pycti.entities.opencti_stix_core_relationship
Classes
Main StixCoreRelationship class for OpenCTI |
Module Contents
- class pycti.entities.opencti_stix_core_relationship.StixCoreRelationship(opencti)[source]
Main StixCoreRelationship class for OpenCTI
Manages STIX relationships between entities in the OpenCTI platform.
- Parameters:
opencti (OpenCTIApiClient) – instance of
OpenCTIApiClient
Initialize the StixCoreRelationship instance.
- Parameters:
opencti (OpenCTIApiClient) – OpenCTI API client instance
- properties = Multiline-String[source]
Show Value
""" id entity_type parent_types spec_version created_at updated_at standard_id relationship_type description start_time stop_time revoked confidence lang created modified status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectOrganization { id standard_id name } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified importFiles { edges { node { id name size metaData { mimetype version } } } } } } } from { ... on BasicObject { id entity_type parent_types } ... on BasicRelationship { id entity_type parent_types } ... on StixObject { standard_id spec_version created_at updated_at } ... on AttackPattern { name } ... on Campaign { name } ... on CourseOfAction { name } ... on Individual { name } ... on Organization { name } ... on Sector { name } ... on System { name } ... on Indicator { name } ... on Infrastructure { name } ... on IntrusionSet { name } ... on Position { name } ... on City { name } ... on Country { name } ... on Region { name } ... on Malware { name } ... on ThreatActor { name } ... on Tool { name } ... on Vulnerability { name } ... on Incident { name } ... on Event { name description } ... on Channel { name description } ... on Narrative { name description } ... on Language { name } ... on DataComponent { name description } ... on DataSource { name description } ... on Case { name } ... on StixCyberObservable { observable_value } ... on StixCoreRelationship { standard_id spec_version created_at updated_at } } to { ... on BasicObject { id entity_type parent_types } ... on BasicRelationship { id entity_type parent_types } ... on StixObject { standard_id spec_version created_at updated_at } ... on AttackPattern { name } ... on Campaign { name } ... on CourseOfAction { name } ... on Individual { name } ... on Organization { name } ... on Sector { name } ... on System { name } ... on Indicator { name } ... on Infrastructure { name } ... on IntrusionSet { name } ... on Position { name } ... on City { name } ... on Country { name } ... on Region { name } ... on Malware { name } ... on ThreatActor { name } ... on Tool { name } ... on Vulnerability { name } ... on Incident { name } ... on Event { name description } ... on Channel { name description } ... on Narrative { name description } ... on Language { name } ... on DataComponent { name description } ... on DataSource { name description } ... on Case { name } ... on StixCyberObservable { observable_value } ... on StixCoreRelationship { standard_id spec_version created_at updated_at } } """
- static generate_id(relationship_type, source_ref, target_ref, start_time=None, stop_time=None)[source]
Generate a STIX ID for a relationship.
- Parameters:
relationship_type (str) – The type of relationship
source_ref (str) – The source entity reference ID
target_ref (str) – The target entity reference ID
start_time (str or datetime.datetime or None) – (optional) The start time of the relationship
stop_time (str or datetime.datetime or None) – (optional) The stop time of the relationship
- Returns:
STIX ID for the relationship
- Return type:
str
- static generate_id_from_data(data)[source]
Generate a STIX ID from relationship data.
- Parameters:
data (dict) – Dictionary containing relationship_type, source_ref, target_ref, and optionally start_time/stop_time
- Returns:
STIX ID for the relationship
- Return type:
str
- list(**kwargs)[source]
List stix_core_relationship objects.
- Parameters:
fromOrToId (str) – the id of an entity (source or target)
elementWithTargetTypes (list) – filter by target types
fromId (str) – the id of the source entity of the relation
fromTypes (list) – filter by source entity types
toId (str) – the id of the target entity of the relation
toTypes (list) – filter by target entity types
relationship_type (str) – the relation type
startTimeStart (str) – the start_time date start filter
startTimeStop (str) – the start_time date stop filter
stopTimeStart (str) – the stop_time date start filter
stopTimeStop (str) – the stop_time date stop filter
filters (dict) – additional filters to apply
first (int) – return the first n rows from the after ID (or the beginning if not set)
after (str) – ID of the first row for pagination
orderBy (str) – field to order results by
orderMode (str) – ordering mode (asc/desc)
customAttributes (str) – custom attributes to return
getAll (bool) – whether to retrieve all results
withPagination (bool) – whether to include pagination info
search (str) – search keyword
- Returns:
List of stix_core_relationship objects
- Return type:
list
- read(**kwargs)[source]
Read a stix_core_relationship object.
- Parameters:
id (str) – the id of the stix_core_relationship
fromOrToId (str) – the id of an entity (source or target)
fromId (str) – the id of the source entity of the relation
toId (str) – the id of the target entity of the relation
relationship_type (str) – the relation type
startTimeStart (str) – the start_time date start filter
startTimeStop (str) – the start_time date stop filter
stopTimeStart (str) – the stop_time date start filter
stopTimeStop (str) – the stop_time date stop filter
filters (dict) – filters to apply
customAttributes (str) – custom attributes to return
- Returns:
stix_core_relationship object
- Return type:
dict or None
- create(**kwargs)[source]
Create a stix_core_relationship object.
- Parameters:
fromId (str) – the id of the source entity
toId (str) – the id of the target entity
stix_id (str) – (optional) the STIX ID
relationship_type (str) – the type of relationship
description (str) – (optional) description
start_time (str) – (optional) start time of the relationship
stop_time (str) – (optional) stop time of the relationship
revoked (bool) – (optional) whether the relationship is revoked
confidence (int) – (optional) confidence level (0-100)
lang (str) – (optional) language
created (str) – (optional) creation date
modified (str) – (optional) modification date
createdBy (str) – (optional) the author ID
objectMarking (list) – (optional) list of marking definition IDs
objectLabel (list) – (optional) list of label IDs
externalReferences (list) – (optional) list of external reference IDs
killChainPhases (list) – (optional) list of kill chain phase IDs
objectOrganization (list) – (optional) list of organization IDs
x_opencti_workflow_id (str) – (optional) workflow ID
x_opencti_stix_ids (list) – (optional) list of additional STIX IDs
x_opencti_modified_at (str) – (optional) custom modification date
coverage_information (list) – (optional) coverage information
update (bool) – (optional) whether to update if exists (default: False)
- Returns:
stix_core_relationship object
- Return type:
dict or None
- update_field(**kwargs)[source]
Update a stix_core_relationship object field.
- Parameters:
id (str) – the stix_core_relationship id
input (list) – the input of the field
- Returns:
The updated stix_core_relationship object
- Return type:
dict or None
- delete(**kwargs)[source]
Delete a stix_core_relationship.
- Parameters:
id (str) – the stix_core_relationship id
- Returns:
None
- add_marking_definition(**kwargs)[source]
Add a Marking-Definition object to stix_core_relationship object (object_marking_refs).
- Parameters:
id (str) – the id of the stix_core_relationship
marking_definition_id (str) – the id of the Marking-Definition
- Returns:
True if successful, False otherwise
- Return type:
bool
- remove_marking_definition(**kwargs)[source]
Remove a Marking-Definition object from stix_core_relationship.
- Parameters:
id (str) – the id of the stix_core_relationship
marking_definition_id (str) – the id of the Marking-Definition
- Returns:
True if successful, False otherwise
- Return type:
bool
- add_label(**kwargs)[source]
Add a Label object to stix_core_relationship (labeling).
- Parameters:
id (str) – the id of the stix_core_relationship
label_id (str) – the id of the Label
label_name (str) – (optional) the name of the Label (will create if not exists)
- Returns:
True if successful, False otherwise
- Return type:
bool
- remove_label(**kwargs)[source]
Remove a Label object from stix_core_relationship.
- Parameters:
id (str) – the id of the stix_core_relationship
label_id (str) – the id of the Label
label_name (str) – (optional) the name of the Label
- Returns:
True if successful, False otherwise
- Return type:
bool
- add_external_reference(**kwargs)[source]
Add an External-Reference object to stix_core_relationship.
- Parameters:
id (str) – the id of the stix_core_relationship
external_reference_id (str) – the id of the External-Reference
- Returns:
True if successful, False otherwise
- Return type:
bool
- remove_external_reference(**kwargs)[source]
Remove an External-Reference object from stix_core_relationship.
- Parameters:
id (str) – the id of the stix_core_relationship
external_reference_id (str) – the id of the External-Reference
- Returns:
True if successful, False otherwise
- Return type:
bool
- add_kill_chain_phase(**kwargs)[source]
Add a Kill-Chain-Phase object to stix_core_relationship object (kill_chain_phases).
- Parameters:
id (str) – the id of the stix_core_relationship
kill_chain_phase_id (str) – the id of the Kill-Chain-Phase
- Returns:
True if successful, False otherwise
- Return type:
bool
- remove_kill_chain_phase(**kwargs)[source]
Remove a Kill-Chain-Phase object from stix_core_relationship.
- Parameters:
id (str) – the id of the stix_core_relationship
kill_chain_phase_id (str) – the id of the Kill-Chain-Phase
- Returns:
True if successful, False otherwise
- Return type:
bool
- update_created_by(**kwargs)[source]
Update the Identity author of a stix_core_relationship (created_by).
- Parameters:
id (str) – the id of the stix_core_relationship
identity_id (str) – the id of the Identity
- Returns:
True if successful, False otherwise
- Return type:
bool
- import_from_stix2(**kwargs)[source]
Import a stix_core_relationship from a STIX2 object.
- Parameters:
stixRelation (dict) – the STIX2 relationship object
extras (dict) – extra parameters including created_by_id, object_marking_ids, etc.
update (bool) – whether to update if the entity already exists
defaultDate (str or bool) – default date to use for start/stop times
- Returns:
stix_core_relationship object
- Return type:
dict or None
Share element to multiple organizations.
- Parameters:
entity_id (str) – the stix_core_relationship id
organization_ids (list) – the organization IDs to share with
sharing_direct_container (bool) – whether to share direct container
- Returns:
None
Unshare element from multiple organizations.
- Parameters:
entity_id (str) – the stix_core_relationship id
organization_ids (list) – the organization IDs to unshare from
sharing_direct_container (bool) – whether to unshare direct container
- Returns:
None