diff --git a/README.md b/README.md index 18e04eea1..15a87a34d 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,20 @@ Integration testing $ pytest ./tests/02-integration/ ``` +Example testing: + +> OpenCTI must be running + +```bash +cd examples +# Configure with you local instance of OpenCTI +export OPENCTI_API_URL="http://localhost:4000" +export OPENCTI_API_TOKEN="xxxxxxxxxxxxxxxxxxxxxx" + +#Run one example file +python get_indicators_of_malware.py +``` + ## About OpenCTI is a product designed and developed by the company [Filigran](https://filigran.io). diff --git a/examples/add_external_reference_to_report.py b/examples/add_external_reference_to_report.py index 7653f4d05..9aa2803a4 100644 --- a/examples/add_external_reference_to_report.py +++ b/examples/add_external_reference_to_report.py @@ -1,12 +1,13 @@ # coding: utf-8 +import os from dateutil.parser import parse from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/add_label_to_malware.py b/examples/add_label_to_malware.py index 48daa11a5..cd5097531 100644 --- a/examples/add_label_to_malware.py +++ b/examples/add_label_to_malware.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/add_label_to_observable.py b/examples/add_label_to_observable.py index 7bf249508..b7e6eb3ad 100644 --- a/examples/add_label_to_observable.py +++ b/examples/add_label_to_observable.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/add_organization_to_sector.py b/examples/add_organization_to_sector.py index 692bb38ba..7d3e39830 100644 --- a/examples/add_organization_to_sector.py +++ b/examples/add_organization_to_sector.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/add_tool_usage_to_intrusion-set.py b/examples/add_tool_usage_to_intrusion-set.py index 154c8af11..13c36ebd1 100644 --- a/examples/add_tool_usage_to_intrusion-set.py +++ b/examples/add_tool_usage_to_intrusion-set.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/ask_enrichment_of_observable.py b/examples/ask_enrichment_of_observable.py index a8516071c..c7f5db1d9 100644 --- a/examples/ask_enrichment_of_observable.py +++ b/examples/ask_enrichment_of_observable.py @@ -1,9 +1,11 @@ # coding: utf-8 +import os + from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # Define name of INTERNAL_ENRICHMENT Connector which can enrich IPv4 addresses connector_name = "AbuseIPDB" diff --git a/examples/cmd_line_tag_latest_indicators_of_threat.py b/examples/cmd_line_tag_latest_indicators_of_threat.py index 748d7b4c6..ec165b48e 100644 --- a/examples/cmd_line_tag_latest_indicators_of_threat.py +++ b/examples/cmd_line_tag_latest_indicators_of_threat.py @@ -1,13 +1,14 @@ # coding: utf-8 import argparse +import os from dateutil.parser import parse from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/create_campaign_attributed-to_intrusion_set.py b/examples/create_campaign_attributed-to_intrusion_set.py index 8be3fbd3b..17ba332dd 100644 --- a/examples/create_campaign_attributed-to_intrusion_set.py +++ b/examples/create_campaign_attributed-to_intrusion_set.py @@ -1,12 +1,13 @@ # coding: utf-8 +import os from dateutil.parser import parse from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/create_file_with_hashes.py b/examples/create_file_with_hashes.py index 2ef369619..f930075d1 100644 --- a/examples/create_file_with_hashes.py +++ b/examples/create_file_with_hashes.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/create_incident_with_ttps_and_indicators.py b/examples/create_incident_with_ttps_and_indicators.py index f51aa8a5f..68b631725 100644 --- a/examples/create_incident_with_ttps_and_indicators.py +++ b/examples/create_incident_with_ttps_and_indicators.py @@ -1,12 +1,13 @@ # coding: utf-8 +import os from dateutil.parser import parse from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/create_indicator_of_campaign.py b/examples/create_indicator_of_campaign.py index ed0d8e6c6..ea8b767b0 100644 --- a/examples/create_indicator_of_campaign.py +++ b/examples/create_indicator_of_campaign.py @@ -1,12 +1,13 @@ # coding: utf-8 +import os from dateutil.parser import parse from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/create_intrusion_set.py b/examples/create_intrusion_set.py index 29db15374..babec9ae2 100644 --- a/examples/create_intrusion_set.py +++ b/examples/create_intrusion_set.py @@ -1,12 +1,12 @@ # coding: utf-8 - import datetime +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/create_ip_domain_resolution.py b/examples/create_ip_domain_resolution.py index e924c3c55..a4ac78ab3 100644 --- a/examples/create_ip_domain_resolution.py +++ b/examples/create_ip_domain_resolution.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/create_marking_definition.py b/examples/create_marking_definition.py index 05f4e5807..08ef2e1e4 100644 --- a/examples/create_marking_definition.py +++ b/examples/create_marking_definition.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/create_observable_relationships.py b/examples/create_observable_relationships.py index 36374e9cb..a8f55066d 100644 --- a/examples/create_observable_relationships.py +++ b/examples/create_observable_relationships.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/create_process_observable.py b/examples/create_process_observable.py index 41092038a..5ad674310 100644 --- a/examples/create_process_observable.py +++ b/examples/create_process_observable.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/create_report_with_author.py b/examples/create_report_with_author.py index a9aa2406c..54c51b575 100644 --- a/examples/create_report_with_author.py +++ b/examples/create_report_with_author.py @@ -1,12 +1,13 @@ # coding: utf-8 +import os from dateutil.parser import parse from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/delete_intrusion_set.py b/examples/delete_intrusion_set.py index b438e3d69..25f279271 100644 --- a/examples/delete_intrusion_set.py +++ b/examples/delete_intrusion_set.py @@ -1,11 +1,12 @@ # coding: utf-8 import datetime +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/delete_relation.py b/examples/delete_relation.py index e981bdb82..3e41e5084 100644 --- a/examples/delete_relation.py +++ b/examples/delete_relation.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/export_async_of_indicators.py b/examples/export_async_of_indicators.py index cdc819ad8..31e2ee1bb 100644 --- a/examples/export_async_of_indicators.py +++ b/examples/export_async_of_indicators.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/export_async_of_malware.py b/examples/export_async_of_malware.py index cdc819ad8..31e2ee1bb 100644 --- a/examples/export_async_of_malware.py +++ b/examples/export_async_of_malware.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/export_incident_stix2.py b/examples/export_incident_stix2.py index b2320aa4b..32420ab90 100644 --- a/examples/export_incident_stix2.py +++ b/examples/export_incident_stix2.py @@ -1,12 +1,12 @@ # coding: utf-8 - import json +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/export_incidents_stix2.py b/examples/export_incidents_stix2.py index 8fe5bdaab..a0ad44587 100644 --- a/examples/export_incidents_stix2.py +++ b/examples/export_incidents_stix2.py @@ -1,12 +1,12 @@ # coding: utf-8 - import json +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/export_intrusion_set_stix2.py b/examples/export_intrusion_set_stix2.py index d153c95ed..fc93882d8 100644 --- a/examples/export_intrusion_set_stix2.py +++ b/examples/export_intrusion_set_stix2.py @@ -1,12 +1,12 @@ # coding: utf-8 - import json +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/export_report_stix2.py b/examples/export_report_stix2.py index 402898bee..642438d66 100644 --- a/examples/export_report_stix2.py +++ b/examples/export_report_stix2.py @@ -1,12 +1,12 @@ # coding: utf-8 - import json +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/get_all_indicators_using_pagination.py b/examples/get_all_indicators_using_pagination.py index 668619a64..6c3de77b8 100644 --- a/examples/get_all_indicators_using_pagination.py +++ b/examples/get_all_indicators_using_pagination.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/get_all_reports_using_pagination.py b/examples/get_all_reports_using_pagination.py index 10b66e805..acd79fb15 100644 --- a/examples/get_all_reports_using_pagination.py +++ b/examples/get_all_reports_using_pagination.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/get_attack_pattern_by_mitre_id.py b/examples/get_attack_pattern_by_mitre_id.py index d60b75a71..31b58caa5 100644 --- a/examples/get_attack_pattern_by_mitre_id.py +++ b/examples/get_attack_pattern_by_mitre_id.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/get_entity_by_name_or_alias.py b/examples/get_entity_by_name_or_alias.py index e25a03a35..483426880 100644 --- a/examples/get_entity_by_name_or_alias.py +++ b/examples/get_entity_by_name_or_alias.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/get_indicators_of_malware.py b/examples/get_indicators_of_malware.py index 84cc2e1e5..11ef6f789 100644 --- a/examples/get_indicators_of_malware.py +++ b/examples/get_indicators_of_malware.py @@ -1,30 +1,43 @@ -# coding: utf-8 -import datetime - -from pycti import OpenCTIApiClient - -# Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" -malware = "Emotet" - -# OpenCTI initialization -opencti_api_client = OpenCTIApiClient(api_url, api_token) - -# Get the malware set in variable -malware = opencti_api_client.malware.read( - filters={ - "mode": "and", - "filters": [{"key": "name", "values": [malware]}], - "filterGroups": [], - } -) - -# Get the relations from the malware to indicators -stix_relations = opencti_api_client.stix_core_relationship.list( - fromTypes=["Indicator"], toId=malware["id"] -) - -# Print -for stix_relation in stix_relations: - print("[" + stix_relation["from"]["standard_id"] + "] " + stix_relation["from"]["name"]) \ No newline at end of file +# coding: utf-8 +import os + +from pycti import OpenCTIApiClient + +# Variables +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") +malwareName = "Example test malware" + +# OpenCTI initialization +opencti_api_client = OpenCTIApiClient(api_url, api_token, "info") + +# Create the Malware +malwareCreated = opencti_api_client.malware.create( + name=malwareName, description="Example test malware" +) + +# Get the malware set in variable +malwareEntity = opencti_api_client.malware.read( + filters={ + "mode": "and", + "filters": [{"key": "name", "values": [malwareName]}], + "filterGroups": [], + } +) +print("Malware found", malwareEntity) + +# Get the relations from the malware to indicators +stix_relations = opencti_api_client.stix_core_relationship.list( + fromTypes=["Indicator"], toId=malwareEntity["id"] +) + +print("Rel:", stix_relations) + +# Print +for stix_relation in stix_relations: + print( + "[" + + stix_relation["from"]["standard_id"] + + "] " + + stix_relation["from"]["name"] + ) diff --git a/examples/get_malwares_of_intrusion_set.py b/examples/get_malwares_of_intrusion_set.py index 574327354..c616c5665 100644 --- a/examples/get_malwares_of_intrusion_set.py +++ b/examples/get_malwares_of_intrusion_set.py @@ -1,11 +1,12 @@ # coding: utf-8 import datetime +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/get_marking_definitions.py b/examples/get_marking_definitions.py index 91e1c71be..89c91d397 100644 --- a/examples/get_marking_definitions.py +++ b/examples/get_marking_definitions.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/get_observable_exact_match.py b/examples/get_observable_exact_match.py index c26127e66..f05ea8f8e 100644 --- a/examples/get_observable_exact_match.py +++ b/examples/get_observable_exact_match.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/get_observables_search.py b/examples/get_observables_search.py index 73bd7744c..7e8e8cebb 100644 --- a/examples/get_observables_search.py +++ b/examples/get_observables_search.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/get_reports_about_intrusion_set.py b/examples/get_reports_about_intrusion_set.py index 3078f55fc..57ed68d4a 100644 --- a/examples/get_reports_about_intrusion_set.py +++ b/examples/get_reports_about_intrusion_set.py @@ -1,12 +1,12 @@ # coding: utf-8 import datetime +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" - +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/import_stix2_file.py b/examples/import_stix2_file.py index e7026f76f..6b73bb611 100644 --- a/examples/import_stix2_file.py +++ b/examples/import_stix2_file.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/promote_observable_to_indicator.py b/examples/promote_observable_to_indicator.py index 56e6be30d..048f2ed7f 100644 --- a/examples/promote_observable_to_indicator.py +++ b/examples/promote_observable_to_indicator.py @@ -1,11 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" - +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/run_all.sh b/examples/run_all.sh old mode 100644 new mode 100755 diff --git a/examples/search_attack_pattern.py b/examples/search_attack_pattern.py index 0c7ff433d..30937b5f8 100644 --- a/examples/search_attack_pattern.py +++ b/examples/search_attack_pattern.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/search_malware.py b/examples/search_malware.py index c3ae3bf1c..c62914a58 100644 --- a/examples/search_malware.py +++ b/examples/search_malware.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/update_entity_attribute.py b/examples/update_entity_attribute.py index 3a8e51988..16f2b2eb3 100644 --- a/examples/update_entity_attribute.py +++ b/examples/update_entity_attribute.py @@ -1,11 +1,12 @@ # coding: utf-8 import datetime +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/update_observable_attributes.py b/examples/update_observable_attributes.py index 1ef7fbf4e..26f4b8e47 100644 --- a/examples/update_observable_attributes.py +++ b/examples/update_observable_attributes.py @@ -1,10 +1,11 @@ # coding: utf-8 +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/upload_artifacts.py b/examples/upload_artifacts.py index 9a5d3ecc5..36cf2847f 100644 --- a/examples/upload_artifacts.py +++ b/examples/upload_artifacts.py @@ -5,8 +5,8 @@ from pycti import OpenCTIApiClient -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI instantiation OPENCTI_API_CLIENT = OpenCTIApiClient(api_url, api_token) diff --git a/examples/upload_file.py b/examples/upload_file.py index 934ad4717..2fbea5694 100644 --- a/examples/upload_file.py +++ b/examples/upload_file.py @@ -1,12 +1,13 @@ # coding: utf-8 +import os from stix2 import TLP_GREEN from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token) diff --git a/examples/upload_file_to_intrusion_set.py b/examples/upload_file_to_intrusion_set.py index 4887406e6..66973a1fe 100644 --- a/examples/upload_file_to_intrusion_set.py +++ b/examples/upload_file_to_intrusion_set.py @@ -1,12 +1,12 @@ # coding: utf-8 - import datetime +import os from pycti import OpenCTIApiClient # Variables -api_url = "http://opencti:4000" -api_token = "bfa014e0-e02e-4aa6-a42b-603b19dcf159" +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") # OpenCTI initialization opencti_api_client = OpenCTIApiClient(api_url, api_token)