pycti.entities.opencti_user

class pycti.entities.opencti_user.User(opencti)[source]

Representation of a user on the OpenCTI platform

Users can be member of multiple groups, from which its permissions (capabilities) are derived. Additionally, users are part of organisations, and sometimes administrating them (Enterprise edition).

They have configured confidence, and an effective confidence (which might be set by the group).

You can view the properties, session_properties, and me_properties attributes of a User object to view what attributes will be present in a User or MeUser object.

Parameters:

opencti (OpenCTIApiClient) – instance of OpenCTIApiClient

__init__(opencti)[source]

Initialize the User instance.

Parameters:

opencti (OpenCTIApiClient) – OpenCTI API client instance

add_membership(**kwargs)[source]

Adds the user to a given group.

Parameters:

  • id (str) – User ID to add to the group.

  • group_id (str) – Group ID to add the user to.

Returns:

Representation of the InternalRelationship

Return type:

Optional[Dict]

add_organization(**kwargs)[source]

Adds a user to an organization

Parameters:

  • id (str) – User ID to add to organization

  • organization_id (str) – ID of organization to add to

Returns:

Representation of user without sessions or API key

Return type:

Optional[Dict]

create(**kwargs)[source]

Creates a new user with basic details

Note that when SSO is connected users generally do not need to be manually created.

Additionally note that if there is no password passed to this function then a random password will be created and will not be returned. This is useful for creating service accounts and connector accounts.

Parameters:

  • name (str) – Name to assign to the user.

  • user_email (str) – Email address for the user.

  • password (str, optional) – Password that should be assigned to the user. If one is not provided then a random one will be generated, defaults to None.

  • firstname (str, optional) – First name of the user

  • lastname (str, optional) – Last name of the user

  • description (str, optional) – Description for the user

  • language (str, optional) – Language the user should use

  • theme (str, optional) – Theme to set for the user, either light or dark

  • objectOrganization – List of organization IDs to add the user to

  • account_status (str, optional) – The status of the account: Active, Expired, Inactive, or Locked

  • account_lock_after_date (str, optional) – ISO 8901 of when account should be locked

  • unit_system (str, optional) – Unit system for the user, metric or imperial

  • submenu_show_icons (bool, optional) – Defaults to False. Whether or not to show icons in submenus on the left hand menu bar in the UI

  • submenu_auto_collaps – Defaults to False. Whether to auto- collapse the left hand menu bar in the UI

  • monochrome_labels (bool, optional) – Defaults to False. Whether to ignore colours and just show entity labels in monochrome.

  • groups (List[str], optional) – List of group IDs to add the user to

  • user_confidence_level (Dict) – Confidence level object to assign to the user. This may not impact effective confidence depending on group membership.

  • include_token (bool, optional) – Defaults to False. Whether to include the API token for the new user in the response.

  • customAttributes (str, optional) – Custom attributes to return for the user

Returns:

Representation of the user without sessions or API token.

Return type:

Optional[Dict]

create_token(**kwargs)[source]

Create an API token for the given user

Parameters:

  • user_id – User ID to rotate API token for.

  • token_name (str) – Token name to give the token

  • token_duration (str) – Token duration to give the token. Defaults to UNLIMITED.

Returns:

Representation of token

Return type:

Optional[Dict]

delete(**kwargs)[source]

Deletes the given user from the platform.

Parameters:

id (str) – ID of the user to delete.

delete_membership(**kwargs)[source]

Removes the user from the given group.

Parameters:

  • id (str) – User ID to remove from the group.

  • group_id (str) – Group ID to remove the user from.

Returns:

Representation of the user without sessions or API token

Return type:

Optional[Dict]

delete_organization(**kwargs)[source]

Delete a user from an organization

Parameters:

  • id (str) – User ID to remove from organization

  • organization_id (str) – ID of organization to remove from

Returns:

Representation of user without sessions or API key

Return type:

Optional[Dict]

list(**kwargs)[source]

Search/list users on the platform

Searches users given some conditions. Defaults to listing all users.

Parameters:

  • first (int, optional) – Defaults to 500. Retrieve this number of results.

  • after (str, optional) – Retrieves all results after the user with this ID. Ignored if None, empty, or if fetching all results, defaults to None.

  • orderBy (str, optional) – Orders results by this field. Can be one of user, user_email, firstname, lastname, language, external, created_at, updated_at, or _score, defaults to “name”.

  • orderMode (str, optional) – Ordering direction. Must be one of “asc” or “desc”, defaults to “asc”.

  • filters (dict, optional) – OpenCTI API FilterGroup object. This is an advanced parameter. To learn more please search for the FilterGroup object in the OpenCTI GraphQL Playground, defaults to {}.

  • search (str, optional) – String to search for when listing users, defaults to None.

  • include_sessions (bool, optional) – Whether or not to include a list of sessions with results, defaults to False.

  • customAttributes (str, optional) – Custom attributes to fetch from the GraphQL query

  • getAll (bool, optional) – Defaults to False. Whether or not to get all results from the search. If True then param first is ignored.

  • withPagination (bool, optional) – Defaults to False. Whether to return pagination info with results.

Returns:

Returns a list of users, sorted as specified.

Return type:

list[dict]

me(**kwargs)[source]

Reads the currently authenticated user.

Parameters:

customAttributes (str, optional) – Custom attributes to return on the User

Returns:

Representation of the user.

Return type:

dict

process_multiple_fields(data)[source]

Process and normalize fields in user data.

Parameters:

data (dict) – the user data dictionary to process

Returns:

the processed user data with normalized fields

Return type:

dict

read(**kwargs)[source]

Reads user details from the platform.

Parameters:

  • id (str, optional) – ID of the user to fetch

  • include_sessions (bool, optional) – Whether or not to include a list of sessions for the given user, defaults to False.

  • include_tokens (bool, optional) – Whether or not to include the user’s API token, defaults to False.

  • customAttributes – Custom attributes to include instead of the defaults

  • filters (dict, optional) – Filters to apply to find a single user

  • search (str, optional) – Search term to use to find a single user

Returns:

Representation of the user as a Python dictionary.

Return type:

Optional[Dict]

remove_token(**kwargs)[source]

Remove an API token for the given user

Parameters:

  • user_id – User ID to rotate API token for.

  • token_id (str) – Token id to remove

Return type:

Optional[Dict]

send_mail(**kwargs)[source]

Send an email to a user using a template.

Parameters:

  • id (str) – the user ID to send the email to

  • template_id (str) – the email template ID to use

Returns:

None

update_field(**kwargs)[source]

Update a given user using fieldPatch

Parameters:

  • id (str) – ID of the user to update.

  • input (List[Dict]) – FieldPatchInput objects to edit user

  • customAttributes (str, optional) – Custom attributes to return from the mutation

Returns:

Representation of the user without sessions or API token.

Return type:

Optional[Dict]