pycti.utils.opencti_stix2_update
Classes
Python API for Stix2 Update in OpenCTI. |
Module Contents
- class pycti.utils.opencti_stix2_update.OpenCTIStix2Update(opencti)[source]
Python API for Stix2 Update in OpenCTI.
Provides methods to update STIX2 objects in OpenCTI, including adding/removing marking definitions, labels, external references, kill chain phases, and object references.
- Parameters:
opencti (OpenCTIApiClient) – OpenCTI API client instance
Initialize the OpenCTIStix2Update helper.
- Parameters:
opencti (OpenCTIApiClient) – OpenCTI API client instance
- add_object_marking_refs(entity_type, entity_id, object_marking_refs, version=2)[source]
Add marking definition references to an entity.
- Parameters:
entity_type (str) – Type of the entity
entity_id (str) – ID of the entity
object_marking_refs (list) – List of marking definition references
version (int) – Version of the patch format (default: 2)
- remove_object_marking_refs(entity_type, entity_id, object_marking_refs, version=2)[source]
Remove marking definition references from an entity.
- Parameters:
entity_type (str) – Type of the entity
entity_id (str) – ID of the entity
object_marking_refs (list) – List of marking definition references
version (int) – Version of the patch format (default: 2)
- add_external_references(entity_type, entity_id, external_references, version=2)[source]
Add external references to an entity.
- Parameters:
entity_type (str) – Type of the entity
entity_id (str) – ID of the entity
external_references (list) – List of external references
version (int) – Version of the patch format (default: 2)
- remove_external_references(entity_type, entity_id, external_references)[source]
Remove external references from an entity.
- Parameters:
entity_type (str) – Type of the entity
entity_id (str) – ID of the entity
external_references (list) – List of external references
- add_kill_chain_phases(entity_type, entity_id, kill_chain_phases, version=2)[source]
Add kill chain phases to an entity.
- Parameters:
entity_type (str) – Type of the entity
entity_id (str) – ID of the entity
kill_chain_phases (list) – List of kill chain phases
version (int) – Version of the patch format (default: 2)
- remove_kill_chain_phases(entity_type, entity_id, kill_chain_phases)[source]
Remove kill chain phases from an entity.
- Parameters:
entity_type (str) – Type of the entity
entity_id (str) – ID of the entity
kill_chain_phases (list) – List of kill chain phases
- add_object_refs(entity_type, entity_id, object_refs, version=2)[source]
Add object references to a container entity.
- Parameters:
entity_type (str) – Type of the container entity (report, note, etc.)
entity_id (str) – ID of the container entity
object_refs (list) – List of object references to add
version (int) – Version of the patch format (default: 2)
- remove_object_refs(entity_type, entity_id, object_refs, version=2)[source]
Remove object references from a container entity.
- Parameters:
entity_type (str) – Type of the container entity (report, note, etc.)
entity_id (str) – ID of the container entity
object_refs (list) – List of object references to remove
version (int) – Version of the patch format (default: 2)
- add_labels(entity_type, entity_id, labels, version=2)[source]
Add labels to an entity.
- Parameters:
entity_type (str) – Type of the entity
entity_id (str) – ID of the entity
labels (list) – List of labels to add
version (int) – Version of the patch format (default: 2)
- remove_labels(entity_type, entity_id, labels, version=2)[source]
Remove labels from an entity.
- Parameters:
entity_type (str) – Type of the entity
entity_id (str) – ID of the entity
labels (list) – List of labels to remove
version (int) – Version of the patch format (default: 2)
- replace_created_by_ref(entity_type, entity_id, created_by_ref, version=2)[source]
Replace the created_by reference of an entity.
- Parameters:
entity_type (str) – Type of the entity
entity_id (str) – ID of the entity
created_by_ref (str or list) – New created_by reference
version (int) – Version of the patch format (default: 2)