pycti.entities.opencti_kill_chain_phase

class pycti.entities.opencti_kill_chain_phase.KillChainPhase(opencti)[source]

Main KillChainPhase class for OpenCTI

Manages kill chain phases (ATT&CK tactics) in the OpenCTI platform.

Parameters:

opencti (OpenCTIApiClient) – instance of OpenCTIApiClient

__init__(opencti)[source]

Initialize the KillChainPhase instance.

Parameters:

opencti (OpenCTIApiClient) – OpenCTI API client instance

create(**kwargs)[source]

Create a Kill-Chain-Phase object.

Parameters:

  • stix_id (str) – (optional) the STIX ID

  • created (datetime) – (optional) creation date

  • modified (datetime) – (optional) modification date

  • kill_chain_name (str) – the kill chain name (required)

  • phase_name (str) – the phase name (required)

  • x_opencti_order (int) – (optional) order (default: 0)

  • update (bool) – (optional) whether to update if exists (default: False)

Returns:

Kill-Chain-Phase object

Return type:

dict or None

delete(**kwargs)[source]

Delete a Kill-Chain-Phase object.

Parameters:

id (str) – the id of the Kill-Chain-Phase to delete

Returns:

None

static generate_id(phase_name, kill_chain_name)[source]

Generate a STIX ID for a Kill Chain Phase.

Parameters:

  • phase_name (str) – The phase name

  • kill_chain_name (str) – The kill chain name

Returns:

STIX ID for the kill chain phase

Return type:

str

static generate_id_from_data(data)[source]

Generate a STIX ID from kill chain phase data.

Parameters:

data (dict) – Dictionary containing ‘phase_name’ and ‘kill_chain_name’ keys

Returns:

STIX ID for the kill chain phase

Return type:

str

list(**kwargs)[source]

List Kill-Chain-Phase objects.

Parameters:

  • filters (dict) – the filters to apply

  • first (int) – return the first n rows from the after ID (or the beginning if not set)

  • after (str) – ID of the first row for pagination

  • orderBy (str) – field to order results by

  • orderMode (str) – ordering mode (asc/desc)

  • customAttributes (list) – custom attributes to return

  • withPagination (bool) – whether to include pagination info

Returns:

List of Kill-Chain-Phase objects

Return type:

list

read(**kwargs)[source]

Read a Kill-Chain-Phase object.

Parameters:

  • id (str) – the id of the Kill-Chain-Phase

  • filters (dict) – the filters to apply if no id provided

Returns:

Kill-Chain-Phase object

Return type:

dict or None

update_field(**kwargs)[source]

Update a Kill Chain Phase object field.

Parameters:

  • id (str) – the Kill Chain Phase id

  • input (list) – the input of the field

Returns:

The updated Kill Chain Phase object

Return type:

dict or None