pycti.entities.opencti_malware_analysis ======================================= .. py:module:: pycti.entities.opencti_malware_analysis Classes ------- .. autoapisummary:: pycti.entities.opencti_malware_analysis.MalwareAnalysis Module Contents --------------- .. py:class:: MalwareAnalysis(opencti) Main MalwareAnalysis class for OpenCTI Manages malware analysis reports and results in the OpenCTI platform. :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient` :type opencti: OpenCTIApiClient Initialize the MalwareAnalysis instance. :param opencti: OpenCTI API client instance :type opencti: OpenCTIApiClient .. py:attribute:: opencti .. py:attribute:: properties :value: Multiline-String .. raw:: html
Show Value .. code-block:: python """ id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectOrganization { id standard_id name } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified } } } revoked confidence created modified product result_name result submitted analysis_started analysis_ended version configuration_version analysis_engine_version analysis_definition_version modules """ .. raw:: html
.. py:attribute:: properties_with_files :value: Multiline-String .. raw:: html
Show Value .. code-block:: python """ id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectOrganization { id standard_id name } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified importFiles { edges { node { id name size metaData { mimetype version } } } } } } } revoked confidence created modified product result_name result submitted analysis_started analysis_ended version configuration_version analysis_engine_version analysis_definition_version modules importFiles { edges { node { id name size metaData { mimetype version } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } } } } """ .. raw:: html
.. py:method:: generate_id(result_name, product=None, submitted=None) :staticmethod: Generate a STIX ID for a Malware Analysis. :param result_name: the result name of the analysis :type result_name: str :param product: the product that performed the analysis (optional) :type product: str :param submitted: the submission date (optional) :type submitted: str :return: STIX ID for the Malware Analysis :rtype: str .. py:method:: generate_id_from_data(data) :staticmethod: Generate a STIX ID from Malware Analysis data. :param data: Dictionary containing 'result_name', 'product', and optionally 'submitted' keys :type data: dict :return: STIX ID for the Malware Analysis :rtype: str .. py:method:: list(**kwargs) List Malware analysis objects. :param filters: the filters to apply :type filters: dict :param search: the search keyword :type search: str :param first: return the first n rows from the after ID (or the beginning if not set) :type first: int :param after: ID of the first row for pagination :type after: str :return: List of MalwareAnalysis objects :rtype: list .. py:method:: read(**kwargs) Read a Malware analysis object. :param id: the id of the Malware analysis :type id: str :param filters: the filters to apply if no id provided :type filters: dict :return: Malware analysis object :rtype: dict or None .. py:method:: create(**kwargs) Create a Malware analysis object. :param product: the product that performed the analysis (required) :type product: str :param result_name: the result name of the analysis (required) :type result_name: str :param stix_id: (optional) the STIX ID :type stix_id: str :param createdBy: (optional) the author ID :type createdBy: str :param objectMarking: (optional) list of marking definition IDs :type objectMarking: list :param objectLabel: (optional) list of label IDs :type objectLabel: list :param externalReferences: (optional) list of external reference IDs :type externalReferences: list :param revoked: (optional) whether the malware analysis is revoked :type revoked: bool :param confidence: (optional) confidence level (0-100) :type confidence: int :param lang: (optional) language :type lang: str :param created: (optional) creation date :type created: str :param modified: (optional) modification date :type modified: str :param result: (optional) result of the analysis :type result: str :param submitted: (optional) submission date :type submitted: str :param analysis_started: (optional) analysis start date :type analysis_started: str :param analysis_ended: (optional) analysis end date :type analysis_ended: str :param version: (optional) version of the analysis :type version: str :param configuration_version: (optional) configuration version :type configuration_version: str :param analysis_engine_version: (optional) analysis engine version :type analysis_engine_version: str :param analysis_definition_version: (optional) analysis definition version :type analysis_definition_version: str :param modules: (optional) list of analysis modules :type modules: list :param hostVm: (optional) host VM reference ID :type hostVm: str :param operatingSystem: (optional) operating system reference ID :type operatingSystem: str :param installedSoftware: (optional) list of installed software reference IDs :type installedSoftware: list :param sample: (optional) sample reference ID :type sample: str :param analysisSco: (optional) list of analysis SCO reference IDs :type analysisSco: list :param x_opencti_stix_ids: (optional) list of additional STIX IDs :type x_opencti_stix_ids: list :param objectOrganization: (optional) list of organization IDs :type objectOrganization: list :param x_opencti_workflow_id: (optional) workflow ID :type x_opencti_workflow_id: str :param x_opencti_modified_at: (optional) custom modification date :type x_opencti_modified_at: str :param update: (optional) whether to update if exists (default: False) :type update: bool :param files: (optional) list of File objects to attach :type files: list :param filesMarkings: (optional) list of lists of marking definition IDs for each file :type filesMarkings: list :return: Malware analysis object :rtype: dict or None .. py:method:: import_from_stix2(**kwargs) Import a Malware analysis object from a STIX2 object. :param stixObject: the Stix-Object Malware analysis :type stixObject: dict :param extras: additional parameters like created_by_id, object_marking_ids :type extras: dict :param update: whether to update existing object :type update: bool :return: Malware analysis object :rtype: dict or None