pycti.entities.opencti_role

class pycti.entities.opencti_role.Role(opencti)[source]

Representation of a role in OpenCTI

Roles can have capabilities. Groups have roles, and the combined capabilities of those roles determine what a group of users can do on the platform.

Check the properties attribute of the class to understand what default properties are fetched.

Parameters:

opencti (OpenCTIApiClient) – instance of OpenCTIApiClient

__init__(opencti)[source]

Initialize the Role instance.

Parameters:

opencti (OpenCTIApiClient) – OpenCTI API client instance

add_capability(**kwargs)[source]

Adds a capability to a role

Parameters:

  • id (str) – ID of the role.

  • capability_id (str) – ID of the capability to add.

Returns:

Representation of the relationship, including the role and capability

Return type:

Optional[Dict]

create(**kwargs)[source]

Add a new role to OpenCTI.

Parameters:

  • name (str) – Name to assign to the role.

  • description (str, optional) – Optional. Description of the role, defaults to None.

  • customAttributes (str, optional) – Custom attributes to return on role

Returns:

Representation of the role.

Return type:

Optional[Dict]

delete(**kwargs)[source]

Delete a role given its ID

Parameters:

id (str) – ID for the role on the platform.

delete_capability(**kwargs)[source]

Removes a capability from a role

Parameters:

  • id (str) – ID of the role

  • capability_id (str) – ID of the capability to remove

Returns:

Representation of the role after removing the capability

Return type:

Optional[Dict]

list(**kwargs)[source]

Search or list the roles on the server.

Parameters:

  • search (str, optional) – Defaults to None.

  • first (int, optional) – Defaults to 500 Return the first x results from ID or beginning if $after is not specified.

  • after (str, optional) – Return all results after the given ID, useful for pagination. Ignored if returning all results, defaults to None.

  • orderBy (str, optional) – Field to order by. Must be one of “name”, “created_at”, “updated_at”, or “_score”. Defaults to “name”, defaults to “name”.

  • orderMode (str, optional) – Direction to order in, either “asc” or “desc”, defaults to “asc”.

  • customAttributes (str, optional) – Defaults to None. Custom attributes to return from query. If None, defaults are used.

  • getAll (bool, optional) – Defaults to False. Retrieve all results. If true then the “first” param is ignored.

  • withPagination (bool, optional) – Defaults to False Whether to include pagination pageInfo properties in result.

Returns:

List of Python dictionaries with the properties of the role.

Return type:

List[Dict]

process_multiple_fields(data)[source]

Process and normalize fields in role data.

Parameters:

data (dict) – the role data dictionary to process

Returns:

the processed role data with normalized fields

Return type:

dict

read(**kwargs)[source]

Get a role given its ID or a search term

One of id or search must be provided.

Parameters:

  • id (str, optional) – ID of the role on the platform

  • search (str, optional) – Search term for a role, e.g. its name

  • customAttributes (str, optional) – Custom attributes on the role to return

Returns:

Representation of the role

Return type:

Optional[Dict]

update_field(**kwargs)[source]

Updates a given role with the given inputs

Example of input:

[
    {
        "key": "name",
        "value": "NewCustomRole"
    },
    {
        "key": "can_manage_sensitive_config",
        "value": False
    }
]
Parameters:

  • id (str) – ID for the role on the platform

  • input (List[Dict]) – List of EditInput objects

  • customAttributes (str, optional) – Custom attributes to return on the role

Returns:

Representation of the role

Return type:

Optional[Dict]