pycti.entities.opencti_infrastructure ===================================== .. py:module:: pycti.entities.opencti_infrastructure Classes ------- .. autoapisummary:: pycti.entities.opencti_infrastructure.Infrastructure Module Contents --------------- .. py:class:: Infrastructure(opencti) Main Infrastructure class for OpenCTI Manages threat infrastructure (servers, domains, etc.) in the OpenCTI platform. :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient` :type opencti: OpenCTIApiClient Initialize the Infrastructure instance. :param opencti: OpenCTI API client instance :type opencti: OpenCTIApiClient .. py:attribute:: opencti .. py:attribute:: properties :value: Multiline-String .. raw:: html
Show Value .. code-block:: python """ id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectOrganization { id standard_id name } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified } } } revoked confidence created modified name description infrastructure_types first_seen last_seen killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } """ .. raw:: html
.. py:attribute:: properties_with_files :value: Multiline-String .. raw:: html
Show Value .. code-block:: python """ id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectOrganization { id standard_id name } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified importFiles { edges { node { id name size metaData { mimetype version } } } } } } } revoked confidence created modified name description infrastructure_types first_seen last_seen killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } importFiles { edges { node { id name size metaData { mimetype version } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } } } } """ .. raw:: html
.. py:method:: generate_id(name) :staticmethod: Generate a STIX ID for an Infrastructure. :param name: The name of the infrastructure :type name: str :return: STIX ID for the infrastructure :rtype: str .. py:method:: generate_id_from_data(data) :staticmethod: Generate a STIX ID from infrastructure data. :param data: Dictionary containing 'name' key :type data: dict :return: STIX ID for the infrastructure :rtype: str .. py:method:: list(**kwargs) List Infrastructure objects. :param filters: (optional) the filters to apply :type filters: dict :param search: (optional) a search keyword to apply for the listing :type search: str :param first: (optional) return the first n rows from the `after` ID or the beginning if not set :type first: int :param after: (optional) OpenCTI object ID of the first row for pagination :type after: str :param orderBy: (optional) the field to order the response on :type orderBy: str :param orderMode: (optional) either "asc" or "desc" :type orderMode: str :param customAttributes: (optional) list of attributes keys to return :type customAttributes: str :param getAll: (optional) switch to return all entries (be careful to use this without any other filters) :type getAll: bool :param withPagination: (optional) switch to use pagination :type withPagination: bool :param withFiles: (optional) include files in response :type withFiles: bool :return: List of Infrastructure objects :rtype: list .. py:method:: read(**kwargs) Read an Infrastructure object. Read can be either used with a known OpenCTI entity `id` or by using a valid filter to search and return a single Infrastructure entity or None. Note: either `id` or `filters` is required. :param id: the id of the Infrastructure :type id: str :param filters: the filters to apply if no id provided :type filters: dict :param customAttributes: custom attributes to return :type customAttributes: str :param withFiles: whether to include files :type withFiles: bool :return: Infrastructure object :rtype: dict or None .. py:method:: create(**kwargs) Create an Infrastructure object. :param name: the name of the Infrastructure (required) :type name: str :param stix_id: (optional) the STIX ID :type stix_id: str :param createdBy: (optional) the author ID :type createdBy: str :param objectMarking: (optional) list of marking definition IDs :type objectMarking: list :param objectLabel: (optional) list of label IDs :type objectLabel: list :param externalReferences: (optional) list of external reference IDs :type externalReferences: list :param revoked: (optional) whether the infrastructure is revoked :type revoked: bool :param confidence: (optional) confidence level (0-100) :type confidence: int :param lang: (optional) language :type lang: str :param created: (optional) creation date :type created: str :param modified: (optional) modification date :type modified: str :param description: (optional) description :type description: str :param aliases: (optional) list of aliases :type aliases: list :param infrastructure_types: (optional) list of infrastructure types :type infrastructure_types: list :param first_seen: (optional) first seen date :type first_seen: str :param last_seen: (optional) last seen date :type last_seen: str :param killChainPhases: (optional) list of kill chain phase IDs :type killChainPhases: list :param x_opencti_stix_ids: (optional) list of additional STIX IDs :type x_opencti_stix_ids: list :param objectOrganization: (optional) list of organization IDs :type objectOrganization: list :param x_opencti_workflow_id: (optional) workflow ID :type x_opencti_workflow_id: str :param x_opencti_modified_at: (optional) custom modification date :type x_opencti_modified_at: str :param update: (optional) whether to update if exists (default: False) :type update: bool :param files: (optional) list of File objects to attach :type files: list :param filesMarkings: (optional) list of lists of marking definition IDs for each file :type filesMarkings: list :return: Infrastructure object :rtype: dict or None .. py:method:: import_from_stix2(**kwargs) Import an Infrastructure object from a STIX2 object. :param stixObject: the STIX2 Infrastructure object :type stixObject: dict :param extras: extra parameters including created_by_id, object_marking_ids, etc. :type extras: dict :param update: whether to update if the entity already exists :type update: bool :return: Infrastructure object :rtype: dict or None