From e7e1043cf104099801b9f4c8a73e37e9f0757f93 Mon Sep 17 00:00:00 2001 From: Jeremy Cloarec Date: Fri, 4 Jul 2025 15:29:28 +0200 Subject: [PATCH 1/3] [client] add new operation types for users bg tasks --- pycti/utils/opencti_stix2.py | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py index 142798afb..e6481a2c1 100644 --- a/pycti/utils/opencti_stix2.py +++ b/pycti/utils/opencti_stix2.py @@ -2665,6 +2665,26 @@ def apply_opencti_operation(self, item, operation): self.opencti.stix_core_object.ask_enrichments( element_id=item["id"], connector_ids=connector_ids ) + elif operation == "add_organizations": + raise ValueError( + "Not implemented opencti_operation", + {"operation": operation}, + ) + elif operation == "remove_organizations": + raise ValueError( + "Not implemented opencti_operation", + {"operation": operation}, + ) + elif operation == "add_groups": + raise ValueError( + "Not implemented opencti_operation", + {"operation": operation}, + ) + elif operation == "remove_groups": + raise ValueError( + "Not implemented opencti_operation", + {"operation": operation}, + ) else: raise ValueError( "Not supported opencti_operation", From 0f3377788ee0e27f171717095ae49e06973604c4 Mon Sep 17 00:00:00 2001 From: Jeremy Cloarec Date: Mon, 7 Jul 2025 14:35:05 +0200 Subject: [PATCH 2/3] [backend] WIP background tasks on user --- pycti/utils/opencti_stix2.py | 80 ++++++++++++++++++++++++++++-------- 1 file changed, 64 insertions(+), 16 deletions(-) diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py index e6481a2c1..554590e29 100644 --- a/pycti/utils/opencti_stix2.py +++ b/pycti/utils/opencti_stix2.py @@ -2511,6 +2511,10 @@ def apply_patch(self, item): self.opencti.notification.update_field( id=item_id, input=field_patch_without_files ) + elif item["type"] == "user": + self.opencti.user.update_field( + id=item_id, input=field_patch_without_files + ) else: self.opencti.stix_domain_object.update_field( id=item_id, input=field_patch_without_files @@ -2583,6 +2587,62 @@ def organization_unshare(self, item): item["id"], organization_ids, sharing_direct_container ) + def element_add_organizations(self, item): + organization_ids = self.opencti.get_attribute_in_extension( + "organization_ids", item + ) + if organization_ids is None: + organization_ids = item["organization_ids"] + if item["type"] == "user": + for organization_id in organization_ids: + self.opencti.user.add_organization(id=item["id"], organization_id=organization_id) + else: + raise ValueError( + "Add organizations operation not compatible with type", {"type": item["type"]} + ) + + def element_remove_organizations(self, item): + organization_ids = self.opencti.get_attribute_in_extension( + "organization_ids", item + ) + if organization_ids is None: + organization_ids = item["organization_ids"] + if item["type"] == "user": + for organization_id in organization_ids: + self.opencti.user.delete_organization(id=item["id"], organization_id=organization_id) + else: + raise ValueError( + "Remove organizations operation not compatible with type", {"type": item["type"]} + ) + + def element_add_groups(self, item): + group_ids = self.opencti.get_attribute_in_extension( + "group_ids", item + ) + if group_ids is None: + group_ids = item["group_ids"] + if item["type"] == "user": + for group_id in group_ids: + self.opencti.user.add_membership(id=item["id"], group_id=group_id) + else: + raise ValueError( + "Add groups operation not compatible with type", {"type": item["type"]} + ) + + def element_remove_groups(self, item): + group_ids = self.opencti.get_attribute_in_extension( + "group_ids", item + ) + if group_ids is None: + group_ids = item["group_ids"] + if item["type"] == "user": + for group_id in group_ids: + self.opencti.user.delete_membership(id=item["id"], group_id=group_id) + else: + raise ValueError( + "Remove groups operation not compatible with type", {"type": item["type"]} + ) + def element_operation_delete(self, item, operation): # If data is stix, just use the generic stix function for deletion force_delete = operation == "delete_force" @@ -2666,25 +2726,13 @@ def apply_opencti_operation(self, item, operation): element_id=item["id"], connector_ids=connector_ids ) elif operation == "add_organizations": - raise ValueError( - "Not implemented opencti_operation", - {"operation": operation}, - ) + self.element_add_organizations(item) elif operation == "remove_organizations": - raise ValueError( - "Not implemented opencti_operation", - {"operation": operation}, - ) + self.element_remove_organizations(item) elif operation == "add_groups": - raise ValueError( - "Not implemented opencti_operation", - {"operation": operation}, - ) + self.element_add_groups(item) elif operation == "remove_groups": - raise ValueError( - "Not implemented opencti_operation", - {"operation": operation}, - ) + self.element_remove_groups(item) else: raise ValueError( "Not supported opencti_operation", From 702777be7319b143118759db07e6176f936c6ef6 Mon Sep 17 00:00:00 2001 From: Jeremy Cloarec Date: Mon, 7 Jul 2025 14:37:40 +0200 Subject: [PATCH 3/3] [backend] WIP background tasks on user --- pycti/utils/opencti_stix2.py | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py index 554590e29..18189a802 100644 --- a/pycti/utils/opencti_stix2.py +++ b/pycti/utils/opencti_stix2.py @@ -2595,10 +2595,13 @@ def element_add_organizations(self, item): organization_ids = item["organization_ids"] if item["type"] == "user": for organization_id in organization_ids: - self.opencti.user.add_organization(id=item["id"], organization_id=organization_id) + self.opencti.user.add_organization( + id=item["id"], organization_id=organization_id + ) else: raise ValueError( - "Add organizations operation not compatible with type", {"type": item["type"]} + "Add organizations operation not compatible with type", + {"type": item["type"]}, ) def element_remove_organizations(self, item): @@ -2609,16 +2612,17 @@ def element_remove_organizations(self, item): organization_ids = item["organization_ids"] if item["type"] == "user": for organization_id in organization_ids: - self.opencti.user.delete_organization(id=item["id"], organization_id=organization_id) + self.opencti.user.delete_organization( + id=item["id"], organization_id=organization_id + ) else: raise ValueError( - "Remove organizations operation not compatible with type", {"type": item["type"]} + "Remove organizations operation not compatible with type", + {"type": item["type"]}, ) def element_add_groups(self, item): - group_ids = self.opencti.get_attribute_in_extension( - "group_ids", item - ) + group_ids = self.opencti.get_attribute_in_extension("group_ids", item) if group_ids is None: group_ids = item["group_ids"] if item["type"] == "user": @@ -2630,9 +2634,7 @@ def element_add_groups(self, item): ) def element_remove_groups(self, item): - group_ids = self.opencti.get_attribute_in_extension( - "group_ids", item - ) + group_ids = self.opencti.get_attribute_in_extension("group_ids", item) if group_ids is None: group_ids = item["group_ids"] if item["type"] == "user": @@ -2640,7 +2642,8 @@ def element_remove_groups(self, item): self.opencti.user.delete_membership(id=item["id"], group_id=group_id) else: raise ValueError( - "Remove groups operation not compatible with type", {"type": item["type"]} + "Remove groups operation not compatible with type", + {"type": item["type"]}, ) def element_operation_delete(self, item, operation):