This repository was archived by the owner on Dec 5, 2025. It is now read-only.
File tree Expand file tree Collapse file tree 4 files changed +174
-3
lines changed
Expand file tree Collapse file tree 4 files changed +174
-3
lines changed Original file line number Diff line number Diff line change @@ -311,6 +311,12 @@ def process_multiple_fields(self, data):
311311 if "reports" in data :
312312 data ["reports" ] = self .process_multiple (data ["reports" ])
313313 data ["reportsIds" ] = self .process_multiple_ids (data ["reports" ])
314+ if "notes" in data :
315+ data ["notes" ] = self .process_multiple (data ["notes" ])
316+ data ["notesIds" ] = self .process_multiple_ids (data ["notes" ])
317+ if "opinions" in data :
318+ data ["opinions" ] = self .process_multiple (data ["opinions" ])
319+ data ["opinionsIds" ] = self .process_multiple_ids (data ["opinions" ])
314320 if "killChainPhases" in data :
315321 data ["killChainPhases" ] = self .process_multiple (data ["killChainPhases" ])
316322 data ["killChainPhasesIds" ] = self .process_multiple_ids (
Original file line number Diff line number Diff line change @@ -647,7 +647,6 @@ def to_stix2(self, **kwargs):
647647 note ["id" ] = entity ["stix_id_key" ]
648648 note ["type" ] = "note"
649649 note ["spec_version" ] = SPEC_VERSION
650- note ["abstract" ] = entity ["description" ]
651650 note ["content" ] = entity ["content" ]
652651 if self .opencti .not_empty (entity ["stix_label" ]):
653652 note ["labels" ] = entity ["stix_label" ]
Original file line number Diff line number Diff line change @@ -849,3 +849,153 @@ def reports(self, **kwargs):
849849 else :
850850 self .opencti .log ("error" , "Missing parameters: id" )
851851 return None
852+
853+ """
854+ Get the notes about a Stix-Entity object
855+
856+ :param id: the id of the Stix-Entity
857+ :return Stix-Entity object
858+ """
859+
860+ def notes (self , ** kwargs ):
861+ id = kwargs .get ("id" , None )
862+ if id is not None :
863+ self .opencti .log ("info" , "Getting notes of the Stix-Entity {" + id + "}." )
864+ query = """
865+ query StixEntity($id: String!) {
866+ stixEntity(id: $id) {
867+ notes {
868+ edges {
869+ node {
870+ id
871+ stix_id_key
872+ entity_type
873+ stix_label
874+ name
875+ alias
876+ description
877+ content
878+ graph_data
879+ created
880+ modified
881+ created_at
882+ updated_at
883+ createdByRef {
884+ node {
885+ id
886+ entity_type
887+ stix_id_key
888+ stix_label
889+ name
890+ alias
891+ description
892+ created
893+ modified
894+ }
895+ relation {
896+ id
897+ }
898+ }
899+ markingDefinitions {
900+ edges {
901+ node {
902+ id
903+ entity_type
904+ stix_id_key
905+ definition_type
906+ definition
907+ level
908+ color
909+ created
910+ modified
911+ }
912+ relation {
913+ id
914+ }
915+ }
916+ }
917+ tags {
918+ edges {
919+ node {
920+ id
921+ tag_type
922+ value
923+ color
924+ }
925+ relation {
926+ id
927+ }
928+ }
929+ }
930+ externalReferences {
931+ edges {
932+ node {
933+ id
934+ entity_type
935+ stix_id_key
936+ source_name
937+ description
938+ url
939+ hash
940+ external_id
941+ created
942+ modified
943+ }
944+ relation {
945+ id
946+ }
947+ }
948+ }
949+ objectRefs {
950+ edges {
951+ node {
952+ id
953+ stix_id_key
954+ entity_type
955+ }
956+ relation {
957+ id
958+ }
959+ }
960+ }
961+ observableRefs {
962+ edges {
963+ node {
964+ id
965+ stix_id_key
966+ entity_type
967+ observable_value
968+ }
969+ relation {
970+ id
971+ }
972+ }
973+ }
974+ relationRefs {
975+ edges {
976+ node {
977+ id
978+ stix_id_key
979+ }
980+ relation {
981+ id
982+ }
983+ }
984+ }
985+ }
986+ relation {
987+ id
988+ }
989+ }
990+ }
991+ }
992+ }
993+ """
994+ result = self .opencti .query (query , {"id" : id })
995+ processed_result = self .opencti .process_multiple_fields (
996+ result ["data" ]["stixEntity" ]
997+ )
998+ return processed_result ["notes" ]
999+ else :
1000+ self .opencti .log ("error" , "Missing parameters: id" )
1001+ return None
Original file line number Diff line number Diff line change @@ -1310,7 +1310,7 @@ def prepare_export(
13101310 object_refs .append (entity_relation_ref ["stix_id_key" ])
13111311 stix_object ["object_refs" ] = object_refs
13121312
1313- uuids = []
1313+ uuids = [stix_object [ "id" ] ]
13141314 for x in result :
13151315 uuids .append (x ["id" ])
13161316
@@ -1438,10 +1438,26 @@ def prepare_export(
14381438 result = result + report_object_bundle
14391439 """
14401440
1441+ # Get notes
1442+ for uuid in uuids :
1443+ if "marking-definition" not in uuid :
1444+ notes = self .opencti .stix_entity .notes (id = uuid )
1445+ for note in notes :
1446+ note_object_data = self .opencti .note .to_stix2 (
1447+ entity = note ,
1448+ mode = "simple" ,
1449+ max_marking_definition_entity = max_marking_definition_entity ,
1450+ )
1451+ note_object_bundle = self .filter_objects (
1452+ uuids , note_object_data
1453+ )
1454+ uuids = uuids + [x ["id" ] for x in note_object_bundle ]
1455+ result = result + note_object_bundle
1456+
14411457 # Refilter all the reports object refs
14421458 final_result = []
14431459 for entity in result :
1444- if entity ["type" ] == "report" :
1460+ if entity ["type" ] == "report" or entity [ "type" ] == "note" :
14451461 if "object_refs" in entity :
14461462 entity ["object_refs" ] = [
14471463 k for k in entity ["object_refs" ] if k in uuids
You can’t perform that action at this time.
0 commit comments