[client-python] Adapt client python to support new filters format (#499)

Related to OpenCTI-Platform/opencti#2686

Author: Archidoit

examples/cmd_line_tag_latest_indicators_of_threat.py

@@ -63,7 +63,12 @@ def main():
 
     # Resolve the entity
     threat = opencti_api_client.stix_domain_object.read(
-        types=[entity_type], filters=[{"key": "name", "values": [name]}]
+        types=[entity_type],
+        filters={
+            "mode": "and",
+            "filters": [{"key": "name", "values": [name]}],
+            "filterGroups": [],
+        },
     )
 
     if not threat:
@@ -87,11 +92,15 @@ def main():
             first=50,
             after=after,
             customAttributes=custom_attributes,
-            filters=[
-                {"key": "indicates", "values": [threat["id"]]},
-                {"key": "created_at", "values": [created_after], "operator": "gt"},
-                {"key": "created_at", "values": [created_before], "operator": "lt"},
-            ],
+            filters={
+                "mode": "and",
+                "filters": [
+                    {"key": "indicates", "values": [threat["id"]]},
+                    {"key": "created_at", "values": [created_after], "operator": "gt"},
+                    {"key": "created_at", "values": [created_before], "operator": "lt"},
+                ],
+                "filterGroups": [],
+            },
             orderBy="created_at",
             orderMode="asc",
             withPagination=True,

examples/delete_intrusion_set.py

@@ -20,7 +20,11 @@
 
 # Get the intrusion set APT28
 intrusion_set = opencti_api_client.intrusion_set.read(
-    filters=[{"key": "name", "values": ["EvilSET123"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "name", "values": ["EvilSET123"]}],
+        "filterGroups": [],
+    }
 )
 
 # Delete the intrusion set

examples/export_incident_stix2.py

@@ -15,7 +15,11 @@
 
 # Get the incident created in the create_incident_with_ttps_and_indicators.py
 incident = opencti_api_client.incident.read(
-    filters=[{"key": "name", "values": ["My new incident"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "name", "values": ["My new incident"]}],
+        "filterGroups": [],
+    }
 )
 
 # Create the bundle

examples/get_attack_pattern_by_mitre_id.py

@@ -11,7 +11,11 @@
 
 # Get the Attack-Pattern T1514
 attack_pattern = opencti_api_client.attack_pattern.read(
-    filters=[{"key": "x_mitre_id", "values": ["T1514"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "x_mitre_id", "values": ["T1514"]}],
+        "filterGroups": [],
+    }
 )
 
 # Print

examples/get_malwares_of_intrusion_set.py

@@ -21,7 +21,11 @@
 
 # Get the intrusion set APT28
 intrusion_set = opencti_api_client.intrusion_set.read(
-    filters=[{"key": "name", "values": ["APT28"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "name", "values": ["APT28"]}],
+        "filterGroups": [],
+    }
 )
 
 # Get the relations from APT28 to malwares

examples/get_observable_exact_match.py

@@ -15,7 +15,11 @@
 )
 print("IP ADDRESS")
 observable = opencti_api_client.stix_cyber_observable.read(
-    filters=[{"key": "value", "values": ["110.172.180.180"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "value", "values": ["110.172.180.180"]}],
+        "filterGroups": [],
+    }
 )
 print(observable)
 
@@ -25,7 +29,11 @@
 )
 print("FILE NAME")
 observable = opencti_api_client.stix_cyber_observable.read(
-    filters=[{"key": "name", "values": ["activeds.dll"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "name", "values": ["activeds.dll"]}],
+        "filterGroups": [],
+    }
 )
 print(observable)
 
@@ -36,6 +44,12 @@
 )
 print("FILE MD5")
 observable = opencti_api_client.stix_cyber_observable.read(
-    filters=[{"key": "hashes_MD5", "values": ["3aad33e025303dbae12c12b4ec5258c1"]}]
+    filters={
+        "mode": "and",
+        "filters": [
+            {"key": "hashes.MD5", "values": ["3aad33e025303dbae12c12b4ec5258c1"]}
+        ],
+        "filterGroups": [],
+    }
 )
 print(observable)

examples/get_reports_about_intrusion_set.py

@@ -22,12 +22,20 @@
 
 # Get the intrusion set Sandworm
 intrusion_set = opencti_api_client.intrusion_set.read(
-    filters=[{"key": "name", "values": ["Sandworm Team"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "name", "values": ["Sandworm Team"]}],
+        "filterGroups": [],
+    }
 )
 
 # Get all reports
 reports = opencti_api_client.report.list(
-    filters=[{"key": "objectContains", "values": [intrusion_set["id"]]}],
+    filters={
+        "mode": "and",
+        "filters": [{"key": "contains", "values": [intrusion_set["id"]]}],
+        "filterGroups": [],
+    },
     orderBy="published",
     orderMode="asc",
 )

examples/update_entity_attribute.py

@@ -21,7 +21,11 @@
 
 # Get the intrusion set APT28
 intrusion_set = opencti_api_client.intrusion_set.read(
-    filters=[{"key": "name", "values": ["APT28"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "name", "values": ["APT28"]}],
+        "filterGroups": [],
+    }
 )
 
 # Update the description

pycti/api/opencti_api_work.py

@@ -161,7 +161,7 @@ def get_connector_works(self, connector_id: str) -> List[Dict]:
             $count: Int
             $orderBy: WorksOrdering
             $orderMode: OrderingMode
-            $filters: [WorksFiltering]
+            $filters: FilterGroup
         ) {
             works(
                 first: $count
@@ -207,9 +207,11 @@ def get_connector_works(self, connector_id: str) -> List[Dict]:
             query,
             {
                 "count": 50,
-                "filters": [
-                    {"key": "connector_id", "values": [connector_id]},
-                ],
+                "filters": {
+                    "mode": "and",
+                    "filters": [{"key": "connector_id", "values": [connector_id]}],
+                    "filterGroups": [],
+                },
             },
         )
         result = result["data"]["works"]["edges"]

pycti/entities/opencti_attack_pattern.py

@@ -292,7 +292,7 @@ def list(self, **kwargs):
         LOGGER.info("Listing Attack-Patterns with filters %s.", json.dumps(filters))
         query = (
             """
-            query AttackPatterns($filters: [AttackPatternsFiltering], $search: String, $first: Int, $after: ID, $orderBy: AttackPatternsOrdering, $orderMode: OrderingMode) {
+            query AttackPatterns($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: AttackPatternsOrdering, $orderMode: OrderingMode) {
                 attackPatterns(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                     edges {
                         node {