Exemplo n.º 1
0
    def _process_parsed_objects(
        self,
        entity: Dict,
        observables: List,
        entities: List,
        bypass_validation: bool,
        file_name: str,
    ) -> int:

        if len(observables) == 0 and len(entities) == 0:
            return 0

        if entity is not None and entity["entity_type"] == "Report":
            report = Report(
                id=entity["standard_id"],
                name=entity["name"],
                description=entity["description"],
                published=self.helper.api.stix2.format_date(entity["created"]),
                report_types=entity["report_types"],
                object_refs=observables + entities,
                allow_custom=True,
            )
            observables.append(report)
        elif entity is not None:
            # TODO, relate all object to the entity
            entity_stix_bundle = self.helper.api.stix2.export_entity(
                entity["entity_type"], entity["id"])
            observables = observables + entity_stix_bundle["objects"]
        else:
            timestamp = int(time.time())
            now = datetime.utcfromtimestamp(timestamp)
            report = Report(
                name=file_name,
                description="Automatic import",
                published=now,
                report_types=["threat-report"],
                object_refs=observables + entities,
                allow_custom=True,
            )
            observables.append(report)
        bundles_sent = []
        if len(observables) > 0:
            bundle = Bundle(objects=observables, allow_custom=True).serialize()
            bundles_sent = self.helper.send_stix2_bundle(
                bundle=bundle,
                update=True,
                bypass_validation=bypass_validation,
                file_name=file_name + ".json",
                entity_id=entity["id"] if entity is not None else None,
            )

        # len() - 1 because the report update increases the count by one
        return len(bundles_sent) - 1
Exemplo n.º 2
0
    def _process_message(self, data: Dict) -> str:
        file_fetch = data["file_fetch"]
        file_uri = self.helper.opencti_url + file_fetch

        # Downloading and saving file to connector
        self.helper.log_info("Importing the file " + file_uri)

        observable = SimpleObservable(
            id=OpenCTIStix2Utils.generate_random_stix_id(
                "x-opencti-simple-observable"),
            key=self.data["simple_observable_key"],
            value=self.data["simple_observable_value"],
        )

        bundle_objects = [observable]
        entity_id = data.get("entity_id", None)
        report = self.helper.api.report.read(id=entity_id)

        report = Report(
            id=report["standard_id"],
            name=report["name"],
            description=report["description"],
            published=self.helper.api.stix2.format_date(report["published"]),
            report_types=report["report_types"],
            object_refs=bundle_objects,
        )

        bundle_objects.append(report)
        # create stix bundle
        bundle = Bundle(objects=bundle_objects).serialize()
        # send data
        self.helper.send_stix2_bundle(bundle=bundle)
        return "foo"
Exemplo n.º 3
0
def create_report(
    name: str,
    published: datetime,
    objects: List[Union[_DomainObject, _RelationshipObject]],
    created_by: Optional[Identity] = None,
    created: Optional[datetime] = None,
    modified: Optional[datetime] = None,
    description: Optional[str] = None,
    report_types: Optional[List[str]] = None,
    labels: Optional[List[str]] = None,
    confidence: Optional[int] = None,
    external_references: Optional[List[ExternalReference]] = None,
    object_markings: Optional[List[MarkingDefinition]] = None,
    x_opencti_report_status: Optional[int] = None,
) -> Report:
    """Create a report."""
    return Report(
        id=_create_random_identifier("report"),
        created_by_ref=created_by,
        created=created,
        modified=modified,
        name=name,
        description=description,
        report_types=report_types,
        published=published,
        object_refs=objects,
        labels=labels,
        confidence=confidence,
        external_references=external_references,
        object_marking_refs=object_markings,
        custom_properties={X_OPENCTI_REPORT_STATUS: x_opencti_report_status},
        allow_custom=True,
    )
Exemplo n.º 4
0
    def _process_parsed_objects(self, report: Dict, observables: List,
                                entities: List) -> int:

        if len(observables) == 0 and len(entities) == 0:
            return 0

        report = Report(
            id=report["standard_id"],
            name=report["name"],
            description=report["description"],
            published=self.helper.api.stix2.format_date(report["created"]),
            report_types=report["report_types"],
            object_refs=observables + entities,
        )
        observables.append(report)

        bundles_sent = []
        if len(observables) > 0:
            bundle = Bundle(objects=observables).serialize()
            bundles_sent = self.helper.send_stix2_bundle(
                bundle=bundle,
                update=True,
            )

        # len() - 1 because the report update increases the count by one
        return len(bundles_sent) - 1
Exemplo n.º 5
0
    def _create_report(self, object_refs: List[STIXDomainObject]) -> Report:
        external_references = []
        for reference in self.pulse.references:
            if not reference:
                continue
            external_reference = create_external_reference(
                self.source_name, reference)
            external_references.append(external_reference)

        tags = []
        for pulse_tag in self.pulse.tags:
            tag = create_tag(self.source_name, pulse_tag,
                             "#" + "%06x" % random.randint(0, 0xFFFFFF))
            tags.append(tag)

        return Report(
            created_by_ref=self.author,
            name=self.pulse.name,
            description=self.pulse.description,
            published=self.pulse.created,
            object_refs=object_refs,
            labels=["threat-report"],
            external_references=external_references,
            object_marking_refs=self.object_marking_refs,
            custom_properties={
                CustomProperties.REPORT_CLASS: self.report_type,
                CustomProperties.OBJECT_STATUS: self.report_status,
                CustomProperties.SRC_CONF_LEVEL: self.confidence_level,
                CustomProperties.TAG_TYPE: tags,
            },
        )
Exemplo n.º 6
0
def test_crate_bundle():
    stix_splitter = OpenCTIStix2Splitter()
    report = Report(
        report_types=["campaign"],
        name="Bad Cybercrime",
        published="2016-04-06T20:03:00.000Z",
        object_refs=["indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7"],
    ).serialize()
    observables = [report]

    bundle = stix_splitter.stix2_create_bundle(observables,
                                               use_json=False,
                                               event_version=None)

    for key in ["type", "id", "spec_version", "objects"]:
        assert key in bundle
    assert len(bundle.keys()) == 4

    bundle = stix_splitter.stix2_create_bundle(observables,
                                               use_json=False,
                                               event_version=1)
    for key in [
            "type", "id", "spec_version", "objects", "x_opencti_event_version"
    ]:
        assert key in bundle
    assert len(bundle.keys()) == 5
 def _process_message(self, data):
     file_fetch = data["file_fetch"]
     file_uri = self.helper.opencti_url + file_fetch
     file_name = os.path.basename(file_fetch)
     entity_id = data["entity_id"]
     # Get context
     is_context = entity_id is not None and len(entity_id) > 0
     if self.helper.get_only_contextual() and not is_context:
         raise ValueError(
             "No context defined, connector is get_only_contextual true"
         )
     self.helper.log_info("Importing the file " + file_uri)
     # Get the file
     file_content = self.helper.api.fetch_opencti_file(file_uri, True)
     # Write the file
     f = open(file_name, "wb")
     f.write(file_content)
     f.close()
     # Parse
     bundle_objects = []
     i = 0
     parser = iocp.IOC_Parser(None, "pdf", True, "pdfminer", "json")
     parsed = parser.parse(file_name)
     os.remove(file_name)
     if parsed != []:
         for file in parsed:
             if file != None:
                 for page in file:
                     if page != []:
                         for match in page:
                             resolved_match = self.resolve_match(match)
                             if resolved_match:
                                 observable = SimpleObservable(
                                     id=OpenCTIStix2Utils.generate_random_stix_id(
                                         "x-opencti-simple-observable"
                                     ),
                                     key=resolved_match["type"],
                                     value=resolved_match["value"],
                                     x_opencti_create_indicator=self.create_indicator,
                                 )
                                 bundle_objects.append(observable)
                                 i += 1
     else:
         self.helper.log_error("Could not parse the report!")
     if is_context:
         entity = self.helper.api.stix_domain_object.read(id=entity_id)
         if entity is not None:
             if entity["entity_type"] == "Report" and len(bundle_objects) > 0:
                 report = Report(
                     id=entity["standard_id"],
                     name=entity["name"],
                     description=entity["description"],
                     published=self.helper.api.stix2.format_date(entity["created"]),
                     report_types=entity["report_types"],
                     object_refs=bundle_objects,
                 )
                 bundle_objects.append(report)
     bundle = Bundle(objects=bundle_objects).serialize()
     bundles_sent = self.helper.send_stix2_bundle(bundle)
     return "Sent " + str(len(bundles_sent)) + " stix bundle(s) for worker import"
Exemplo n.º 8
0
    def run(self, work_id: str, state: Mapping[str, Any]) -> Mapping[str, Any]:
        """Run the importation of the article."""
        self.work_id = work_id
        created = parser.parse(self.article["createdDate"])
        # RisIQ API does not always provide the `publishedDate`.
        # If it does not exist, take the value of the `createdDate` instead.
        published = (
            parser.parse(self.article["publishedDate"])
            if self.article["publishedDate"] is not None
            else created
        )

        indicators = itertools.chain(
            *[
                self._process_indicator(indicator)
                for indicator in self.article["indicators"]
            ]
        )

        indicators = utils.deduplicate(list(indicators))
        # Return the initial state if we don't have any indicators.
        if not indicators:
            self.helper.log_info("No indicator in article, report will not be created.")
            return state

        self.helper.log_debug(f"Number of indicators: {len(indicators)}")

        # Check if all indicators' TLP marking are `TLP_WHITE`.
        report_tlp = TLP_WHITE
        if TLP_AMBER in [i["object_marking_refs"][0] for i in indicators]:
            report_tlp = TLP_AMBER

        report = Report(
            type="report",
            name=self.article.get("title", "RiskIQ Threat Report"),
            description=self.article["summary"],
            report_types=["threat-report"],
            created_by_ref=self.author,
            created=created,
            published=published,
            lang="en",
            labels=self.article["tags"],
            object_refs=indicators,
            object_marking_refs=report_tlp,
            external_references=[
                {
                    "source_name": "riskiq",
                    "url": self.article["link"],
                    "external_id": self.article["guid"],
                }
            ],
            allow_custom=True,
        )
        self.helper.log_debug(f"[RiskIQ] Report = {report}")

        bundle = Bundle(objects=indicators + [report, self.author], allow_custom=True)
        self.helper.log_info("[RiskIQ] Sending report STIX2 bundle")
        self._send_bundle(bundle)

        return self._create_state(created)
Exemplo n.º 9
0
 def _update_report(self, bundle: List, entity_id: int) -> List:
     report = self.helper.api.report.read(id=entity_id)
     # The entity_id can be any SDO
     if report:
         report = Report(
             id=report["standard_id"],
             name=report["name"],
             description=report["description"],
             published=self.helper.api.stix2.format_date(report["created"]),
             report_types=report["report_types"],
             object_refs=bundle,
         )
         bundle.append(report)
     return bundle
Exemplo n.º 10
0
    def _create_report(self, object_refs: List[_DomainObject]) -> Report:
        external_references = self._create_report_external_references()
        tags = self._create_report_tags()

        return Report(
            created_by_ref=self.author,
            name=self.pulse.name,
            description=self.pulse.description,
            published=self.pulse.created,
            object_refs=object_refs,
            labels=["threat-report"],
            external_references=external_references,
            object_marking_refs=self.object_marking_refs,
            custom_properties={
                CustomProperties.REPORT_CLASS: self.report_type,
                CustomProperties.OBJECT_STATUS: self.report_status,
                CustomProperties.SRC_CONF_LEVEL: self.confidence_level,
                CustomProperties.TAG_TYPE: tags,
            },
        )
Exemplo n.º 11
0
    def process_events(self, events):
        for event in events:
            self.helper.log_info("Processing event " + event["Event"]["uuid"])
            ### Default variables
            added_markings = []
            added_entities = []
            added_object_refs = []

            ### Pre-process
            # Author
            author = Identity(
                name=event["Event"]["Orgc"]["name"], identity_class="organization"
            )
            # Elements
            event_elements = self.prepare_elements(event["Event"]["Galaxy"], author)
            # Markings
            if "Tag" in event["Event"]:
                event_markings = self.resolve_markings(event["Event"]["Tag"])
            else:
                event_markings = [TLP_WHITE]
            # Tags
            event_tags = []
            if "Tag" in event["Event"]:
                event_tags = self.resolve_tags(event["Event"]["Tag"])
            # ExternalReference
            event_external_reference = ExternalReference(
                source_name=self.helper.connect_name,
                external_id=event["Event"]["uuid"],
                url=self.misp_url + "/events/view/" + event["Event"]["uuid"],
            )

            ### Get indicators
            event_external_references = [event_external_reference]
            indicators = []
            # Get attributes
            for attribute in event["Event"]["Attribute"]:
                indicator = self.process_attribute(
                    author, event_elements, event_markings, [], attribute
                )
                if attribute["type"] == "link":
                    event_external_references.append(
                        ExternalReference(
                            source_name=attribute["category"],
                            external_id=attribute["uuid"],
                            url=attribute["value"],
                        )
                    )
                if indicator is not None:
                    indicators.append(indicator)
            # Get attributes of objects
            objects_relationships = []
            for object in event["Event"]["Object"]:
                attribute_external_references = []
                for attribute in object["Attribute"]:
                    if attribute["type"] == "link":
                        attribute_external_references.append(
                            ExternalReference(
                                source_name=attribute["category"],
                                external_id=attribute["uuid"],
                                url=attribute["value"],
                            )
                        )
                object_attributes = []
                for attribute in object["Attribute"]:
                    indicator = self.process_attribute(
                        author,
                        event_elements,
                        event_markings,
                        attribute_external_references,
                        attribute,
                    )
                    if indicator is not None:
                        indicators.append(indicator)
                        if (
                            object["meta-category"] == "file"
                            and indicator["indicator"].x_opencti_observable_type
                            in FILETYPES
                        ):
                            object_attributes.append(indicator)
                objects_relationships.extend(
                    self.process_observable_relations(object_attributes, [])
                )

            ### Prepare the bundle
            bundle_objects = [author]
            object_refs = []
            # Add event markings
            for event_marking in event_markings:
                if event_marking["id"] not in added_markings:
                    bundle_objects.append(event_marking)
                    added_markings.append(event_marking["id"])
            # Add event elements
            all_event_elements = (
                event_elements["intrusion_sets"]
                + event_elements["malwares"]
                + event_elements["tools"]
                + event_elements["attack_patterns"]
            )
            for event_element in all_event_elements:
                if event_element["name"] not in added_object_refs:
                    object_refs.append(event_element)
                    added_object_refs.append(event_element["name"])
                if event_element["name"] not in added_entities:
                    bundle_objects.append(event_element)
                    added_entities.append(event_element["name"])
            # Add indicators
            for indicator in indicators:
                if indicator["indicator"]["id"] not in added_object_refs:
                    object_refs.append(indicator["indicator"])
                    added_object_refs.append(indicator["indicator"]["id"])
                if indicator["indicator"]["id"] not in added_entities:
                    bundle_objects.append(indicator["indicator"])
                    added_entities.append(indicator["indicator"]["id"])
                # Add attribute markings
                for attribute_marking in indicator["markings"]:
                    if attribute_marking["id"] not in added_markings:
                        bundle_objects.append(attribute_marking)
                        added_markings.append(attribute_marking["id"])
                # Add attribute elements
                all_attribute_elements = (
                    indicator["attribute_elements"]["intrusion_sets"]
                    + indicator["attribute_elements"]["malwares"]
                    + indicator["attribute_elements"]["tools"]
                    + indicator["attribute_elements"]["attack_patterns"]
                )
                for attribute_element in all_attribute_elements:
                    if attribute_element["name"] not in added_object_refs:
                        object_refs.append(attribute_element)
                        added_object_refs.append(attribute_element["name"])
                    if attribute_element["name"] not in added_entities:
                        bundle_objects.append(attribute_element)
                        added_entities.append(attribute_element["name"])
                # Add attribute relationships
                for relationship in indicator["relationships"]:
                    object_refs.append(relationship)
                    bundle_objects.append(relationship)
            # Add object_relationships
            for object_relationship in objects_relationships:
                bundle_objects.append(object_relationship)

            ### Create the report if needed
            if self.misp_create_report and len(object_refs) > 0:
                report = Report(
                    name=event["Event"]["info"],
                    description=event["Event"]["info"],
                    published=parse(event["Event"]["date"]),
                    created_by_ref=author,
                    object_marking_refs=event_markings,
                    labels=["threat-report"],
                    object_refs=object_refs,
                    external_references=event_external_references,
                    custom_properties={
                        "x_opencti_report_class": self.misp_report_class,
                        "x_opencti_object_status": 2,
                        "x_opencti_tags": event_tags,
                    },
                )
                bundle_objects.append(report)
            bundle = Bundle(objects=bundle_objects).serialize()
            self.helper.log_info("Sending event STIX2 bundle")
            self.helper.send_stix2_bundle(
                bundle, None, self.update_existing_data, False
            )
Exemplo n.º 12
0
    def process_events(self, events):
        for event in events:
            ### Default variables
            added_markings = []
            added_entities = []
            added_object_refs = []

            ### Pre-process
            # Author
            author = Identity(name=event['Event']['Orgc']['name'], identity_class='organization')
            # Elements
            event_elements = self.prepare_elements(event['Event']['Galaxy'])
            # Markings
            if 'Tag' in event['Event']:
                event_markings = self.resolve_markings(event['Event']['Tag'])
            else:
                event_markings = [TLP_WHITE]
            # ExternalReference
            event_external_reference = ExternalReference(
                source_name=self.helper.connect_name,
                external_id=event['Event']['uuid'],
                url=self.misp_url + '/events/view/' + event['Event']['uuid'])

            ### Get indicators
            indicators = []
            # Get attributes
            for attribute in event['Event']['Attribute']:
                indicator = self.process_attribute(author, event_elements, event_markings, attribute)
                if indicator is not None:
                    indicators.append(indicator)
            # Get attributes of objects
            objects_relationships = []
            for object in event['Event']['Object']:
                object_attributes = []
                for attribute in object['Attribute']:
                    indicator = self.process_attribute(author, event_elements, event_markings, attribute)
                    if indicator is not None:
                        indicators.append(indicator)
                        if object['meta-category'] == 'file' and indicator[
                            'indicator'].x_opencti_observable_type in FILETYPES:
                            object_attributes.append(indicator)
                objects_relationships.extend(self.process_observable_relations(object_attributes, []))

            ### Prepare the bundle
            bundle_objects = [author]
            object_refs = []
            # Add event markings
            for event_marking in event_markings:
                if event_marking['id'] not in added_markings:
                    bundle_objects.append(event_marking)
                    added_markings.append(event_marking['id'])
            # Add event elements
            all_event_elements = \
                event_elements['intrusion_sets'] + \
                event_elements['malwares'] + \
                event_elements['tools'] + \
                event_elements['attack_patterns']
            for event_element in all_event_elements:
                if event_element['name'] not in added_object_refs:
                    object_refs.append(event_element)
                    added_object_refs.append(event_element['name'])
                if event_element['name'] not in added_entities:
                    bundle_objects.append(event_element)
                    added_entities.append(event_element['name'])
            # Add indicators
            for indicator in indicators:
                if indicator['indicator']['id'] not in added_object_refs:
                    object_refs.append(indicator['indicator'])
                    added_object_refs.append(indicator['indicator']['id'])
                if indicator['indicator']['id'] not in added_entities:
                    bundle_objects.append(indicator['indicator'])
                    added_entities.append(indicator['indicator']['id'])
                # Add attribute markings
                for attribute_marking in indicator['markings']:
                    if attribute_marking['id'] not in added_markings:
                        bundle_objects.append(attribute_marking)
                        added_markings.append(attribute_marking['id'])
                # Add attribute elements
                all_attribute_elements = \
                    indicator['attribute_elements']['intrusion_sets'] + \
                    indicator['attribute_elements']['malwares'] + \
                    indicator['attribute_elements']['tools'] + \
                    indicator['attribute_elements']['attack_patterns']
                for attribute_element in all_attribute_elements:
                    if attribute_element['name'] not in added_object_refs:
                        object_refs.append(attribute_element)
                        added_object_refs.append(attribute_element['name'])
                    if attribute_element['name'] not in added_entities:
                        bundle_objects.append(attribute_element)
                        added_entities.append(attribute_element['name'])
                # Add attribute relationships
                for relationship in indicator['relationships']:
                    object_refs.append(relationship)
                    bundle_objects.append(relationship)
            # Add object_relationships
            for object_relationship in objects_relationships:
                bundle_objects.append(object_relationship)

            ### Create the report if needed
            if self.misp_create_report and len(object_refs) > 0:
                report = Report(
                    name=event['Event']['info'],
                    description=event['Event']['info'],
                    published=parse(event['Event']['date']),
                    created_by_ref=author,
                    object_marking_refs=event_markings,
                    labels=['threat-report'],
                    object_refs=object_refs,
                    external_references=[event_external_reference],
                    custom_properties={
                        'x_opencti_report_class': self.misp_report_class,
                        'x_opencti_object_status': 2
                    }
                )
                bundle_objects.append(report)
            bundle = Bundle(objects=bundle_objects).serialize()
            self.helper.send_stix2_bundle(bundle, None, self.update_existing_data, False)
Exemplo n.º 13
0
    def process_events(self, events):
        for event in events:
            generic_actor = ThreatActor(
                name='Unknown threats',
                labels=['threat-actor'],
                description=
                'All unknown threats are represented by this pseudo threat actor. This entity helps to organize knowledge and indicators that could not be attributed to any other threats.'
            )
            added_threats = []
            added_markings = []
            # Default values
            author = Identity(name=event['Event']['Orgc']['name'],
                              identity_class='organization')
            report_threats = self.prepare_threats(event['Event']['Galaxy'])
            if 'Tag' in event['Event']:
                report_markings = self.resolve_markings(event['Event']['Tag'])
            else:
                report_markings = []
            reference_misp = ExternalReference(
                source_name=self.helper.connect_name,
                url=self.misp_url + '/events/view/' + event['Event']['uuid'])

            # Get all attributes
            indicators = []
            for attribute in event['Event']['Attribute']:
                indicator = self.process_attribute(author, report_threats,
                                                   attribute, generic_actor)
                if indicator is not None:
                    indicators.append(indicator)

            # get all attributes of object
            for object in event['Event']['Object']:
                for attribute in object['Attribute']:
                    indicator = self.process_attribute(author, report_threats,
                                                       attribute,
                                                       generic_actor)
                    if indicator is not None:
                        indicators.append(indicator)

            bundle_objects = [author]
            report_refs = []
            for report_marking in report_markings:
                if report_marking['id'] not in added_markings:
                    bundle_objects.append(report_marking)
                    added_markings.append(report_marking['id'])

            for report_threat in report_threats:
                report_refs.append(report_threat)
                bundle_objects.append(report_threat)
                added_threats.append(report_threat['name'])

            for indicator in indicators:
                report_refs.append(indicator['indicator'])
                bundle_objects.append(indicator['indicator'])
                for attribute_threat in indicator['attribute_threats']:
                    if attribute_threat['name'] not in added_threats:
                        report_refs.append(attribute_threat)
                        bundle_objects.append(attribute_threat)
                        added_threats.append(attribute_threat['name'])
                for marking in indicator['markings']:
                    if marking['id'] not in added_markings:
                        bundle_objects.append(marking)
                        added_markings.append(marking['id'])
                for relationship in indicator['relationships']:
                    report_refs.append(relationship)
                    bundle_objects.append(relationship)

            if len(report_refs) > 0:
                report = Report(name=event['Event']['info'],
                                description=event['Event']['info'],
                                published=parse(event['Event']['date']),
                                created_by_ref=author,
                                object_marking_refs=report_markings,
                                labels=['threat-report'],
                                object_refs=report_refs,
                                external_references=[reference_misp],
                                custom_properties={
                                    'x_opencti_report_class': 'Threat Report'
                                })
                bundle_objects.append(report)
                bundle = Bundle(objects=bundle_objects).serialize()
                self.helper.send_stix2_bundle(bundle)

            if self.misp_untag_event:
                self.misp.untag(event['Event']['uuid'], self.misp_tag)
            self.misp.tag(event['Event']['uuid'], self.misp_imported_tag)
Exemplo n.º 14
0
    def _process_message(self, data):
        file_fetch = data["file_fetch"]
        file_uri = self.helper.opencti_url + file_fetch
        file_name = os.path.basename(file_fetch)
        entity_id = data.get("entity_id", None)
        self.helper.log_info(entity_id)
        # Get context
        is_context = entity_id is not None and len(entity_id) > 0
        self.helper.log_info("Context: {}".format(is_context))
        self.helper.log_info(
            "get_only_contextual: {}".format(self.helper.get_only_contextual())
        )
        if self.helper.get_only_contextual() and not is_context:
            raise ValueError(
                "No context defined, connector is get_only_contextual true"
            )
        self.helper.log_info("Importing the file " + file_uri)
        # Get the file
        file_content = self.helper.api.fetch_opencti_file(file_uri, True)
        # Write the file
        f = open(file_name, "wb")
        f.write(file_content)
        f.close()
        # Parse
        bundle_objects = []
        stix_objects = set()
        i = 0
        custom_indicators = self._get_entities()
        mime_type = self._get_mime_type(file_name)
        print(mime_type)
        if mime_type is None:
            raise ValueError("Invalid file format of {}".format(file_name))

        parser = iocp.IOC_Parser(
            None,
            mime_type,
            True,
            "pdfminer",
            "json",
            custom_indicators=custom_indicators,
        )
        parsed = parser.parse(file_name)
        os.remove(file_name)
        if parsed != []:
            for file in parsed:
                if file != None:
                    for page in file:
                        if page != []:
                            for match in page:
                                resolved_match = self._resolve_match(match)
                                if resolved_match:
                                    # For the creation of relationships
                                    if resolved_match[
                                        "type"
                                    ] not in self.types.values() and self._is_uuid(
                                        resolved_match["value"]
                                    ):
                                        stix_objects.add(resolved_match["value"])
                                    # For CVEs since SimpleObservable doesn't support Vulnerabilities yet
                                    elif resolved_match["type"] == "Vulnerability.name":
                                        vulnerability = Vulnerability(
                                            name=resolved_match["value"]
                                        )
                                        bundle_objects.append(vulnerability)
                                    # Other observables
                                    elif resolved_match["type"] in self.types.values():
                                        observable = SimpleObservable(
                                            id=OpenCTIStix2Utils.generate_random_stix_id(
                                                "x-opencti-simple-observable"
                                            ),
                                            key=resolved_match["type"],
                                            value=resolved_match["value"],
                                            x_opencti_create_indicator=self.create_indicator,
                                        )
                                        bundle_objects.append(observable)
                                    else:
                                        self.helper.log_info(
                                            "Odd data received: {}".format(
                                                resolved_match
                                            )
                                        )
                                    i += 1
        else:
            self.helper.log_error("Could not parse the report!")

        if is_context:
            entity = self.helper.api.stix_domain_object.read(id=entity_id)
            if entity is not None:
                if entity["entity_type"] == "Report" and len(bundle_objects) > 0:
                    report = Report(
                        id=entity["standard_id"],
                        name=entity["name"],
                        description=entity["description"],
                        published=self.helper.api.stix2.format_date(entity["created"]),
                        report_types=entity["report_types"],
                        object_refs=bundle_objects,
                    )
                    bundle_objects.append(report)

        bundles_sent = []
        if len(bundle_objects) > 0:
            bundle = Bundle(objects=bundle_objects).serialize()
            bundles_sent = self.helper.send_stix2_bundle(bundle)

        if len(stix_objects) > 0 and entity_id is not None:
            report = self.helper.api.report.read(id=entity_id)
            if report:
                for stix_object in stix_objects:
                    self.helper.log_info(stix_object)
                    self.helper.api.report.add_stix_object_or_stix_relationship(
                        id=report["id"], stixObjectOrStixRelationshipId=stix_object
                    )

        return "Sent " + str(len(bundles_sent)) + " stix bundle(s) for worker import"