pycti.entities.opencti_stix_domain_object ========================================= .. py:module:: pycti.entities.opencti_stix_domain_object Classes ------- .. autoapisummary:: pycti.entities.opencti_stix_domain_object.StixDomainObject Module Contents --------------- .. py:class:: StixDomainObject(opencti) Main StixDomainObject class for OpenCTI Manages STIX Domain Objects in the OpenCTI platform. :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient` :type opencti: OpenCTIApiClient Initialize the StixDomainObject instance. :param opencti: OpenCTI API client instance :type opencti: OpenCTIApiClient .. py:attribute:: opencti .. py:attribute:: properties :value: Multiline-String .. raw:: html
Show Value .. code-block:: python """ id standard_id entity_type parent_types spec_version created_at updated_at objectOrganization { id standard_id name } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified } } } revoked confidence created modified ... on AttackPattern { name description aliases x_mitre_platforms x_mitre_permissions_required x_mitre_detection x_mitre_id killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } } ... on Campaign { name description aliases first_seen last_seen objective } ... on Note { attribute_abstract content authors note_types likelihood objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on ObservedData { first_observed last_observed number_observed objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Opinion { explanation authors opinion objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Report { name description report_types published objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Grouping { name description context objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on CourseOfAction { name description x_opencti_aliases } ... on DataComponent { name description dataSource { id standard_id entity_type parent_types spec_version created_at updated_at revoked confidence created modified name description x_mitre_platforms collection_layers } } ... on DataSource { name description x_mitre_platforms collection_layers } ... on Individual { name description x_opencti_aliases contact_information x_opencti_firstname x_opencti_lastname } ... on Organization { name description x_opencti_aliases contact_information x_opencti_organization_type x_opencti_reliability } ... on Sector { name description x_opencti_aliases contact_information } ... on System { name description x_opencti_aliases } ... on Indicator { pattern_type pattern_version pattern name description indicator_types valid_from valid_until x_opencti_score x_opencti_detection x_opencti_main_observable_type } ... on Infrastructure { name description aliases infrastructure_types first_seen last_seen } ... on IntrusionSet { name description aliases first_seen last_seen goals resource_level primary_motivation secondary_motivations } ... on City { name description latitude longitude precision x_opencti_aliases } ... on Country { name description latitude longitude precision x_opencti_aliases } ... on Region { name description latitude longitude precision x_opencti_aliases } ... on Position { name description latitude longitude precision x_opencti_aliases street_address postal_code } ... on Malware { name description aliases malware_types is_family first_seen last_seen architecture_execution_envs implementation_languages capabilities killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } } ... on MalwareAnalysis { product version configuration_version modules analysis_engine_version analysis_definition_version submitted analysis_started analysis_ended result_name result } ... on ThreatActor { name description aliases threat_actor_types first_seen last_seen roles goals sophistication resource_level primary_motivation secondary_motivations personal_motivations } ... on Tool { name description aliases tool_types tool_version killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } } ... on Event { name description aliases event_types } ... on Channel { name description aliases channel_types } ... on Narrative { name description aliases narrative_types } ... on DataComponent { name description } ... on DataSource { name description } ... on Case { name description objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Vulnerability { name description x_opencti_aliases x_opencti_cvss_vector_string x_opencti_cvss_base_score x_opencti_cvss_base_severity x_opencti_cvss_attack_vector x_opencti_cvss_attack_complexity x_opencti_cvss_privileges_required x_opencti_cvss_user_interaction x_opencti_cvss_scope x_opencti_cvss_confidentiality_impact x_opencti_cvss_integrity_impact x_opencti_cvss_availability_impact x_opencti_cvss_exploit_code_maturity x_opencti_cvss_remediation_level x_opencti_cvss_report_confidence x_opencti_cvss_temporal_score x_opencti_cvss_v2_vector_string x_opencti_cvss_v2_base_score x_opencti_cvss_v2_access_vector x_opencti_cvss_v2_access_complexity x_opencti_cvss_v2_authentication x_opencti_cvss_v2_confidentiality_impact x_opencti_cvss_v2_integrity_impact x_opencti_cvss_v2_availability_impact x_opencti_cvss_v2_exploitability x_opencti_cvss_v2_remediation_level x_opencti_cvss_v2_report_confidence x_opencti_cvss_v2_temporal_score x_opencti_cvss_v4_vector_string x_opencti_cvss_v4_base_score x_opencti_cvss_v4_base_severity x_opencti_cvss_v4_attack_vector x_opencti_cvss_v4_attack_complexity x_opencti_cvss_v4_attack_requirements x_opencti_cvss_v4_privileges_required x_opencti_cvss_v4_user_interaction x_opencti_cvss_v4_confidentiality_impact_v x_opencti_cvss_v4_confidentiality_impact_s x_opencti_cvss_v4_integrity_impact_v x_opencti_cvss_v4_integrity_impact_s x_opencti_cvss_v4_availability_impact_v x_opencti_cvss_v4_availability_impact_s x_opencti_cvss_v4_exploit_maturity x_opencti_cwe x_opencti_cisa_kev x_opencti_epss_score x_opencti_epss_percentile x_opencti_score } ... on Incident { name description aliases first_seen last_seen objective } """ .. raw:: html
.. py:attribute:: properties_with_files :value: Multiline-String .. raw:: html
Show Value .. code-block:: python """ id standard_id entity_type parent_types spec_version created_at updated_at objectOrganization { id standard_id name } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified importFiles { edges { node { id name size metaData { mimetype version } } } } } } } revoked confidence created modified ... on AttackPattern { name description aliases x_mitre_platforms x_mitre_permissions_required x_mitre_detection x_mitre_id killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } } ... on Campaign { name description aliases first_seen last_seen objective } ... on Note { attribute_abstract content authors note_types likelihood objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on ObservedData { first_observed last_observed number_observed objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Opinion { explanation authors opinion objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Report { name description report_types published objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Grouping { name description context objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on CourseOfAction { name description x_opencti_aliases } ... on DataComponent { name description dataSource { id standard_id entity_type parent_types spec_version created_at updated_at revoked confidence created modified name description x_mitre_platforms collection_layers } } ... on DataSource { name description x_mitre_platforms collection_layers } ... on Individual { name description x_opencti_aliases contact_information x_opencti_firstname x_opencti_lastname } ... on Organization { name description x_opencti_aliases contact_information x_opencti_organization_type x_opencti_reliability } ... on Sector { name description x_opencti_aliases contact_information } ... on System { name description x_opencti_aliases } ... on Indicator { pattern_type pattern_version pattern name description indicator_types valid_from valid_until x_opencti_score x_opencti_detection x_opencti_main_observable_type } ... on Infrastructure { name description aliases infrastructure_types first_seen last_seen } ... on IntrusionSet { name description aliases first_seen last_seen goals resource_level primary_motivation secondary_motivations } ... on City { name description latitude longitude precision x_opencti_aliases } ... on Country { name description latitude longitude precision x_opencti_aliases } ... on Region { name description latitude longitude precision x_opencti_aliases } ... on Position { name description latitude longitude precision x_opencti_aliases street_address postal_code } ... on Malware { name description aliases malware_types is_family first_seen last_seen architecture_execution_envs implementation_languages capabilities killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } } ... on MalwareAnalysis { product version configuration_version modules analysis_engine_version analysis_definition_version submitted analysis_started analysis_ended result_name result } ... on ThreatActor { name description aliases threat_actor_types first_seen last_seen roles goals sophistication resource_level primary_motivation secondary_motivations personal_motivations } ... on Tool { name description aliases tool_types tool_version killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } } ... on Event { name description aliases event_types } ... on Channel { name description aliases channel_types } ... on Narrative { name description aliases narrative_types } ... on DataComponent { name description } ... on DataSource { name description } ... on Case { name description objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Vulnerability { name description x_opencti_aliases x_opencti_cvss_vector_string x_opencti_cvss_base_score x_opencti_cvss_base_severity x_opencti_cvss_attack_vector x_opencti_cvss_attack_complexity x_opencti_cvss_privileges_required x_opencti_cvss_user_interaction x_opencti_cvss_scope x_opencti_cvss_confidentiality_impact x_opencti_cvss_integrity_impact x_opencti_cvss_availability_impact x_opencti_cvss_exploit_code_maturity x_opencti_cvss_remediation_level x_opencti_cvss_report_confidence x_opencti_cvss_temporal_score x_opencti_cvss_v2_vector_string x_opencti_cvss_v2_base_score x_opencti_cvss_v2_access_vector x_opencti_cvss_v2_access_complexity x_opencti_cvss_v2_authentication x_opencti_cvss_v2_confidentiality_impact x_opencti_cvss_v2_integrity_impact x_opencti_cvss_v2_availability_impact x_opencti_cvss_v2_exploitability x_opencti_cvss_v2_remediation_level x_opencti_cvss_v2_report_confidence x_opencti_cvss_v2_temporal_score x_opencti_cvss_v4_vector_string x_opencti_cvss_v4_base_score x_opencti_cvss_v4_base_severity x_opencti_cvss_v4_attack_vector x_opencti_cvss_v4_attack_complexity x_opencti_cvss_v4_attack_requirements x_opencti_cvss_v4_privileges_required x_opencti_cvss_v4_user_interaction x_opencti_cvss_v4_confidentiality_impact_v x_opencti_cvss_v4_confidentiality_impact_s x_opencti_cvss_v4_integrity_impact_v x_opencti_cvss_v4_integrity_impact_s x_opencti_cvss_v4_availability_impact_v x_opencti_cvss_v4_availability_impact_s x_opencti_cvss_v4_exploit_maturity x_opencti_cwe x_opencti_cisa_kev x_opencti_epss_score x_opencti_epss_percentile x_opencti_score } ... on Incident { name description aliases first_seen last_seen objective } importFiles { edges { node { id name size metaData { mimetype version } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } } } } """ .. raw:: html
.. py:method:: list(**kwargs) List Stix-Domain-Object objects. :param types: the list of types :type types: list :param filters: the filters to apply :type filters: dict :param search: the search keyword :type search: str :param first: return the first n rows from the after ID (or the beginning if not set) :type first: int :param after: ID of the first row for pagination :type after: str :param orderBy: field to order results by :type orderBy: str :param orderMode: ordering mode (asc/desc) :type orderMode: str :param customAttributes: custom attributes to return :type customAttributes: str :param getAll: whether to retrieve all results :type getAll: bool :param withPagination: whether to include pagination info :type withPagination: bool :param withFiles: whether to include files :type withFiles: bool :return: List of Stix-Domain-Object objects :rtype: list .. py:method:: read(**kwargs) Read a Stix-Domain-Object object. :param id: the id of the Stix-Domain-Object :type id: str :param types: list of Stix Domain Entity types :type types: list :param filters: the filters to apply if no id provided :type filters: dict :param customAttributes: custom attributes to return :type customAttributes: str :param withFiles: whether to include files :type withFiles: bool :return: Stix-Domain-Object object :rtype: dict or None .. py:method:: get_by_stix_id_or_name(**kwargs) Get a Stix-Domain-Object object by stix_id or name. :param types: a list of Stix-Domain-Object types :type types: list :param stix_id: the STIX ID of the Stix-Domain-Object :type stix_id: str :param name: the name of the Stix-Domain-Object :type name: str :param aliases: list of aliases to search :type aliases: list :param fieldName: the field name to use for alias search :type fieldName: str :param customAttributes: custom attributes to return :type customAttributes: str :return: Stix-Domain-Object object :rtype: dict or None .. py:method:: update_field(**kwargs) Update a Stix-Domain-Object object field. :param id: the Stix-Domain-Object id :type id: str :param input: the input of the field :type input: list :return: Updated Stix-Domain-Object object :rtype: dict or None .. py:method:: delete(**kwargs) Delete a Stix-Domain-Object. :param id: the Stix-Domain-Object id :type id: str :return: None .. py:method:: add_file(**kwargs) Upload a file to this Stix-Domain-Object. :param id: the Stix-Domain-Object id :type id: str :param file_name: the file name or path :type file_name: str :param data: the file data (optional, will read from file_name if not provided) :type data: bytes or None :param fileMarkings: list of marking definition IDs for the file :type fileMarkings: list :param version: version datetime :type version: str :param mime_type: MIME type of the file :type mime_type: str :param no_trigger_import: whether to skip triggering import :type no_trigger_import: bool :param embedded: whether the file is embedded :type embedded: bool :return: File upload result :rtype: dict or None .. py:method:: push_list_export(entity_id, entity_type, file_name, file_markings, data, list_filters='', mime_type=None) Push a list export file. :param entity_id: the entity id :type entity_id: str :param entity_type: the entity type :type entity_type: str :param file_name: the file name :type file_name: str :param file_markings: list of marking definition IDs :type file_markings: list :param data: the file data :type data: bytes or str :param list_filters: filters applied to the list export :type list_filters: str :param mime_type: MIME type of the file :type mime_type: str or None :return: None .. py:method:: push_entity_export(entity_id, file_name, data, file_markings=None, mime_type=None) Push an entity export file. :param entity_id: the entity id :type entity_id: str :param file_name: the file name :type file_name: str :param data: the file data :type data: bytes or str :param file_markings: list of marking definition IDs :type file_markings: list or None :param mime_type: MIME type of the file :type mime_type: str or None :return: None .. py:method:: update_created_by(**kwargs) Update the Identity author of a Stix-Domain-Object object (created_by). :param id: the id of the Stix-Domain-Object :type id: str :param identity_id: the id of the Identity :type identity_id: str :return: True if successful, False otherwise :rtype: bool .. py:method:: add_marking_definition(**kwargs) Add a Marking-Definition object to Stix-Domain-Object object (object_marking_refs). :param id: the id of the Stix-Domain-Object :type id: str :param marking_definition_id: the id of the Marking-Definition :type marking_definition_id: str :return: True if successful, False otherwise :rtype: bool .. py:method:: remove_marking_definition(**kwargs) Remove a Marking-Definition object from Stix-Domain-Object object. :param id: the id of the Stix-Domain-Object :type id: str :param marking_definition_id: the id of the Marking-Definition :type marking_definition_id: str :return: True if successful, False otherwise :rtype: bool .. py:method:: add_label(**kwargs) Add a Label object to Stix-Domain-Object object. :param id: the id of the Stix-Domain-Object :type id: str :param label_id: the id of the Label :type label_id: str :param label_name: the name of the Label (alternative to label_id) :type label_name: str :return: True if successful, False otherwise :rtype: bool .. py:method:: remove_label(**kwargs) Remove a Label object from Stix-Domain-Object object. :param id: the id of the Stix-Domain-Object :type id: str :param label_id: the id of the Label :type label_id: str :param label_name: the name of the Label (alternative to label_id) :type label_name: str :return: True if successful, False otherwise :rtype: bool .. py:method:: add_external_reference(**kwargs) Add an External-Reference object to Stix-Domain-Object object. :param id: the id of the Stix-Domain-Object :type id: str :param external_reference_id: the id of the External-Reference :type external_reference_id: str :return: True if successful, False otherwise :rtype: bool .. py:method:: remove_external_reference(**kwargs) Remove an External-Reference object from Stix-Domain-Object object. :param id: the id of the Stix-Domain-Object :type id: str :param external_reference_id: the id of the External-Reference :type external_reference_id: str :return: True if successful, False otherwise :rtype: bool .. py:method:: add_kill_chain_phase(**kwargs) Add a Kill-Chain-Phase object to Stix-Domain-Object object (kill_chain_phases). :param id: the id of the Stix-Domain-Object :type id: str :param kill_chain_phase_id: the id of the Kill-Chain-Phase :type kill_chain_phase_id: str :return: True if successful, False otherwise :rtype: bool .. py:method:: remove_kill_chain_phase(**kwargs) Remove a Kill-Chain-Phase object from Stix-Domain-Object object. :param id: the id of the Stix-Domain-Object :type id: str :param kill_chain_phase_id: the id of the Kill-Chain-Phase :type kill_chain_phase_id: str :return: True if successful, False otherwise :rtype: bool .. py:method:: reports(**kwargs) Get the reports about a Stix-Domain-Object object. :param id: the id of the Stix-Domain-Object :type id: str :return: List of reports :rtype: list or None .. py:method:: notes(**kwargs) Get the notes about a Stix-Domain-Object object. :param id: the id of the Stix-Domain-Object :type id: str :return: List of notes :rtype: list or None .. py:method:: observed_data(**kwargs) Get the observed data of a Stix-Domain-Object object. :param id: the id of the Stix-Domain-Object :type id: str :return: List of observed data :rtype: list or None