pycti.entities.opencti_stix_domain_object
Classes
Main StixDomainObject class for OpenCTI |
Module Contents
- class pycti.entities.opencti_stix_domain_object.StixDomainObject(opencti)[source]
Main StixDomainObject class for OpenCTI
Manages STIX Domain Objects in the OpenCTI platform.
- Parameters:
opencti (OpenCTIApiClient) – instance of
OpenCTIApiClient
Initialize the StixDomainObject instance.
- Parameters:
opencti (OpenCTIApiClient) – OpenCTI API client instance
- properties = Multiline-String[source]
Show Value
""" id standard_id entity_type parent_types spec_version created_at updated_at objectOrganization { id standard_id name } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified } } } revoked confidence created modified ... on AttackPattern { name description aliases x_mitre_platforms x_mitre_permissions_required x_mitre_detection x_mitre_id killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } } ... on Campaign { name description aliases first_seen last_seen objective } ... on Note { attribute_abstract content authors note_types likelihood objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on ObservedData { first_observed last_observed number_observed objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Opinion { explanation authors opinion objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Report { name description report_types published objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Grouping { name description context objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on CourseOfAction { name description x_opencti_aliases } ... on DataComponent { name description dataSource { id standard_id entity_type parent_types spec_version created_at updated_at revoked confidence created modified name description x_mitre_platforms collection_layers } } ... on DataSource { name description x_mitre_platforms collection_layers } ... on Individual { name description x_opencti_aliases contact_information x_opencti_firstname x_opencti_lastname } ... on Organization { name description x_opencti_aliases contact_information x_opencti_organization_type x_opencti_reliability } ... on Sector { name description x_opencti_aliases contact_information } ... on System { name description x_opencti_aliases } ... on Indicator { pattern_type pattern_version pattern name description indicator_types valid_from valid_until x_opencti_score x_opencti_detection x_opencti_main_observable_type } ... on Infrastructure { name description aliases infrastructure_types first_seen last_seen } ... on IntrusionSet { name description aliases first_seen last_seen goals resource_level primary_motivation secondary_motivations } ... on City { name description latitude longitude precision x_opencti_aliases } ... on Country { name description latitude longitude precision x_opencti_aliases } ... on Region { name description latitude longitude precision x_opencti_aliases } ... on Position { name description latitude longitude precision x_opencti_aliases street_address postal_code } ... on Malware { name description aliases malware_types is_family first_seen last_seen architecture_execution_envs implementation_languages capabilities killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } } ... on MalwareAnalysis { product version configuration_version modules analysis_engine_version analysis_definition_version submitted analysis_started analysis_ended result_name result } ... on ThreatActor { name description aliases threat_actor_types first_seen last_seen roles goals sophistication resource_level primary_motivation secondary_motivations personal_motivations } ... on Tool { name description aliases tool_types tool_version killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } } ... on Event { name description aliases event_types } ... on Channel { name description aliases channel_types } ... on Narrative { name description aliases narrative_types } ... on DataComponent { name description } ... on DataSource { name description } ... on Case { name description objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Vulnerability { name description x_opencti_aliases x_opencti_cvss_vector_string x_opencti_cvss_base_score x_opencti_cvss_base_severity x_opencti_cvss_attack_vector x_opencti_cvss_attack_complexity x_opencti_cvss_privileges_required x_opencti_cvss_user_interaction x_opencti_cvss_scope x_opencti_cvss_confidentiality_impact x_opencti_cvss_integrity_impact x_opencti_cvss_availability_impact x_opencti_cvss_exploit_code_maturity x_opencti_cvss_remediation_level x_opencti_cvss_report_confidence x_opencti_cvss_temporal_score x_opencti_cvss_v2_vector_string x_opencti_cvss_v2_base_score x_opencti_cvss_v2_access_vector x_opencti_cvss_v2_access_complexity x_opencti_cvss_v2_authentication x_opencti_cvss_v2_confidentiality_impact x_opencti_cvss_v2_integrity_impact x_opencti_cvss_v2_availability_impact x_opencti_cvss_v2_exploitability x_opencti_cvss_v2_remediation_level x_opencti_cvss_v2_report_confidence x_opencti_cvss_v2_temporal_score x_opencti_cvss_v4_vector_string x_opencti_cvss_v4_base_score x_opencti_cvss_v4_base_severity x_opencti_cvss_v4_attack_vector x_opencti_cvss_v4_attack_complexity x_opencti_cvss_v4_attack_requirements x_opencti_cvss_v4_privileges_required x_opencti_cvss_v4_user_interaction x_opencti_cvss_v4_confidentiality_impact_v x_opencti_cvss_v4_confidentiality_impact_s x_opencti_cvss_v4_integrity_impact_v x_opencti_cvss_v4_integrity_impact_s x_opencti_cvss_v4_availability_impact_v x_opencti_cvss_v4_availability_impact_s x_opencti_cvss_v4_exploit_maturity x_opencti_cwe x_opencti_cisa_kev x_opencti_epss_score x_opencti_epss_percentile x_opencti_score } ... on Incident { name description aliases first_seen last_seen objective } """
- properties_with_files = Multiline-String[source]
Show Value
""" id standard_id entity_type parent_types spec_version created_at updated_at objectOrganization { id standard_id name } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified importFiles { edges { node { id name size metaData { mimetype version } } } } } } } revoked confidence created modified ... on AttackPattern { name description aliases x_mitre_platforms x_mitre_permissions_required x_mitre_detection x_mitre_id killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } } ... on Campaign { name description aliases first_seen last_seen objective } ... on Note { attribute_abstract content authors note_types likelihood objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on ObservedData { first_observed last_observed number_observed objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Opinion { explanation authors opinion objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Report { name description report_types published objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Grouping { name description context objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on CourseOfAction { name description x_opencti_aliases } ... on DataComponent { name description dataSource { id standard_id entity_type parent_types spec_version created_at updated_at revoked confidence created modified name description x_mitre_platforms collection_layers } } ... on DataSource { name description x_mitre_platforms collection_layers } ... on Individual { name description x_opencti_aliases contact_information x_opencti_firstname x_opencti_lastname } ... on Organization { name description x_opencti_aliases contact_information x_opencti_organization_type x_opencti_reliability } ... on Sector { name description x_opencti_aliases contact_information } ... on System { name description x_opencti_aliases } ... on Indicator { pattern_type pattern_version pattern name description indicator_types valid_from valid_until x_opencti_score x_opencti_detection x_opencti_main_observable_type } ... on Infrastructure { name description aliases infrastructure_types first_seen last_seen } ... on IntrusionSet { name description aliases first_seen last_seen goals resource_level primary_motivation secondary_motivations } ... on City { name description latitude longitude precision x_opencti_aliases } ... on Country { name description latitude longitude precision x_opencti_aliases } ... on Region { name description latitude longitude precision x_opencti_aliases } ... on Position { name description latitude longitude precision x_opencti_aliases street_address postal_code } ... on Malware { name description aliases malware_types is_family first_seen last_seen architecture_execution_envs implementation_languages capabilities killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } } ... on MalwareAnalysis { product version configuration_version modules analysis_engine_version analysis_definition_version submitted analysis_started analysis_ended result_name result } ... on ThreatActor { name description aliases threat_actor_types first_seen last_seen roles goals sophistication resource_level primary_motivation secondary_motivations personal_motivations } ... on Tool { name description aliases tool_types tool_version killChainPhases { id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified } } ... on Event { name description aliases event_types } ... on Channel { name description aliases channel_types } ... on Narrative { name description aliases narrative_types } ... on DataComponent { name description } ... on DataSource { name description } ... on Case { name description objects { edges { node { ... on BasicObject { id parent_types entity_type standard_id } ... on BasicRelationship { id parent_types entity_type standard_id } } } } } ... on Vulnerability { name description x_opencti_aliases x_opencti_cvss_vector_string x_opencti_cvss_base_score x_opencti_cvss_base_severity x_opencti_cvss_attack_vector x_opencti_cvss_attack_complexity x_opencti_cvss_privileges_required x_opencti_cvss_user_interaction x_opencti_cvss_scope x_opencti_cvss_confidentiality_impact x_opencti_cvss_integrity_impact x_opencti_cvss_availability_impact x_opencti_cvss_exploit_code_maturity x_opencti_cvss_remediation_level x_opencti_cvss_report_confidence x_opencti_cvss_temporal_score x_opencti_cvss_v2_vector_string x_opencti_cvss_v2_base_score x_opencti_cvss_v2_access_vector x_opencti_cvss_v2_access_complexity x_opencti_cvss_v2_authentication x_opencti_cvss_v2_confidentiality_impact x_opencti_cvss_v2_integrity_impact x_opencti_cvss_v2_availability_impact x_opencti_cvss_v2_exploitability x_opencti_cvss_v2_remediation_level x_opencti_cvss_v2_report_confidence x_opencti_cvss_v2_temporal_score x_opencti_cvss_v4_vector_string x_opencti_cvss_v4_base_score x_opencti_cvss_v4_base_severity x_opencti_cvss_v4_attack_vector x_opencti_cvss_v4_attack_complexity x_opencti_cvss_v4_attack_requirements x_opencti_cvss_v4_privileges_required x_opencti_cvss_v4_user_interaction x_opencti_cvss_v4_confidentiality_impact_v x_opencti_cvss_v4_confidentiality_impact_s x_opencti_cvss_v4_integrity_impact_v x_opencti_cvss_v4_integrity_impact_s x_opencti_cvss_v4_availability_impact_v x_opencti_cvss_v4_availability_impact_s x_opencti_cvss_v4_exploit_maturity x_opencti_cwe x_opencti_cisa_kev x_opencti_epss_score x_opencti_epss_percentile x_opencti_score } ... on Incident { name description aliases first_seen last_seen objective } importFiles { edges { node { id name size metaData { mimetype version } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } } } } """
- list(**kwargs)[source]
List Stix-Domain-Object objects.
- Parameters:
types (list) – the list of types
filters (dict) – the filters to apply
search (str) – the search keyword
first (int) – return the first n rows from the after ID (or the beginning if not set)
after (str) – ID of the first row for pagination
orderBy (str) – field to order results by
orderMode (str) – ordering mode (asc/desc)
customAttributes (str) – custom attributes to return
getAll (bool) – whether to retrieve all results
withPagination (bool) – whether to include pagination info
withFiles (bool) – whether to include files
- Returns:
List of Stix-Domain-Object objects
- Return type:
list
- read(**kwargs)[source]
Read a Stix-Domain-Object object.
- Parameters:
id (str) – the id of the Stix-Domain-Object
types (list) – list of Stix Domain Entity types
filters (dict) – the filters to apply if no id provided
customAttributes (str) – custom attributes to return
withFiles (bool) – whether to include files
- Returns:
Stix-Domain-Object object
- Return type:
dict or None
- get_by_stix_id_or_name(**kwargs)[source]
Get a Stix-Domain-Object object by stix_id or name.
- Parameters:
types (list) – a list of Stix-Domain-Object types
stix_id (str) – the STIX ID of the Stix-Domain-Object
name (str) – the name of the Stix-Domain-Object
aliases (list) – list of aliases to search
fieldName (str) – the field name to use for alias search
customAttributes (str) – custom attributes to return
- Returns:
Stix-Domain-Object object
- Return type:
dict or None
- update_field(**kwargs)[source]
Update a Stix-Domain-Object object field.
- Parameters:
id (str) – the Stix-Domain-Object id
input (list) – the input of the field
- Returns:
Updated Stix-Domain-Object object
- Return type:
dict or None
- delete(**kwargs)[source]
Delete a Stix-Domain-Object.
- Parameters:
id (str) – the Stix-Domain-Object id
- Returns:
None
- add_file(**kwargs)[source]
Upload a file to this Stix-Domain-Object.
- Parameters:
id (str) – the Stix-Domain-Object id
file_name (str) – the file name or path
data (bytes or None) – the file data (optional, will read from file_name if not provided)
fileMarkings (list) – list of marking definition IDs for the file
version (str) – version datetime
mime_type (str) – MIME type of the file
no_trigger_import (bool) – whether to skip triggering import
embedded (bool) – whether the file is embedded
- Returns:
File upload result
- Return type:
dict or None
- push_list_export(entity_id, entity_type, file_name, file_markings, data, list_filters='', mime_type=None)[source]
Push a list export file.
- Parameters:
entity_id (str) – the entity id
entity_type (str) – the entity type
file_name (str) – the file name
file_markings (list) – list of marking definition IDs
data (bytes or str) – the file data
list_filters (str) – filters applied to the list export
mime_type (str or None) – MIME type of the file
- Returns:
None
- push_entity_export(entity_id, file_name, data, file_markings=None, mime_type=None)[source]
Push an entity export file.
- Parameters:
entity_id (str) – the entity id
file_name (str) – the file name
data (bytes or str) – the file data
file_markings (list or None) – list of marking definition IDs
mime_type (str or None) – MIME type of the file
- Returns:
None
- update_created_by(**kwargs)[source]
Update the Identity author of a Stix-Domain-Object object (created_by).
- Parameters:
id (str) – the id of the Stix-Domain-Object
identity_id (str) – the id of the Identity
- Returns:
True if successful, False otherwise
- Return type:
bool
- add_marking_definition(**kwargs)[source]
Add a Marking-Definition object to Stix-Domain-Object object (object_marking_refs).
- Parameters:
id (str) – the id of the Stix-Domain-Object
marking_definition_id (str) – the id of the Marking-Definition
- Returns:
True if successful, False otherwise
- Return type:
bool
- remove_marking_definition(**kwargs)[source]
Remove a Marking-Definition object from Stix-Domain-Object object.
- Parameters:
id (str) – the id of the Stix-Domain-Object
marking_definition_id (str) – the id of the Marking-Definition
- Returns:
True if successful, False otherwise
- Return type:
bool
- add_label(**kwargs)[source]
Add a Label object to Stix-Domain-Object object.
- Parameters:
id (str) – the id of the Stix-Domain-Object
label_id (str) – the id of the Label
label_name (str) – the name of the Label (alternative to label_id)
- Returns:
True if successful, False otherwise
- Return type:
bool
- remove_label(**kwargs)[source]
Remove a Label object from Stix-Domain-Object object.
- Parameters:
id (str) – the id of the Stix-Domain-Object
label_id (str) – the id of the Label
label_name (str) – the name of the Label (alternative to label_id)
- Returns:
True if successful, False otherwise
- Return type:
bool
- add_external_reference(**kwargs)[source]
Add an External-Reference object to Stix-Domain-Object object.
- Parameters:
id (str) – the id of the Stix-Domain-Object
external_reference_id (str) – the id of the External-Reference
- Returns:
True if successful, False otherwise
- Return type:
bool
- remove_external_reference(**kwargs)[source]
Remove an External-Reference object from Stix-Domain-Object object.
- Parameters:
id (str) – the id of the Stix-Domain-Object
external_reference_id (str) – the id of the External-Reference
- Returns:
True if successful, False otherwise
- Return type:
bool
- add_kill_chain_phase(**kwargs)[source]
Add a Kill-Chain-Phase object to Stix-Domain-Object object (kill_chain_phases).
- Parameters:
id (str) – the id of the Stix-Domain-Object
kill_chain_phase_id (str) – the id of the Kill-Chain-Phase
- Returns:
True if successful, False otherwise
- Return type:
bool
- remove_kill_chain_phase(**kwargs)[source]
Remove a Kill-Chain-Phase object from Stix-Domain-Object object.
- Parameters:
id (str) – the id of the Stix-Domain-Object
kill_chain_phase_id (str) – the id of the Kill-Chain-Phase
- Returns:
True if successful, False otherwise
- Return type:
bool
- reports(**kwargs)[source]
Get the reports about a Stix-Domain-Object object.
- Parameters:
id (str) – the id of the Stix-Domain-Object
- Returns:
List of reports
- Return type:
list or None