6834
}
6935
}
7036
"""
@@ -85,15 +51,17 @@ def __init__(self, opencti):
8551
"""
8652

8753
def list(self, **kwargs):
54+
element_id = kwargs.get("elementId", None)
8855
from_id = kwargs.get("fromId", None)
8956
from_types = kwargs.get("fromTypes", None)
9057
to_id = kwargs.get("toId", None)
9158
to_types = kwargs.get("toTypes", None)
9259
relationship_type = kwargs.get("relationship_type", None)
93-
first_seen_start = kwargs.get("startTimeStart", None)
94-
first_seen_stop = kwargs.get("startTimeStop", None)
95-
last_seen_start = kwargs.get("stopTimeStart", None)
96-
last_seen_stop = kwargs.get("stopTimeStop", None)
60+
start_time_start = kwargs.get("startTimeStart", None)
61+
start_time_stop = kwargs.get("startTimeStop", None)
62+
stop_time_start = kwargs.get("stopTimeStart", None)
63+
stop_time_stop = kwargs.get("stopTimeStop", None)
64+
filters = kwargs.get("filters", [])
9765
first = kwargs.get("first", 500)
9866
after = kwargs.get("after", None)
9967
order_by = kwargs.get("orderBy", None)
@@ -115,8 +83,8 @@ def list(self, **kwargs):
11583
)
11684
query = (
11785
"""
118-
query StixCyberObservableRelationships($fromId: String, $fromTypes: [String], $toId: String, $toTypes: [String], $relationship_type: String, $startTimeStart: DateTime, $startTimeStop: DateTime, $stopTimeStart: DateTime, $stopTimeStop: DateTime, $first: Int, $after: ID, $orderBy: StixCyberObservableRelationshipsOrdering, $orderMode: OrderingMode) {
119-
StixCyberObservableRelationships(fromId: $fromId, fromTypes: $fromTypes, toId: $toId, toTypes: $toTypes, relationship_type: $relationship_type, startTimeStart: $startTimeStart, startTimeStop: $startTimeStop, stopTimeStart: $stopTimeStart, stopTimeStop: $stopTimeStop, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
86+
query StixCyberObservableRelationships($elementId: String, $fromId: String, $fromTypes: [String], $toId: String, $toTypes: [String], $relationship_type: String, $startTimeStart: DateTime, $startTimeStop: DateTime, $stopTimeStart: DateTime, $stopTimeStop: DateTime, $filters: [StixCyberObservableRelationshipsFiltering], $first: Int, $after: ID, $orderBy: StixCyberObservableRelationshipsOrdering, $orderMode: OrderingMode) {
87+
stixCyberObservableRelationships(elementId: $elementId, fromId: $fromId, fromTypes: $fromTypes, toId: $toId, toTypes: $toTypes, relationship_type: $relationship_type, startTimeStart: $startTimeStart, startTimeStop: $startTimeStop, stopTimeStart: $stopTimeStart, stopTimeStop: $stopTimeStop, filters: $filters, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
12088
edges {
12189
node {
12290
"""
@@ -139,23 +107,25 @@ def list(self, **kwargs):
139107
result = self.opencti.query(
140108
query,
141109
{
110+
"elementId": element_id,
142111
"fromId": from_id,
143112
"fromTypes": from_types,
144113
"toId": to_id,
145114
"toTypes": to_types,
146115
"relationship_type": relationship_type,
147-
"Start": first_seen_start,
148-
"startTimeStop": first_seen_stop,
149-
"stopTimeStart": last_seen_start,
150-
"stopTimeStop": last_seen_stop,
116+
"startTimeStart": start_time_start,
117+
"startTimeStop": start_time_stop,
118+
"stopTimeStart": stop_time_start,
119+
"stopTimeStop": stop_time_stop,
120+
"filters": filters,
151121
"first": first,
152122
"after": after,
153123
"orderBy": order_by,
154124
"orderMode": order_mode,
155125
},
156126
)
157127
return self.opencti.process_multiple(
158-
result["data"]["StixCyberObservableRelationships"], with_pagination
128+
result["data"]["stixCyberObservableRelationships"], with_pagination
159129
)
160130

161131
"""
@@ -175,13 +145,14 @@ def list(self, **kwargs):
175145

176146
def read(self, **kwargs):
177147
id = kwargs.get("id", None)
148+
element_id = kwargs.get("elementId", None)
178149
from_id = kwargs.get("fromId", None)
179150
to_id = kwargs.get("toId", None)
180151
relationship_type = kwargs.get("relationship_type", None)
181-
first_seen_start = kwargs.get("startTimeStart", None)
182-
first_seen_stop = kwargs.get("startTimeStop", None)
183-
last_seen_start = kwargs.get("stopTimeStart", None)
184-
last_seen_stop = kwargs.get("stopTimeStop", None)
152+
start_time_start = kwargs.get("startTimeStart", None)
153+
start_time_stop = kwargs.get("startTimeStop", None)
154+
stop_time_start = kwargs.get("stopTimeStart", None)
155+
stop_time_stop = kwargs.get("stopTimeStop", None)
185156
custom_attributes = kwargs.get("customAttributes", None)
186157
if id is not None:
187158
self.opencti.log(
@@ -190,7 +161,7 @@ def read(self, **kwargs):
190161
query = (
191162
"""
192163
query StixCyberObservableRelationship($id: String!) {
193-
StixCyberObservableRelationship(id: $id) {
164+
stixCyberObservableRelationship(id: $id) {
194165
"""
195166
+ (
196167
custom_attributes
@@ -204,17 +175,18 @@ def read(self, **kwargs):
204175
)
205176
result = self.opencti.query(query, {"id": id})
206177
return self.opencti.process_multiple_fields(
207-
result["data"]["StixCyberObservableRelationship"]
178+
result["data"]["stixCyberObservableRelationship"]
208179
)
209180
else:
210181
result = self.list(
182+
elementId=element_id,
211183
fromId=from_id,
212184
toId=to_id,
213185
relationship_type=relationship_type,
214-
startTimeStart=first_seen_start,
215-
startTimeStop=first_seen_stop,
216-
stopTimeStart=last_seen_start,
217-
stopTimeStop=last_seen_stop,
186+
startTimeStart=start_time_start,
187+
startTimeStop=start_time_stop,
188+
stopTimeStart=stop_time_start,
189+
stopTimeStop=stop_time_stop,
218190
)
219191
if len(result) > 0:
220192
return result[0]
@@ -230,11 +202,8 @@ def read(self, **kwargs):
230202

231203
def create(self, **kwargs):
232204
from_id = kwargs.get("fromId", None)
233-
from_role = kwargs.get("fromRole", None)
234205
to_id = kwargs.get("toId", None)
235-
to_role = kwargs.get("toRole", None)
236206
relationship_type = kwargs.get("relationship_type", None)
237-
description = kwargs.get("description", None)
238207
start_time = kwargs.get("start_time", None)
239208
stop_time = kwargs.get("stop_time", None)
240209
stix_id = kwargs.get("stix_id", None)
@@ -243,22 +212,13 @@ def create(self, **kwargs):
243212
created_by = kwargs.get("createdBy", None)
244213
object_marking = kwargs.get("objectMarking", None)
245214
update = kwargs.get("update", False)
246-
247215
self.opencti.log(
248216
"info",
249-
"Creating stix_observable_relationship {"
250-
+ from_role
251-
+ ": "
252-
+ from_id
253-
+ ", "
254-
+ to_role
255-
+ ": "
256-
+ to_id
257-
+ "}.",
217+
"Creating stix_observable_relationship {" + from_id + ", " + to_id + "}.",
258218
)
259219
query = """
260-
mutation StixCyberObservableRelationshipAdd($input: StixCyberObservableStixMetaRelationshipAddInput!) {
261-
StixCyberObservableRelationshipAdd(input: $input) {
220+
mutation StixCyberObservableRelationshipAdd($input: StixCyberObservableRelationshipAddInput!) {
221+
stixCyberObservableRelationshipAdd(input: $input) {
262222
id
263223
standard_id
264224
entity_type
@@ -273,7 +233,6 @@ def create(self, **kwargs):
273233
"fromId": from_id,
274234
"toId": to_id,
275235
"relationship_type": relationship_type,
276-
"description": description,
277236
"start_time": start_time,
278237
"stop_time": stop_time,
279238
"stix_id": stix_id,
@@ -286,7 +245,7 @@ def create(self, **kwargs):
286245
},
287246
)
288247
return self.opencti.process_multiple_fields(
289-
result["data"]["StixCyberObservableRelationshipAdd"]
248+
result["data"]["stixCyberObservableRelationshipAdd"]
290249
)
291250

292251
"""
@@ -314,7 +273,7 @@ def update_field(self, **kwargs):
314273
query = (
315274
"""
316275
mutation StixCyberObservableRelationshipEdit($id: ID!, $input: EditInput!) {
317-
StixCyberObservableRelationshipEdit(id: $id) {
276+
stixCyberObservableRelationshipEdit(id: $id) {
318277
fieldPatch(input: $input) {
319278
"""
320279
+ self.properties
@@ -328,7 +287,7 @@ def update_field(self, **kwargs):
328287
query, {"id": id, "input": {"key": key, "value": value}}
329288
)
330289
return self.opencti.process_multiple_fields(
331-
result["data"]["StixCyberObservableRelationshipEdit"]["fieldPatch"]
290+
result["data"]["stixCyberObservableRelationshipEdit"]["fieldPatch"]
332291
)
333292
else:
334293
self.opencti.log("error", "Missing parameters: id and key and value")

0 commit comments

Comments
 (0)