From 7478fbce20d7ce03f54ba4d146319fffe9073ea1 Mon Sep 17 00:00:00 2001 From: BocognanoSarah Date: Mon, 25 Nov 2024 12:02:57 +0100 Subject: [PATCH 1/2] [client] Add assignee through automation playbook (#7728) --- pycti/entities/opencti_case_rfi.py | 11 +++++++++++ pycti/entities/opencti_case_rft.py | 12 +++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/pycti/entities/opencti_case_rfi.py b/pycti/entities/opencti_case_rfi.py index afa4b5be6..69dfd375a 100644 --- a/pycti/entities/opencti_case_rfi.py +++ b/pycti/entities/opencti_case_rfi.py @@ -674,6 +674,7 @@ def create(self, **kwargs): objects = kwargs.get("objects", None) object_marking = kwargs.get("objectMarking", None) object_label = kwargs.get("objectLabel", None) + object_assignee = kwargs.get("objectAssignee", None) external_references = kwargs.get("externalReferences", None) revoked = kwargs.get("revoked", None) confidence = kwargs.get("confidence", None) @@ -709,6 +710,7 @@ def create(self, **kwargs): "objectMarking": object_marking, "objectLabel": object_label, "objectOrganization": granted_refs, + "objectAssignee": object_assignee, "objects": objects, "externalReferences": external_references, "revoked": revoked, @@ -846,6 +848,10 @@ def import_from_stix2(self, **kwargs): stix_object["x_opencti_workflow_id"] = ( self.opencti.get_attribute_in_extension("workflow_id", stix_object) ) + if "x_opencti_assignee_ids" not in stix_object: + stix_object["x_opencti_assignee_ids"] = ( + self.opencti.get_attribute_in_extension("assignee_ids", stix_object) + ) return self.create( stix_id=stix_object["id"], @@ -889,6 +895,11 @@ def import_from_stix2(self, **kwargs): if "x_opencti_granted_refs" in stix_object else None ), + objectAssignee=( + stix_object["x_opencti_assignee_ids"] + if "x_opencti_assignee_ids" in stix_object + else None + ), x_opencti_workflow_id=( stix_object["x_opencti_workflow_id"] if "x_opencti_workflow_id" in stix_object diff --git a/pycti/entities/opencti_case_rft.py b/pycti/entities/opencti_case_rft.py index dddf601a3..1e82fe98a 100644 --- a/pycti/entities/opencti_case_rft.py +++ b/pycti/entities/opencti_case_rft.py @@ -673,6 +673,7 @@ def create(self, **kwargs): objects = kwargs.get("objects", None) object_marking = kwargs.get("objectMarking", None) object_label = kwargs.get("objectLabel", None) + object_assignee = kwargs.get("objectAssignee", None) external_references = kwargs.get("externalReferences", None) revoked = kwargs.get("revoked", None) confidence = kwargs.get("confidence", None) @@ -708,6 +709,7 @@ def create(self, **kwargs): "objectMarking": object_marking, "objectLabel": object_label, "objectOrganization": granted_refs, + "objectAssignee": object_assignee, "objects": objects, "externalReferences": external_references, "revoked": revoked, @@ -845,7 +847,10 @@ def import_from_stix2(self, **kwargs): stix_object["x_opencti_workflow_id"] = ( self.opencti.get_attribute_in_extension("workflow_id", stix_object) ) - + if "x_opencti_assignee_ids" not in stix_object: + stix_object["x_opencti_assignee_ids"] = ( + self.opencti.get_attribute_in_extension("assignee_ids", stix_object) + ) return self.create( stix_id=stix_object["id"], createdBy=( @@ -893,6 +898,11 @@ def import_from_stix2(self, **kwargs): if "x_opencti_granted_refs" in stix_object else None ), + objectAssignee=( + stix_object["x_opencti_assignee_ids"] + if "x_opencti_assignee_ids" in stix_object + else None + ), x_opencti_workflow_id=( stix_object["x_opencti_workflow_id"] if "x_opencti_workflow_id" in stix_object From 2bfbcdac2b52ab05c19bc6672df1a6a8f781b4b1 Mon Sep 17 00:00:00 2001 From: BocognanoSarah Date: Tue, 3 Dec 2024 16:56:11 +0100 Subject: [PATCH 2/2] [client] Add participant --- pycti/entities/opencti_case_incident.py | 14 +++++++++++++- pycti/entities/opencti_case_rfi.py | 13 +++++++++++++ pycti/entities/opencti_case_rft.py | 13 +++++++++++++ pycti/entities/opencti_task.py | 14 +++++++++++++- 4 files changed, 52 insertions(+), 2 deletions(-) diff --git a/pycti/entities/opencti_case_incident.py b/pycti/entities/opencti_case_incident.py index 40cc75ba9..1b0b81a58 100644 --- a/pycti/entities/opencti_case_incident.py +++ b/pycti/entities/opencti_case_incident.py @@ -690,6 +690,7 @@ def create(self, **kwargs): priority = kwargs.get("priority", None) x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None) object_assignee = kwargs.get("objectAssignee", None) + object_participant = kwargs.get("objectParticipant", None) granted_refs = kwargs.get("objectOrganization", None) response_types = kwargs.get("response_types", None) x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None) @@ -717,6 +718,7 @@ def create(self, **kwargs): "objectLabel": object_label, "objectOrganization": granted_refs, "objectAssignee": object_assignee, + "objectParticipant": object_participant, "objects": objects, "externalReferences": external_references, "revoked": revoked, @@ -865,7 +867,12 @@ def import_from_stix2(self, **kwargs): stix_object["x_opencti_assignee_ids"] = ( self.opencti.get_attribute_in_extension("assignee_ids", stix_object) ) - + if "x_opencti_participant_ids" not in stix_object: + stix_object["x_opencti_participant_ids"] = ( + self.opencti.get_attribute_in_extension( + "participant_ids", stix_object + ) + ) return self.create( stix_id=stix_object["id"], createdBy=( @@ -920,6 +927,11 @@ def import_from_stix2(self, **kwargs): if "x_opencti_assignee_ids" in stix_object else None ), + objectParticipant=( + stix_object["x_opencti_participant_ids"] + if "x_opencti_participant_ids" in stix_object + else None + ), x_opencti_workflow_id=( stix_object["x_opencti_workflow_id"] if "x_opencti_workflow_id" in stix_object diff --git a/pycti/entities/opencti_case_rfi.py b/pycti/entities/opencti_case_rfi.py index 69dfd375a..da0efe5dd 100644 --- a/pycti/entities/opencti_case_rfi.py +++ b/pycti/entities/opencti_case_rfi.py @@ -675,6 +675,7 @@ def create(self, **kwargs): object_marking = kwargs.get("objectMarking", None) object_label = kwargs.get("objectLabel", None) object_assignee = kwargs.get("objectAssignee", None) + object_participant = kwargs.get("objectParticipant", None) external_references = kwargs.get("externalReferences", None) revoked = kwargs.get("revoked", None) confidence = kwargs.get("confidence", None) @@ -711,6 +712,7 @@ def create(self, **kwargs): "objectLabel": object_label, "objectOrganization": granted_refs, "objectAssignee": object_assignee, + "objectParticipant": object_participant, "objects": objects, "externalReferences": external_references, "revoked": revoked, @@ -852,6 +854,12 @@ def import_from_stix2(self, **kwargs): stix_object["x_opencti_assignee_ids"] = ( self.opencti.get_attribute_in_extension("assignee_ids", stix_object) ) + if "x_opencti_participant_ids" not in stix_object: + stix_object["x_opencti_participant_ids"] = ( + self.opencti.get_attribute_in_extension( + "participant_ids", stix_object + ) + ) return self.create( stix_id=stix_object["id"], @@ -900,6 +908,11 @@ def import_from_stix2(self, **kwargs): if "x_opencti_assignee_ids" in stix_object else None ), + objectParticipant=( + stix_object["x_opencti_participant_ids"] + if "x_opencti_participant_ids" in stix_object + else None + ), x_opencti_workflow_id=( stix_object["x_opencti_workflow_id"] if "x_opencti_workflow_id" in stix_object diff --git a/pycti/entities/opencti_case_rft.py b/pycti/entities/opencti_case_rft.py index 1e82fe98a..49fee7f12 100644 --- a/pycti/entities/opencti_case_rft.py +++ b/pycti/entities/opencti_case_rft.py @@ -674,6 +674,7 @@ def create(self, **kwargs): object_marking = kwargs.get("objectMarking", None) object_label = kwargs.get("objectLabel", None) object_assignee = kwargs.get("objectAssignee", None) + object_participant = kwargs.get("objectParticipant", None) external_references = kwargs.get("externalReferences", None) revoked = kwargs.get("revoked", None) confidence = kwargs.get("confidence", None) @@ -710,6 +711,7 @@ def create(self, **kwargs): "objectLabel": object_label, "objectOrganization": granted_refs, "objectAssignee": object_assignee, + "objectParticipant": object_participant, "objects": objects, "externalReferences": external_references, "revoked": revoked, @@ -851,6 +853,12 @@ def import_from_stix2(self, **kwargs): stix_object["x_opencti_assignee_ids"] = ( self.opencti.get_attribute_in_extension("assignee_ids", stix_object) ) + if "x_opencti_participant_ids" not in stix_object: + stix_object["x_opencti_participant_ids"] = ( + self.opencti.get_attribute_in_extension( + "participant_ids", stix_object + ) + ) return self.create( stix_id=stix_object["id"], createdBy=( @@ -903,6 +911,11 @@ def import_from_stix2(self, **kwargs): if "x_opencti_assignee_ids" in stix_object else None ), + objectParticipant=( + stix_object["x_opencti_participant_ids"] + if "x_opencti_participant_ids" in stix_object + else None + ), x_opencti_workflow_id=( stix_object["x_opencti_workflow_id"] if "x_opencti_workflow_id" in stix_object diff --git a/pycti/entities/opencti_task.py b/pycti/entities/opencti_task.py index bdda9cea7..9aea86699 100644 --- a/pycti/entities/opencti_task.py +++ b/pycti/entities/opencti_task.py @@ -448,6 +448,7 @@ def create(self, **kwargs): object_marking = kwargs.get("objectMarking", None) object_label = kwargs.get("objectLabel", None) object_assignee = kwargs.get("objectAssignee", None) + object_participant = kwargs.get("objectParticipant", None) granted_refs = kwargs.get("objectOrganization", None) x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None) update = kwargs.get("update", False) @@ -478,6 +479,7 @@ def create(self, **kwargs): "objectMarking": object_marking, "objectOrganization": granted_refs, "objectAssignee": object_assignee, + "objectParticipant": object_participant, "x_opencti_workflow_id": x_opencti_workflow_id, "update": update, } @@ -628,7 +630,12 @@ def import_from_stix2(self, **kwargs): stix_object["x_opencti_assignee_ids"] = ( self.opencti.get_attribute_in_extension("assignee_ids", stix_object) ) - + if "x_opencti_participant_ids" not in stix_object: + stix_object["x_opencti_participant_ids"] = ( + self.opencti.get_attribute_in_extension( + "participant_ids", stix_object + ) + ) return self.create( stix_id=stix_object["id"], createdBy=( @@ -661,6 +668,11 @@ def import_from_stix2(self, **kwargs): if "x_opencti_assignee_ids" in stix_object else None ), + objectParticipant=( + stix_object["x_opencti_participant_ids"] + if "x_opencti_participant_ids" in stix_object + else None + ), x_opencti_workflow_id=( stix_object["x_opencti_workflow_id"] if "x_opencti_workflow_id" in stix_object