Skip to content

Commit

Permalink
[all] Allow custom entities in relationships
Browse files Browse the repository at this point in the history
  • Loading branch information
Samuel Hassine committed Nov 29, 2021
1 parent 819d547 commit 3a03f85
Show file tree
Hide file tree
Showing 9 changed files with 43 additions and 4 deletions.
1 change: 1 addition & 0 deletions external-import/alienvault/src/alienvault/utils/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -358,6 +358,7 @@ def create_relationship(
stop_time=stop_time,
confidence=confidence,
object_marking_refs=object_markings,
allow_custom=True,
)


Expand Down
13 changes: 11 additions & 2 deletions external-import/cape/src/cape/telemetry.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,10 @@ def createDNSObs(self, DNSOBJ):
value=host.domain
) # , resolves_to_refs=IP.id) ref https://github.com/OpenCTI-Platform/client-python/issues/155
Rel = Relationship(
source_ref=DNS.id, target_ref=IP.id, relationship_type="resolves-to"
source_ref=DNS.id,
target_ref=IP.id,
relationship_type="resolves-to",
allow_custom=True,
)

if self.CreateIndicator:
Expand Down Expand Up @@ -304,7 +307,10 @@ def createPrimaryBinary(self, file: cuckooTarget, external_references):
)

rel = Relationship(
source_ref=Filex.id, relationship_type="based-on", target_ref=ind.id
source_ref=Filex.id,
relationship_type="based-on",
target_ref=ind.id,
allow_custom=True,
)

return [Filex, ind, rel]
Expand Down Expand Up @@ -565,6 +571,7 @@ def processAndSubmit(self):
relationship_type="related-to",
source_ref=payload[0].id,
target_ref=IDx,
allow_custom=True,
)
)
for ATP in AttackPatterns:
Expand All @@ -573,6 +580,7 @@ def processAndSubmit(self):
relationship_type="related-to",
source_ref=payload[0].id,
target_ref=ATP["standard_id"],
allow_custom=True,
)
)
if Malware:
Expand All @@ -585,6 +593,7 @@ def processAndSubmit(self):
relationship_type="related-to",
source_ref=payload[0].id,
target_ref=ID,
allow_custom=True,
)

IDs.append(payload[0]) # Add Observeable
Expand Down
1 change: 1 addition & 0 deletions external-import/crowdstrike/src/crowdstrike/utils/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -609,6 +609,7 @@ def create_relationship(
stop_time=stop_time,
confidence=confidence,
object_marking_refs=object_markings,
allow_custom=True,
)


Expand Down
12 changes: 10 additions & 2 deletions external-import/cuckoo/src/cuckoo/telemetry.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,10 @@ def createDNSObs(self, DNSOBJ):
value=host["domain"]
) # , resolves_to_refs=IP.id) ref https://github.com/OpenCTI-Platform/client-python/issues/155
Rel = Relationship(
source_ref=DNS.id, target_ref=IP.id, relationship_type="resolves-to"
source_ref=DNS.id,
target_ref=IP.id,
relationship_type="resolves-to",
allow_custom=True,
)

if self.CreateIndicator:
Expand Down Expand Up @@ -210,7 +213,10 @@ def createPrimaryBinary(self, file: cuckooReportDropped, external_references):
)

rel = Relationship(
source_ref=Filex.id, relationship_type="based-on", target_ref=ind.id
source_ref=Filex.id,
relationship_type="based-on",
target_ref=ind.id,
allow_custom=True,
)

return [Filex, ind, rel]
Expand Down Expand Up @@ -437,6 +443,7 @@ def processAndSubmit(self):
relationship_type="related-to",
source_ref=payload[0].id,
target_ref=IDx,
allow_custom=True,
)
)
for ATP in AttackPatterns:
Expand All @@ -445,6 +452,7 @@ def processAndSubmit(self):
relationship_type="related-to",
source_ref=payload[0].id,
target_ref=ATP,
allow_custom=True,
)
)
IDs.append(payload[0]) # Add Observeable
Expand Down
1 change: 1 addition & 0 deletions external-import/cyber-threat-coalition/src/cyber-threat-coalition.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,7 @@ def fetch_and_send(self):
created_by_ref=organization,
source_ref=indicator.id,
target_ref=observable.id,
allow_custom=True,
)
bundle_objects.append(relationship)
report_object_refs.append(relationship["id"])
Expand Down
4 changes: 4 additions & 0 deletions external-import/cybercrime-tracker/src/cybercrime-tracker.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,7 @@ def run(self):
created=parsed_entry["date"],
modified=parsed_entry["date"],
external_references=[external_reference],
allow_custom=True,
)
bundle_objects.append(relation)
if self.create_observables:
Expand Down Expand Up @@ -303,6 +304,7 @@ def run(self):
created_by_ref=organization.id,
source_ref=indicator.id,
target_ref=observable_url.id,
allow_custom=True,
)
bundle_objects.append(relationship_1)
relationship_2 = stix2.Relationship(
Expand All @@ -313,6 +315,7 @@ def run(self):
created_by_ref=organization.id,
source_ref=indicator.id,
target_ref=observable_ip.id,
allow_custom=True,
)
bundle_objects.append(relationship_2)
if observable_domain is not None:
Expand All @@ -324,6 +327,7 @@ def run(self):
created_by_ref=organization.id,
source_ref=indicator.id,
target_ref=observable_domain.id,
allow_custom=True,
)
bundle_objects.append(relationship_3)

Expand Down
1 change: 1 addition & 0 deletions external-import/kaspersky/src/kaspersky/utils/stix2.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -412,6 +412,7 @@ def create_relationship(
stop_time=stop_time,
confidence=confidence,
object_marking_refs=object_markings,
allow_custom=True,
)


Expand Down
13 changes: 13 additions & 0 deletions external-import/misp/src/misp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -593,6 +593,7 @@ def process_events(self, work_id, events):
+ ref["comment"],
source_ref=src_result["entity"]["id"],
target_ref=target_result["entity"]["id"],
allow_custom=True,
)
)
# Add object_relationships
Expand Down Expand Up @@ -886,6 +887,7 @@ def process_attribute(
created_by_ref=author,
source_ref=indicator.id,
target_ref=observable.id,
allow_custom=True,
)
)
### Create relationship between MISP attribute (indicator or observable) and MISP object (observable)
Expand All @@ -901,6 +903,7 @@ def process_attribute(
target_ref=observable.id
if (observable is not None)
else indicator.id,
allow_custom=True,
)
)
# Event threats
Expand All @@ -924,6 +927,7 @@ def process_attribute(
description=attribute["comment"],
object_marking_refs=attribute_markings,
confidence=self.helper.connect_confidence_level,
allow_custom=True,
)
)
if observable is not None:
Expand All @@ -939,6 +943,7 @@ def process_attribute(
description=attribute["comment"],
object_marking_refs=attribute_markings,
confidence=self.helper.connect_confidence_level,
allow_custom=True,
)
)

Expand All @@ -965,6 +970,7 @@ def process_attribute(
description=attribute["comment"],
object_marking_refs=attribute_markings,
confidence=self.helper.connect_confidence_level,
allow_custom=True,
)
)
if observable is not None:
Expand All @@ -980,6 +986,7 @@ def process_attribute(
description=attribute["comment"],
object_marking_refs=attribute_markings,
confidence=self.helper.connect_confidence_level,
allow_custom=True,
)
)
# Event Attack Patterns
Expand All @@ -1004,6 +1011,7 @@ def process_attribute(
description=attribute["comment"],
object_marking_refs=attribute_markings,
confidence=self.helper.connect_confidence_level,
allow_custom=True,
)
relationships.append(relationship_uses)
# if indicator is not None:
Expand Down Expand Up @@ -1057,6 +1065,7 @@ def process_attribute(
target_ref=attack_pattern.id,
description=attribute["comment"],
object_marking_refs=attribute_markings,
allow_custom=True,
)
relationships.append(relationship_uses)
# if indicator is not None:
Expand Down Expand Up @@ -1101,6 +1110,7 @@ def process_attribute(
description=attribute["comment"],
object_marking_refs=attribute_markings,
confidence=self.helper.connect_confidence_level,
allow_custom=True,
)
)
if observable is not None:
Expand All @@ -1116,6 +1126,7 @@ def process_attribute(
description=attribute["comment"],
object_marking_refs=attribute_markings,
confidence=self.helper.connect_confidence_level,
allow_custom=True,
)
)

Expand All @@ -1133,6 +1144,7 @@ def process_attribute(
description=attribute["comment"],
object_marking_refs=attribute_markings,
confidence=self.helper.connect_confidence_level,
allow_custom=True,
)
)
if observable is not None:
Expand All @@ -1148,6 +1160,7 @@ def process_attribute(
description=attribute["comment"],
object_marking_refs=attribute_markings,
confidence=self.helper.connect_confidence_level,
allow_custom=True,
)
)
return {
Expand Down
1 change: 1 addition & 0 deletions external-import/thehive/src/thehive.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ def generate_case_bundle(self, case):
source_ref=stix_observable.id,
target_ref=incident.id,
object_marking_refs=markings,
allow_custom=True,
)
bundle_objects.append(stix_observable)
bundle_objects.append(stix_observable_relation)
Expand Down

0 comments on commit 3a03f85

Please sign in to comment.