pycti.entities.opencti_report ============================= .. py:module:: pycti.entities.opencti_report Classes ------- .. autoapisummary:: pycti.entities.opencti_report.Report Module Contents --------------- .. py:class:: Report(opencti) Main Report class for OpenCTI Manages threat intelligence reports in the OpenCTI platform. :param opencti: instance of :py:class:`~pycti.api.opencti_api_client.OpenCTIApiClient` :type opencti: OpenCTIApiClient Initialize the Report instance. :param opencti: OpenCTI API client instance :type opencti: OpenCTIApiClient .. py:attribute:: opencti .. py:attribute:: properties :value: Multiline-String .. raw:: html
Show Value .. code-block:: python """ id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases x_opencti_reliability created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectOrganization { id standard_id name } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified } } } revoked x_opencti_reliability confidence created modified name description content report_types published objects(all: true) { edges { node { ... on BasicObject { id entity_type parent_types } ... on BasicRelationship { id entity_type parent_types } ... on StixObject { standard_id spec_version created_at updated_at } ... on AttackPattern { name } ... on Campaign { name } ... on CourseOfAction { name } ... on Individual { name } ... on Organization { name } ... on Sector { name } ... on System { name } ... on Indicator { name } ... on Infrastructure { name } ... on IntrusionSet { name } ... on Position { name } ... on City { name } ... on Country { name } ... on Region { name } ... on Malware { name } ... on ThreatActor { name } ... on Tool { name } ... on Vulnerability { name } ... on Incident { name } ... on Event { name } ... on Channel { name } ... on Narrative { name } ... on Language { name } ... on DataComponent { name } ... on DataSource { name } ... on Case { name } ... on StixCyberObservable { observable_value } ... on StixCoreRelationship { standard_id spec_version created_at updated_at relationship_type } ... on StixSightingRelationship { standard_id spec_version created_at updated_at } } } } """ .. raw:: html
.. py:attribute:: properties_with_files :value: Multiline-String .. raw:: html
Show Value .. code-block:: python """ id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases x_opencti_reliability created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectOrganization { id standard_id name } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified importFiles { edges { node { id name size metaData { mimetype version } } } } } } } revoked x_opencti_reliability confidence created modified name description report_types published objects(all: true) { edges { node { ... on BasicObject { id entity_type parent_types } ... on BasicRelationship { id entity_type parent_types } ... on StixObject { standard_id spec_version created_at updated_at } ... on AttackPattern { name } ... on Campaign { name } ... on CourseOfAction { name } ... on Individual { name } ... on Organization { name } ... on Sector { name } ... on System { name } ... on Indicator { name } ... on Infrastructure { name } ... on IntrusionSet { name } ... on Position { name } ... on City { name } ... on Country { name } ... on Region { name } ... on Malware { name } ... on ThreatActor { name } ... on Tool { name } ... on Vulnerability { name } ... on Incident { name } ... on Event { name } ... on Channel { name } ... on Narrative { name } ... on Language { name } ... on DataComponent { name } ... on DataSource { name } ... on Case { name } ... on StixCyberObservable { observable_value } ... on StixCoreRelationship { standard_id spec_version created_at updated_at relationship_type } ... on StixSightingRelationship { standard_id spec_version created_at updated_at } } } } importFiles { edges { node { id name size metaData { mimetype version } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } } } } """ .. raw:: html
.. py:method:: generate_id(name, published) :staticmethod: Generate a STIX ID for a Report. :param name: The name of the report :type name: str :param published: The published date of the report :type published: str or datetime.datetime :return: STIX ID for the report :rtype: str .. py:method:: generate_fixed_fake_id(name, published=None) :staticmethod: Generate a fixed fake STIX ID for a Report (used for testing). :param name: The name of the report :type name: str :param published: (optional) The published date of the report :type published: str or datetime.datetime or None :return: STIX ID for the report :rtype: str .. py:method:: generate_id_from_data(data) :staticmethod: Generate a STIX ID from report data. :param data: Dictionary containing 'name' and 'published' keys :type data: dict :return: STIX ID for the report :rtype: str .. py:method:: list(**kwargs) List Report objects. :param filters: the filters to apply :type filters: dict :param search: the search keyword :type search: str :param first: return the first n rows from the after ID (or the beginning if not set) :type first: int :param after: ID of the first row for pagination :type after: str :param orderBy: field to order results by :type orderBy: str :param orderMode: ordering mode (asc/desc) :type orderMode: str :param customAttributes: custom attributes to return :type customAttributes: str :param getAll: whether to retrieve all results :type getAll: bool :param withPagination: whether to include pagination info :type withPagination: bool :param withFiles: whether to include files :type withFiles: bool :return: List of Report objects :rtype: list .. py:method:: read(**kwargs) Read a Report object. :param id: the id of the Report :type id: str :param filters: the filters to apply if no id provided :type filters: dict :param customAttributes: custom attributes to return :type customAttributes: str :param withFiles: whether to include files :type withFiles: bool :return: Report object :rtype: dict or None .. py:method:: get_by_stix_id_or_name(**kwargs) Read a Report object by stix_id or name. :param stix_id: the STIX ID of the Report :type stix_id: str :param name: the name of the Report :type name: str :param published: the published date of the Report :type published: str :param customAttributes: custom attributes to return :type customAttributes: str :return: Report object :rtype: dict or None .. py:method:: contains_stix_object_or_stix_relationship(**kwargs) Check if a report already contains a STIX object or relationship. :param id: the id of the Report :type id: str :param stixObjectOrStixRelationshipId: the id of the STIX object or relationship :type stixObjectOrStixRelationshipId: str :return: True if the report contains the entity, False otherwise :rtype: bool .. py:method:: create(**kwargs) Create a Report object. :param stix_id: (optional) the STIX ID of the Report :param createdBy: (optional) the author ID :param objects: (optional) list of STIX object IDs contained in the report :param objectMarking: (optional) list of marking definition IDs :param objectAssignee: (optional) list of assignee IDs :param objectParticipant: (optional) list of participant IDs :param objectLabel: (optional) list of label IDs :param externalReferences: (optional) list of external reference IDs :param revoked: (optional) whether the report is revoked :param confidence: (optional) confidence level (0-100) :param lang: (optional) language of the report :param created: (optional) creation date :param modified: (optional) modification date :param name: the name of the Report (required) :param description: (optional) description of the report :param content: (optional) content of the report :param report_types: (optional) list of report types :param published: the publication date (required) :param x_opencti_reliability: (optional) reliability level :param x_opencti_stix_ids: (optional) list of additional STIX IDs :param objectOrganization: (optional) list of organization IDs :param x_opencti_workflow_id: (optional) workflow ID :param x_opencti_modified_at: (optional) custom modification date :param update: (optional) whether to update if exists (default: False) :type update: bool :param files: (optional) list of File objects to attach :type files: list :param filesMarkings: (optional) list of lists of marking definition IDs for each file :type filesMarkings: list :return: Report object :rtype: dict or None .. py:method:: add_stix_object_or_stix_relationship(**kwargs) Add a STIX object or relationship to Report object (object_refs). :param id: the id of the Report :type id: str :param stixObjectOrStixRelationshipId: the id of the STIX object or relationship :type stixObjectOrStixRelationshipId: str :return: True if successful, False otherwise :rtype: bool .. py:method:: remove_stix_object_or_stix_relationship(**kwargs) Remove a STIX object or relationship from Report object (object_refs). :param id: the id of the Report :type id: str :param stixObjectOrStixRelationshipId: the id of the STIX object or relationship :type stixObjectOrStixRelationshipId: str :return: True if successful, False otherwise :rtype: bool .. py:method:: import_from_stix2(**kwargs) Import a Report object from a STIX2 object. :param stixObject: the STIX2 Report object :type stixObject: dict :param extras: extra parameters including created_by_id, object_marking_ids, object_ids, etc. :type extras: dict :param update: whether to update if the entity already exists :type update: bool :return: Report object :rtype: dict or None