From 6ba7fe18133b564cd77fccbe5e7ccd14db5fa854 Mon Sep 17 00:00:00 2001 From: CelineSebe Date: Thu, 22 May 2025 11:18:23 +0200 Subject: [PATCH 1/6] add SECURITY IdentityType --- pycti/entities/opencti_identity.py | 34 ++++++++++++++++++++++++++++++ pycti/utils/constants.py | 1 + 2 files changed, 35 insertions(+) diff --git a/pycti/entities/opencti_identity.py b/pycti/entities/opencti_identity.py index 12f7ae6d0..296bd61af 100644 --- a/pycti/entities/opencti_identity.py +++ b/pycti/entities/opencti_identity.py @@ -57,6 +57,9 @@ def __init__(self, opencti): x_opencti_firstname x_opencti_lastname } + ... on SecurityPlatform { + security_platform_type + } } objectMarking { id @@ -113,6 +116,9 @@ def __init__(self, opencti): x_opencti_organization_type x_opencti_score } + ... on SecurityPlatform { + security_platform_type + } """ self.properties_with_files = """ id @@ -160,6 +166,9 @@ def __init__(self, opencti): x_opencti_firstname x_opencti_lastname } + ... on SecurityPlatform { + security_platform_type + } } objectMarking { id @@ -229,6 +238,9 @@ def __init__(self, opencti): x_opencti_organization_type x_opencti_score } + ... on SecurityPlatform { + security_platform_type + } importFiles { edges { node { @@ -414,6 +426,7 @@ def create(self, **kwargs): contact_information = kwargs.get("contact_information", None) roles = kwargs.get("roles", None) x_opencti_aliases = kwargs.get("x_opencti_aliases", None) + security_platform_type = kwargs.get("security_platform_type", None) x_opencti_organization_type = kwargs.get("x_opencti_organization_type", None) x_opencti_reliability = kwargs.get("x_opencti_reliability", None) x_opencti_score = kwargs.get("x_opencti_score", None) @@ -463,6 +476,21 @@ def create(self, **kwargs): input_variables["x_opencti_reliability"] = x_opencti_reliability input_variables["x_opencti_score"] = x_opencti_score result_data_field = "organizationAdd" + elif type == IdentityTypes.SECURITY.value: + query = """ + mutation SecurityPlatformAdd($input: SecurityPlatformAddInput!) { + securityPlatformAdd(input: $input) { + id + standard_id + entity_type + parent_types + } + } + """ + input_variables["security_platform_type"] = ( + security_platform_type + ) + result_data_field = "securityPlatformAdd" elif type == IdentityTypes.INDIVIDUAL.value: query = """ mutation IndividualAdd($input: IndividualAddInput!) { @@ -554,6 +582,12 @@ def import_from_stix2(self, **kwargs): "organization_type", stix_object ) ) + if "security_platform_type" not in stix_object: + stix_object["security_platform_type"] = ( + self.opencti.get_attribute_in_extension( + "security_platform_type", stix_object + ) + ) if "x_opencti_reliability" not in stix_object: stix_object["x_opencti_reliability"] = ( self.opencti.get_attribute_in_extension("reliability", stix_object) diff --git a/pycti/utils/constants.py b/pycti/utils/constants.py index 642d0a69d..9c94f38d7 100644 --- a/pycti/utils/constants.py +++ b/pycti/utils/constants.py @@ -58,6 +58,7 @@ class IdentityTypes(Enum): ORGANIZATION = "Organization" INDIVIDUAL = "Individual" SYSTEM = "System" + SECURITY = "Security_Platform" @classmethod def has_value(cls, value): From cf654af1ff0d78b4610b4254d2e110b0d7ba1909 Mon Sep 17 00:00:00 2001 From: CelineSebe Date: Thu, 22 May 2025 11:26:00 +0200 Subject: [PATCH 2/6] add security_platform_type --- pycti/entities/opencti_identity.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pycti/entities/opencti_identity.py b/pycti/entities/opencti_identity.py index 296bd61af..6903a4ac4 100644 --- a/pycti/entities/opencti_identity.py +++ b/pycti/entities/opencti_identity.py @@ -669,6 +669,11 @@ def import_from_stix2(self, **kwargs): if "x_opencti_organization_type" in stix_object else None ), + security_platform_type=( + stix_object["security_platform_type"] + if "security_platform_type" in stix_object + else None + ), x_opencti_reliability=( stix_object["x_opencti_reliability"] if "x_opencti_reliability" in stix_object From 0fae921958a2d3f3a6897a2fbd9610b680afb376 Mon Sep 17 00:00:00 2001 From: CelineSebe Date: Fri, 23 May 2025 11:45:05 +0200 Subject: [PATCH 3/6] rename security --- pycti/utils/constants.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pycti/utils/constants.py b/pycti/utils/constants.py index 9c94f38d7..b1b115e11 100644 --- a/pycti/utils/constants.py +++ b/pycti/utils/constants.py @@ -58,7 +58,7 @@ class IdentityTypes(Enum): ORGANIZATION = "Organization" INDIVIDUAL = "Individual" SYSTEM = "System" - SECURITY = "Security_Platform" + SECURITY = "SecurityPlatform" @classmethod def has_value(cls, value): From 7d2fcf204eb0965589132392e433d46a3f96f23b Mon Sep 17 00:00:00 2001 From: Souad Hadjiat Date: Fri, 23 May 2025 12:10:47 +0200 Subject: [PATCH 4/6] [client] fix for security platform --- pycti/entities/opencti_identity.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pycti/entities/opencti_identity.py b/pycti/entities/opencti_identity.py index 6903a4ac4..aef2d416c 100644 --- a/pycti/entities/opencti_identity.py +++ b/pycti/entities/opencti_identity.py @@ -487,9 +487,7 @@ def create(self, **kwargs): } } """ - input_variables["security_platform_type"] = ( - security_platform_type - ) + input_variables["security_platform_type"] = security_platform_type result_data_field = "securityPlatformAdd" elif type == IdentityTypes.INDIVIDUAL.value: query = """ @@ -570,6 +568,8 @@ def import_from_stix2(self, **kwargs): type = "Sector" elif stix_object["identity_class"] == "system": type = "System" + elif stix_object["identity_class"] == "securityplatform": + type = "SecurityPlatform" # Search in extensions if "x_opencti_aliases" not in stix_object: From 93107beb5b48559a0e5337520cc2e091b2f4ad5c Mon Sep 17 00:00:00 2001 From: Souad Hadjiat Date: Fri, 23 May 2025 14:10:09 +0200 Subject: [PATCH 5/6] [client] fix test --- pycti/entities/opencti_identity.py | 2 +- pycti/utils/constants.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pycti/entities/opencti_identity.py b/pycti/entities/opencti_identity.py index aef2d416c..73e9311d6 100644 --- a/pycti/entities/opencti_identity.py +++ b/pycti/entities/opencti_identity.py @@ -476,7 +476,7 @@ def create(self, **kwargs): input_variables["x_opencti_reliability"] = x_opencti_reliability input_variables["x_opencti_score"] = x_opencti_score result_data_field = "organizationAdd" - elif type == IdentityTypes.SECURITY.value: + elif type == IdentityTypes.SECURITYPLATFORM.value: query = """ mutation SecurityPlatformAdd($input: SecurityPlatformAddInput!) { securityPlatformAdd(input: $input) { diff --git a/pycti/utils/constants.py b/pycti/utils/constants.py index b1b115e11..85d36e05d 100644 --- a/pycti/utils/constants.py +++ b/pycti/utils/constants.py @@ -58,7 +58,7 @@ class IdentityTypes(Enum): ORGANIZATION = "Organization" INDIVIDUAL = "Individual" SYSTEM = "System" - SECURITY = "SecurityPlatform" + SECURITYPLATFORM = "SecurityPlatform" @classmethod def has_value(cls, value): From ef773079ea023951b460bab70883f536c17b53ff Mon Sep 17 00:00:00 2001 From: Souad Hadjiat Date: Fri, 23 May 2025 15:42:32 +0200 Subject: [PATCH 6/6] [client] fix create security platform --- pycti/entities/opencti_identity.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pycti/entities/opencti_identity.py b/pycti/entities/opencti_identity.py index 73e9311d6..09abd1956 100644 --- a/pycti/entities/opencti_identity.py +++ b/pycti/entities/opencti_identity.py @@ -488,6 +488,11 @@ def create(self, **kwargs): } """ input_variables["security_platform_type"] = security_platform_type + # no need for these attributes for security platform + del input_variables["contact_information"] + del input_variables["lang"] + del input_variables["roles"] + del input_variables["x_opencti_aliases"] result_data_field = "securityPlatformAdd" elif type == IdentityTypes.INDIVIDUAL.value: query = """