pycti.entities.opencti_threat_actor_group
Classes
Main ThreatActorGroup class for OpenCTI |
Module Contents
- class pycti.entities.opencti_threat_actor_group.ThreatActorGroup(opencti)[source]
Main ThreatActorGroup class for OpenCTI
Manages threat actor group entities in the OpenCTI platform.
- Parameters:
opencti (OpenCTIApiClient) – instance of
OpenCTIApiClient
Initialize the ThreatActorGroup instance.
- Parameters:
opencti (OpenCTIApiClient) – OpenCTI API client instance
- properties = Multiline-String[source]
Show Value
""" id standard_id entity_type parent_types spec_version created_at updated_at status { id template { id name color } } createdBy { ... on Identity { id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel { id value color } } ... on Organization { x_opencti_organization_type x_opencti_reliability } ... on Individual { x_opencti_firstname x_opencti_lastname } } objectOrganization { id standard_id name } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } objectLabel { id value color } externalReferences { edges { node { id standard_id entity_type source_name description url hash external_id created modified importFiles { edges { node { id name size metaData { mimetype version } } } } } } } revoked confidence created modified name description aliases threat_actor_types first_seen last_seen roles goals sophistication resource_level primary_motivation secondary_motivations personal_motivations importFiles { edges { node { id name size metaData { mimetype version } objectMarking { id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color } } } } """
- static generate_id(name)[source]
Generate a STIX ID for a Threat Actor Group.
- Parameters:
name (str) – The name of the threat actor group
- Returns:
STIX ID for the threat actor group
- Return type:
str
- static generate_id_from_data(data)[source]
Generate a STIX ID from threat actor group data.
- Parameters:
data (dict) – Dictionary containing ‘name’ key
- Returns:
STIX ID for the threat actor group
- Return type:
str
- list(**kwargs) dict[source]
List Threat-Actor-Group objects
- Parameters:
filters (list) – (optional) the filters to apply
search (str) – (optional) a search keyword to apply for the listing
first (int) – (optional) return the first n rows from the after ID or the beginning if not set
after (str) – (optional) OpenCTI object ID of the first row for pagination
orderBy (str) – (optional) the field to order the response on
orderMode (str) – (optional) either “asc” or “desc”
withPagination (bool) – (optional) switch to use pagination
- Returns:
List of Threat-Actor-Group objects
- Return type:
list
- read(**kwargs) dict | None[source]
Read a Threat-Actor-Group object
read can be either used with a known OpenCTI entity id or by using a valid filter to search and return a single Threat-Actor-Group entity or None.
Note: either id or filters is required.
- Parameters:
id (str) – the id of the Threat-Actor-Group
filters (list) – the filters to apply if no id provided
- Returns:
Threat-Actor-Group object
- Return type:
dict or None
- create(**kwargs)[source]
Create a Threat-Actor-Group object
The Threat-Actor-Group entity will only be created if it doesn’t exists By setting update to True it acts like an upsert and updates fields of an existing Threat-Actor-Group entity.
Note: name and description or stix_id is required.
- Parameters:
stix_id (str) – stix2 id reference for the Threat-Actor-Group entity
createdBy (str) – (optional) id of the organization that created the knowledge
objectMarking (list) – (optional) list of OpenCTI marking definition ids
objectLabel (list) – (optional) list of OpenCTI label ids
externalReferences (list) – (optional) list of OpenCTI external references ids
revoked (bool) – is this entity revoked
confidence (int) – confidence level
lang (str) – language
created (str) – (optional) date in OpenCTI date format
modified (str) – (optional) date in OpenCTI date format
name (str) – name of the threat actor group
description (str) – description of the threat actor group
aliases (list) – (optional) list of alias names for the Threat-Actor-Group
threat_actor_types (list) – (optional) list of threat actor types
first_seen (str) – (optional) date in OpenCTI date format
last_seen (str) – (optional) date in OpenCTI date format
roles (list) – (optional) list of roles
goals (list) – (optional) list of goals
sophistication (str) – (optional) describe the actors sophistication in text
resource_level (str) – (optional) describe the actors resource_level in text
primary_motivation (str) – (optional) describe the actors primary_motivation in text
secondary_motivations (list) – (optional) describe the actors secondary_motivations in list of string
personal_motivations (list) – (optional) describe the actors personal_motivations in list of strings
update (bool) – (optional) choose to updated an existing Threat-Actor-Group entity, default False
files (list) – (optional) list of File objects to attach
filesMarkings (list) – (optional) list of lists of marking definition IDs for each file
- Returns:
Threat-Actor-Group object
- Return type:
dict or None
- import_from_stix2(**kwargs)[source]
Import a Threat Actor Group object from a STIX2 object.
- Parameters:
stixObject – the STIX2 Threat Actor object
extras – extra parameters including created_by_id, object_marking_ids, etc.
update – whether to update if the entity already exists
- Returns:
Threat Actor Group object
- Return type:
dict or None