pycti.entities.opencti_stix_domain_object

class pycti.entities.opencti_stix_domain_object.StixDomainObject(opencti)[source]

Main StixDomainObject class for OpenCTI

Manages STIX Domain Objects in the OpenCTI platform.

Parameters:

opencti (OpenCTIApiClient) – instance of OpenCTIApiClient

__init__(opencti)[source]

Initialize the StixDomainObject instance.

Parameters:

opencti (OpenCTIApiClient) – OpenCTI API client instance

add_external_reference(**kwargs)[source]

Add an External-Reference object to Stix-Domain-Object object.

Parameters:

  • id (str) – the id of the Stix-Domain-Object

  • external_reference_id (str) – the id of the External-Reference

Returns:

True if successful, False otherwise

Return type:

bool

add_file(**kwargs)[source]

Upload a file to this Stix-Domain-Object.

Parameters:

  • id (str) – the Stix-Domain-Object id

  • file_name (str) – the file name or path

  • data (bytes or None) – the file data (optional, will read from file_name if not provided)

  • fileMarkings (list) – list of marking definition IDs for the file

  • version (str) – version datetime

  • mime_type (str) – MIME type of the file

  • no_trigger_import (bool) – whether to skip triggering import

  • embedded (bool) – whether the file is embedded

Returns:

File upload result

Return type:

dict or None

add_kill_chain_phase(**kwargs)[source]

Add a Kill-Chain-Phase object to Stix-Domain-Object object (kill_chain_phases).

Parameters:

  • id (str) – the id of the Stix-Domain-Object

  • kill_chain_phase_id (str) – the id of the Kill-Chain-Phase

Returns:

True if successful, False otherwise

Return type:

bool

add_label(**kwargs)[source]

Add a Label object to Stix-Domain-Object object.

Parameters:

  • id (str) – the id of the Stix-Domain-Object

  • label_id (str) – the id of the Label

  • label_name (str) – the name of the Label (alternative to label_id)

Returns:

True if successful, False otherwise

Return type:

bool

add_marking_definition(**kwargs)[source]

Add a Marking-Definition object to Stix-Domain-Object object (object_marking_refs).

Parameters:

  • id (str) – the id of the Stix-Domain-Object

  • marking_definition_id (str) – the id of the Marking-Definition

Returns:

True if successful, False otherwise

Return type:

bool

delete(**kwargs)[source]

Delete a Stix-Domain-Object.

Parameters:

id (str) – the Stix-Domain-Object id

Returns:

None

get_by_stix_id_or_name(**kwargs)[source]

Get a Stix-Domain-Object object by stix_id or name.

Parameters:

  • types (list) – a list of Stix-Domain-Object types

  • stix_id (str) – the STIX ID of the Stix-Domain-Object

  • name (str) – the name of the Stix-Domain-Object

  • aliases (list) – list of aliases to search

  • fieldName (str) – the field name to use for alias search

  • customAttributes (str) – custom attributes to return

Returns:

Stix-Domain-Object object

Return type:

dict or None

list(**kwargs)[source]

List Stix-Domain-Object objects.

Parameters:

  • types (list) – the list of types

  • filters (dict) – the filters to apply

  • search (str) – the search keyword

  • first (int) – return the first n rows from the after ID (or the beginning if not set)

  • after (str) – ID of the first row for pagination

  • orderBy (str) – field to order results by

  • orderMode (str) – ordering mode (asc/desc)

  • customAttributes (str) – custom attributes to return

  • getAll (bool) – whether to retrieve all results

  • withPagination (bool) – whether to include pagination info

  • withFiles (bool) – whether to include files

Returns:

List of Stix-Domain-Object objects

Return type:

list

notes(**kwargs)[source]

Get the notes about a Stix-Domain-Object object.

Parameters:

id (str) – the id of the Stix-Domain-Object

Returns:

List of notes

Return type:

list or None

observed_data(**kwargs)[source]

Get the observed data of a Stix-Domain-Object object.

Parameters:

id (str) – the id of the Stix-Domain-Object

Returns:

List of observed data

Return type:

list or None

push_entity_export(entity_id, file_name, data, file_markings=None, mime_type=None)[source]

Push an entity export file.

Parameters:

  • entity_id (str) – the entity id

  • file_name (str) – the file name

  • data (bytes or str) – the file data

  • file_markings (list or None) – list of marking definition IDs

  • mime_type (str or None) – MIME type of the file

Returns:

None

push_list_export(entity_id, entity_type, file_name, file_markings, data, list_filters='', mime_type=None)[source]

Push a list export file.

Parameters:

  • entity_id (str) – the entity id

  • entity_type (str) – the entity type

  • file_name (str) – the file name

  • file_markings (list) – list of marking definition IDs

  • data (bytes or str) – the file data

  • list_filters (str) – filters applied to the list export

  • mime_type (str or None) – MIME type of the file

Returns:

None

read(**kwargs)[source]

Read a Stix-Domain-Object object.

Parameters:

  • id (str) – the id of the Stix-Domain-Object

  • types (list) – list of Stix Domain Entity types

  • filters (dict) – the filters to apply if no id provided

  • customAttributes (str) – custom attributes to return

  • withFiles (bool) – whether to include files

Returns:

Stix-Domain-Object object

Return type:

dict or None

remove_external_reference(**kwargs)[source]

Remove an External-Reference object from Stix-Domain-Object object.

Parameters:

  • id (str) – the id of the Stix-Domain-Object

  • external_reference_id (str) – the id of the External-Reference

Returns:

True if successful, False otherwise

Return type:

bool

remove_kill_chain_phase(**kwargs)[source]

Remove a Kill-Chain-Phase object from Stix-Domain-Object object.

Parameters:

  • id (str) – the id of the Stix-Domain-Object

  • kill_chain_phase_id (str) – the id of the Kill-Chain-Phase

Returns:

True if successful, False otherwise

Return type:

bool

remove_label(**kwargs)[source]

Remove a Label object from Stix-Domain-Object object.

Parameters:

  • id (str) – the id of the Stix-Domain-Object

  • label_id (str) – the id of the Label

  • label_name (str) – the name of the Label (alternative to label_id)

Returns:

True if successful, False otherwise

Return type:

bool

remove_marking_definition(**kwargs)[source]

Remove a Marking-Definition object from Stix-Domain-Object object.

Parameters:

  • id (str) – the id of the Stix-Domain-Object

  • marking_definition_id (str) – the id of the Marking-Definition

Returns:

True if successful, False otherwise

Return type:

bool

reports(**kwargs)[source]

Get the reports about a Stix-Domain-Object object.

Parameters:

id (str) – the id of the Stix-Domain-Object

Returns:

List of reports

Return type:

list or None

update_created_by(**kwargs)[source]

Update the Identity author of a Stix-Domain-Object object (created_by).

Parameters:

  • id (str) – the id of the Stix-Domain-Object

  • identity_id (str) – the id of the Identity

Returns:

True if successful, False otherwise

Return type:

bool

update_field(**kwargs)[source]

Update a Stix-Domain-Object object field.

Parameters:

  • id (str) – the Stix-Domain-Object id

  • input (list) – the input of the field

Returns:

Updated Stix-Domain-Object object

Return type:

dict or None