[client] Update examples

Author: Samuel Hassine

examples/add_organization_to_sector.py

@@ -20,14 +20,13 @@
 )
 
 # Create the relation
-relation = opencti_api_client.stix_relation.create(
+relation = opencti_api_client.stix_core_relationship.create(
     fromType="Organization",
     fromId=organization["id"],
     toType="Sector",
     toId=sector["id"],
-    relationship_type="gathering",
+    relationship_type="part-of",
     description="BNP Paribas is part of the sector Banking institutions.",
-    ignore_dates=True,
 )
 
 # Print

examples/add_tag_to_malware.py

@@ -22,7 +22,7 @@
 )
 
 # Add the tag
-opencti_api_client.stix_domain_object.add_tag(id=malware["id"], tag_id=tag["id"])
+opencti_api_client.stix_domain_object.add_label(id=malware["id"], tag_id=tag["id"])
 
 # Print
 malware = opencti_api_client.malware.read(id=malware["id"])

examples/create_campaign_attributed-to_intrusion_set.py

@@ -35,7 +35,7 @@
 print(campaign)
 
 # Attribute the Campaign to the Intrusion Set
-relation = opencti_api_client.stix_relation.create(
+relation = opencti_api_client.stix_core_relationship.create(
     fromType="Campaign",
     fromId=campaign["id"],
     toType="Intrusion-Set",

examples/create_incident_with_ttps_and_indicators.py

@@ -19,7 +19,7 @@
 observable_refs = []
 
 # Create the incident
-incident = opencti_api_client.incident.create(
+incident = opencti_api_client.x_opencti_incident.create(
     name="My new incident",
     description="We have been compromised",
     objective="Espionage",
@@ -39,7 +39,7 @@
 ttp1 = opencti_api_client.attack_pattern.read(
     filters=[{"key": "external_id", "values": ["T1193"]}]
 )
-ttp1_relation = opencti_api_client.stix_relation.create(
+ttp1_relation = opencti_api_client.stix_domain_object.create(
     fromType="Incident",
     fromId=incident["id"],
     toType="Attack-Pattern",
@@ -51,7 +51,7 @@
 )
 # Add kill chain phases to the relation
 for kill_chain_phase_id in ttp1["killChainPhasesIds"]:
-    opencti_api_client.stix_relation.add_kill_chain_phase(
+    opencti_api_client.stix_core_relationship.add_kill_chain_phase(
         id=ttp1_relation["id"], kill_chain_phase_id=kill_chain_phase_id
     )
 
@@ -63,7 +63,7 @@
 # Get the indicator
 indicator_ttp1 = observable_ttp1["indicators"][0]
 # Indicates the relation Incident => uses => TTP
-indicator_ttp1_relation = opencti_api_client.stix_relation.create(
+indicator_ttp1_relation = opencti_api_client.stix_core_relationship.create(
     fromType="Indicator",
     fromId=indicator_ttp1["id"],
     toType="stix_relation",
@@ -90,7 +90,7 @@
     filters=[{"key": "external_id", "values": ["T1060"]}]
 )
 # Create the relation
-ttp2_relation = opencti_api_client.stix_relation.create(
+ttp2_relation = opencti_api_client.stix_core_relationship.create(
     fromType="Incident",
     fromId=incident["id"],
     toType="Attack-Pattern",
@@ -102,7 +102,7 @@
 )
 # Add kill chain phases to the relation
 for kill_chain_phase_id in ttp2["killChainPhasesIds"]:
-    opencti_api_client.stix_relation.add_kill_chain_phase(
+    opencti_api_client.stix_core_relationship.add_kill_chain_phase(
         id=ttp2_relation["id"], kill_chain_phase_id=kill_chain_phase_id
     )
 
@@ -114,7 +114,7 @@
 # Get the indicator
 indicator_ttp2 = observable_ttp2["indicators"][0]
 # Indicates the relation Incident => uses => TTP
-indicator_ttp2_relation = opencti_api_client.stix_relation.create(
+indicator_ttp2_relation = opencti_api_client.stix_core_relationship.create(
     fromType="Indicator",
     fromId=indicator_ttp2["id"],
     toType="stix_relation",
@@ -139,7 +139,7 @@
 ttp3 = opencti_api_client.attack_pattern.read(
     filters=[{"key": "external_id", "values": ["T1022"]}]
 )
-ttp3_relation = opencti_api_client.stix_relation.create(
+ttp3_relation = opencti_api_client.stix_core_relationship.create(
     fromType="Incident",
     fromId=incident["id"],
     toType="Attack-Pattern",
@@ -151,7 +151,7 @@
 )
 # Add kill chain phases to the relation
 for kill_chain_phase_id in ttp3["killChainPhasesIds"]:
-    opencti_api_client.stix_relation.add_kill_chain_phase(
+    opencti_api_client.stix_core_relationship.add_kill_chain_phase(
         id=ttp3_relation["id"], kill_chain_phase_id=kill_chain_phase_id
     )
 # Elements for the report
@@ -166,7 +166,7 @@
     opencti_api_client.report.add_stix_observable(
         id=report["id"], report=report, stix_observable_id=observable_ref
     )
-    opencti_api_client.stix_relation.create(
+    opencti_api_client.stix_core_relationship.create(
         fromType="Stix-Observable",
         fromId=observable_ref,
         toType="Incident",

examples/create_indicator_of_campaign.py

@@ -36,7 +36,7 @@
 print(indicator)
 
 # Create the relation
-relation = opencti_api_client.stix_relation.create(
+relation = opencti_api_client.stix_core_relationship.create(
     fromType="Indicator",
     fromId=indicator["id"],
     toType="Campaign",

examples/export_incident_stix2.py

@@ -11,7 +11,7 @@
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
 
 # Get the incident created in the create_incident_with_ttps_and_indicators.py
-incident = opencti_api_client.incident.read(
+incident = opencti_api_client.x_opencti_incident.read(
     filters=[{"key": "name", "values": ["My new incident"]}]
 )
 

pycti/entities/opencti_identity.py

@@ -92,6 +92,7 @@ def __init__(self, opencti):
             confidence
             created
             modified
+            identity_class
             name
             description
             x_opencti_aliases

pycti/utils/opencti_stix2.py

@@ -1076,6 +1076,8 @@ def prepare_export(self, entity, mode="simple", max_marking_definition_entity=No
             objects_to_get.append(entity["to"]["standard_id"])
         if "to" in entity:
             del entity["to"]
+        if "observable_value" in entity:
+            del entity["observable_value"]
 
         result.append(entity)