pycti.entities.opencti_identity
Classes
Main Identity class for OpenCTI |
Module Contents
- class pycti.entities.opencti_identity.Identity(opencti)[source]
Main Identity class for OpenCTI
Manages individual, organization, and system identities in OpenCTI.
- Parameters:
opencti (OpenCTIApiClient) – instance of
OpenCTIApiClient
Initialize the Identity instance.
- Parameters:
opencti (OpenCTIApiClient) – OpenCTI API client instance
- properties = Multiline-String[source]
Show Value
""" id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases x_opencti_reliability created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_score } ... on Individual { x_opencti_firstname x_opencti_lastname } ... on SecurityPlatform { security_platform_type } } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectOrganization { id standard_id name } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified } } } revoked confidence created modified identity_class name description x_opencti_aliases x_opencti_reliability contact_information ... on Individual { x_opencti_firstname x_opencti_lastname } ... on Organization { x_opencti_organization_type x_opencti_score } ... on SecurityPlatform { security_platform_type } """
- properties_with_files = Multiline-String[source]
Show Value
""" id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases x_opencti_reliability created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_score } ... on Individual { x_opencti_firstname x_opencti_lastname } ... on SecurityPlatform { security_platform_type } } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectOrganization { id standard_id name } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified importFiles { edges { node { id name size metaData { mimetype version } } } } } } } revoked confidence created modified identity_class name description x_opencti_aliases x_opencti_reliability contact_information ... on Individual { x_opencti_firstname x_opencti_lastname } ... on Organization { x_opencti_organization_type x_opencti_score } ... on SecurityPlatform { security_platform_type } importFiles { edges { node { id name size metaData { mimetype version } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } } } } """
- static generate_id(name, identity_class)[source]
Generate a STIX ID for an Identity.
- Parameters:
name (str) – The name of the identity
identity_class (str) – The class of the identity (individual, group, organization, etc.)
- Returns:
STIX ID for the identity
- Return type:
str
- static generate_id_from_data(data)[source]
Generate a STIX ID from identity data.
- Parameters:
data (dict) – Dictionary containing ‘name’ and ‘identity_class’ keys
- Returns:
STIX ID for the identity
- Return type:
str
- list(**kwargs)[source]
List Identity objects.
- Parameters:
types (list) – the list of types
filters (dict) – the filters to apply
search (str) – the search keyword
first (int) – return the first n rows from the after ID (or the beginning if not set)
after (str) – ID of the first row for pagination
orderBy (str) – field to order results by
orderMode (str) – ordering mode (asc/desc)
customAttributes (str) – custom attributes to return
getAll (bool) – whether to retrieve all results
withPagination (bool) – whether to include pagination info
withFiles (bool) – whether to include files
- Returns:
List of Identity objects
- Return type:
list
- read(**kwargs)[source]
Read an Identity object.
- Parameters:
id (str) – the id of the Identity
filters (dict) – the filters to apply if no id provided
customAttributes (str) – custom attributes to return
withFiles (bool) – whether to include files
- Returns:
Identity object
- Return type:
dict or None
- create(**kwargs)[source]
Create an Identity object.
- Parameters:
type – the type of identity (Organization, Individual, System, etc.) (required)
stix_id – (optional) the STIX ID
createdBy – (optional) the author ID
objectMarking – (optional) list of marking definition IDs
objectLabel – (optional) list of label IDs
externalReferences – (optional) list of external reference IDs
revoked – (optional) whether the identity is revoked
confidence – (optional) confidence level (0-100)
lang – (optional) language
created – (optional) creation date
modified – (optional) modification date
name – the name of the Identity (required)
description – (optional) description
contact_information – (optional) contact information
roles – (optional) list of roles
x_opencti_aliases – (optional) list of aliases
security_platform_type – (optional) type of security platform
x_opencti_organization_type – (optional) organization type
x_opencti_reliability – (optional) reliability level
x_opencti_score – (optional) score
x_opencti_firstname – (optional) first name for individuals
x_opencti_lastname – (optional) last name for individuals
x_opencti_stix_ids – (optional) list of additional STIX IDs
objectOrganization – (optional) list of organization IDs
x_opencti_workflow_id – (optional) workflow ID
x_opencti_modified_at – (optional) custom modification date
update (bool) – (optional) whether to update if exists (default: False)
files (list) – (optional) list of File objects to attach
filesMarkings (list) – (optional) list of lists of marking definition IDs for each file
- Returns:
Identity object
- Return type:
dict or None
- import_from_stix2(**kwargs)[source]
Import an Identity object from a STIX2 object.
- Parameters:
stixObject (dict) – the STIX2 Identity object
extras (dict) – extra parameters including created_by_id, object_marking_ids, etc.
update (bool) – whether to update if the entity already exists
- Returns:
Identity object
- Return type:
dict or None