pycti.entities.opencti_event
Classes
Main Event class for OpenCTI |
Module Contents
- class pycti.entities.opencti_event.Event(opencti)[source]
Main Event class for OpenCTI
Manages security events in the OpenCTI platform.
- Parameters:
opencti (OpenCTIApiClient) – instance of
OpenCTIApiClient
Initialize the Event instance.
- Parameters:
opencti (OpenCTIApiClient) – OpenCTI API client instance
- properties = Multiline-String[source]
Show Value
""" id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectOrganization { id standard_id name } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified } } } revoked confidence created modified name description aliases event_types start_time stop_time """
- properties_with_files = Multiline-String[source]
Show Value
""" id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectOrganization { id standard_id name } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified importFiles { edges { node { id name size metaData { mimetype version } } } } } } } revoked confidence created modified name description aliases event_types start_time stop_time importFiles { edges { node { id name size metaData { mimetype version } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } } } } """
- static generate_id(name)[source]
Generate a STIX ID for an Event.
- Parameters:
name (str) – The name of the event
- Returns:
STIX ID for the event
- Return type:
str
- static generate_id_from_data(data)[source]
Generate a STIX ID from event data.
- Parameters:
data (dict) – Dictionary containing ‘name’ key
- Returns:
STIX ID for the event
- Return type:
str
- list(**kwargs)[source]
List Event objects.
- Parameters:
filters (dict) – the filters to apply
search (str) – the search keyword
first (int) – return the first n rows from the after ID (or the beginning if not set)
after (str) – ID of the first row for pagination
orderBy (str) – field to order results by
orderMode (str) – ordering mode (asc/desc)
customAttributes (str) – custom attributes to return
getAll (bool) – whether to retrieve all results
withPagination (bool) – whether to include pagination info
withFiles (bool) – whether to include files
- Returns:
List of Event objects
- Return type:
list
- read(**kwargs)[source]
Read an Event object.
- Parameters:
id (str) – the id of the Event
filters (dict) – the filters to apply if no id provided
customAttributes (str) – custom attributes to return
withFiles (bool) – whether to include files
- Returns:
Event object
- Return type:
dict or None
- create(**kwargs)[source]
Create an Event object.
- Parameters:
stix_id (str) – the STIX ID (optional)
createdBy (str) – the author ID (optional)
objectMarking (list) – list of marking definition IDs (optional)
objectLabel (list) – list of label IDs (optional)
externalReferences (list) – list of external reference IDs (optional)
revoked (bool) – whether the event is revoked (optional)
confidence (int) – confidence level 0-100 (optional)
lang (str) – language (optional)
created (str) – creation date (optional)
modified (str) – modification date (optional)
name (str) – the name of the Event (required)
description (str) – description (optional)
aliases (list) – list of aliases (optional)
start_time (str) – start time of the event (optional)
stop_time (str) – stop time of the event (optional)
event_types (list) – list of event types (optional)
x_opencti_stix_ids (list) – list of additional STIX IDs (optional)
x_opencti_modified_at (str) – custom modification date (optional)
update (bool) – whether to update if exists (default: False)
files (list) – (optional) list of File objects to attach
filesMarkings (list) – (optional) list of lists of marking definition IDs for each file
- Returns:
Event object
- Return type:
dict or None
- import_from_stix2(**kwargs)[source]
Import an Event object from a STIX2 object.
- Parameters:
stixObject (dict) – the Stix-Object Event
extras (dict) – additional parameters like created_by_id, object_marking_ids
update (bool) – whether to update existing object
- Returns:
Event object
- Return type:
dict or None