|
1 | | -# coding: utf-8 |
| 1 | +#!/usr/bin/env python3 |
| 2 | +# -*- coding: utf-8 -*- |
| 3 | +Added CLI argument parsing using argparse |
| 4 | +Added duplicate checks for malware and labels |
| 5 | +Added logging for better debugging |
| 6 | +Improved maintainability and usability of the script |
2 | 7 |
|
| 8 | + |
| 9 | +import argparse |
| 10 | +import logging |
| 11 | +import sys |
3 | 12 | from pycti import OpenCTIApiClient |
4 | 13 |
|
5 | | -# Variables |
6 | | -api_url = "http://opencti:4000" |
7 | | -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" |
8 | 14 |
|
9 | | -# OpenCTI initialization |
10 | | -opencti_api_client = OpenCTIApiClient(api_url, api_token) |
| 15 | +logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s") |
| 16 | + |
| 17 | +def main(): |
| 18 | + |
| 19 | + parser = argparse.ArgumentParser(description="Add a label to a malware in OpenCTI.") |
| 20 | + parser.add_argument("--url", required=True, help="OpenCTI API URL") |
| 21 | + parser.add_argument("--token", required=True, help="OpenCTI API token") |
| 22 | + parser.add_argument("--malware", required=True, help="Malware name") |
| 23 | + parser.add_argument("--description", default="No description provided", help="Malware description") |
| 24 | + parser.add_argument("--label", required=True, help="Label value to add") |
| 25 | + parser.add_argument("--color", default="#ffa500", help="Label color (default: orange)") |
| 26 | + args = parser.parse_args() |
| 27 | + |
| 28 | + try: |
| 29 | + client = OpenCTIApiClient(args.url, args.token) |
| 30 | + |
| 31 | + |
| 32 | + existing_malware = client.malware.read(filters=[{"key": "name", "values": [args.malware]}]) |
| 33 | + if existing_malware: |
| 34 | + logging.info(f"Malware '{args.malware}' already exists.") |
| 35 | + malware_id = existing_malware["id"] |
| 36 | + else: |
| 37 | + logging.info(f"Creating malware '{args.malware}'.") |
| 38 | + malware = client.malware.create(name=args.malware, description=args.description) |
| 39 | + malware_id = malware["id"] |
| 40 | + |
| 41 | + |
| 42 | + existing_label = client.label.read(filters=[{"key": "value", "values": [args.label]}]) |
| 43 | + if existing_label: |
| 44 | + label_id = existing_label["id"] |
| 45 | + logging.info(f"Label '{args.label}' already exists.") |
| 46 | + else: |
| 47 | + logging.info(f"Creating label '{args.label}'.") |
| 48 | + label = client.label.create(value=args.label, color=args.color) |
| 49 | + label_id = label["id"] |
11 | 50 |
|
12 | | -# Create the malware |
13 | | -malware = opencti_api_client.malware.create( |
14 | | - name="My new malware", description="A new evil tool." |
15 | | -) |
| 51 | + |
| 52 | + logging.info(f"Adding label '{args.label}' to malware '{args.malware}'.") |
| 53 | + client.stix_domain_object.add_label(id=malware_id, label_id=label_id) |
16 | 54 |
|
17 | | -# Create the tag (if not exists) |
18 | | -label = opencti_api_client.label.create( |
19 | | - value="Ransomware", |
20 | | - color="#ffa500", |
21 | | -) |
| 55 | + |
| 56 | + malware = client.malware.read(id=malware_id) |
| 57 | + logging.info("Updated Malware:") |
| 58 | + print(malware) |
22 | 59 |
|
23 | | -# Add the tag |
24 | | -opencti_api_client.stix_domain_object.add_label(id=malware["id"], label_id=label["id"]) |
| 60 | + except Exception as e: |
| 61 | + logging.error(f"Error: {e}") |
| 62 | + sys.exit(1) |
25 | 63 |
|
26 | | -# Print |
27 | | -malware = opencti_api_client.malware.read(id=malware["id"]) |
28 | | -print(malware) |
| 64 | +if __name__ == "__main__": |
| 65 | + main() |
0 commit comments