pycti.entities.opencti_group

Classes

Group

Representation of a Group in OpenCTI

Module Contents

class pycti.entities.opencti_group.Group(opencti)

Representation of a Group in OpenCTI

Groups have members and also have assigned roles. Roles attached to a group determine what members of the group have permissions to do according to the capabilities the role has.

Additionally, groups have a confidence level which informs the effective confidence of members of the group.

Groups also have permissions on Marking Definitions. Assigned marking definitions allow users to apply their capabilities on objects with those definitions. Additionally, there are default markings added to all objects created by members of a group, and max shareable definitions which determine which objects users can export from the platform to share.

See the properties attribute to understand what properties are fetched by default from GraphQL queries.

Parameters:

opencti (OpenCTIApiClient) – instance of OpenCTIApiClient

Initialize the Group instance.

Parameters:

opencti (OpenCTIApiClient) – OpenCTI API client instance

opencti

properties = Multiline-String

Show Value

"""
            id
            standard_id
            name
            description
            entity_type
            parent_types
            created_at
            updated_at
            default_assignation
            no_creators
            restrict_delete
            default_hidden_types
            auto_new_marking
            allowed_marking {
                id, standard_id, definition_type, definition
            }
            default_marking {
                entity_type
                values {
                    id, standard_id, definition_type, definition
                }
            }
            not_shareable_marking_types
            max_shareable_marking {
                id, standard_id, definition_type, definition
            }
            group_confidence_level {
                max_confidence
                overrides {
                    entity_type
                    max_confidence
                }
            }
            roles {
                edges {
                    node {
                        id, name
                        capabilities {
                            id, name
                        }
                        capabilitiesInDraft {
                            id, name
                        }
                    }
                }
            }
            members {
                edges {
                    node {
                        id, individual_id, user_email, name
                    }
                }
            }
        """

list(**kwargs) → List[Dict]

Lists groups based on a number of filters.

Parameters:

• first (int, optional) – Retrieve this number of results. If 0 then fetches all results, defaults to 0.

• after (str, optional) – ID of the group to fetch results after in the list of all results, defaults to None.

• orderBy (str, optional) – Field by which to order results. Must be one of name, default_assignation, no_creators, restrict_delete, auto_new_marking, created_at, updated_at, group_confidence_level, and _score, defaults to “name”.

• orderMode (str, optional) – Direction of ordering. Must be one of “asc” or “desc”, defaults to “asc”.

• search (str, optional) – String to search groups for, defaults to None.

• filters (dict, optional) – OpenCTI API FilterGroup object. This is an advanced parameter. To learn more please search for the FilterGroup object in the OpenCTI GraphQL Playground, defaults to {}.

• customAttributes (str, optional) – Custom attributes to fetch from the GraphQL query

• getAll (bool, optional) – Defaults to False. Whether or not to get all results from the search. If True then param first is ignored.

• withPagination (bool, optional) – Defaults to False. Whether to return pagination info with results.

Returns:

List of groups in dictionary representation.

Return type:

list[dict]

read(**kwargs) → Dict | None

Fetch a given group from OpenCTI

One of id or filters is required.

Parameters:

• id (str, optional) – ID of the group to fetch

• filters (dict, optional) – Filters to apply to find single group

• customAttributes (str) – Custom attributes to fetch for the group

Returns:

Representation of a group.

Return type:

Optional[Dict]

create(**kwargs) → Dict | None

Create a group with required details

Groups can be configured after creation using other functions.

Parameters:

• name (str) – Name of the group to create.

• id_confidence_level (dict) – Confidence-level dictionary, with a max_confidence member between 0 and 100 (incl) and an overrides list with max_confidence and the entity_type it applies to.

• description (str, optional) – Description of the group

• default_assignation (bool, optional) – Defaults to False. Whether or not to assign this group by default to all new users.

• no_creators (bool, optional) – Defaults to False. Whether or not to create authors for members of this group.

• restrict_delete (bool, optional) – Defaults to False. Whether or not to restrict members deleting entities that are not their own.

• auto_new_marking (bool, optional) – Defaults to False. Whether or not to allow members access to new markings automatically.

• customAttributes (str, optional) – Attributes to retrieve from the new group

Returns:

Representation of the group.

Return type:

Optional[Dict]

delete(**kwargs)

Delete a given group from OpenCTI

Parameters:

id (str) – ID of the group to delete.

update_field(**kwargs) → Dict | None

Update a group using fieldPatch

Parameters:

• id (str) – ID of the group to update

• input (List[Dict]) – FieldPatchInput object to edit group

• customAttributes – Custom attributes to retrieve from group

Returns:

Representation of a group

Return type:

Optional[Dict]

add_member(**kwargs) → Dict | None

Add a member to a given group.

Parameters:

• id (str) – ID of the group to add a member to

• user_id (str) – ID to add to the group

Returns:

Representation of the relationship

Return type:

Optional[Dict]

delete_member(**kwargs) → Dict | None

Remove a given user from a group

Parameters:

• id (str) – ID to remove a user from

• user (str) – ID to remove from the group

Returns:

Representation of the group after the member has been removed

Return type:

Optional[Dict]

add_role(**kwargs) → Dict | None

Add a role to a given group

Parameters:

• id (str) – ID to add a role to

• role_id – Role ID to add to the group

Returns:

Representation of the group after a role has been added

Return type:

Optional[Dict]

delete_role(**kwargs) → Dict | None

Removes a role from a given group

Parameters:

• id (str) – ID to remove role from

• role_id (str) – Role ID to remove from the group

Returns:

Representation of the group after role is removed

Return type:

Optional[Dict]

edit_default_marking(**kwargs) → Dict | None

Adds a default marking to the group.

Parameters:

• id (str) – ID of the group.

• marking_ids (List[str]) – IDs of the markings to add, or an empty list to remove all default markings

• entity (str, optional) – STIX entity type to add default marking for. If set to “GLOBAL” applies to all entity types, defaults to “GLOBAL”.

Returns:

Group after adding the default marking.

Return type:

Optional[Dict]

add_allowed_marking(**kwargs) → Dict | None

Allow a group to access a marking

Parameters:

• id (str) – ID of group to authorise

• marking_id (str) – ID of marking to authorise

Returns:

Relationship from the group to the marking definition

Return type:

Optional[Dict]

delete_allowed_marking(**kwargs) → Dict | None

Removes access to a marking for a group

Parameters:

• id (str) – ID of group to forbid

• marking_id (str) – ID of marking to deny

Returns:

Group after denying access to marking definition

Return type:

Optional[Dict]

process_multiple_fields(data)

Process and normalize fields in group data.

Parameters:

data (dict) – the group data dictionary to process

Returns:

the processed group data with normalized fields

Return type:

dict