[client] handle indicator field patch

JeremyCloarec · JeremyCloarec · commit f4b3560803b1 · 2025-05-19T14:33:33.000+02:00
diff --git a/pycti/entities/opencti_indicator.py b/pycti/entities/opencti_indicator.py
@@ -301,6 +301,46 @@ def create(self, **kwargs):
                 "name or pattern or pattern_type or x_opencti_main_observable_type"
             )
 
+
+"""
+        Update an Indicator object field
+
+        :param id: the Indicator id
+        :param input: the input of the field
+    """
+
+
+def update_field(self, **kwargs):
+    id = kwargs.get("id", None)
+    input = kwargs.get("input", None)
+    if id is not None and input is not None:
+        self.opencti.app_logger.info("Updating Indicator", {"id": id})
+        query = """
+                    mutation IndicatorFieldPatch($id: ID!, $input: [EditInput]!) {
+                        indicatorFieldPatch(id: $id, input: $input) {
+                                id
+                                standard_id
+                                entity_type
+                            }
+                        }
+                    }
+                """
+        result = self.opencti.query(
+            query,
+            {
+                "id": id,
+                "input": input,
+            },
+        )
+        return self.opencti.process_multiple_fields(
+            result["data"]["indicatorFieldPatch"]
+        )
+    else:
+        self.opencti.app_logger.error(
+            "[opencti_stix_domain_object] Missing parameters: id and input"
+        )
+        return None
+
     def add_stix_cyber_observable(self, **kwargs):
         """
         Add a Stix-Cyber-Observable object to Indicator object (based-on)
diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py
@@ -2485,6 +2485,10 @@ def apply_patch(self, item):
                 self.opencti.external_reference.update_field(
                     id=item_id, input=field_patch_without_files
                 )
+            elif item["type"] == "indicator":
+                self.opencti.indicator.update_field(
+                    id=item_id, input=field_patch_without_files
+                )
             else:
                 self.opencti.stix_domain_object.update_field(
                     id=item_id, input=field_patch_without_files
