[client] Implement files upload (global or in entity) (OpenCTI-Platform#50)

Samuel Hassine · web-flow · commit 1a05ab607d2d · 2020-01-23T16:51:47.000+01:00
* [examples] Change token with new demo token * [client] Implement files upload (global or in entity) (OpenCTI-Platform#50)
diff --git a/.gitignore b/.gitignore
@@ -8,4 +8,5 @@ logs
 test.py
 .idea
 *.iml
-examples/*.json
+examples/*.json
+examples/*.pdf
diff --git a/examples/add_external_reference_to_report.py b/examples/add_external_reference_to_report.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/add_organization_to_sector.py b/examples/add_organization_to_sector.py
@@ -6,7 +6,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/add_tag_to_malware.py b/examples/add_tag_to_malware.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/add_tool_usage_to_intrusion-set.py b/examples/add_tool_usage_to_intrusion-set.py
@@ -7,7 +7,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_campaign_attributed-to_intrusion_set.py b/examples/create_campaign_attributed-to_intrusion_set.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_hashes_and_link_together.py b/examples/create_hashes_and_link_together.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_incident_with_ttps_and_indicators.py b/examples/create_incident_with_ttps_and_indicators.py
@@ -7,7 +7,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
@@ -59,7 +59,7 @@
 # Create the observable and indicator and indicates to the relation
 # Create the observable
 observable_ttp1 = opencti_api_client.stix_observable.create(
-    type="Email-Address", observable_value="phishing@mail.com"
+    type="Email-Address", observable_value="phishing@mail.com", createIndicator=True
 )
 # Get the indicator
 indicator_ttp1 = observable_ttp1["indicators"][0]
@@ -110,7 +110,7 @@
 # Create the observable and indicator and indicates to the relation
 # Create the observable
 observable_ttp2 = opencti_api_client.stix_observable.create(
-    type="Registry-Key", observable_value="Disk security"
+    type="Registry-Key", observable_value="Disk security", createIndicator=True
 )
 # Get the indicator
 indicator_ttp2 = observable_ttp2["indicators"][0]
diff --git a/examples/create_indicator_of_campaign.py b/examples/create_indicator_of_campaign.py
@@ -7,7 +7,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_intrusion_set.py b/examples/create_intrusion_set.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_ip_address_resolves_domain.py b/examples/create_ip_address_resolves_domain.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_marking_definition.py b/examples/create_marking_definition.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_report_with_author.py b/examples/create_report_with_author.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/delete_intrusion_set.py b/examples/delete_intrusion_set.py
@@ -0,0 +1,19 @@
+# coding: utf-8
+
+import json
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = "https://demo.opencti.io"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# Get the intrusion set APT28
+intrusion_set = opencti_api_client.intrusion_set.read(
+    filters=[{"key": "name", "values": ["APT28"]}]
+)
+
+# Delete the intrusion set
+opencti_api_client.stix_domain_entity.delete(id=intrusion_set["id"])
diff --git a/examples/delete_relation.py b/examples/delete_relation.py
@@ -0,0 +1,34 @@
+# coding: utf-8
+
+import json
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = "https://demo.opencti.io"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# Get the intrusion set APT28
+intrusion_set = opencti_api_client.intrusion_set.read(
+    filters=[{"key": "name", "values": ["APT28"]}]
+)
+
+# Get the malware DealersChoice
+malware = opencti_api_client.intrusion_set.read(
+    filters=[{"key": "name", "values": ["DealersChoice"]}]
+)
+
+# Get the relations between APT28 and DealersChoice
+relations = opencti_api_client.stix_relation.list(
+    fromId=intrusion_set["id"],
+    fromTypes=["Intrusion-Set"],
+    toId=malware["id"],
+    toTypes=["Malware"],
+    relationType="uses",
+)
+
+# Delete the relations
+for relation in relations:
+    opencti_api_client.stix_relation.delete(id=relation["id"])
diff --git a/examples/export_async_of_indicators.py b/examples/export_async_of_indicators.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/export_async_of_malware.py b/examples/export_async_of_malware.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/export_incident_stix2.py b/examples/export_incident_stix2.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/export_incidents_stix2.py b/examples/export_incidents_stix2.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/export_intrusion_set_stix2.py b/examples/export_intrusion_set_stix2.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/export_report_stix2.py b/examples/export_report_stix2.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/get_all_indicators.py b/examples/get_all_indicators.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/get_attack_pattern_by_mitre_id.py b/examples/get_attack_pattern_by_mitre_id.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/get_indicators_of_intrusion_set.py b/examples/get_indicators_of_intrusion_set.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/get_malwares_of_intrusion_set.py b/examples/get_malwares_of_intrusion_set.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/get_marking_definitions.py b/examples/get_marking_definitions.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/get_reports_about_intrusion_set.py b/examples/get_reports_about_intrusion_set.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/import_stix2_file.py b/examples/import_stix2_file.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/search_attack_pattern.py b/examples/search_attack_pattern.py
@@ -4,12 +4,12 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "bb4aca90-b98c-49ee-9582-7eac92b61b82"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
 
-# Searcj
+# Search
 attack_patterns = opencti_api_client.attack_pattern.list(search="localgroup")
 
 # Print
diff --git a/examples/search_malware.py b/examples/search_malware.py
@@ -0,0 +1,16 @@
+# coding: utf-8
+
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = "https://demo.opencti.io"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# Search
+malwares = opencti_api_client.malware.list(search="windows")
+
+# Print
+print(malwares)
diff --git a/examples/upload_file.py b/examples/upload_file.py
@@ -0,0 +1,15 @@
+# coding: utf-8
+
+import datetime
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = "https://demo.opencti.io"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# Upload the file
+file = opencti_api_client.upload_file(file_name="./2005_002_001_14428.pdf",)
+print(file)
diff --git a/examples/upload_file_to_intrusion_set.py b/examples/upload_file_to_intrusion_set.py
@@ -0,0 +1,29 @@
+# coding: utf-8
+
+import datetime
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = "https://demo.opencti.io"
+api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# Create the Intrusion Set
+intrusion_set = opencti_api_client.intrusion_set.create(
+    name="My new Intrusion Set",
+    description="Evil Cluster",
+    first_seen=datetime.date.today().strftime("%Y-%m-%dT%H:%M:%S+00:00"),
+    last_seen=datetime.date.today().strftime("%Y-%m-%dT%H:%M:%S+00:00"),
+    update=True,
+)
+
+# Print
+print(intrusion_set)
+
+# Upload the file
+file = opencti_api_client.stix_domain_entity.upload_file(
+    id=intrusion_set["id"], file_name="./2005_002_001_14428.pdf",
+)
+print(file)
diff --git a/pycti/api/opencti_api_client.py b/pycti/api/opencti_api_client.py
diff --git a/pycti/entities/opencti_intrusion_set.py b/pycti/entities/opencti_intrusion_set.py
diff --git a/pycti/entities/opencti_stix_domain_entity.py b/pycti/entities/opencti_stix_domain_entity.py
diff --git a/pycti/entities/opencti_stix_observable.py b/pycti/entities/opencti_stix_observable.py
diff --git a/pycti/entities/opencti_stix_relation.py b/pycti/entities/opencti_stix_relation.py
diff --git a/requirements.txt b/requirements.txt
diff --git a/setup.py b/setup.py
