[client] Implement missing methods and prepare exporting lists

Author: Samuel Hassine

examples/add_tool_usage_to_intrusion-set.py

@@ -0,0 +1,14 @@
+# coding: utf-8
+
+import datetime
+from dateutil.parser import parse
+
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = 'https://demo.opencti.io'
+api_token = 'bb4aca90-b98c-49ee-9582-7eac92b61b82'
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+

examples/ask_async_export_of_indicators.py

@@ -0,0 +1,11 @@
+# coding: utf-8
+
+import json
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = 'http://localhost:4000'
+api_token = 'bb4aca90-b98c-49ee-9582-7eac92b61b82'
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)

examples/ask_async_export_of_malware.py

@@ -0,0 +1,11 @@
+# coding: utf-8
+
+import json
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = 'http://localhost:4000'
+api_token = 'bb4aca90-b98c-49ee-9582-7eac92b61b82'
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)

examples/link_hashes_together.py examples/create_hashes_and_link_together.py

@@ -37,6 +37,19 @@
 )
 print(indicator)
 
+# Create the relation
+relation = opencti_api_client.stix_relation.create(
+    fromType='Indicator',
+    fromId=indicator['id'],
+    toType='Campaign',
+    toId=campaign['id'],
+    relationship_type='indicates',
+    first_seen=date,
+    last_seen=date,
+    description='This is the C2 server of the campaign.'
+)
+print(relation)
+
 # Create the observables (optional)
 observable_1 = opencti_api_client.stix_observable.create(
     type='Domain',
@@ -55,16 +68,3 @@
     id=indicator['id'],
     stix_observable_id=observable_2['id']
 )
-
-# Create the relation
-relation = opencti_api_client.stix_relation.create(
-    fromType='Indicator',
-    fromId=indicator['id'],
-    toType='Campaign',
-    toId=campaign['id'],
-    relationship_type='indicates',
-    first_seen=date,
-    last_seen=date,
-    description='This is the C2 server of the campaign.'
-)
-print(relation)

examples/create_indicator_of_campaign.py

@@ -0,0 +1,23 @@
+# coding: utf-8
+
+import json
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = 'http://localhost:4000'
+api_token = 'bb4aca90-b98c-49ee-9582-7eac92b61b82'
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# Get the incident created in the create_incident_with_ttps_and_indicators.py
+incident = opencti_api_client.incident.read(filters=[{'key': 'name', 'values': ['My new incident']}])
+
+# Create the bundle
+bundle = opencti_api_client.stix2.export_entity('incident', incident['id'], 'full')
+json_bundle = json.dumps(bundle, indent=4)
+
+# Write the bundle
+f = open('My new incident.json', 'w')
+f.write(json_bundle)
+f.close()

examples/ip_address_resolves_domain.py examples/create_ip_address_resolves_domain.py

@@ -0,0 +1,20 @@
+# coding: utf-8
+
+import json
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = 'http://localhost:4000'
+api_token = 'bb4aca90-b98c-49ee-9582-7eac92b61b82'
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# Create the bundle
+bundle = opencti_api_client.stix2.export_list('incident')
+json_bundle = json.dumps(bundle, indent=4)
+
+# Write the bundle
+f = open('Incidents.json', 'w')
+f.write(json_bundle)
+f.close()

examples/export_incident_stix2.py

@@ -0,0 +1,16 @@
+# coding: utf-8
+
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = 'https://demo.opencti.io'
+api_token = 'bb4aca90-b98c-49ee-9582-7eac92b61b82'
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# Searcj
+attack_patterns = opencti_api_client.attack_pattern.list(search='localgroup')
+
+# Print
+print(attack_patterns)