From 91aec6922357072b7bbf6ff4dae2551fccb09bd2 Mon Sep 17 00:00:00 2001
From: Valentin Bouzin <valentin.bouzin@filigran.io>
Date: Tue, 14 Oct 2025 08:22:14 +0200
Subject: [PATCH 1/4] [client] create sshkey example

---
 examples/create_observable_sshkey.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 examples/create_observable_sshkey.py

diff --git a/examples/create_observable_sshkey.py b/examples/create_observable_sshkey.py
new file mode 100644
index 000000000..2edacb9bb
--- /dev/null
+++ b/examples/create_observable_sshkey.py
@@ -0,0 +1,16 @@
+# coding: utf-8
+
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = "http://opencti:4000"
+api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159"
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+observable_sshkey = opencti_api_client.stix_cyber_observable.create(
+    observableData={"type": "SSH-Key", "SSHKey": {"fingerprint_sha256": "sha256_test"}}
+)
+
+print(observable_sshkey)

From 31412e7a7464189971e3f292741d7d8dd764d60c Mon Sep 17 00:00:00 2001
From: Valentin Bouzin <valentin.bouzin@filigran.io>
Date: Wed, 15 Oct 2025 09:30:20 +0200
Subject: [PATCH 2/4] [client] delete example

---
 examples/create_observable_sshkey.py |  2 +-
 examples/delete_observable_sshkey.py | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 examples/delete_observable_sshkey.py

diff --git a/examples/create_observable_sshkey.py b/examples/create_observable_sshkey.py
index 2edacb9bb..0ee44088b 100644
--- a/examples/create_observable_sshkey.py
+++ b/examples/create_observable_sshkey.py
@@ -10,7 +10,7 @@
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
 
 observable_sshkey = opencti_api_client.stix_cyber_observable.create(
-    observableData={"type": "SSH-Key", "SSHKey": {"fingerprint_sha256": "sha256_test"}}
+    observableData={"type": "SSH-Key", "fingerprint_sha256": "sha256_test"}
 )
 
 print(observable_sshkey)
diff --git a/examples/delete_observable_sshkey.py b/examples/delete_observable_sshkey.py
new file mode 100644
index 000000000..a642fd0ff
--- /dev/null
+++ b/examples/delete_observable_sshkey.py
@@ -0,0 +1,24 @@
+# coding: utf-8
+
+from pycti import OpenCTIApiClient
+
+# Variables
+api_url = "http://opencti:4000"
+api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159"
+
+# OpenCTI initialization
+opencti_api_client = OpenCTIApiClient(api_url, api_token)
+
+opencti_api_client.stix_cyber_observable.create(
+    observableData={"type": "SSH-Key", "fingerprint_sha256": "sha256_test"}
+)
+
+observable_sshkey = opencti_api_client.stix_cyber_observable.read(
+    filters={
+        "mode": "and",
+        "filters": [{"key": "fingerprint_sha256", "values": ["sha256_test"]}],
+        "filterGroups": [],
+    }
+)
+
+opencti_api_client.stix_cyber_observable.delete(id=observable_sshkey.get("id"))

From 308f6c84d01be2b41873148bad39cd9a2a153404 Mon Sep 17 00:00:00 2001
From: Valentin Bouzin <valentin.bouzin@filigran.io>
Date: Wed, 15 Oct 2025 09:35:00 +0200
Subject: [PATCH 3/4] [client] env var used

---
 examples/create_observable_sshkey.py | 5 +++--
 examples/delete_observable_sshkey.py | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/examples/create_observable_sshkey.py b/examples/create_observable_sshkey.py
index 0ee44088b..bcd9dddf9 100644
--- a/examples/create_observable_sshkey.py
+++ b/examples/create_observable_sshkey.py
@@ -1,10 +1,11 @@
 # coding: utf-8
+import os
 
 from pycti import OpenCTIApiClient
 
 # Variables
-api_url = "http://opencti:4000"
-api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159"
+api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000")
+api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159")
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/delete_observable_sshkey.py b/examples/delete_observable_sshkey.py
index a642fd0ff..e1cf1a337 100644
--- a/examples/delete_observable_sshkey.py
+++ b/examples/delete_observable_sshkey.py
@@ -1,10 +1,11 @@
 # coding: utf-8
+import os
 
 from pycti import OpenCTIApiClient
 
 # Variables
-api_url = "http://opencti:4000"
-api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159"
+api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000")
+api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159")
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)

From d4bd000bba5d6ddd89a797f5323b61f43d65bf57 Mon Sep 17 00:00:00 2001
From: Valentin Bouzin <valentin.bouzin@filigran.io>
Date: Wed, 15 Oct 2025 10:06:42 +0200
Subject: [PATCH 4/4] [client] update field example

---
 examples/update_observable_attributes.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/examples/update_observable_attributes.py b/examples/update_observable_attributes.py
index 26f4b8e47..8988b0762 100644
--- a/examples/update_observable_attributes.py
+++ b/examples/update_observable_attributes.py
@@ -52,3 +52,12 @@
 opencti_api_client.stix_cyber_observable.update_created_by(
     id=observable["id"], identity_id=author["id"]
 )
+
+observable_sshkey = opencti_api_client.stix_cyber_observable.create(
+    observableData={"type": "SSH-Key", "fingerprint_sha256": "sha256_test"}
+)
+
+opencti_api_client.stix_cyber_observable.update_field(
+    id=observable_sshkey.get("id"),
+    input={"key": "fingerprint_sha256", "value": "sha256_test_edit_name"},
+)