[client-python] Adapt client python to support new filters format (OpenCTI-Platform#499)

Related to OpenCTI-Platform/opencti#2686

Author: Archidoit

examples/cmd_line_tag_latest_indicators_of_threat.py

@@ -63,7 +63,12 @@ def main():
 
     # Resolve the entity
     threat = opencti_api_client.stix_domain_object.read(
-        types=[entity_type], filters=[{"key": "name", "values": [name]}]
+        types=[entity_type],
+        filters={
+            "mode": "and",
+            "filters": [{"key": "name", "values": [name]}],
+            "filterGroups": [],
+        },
     )
 
     if not threat:
@@ -87,11 +92,15 @@ def main():
             first=50,
             after=after,
             customAttributes=custom_attributes,
-            filters=[
-                {"key": "indicates", "values": [threat["id"]]},
-                {"key": "created_at", "values": [created_after], "operator": "gt"},
-                {"key": "created_at", "values": [created_before], "operator": "lt"},
-            ],
+            filters={
+                "mode": "and",
+                "filters": [
+                    {"key": "indicates", "values": [threat["id"]]},
+                    {"key": "created_at", "values": [created_after], "operator": "gt"},
+                    {"key": "created_at", "values": [created_before], "operator": "lt"},
+                ],
+                "filterGroups": [],
+            },
             orderBy="created_at",
             orderMode="asc",
             withPagination=True,

examples/delete_intrusion_set.py

@@ -20,7 +20,11 @@
 
 # Get the intrusion set APT28
 intrusion_set = opencti_api_client.intrusion_set.read(
-    filters=[{"key": "name", "values": ["EvilSET123"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "name", "values": ["EvilSET123"]}],
+        "filterGroups": [],
+    }
 )
 
 # Delete the intrusion set

examples/export_incident_stix2.py

@@ -15,7 +15,11 @@
 
 # Get the incident created in the create_incident_with_ttps_and_indicators.py
 incident = opencti_api_client.incident.read(
-    filters=[{"key": "name", "values": ["My new incident"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "name", "values": ["My new incident"]}],
+        "filterGroups": [],
+    }
 )
 
 # Create the bundle

examples/get_attack_pattern_by_mitre_id.py

@@ -11,7 +11,11 @@
 
 # Get the Attack-Pattern T1514
 attack_pattern = opencti_api_client.attack_pattern.read(
-    filters=[{"key": "x_mitre_id", "values": ["T1514"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "x_mitre_id", "values": ["T1514"]}],
+        "filterGroups": [],
+    }
 )
 
 # Print

examples/get_malwares_of_intrusion_set.py

@@ -21,7 +21,11 @@
 
 # Get the intrusion set APT28
 intrusion_set = opencti_api_client.intrusion_set.read(
-    filters=[{"key": "name", "values": ["APT28"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "name", "values": ["APT28"]}],
+        "filterGroups": [],
+    }
 )
 
 # Get the relations from APT28 to malwares

examples/get_observable_exact_match.py

@@ -15,7 +15,11 @@
 )
 print("IP ADDRESS")
 observable = opencti_api_client.stix_cyber_observable.read(
-    filters=[{"key": "value", "values": ["110.172.180.180"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "value", "values": ["110.172.180.180"]}],
+        "filterGroups": [],
+    }
 )
 print(observable)
 
@@ -25,7 +29,11 @@
 )
 print("FILE NAME")
 observable = opencti_api_client.stix_cyber_observable.read(
-    filters=[{"key": "name", "values": ["activeds.dll"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "name", "values": ["activeds.dll"]}],
+        "filterGroups": [],
+    }
 )
 print(observable)
 
@@ -36,6 +44,12 @@
 )
 print("FILE MD5")
 observable = opencti_api_client.stix_cyber_observable.read(
-    filters=[{"key": "hashes_MD5", "values": ["3aad33e025303dbae12c12b4ec5258c1"]}]
+    filters={
+        "mode": "and",
+        "filters": [
+            {"key": "hashes.MD5", "values": ["3aad33e025303dbae12c12b4ec5258c1"]}
+        ],
+        "filterGroups": [],
+    }
 )
 print(observable)

examples/get_reports_about_intrusion_set.py

@@ -22,12 +22,20 @@
 
 # Get the intrusion set Sandworm
 intrusion_set = opencti_api_client.intrusion_set.read(
-    filters=[{"key": "name", "values": ["Sandworm Team"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "name", "values": ["Sandworm Team"]}],
+        "filterGroups": [],
+    }
 )
 
 # Get all reports
 reports = opencti_api_client.report.list(
-    filters=[{"key": "objectContains", "values": [intrusion_set["id"]]}],
+    filters={
+        "mode": "and",
+        "filters": [{"key": "contains", "values": [intrusion_set["id"]]}],
+        "filterGroups": [],
+    },
     orderBy="published",
     orderMode="asc",
 )

examples/update_entity_attribute.py

@@ -21,7 +21,11 @@
 
 # Get the intrusion set APT28
 intrusion_set = opencti_api_client.intrusion_set.read(
-    filters=[{"key": "name", "values": ["APT28"]}]
+    filters={
+        "mode": "and",
+        "filters": [{"key": "name", "values": ["APT28"]}],
+        "filterGroups": [],
+    }
 )
 
 # Update the description

pycti/api/opencti_api_work.py

@@ -161,7 +161,7 @@ def get_connector_works(self, connector_id: str) -> List[Dict]:
             $count: Int
             $orderBy: WorksOrdering
             $orderMode: OrderingMode
-            $filters: [WorksFiltering]
+            $filters: FilterGroup
         ) {
             works(
                 first: $count
@@ -207,9 +207,11 @@ def get_connector_works(self, connector_id: str) -> List[Dict]:
             query,
             {
                 "count": 50,
-                "filters": [
-                    {"key": "connector_id", "values": [connector_id]},
-                ],
+                "filters": {
+                    "mode": "and",
+                    "filters": [{"key": "connector_id", "values": [connector_id]}],
+                    "filterGroups": [],
+                },
             },
         )
         result = result["data"]["works"]["edges"]

pycti/entities/opencti_attack_pattern.py

@@ -292,7 +292,7 @@ def list(self, **kwargs):
         LOGGER.info("Listing Attack-Patterns with filters %s.", json.dumps(filters))
         query = (
             """
-            query AttackPatterns($filters: [AttackPatternsFiltering], $search: String, $first: Int, $after: ID, $orderBy: AttackPatternsOrdering, $orderMode: OrderingMode) {
+            query AttackPatterns($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: AttackPatternsOrdering, $orderMode: OrderingMode) {
                 attackPatterns(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                     edges {
                         node {

pycti/entities/opencti_campaign.py

@@ -259,7 +259,7 @@ def list(self, **kwargs):
         LOGGER.info("Listing Campaigns with filters %s.", json.dumps(filters))
         query = (
             """
-            query Campaigns($filters: [CampaignsFiltering], $search: String, $first: Int, $after: ID, $orderBy: CampaignsOrdering, $orderMode: OrderingMode) {
+            query Campaigns($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: CampaignsOrdering, $orderMode: OrderingMode) {
                 campaigns(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                     edges {
                         node {

pycti/entities/opencti_case_incident.py

@@ -502,7 +502,7 @@ def list(self, **kwargs):
         LOGGER.info("Listing Case Incidents with filters " + json.dumps(filters) + ".")
         query = (
             """
-                query CaseIncidents($filters: [CaseIncidentsFiltering!], $search: String, $first: Int, $after: ID, $orderBy: CaseIncidentsOrdering, $orderMode: OrderingMode) {
+                query CaseIncidents($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: CaseIncidentsOrdering, $orderMode: OrderingMode) {
                     caseIncidents(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                         edges {
                             node {
@@ -622,10 +622,14 @@ def get_by_stix_id_or_name(self, **kwargs):
         if object_result is None and name is not None and created is not None:
             created_final = parse(created).strftime("%Y-%m-%d")
             object_result = self.read(
-                filters=[
-                    {"key": "name", "values": [name]},
-                    {"key": "created_day", "values": [created_final]},
-                ],
+                filters={
+                    "mode": "and",
+                    "filters": [
+                        {"key": "name", "values": [name]},
+                        {"key": "created_day", "values": [created_final]},
+                    ],
+                    "filterGroups": [],
+                },
                 customAttributes=custom_attributes,
             )
         return object_result

pycti/entities/opencti_case_rfi.py

@@ -501,7 +501,7 @@ def list(self, **kwargs):
         )
         query = (
             """
-                    query CaseRfis($filters: [CaseRfisFiltering!], $search: String, $first: Int, $after: ID, $orderBy: CaseRfisOrdering, $orderMode: OrderingMode) {
+                    query CaseRfis($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: CaseRfisOrdering, $orderMode: OrderingMode) {
                         caseRfis(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                             edges {
                                 node {
@@ -621,10 +621,14 @@ def get_by_stix_id_or_name(self, **kwargs):
         if object_result is None and name is not None and created is not None:
             created_final = parse(created).strftime("%Y-%m-%d")
             object_result = self.read(
-                filters=[
-                    {"key": "name", "values": [name]},
-                    {"key": "created_day", "values": [created_final]},
-                ],
+                filters={
+                    "mode": "and",
+                    "filters": [
+                        {"key": "name", "values": [name]},
+                        {"key": "created_day", "values": [created_final]},
+                    ],
+                    "filterGroups": [],
+                },
                 customAttributes=custom_attributes,
             )
         return object_result

pycti/entities/opencti_case_rft.py

@@ -497,7 +497,7 @@ def list(self, **kwargs):
         LOGGER.info("Listing Case Rfts with filters " + json.dumps(filters) + ".")
         query = (
             """
-                        query CaseRfts($filters: [CaseRftsFiltering!], $search: String, $first: Int, $after: ID, $orderBy: CaseRftsOrdering, $orderMode: OrderingMode) {
+                        query CaseRfts($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: CaseRftsOrdering, $orderMode: OrderingMode) {
                             caseRfts(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                                 edges {
                                     node {
@@ -617,10 +617,14 @@ def get_by_stix_id_or_name(self, **kwargs):
         if object_result is None and name is not None and created is not None:
             created_final = parse(created).strftime("%Y-%m-%d")
             object_result = self.read(
-                filters=[
-                    {"key": "name", "values": [name]},
-                    {"key": "created_day", "values": [created_final]},
-                ],
+                filters={
+                    "mode": "and",
+                    "filters": [
+                        {"key": "name", "values": [name]},
+                        {"key": "created_day", "values": [created_final]},
+                    ],
+                    "filterGroups": [],
+                },
                 customAttributes=custom_attributes,
             )
         return object_result

pycti/entities/opencti_channel.py

@@ -255,7 +255,7 @@ def list(self, **kwargs):
         LOGGER.info("Listing Channels with filters %s.", json.dumps(filters))
         query = (
             """
-            query Channels($filters: [ChannelsFiltering!], $search: String, $first: Int, $after: ID, $orderBy: ChannelsOrdering, $orderMode: OrderingMode) {
+            query Channels($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: ChannelsOrdering, $orderMode: OrderingMode) {
                 channels(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                     edges {
                         node {

pycti/entities/opencti_course_of_action.py

@@ -258,7 +258,7 @@ def list(self, **kwargs):
         LOGGER.info("Listing Courses-Of-Action with filters %s.", json.dumps(filters))
         query = (
             """
-            query CoursesOfAction($filters: [CoursesOfActionFiltering], $search: String, $first: Int, $after: ID, $orderBy: CoursesOfActionOrdering, $orderMode: OrderingMode) {
+            query CoursesOfAction($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: CoursesOfActionOrdering, $orderMode: OrderingMode) {
                 coursesOfAction(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                     edges {
                         node {

pycti/entities/opencti_data_component.py

@@ -289,7 +289,7 @@ def list(self, **kwargs):
         LOGGER.info("Listing Data-Components with filters " + json.dumps(filters) + ".")
         query = (
             """
-            query DataComponents($filters: [DataComponentsFiltering!], $search: String, $first: Int, $after: ID, $orderBy: DataComponentsOrdering, $orderMode: OrderingMode) {
+            query DataComponents($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: DataComponentsOrdering, $orderMode: OrderingMode) {
                 dataComponents(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                     edges {
                         node {

pycti/entities/opencti_data_source.py

@@ -260,7 +260,7 @@ def list(self, **kwargs):
         )
         query = (
             """
-            query DataSources($filters: [DataSourcesFiltering!], $search: String, $first: Int, $after: ID, $orderBy: DataSourcesOrdering, $orderMode: OrderingMode) {
+            query DataSources($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: DataSourcesOrdering, $orderMode: OrderingMode) {
                 dataSources(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                     edges {
                         node {

pycti/entities/opencti_event.py

@@ -259,7 +259,7 @@ def list(self, **kwargs):
         LOGGER.info("Listing Events with filters %s", json.dumps(filters))
         query = (
             """
-            query Events($filters: [EventsFiltering!], $search: String, $first: Int, $after: ID, $orderBy: EventsOrdering, $orderMode: OrderingMode) {
+            query Events($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: EventsOrdering, $orderMode: OrderingMode) {
                 events(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                     edges {
                         node {

pycti/entities/opencti_external_reference.py

@@ -95,7 +95,7 @@ def list(self, **kwargs):
         LOGGER.info("Listing External-Reference with filters %s.", json.dumps(filters))
         query = (
             """
-            query ExternalReferences($filters: [ExternalReferencesFiltering], $first: Int, $after: ID, $orderBy: ExternalReferencesOrdering, $orderMode: OrderingMode) {
+            query ExternalReferences($filters: FilterGroup, $first: Int, $after: ID, $orderBy: ExternalReferencesOrdering, $orderMode: OrderingMode) {
                 externalReferences(filters: $filters, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                     edges {
                         node {

pycti/entities/opencti_feedback.py

@@ -475,7 +475,7 @@ def list(self, **kwargs):
         )
         query = (
             """
-                query Feedbacks($filters: [FeedbacksFiltering!], $search: String, $first: Int, $after: ID, $orderBy: FeedbacksOrdering, $orderMode: OrderingMode) {
+                query Feedbacks($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: FeedbacksOrdering, $orderMode: OrderingMode) {
                     feedbacks(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                         edges {
                             node {
@@ -597,10 +597,14 @@ def get_by_stix_id_or_name(self, **kwargs):
         if object_result is None and name is not None and created is not None:
             created_final = parse(created).strftime("%Y-%m-%d")
             object_result = self.read(
-                filters=[
-                    {"key": "name", "values": [name]},
-                    {"key": "created_day", "values": [created_final]},
-                ],
+                filters={
+                    "mode": "and",
+                    "filters": [
+                        {"key": "name", "values": [name]},
+                        {"key": "created_day", "values": [created_final]},
+                    ],
+                    "filterGroups": [],
+                },
                 customAttributes=custom_attributes,
             )
         return object_result

pycti/entities/opencti_grouping.py

@@ -446,7 +446,7 @@ def list(self, **kwargs):
         LOGGER.info("Listing Groupings with filters %s.", json.dumps(filters))
         query = (
             """
-            query Groupings($filters: [GroupingsFiltering!], $search: String, $first: Int, $after: ID, $orderBy: GroupingsOrdering, $orderMode: OrderingMode) {
+            query Groupings($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: GroupingsOrdering, $orderMode: OrderingMode) {
                 groupings(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
                     edges {
                         node {
@@ -565,10 +565,14 @@ def get_by_stix_id_or_name(self, **kwargs):
             object_result = self.read(id=stix_id, customAttributes=custom_attributes)
         if object_result is None and name is not None and context is not None:
             object_result = self.read(
-                filters=[
-                    {"key": "name", "values": [name]},
-                    {"key": "context", "values": [context]},
-                ],
+                filters={
+                    "mode": "and",
+                    "filters": [
+                        {"key": "name", "values": [name]},
+                        {"key": "context", "values": [context]},
+                    ],
+                    "filterGroups": [],
+                },
                 customAttributes=custom_attributes,
             )
         return object_result