pycti.entities.opencti_group ============================ .. py:module:: pycti.entities.opencti_group Classes ------- .. autoapisummary:: pycti.entities.opencti_group.Group Module Contents --------------- .. py:class:: Group(opencti) Representation of a Group in OpenCTI Groups have members and also have assigned roles. Roles attached to a group determine what members of the group have permissions to do according to the capabilities the role has. Additionally, groups have a confidence level which informs the effective confidence of members of the group. Groups also have permissions on Marking Definitions. Assigned marking definitions allow users to apply their capabilities on objects with those definitions. Additionally, there are default markings added to all objects created by members of a group, and max shareable definitions which determine which objects users can export from the platform to share. See the properties attribute to understand what properties are fetched by default from GraphQL queries. :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient` :type opencti: OpenCTIApiClient Initialize the Group instance. :param opencti: OpenCTI API client instance :type opencti: OpenCTIApiClient .. py:attribute:: opencti .. py:attribute:: properties :value: Multiline-String .. raw:: html
Show Value .. code-block:: python """ id standard_id name description entity_type parent_types created_at updated_at default_assignation no_creators restrict_delete default_hidden_types auto_new_marking allowed_marking { id, standard_id, definition_type, definition } default_marking { entity_type values { id, standard_id, definition_type, definition } } not_shareable_marking_types max_shareable_marking { id, standard_id, definition_type, definition } group_confidence_level { max_confidence overrides { entity_type max_confidence } } roles { edges { node { id, name capabilities { id, name } capabilitiesInDraft { id, name } } } } members { edges { node { id, individual_id, user_email, name } } } """ .. raw:: html
.. py:method:: list(**kwargs) -> List[Dict] Lists groups based on a number of filters. :param first: Retrieve this number of results. If 0 then fetches all results, defaults to 0. :type first: int, optional :param after: ID of the group to fetch results after in the list of all results, defaults to None. :type after: str, optional :param orderBy: Field by which to order results. Must be one of name, default_assignation, no_creators, restrict_delete, auto_new_marking, created_at, updated_at, group_confidence_level, and _score, defaults to "name". :type orderBy: str, optional :param orderMode: Direction of ordering. Must be one of "asc" or "desc", defaults to "asc". :type orderMode: str, optional :param search: String to search groups for, defaults to None. :type search: str, optional :param filters: OpenCTI API FilterGroup object. This is an advanced parameter. To learn more please search for the FilterGroup object in the OpenCTI GraphQL Playground, defaults to {}. :type filters: dict, optional :param customAttributes: Custom attributes to fetch from the GraphQL query :type customAttributes: str, optional :param getAll: Defaults to False. Whether or not to get all results from the search. If True then param first is ignored. :type getAll: bool, optional :param withPagination: Defaults to False. Whether to return pagination info with results. :type withPagination: bool, optional :return: List of groups in dictionary representation. :rtype: list[dict] .. py:method:: read(**kwargs) -> Optional[Dict] Fetch a given group from OpenCTI One of id or filters is required. :param id: ID of the group to fetch :type id: str, optional :param filters: Filters to apply to find single group :type filters: dict, optional :param customAttributes: Custom attributes to fetch for the group :type customAttributes: str :return: Representation of a group. :rtype: Optional[Dict] .. py:method:: create(**kwargs) -> Optional[Dict] Create a group with required details Groups can be configured after creation using other functions. :param name: Name of the group to create. :type name: str :param id_confidence_level: Confidence-level dictionary, with a max_confidence member between 0 and 100 (incl) and an overrides list with max_confidence and the entity_type it applies to. :type id_confidence_level: dict :param description: Description of the group :type description: str, optional :param default_assignation: Defaults to False. Whether or not to assign this group by default to all new users. :type default_assignation: bool, optional :param no_creators: Defaults to False. Whether or not to create authors for members of this group. :type no_creators: bool, optional :param restrict_delete: Defaults to False. Whether or not to restrict members deleting entities that are not their own. :type restrict_delete: bool, optional :param auto_new_marking: Defaults to False. Whether or not to allow members access to new markings automatically. :type auto_new_marking: bool, optional :param customAttributes: Attributes to retrieve from the new group :type customAttributes: str, optional :return: Representation of the group. :rtype: Optional[Dict] .. py:method:: delete(**kwargs) Delete a given group from OpenCTI :param id: ID of the group to delete. :type id: str .. py:method:: update_field(**kwargs) -> Optional[Dict] Update a group using fieldPatch :param id: ID of the group to update :type id: str :param input: FieldPatchInput object to edit group :type input: List[Dict] :param customAttributes: Custom attributes to retrieve from group :type customAttribues: str, optional :return: Representation of a group :rtype: Optional[Dict] .. py:method:: add_member(**kwargs) -> Optional[Dict] Add a member to a given group. :param id: ID of the group to add a member to :type id: str :param user_id: ID to add to the group :type user_id: str :return: Representation of the relationship :rtype: Optional[Dict] .. py:method:: delete_member(**kwargs) -> Optional[Dict] Remove a given user from a group :param id: ID to remove a user from :type id: str :param user: ID to remove from the group :type user: str :return: Representation of the group after the member has been removed :rtype: Optional[Dict] .. py:method:: add_role(**kwargs) -> Optional[Dict] Add a role to a given group :param id: ID to add a role to :type id: str :param role_id: Role ID to add to the group :type role: str :return: Representation of the group after a role has been added :rtype: Optional[Dict] .. py:method:: delete_role(**kwargs) -> Optional[Dict] Removes a role from a given group :param id: ID to remove role from :type id: str :param role_id: Role ID to remove from the group :type role_id: str :return: Representation of the group after role is removed :rtype: Optional[Dict] .. py:method:: edit_default_marking(**kwargs) -> Optional[Dict] Adds a default marking to the group. :param id: ID of the group. :type id: str :param marking_ids: IDs of the markings to add, or an empty list to remove all default markings :type marking_ids: List[str] :param entity: STIX entity type to add default marking for. If set to "GLOBAL" applies to all entity types, defaults to "GLOBAL". :type entity: str, optional :return: Group after adding the default marking. :rtype: Optional[Dict] .. py:method:: add_allowed_marking(**kwargs) -> Optional[Dict] Allow a group to access a marking :param id: ID of group to authorise :type id: str :param marking_id: ID of marking to authorise :type marking_id: str :return: Relationship from the group to the marking definition :rtype: Optional[Dict] .. py:method:: delete_allowed_marking(**kwargs) -> Optional[Dict] Removes access to a marking for a group :param id: ID of group to forbid :type id: str :param marking_id: ID of marking to deny :type marking_id: str :return: Group after denying access to marking definition :rtype: Optional[Dict] .. py:method:: process_multiple_fields(data) Process and normalize fields in group data. :param data: the group data dictionary to process :type data: dict :return: the processed group data with normalized fields :rtype: dict