From 97586d94beac54d49b963d6f4fe60017593c1469 Mon Sep 17 00:00:00 2001 From: marie flores Date: Wed, 26 Feb 2025 10:05:56 +0100 Subject: [PATCH 1/3] [client] Add get_all arg in list api for TA --- pycti/entities/opencti_threat_actor.py | 29 +++++++++++++++++-- pycti/entities/opencti_threat_actor_group.py | 29 +++++++++++++++++-- .../opencti_threat_actor_individual.py | 29 +++++++++++++++++-- 3 files changed, 78 insertions(+), 9 deletions(-) diff --git a/pycti/entities/opencti_threat_actor.py b/pycti/entities/opencti_threat_actor.py index 601489277..126fb2935 100644 --- a/pycti/entities/opencti_threat_actor.py +++ b/pycti/entities/opencti_threat_actor.py @@ -178,6 +178,7 @@ def list(self, **kwargs) -> dict: order_by = kwargs.get("orderBy", None) order_mode = kwargs.get("orderMode", None) custom_attributes = kwargs.get("customAttributes", None) + get_all = kwargs.get("getAll", False) with_pagination = kwargs.get("withPagination", False) self.opencti.app_logger.info( @@ -216,9 +217,31 @@ def list(self, **kwargs) -> dict: "orderMode": order_mode, }, ) - return self.opencti.process_multiple( - result["data"]["threatActors"], with_pagination - ) + if get_all: + final_data = [] + data = self.opencti.process_multiple(result["data"]["threatActors"]) + final_data = final_data + data + while result["data"]["threatActors"]["pageInfo"]["hasNextPage"]: + after = result["data"]["threatActors"]["pageInfo"]["endCursor"] + self.opencti.app_logger.info("Listing threatActors", {"after": after}) + result = self.opencti.query( + query, + { + "filters": filters, + "search": search, + "first": first, + "after": after, + "orderBy": order_by, + "orderMode": order_mode, + }, + ) + data = self.opencti.process_multiple(result["data"]["threatActors"]) + final_data = final_data + data + return final_data + else: + return self.opencti.process_multiple( + result["data"]["threatActors"], with_pagination + ) def read(self, **kwargs) -> Union[dict, None]: """Read a Threat-Actor object diff --git a/pycti/entities/opencti_threat_actor_group.py b/pycti/entities/opencti_threat_actor_group.py index 9e2f499ea..df8cd4fb2 100644 --- a/pycti/entities/opencti_threat_actor_group.py +++ b/pycti/entities/opencti_threat_actor_group.py @@ -171,6 +171,7 @@ def list(self, **kwargs) -> dict: order_by = kwargs.get("orderBy", None) order_mode = kwargs.get("orderMode", None) custom_attributes = kwargs.get("customAttributes", None) + get_all = kwargs.get("getAll", False) with_pagination = kwargs.get("withPagination", False) self.opencti.app_logger.info( @@ -209,9 +210,31 @@ def list(self, **kwargs) -> dict: "orderMode": order_mode, }, ) - return self.opencti.process_multiple( - result["data"]["threatActorsGroup"], with_pagination - ) + if get_all: + final_data = [] + data = self.opencti.process_multiple(result["data"]["threatActorsGroup"]) + final_data = final_data + data + while result["data"]["threatActorsGroup"]["pageInfo"]["hasNextPage"]: + after = result["data"]["threatActorsGroup"]["pageInfo"]["endCursor"] + self.opencti.app_logger.info("Listing threatActorsGroup", {"after": after}) + result = self.opencti.query( + query, + { + "filters": filters, + "search": search, + "first": first, + "after": after, + "orderBy": order_by, + "orderMode": order_mode, + }, + ) + data = self.opencti.process_multiple(result["data"]["threatActorsGroup"]) + final_data = final_data + data + return final_data + else: + return self.opencti.process_multiple( + result["data"]["threatActorsGroup"], with_pagination + ) def read(self, **kwargs) -> Union[dict, None]: """Read a Threat-Actor-Group object diff --git a/pycti/entities/opencti_threat_actor_individual.py b/pycti/entities/opencti_threat_actor_individual.py index b4a5ea7c1..7e4b32ebd 100644 --- a/pycti/entities/opencti_threat_actor_individual.py +++ b/pycti/entities/opencti_threat_actor_individual.py @@ -171,6 +171,7 @@ def list(self, **kwargs) -> dict: order_by = kwargs.get("orderBy", None) order_mode = kwargs.get("orderMode", None) custom_attributes = kwargs.get("customAttributes", None) + get_all = kwargs.get("getAll", False) with_pagination = kwargs.get("withPagination", False) self.opencti.app_logger.info( @@ -210,9 +211,31 @@ def list(self, **kwargs) -> dict: "orderMode": order_mode, }, ) - return self.opencti.process_multiple( - result["data"]["threatActorsIndividuals"], with_pagination - ) + if get_all: + final_data = [] + data = self.opencti.process_multiple(result["data"]["threatActorsIndividuals"]) + final_data = final_data + data + while result["data"]["threatActorsIndividuals"]["pageInfo"]["hasNextPage"]: + after = result["data"]["threatActorsIndividuals"]["pageInfo"]["endCursor"] + self.opencti.app_logger.info("Listing threatActorsIndividuals", {"after": after}) + result = self.opencti.query( + query, + { + "filters": filters, + "search": search, + "first": first, + "after": after, + "orderBy": order_by, + "orderMode": order_mode, + }, + ) + data = self.opencti.process_multiple(result["data"]["threatActorsIndividuals"]) + final_data = final_data + data + return final_data + else: + return self.opencti.process_multiple( + result["data"]["threatActorsIndividuals"], with_pagination + ) def read(self, **kwargs) -> Union[dict, None]: """Read a Threat-Actor-Individual object From 816c022a6e4447281fcdcce80d892f96a76b4cbc Mon Sep 17 00:00:00 2001 From: marie flores Date: Wed, 26 Feb 2025 10:59:52 +0100 Subject: [PATCH 2/3] [client] black --- examples/get_all_TA_using_pagination.py | 18 ++++++++++++++++++ pycti/entities/opencti_threat_actor_group.py | 8 ++++++-- .../opencti_threat_actor_individual.py | 16 ++++++++++++---- 3 files changed, 36 insertions(+), 6 deletions(-) create mode 100644 examples/get_all_TA_using_pagination.py diff --git a/examples/get_all_TA_using_pagination.py b/examples/get_all_TA_using_pagination.py new file mode 100644 index 000000000..c5bb9a046 --- /dev/null +++ b/examples/get_all_TA_using_pagination.py @@ -0,0 +1,18 @@ +# coding: utf-8 +from more_itertools.more import first + +from pycti import OpenCTIApiClient + +# Variables +api_url = "http://localhost:4000" +api_token = "d434ce02-e58e-4cac-8b4c-42bf16748e84" + +# OpenCTI initialization +opencti_api_client = OpenCTIApiClient(api_url, api_token) + +# List all TA +actors = opencti_api_client.threat_actor.list() + +# Print + +print(actors) diff --git a/pycti/entities/opencti_threat_actor_group.py b/pycti/entities/opencti_threat_actor_group.py index df8cd4fb2..d5c6d6d3d 100644 --- a/pycti/entities/opencti_threat_actor_group.py +++ b/pycti/entities/opencti_threat_actor_group.py @@ -216,7 +216,9 @@ def list(self, **kwargs) -> dict: final_data = final_data + data while result["data"]["threatActorsGroup"]["pageInfo"]["hasNextPage"]: after = result["data"]["threatActorsGroup"]["pageInfo"]["endCursor"] - self.opencti.app_logger.info("Listing threatActorsGroup", {"after": after}) + self.opencti.app_logger.info( + "Listing threatActorsGroup", {"after": after} + ) result = self.opencti.query( query, { @@ -228,7 +230,9 @@ def list(self, **kwargs) -> dict: "orderMode": order_mode, }, ) - data = self.opencti.process_multiple(result["data"]["threatActorsGroup"]) + data = self.opencti.process_multiple( + result["data"]["threatActorsGroup"] + ) final_data = final_data + data return final_data else: diff --git a/pycti/entities/opencti_threat_actor_individual.py b/pycti/entities/opencti_threat_actor_individual.py index 7e4b32ebd..8735319de 100644 --- a/pycti/entities/opencti_threat_actor_individual.py +++ b/pycti/entities/opencti_threat_actor_individual.py @@ -213,11 +213,17 @@ def list(self, **kwargs) -> dict: ) if get_all: final_data = [] - data = self.opencti.process_multiple(result["data"]["threatActorsIndividuals"]) + data = self.opencti.process_multiple( + result["data"]["threatActorsIndividuals"] + ) final_data = final_data + data while result["data"]["threatActorsIndividuals"]["pageInfo"]["hasNextPage"]: - after = result["data"]["threatActorsIndividuals"]["pageInfo"]["endCursor"] - self.opencti.app_logger.info("Listing threatActorsIndividuals", {"after": after}) + after = result["data"]["threatActorsIndividuals"]["pageInfo"][ + "endCursor" + ] + self.opencti.app_logger.info( + "Listing threatActorsIndividuals", {"after": after} + ) result = self.opencti.query( query, { @@ -229,7 +235,9 @@ def list(self, **kwargs) -> dict: "orderMode": order_mode, }, ) - data = self.opencti.process_multiple(result["data"]["threatActorsIndividuals"]) + data = self.opencti.process_multiple( + result["data"]["threatActorsIndividuals"] + ) final_data = final_data + data return final_data else: From 61a78ff68b6d6bd4a4f557f2c2be4d7aa818f7bb Mon Sep 17 00:00:00 2001 From: marie flores Date: Wed, 26 Feb 2025 11:19:09 +0100 Subject: [PATCH 3/3] [client] remove unused example script --- examples/get_all_TA_using_pagination.py | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 examples/get_all_TA_using_pagination.py diff --git a/examples/get_all_TA_using_pagination.py b/examples/get_all_TA_using_pagination.py deleted file mode 100644 index c5bb9a046..000000000 --- a/examples/get_all_TA_using_pagination.py +++ /dev/null @@ -1,18 +0,0 @@ -# coding: utf-8 -from more_itertools.more import first - -from pycti import OpenCTIApiClient - -# Variables -api_url = "http://localhost:4000" -api_token = "d434ce02-e58e-4cac-8b4c-42bf16748e84" - -# OpenCTI initialization -opencti_api_client = OpenCTIApiClient(api_url, api_token) - -# List all TA -actors = opencti_api_client.threat_actor.list() - -# Print - -print(actors)