[backend] observables values implemented (#8312)

pycti/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.3.1"
+__version__ = "6.3.5"
 
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector

pycti/connector/opencti_connector_helper.py

@@ -1556,6 +1556,8 @@ def send_stix2_bundle(self, bundle: str, **kwargs) -> list:
         :type entities_types: list, optional
         :param update: whether to updated data in the database, defaults to False
         :type update: bool, optional
+        :param bypass_split: use to prevent splitting of the bundle. This option has been removed since 6.3 and is no longer used.
+        :type bypass_split: bool, optional
         :raises ValueError: if the bundle is empty
         :return: list of bundles
         :rtype: list
@@ -1564,11 +1566,11 @@ def send_stix2_bundle(self, bundle: str, **kwargs) -> list:
         entities_types = kwargs.get("entities_types", None)
         update = kwargs.get("update", False)
         event_version = kwargs.get("event_version", None)
-        bypass_split = kwargs.get("bypass_split", False)
         bypass_validation = kwargs.get("bypass_validation", False)
         entity_id = kwargs.get("entity_id", None)
         file_name = kwargs.get("file_name", None)
         bundle_send_to_queue = kwargs.get("send_to_queue", self.bundle_send_to_queue)
+        cleanup_inconsistent_bundle = kwargs.get("cleanup_inconsistent_bundle", False)
         bundle_send_to_directory = kwargs.get(
             "send_to_directory", self.bundle_send_to_directory
         )
@@ -1690,17 +1692,16 @@ def send_stix2_bundle(self, bundle: str, **kwargs) -> list:
             final_write_file = os.path.join(bundle_send_to_directory_path, bundle_file)
             os.rename(write_file, final_write_file)
 
-        if bypass_split:
-            bundles = [bundle]
-            expectations_number = len(json.loads(bundle)["objects"])
-        else:
-            stix2_splitter = OpenCTIStix2Splitter()
-            (
-                expectations_number,
-                bundles,
-            ) = stix2_splitter.split_bundle_with_expectations(
-                bundle, True, event_version
-            )
+        stix2_splitter = OpenCTIStix2Splitter()
+        (
+            expectations_number,
+            bundles,
+        ) = stix2_splitter.split_bundle_with_expectations(
+            bundle=bundle,
+            use_json=True,
+            event_version=event_version,
+            cleanup_inconsistent_bundle=cleanup_inconsistent_bundle,
+        )
 
         if len(bundles) == 0:
             self.metric.inc("error_count")

pycti/entities/indicator/opencti_indicator_properties.py

@@ -92,6 +92,10 @@
     x_opencti_score
     x_opencti_detection
     x_opencti_main_observable_type
+    x_opencti_observables_values {
+        type
+        value
+    }
     x_mitre_platforms
     observables {
         edges {
@@ -220,6 +224,10 @@
     x_opencti_score
     x_opencti_detection
     x_opencti_main_observable_type
+    x_opencti_observables_values {
+        type
+        value
+    }
     x_mitre_platforms
     observables {
         edges {

pycti/entities/opencti_kill_chain_phase.py

@@ -1,9 +1,8 @@
 # coding: utf-8
 
 import json
-import uuid
 
-from stix2.canonicalization.Canonicalize import canonicalize
+from pycti.utils.opencti_stix2_identifier import kill_chain_phase_generate_id
 
 
 class KillChainPhase:
@@ -25,10 +24,9 @@ def __init__(self, opencti):
 
     @staticmethod
     def generate_id(phase_name, kill_chain_name):
-        data = {"phase_name": phase_name, "kill_chain_name": kill_chain_name}
-        data = canonicalize(data, utf8=False)
-        id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
-        return "kill-chain-phase--" + id
+        return kill_chain_phase_generate_id(
+            phase_name=phase_name, kill_chain_name=kill_chain_name
+        )
 
     """
         List Kill-Chain-Phase objects

pycti/utils/opencti_stix2.py

@@ -2280,6 +2280,12 @@ def export_entities_list(
         do_list = lister.get(
             entity_type, lambda **kwargs: self.unknown_type({"type": entity_type})
         )
+
+        if getAll and (orderBy is None or orderBy == "_score"):
+            orderBy = "created_at"
+            if orderMode is None:
+                orderMode = "desc"
+
         # noinspection PyTypeChecker
         return do_list(
             search=search,
@@ -2619,10 +2625,9 @@ def import_bundle(
             else None
         )
         stix2_splitter = OpenCTIStix2Splitter()
-        try:
-            bundles = stix2_splitter.split_bundle(stix_bundle, False, event_version)
-        except RecursionError:
-            bundles = [stix_bundle]
+        _, bundles = stix2_splitter.split_bundle_with_expectations(
+            stix_bundle, False, event_version
+        )
         # Import every element in a specific order
         imported_elements = []
         for bundle in bundles:

pycti/utils/opencti_stix2_identifier.py

@@ -0,0 +1,22 @@
+import uuid
+
+from stix2.canonicalization.Canonicalize import canonicalize
+
+
+def external_reference_generate_id(url=None, source_name=None, external_id=None):
+    if url is not None:
+        data = {"url": url}
+    elif source_name is not None and external_id is not None:
+        data = {"source_name": source_name, "external_id": external_id}
+    else:
+        return None
+    data = canonicalize(data, utf8=False)
+    id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
+    return "external-reference--" + id
+
+
+def kill_chain_phase_generate_id(phase_name, kill_chain_name):
+    data = {"phase_name": phase_name, "kill_chain_name": kill_chain_name}
+    data = canonicalize(data, utf8=False)
+    id = str(uuid.uuid5(uuid.UUID("00abedb4-aa42-466c-9c01-fed23315a9b7"), data))
+    return "kill-chain-phase--" + id