[client] Support workflow at identity /malware / incident creation (#433)

Author: SamuelHassine

pycti/entities/opencti_case_incident.py

@@ -470,9 +470,9 @@ def create(self, **kwargs):
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         object_assignee = kwargs.get("objectAssignee", None)
         granted_refs = kwargs.get("objectOrganization", None)
-        update = kwargs.get("update", False)
         response_types = kwargs.get("response_types", None)
         x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
+        update = kwargs.get("update", False)
 
         if name is not None:
             self.opencti.log("info", "Creating Case Incident {" + name + "}.")
@@ -508,9 +508,9 @@ def create(self, **kwargs):
                         "severity": severity,
                         "priority": priority,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
-                        "update": update,
                         "response_types": response_types,
                         "x_opencti_workflow_id": x_opencti_workflow_id,
+                        "update": update,
                     }
                 },
             )

pycti/entities/opencti_identity.py

@@ -303,6 +303,7 @@ def create(self, **kwargs):
         x_opencti_firstname = kwargs.get("x_opencti_firstname", None)
         x_opencti_lastname = kwargs.get("x_opencti_lastname", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
 
         if type is not None and name is not None:
@@ -324,6 +325,7 @@ def create(self, **kwargs):
                 "roles": roles,
                 "x_opencti_aliases": x_opencti_aliases,
                 "x_opencti_stix_ids": x_opencti_stix_ids,
+                "x_opencti_workflow_id": x_opencti_workflow_id,
                 "update": update,
             }
             if type == IdentityTypes.ORGANIZATION.value:
@@ -451,6 +453,12 @@ def import_from_stix2(self, **kwargs):
                 stix_object[
                     "x_opencti_stix_ids"
                 ] = self.opencti.get_attribute_in_extension("stix_ids", stix_object)
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object[
+                    "x_opencti_workflow_id"
+                ] = self.opencti.get_attribute_in_extension(
+                    "x_opencti_workflow_id", stix_object
+                )
 
             return self.create(
                 type=type,
@@ -502,6 +510,9 @@ def import_from_stix2(self, **kwargs):
                 x_opencti_stix_ids=stix_object["x_opencti_stix_ids"]
                 if "x_opencti_stix_ids" in stix_object
                 else None,
+                x_opencti_workflow_id=stix_object["x_opencti_workflow_id"]
+                if "x_opencti_workflow_id" in stix_object
+                else None,
                 update=update,
             )
         else:

pycti/entities/opencti_incident.py

@@ -298,6 +298,7 @@ def create(self, **kwargs):
         source = kwargs.get("source", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         granted_refs = kwargs.get("objectOrganization", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
 
         if name is not None:
@@ -337,6 +338,7 @@ def create(self, **kwargs):
                         "severity": severity,
                         "source": source,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
                     }
                 },
@@ -415,6 +417,9 @@ def import_from_stix2(self, **kwargs):
                 objectOrganization=stix_object["x_opencti_granted_refs"]
                 if "x_opencti_granted_refs" in stix_object
                 else None,
+                x_opencti_workflow_id=stix_object["x_opencti_workflow_id"]
+                if "x_opencti_workflow_id" in stix_object
+                else None,
                 update=update,
             )
         else:

pycti/entities/opencti_malware.py

@@ -313,6 +313,7 @@ def create(self, **kwargs):
         kill_chain_phases = kwargs.get("killChainPhases", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         granted_refs = kwargs.get("objectOrganization", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
 
         if name is not None:
@@ -354,6 +355,7 @@ def create(self, **kwargs):
                         "capabilities": capabilities,
                         "killChainPhases": kill_chain_phases,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
                     }
                 },
@@ -383,6 +385,12 @@ def import_from_stix2(self, **kwargs):
                 stix_object[
                     "x_opencti_granted_refs"
                 ] = self.opencti.get_attribute_in_extension("granted_refs", stix_object)
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object[
+                    "x_opencti_workflow_id"
+                ] = self.opencti.get_attribute_in_extension(
+                    "x_opencti_workflow_id", stix_object
+                )
 
             return self.create(
                 stix_id=stix_object["id"],
@@ -442,6 +450,9 @@ def import_from_stix2(self, **kwargs):
                 objectOrganization=stix_object["x_opencti_granted_refs"]
                 if "x_opencti_granted_refs" in stix_object
                 else None,
+                x_opencti_workflow_id=stix_object["x_opencti_workflow_id"]
+                if "x_opencti_workflow_id" in stix_object
+                else None,
                 update=update,
             )
         else: