pycti.entities.opencti_marking_definition

Classes

MarkingDefinition

Main MarkingDefinition class for OpenCTI

Module Contents

class pycti.entities.opencti_marking_definition.MarkingDefinition(opencti)[source]

Main MarkingDefinition class for OpenCTI

Manages marking definitions (TLP, statements) in the OpenCTI platform.

Parameters:

opencti (OpenCTIApiClient) – instance of OpenCTIApiClient

Initialize the MarkingDefinition instance.

Parameters:

opencti (OpenCTIApiClient) – OpenCTI API client instance

opencti[source]
properties = Multiline-String[source]
Show Value
"""
            id
            standard_id
            entity_type
            parent_types
            definition_type
            definition
            x_opencti_order
            x_opencti_color
            created
            modified
            created_at
            updated_at
        """
static generate_id(definition_type, definition)[source]

Generate a STIX ID for a Marking Definition.

Parameters:

  • definition_type (str) – The type of marking (TLP, statement, etc.)

  • definition (str) – The definition value

Returns:

STIX ID for the marking definition

Return type:

str

static generate_id_from_data(data)[source]

Generate a STIX ID from marking definition data.

Parameters:

data (dict) – Dictionary containing ‘definition_type’ and ‘definition’ keys

Returns:

STIX ID for the marking definition

Return type:

str

list(**kwargs)[source]

List Marking-Definition objects.

Parameters:

  • filters (dict) – the filters to apply

  • first (int) – return the first n rows from the after ID (or the beginning if not set)

  • after (str) – ID of the first row for pagination

  • orderBy (str) – field to order results by

  • orderMode (str) – ordering mode (asc/desc)

  • customAttributes (list) – custom attributes to return

  • withPagination (bool) – whether to include pagination info

Returns:

List of Marking-Definition objects

Return type:

list

read(**kwargs)[source]

Read a Marking-Definition object.

Parameters:

  • id (str) – the id of the Marking-Definition

  • filters (dict) – the filters to apply if no id provided

Returns:

Marking-Definition object

Return type:

dict or None

create(**kwargs)[source]

Create a Marking-Definition object.

Parameters:

  • stix_id (str) – (optional) the STIX ID

  • created (datetime) – (optional) creation date

  • modified (datetime) – (optional) modification date

  • definition_type (str) – the definition type (required)

  • definition (str) – the definition value (required)

  • x_opencti_order (int) – (optional) order (default: 0)

  • x_opencti_color (str) – (optional) color

  • x_opencti_stix_ids (list) – (optional) list of additional STIX IDs

  • update (bool) – (optional) whether to update if exists (default: False)

Returns:

Marking-Definition object

Return type:

dict or None

update_field(**kwargs)[source]

Update a Marking Definition object field.

Parameters:

  • id (str) – the Marking Definition id

  • input (list) – the input of the field

Returns:

The updated Marking Definition object

Return type:

dict or None

import_from_stix2(**kwargs)[source]

Import a Marking Definition object from a STIX2 object.

Parameters:

  • stixObject (dict) – the Stix-Object Marking Definition

  • update (bool) – set the update flag on import

Returns:

Marking Definition object

Return type:

dict or None

delete(**kwargs)[source]

Delete a Marking-Definition object.

Parameters:

id (str) – the id of the Marking-Definition to delete

Returns:

None