|
1 | 1 | # coding: utf-8 |
2 | 2 |
|
3 | 3 | import json |
| 4 | +import os |
| 5 | +import magic |
4 | 6 |
|
5 | 7 |
|
6 | 8 | class StixCyberObservable: |
@@ -1064,6 +1066,170 @@ def create(self, **kwargs): |
1064 | 1066 | else: |
1065 | 1067 | self.opencti.log("error", "Missing parameters: type") |
1066 | 1068 |
|
| 1069 | + """ |
| 1070 | + Upload an artifact |
| 1071 | +
|
| 1072 | + :param file_path: the file path |
| 1073 | + :return Stix-Observable object |
| 1074 | + """ |
| 1075 | + |
| 1076 | + def upload_artifact(self, **kwargs): |
| 1077 | + file_name = kwargs.get("file_name", None) |
| 1078 | + data = kwargs.get("data", None) |
| 1079 | + mime_type = kwargs.get("mime_type", "text/plain") |
| 1080 | + x_opencti_description = kwargs.get("x_opencti_description", False) |
| 1081 | + created_by = kwargs.get("createdBy", None) |
| 1082 | + object_marking = kwargs.get("objectMarking", None) |
| 1083 | + object_label = kwargs.get("objectLabel", None) |
| 1084 | + create_indicator = kwargs.get("createIndicator", False) |
| 1085 | + |
| 1086 | + if file_name is not None and mime_type is not None: |
| 1087 | + final_file_name = os.path.basename(file_name) |
| 1088 | + self.opencti.log( |
| 1089 | + "info", |
| 1090 | + "Creating Stix-Cyber-Observable {artifact}} with indicator at " |
| 1091 | + + str(create_indicator) |
| 1092 | + + ".", |
| 1093 | + ) |
| 1094 | + query = """ |
| 1095 | + mutation ArtifactImport($file: Upload!, $x_opencti_description: String, $createdBy: String, $objectMarking: [String], $objectLabel: [String]) { |
| 1096 | + artifactImport(file: $file, x_opencti_description: $x_opencti_description, createdBy: $createdBy, objectMarking: $objectMarking, objectLabel: $objectLabel) { |
| 1097 | + id |
| 1098 | + standard_id |
| 1099 | + entity_type |
| 1100 | + parent_types |
| 1101 | + spec_version |
| 1102 | + created_at |
| 1103 | + updated_at |
| 1104 | + createdBy { |
| 1105 | + ... on Identity { |
| 1106 | + id |
| 1107 | + standard_id |
| 1108 | + entity_type |
| 1109 | + parent_types |
| 1110 | + spec_version |
| 1111 | + name |
| 1112 | + description |
| 1113 | + roles |
| 1114 | + contact_information |
| 1115 | + x_opencti_aliases |
| 1116 | + created |
| 1117 | + modified |
| 1118 | + objectLabel { |
| 1119 | + edges { |
| 1120 | + node { |
| 1121 | + id |
| 1122 | + value |
| 1123 | + color |
| 1124 | + } |
| 1125 | + } |
| 1126 | + } |
| 1127 | + } |
| 1128 | + ... on Organization { |
| 1129 | + x_opencti_organization_type |
| 1130 | + x_opencti_reliability |
| 1131 | + } |
| 1132 | + ... on Individual { |
| 1133 | + x_opencti_firstname |
| 1134 | + x_opencti_lastname |
| 1135 | + } |
| 1136 | + } |
| 1137 | + objectMarking { |
| 1138 | + edges { |
| 1139 | + node { |
| 1140 | + id |
| 1141 | + standard_id |
| 1142 | + entity_type |
| 1143 | + definition_type |
| 1144 | + definition |
| 1145 | + created |
| 1146 | + modified |
| 1147 | + x_opencti_order |
| 1148 | + x_opencti_color |
| 1149 | + } |
| 1150 | + } |
| 1151 | + } |
| 1152 | + objectLabel { |
| 1153 | + edges { |
| 1154 | + node { |
| 1155 | + id |
| 1156 | + value |
| 1157 | + color |
| 1158 | + } |
| 1159 | + } |
| 1160 | + } |
| 1161 | + externalReferences { |
| 1162 | + edges { |
| 1163 | + node { |
| 1164 | + id |
| 1165 | + standard_id |
| 1166 | + entity_type |
| 1167 | + source_name |
| 1168 | + description |
| 1169 | + url |
| 1170 | + hash |
| 1171 | + external_id |
| 1172 | + created |
| 1173 | + modified |
| 1174 | + } |
| 1175 | + } |
| 1176 | + } |
| 1177 | + observable_value |
| 1178 | + x_opencti_description |
| 1179 | + x_opencti_score |
| 1180 | + indicators { |
| 1181 | + edges { |
| 1182 | + node { |
| 1183 | + id |
| 1184 | + pattern |
| 1185 | + pattern_type |
| 1186 | + } |
| 1187 | + } |
| 1188 | + } |
| 1189 | + mime_type |
| 1190 | + payload_bin |
| 1191 | + url |
| 1192 | + encryption_algorithm |
| 1193 | + decryption_key |
| 1194 | + hashes { |
| 1195 | + algorithm |
| 1196 | + hash |
| 1197 | + } |
| 1198 | + importFiles { |
| 1199 | + edges { |
| 1200 | + node { |
| 1201 | + id |
| 1202 | + name |
| 1203 | + size |
| 1204 | + } |
| 1205 | + } |
| 1206 | + } |
| 1207 | + } |
| 1208 | + } |
| 1209 | + """ |
| 1210 | + if data is None: |
| 1211 | + data = open(file_name, "rb") |
| 1212 | + if file_name.endswith(".json"): |
| 1213 | + mime_type = "application/json" |
| 1214 | + else: |
| 1215 | + mime_type = magic.from_file(file_name, mime=True) |
| 1216 | + |
| 1217 | + result = self.opencti.query( |
| 1218 | + query, |
| 1219 | + { |
| 1220 | + "file": (self.file(final_file_name, data, mime_type)), |
| 1221 | + "x_opencti_description": x_opencti_description, |
| 1222 | + "createdBy": created_by, |
| 1223 | + "objectMarking": object_marking, |
| 1224 | + "objectLabel": object_label, |
| 1225 | + }, |
| 1226 | + ) |
| 1227 | + return self.opencti.process_multiple_fields( |
| 1228 | + result["data"]["artifactImport"] |
| 1229 | + ) |
| 1230 | + else: |
| 1231 | + self.opencti.log("error", "Missing parameters: type") |
| 1232 | + |
1067 | 1233 | """ |
1068 | 1234 | Update a Stix-Observable object field |
1069 | 1235 |
|
|
0 commit comments