pycti.entities.opencti_group
- class pycti.entities.opencti_group.Group(opencti)[source]
Representation of a Group in OpenCTI
Groups have members and also have assigned roles. Roles attached to a group determine what members of the group have permissions to do according to the capabilities the role has.
Additionally, groups have a confidence level which informs the effective confidence of members of the group.
Groups also have permissions on Marking Definitions. Assigned marking definitions allow users to apply their capabilities on objects with those definitions. Additionally, there are default markings added to all objects created by members of a group, and max shareable definitions which determine which objects users can export from the platform to share.
See the properties attribute to understand what properties are fetched by default from GraphQL queries.
- Parameters:
opencti (OpenCTIApiClient) – instance of
OpenCTIApiClient
- __init__(opencti)[source]
Initialize the Group instance.
- Parameters:
opencti (OpenCTIApiClient) – OpenCTI API client instance
- add_allowed_marking(**kwargs)[source]
Allow a group to access a marking
- Parameters:
id (str) – ID of group to authorise
marking_id (str) – ID of marking to authorise
- Returns:
Relationship from the group to the marking definition
- Return type:
Optional[Dict]
- add_member(**kwargs)[source]
Add a member to a given group.
- Parameters:
id (str) – ID of the group to add a member to
user_id (str) – ID to add to the group
- Returns:
Representation of the relationship
- Return type:
Optional[Dict]
- add_role(**kwargs)[source]
Add a role to a given group
- Parameters:
id (str) – ID to add a role to
role_id – Role ID to add to the group
- Returns:
Representation of the group after a role has been added
- Return type:
Optional[Dict]
- create(**kwargs)[source]
Create a group with required details
Groups can be configured after creation using other functions.
- Parameters:
name (str) – Name of the group to create.
id_confidence_level (dict) – Confidence-level dictionary, with a max_confidence member between 0 and 100 (incl) and an overrides list with max_confidence and the entity_type it applies to.
description (str, optional) – Description of the group
default_assignation (bool, optional) – Defaults to False. Whether or not to assign this group by default to all new users.
no_creators (bool, optional) – Defaults to False. Whether or not to create authors for members of this group.
restrict_delete (bool, optional) – Defaults to False. Whether or not to restrict members deleting entities that are not their own.
auto_new_marking (bool, optional) – Defaults to False. Whether or not to allow members access to new markings automatically.
customAttributes (str, optional) – Attributes to retrieve from the new group
- Returns:
Representation of the group.
- Return type:
Optional[Dict]
- delete(**kwargs)[source]
Delete a given group from OpenCTI
- Parameters:
id (str) – ID of the group to delete.
- delete_allowed_marking(**kwargs)[source]
Removes access to a marking for a group
- Parameters:
id (str) – ID of group to forbid
marking_id (str) – ID of marking to deny
- Returns:
Group after denying access to marking definition
- Return type:
Optional[Dict]
- delete_member(**kwargs)[source]
Remove a given user from a group
- Parameters:
id (str) – ID to remove a user from
user (str) – ID to remove from the group
- Returns:
Representation of the group after the member has been removed
- Return type:
Optional[Dict]
- delete_role(**kwargs)[source]
Removes a role from a given group
- Parameters:
id (str) – ID to remove role from
role_id (str) – Role ID to remove from the group
- Returns:
Representation of the group after role is removed
- Return type:
Optional[Dict]
- edit_default_marking(**kwargs)[source]
Adds a default marking to the group.
- Parameters:
id (str) – ID of the group.
marking_ids (List[str]) – IDs of the markings to add, or an empty list to remove all default markings
entity (str, optional) – STIX entity type to add default marking for. If set to “GLOBAL” applies to all entity types, defaults to “GLOBAL”.
- Returns:
Group after adding the default marking.
- Return type:
Optional[Dict]
- list(**kwargs)[source]
Lists groups based on a number of filters.
- Parameters:
first (int, optional) – Retrieve this number of results. If 0 then fetches all results, defaults to 0.
after (str, optional) – ID of the group to fetch results after in the list of all results, defaults to None.
orderBy (str, optional) – Field by which to order results. Must be one of name, default_assignation, no_creators, restrict_delete, auto_new_marking, created_at, updated_at, group_confidence_level, and _score, defaults to “name”.
orderMode (str, optional) – Direction of ordering. Must be one of “asc” or “desc”, defaults to “asc”.
search (str, optional) – String to search groups for, defaults to None.
filters (dict, optional) – OpenCTI API FilterGroup object. This is an advanced parameter. To learn more please search for the FilterGroup object in the OpenCTI GraphQL Playground, defaults to {}.
customAttributes (str, optional) – Custom attributes to fetch from the GraphQL query
getAll (bool, optional) – Defaults to False. Whether or not to get all results from the search. If True then param first is ignored.
withPagination (bool, optional) – Defaults to False. Whether to return pagination info with results.
- Returns:
List of groups in dictionary representation.
- Return type:
list[dict]
- process_multiple_fields(data)[source]
Process and normalize fields in group data.
- Parameters:
data (dict) – the group data dictionary to process
- Returns:
the processed group data with normalized fields
- Return type:
dict
- read(**kwargs)[source]
Fetch a given group from OpenCTI
One of id or filters is required.
- Parameters:
id (str, optional) – ID of the group to fetch
filters (dict, optional) – Filters to apply to find single group
customAttributes (str) – Custom attributes to fetch for the group
- Returns:
Representation of a group.
- Return type:
Optional[Dict]