OpenCTI-Platform
diff --git a/‎client-python/examples/upload_file_to_intrusion_set_embedded.py‎
Lines changed: 35 additions & 0 deletions b/‎client-python/examples/upload_file_to_intrusion_set_embedded.py‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎client-python/examples/upload_file_with_intrusion_set_embedded.py‎
Lines changed: 35 additions & 0 deletions b/‎client-python/examples/upload_file_with_intrusion_set_embedded.py‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎client-python/examples/upload_image_example.png‎
14.6 KB b/‎client-python/examples/upload_image_example.png‎
14.6 KB
diff --git a/‎client-python/pycti/entities/opencti_attack_pattern.py‎
Lines changed: 5 additions & 2 deletions b/‎client-python/pycti/entities/opencti_attack_pattern.py‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎client-python/pycti/entities/opencti_campaign.py‎
Lines changed: 5 additions & 2 deletions b/‎client-python/pycti/entities/opencti_campaign.py‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎client-python/pycti/entities/opencti_case_incident.py‎
Lines changed: 5 additions & 2 deletions b/‎client-python/pycti/entities/opencti_case_incident.py‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎client-python/pycti/entities/opencti_case_rfi.py‎
Lines changed: 5 additions & 2 deletions b/‎client-python/pycti/entities/opencti_case_rfi.py‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎client-python/pycti/entities/opencti_case_rft.py‎
Lines changed: 5 additions & 2 deletions b/‎client-python/pycti/entities/opencti_case_rft.py‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎client-python/pycti/entities/opencti_channel.py‎
Lines changed: 5 additions & 2 deletions b/‎client-python/pycti/entities/opencti_channel.py‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎client-python/pycti/entities/opencti_course_of_action.py‎
Lines changed: 5 additions & 2 deletions b/‎client-python/pycti/entities/opencti_course_of_action.py‎
Lines changed: 5 additions & 2 deletions
@@ -0,0 +1,35 @@
+# coding: utf-8
+import datetime
+import os
+
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000")
+api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159")
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# Create the Intrusion Set
+intrusion_set = opencti_api_client.intrusion_set.create(
+    name="Another new Intrusion Set",
+    description="Another Evil Cluster\n\n![Image example](embedded/upload_image_example.png)",
+    first_seen=datetime.date.today().strftime("%Y-%m-%dT%H:%M:%S+00:00"),
+    last_seen=datetime.date.today().strftime("%Y-%m-%dT%H:%M:%S+00:00"),
+    update=True,
+)
+
+# Print
+print(intrusion_set)
+
+# Upload the file
+file = opencti_api_client.stix_domain_object.add_file(
+    id=intrusion_set["id"],
+    file_name="./upload_image_example.png",
+    embedded=True,
+)
+print(file)
+# file is embedded and not visible under "data" tab
+# it is accessible at path <OPENCTI_API_URL>/dashboard/threats/intrusion_sets/<id>/embedded/upload_image_example.png
+# and can be referenced in the entity description with a local path "![Image example](embedded/upload_image_example.png)"
@@ -0,0 +1,35 @@
+# coding: utf-8
+import datetime
+import os
+
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000")
+api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159")
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+# get the file data
+with open("./upload_image_example.png", "rb") as f:
+    file_data = f.read()
+    f.close()
+
+# Create the Intrusion Set
+intrusion_set = opencti_api_client.intrusion_set.create(
+    name="Yet another new Intrusion Set",
+    description="Yet Another Evil Cluster\n\n![Image example](embedded/upload_image_example.png)",
+    first_seen=datetime.date.today().strftime("%Y-%m-%dT%H:%M:%S+00:00"),
+    last_seen=datetime.date.today().strftime("%Y-%m-%dT%H:%M:%S+00:00"),
+    update=True,
+    files=(opencti_api_client.file("upload_image_example.png", file_data, "image/png")),
+    embedded=True,
+)
+
+# Print
+print(intrusion_set)
+
+# file is embedded and not visible under "data" tab
+# it is accessible at path <OPENCTI_API_URL>/dashboard/threats/intrusion_sets/<id>/embedded/upload_image_example.png
+# and can be referenced in the entity description with a local path "![Image example](embedded/upload_image_example.png)"
@@ -536,7 +536,8 @@ def create(self, **kwargs):
         update = kwargs.get("update", False)
         files = kwargs.get("files", None)
         files_markings = kwargs.get("filesMarkings", None)
-        no_trigger_import = kwargs.get("noTriggerImport", False)
+        no_trigger_import = kwargs.get("noTriggerImport", None)
+        embedded = kwargs.get("embedded", None)
         upsert_operations = kwargs.get("upsert_operations", None)
 
         if name is not None:
@@ -578,6 +579,7 @@ def create(self, **kwargs):
                 "files": files,
                 "filesMarkings": files_markings,
                 "noTriggerImport": no_trigger_import,
+                "embedded": embedded,
                 "upsertOperations": upsert_operations,
             }
             result = self.opencti.query(query, {"input": input_variables})
@@ -754,7 +756,8 @@ def import_from_stix2(self, **kwargs):
                 update=update,
                 files=extras.get("files"),
                 filesMarkings=extras.get("filesMarkings"),
-                noTriggerImport=extras.get("noTriggerImport", False),
+                noTriggerImport=extras.get("noTriggerImport", None),
+                embedded=extras.get("embedded", None),
                 upsert_operations=(
                     stix_object["opencti_upsert_operations"]
                     if "opencti_upsert_operations" in stix_object
 
@@ -501,7 +501,8 @@ def create(self, **kwargs):
         update = kwargs.get("update", False)
         files = kwargs.get("files", None)
         files_markings = kwargs.get("filesMarkings", None)
-        no_trigger_import = kwargs.get("noTriggerImport", False)
+        no_trigger_import = kwargs.get("noTriggerImport", None)
+        embedded = kwargs.get("embedded", None)
         upsert_operations = kwargs.get("upsert_operations", None)
 
         if name is not None:
@@ -544,6 +545,7 @@ def create(self, **kwargs):
                         "files": files,
                         "filesMarkings": files_markings,
                         "noTriggerImport": no_trigger_import,
+                        "embedded": embedded,
                         "upsertOperations": upsert_operations,
                     }
                 },
@@ -656,7 +658,8 @@ def import_from_stix2(self, **kwargs):
                 update=update,
                 files=extras.get("files"),
                 filesMarkings=extras.get("filesMarkings"),
-                noTriggerImport=extras.get("noTriggerImport", False),
+                noTriggerImport=extras.get("noTriggerImport", None),
+                embedded=extras.get("embedded", None),
                 upsert_operations=(
                     stix_object["opencti_upsert_operations"]
                     if "opencti_upsert_operations" in stix_object
 
@@ -791,7 +791,8 @@ def create(self, **kwargs):
         update = kwargs.get("update", False)
         files = kwargs.get("files", None)
         files_markings = kwargs.get("filesMarkings", None)
-        no_trigger_import = kwargs.get("noTriggerImport", False)
+        no_trigger_import = kwargs.get("noTriggerImport", None)
+        embedded = kwargs.get("embedded", None)
         upsert_operations = kwargs.get("upsert_operations", None)
 
         if name is not None:
@@ -834,6 +835,7 @@ def create(self, **kwargs):
                 "files": files,
                 "filesMarkings": files_markings,
                 "noTriggerImport": no_trigger_import,
+                "embedded": embedded,
                 "upsertOperations": upsert_operations,
             }
             result = self.opencti.query(query, {"input": input_variables})
@@ -1073,7 +1075,8 @@ def import_from_stix2(self, **kwargs):
                 update=update,
                 files=extras.get("files"),
                 filesMarkings=extras.get("filesMarkings"),
-                noTriggerImport=extras.get("noTriggerImport", False),
+                noTriggerImport=extras.get("noTriggerImport", None),
+                embedded=extras.get("embedded", None),
                 upsert_operations=(
                     stix_object["opencti_upsert_operations"]
                     if "opencti_upsert_operations" in stix_object
 
@@ -825,7 +825,8 @@ def create(self, **kwargs):
         information_types = kwargs.get("information_types", None)
         files = kwargs.get("files", None)
         files_markings = kwargs.get("filesMarkings", None)
-        no_trigger_import = kwargs.get("noTriggerImport", False)
+        no_trigger_import = kwargs.get("noTriggerImport", None)
+        embedded = kwargs.get("embedded", None)
         upsert_operations = kwargs.get("upsert_operations", None)
 
         if name is not None:
@@ -868,6 +869,7 @@ def create(self, **kwargs):
                 "files": files,
                 "filesMarkings": files_markings,
                 "noTriggerImport": no_trigger_import,
+                "embedded": embedded,
                 "upsertOperations": upsert_operations,
             }
             result = self.opencti.query(query, {"input": input_variables})
@@ -1109,7 +1111,8 @@ def import_from_stix2(self, **kwargs):
                 ),
                 files=extras.get("files"),
                 filesMarkings=extras.get("filesMarkings"),
-                noTriggerImport=extras.get("noTriggerImport", False),
+                noTriggerImport=extras.get("noTriggerImport", None),
+                embedded=extras.get("embedded", None),
             )
         else:
             self.opencti.app_logger.error(
 
@@ -826,7 +826,8 @@ def create(self, **kwargs):
         takedown_types = kwargs.get("takedown_types", None)
         files = kwargs.get("files", None)
         files_markings = kwargs.get("filesMarkings", None)
-        no_trigger_import = kwargs.get("noTriggerImport", False)
+        no_trigger_import = kwargs.get("noTriggerImport", None)
+        embedded = kwargs.get("embedded", None)
         upsert_operations = kwargs.get("upsert_operations", None)
 
         if name is not None:
@@ -869,6 +870,7 @@ def create(self, **kwargs):
                 "files": files,
                 "filesMarkings": files_markings,
                 "noTriggerImport": no_trigger_import,
+                "embedded": embedded,
                 "upsertOperations": upsert_operations,
             }
             result = self.opencti.query(query, {"input": input_variables})
@@ -1104,7 +1106,8 @@ def import_from_stix2(self, **kwargs):
                 update=update,
                 files=extras.get("files"),
                 filesMarkings=extras.get("filesMarkings"),
-                noTriggerImport=extras.get("noTriggerImport", False),
+                noTriggerImport=extras.get("noTriggerImport", None),
+                embedded=extras.get("embedded", None),
                 upsert_operations=(
                     stix_object["opencti_upsert_operations"]
                     if "opencti_upsert_operations" in stix_object
 
@@ -472,7 +472,8 @@ def create(self, **kwargs):
         update = kwargs.get("update", False)
         files = kwargs.get("files", None)
         files_markings = kwargs.get("filesMarkings", None)
-        no_trigger_import = kwargs.get("noTriggerImport", False)
+        no_trigger_import = kwargs.get("noTriggerImport", None)
+        embedded = kwargs.get("embedded", None)
         upsert_operations = kwargs.get("upsert_operations", None)
 
         if name is not None:
@@ -509,6 +510,7 @@ def create(self, **kwargs):
                 "files": files,
                 "filesMarkings": files_markings,
                 "noTriggerImport": no_trigger_import,
+                "embedded": embedded,
                 "upsertOperations": upsert_operations,
             }
             result = self.opencti.query(query, {"input": input_variables})
@@ -607,7 +609,8 @@ def import_from_stix2(self, **kwargs):
                 update=update,
                 files=extras.get("files"),
                 filesMarkings=extras.get("filesMarkings"),
-                noTriggerImport=extras.get("noTriggerImport", False),
+                noTriggerImport=extras.get("noTriggerImport", None),
+                embedded=extras.get("embedded", None),
                 upsert_operations=(
                     stix_object["opencti_upsert_operations"]
                     if "opencti_upsert_operations" in stix_object
 
@@ -499,7 +499,8 @@ def create(self, **kwargs):
         update = kwargs.get("update", False)
         files = kwargs.get("files", None)
         files_markings = kwargs.get("filesMarkings", None)
-        no_trigger_import = kwargs.get("noTriggerImport", False)
+        no_trigger_import = kwargs.get("noTriggerImport", None)
+        embedded = kwargs.get("embedded", None)
         upsert_operations = kwargs.get("upsert_operations", None)
 
         if name is not None:
@@ -540,6 +541,7 @@ def create(self, **kwargs):
                         "files": files,
                         "filesMarkings": files_markings,
                         "noTriggerImport": no_trigger_import,
+                        "embedded": embedded,
                         "upsertOperations": upsert_operations,
                     }
                 },
@@ -673,7 +675,8 @@ def import_from_stix2(self, **kwargs):
                 update=update,
                 files=extras.get("files"),
                 filesMarkings=extras.get("filesMarkings"),
-                noTriggerImport=extras.get("noTriggerImport", False),
+                noTriggerImport=extras.get("noTriggerImport", None),
+                embedded=extras.get("embedded", None),
                 upsert_operations=(
                     stix_object["opencti_upsert_operations"]
                     if "opencti_upsert_operations" in stix_object