[client] Try to get indicator by stix id

Samuel Hassine · Samuel Hassine · commit f230965d4f78 · 2020-02-05T11:44:12.000+01:00
diff --git a/examples/update_entity_attribute.py b/examples/update_entity_attribute.py
@@ -0,0 +1,23 @@
+# coding: utf-8
+
+import json
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = "https://demo.opencti.io"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# Get the intrusion set APT28
+intrusion_set = opencti_api_client.intrusion_set.read(
+    filters=[{"key": "name", "values": ["APT28"]}]
+)
+
+# Update the description
+opencti_api_client.stix_domain_entity.update_field(
+    id=intrusion_set['id'],
+    key='description',
+    value='This is APT28!'
+)
diff --git a/pycti/entities/opencti_indicator.py b/pycti/entities/opencti_indicator.py
@@ -336,9 +336,11 @@ def create(self, **kwargs):
         marking_definitions = kwargs.get("markingDefinitions", None)
         update = kwargs.get("update", False)
 
-        object_result = self.read(
-            filters=[{"key": "indicator_pattern", "values": [indicator_pattern]}]
-        )
+        object_result = self.opencti.indicator.read(id=stix_id_key)
+        if object_result is None:
+            object_result = self.read(
+                filters=[{"key": "indicator_pattern", "values": [indicator_pattern]}]
+            )
         if object_result is not None:
             if update:
                 # name
