pycti.entities.opencti_case_rft
Classes
Main CaseRft (Request for Takedown) class for OpenCTI |
Module Contents
- class pycti.entities.opencti_case_rft.CaseRft(opencti)[source]
Main CaseRft (Request for Takedown) class for OpenCTI
Manages RFT cases in the OpenCTI platform.
- Parameters:
opencti (OpenCTIApiClient) – instance of
OpenCTIApiClient
Initialize the CaseRft instance.
- Parameters:
opencti (OpenCTIApiClient) – OpenCTI API client instance
- properties = Multiline-String[source]
Show Value
""" id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectOrganization { id standard_id name } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified } } } revoked confidence created modified name description takedown_types severity priority tasks { edges { node { name description due_date status { id template { id name color } } } } } objects(all: true) { edges { node { ... on BasicObject { id entity_type parent_types } ... on BasicRelationship { id entity_type parent_types } ... on StixObject { standard_id spec_version created_at updated_at } ... on AttackPattern { name } ... on Campaign { name } ... on CourseOfAction { name } ... on Individual { name } ... on Organization { name } ... on Sector { name } ... on System { name } ... on Indicator { name } ... on Infrastructure { name } ... on IntrusionSet { name } ... on Position { name } ... on City { name } ... on Country { name } ... on Region { name } ... on Malware { name } ... on ThreatActor { name } ... on Tool { name } ... on Vulnerability { name } ... on Incident { name } ... on Event { name } ... on Channel { name } ... on Narrative { name } ... on Language { name } ... on DataComponent { name } ... on DataSource { name } ... on StixCyberObservable { observable_value } ... on StixCoreRelationship { standard_id spec_version created_at updated_at relationship_type } ... on StixSightingRelationship { standard_id spec_version created_at updated_at } } } } """
- properties_with_files = Multiline-String[source]
Show Value
""" id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectOrganization { id standard_id name } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified importFiles { edges { node { id name size metaData { mimetype version } } } } } } } revoked confidence created modified name description severity priority takedown_types objects(all: true) { edges { node { ... on BasicObject { id entity_type parent_types } ... on BasicRelationship { id entity_type parent_types } ... on StixObject { standard_id spec_version created_at updated_at } ... on AttackPattern { name } ... on Campaign { name } ... on CourseOfAction { name } ... on Individual { name } ... on Organization { name } ... on Sector { name } ... on System { name } ... on Indicator { name } ... on Infrastructure { name } ... on IntrusionSet { name } ... on Position { name } ... on City { name } ... on Country { name } ... on Region { name } ... on Malware { name } ... on ThreatActor { name } ... on Tool { name } ... on Vulnerability { name } ... on Incident { name } ... on Event { name } ... on Channel { name } ... on Narrative { name } ... on Language { name } ... on DataComponent { name } ... on DataSource { name } ... on StixCyberObservable { observable_value } ... on StixCoreRelationship { standard_id spec_version created_at updated_at relationship_type } ... on StixSightingRelationship { standard_id spec_version created_at updated_at } } } } importFiles { edges { node { id name size metaData { mimetype version } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } } } } """
- static generate_id(name, created)[source]
Generate a STIX ID for a Case RFT object.
- Parameters:
name (str) – the name of the Case RFT
created (str or datetime.datetime) – the creation date of the Case RFT
- Returns:
STIX ID for the Case RFT
- Return type:
str
- static generate_id_from_data(data)[source]
Generate a STIX ID from Case RFT data.
- Parameters:
data (dict) – Dictionary containing ‘name’ and ‘created’ keys
- Returns:
STIX ID for the Case RFT
- Return type:
str
- list(**kwargs)[source]
List Case RFT objects.
- Parameters:
filters (dict) – the filters to apply
search (str) – the search keyword
first (int) – return the first n rows from the after ID (or the beginning if not set)
after (str) – ID of the first row for pagination
orderBy (str) – field to order results by
orderMode (str) – ordering mode (asc/desc)
customAttributes (str) – custom attributes to return
getAll (bool) – whether to retrieve all results
withPagination (bool) – whether to include pagination info
withFiles (bool) – whether to include files
- Returns:
List of Case RFT objects
- Return type:
list
- read(**kwargs)[source]
Read a Case RFT object.
- Parameters:
id (str) – the id of the Case RFT
filters (dict) – the filters to apply if no id provided
customAttributes (str) – custom attributes to return
withFiles (bool) – whether to include files
- Returns:
Case RFT object
- Return type:
dict or None
- get_by_stix_id_or_name(**kwargs)[source]
Read a Case RFT object by stix_id or name.
- Parameters:
stix_id (str) – the STIX ID of the Case RFT
name (str) – the name of the Case RFT
created (str) – the creation date
customAttributes (str) – custom attributes to return
- Returns:
Case RFT object
- Return type:
dict or None
- contains_stix_object_or_stix_relationship(**kwargs)[source]
Check if a Case RFT already contains a STIX Object or Relationship.
- Parameters:
id (str) – the id of the Case RFT
stixObjectOrStixRelationshipId (str) – the id of the Stix-Entity
- Returns:
Boolean indicating if the entity is contained
- Return type:
bool or None
- create(**kwargs)[source]
Create a Case RFT (Request for Takedown) object.
- Parameters:
stix_id (str) – (optional) the STIX ID
createdBy (str) – (optional) the author ID
objects (list) – (optional) list of STIX object IDs contained in the case
objectMarking (list) – (optional) list of marking definition IDs
objectLabel (list) – (optional) list of label IDs
objectAssignee (list) – (optional) list of assignee IDs
objectParticipant (list) – (optional) list of participant IDs
externalReferences (list) – (optional) list of external reference IDs
revoked (bool) – (optional) whether the case is revoked
severity (str) – (optional) severity level
priority (str) – (optional) priority level
confidence (int) – (optional) confidence level (0-100)
lang (str) – (optional) language
content (str) – (optional) content
created (str) – (optional) creation date
modified (str) – (optional) modification date
name (str) – the name of the Case RFT (required)
description (str) – (optional) description
x_opencti_stix_ids (list) – (optional) list of additional STIX IDs
objectOrganization (list) – (optional) list of organization IDs
x_opencti_workflow_id (str) – (optional) workflow ID
x_opencti_modified_at (str) – (optional) custom modification date
update (bool) – (optional) whether to update if exists (default: False)
takedown_types (list) – (optional) list of takedown types
files (list) – (optional) list of File objects to attach
filesMarkings (list) – (optional) list of lists of marking definition IDs for each file
- Returns:
Case RFT object
- Return type:
dict or None
- add_stix_object_or_stix_relationship(**kwargs)[source]
Add a Stix-Entity object to Case RFT object (object_refs).
- Parameters:
id (str) – the id of the Case RFT
stixObjectOrStixRelationshipId (str) – the id of the Stix-Entity
- Returns:
Boolean indicating success
- Return type:
bool
- remove_stix_object_or_stix_relationship(**kwargs)[source]
Remove a Stix-Entity object from Case RFT object (object_refs).
- Parameters:
id (str) – the id of the Case RFT
stixObjectOrStixRelationshipId (str) – the id of the Stix-Entity
- Returns:
Boolean indicating success
- Return type:
bool
- import_from_stix2(**kwargs)[source]
Import a Case RFT object from a STIX2 object.
- Parameters:
stixObject (dict) – the STIX2 Case RFT object
extras (dict) – extra parameters including created_by_id, object_marking_ids, etc.
update (bool) – whether to update if the entity already exists
- Returns:
Case RFT object
- Return type:
dict or None