pycti.entities.opencti_tool

class pycti.entities.opencti_tool.Tool(opencti)[source]

Main Tool class for OpenCTI

Manages tools used by threat actors in the OpenCTI platform.

Parameters:

opencti (OpenCTIApiClient) – instance of OpenCTIApiClient

__init__(opencti)[source]

Initialize the Tool instance.

Parameters:

opencti (OpenCTIApiClient) – OpenCTI API client instance

create(**kwargs)[source]

Create a Tool object.

Parameters:

  • stix_id (str) – (optional) the STIX ID

  • name (str) – the name of the Tool (required)

  • description (str) – description of the tool

  • aliases (list) – list of aliases

  • tool_types (list) – types of tool

  • tool_version (str) – version of the tool

  • killChainPhases (list) – kill chain phases

  • createdBy (str) – creator identity ID

  • objectMarking (list) – marking definition IDs

  • objectLabel (list) – label IDs

  • externalReferences (list) – external reference IDs

  • objectOrganization (list) – organization IDs

  • revoked (bool) – whether the tool is revoked

  • confidence (int) – confidence level (0-100)

  • lang (str) – language

  • created (str) – creation date

  • modified (str) – modification date

  • x_opencti_stix_ids (list) – additional STIX IDs

  • x_opencti_workflow_id (str) – workflow ID

  • x_opencti_modified_at (str) – custom modification date

  • update (bool) – whether to update existing tool

  • files (list) – (optional) list of File objects to attach

  • filesMarkings (list) – (optional) list of lists of marking definition IDs for each file

Returns:

Tool object

Return type:

dict or None

static generate_id(name)[source]

Generate a STIX ID for a Tool.

Parameters:

name (str) – The name of the tool

Returns:

STIX ID for the tool

Return type:

str

static generate_id_from_data(data)[source]

Generate a STIX ID from tool data.

Parameters:

data (dict) – Dictionary containing ‘name’ key

Returns:

STIX ID for the tool

Return type:

str

import_from_stix2(**kwargs)[source]

Import a Tool object from a STIX2 object.

Parameters:

  • stixObject (dict) – the STIX2 Tool object

  • extras (dict) – extra parameters including created_by_id, object_marking_ids, etc.

  • update (bool) – whether to update if the entity already exists

Returns:

Tool object

Return type:

dict or None

list(**kwargs)[source]

List Tool objects.

Parameters:

  • filters (dict) – the filters to apply

  • search (str) – the search keyword

  • first (int) – return the first n rows from the after ID (or the beginning if not set)

  • after (str) – ID of the first row for pagination

  • orderBy (str) – field to order results by

  • orderMode (str) – ordering mode (asc/desc)

  • customAttributes (str) – custom attributes to return

  • getAll (bool) – whether to retrieve all results

  • withPagination (bool) – whether to include pagination info

Returns:

List of Tool objects

Return type:

list

read(**kwargs)[source]

Read a Tool object.

Parameters:

  • id (str) – the id of the Tool

  • filters (dict) – the filters to apply if no id provided

  • customAttributes (str) – custom attributes to return

Returns:

Tool object

Return type:

dict or None