pycti.utils.opencti_stix2_splitter ================================== .. py:module:: pycti.utils.opencti_stix2_splitter Attributes ---------- .. autoapisummary:: pycti.utils.opencti_stix2_splitter.OPENCTI_EXTENSION pycti.utils.opencti_stix2_splitter.supported_types Classes ------- .. autoapisummary:: pycti.utils.opencti_stix2_splitter.OpenCTIStix2Splitter Functions --------- .. autoapisummary:: pycti.utils.opencti_stix2_splitter.is_id_supported Module Contents --------------- .. py:data:: OPENCTI_EXTENSION :value: 'extension-definition--ea279b3e-5c71-4632-ac08-831c66a786ba' .. py:data:: supported_types .. py:function:: is_id_supported(key) Check if a STIX ID type is supported for processing. :param key: STIX ID or identifier to check :type key: str :return: True if the ID type is supported, False otherwise :rtype: bool .. py:class:: OpenCTIStix2Splitter STIX2 bundle splitter for OpenCTI. Splits large STIX2 bundles into smaller chunks for processing, handling dependencies between objects and deduplicating references. Initialize the STIX2 bundle splitter. Sets up internal caches for tracking processed elements, references, and incompatible items. .. py:attribute:: cache_index .. py:attribute:: cache_refs .. py:attribute:: elements :value: [] .. py:attribute:: incompatible_items :value: [] .. py:method:: get_internal_ids_in_extension(item) Get internal IDs from OpenCTI extensions in a STIX object. :param item: the STIX object to extract IDs from :type item: dict :return: list of internal IDs found in extensions :rtype: list .. py:method:: enlist_element(item_id, raw_data, cleanup_inconsistent_bundle, parent_acc) Enlist an element and its dependencies for processing. :param item_id: the ID of the item to enlist :type item_id: str :param raw_data: the raw data dictionary of all items :type raw_data: dict :param cleanup_inconsistent_bundle: whether to cleanup inconsistent references :type cleanup_inconsistent_bundle: bool :param parent_acc: accumulator of parent IDs to prevent circular references :type parent_acc: list :return: number of dependencies enlisted :rtype: int .. py:method:: split_bundle_with_expectations(bundle, use_json=True, event_version=None, cleanup_inconsistent_bundle=False) -> Tuple[int, list, list] Split a valid STIX2 bundle into a list of bundles. :param bundle: the STIX2 bundle to split :type bundle: str or dict :param use_json: whether the bundle is JSON string (True) or dict (False) :type use_json: bool :param event_version: (optional) event version to include in bundles :type event_version: str or None :param cleanup_inconsistent_bundle: whether to cleanup inconsistent references :type cleanup_inconsistent_bundle: bool :return: tuple of (number of expectations, incompatible items, list of bundles) :rtype: Tuple[int, list, list] .. py:method:: split_bundle(bundle, use_json=True, event_version=None) -> list Split a valid STIX2 bundle into a list of bundles. .. deprecated:: Use :meth:`split_bundle_with_expectations` instead. :param bundle: the STIX2 bundle to split :type bundle: str or dict :param use_json: whether the bundle is JSON string (True) or dict (False) :type use_json: bool :param event_version: (optional) event version to include in bundles :type event_version: str or None :return: list of STIX2 bundles :rtype: list .. py:method:: stix2_create_bundle(bundle_id, bundle_seq, items, use_json, event_version=None) :staticmethod: Create a STIX2 bundle with items. :param bundle_id: the bundle ID :type bundle_id: str :param bundle_seq: the bundle sequence number :type bundle_seq: int :param items: valid STIX2 items :type items: list :param use_json: whether to return JSON string (True) or dict (False) :type use_json: bool :param event_version: (optional) event version to include :type event_version: str or None :return: STIX2 bundle as JSON string or dict :rtype: str or dict