diff --git a/pycti/entities/indicator/opencti_indicator_properties.py b/pycti/entities/indicator/opencti_indicator_properties.py index 3e3ec63f4..23f261aa4 100644 --- a/pycti/entities/indicator/opencti_indicator_properties.py +++ b/pycti/entities/indicator/opencti_indicator_properties.py @@ -266,6 +266,17 @@ mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_attack_pattern.py b/pycti/entities/opencti_attack_pattern.py index 01f31a1f8..a03a6ee7b 100644 --- a/pycti/entities/opencti_attack_pattern.py +++ b/pycti/entities/opencti_attack_pattern.py @@ -236,6 +236,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_campaign.py b/pycti/entities/opencti_campaign.py index 8a84d992b..0bca77956 100644 --- a/pycti/entities/opencti_campaign.py +++ b/pycti/entities/opencti_campaign.py @@ -224,6 +224,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_case_incident.py b/pycti/entities/opencti_case_incident.py index ce361da39..ce2cb53f4 100644 --- a/pycti/entities/opencti_case_incident.py +++ b/pycti/entities/opencti_case_incident.py @@ -469,6 +469,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_case_rfi.py b/pycti/entities/opencti_case_rfi.py index 9184b2f13..e0f1cb2e4 100644 --- a/pycti/entities/opencti_case_rfi.py +++ b/pycti/entities/opencti_case_rfi.py @@ -467,6 +467,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_case_rft.py b/pycti/entities/opencti_case_rft.py index 92dded3f1..475009921 100644 --- a/pycti/entities/opencti_case_rft.py +++ b/pycti/entities/opencti_case_rft.py @@ -467,6 +467,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_channel.py b/pycti/entities/opencti_channel.py index e7783cb72..484c4fb47 100644 --- a/pycti/entities/opencti_channel.py +++ b/pycti/entities/opencti_channel.py @@ -206,6 +206,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_course_of_action.py b/pycti/entities/opencti_course_of_action.py index c2b0b5eec..8f3c5ccd6 100644 --- a/pycti/entities/opencti_course_of_action.py +++ b/pycti/entities/opencti_course_of_action.py @@ -212,6 +212,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_data_component.py b/pycti/entities/opencti_data_component.py index f0bb7e09f..56da1aa6a 100644 --- a/pycti/entities/opencti_data_component.py +++ b/pycti/entities/opencti_data_component.py @@ -238,6 +238,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_data_source.py b/pycti/entities/opencti_data_source.py index 5410fe52c..1bb96fac1 100644 --- a/pycti/entities/opencti_data_source.py +++ b/pycti/entities/opencti_data_source.py @@ -214,6 +214,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_event.py b/pycti/entities/opencti_event.py index 7e961a8bf..747cbdff9 100644 --- a/pycti/entities/opencti_event.py +++ b/pycti/entities/opencti_event.py @@ -226,6 +226,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_external_reference.py b/pycti/entities/opencti_external_reference.py index 1eee6a180..24dc52adb 100644 --- a/pycti/entities/opencti_external_reference.py +++ b/pycti/entities/opencti_external_reference.py @@ -59,6 +59,17 @@ def __init__(self, opencti, file): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_feedback.py b/pycti/entities/opencti_feedback.py index 673234082..d1ba7955c 100644 --- a/pycti/entities/opencti_feedback.py +++ b/pycti/entities/opencti_feedback.py @@ -429,6 +429,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_grouping.py b/pycti/entities/opencti_grouping.py index f7c18865c..132b7fe09 100644 --- a/pycti/entities/opencti_grouping.py +++ b/pycti/entities/opencti_grouping.py @@ -413,6 +413,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_identity.py b/pycti/entities/opencti_identity.py index 202728788..0b4be0233 100644 --- a/pycti/entities/opencti_identity.py +++ b/pycti/entities/opencti_identity.py @@ -258,6 +258,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_incident.py b/pycti/entities/opencti_incident.py index ea7bb115e..33e8da12c 100644 --- a/pycti/entities/opencti_incident.py +++ b/pycti/entities/opencti_incident.py @@ -233,6 +233,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_infrastructure.py b/pycti/entities/opencti_infrastructure.py index 62c093bc4..2789ea8d5 100644 --- a/pycti/entities/opencti_infrastructure.py +++ b/pycti/entities/opencti_infrastructure.py @@ -242,6 +242,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_intrusion_set.py b/pycti/entities/opencti_intrusion_set.py index 6a4bbe8de..a80e57496 100644 --- a/pycti/entities/opencti_intrusion_set.py +++ b/pycti/entities/opencti_intrusion_set.py @@ -232,6 +232,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_language.py b/pycti/entities/opencti_language.py index 8d02b8ac7..3b259ba97 100644 --- a/pycti/entities/opencti_language.py +++ b/pycti/entities/opencti_language.py @@ -123,6 +123,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } @@ -234,6 +245,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_location.py b/pycti/entities/opencti_location.py index c744249ea..5ecf4d9a9 100644 --- a/pycti/entities/opencti_location.py +++ b/pycti/entities/opencti_location.py @@ -226,6 +226,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_malware.py b/pycti/entities/opencti_malware.py index 9193710ae..8c230795e 100644 --- a/pycti/entities/opencti_malware.py +++ b/pycti/entities/opencti_malware.py @@ -260,6 +260,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_malware_analysis.py b/pycti/entities/opencti_malware_analysis.py index 7c9411872..099918969 100644 --- a/pycti/entities/opencti_malware_analysis.py +++ b/pycti/entities/opencti_malware_analysis.py @@ -236,6 +236,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_narrative.py b/pycti/entities/opencti_narrative.py index 64351a063..c7591fe0a 100644 --- a/pycti/entities/opencti_narrative.py +++ b/pycti/entities/opencti_narrative.py @@ -212,6 +212,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_note.py b/pycti/entities/opencti_note.py index f6db40908..0cc4701b4 100644 --- a/pycti/entities/opencti_note.py +++ b/pycti/entities/opencti_note.py @@ -452,6 +452,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_observed_data.py b/pycti/entities/opencti_observed_data.py index 5980227f4..bf505a802 100644 --- a/pycti/entities/opencti_observed_data.py +++ b/pycti/entities/opencti_observed_data.py @@ -450,6 +450,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_opinion.py b/pycti/entities/opencti_opinion.py index 66d1327fc..7f09d3809 100644 --- a/pycti/entities/opencti_opinion.py +++ b/pycti/entities/opencti_opinion.py @@ -222,6 +222,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_report.py b/pycti/entities/opencti_report.py index 3c5076a99..02e32efc1 100644 --- a/pycti/entities/opencti_report.py +++ b/pycti/entities/opencti_report.py @@ -458,6 +458,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_stix_core_object.py b/pycti/entities/opencti_stix_core_object.py index f0a92e225..d0eb2a071 100644 --- a/pycti/entities/opencti_stix_core_object.py +++ b/pycti/entities/opencti_stix_core_object.py @@ -803,6 +803,17 @@ def __init__(self, opencti, file): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_stix_domain_object.py b/pycti/entities/opencti_stix_domain_object.py index 64b0eda41..b8d4f6218 100644 --- a/pycti/entities/opencti_stix_domain_object.py +++ b/pycti/entities/opencti_stix_domain_object.py @@ -1090,6 +1090,17 @@ def __init__(self, opencti, file): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_task.py b/pycti/entities/opencti_task.py index 91d44f046..17da0b5a7 100644 --- a/pycti/entities/opencti_task.py +++ b/pycti/entities/opencti_task.py @@ -234,6 +234,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_threat_actor.py b/pycti/entities/opencti_threat_actor.py index 126fb2935..30a48a6bd 100644 --- a/pycti/entities/opencti_threat_actor.py +++ b/pycti/entities/opencti_threat_actor.py @@ -136,6 +136,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_threat_actor_group.py b/pycti/entities/opencti_threat_actor_group.py index 262f7ee34..6a9756dee 100644 --- a/pycti/entities/opencti_threat_actor_group.py +++ b/pycti/entities/opencti_threat_actor_group.py @@ -140,6 +140,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_threat_actor_individual.py b/pycti/entities/opencti_threat_actor_individual.py index 90f796907..a711266bb 100644 --- a/pycti/entities/opencti_threat_actor_individual.py +++ b/pycti/entities/opencti_threat_actor_individual.py @@ -140,6 +140,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_tool.py b/pycti/entities/opencti_tool.py index f90076d8e..eaaa89872 100644 --- a/pycti/entities/opencti_tool.py +++ b/pycti/entities/opencti_tool.py @@ -136,6 +136,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/opencti_vulnerability.py b/pycti/entities/opencti_vulnerability.py index 545827a90..390c3de27 100644 --- a/pycti/entities/opencti_vulnerability.py +++ b/pycti/entities/opencti_vulnerability.py @@ -172,6 +172,17 @@ def __init__(self, opencti): mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py b/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py index 176de35f7..4fdeb250c 100644 --- a/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py +++ b/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py @@ -608,6 +608,17 @@ mimetype version } + objectMarking { + id + standard_id + entity_type + definition_type + definition + created + modified + x_opencti_order + x_opencti_color + } } } } diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py index 93a014567..ec3847d0c 100644 --- a/pycti/utils/opencti_stix2.py +++ b/pycti/utils/opencti_stix2.py @@ -2031,14 +2031,39 @@ def prepare_export( self.opencti.api_url.replace("graphql", "storage/get/") + file["id"] ) data = self.opencti.fetch_opencti_file(url, binary=True, serialize=True) - entity["x_opencti_files"].append( - { - "name": file["name"], - "data": data, - "mime_type": file["metaData"]["mimetype"], - "version": file["metaData"].get("version", None), + x_opencti_file = { + "name": file["name"], + "data": data, + "mime_type": file["metaData"]["mimetype"], + "version": file["metaData"].get("version", None), + "object_marking_refs": [], + } + for file_marking_definition in file["objectMarking"]: + if file_marking_definition["definition_type"] == "TLP": + created = "2017-01-20T00:00:00.000Z" + else: + created = file_marking_definition["created"] + marking_definition = { + "type": "marking-definition", + "spec_version": SPEC_VERSION, + "id": file_marking_definition["standard_id"], + "created": created, + "definition_type": file_marking_definition[ + "definition_type" + ].lower(), + "name": file_marking_definition["definition"], + "definition": { + file_marking_definition["definition_type"] + .lower(): file_marking_definition["definition"] + .lower() + .replace("tlp:", "") + }, } - ) + result.append(marking_definition) + x_opencti_file["object_marking_refs"].append( + marking_definition["id"] + ) + entity["x_opencti_files"].append(x_opencti_file) del entity["importFiles"] del entity["importFilesIds"]