pycti.entities.opencti_malware_analysis
Classes
Main MalwareAnalysis class for OpenCTI |
Module Contents
- class pycti.entities.opencti_malware_analysis.MalwareAnalysis(opencti)[source]
Main MalwareAnalysis class for OpenCTI
Manages malware analysis reports and results in the OpenCTI platform.
- Parameters:
opencti (OpenCTIApiClient) – instance of
OpenCTIApiClient
Initialize the MalwareAnalysis instance.
- Parameters:
opencti (OpenCTIApiClient) – OpenCTI API client instance
- properties = Multiline-String[source]
Show Value
""" id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectOrganization { id standard_id name } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified } } } revoked confidence created modified product result_name result submitted analysis_started analysis_ended version configuration_version analysis_engine_version analysis_definition_version modules """
- properties_with_files = Multiline-String[source]
Show Value
""" id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectOrganization { id standard_id name } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified importFiles { edges { node { id name size metaData { mimetype version } } } } } } } revoked confidence created modified product result_name result submitted analysis_started analysis_ended version configuration_version analysis_engine_version analysis_definition_version modules importFiles { edges { node { id name size metaData { mimetype version } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } } } } """
- static generate_id(result_name, product=None, submitted=None)[source]
Generate a STIX ID for a Malware Analysis.
- Parameters:
result_name (str) – the result name of the analysis
product (str) – the product that performed the analysis (optional)
submitted (str) – the submission date (optional)
- Returns:
STIX ID for the Malware Analysis
- Return type:
str
- static generate_id_from_data(data)[source]
Generate a STIX ID from Malware Analysis data.
- Parameters:
data (dict) – Dictionary containing ‘result_name’, ‘product’, and optionally ‘submitted’ keys
- Returns:
STIX ID for the Malware Analysis
- Return type:
str
- list(**kwargs)[source]
List Malware analysis objects.
- Parameters:
filters (dict) – the filters to apply
search (str) – the search keyword
first (int) – return the first n rows from the after ID (or the beginning if not set)
after (str) – ID of the first row for pagination
- Returns:
List of MalwareAnalysis objects
- Return type:
list
- read(**kwargs)[source]
Read a Malware analysis object.
- Parameters:
id (str) – the id of the Malware analysis
filters (dict) – the filters to apply if no id provided
- Returns:
Malware analysis object
- Return type:
dict or None
- create(**kwargs)[source]
Create a Malware analysis object.
- Parameters:
product (str) – the product that performed the analysis (required)
result_name (str) – the result name of the analysis (required)
stix_id (str) – (optional) the STIX ID
createdBy (str) – (optional) the author ID
objectMarking (list) – (optional) list of marking definition IDs
objectLabel (list) – (optional) list of label IDs
externalReferences (list) – (optional) list of external reference IDs
revoked (bool) – (optional) whether the malware analysis is revoked
confidence (int) – (optional) confidence level (0-100)
lang (str) – (optional) language
created (str) – (optional) creation date
modified (str) – (optional) modification date
result (str) – (optional) result of the analysis
submitted (str) – (optional) submission date
analysis_started (str) – (optional) analysis start date
analysis_ended (str) – (optional) analysis end date
version (str) – (optional) version of the analysis
configuration_version (str) – (optional) configuration version
analysis_engine_version (str) – (optional) analysis engine version
analysis_definition_version (str) – (optional) analysis definition version
modules (list) – (optional) list of analysis modules
hostVm (str) – (optional) host VM reference ID
operatingSystem (str) – (optional) operating system reference ID
installedSoftware (list) – (optional) list of installed software reference IDs
sample (str) – (optional) sample reference ID
analysisSco (list) – (optional) list of analysis SCO reference IDs
x_opencti_stix_ids (list) – (optional) list of additional STIX IDs
objectOrganization (list) – (optional) list of organization IDs
x_opencti_workflow_id (str) – (optional) workflow ID
x_opencti_modified_at (str) – (optional) custom modification date
update (bool) – (optional) whether to update if exists (default: False)
files (list) – (optional) list of File objects to attach
filesMarkings (list) – (optional) list of lists of marking definition IDs for each file
- Returns:
Malware analysis object
- Return type:
dict or None
- import_from_stix2(**kwargs)[source]
Import a Malware analysis object from a STIX2 object.
- Parameters:
stixObject (dict) – the Stix-Object Malware analysis
extras (dict) – additional parameters like created_by_id, object_marking_ids
update (bool) – whether to update existing object
- Returns:
Malware analysis object
- Return type:
dict or None