@@ -251,6 +251,73 @@ def get_by_stix_id_or_name(self, **kwargs):
251251 )
252252 return object_result
253253
254+ """
255+ Check if a report already contains a STIX entity
256+
257+ :return Boolean
258+ """
259+
260+ def contains_stix_entity (self , ** kwargs ):
261+ id = kwargs .get ("id" , None )
262+ entity_id = kwargs .get ("entity_id" , None )
263+ if id is not None and entity_id is not None :
264+ self .opencti .log (
265+ "info" ,
266+ "Checking Stix-Entity {" + entity_id + "} in Report {" + id + "}" ,
267+ )
268+ query = (
269+ """
270+ query ReportContainsStixDomainEntity($id: String!, $objectId: String!) {
271+ reportContainsStixDomainEntity(id: $id, objectId: $objectId)
272+ }
273+ """
274+ )
275+ result = self .opencti .query (query , {"id" : id , "objectId" : entity_id })
276+ if not result ["data" ]["reportContainsStixDomainEntity" ]:
277+ query = (
278+ """
279+ query ReportContainsStixRelation($id: String!, $objectId: String!) {
280+ reportContainsStixRelation(id: $id, objectId: $objectId)
281+ }
282+ """
283+ )
284+ result = self .opencti .query (query , {"id" : id , "objectId" : entity_id })
285+ return result ["data" ]["reportContainsStixRelation" ]
286+ else :
287+ self .opencti .log (
288+ "error" ,
289+ "[opencti_report] Missing parameters: id or entity_id" ,
290+ )
291+
292+ """
293+ Check if a report already contains a STIX observable
294+
295+ :return Boolean
296+ """
297+
298+ def contains_stix_observable (self , ** kwargs ):
299+ id = kwargs .get ("id" , None )
300+ stix_observable_id = kwargs .get ("stix_observable_id" , None )
301+ if id is not None and stix_observable_id is not None :
302+ self .opencti .log (
303+ "info" ,
304+ "Checking Stix-Observable {" + stix_observable_id + "} in Report {" + id + "}" ,
305+ )
306+ query = (
307+ """
308+ query ReportContainsStixObservable($id: String!, $objectId: String!) {
309+ reportContainsStixObservable(id: $id, objectId: $objectId)
310+ }
311+ """
312+ )
313+ result = self .opencti .query (query , {"id" : id , "objectId" : stix_observable_id })
314+ return result ["data" ]["reportContainsStixObservable" ]
315+ else :
316+ self .opencti .log (
317+ "error" ,
318+ "[opencti_report] Missing parameters: id or stix_observable_id" ,
319+ )
320+
254321 """
255322 Create a Report object
256323
@@ -437,33 +504,8 @@ def add_stix_entity(self, **kwargs):
437504 entity_id = kwargs .get ("entity_id" , None )
438505 if id is not None and entity_id is not None :
439506 if report is None :
440- custom_attributes = """
441- id
442- objectRefs(first: 10000) {
443- edges {
444- node {
445- id
446- stix_id_key
447- entity_type
448- }
449- }
450- }
451- relationRefs(first: 10000) {
452- edges {
453- node {
454- id
455- stix_id_key
456- }
457- }
458- }
459- """
460- report = self .read (id = id , customAttributes = custom_attributes )
461- if report is None :
462- self .opencti .log (
463- "error" , "[opencti_report] Cannot add Object Ref, report not found"
464- )
465- return False
466- if (
507+ return self .contains_stix_entity (id = id , entity_id = entity_id )
508+ elif (
467509 entity_id in report ["objectRefsIds" ]
468510 or entity_id in report ["relationRefsIds" ]
469511 ):
@@ -515,20 +557,7 @@ def add_stix_observable(self, **kwargs):
515557 stix_observable_id = kwargs .get ("stix_observable_id" , None )
516558 if id is not None and stix_observable_id is not None :
517559 if report is None :
518- custom_attributes = """
519- id
520- observableRefs {
521- edges {
522- node {
523- id
524- stix_id_key
525- entity_type
526- observable_value
527- }
528- }
529- }
530- """
531- report = self .read (id = id , customAttributes = custom_attributes )
560+ return self .contains_stix_observable (id = id , stix_observable_id = stix_observable_id )
532561 if report is None :
533562 self .opencti .log (
534563 "error" , "[opencti_report] Cannot add Object Ref, report not found"
0 commit comments