From ed0b431db16e58c0131452499b295792d9129121 Mon Sep 17 00:00:00 2001 From: Bonsai8863 <131906254+Bonsai8863@users.noreply.github.com> Date: Mon, 26 Feb 2024 11:42:59 -0500 Subject: [PATCH 1/4] converted bank-account & crypto-wallet to financial-account; added asset & transaction --- docs/pycti/pycti.rst | 28 +++- pycti/__init__.py | 13 +- pycti/entities/opencti_stix_core_object.py | 54 +++++-- .../entities/opencti_stix_cyber_observable.py | 141 ++++++++--------- ...pencti_stix_cyber_observable_properties.py | 54 +++++-- pycti/utils/constants.py | 142 +++++++++++++----- pycti/utils/opencti_stix2_utils.py | 11 +- 7 files changed, 285 insertions(+), 158 deletions(-) diff --git a/docs/pycti/pycti.rst b/docs/pycti/pycti.rst index b5829609e..a57c1f451 100644 --- a/docs/pycti/pycti.rst +++ b/docs/pycti/pycti.rst @@ -191,8 +191,14 @@ Classes - :py:class:`CustomObservableUserAgent`: User-Agent observable. -- :py:class:`CustomObservableCryptocurrencyWallet`: - Cryptocurrency wallet observable. +- :py:class:`CustomObservableFinancialAccount`: + Financial Account observable. + +- :py:class:`CustomObservableFinancialAsset`: + Financial Asset observable. + +- :py:class:`CustomObservableFinancialTransaction`: + Financial Transaction observable. - :py:class:`CustomObservableText`: Text observable. @@ -590,11 +596,25 @@ Classes .. inheritance-diagram:: CustomObservableUserAgent :parts: 1 -.. autoclass:: CustomObservableCryptocurrencyWallet +.. autoclass:: CustomObservableFinancialAccount + :members: + + .. rubric:: Inheritance + .. inheritance-diagram:: CustomObservableFinancialAccount + :parts: 1 + +.. autoclass:: CustomObservableFinancialAsset + :members: + + .. rubric:: Inheritance + .. inheritance-diagram:: CustomObservableFinancialAsset + :parts: 1 + +.. autoclass:: CustomObservableFinancialTransaction :members: .. rubric:: Inheritance - .. inheritance-diagram:: CustomObservableCryptocurrencyWallet + .. inheritance-diagram:: CustomObservableFinancialTransaction :parts: 1 .. autoclass:: CustomObservableText diff --git a/pycti/__init__.py b/pycti/__init__.py index b0a150b40..e7c0b06f7 100644 --- a/pycti/__init__.py +++ b/pycti/__init__.py @@ -55,9 +55,10 @@ CustomObjectCaseIncident, CustomObjectChannel, CustomObjectTask, - CustomObservableBankAccount, CustomObservableCredential, - CustomObservableCryptocurrencyWallet, + CustomObservableFinancialAccount, + CustomObservableFinancialAsset, + CustomObservableFinancialTransaction, CustomObservableHostname, CustomObservableMediaContent, CustomObservablePaymentCard, @@ -136,17 +137,17 @@ "CustomObjectCaseIncident", "CustomObjectTask", "CustomObjectChannel", - "StixCyberObservableTypes", "CustomObservableCredential", + "CustomObservableFinancialAccount", + "CustomObservableFinancialAsset", + "CustomObservableFinancialTransaction", "CustomObservableHostname", - "CustomObservableUserAgent", - "CustomObservableBankAccount", - "CustomObservableCryptocurrencyWallet", "CustomObservablePaymentCard", "CustomObservablePhoneNumber", "CustomObservableTrackingNumber", "CustomObservableText", "CustomObservableMediaContent", + "CustomObservableUserAgent", "STIX_EXT_MITRE", "STIX_EXT_OCTI_SCO", "STIX_EXT_OCTI", diff --git a/pycti/entities/opencti_stix_core_object.py b/pycti/entities/opencti_stix_core_object.py index 4013cb38e..250792675 100644 --- a/pycti/entities/opencti_stix_core_object.py +++ b/pycti/entities/opencti_stix_core_object.py @@ -604,9 +604,6 @@ def __init__(self, opencti, file): ... on CryptographicKey { value } - ... on CryptocurrencyWallet { - value - } ... on Hostname { value } @@ -616,11 +613,6 @@ def __init__(self, opencti, file): ... on UserAgent { value } - ... on BankAccount { - iban - bic - account_number - } ... on PhoneNumber { value } @@ -643,6 +635,25 @@ def __init__(self, opencti, file): url publication_date } + ... on FinancialAccount { + account_number + account_status + account_type + iban_number + bic_number + currency_code + } + ... on FinancialAsset { + name + asset_type + asset_value + currency_code + } + ... on FinancialTransaction { + transaction_date + transaction_value + currency_code + } """ self.properties_with_files = """ id @@ -1268,9 +1279,6 @@ def __init__(self, opencti, file): ... on CryptographicKey { value } - ... on CryptocurrencyWallet { - value - } ... on Hostname { value } @@ -1280,11 +1288,6 @@ def __init__(self, opencti, file): ... on UserAgent { value } - ... on BankAccount { - iban - bic - account_number - } ... on PhoneNumber { value } @@ -1301,6 +1304,25 @@ def __init__(self, opencti, file): url publication_date } + ... on FinancialAccount { + account_number + account_status + account_type + iban_number + bic_number + currency_code + } + ... on FinancialAsset { + name + asset_type + asset_value + currency_code + } + ... on FinancialTransaction { + transaction_date + transaction_value + currency_code + } """ """ diff --git a/pycti/entities/opencti_stix_cyber_observable.py b/pycti/entities/opencti_stix_cyber_observable.py index 3497258d2..afeb7d0d2 100644 --- a/pycti/entities/opencti_stix_cyber_observable.py +++ b/pycti/entities/opencti_stix_cyber_observable.py @@ -236,6 +236,7 @@ def add_file(self, **kwargs): """ def create(self, **kwargs): + observable_data = kwargs.get("observableData", {}) simple_observable_id = kwargs.get("simple_observable_id", None) simple_observable_key = kwargs.get("simple_observable_key", None) @@ -269,37 +270,33 @@ def create(self, **kwargs): ) if type is None: return - if type.lower() == "file": - type = "StixFile" - elif type.lower() == "ipv4-addr": - type = "IPv4-Addr" - elif type.lower() == "ipv6-addr": - type = "IPv6-Addr" - elif type.lower() == "hostname" or type.lower() == "x-opencti-hostname": - type = "Hostname" - elif type.lower() == "payment-card" or type.lower() == "x-opencti-payment-card": - type = "Payment-Card" - elif type.lower() == "credential" or type.lower() == "x-opencti-credential": - type = "Credential" - elif ( - type.lower() == "tracking-number" - or type.lower() == "x-opencti-tracking-number" - ): - type = "Tracking-Number" - elif ( - type.lower() == "cryptocurrency-wallet" - or type.lower() == "x-opencti-cryptocurrency-wallet" - ): - type = "Cryptocurrency-Wallet" - elif type.lower() == "user-agent" or type.lower() == "x-opencti-user-agent": - type = "User-Agent" - elif ( - type.lower() == "cryptographic-key" - or type.lower() == "x-opencti-cryptographic-key" - ): - type = "Cryptographic-Key" - elif type.lower() == "text" or type.lower() == "x-opencti-text": - type = "Text" + + type_mappings = { + "credential": "Credential", + "cryptographic-key": "Cryptographic-Key", + "file": "StixFile", + "financial-account": "Financial-Account", + "financial-asset": "Financial-Asset", + "financial-transaction": "Financial-Transaction", + "hostname": "Hostname", + "ipv4-addr": "IPv4-Addr", + "ipv6-addr": "IPv6-Addr", + "payment-card": "Payment-Card", + "text": "Text", + "tracking-number": "Tracking-Number", + "user-agent": "User-Agent", + "x-opencti-credential": "Credential", + "x-opencti-cryptographic-key": "Cryptographic-Key", + "x-opencti-financial-account": "Financial-Account", + "x-opencti-financial-asset": "Financial-Asset", + "x-opencti-financial-transaction": "Financial-Transaction", + "x-opencti-hostname": "Hostname", + "x-opencti-payment-card": "Payment-Card", + "x-opencti-text": "Text", + "x-opencti-tracking-number": "Tracking-Number", + "x-opencti-user-agent": "User-Agent", + } + type = type_mappings.get(type.lower(), type) if "x_opencti_description" in observable_data: x_opencti_description = observable_data["x_opencti_description"] @@ -397,16 +394,17 @@ def create(self, **kwargs): $WindowsRegistryKey: WindowsRegistryKeyAddInput, $WindowsRegistryValueType: WindowsRegistryValueTypeAddInput, $CryptographicKey: CryptographicKeyAddInput, - $CryptocurrencyWallet: CryptocurrencyWalletAddInput, $Hostname: HostnameAddInput $Text: TextAddInput, $UserAgent: UserAgentAddInput - $BankAccount: BankAccountAddInput $PhoneNumber: PhoneNumberAddInput $Credential: CredentialAddInput $TrackingNumber: TrackingNumberAddInput $PaymentCard: PaymentCardAddInput $MediaContent: MediaContentAddInput + $FinancialAccount: FinancialAccountAddInput + $FinancialAsset: FinancialAssetAddInput + $FinancialTransaction: FinancialTransactionAddInput ) { stixCyberObservableAdd( type: $type, @@ -441,16 +439,17 @@ def create(self, **kwargs): WindowsRegistryKey: $WindowsRegistryKey, WindowsRegistryValueType: $WindowsRegistryValueType, CryptographicKey: $CryptographicKey, - CryptocurrencyWallet: $CryptocurrencyWallet, Hostname: $Hostname, Text: $Text, UserAgent: $UserAgent - BankAccount: $BankAccount PhoneNumber: $PhoneNumber Credential: $Credential TrackingNumber: $TrackingNumber PaymentCard: $PaymentCard MediaContent: $MediaContent + FinancialAccount: $FinancialAccount + FinancialAsset: $FinancialAsset + FinancialTransaction: $FinancialTransaction ) { id standard_id @@ -953,18 +952,6 @@ def create(self, **kwargs): observable_data["value"] if "value" in observable_data else None ), } - elif type == "Bank-Account": - input_variables["BankAccount"] = { - "iban": ( - observable_data["iban"] if "iban" in observable_data else None - ), - "bic": observable_data["bic"] if "bic" in observable_data else None, - "account_number": ( - observable_data["account_number"] - if "account_number" in observable_data - else None - ), - } elif type == "Phone-Number": input_variables["PhoneNumber"] = { "value": ( @@ -1012,34 +999,15 @@ def create(self, **kwargs): else None ), } - elif type == "Payment-Card" or type.lower() == "x-opencti-payment-card": - input_variables["PaymentCard"] = { - "card_number": ( - observable_data["card_number"] - if "card_number" in observable_data - else None - ), - "expiration_date": ( - observable_data["expiration_date"] - if "expiration_date" in observable_data - else None - ), - "cvv": observable_data["cvv"] if "cvv" in observable_data else None, - "holder_name": ( - observable_data["holder_name"] - if "holder_name" in observable_data - else None - ), - } - elif ( - type == "Cryptocurrency-Wallet" - or type.lower() == "x-opencti-cryptocurrency-wallet" - ): - input_variables["CryptocurrencyWallet"] = { - "value": ( - observable_data["value"] if "value" in observable_data else None - ), - } + # elif ( + # type == "Cryptocurrency-Wallet" + # or type.lower() == "x-opencti-cryptocurrency-wallet" + # ): + # input_variables["CryptocurrencyWallet"] = { + # "value": ( + # observable_data["value"] if "value" in observable_data else None + # ), + # } elif type == "Credential" or type.lower() == "x-opencti-credential": input_variables["Credential"] = { "value": ( @@ -1054,6 +1022,29 @@ def create(self, **kwargs): observable_data["value"] if "value" in observable_data else None ), } + elif type == "Financial-Account" or type.lower() == "x-opencti-financial-account": + input_variables["FinancialAccount"] = { + "iban_number": observable_data.get("iban_number"), + "bic_number": observable_data.get("bic_number"), + "account_number": observable_data.get("account_number"), + "account_status": observable_data.get("account_status"), + "account_type": observable_data.get("account_type"), + "currency_code": observable_data.get("currency_code"), + } + elif type == "Financial-Asset" or type.lower() == "x-opencti-financial-asset": + input_variables["FinancialAsset"] = { + "name": observable_data.get("name"), + "asset_type": observable_data.get("asset_type"), + "asset_value": observable_data.get("asset_value"), + "currency_code": observable_data.get("currency_code"), + } + elif type == "Financial-Transaction" or type.lower() == "x-opencti-transaction": + input_variables["FinancialTransaction"] = { + "transaction_date": observable_data.get("transaction_date"), + "transaction_value": observable_data.get("transaction_value"), + "currency_code": observable_data.get("currency_code"), + } + result = self.opencti.query(query, input_variables) if "payload_bin" in observable_data and "mime_type" in observable_data: self.add_file( diff --git a/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py b/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py index bc3dd4941..ae152c6a3 100644 --- a/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py +++ b/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py @@ -249,9 +249,6 @@ ... on CryptographicKey { value } - ... on CryptocurrencyWallet { - value - } ... on Hostname { value } @@ -261,11 +258,6 @@ ... on UserAgent { value } - ... on BankAccount { - iban - bic - account_number - } ... on PhoneNumber { value } @@ -288,6 +280,25 @@ url publication_date } + ... on FinancialAccount { + account_number + account_status + account_type + iban_number + bic_number + currency_code + } + ... on FinancialAsset { + name + asset_type + asset_value + currency_code + } + ... on FinancialTransaction { + transaction_date + transaction_value + currency_code + } """ SCO_PROPERTIES_WITH_FILES = """ id @@ -549,9 +560,6 @@ ... on CryptographicKey { value } - ... on CryptocurrencyWallet { - value - } ... on Hostname { value } @@ -561,11 +569,6 @@ ... on UserAgent { value } - ... on BankAccount { - iban - bic - account_number - } ... on PhoneNumber { value } @@ -601,4 +604,23 @@ } } } + ... on FinancialAccount { + account_number + account_status + account_type + iban_number + bic_number + currency_code + } + ... on FinancialAsset { + name + asset_type + asset_value + currency_code + } + ... on FinancialTransaction { + transaction_date + transaction_value + currency_code + } """ diff --git a/pycti/utils/constants.py b/pycti/utils/constants.py index d194a203a..ca89a8b7b 100644 --- a/pycti/utils/constants.py +++ b/pycti/utils/constants.py @@ -37,10 +37,12 @@ class StixCyberObservableTypes(Enum): WINDOWS_REGISTRY_VALUE_TYPE = "Windows-Registry-Value-Type" HOSTNAME = "Hostname" CRYPTOGRAPHIC_KEY = "Cryptographic-Key" - CRYPTOCURRENCY_WALLET = "Cryptocurrency-Wallet" + # CRYPTOCURRENCY_WALLET = "Cryptocurrency-Wallet" + FINANCIAL_ACCOUNT = "Financial-Account" + FINANCIAL_ASSET = "Financial-Asset" + FINANCIAL_TRANSACTION = "Financial-Transaction" TEXT = "Text" USER_AGENT = "User-Agent" - BANK_ACCOUNT = "Bank-Account" PHONE_NUMBER = "Phone-Number" CREDENTIAL = "Credential" TRACKING_NUMBER = "Tracking-Number" @@ -308,13 +310,33 @@ class CustomObservablePaymentCard: pass +# @CustomObservable( +# "bank-account", +# [ +# ("value", StringProperty(required=True)), +# ("iban", StringProperty(required=True)), +# ("bic", StringProperty(required=False)), +# ("account_number", StringProperty(required=False)), +# ("spec_version", StringProperty(fixed="2.1")), +# ( +# "object_marking_refs", +# ListProperty( +# ReferenceProperty(valid_types="marking-definition", spec_version="2.1") +# ), +# ), +# ], +# ["iban"], +# ) +# class CustomObservableBankAccount: +# """Bank Account observable.""" + +# pass + + @CustomObservable( - "bank-account", + "credential", [ ("value", StringProperty(required=True)), - ("iban", StringProperty(required=True)), - ("bic", StringProperty(required=False)), - ("account_number", StringProperty(required=False)), ("spec_version", StringProperty(fixed="2.1")), ( "object_marking_refs", @@ -323,16 +345,33 @@ class CustomObservablePaymentCard: ), ), ], - ["iban"], + ["value"], ) -class CustomObservableBankAccount: - """Bank Account observable.""" +class CustomObservableCredential: + """Credential observable.""" pass +# @CustomObservable( +# "cryptocurrency-wallet", +# [ +# ("value", StringProperty(required=True)), +# ("spec_version", StringProperty(fixed="2.1")), +# ( +# "object_marking_refs", +# ListProperty( +# ReferenceProperty(valid_types="marking-definition", spec_version="2.1") +# ), +# ), +# ], +# ["value"], +# ) +# class CustomObservableCryptocurrencyWallet: +# """Cryptocurrency wallet observable.""" + @CustomObservable( - "credential", + "phone-number", [ ("value", StringProperty(required=True)), ("spec_version", StringProperty(fixed="2.1")), @@ -345,14 +384,14 @@ class CustomObservableBankAccount: ], ["value"], ) -class CustomObservableCredential: - """Credential observable.""" +class CustomObservablePhoneNumber: + """Phone number observable.""" pass @CustomObservable( - "cryptocurrency-wallet", + "tracking-number", [ ("value", StringProperty(required=True)), ("spec_version", StringProperty(fixed="2.1")), @@ -365,14 +404,14 @@ class CustomObservableCredential: ], ["value"], ) -class CustomObservableCryptocurrencyWallet: - """Cryptocurrency wallet observable.""" +class CustomObservableTrackingNumber: + """Tracking number observable.""" pass @CustomObservable( - "phone-number", + "user-agent", [ ("value", StringProperty(required=True)), ("spec_version", StringProperty(fixed="2.1")), @@ -385,16 +424,21 @@ class CustomObservableCryptocurrencyWallet: ], ["value"], ) -class CustomObservablePhoneNumber: - """Phone number observable.""" +class CustomObservableUserAgent: + """User-Agent observable.""" pass @CustomObservable( - "tracking-number", + "media-content", [ - ("value", StringProperty(required=True)), + ("title", StringProperty()), + ("description", StringProperty()), + ("content", StringProperty()), + ("media_category", StringProperty()), + ("url", StringProperty(required=True)), + ("publication_date", TimestampProperty()), ("spec_version", StringProperty(fixed="2.1")), ( "object_marking_refs", @@ -403,18 +447,23 @@ class CustomObservablePhoneNumber: ), ), ], - ["value"], + ["url"], ) -class CustomObservableTrackingNumber: - """Tracking number observable.""" +class CustomObservableMediaContent: + """Media-Content observable.""" pass @CustomObservable( - "user-agent", + "financial-account", [ - ("value", StringProperty(required=True)), + ("account_number", StringProperty()), + ("account_status", StringProperty()), + ("account_type", StringProperty()), + ("iban_number", StringProperty()), + ("bic_number", StringProperty()), + ("currency_code", StringProperty()), ("spec_version", StringProperty(fixed="2.1")), ( "object_marking_refs", @@ -423,23 +472,20 @@ class CustomObservableTrackingNumber: ), ), ], - ["value"], ) -class CustomObservableUserAgent: - """User-Agent observable.""" +class CustomObservableFinancialAccount: + """Financial account observable.""" pass @CustomObservable( - "media-content", + "financial-asset", [ - ("title", StringProperty()), - ("description", StringProperty()), - ("content", StringProperty()), - ("media_category", StringProperty()), - ("url", StringProperty(required=True)), - ("publication_date", TimestampProperty()), + ("name", StringProperty()), + ("asset_type", StringProperty()), + ("asset_value", StringProperty()), + ("currency_code", StringProperty()), ("spec_version", StringProperty(fixed="2.1")), ( "object_marking_refs", @@ -448,9 +494,29 @@ class CustomObservableUserAgent: ), ), ], - ["url"], ) -class CustomObservableMediaContent: - """Media-Content observable.""" +class CustomObservableFinancialAsset: + """Financial asset observable.""" + + pass + + +@CustomObservable( + "financial-transaction", + [ + ("transaction_date", StringProperty()), + ("transaction_value", StringProperty()), + ("currency_code", StringProperty()), + ("spec_version", StringProperty(fixed="2.1")), + ( + "object_marking_refs", + ListProperty( + ReferenceProperty(valid_types="marking-definition", spec_version="2.1") + ), + ), + ], +) +class CustomObservableFinancialTransaction: + """Financial transaction observable.""" pass diff --git a/pycti/utils/opencti_stix2_utils.py b/pycti/utils/opencti_stix2_utils.py index 321c7418c..f79af1cdf 100644 --- a/pycti/utils/opencti_stix2_utils.py +++ b/pycti/utils/opencti_stix2_utils.py @@ -25,15 +25,18 @@ "windows-registry-value-type": "Windows-Registry-Value-Type", "hostname": "Hostname", "cryptographic-key": "Cryptographic-Key", - "cryptocurrency-wallet": "Cryptocurrency-Wallet", + # "cryptocurrency-wallet": "Cryptocurrency-Wallet", "text": "Text", "user-agent": "User-Agent", - "bank-account": "Bank-Account", + # "bank-account": "Bank-Account", "phone-number": "Phone-Number", "credential": "Credential", "tracking-number": "Tracking-Number", "payment-card": "Payment-Card", "media-content": "Media-Content", + "financial-account": "Financial-Account", + "financial-asset": "Financial-Asset", + "financial-transaction": "Financial-Transaction", } PATTERN_MAPPING = { @@ -60,12 +63,14 @@ "Windows-Registry-Key": ["key"], "Windows-Registry-Value-Type": ["name"], "Hostname": ["value"], - "Bank-Account": ["iban"], "Phone-Number": ["value"], "Payment-Card": ["card_number"], "Tracking-Number": ["value"], "Credential": ["value"], "Media-Content": ["url"], + "Financial-Account": ["account_number"], + "Financial-Asset": ["asset_value"], + "Financial-Transaction": ["transaction_value"], } OBSERVABLES_VALUE_INT = [ From d7fa933d1d4ee48d72ef30694d239ebf177683f0 Mon Sep 17 00:00:00 2001 From: Bonsai8863 <131906254+Bonsai8863@users.noreply.github.com> Date: Mon, 26 Feb 2024 16:02:40 -0500 Subject: [PATCH 2/4] financial observable creation examples --- .../create_observable_financial_account.py | 25 +++++++++++++++++++ examples/create_observable_financial_asset.py | 22 ++++++++++++++++ ...create_observable_financial_transaction.py | 25 +++++++++++++++++++ .../entities/opencti_stix_cyber_observable.py | 14 ++++++++--- pycti/utils/constants.py | 1 + 5 files changed, 84 insertions(+), 3 deletions(-) create mode 100644 examples/create_observable_financial_account.py create mode 100644 examples/create_observable_financial_asset.py create mode 100644 examples/create_observable_financial_transaction.py diff --git a/examples/create_observable_financial_account.py b/examples/create_observable_financial_account.py new file mode 100644 index 000000000..78bf2186e --- /dev/null +++ b/examples/create_observable_financial_account.py @@ -0,0 +1,25 @@ +# coding: utf-8 + +from pycti import OpenCTIApiClient + +# Variables +api_url = "http://localhost:4000" +api_token = "6C2C9EAE-6FF5-4421-B118-74A3CA5AAC20" + +# OpenCTI initialization +opencti_api_client = OpenCTIApiClient(api_url, api_token) + +process = opencti_api_client.stix_cyber_observable.create( + observableData={ + "type": "Financial-Account", + "account_number": "123-45-9988", + "account_status": "active", + "account_type": "credit_credit_card", + "x_opencti_score": 90, + "iban_number": "55667", + "bic_number": "009998877", + "currency_code": "bahraini_dinar_(bhd)", + } +) + +print(process) diff --git a/examples/create_observable_financial_asset.py b/examples/create_observable_financial_asset.py new file mode 100644 index 000000000..cac9e8860 --- /dev/null +++ b/examples/create_observable_financial_asset.py @@ -0,0 +1,22 @@ +# coding: utf-8 + +from pycti import OpenCTIApiClient + +# Variables +api_url = "http://localhost:4000" +api_token = "6C2C9EAE-6FF5-4421-B118-74A3CA5AAC20" + +# OpenCTI initialization +opencti_api_client = OpenCTIApiClient(api_url, api_token) + +process = opencti_api_client.stix_cyber_observable.create( + observableData={ + "type": "Financial-Asset", + "name": "Joe's Big Boat", + "asset_type": "boat", + "asset_value": 12000000, + "currency_code": "belarusian_ruble_(byr)", + } +) + +print(process) diff --git a/examples/create_observable_financial_transaction.py b/examples/create_observable_financial_transaction.py new file mode 100644 index 000000000..ad3997ba0 --- /dev/null +++ b/examples/create_observable_financial_transaction.py @@ -0,0 +1,25 @@ +# coding: utf-8 +from dateutil.parser import parse + +from pycti import OpenCTIApiClient + +# Variables +api_url = "http://localhost:4000" +api_token = "6C2C9EAE-6FF5-4421-B118-74A3CA5AAC20" + +# OpenCTI initialization +opencti_api_client = OpenCTIApiClient(api_url, api_token) + +# Define the date +date = parse("2019-02-06").strftime("%Y-%m-%dT%H:%M:%SZ") + +process = opencti_api_client.stix_cyber_observable.create( + observableData={ + "type": "Financial-Transaction", + "transaction_date": date, + "transaction_value": 62000000, + "currency_code": "belarusian_ruble_(byr)", + } +) + +print(process) diff --git a/pycti/entities/opencti_stix_cyber_observable.py b/pycti/entities/opencti_stix_cyber_observable.py index afeb7d0d2..c05864ab3 100644 --- a/pycti/entities/opencti_stix_cyber_observable.py +++ b/pycti/entities/opencti_stix_cyber_observable.py @@ -1022,7 +1022,10 @@ def create(self, **kwargs): observable_data["value"] if "value" in observable_data else None ), } - elif type == "Financial-Account" or type.lower() == "x-opencti-financial-account": + elif ( + type == "Financial-Account" + or type.lower() == "x-opencti-financial-account" + ): input_variables["FinancialAccount"] = { "iban_number": observable_data.get("iban_number"), "bic_number": observable_data.get("bic_number"), @@ -1031,14 +1034,19 @@ def create(self, **kwargs): "account_type": observable_data.get("account_type"), "currency_code": observable_data.get("currency_code"), } - elif type == "Financial-Asset" or type.lower() == "x-opencti-financial-asset": + elif ( + type == "Financial-Asset" or type.lower() == "x-opencti-financial-asset" + ): input_variables["FinancialAsset"] = { "name": observable_data.get("name"), "asset_type": observable_data.get("asset_type"), "asset_value": observable_data.get("asset_value"), "currency_code": observable_data.get("currency_code"), } - elif type == "Financial-Transaction" or type.lower() == "x-opencti-transaction": + elif ( + type == "Financial-Transaction" + or type.lower() == "x-opencti-transaction" + ): input_variables["FinancialTransaction"] = { "transaction_date": observable_data.get("transaction_date"), "transaction_value": observable_data.get("transaction_value"), diff --git a/pycti/utils/constants.py b/pycti/utils/constants.py index ca89a8b7b..9f692a2b2 100644 --- a/pycti/utils/constants.py +++ b/pycti/utils/constants.py @@ -370,6 +370,7 @@ class CustomObservableCredential: # class CustomObservableCryptocurrencyWallet: # """Cryptocurrency wallet observable.""" + @CustomObservable( "phone-number", [ From 2185f8f099333d8bbdf443a3d9902ec19846863a Mon Sep 17 00:00:00 2001 From: Param Constructor <132086448+ParamConstructor@users.noreply.github.com> Date: Fri, 28 Jun 2024 13:25:24 -0400 Subject: [PATCH 3/4] Fixing name to asset_name to match change on opencti branch --- examples/create_observable_financial_asset.py | 2 +- pycti/entities/opencti_stix_core_object.py | 4 ++-- pycti/entities/opencti_stix_cyber_observable.py | 2 +- .../opencti_stix_cyber_observable_properties.py | 4 ++-- pycti/utils/constants.py | 3 ++- pycti/utils/opencti_stix2_utils.py | 1 + 6 files changed, 9 insertions(+), 7 deletions(-) diff --git a/examples/create_observable_financial_asset.py b/examples/create_observable_financial_asset.py index cac9e8860..0b82118d1 100644 --- a/examples/create_observable_financial_asset.py +++ b/examples/create_observable_financial_asset.py @@ -12,7 +12,7 @@ process = opencti_api_client.stix_cyber_observable.create( observableData={ "type": "Financial-Asset", - "name": "Joe's Big Boat", + "asset_name": "Joe's Big Boat", "asset_type": "boat", "asset_value": 12000000, "currency_code": "belarusian_ruble_(byr)", diff --git a/pycti/entities/opencti_stix_core_object.py b/pycti/entities/opencti_stix_core_object.py index 250792675..222d20141 100644 --- a/pycti/entities/opencti_stix_core_object.py +++ b/pycti/entities/opencti_stix_core_object.py @@ -644,7 +644,7 @@ def __init__(self, opencti, file): currency_code } ... on FinancialAsset { - name + asset_name asset_type asset_value currency_code @@ -1313,7 +1313,7 @@ def __init__(self, opencti, file): currency_code } ... on FinancialAsset { - name + asset_name asset_type asset_value currency_code diff --git a/pycti/entities/opencti_stix_cyber_observable.py b/pycti/entities/opencti_stix_cyber_observable.py index c05864ab3..b0cd4e97b 100644 --- a/pycti/entities/opencti_stix_cyber_observable.py +++ b/pycti/entities/opencti_stix_cyber_observable.py @@ -1038,7 +1038,7 @@ def create(self, **kwargs): type == "Financial-Asset" or type.lower() == "x-opencti-financial-asset" ): input_variables["FinancialAsset"] = { - "name": observable_data.get("name"), + "asset_name": observable_data.get("asset_name"), "asset_type": observable_data.get("asset_type"), "asset_value": observable_data.get("asset_value"), "currency_code": observable_data.get("currency_code"), diff --git a/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py b/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py index ae152c6a3..c8f39af93 100644 --- a/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py +++ b/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py @@ -289,7 +289,7 @@ currency_code } ... on FinancialAsset { - name + asset_name asset_type asset_value currency_code @@ -613,7 +613,7 @@ currency_code } ... on FinancialAsset { - name + asset_name asset_type asset_value currency_code diff --git a/pycti/utils/constants.py b/pycti/utils/constants.py index 9f692a2b2..502edec08 100644 --- a/pycti/utils/constants.py +++ b/pycti/utils/constants.py @@ -43,6 +43,7 @@ class StixCyberObservableTypes(Enum): FINANCIAL_TRANSACTION = "Financial-Transaction" TEXT = "Text" USER_AGENT = "User-Agent" + # BANK_ACCOUNT = "Bank-Account" PHONE_NUMBER = "Phone-Number" CREDENTIAL = "Credential" TRACKING_NUMBER = "Tracking-Number" @@ -483,7 +484,7 @@ class CustomObservableFinancialAccount: @CustomObservable( "financial-asset", [ - ("name", StringProperty()), + ("asset_name", StringProperty()), ("asset_type", StringProperty()), ("asset_value", StringProperty()), ("currency_code", StringProperty()), diff --git a/pycti/utils/opencti_stix2_utils.py b/pycti/utils/opencti_stix2_utils.py index f79af1cdf..78a6d21da 100644 --- a/pycti/utils/opencti_stix2_utils.py +++ b/pycti/utils/opencti_stix2_utils.py @@ -63,6 +63,7 @@ "Windows-Registry-Key": ["key"], "Windows-Registry-Value-Type": ["name"], "Hostname": ["value"], + # "Bank-Account": ["iban"], "Phone-Number": ["value"], "Payment-Card": ["card_number"], "Tracking-Number": ["value"], From eaa7812d9eaf84b2f797059e7014b9cb6603b4bf Mon Sep 17 00:00:00 2001 From: Bonsai8863 <131906254+Bonsai8863@users.noreply.github.com> Date: Tue, 9 Jul 2024 14:39:42 +0200 Subject: [PATCH 4/4] [client] Added crypto-wallet back --- docs/pycti/pycti.rst | 10 +++++ .../create_observable_financial_account.py | 4 +- pycti/__init__.py | 2 + pycti/entities/opencti_stix_core_object.py | 14 +++++-- .../entities/opencti_stix_cyber_observable.py | 24 ++++++------ ...pencti_stix_cyber_observable_properties.py | 14 +++++-- pycti/utils/constants.py | 38 +++++++++---------- pycti/utils/opencti_stix2_utils.py | 2 +- 8 files changed, 67 insertions(+), 41 deletions(-) diff --git a/docs/pycti/pycti.rst b/docs/pycti/pycti.rst index a57c1f451..4d7ef6365 100644 --- a/docs/pycti/pycti.rst +++ b/docs/pycti/pycti.rst @@ -200,6 +200,9 @@ Classes - :py:class:`CustomObservableFinancialTransaction`: Financial Transaction observable. +- :py:class:`CustomObservableCryptocurrencyWallet`: + Cryptocurrency wallet observable. + - :py:class:`CustomObservableText`: Text observable. @@ -617,6 +620,13 @@ Classes .. inheritance-diagram:: CustomObservableFinancialTransaction :parts: 1 +.. autoclass:: CustomObservableCryptocurrencyWallet + :members: + + .. rubric:: Inheritance + .. inheritance-diagram:: CustomObservableCryptocurrencyWallet + :parts: 1 + .. autoclass:: CustomObservableText :members: diff --git a/examples/create_observable_financial_account.py b/examples/create_observable_financial_account.py index 78bf2186e..f44f30067 100644 --- a/examples/create_observable_financial_account.py +++ b/examples/create_observable_financial_account.py @@ -16,8 +16,8 @@ "account_status": "active", "account_type": "credit_credit_card", "x_opencti_score": 90, - "iban_number": "55667", - "bic_number": "009998877", + "iban": "55667", + "bic": "009998877", "currency_code": "bahraini_dinar_(bhd)", } ) diff --git a/pycti/__init__.py b/pycti/__init__.py index e7c0b06f7..c53647c80 100644 --- a/pycti/__init__.py +++ b/pycti/__init__.py @@ -56,6 +56,7 @@ CustomObjectChannel, CustomObjectTask, CustomObservableCredential, + CustomObservableCryptocurrencyWallet, CustomObservableFinancialAccount, CustomObservableFinancialAsset, CustomObservableFinancialTransaction, @@ -141,6 +142,7 @@ "CustomObservableFinancialAccount", "CustomObservableFinancialAsset", "CustomObservableFinancialTransaction", + "CustomObservableCryptocurrencyWallet", "CustomObservableHostname", "CustomObservablePaymentCard", "CustomObservablePhoneNumber", diff --git a/pycti/entities/opencti_stix_core_object.py b/pycti/entities/opencti_stix_core_object.py index 222d20141..036ffb5cb 100644 --- a/pycti/entities/opencti_stix_core_object.py +++ b/pycti/entities/opencti_stix_core_object.py @@ -604,6 +604,9 @@ def __init__(self, opencti, file): ... on CryptographicKey { value } + ... on CryptocurrencyWallet { + value + } ... on Hostname { value } @@ -639,8 +642,8 @@ def __init__(self, opencti, file): account_number account_status account_type - iban_number - bic_number + iban + bic currency_code } ... on FinancialAsset { @@ -1279,6 +1282,9 @@ def __init__(self, opencti, file): ... on CryptographicKey { value } + ... on CryptocurrencyWallet { + value + } ... on Hostname { value } @@ -1308,8 +1314,8 @@ def __init__(self, opencti, file): account_number account_status account_type - iban_number - bic_number + iban + bic currency_code } ... on FinancialAsset { diff --git a/pycti/entities/opencti_stix_cyber_observable.py b/pycti/entities/opencti_stix_cyber_observable.py index b0cd4e97b..13abe56b4 100644 --- a/pycti/entities/opencti_stix_cyber_observable.py +++ b/pycti/entities/opencti_stix_cyber_observable.py @@ -394,6 +394,7 @@ def create(self, **kwargs): $WindowsRegistryKey: WindowsRegistryKeyAddInput, $WindowsRegistryValueType: WindowsRegistryValueTypeAddInput, $CryptographicKey: CryptographicKeyAddInput, + $CryptocurrencyWallet: CryptocurrencyWalletAddInput, $Hostname: HostnameAddInput $Text: TextAddInput, $UserAgent: UserAgentAddInput @@ -439,6 +440,7 @@ def create(self, **kwargs): WindowsRegistryKey: $WindowsRegistryKey, WindowsRegistryValueType: $WindowsRegistryValueType, CryptographicKey: $CryptographicKey, + CryptocurrencyWallet: $CryptocurrencyWallet, Hostname: $Hostname, Text: $Text, UserAgent: $UserAgent @@ -999,15 +1001,15 @@ def create(self, **kwargs): else None ), } - # elif ( - # type == "Cryptocurrency-Wallet" - # or type.lower() == "x-opencti-cryptocurrency-wallet" - # ): - # input_variables["CryptocurrencyWallet"] = { - # "value": ( - # observable_data["value"] if "value" in observable_data else None - # ), - # } + elif ( + type == "Cryptocurrency-Wallet" + or type.lower() == "x-opencti-cryptocurrency-wallet" + ): + input_variables["CryptocurrencyWallet"] = { + "value": ( + observable_data["value"] if "value" in observable_data else None + ), + } elif type == "Credential" or type.lower() == "x-opencti-credential": input_variables["Credential"] = { "value": ( @@ -1027,8 +1029,8 @@ def create(self, **kwargs): or type.lower() == "x-opencti-financial-account" ): input_variables["FinancialAccount"] = { - "iban_number": observable_data.get("iban_number"), - "bic_number": observable_data.get("bic_number"), + "iban": observable_data.get("iban"), + "bic": observable_data.get("bic"), "account_number": observable_data.get("account_number"), "account_status": observable_data.get("account_status"), "account_type": observable_data.get("account_type"), diff --git a/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py b/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py index c8f39af93..2d96ec595 100644 --- a/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py +++ b/pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py @@ -249,6 +249,9 @@ ... on CryptographicKey { value } + ... on CryptocurrencyWallet { + value + } ... on Hostname { value } @@ -284,8 +287,8 @@ account_number account_status account_type - iban_number - bic_number + iban + bic currency_code } ... on FinancialAsset { @@ -560,6 +563,9 @@ ... on CryptographicKey { value } + ... on CryptocurrencyWallet { + value + } ... on Hostname { value } @@ -608,8 +614,8 @@ account_number account_status account_type - iban_number - bic_number + iban + bic currency_code } ... on FinancialAsset { diff --git a/pycti/utils/constants.py b/pycti/utils/constants.py index 502edec08..d6123650a 100644 --- a/pycti/utils/constants.py +++ b/pycti/utils/constants.py @@ -37,7 +37,7 @@ class StixCyberObservableTypes(Enum): WINDOWS_REGISTRY_VALUE_TYPE = "Windows-Registry-Value-Type" HOSTNAME = "Hostname" CRYPTOGRAPHIC_KEY = "Cryptographic-Key" - # CRYPTOCURRENCY_WALLET = "Cryptocurrency-Wallet" + CRYPTOCURRENCY_WALLET = "Cryptocurrency-Wallet" FINANCIAL_ACCOUNT = "Financial-Account" FINANCIAL_ASSET = "Financial-Asset" FINANCIAL_TRANSACTION = "Financial-Transaction" @@ -354,22 +354,22 @@ class CustomObservableCredential: pass -# @CustomObservable( -# "cryptocurrency-wallet", -# [ -# ("value", StringProperty(required=True)), -# ("spec_version", StringProperty(fixed="2.1")), -# ( -# "object_marking_refs", -# ListProperty( -# ReferenceProperty(valid_types="marking-definition", spec_version="2.1") -# ), -# ), -# ], -# ["value"], -# ) -# class CustomObservableCryptocurrencyWallet: -# """Cryptocurrency wallet observable.""" +@CustomObservable( + "cryptocurrency-wallet", + [ + ("value", StringProperty(required=True)), + ("spec_version", StringProperty(fixed="2.1")), + ( + "object_marking_refs", + ListProperty( + ReferenceProperty(valid_types="marking-definition", spec_version="2.1") + ), + ), + ], + ["value"], +) +class CustomObservableCryptocurrencyWallet: + """Cryptocurrency wallet observable.""" @CustomObservable( @@ -463,8 +463,8 @@ class CustomObservableMediaContent: ("account_number", StringProperty()), ("account_status", StringProperty()), ("account_type", StringProperty()), - ("iban_number", StringProperty()), - ("bic_number", StringProperty()), + ("iban", StringProperty()), + ("bic", StringProperty()), ("currency_code", StringProperty()), ("spec_version", StringProperty(fixed="2.1")), ( diff --git a/pycti/utils/opencti_stix2_utils.py b/pycti/utils/opencti_stix2_utils.py index 78a6d21da..63e9f9616 100644 --- a/pycti/utils/opencti_stix2_utils.py +++ b/pycti/utils/opencti_stix2_utils.py @@ -25,7 +25,7 @@ "windows-registry-value-type": "Windows-Registry-Value-Type", "hostname": "Hostname", "cryptographic-key": "Cryptographic-Key", - # "cryptocurrency-wallet": "Cryptocurrency-Wallet", + "cryptocurrency-wallet": "Cryptocurrency-Wallet", "text": "Text", "user-agent": "User-Agent", # "bank-account": "Bank-Account",