def __init__(self, url, token, log_level="info", ssl_verify=False): """Constructor method """ # Check configuration self.ssl_verify = ssl_verify if url is None or len(token) == 0: raise ValueError("Url configuration must be configured") if token is None or len(token) == 0 or token == "ChangeMe": raise ValueError( "Token configuration must be the same as APP__ADMIN__TOKEN") # Configure logger self.log_level = log_level numeric_level = getattr(logging, self.log_level.upper(), None) if not isinstance(numeric_level, int): raise ValueError("Invalid log level: " + self.log_level) logging.basicConfig(level=numeric_level) # Define API self.api_token = token self.api_url = url + "/graphql" self.request_headers = {"Authorization": "Bearer " + token} # Define the dependencies self.job = OpenCTIApiJob(self) self.connector = OpenCTIApiConnector(self) self.stix2 = OpenCTIStix2(self) # Define the entities self.tag = Tag(self) self.marking_definition = MarkingDefinition(self) self.external_reference = ExternalReference(self) self.kill_chain_phase = KillChainPhase(self) self.stix_entity = StixEntity(self) self.stix_domain_entity = StixDomainEntity(self, File) self.stix_observable = StixObservable(self) self.stix_relation = StixRelation(self) self.stix_sighting = StixSighting(self) self.stix_observable_relation = StixObservableRelation(self) self.identity = Identity(self) self.threat_actor = ThreatActor(self) self.intrusion_set = IntrusionSet(self) self.campaign = Campaign(self) self.incident = Incident(self) self.malware = Malware(self) self.tool = Tool(self) self.vulnerability = Vulnerability(self) self.attack_pattern = AttackPattern(self) self.course_of_action = CourseOfAction(self) self.report = Report(self) self.note = Note(self) self.opinion = Opinion(self) self.indicator = Indicator(self) # Check if openCTI is available if not self.health_check(): raise ValueError( "OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration..." )
def __init__(self, url, token, log_level="info", ssl_verify=False, proxies={}): """Constructor method""" # Check configuration # 校验一下配置 self.ssl_verify = ssl_verify self.proxies = proxies if url is None or len(token) == 0: raise ValueError("Url configuration must be configured") if token is None or len(token) == 0 or token == "ChangeMe": raise ValueError( "Token configuration must be the same as APP__ADMIN__TOKEN") # Configure logger # 设置日志等级 self.log_level = log_level numeric_level = getattr(logging, self.log_level.upper(), None) if not isinstance(numeric_level, int): raise ValueError("Invalid log level: " + self.log_level) logging.basicConfig(level=numeric_level) # Define API # 定义api self.api_token = token self.api_url = url + "/graphql" self.request_headers = {"Authorization": "Bearer " + token} # Define the dependencies # 定义工作器、连接器、规范 self.work = OpenCTIApiWork(self) self.connector = OpenCTIApiConnector(self) self.stix2 = OpenCTIStix2(self) # Define the entities # 定义一些实体 self.label = Label(self) self.marking_definition = MarkingDefinition(self) self.external_reference = ExternalReference(self) self.kill_chain_phase = KillChainPhase(self) self.opencti_stix_object_or_stix_relationship = StixObjectOrStixRelationship( self) self.stix_domain_object = StixDomainObject(self, File) self.stix_cyber_observable = StixCyberObservable(self, File) self.stix_core_relationship = StixCoreRelationship(self) self.stix_sighting_relationship = StixSightingRelationship(self) self.stix_cyber_observable_relationship = StixCyberObservableRelationship( self) self.identity = Identity(self) self.location = Location(self) self.threat_actor = ThreatActor(self) self.intrusion_set = IntrusionSet(self) self.infrastructure = Infrastructure(self) self.campaign = Campaign(self) self.x_opencti_incident = XOpenCTIIncident(self) self.malware = Malware(self) self.tool = Tool(self) self.vulnerability = Vulnerability(self) self.attack_pattern = AttackPattern(self) self.course_of_action = CourseOfAction(self) self.report = Report(self) self.note = Note(self) self.observed_data = ObservedData(self) self.opinion = Opinion(self) self.indicator = Indicator(self) # Check if openCTI is available # 做一下心跳检测 if not self.health_check(): raise ValueError( "OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration..." )
def __init__( self, url, token, log_level="info", ssl_verify=False, proxies=None, json_logging=False, ): """Constructor method""" # Check configuration self.ssl_verify = ssl_verify self.proxies = proxies if url is None or len(url) == 0: raise ValueError("An URL must be set") if token is None or len(token) == 0 or token == "ChangeMe": raise ValueError("A TOKEN must be set") # Configure logger self.log_level = log_level numeric_level = getattr(logging, self.log_level.upper(), None) if not isinstance(numeric_level, int): raise ValueError("Invalid log level: " + self.log_level) if json_logging: log_handler = logging.StreamHandler() log_handler.setLevel(self.log_level.upper()) formatter = CustomJsonFormatter( "%(timestamp)s %(level)s %(name)s %(message)s") log_handler.setFormatter(formatter) logging.basicConfig(handlers=[log_handler], level=numeric_level, force=True) else: logging.basicConfig(level=numeric_level) # Define API self.api_token = token self.api_url = url + "/graphql" self.request_headers = {"Authorization": "Bearer " + token} self.session = requests.session() # Define the dependencies self.work = OpenCTIApiWork(self) self.connector = OpenCTIApiConnector(self) self.stix2 = OpenCTIStix2(self) # Define the entities self.label = Label(self) self.marking_definition = MarkingDefinition(self) self.external_reference = ExternalReference(self, File) self.kill_chain_phase = KillChainPhase(self) self.opencti_stix_object_or_stix_relationship = StixObjectOrStixRelationship( self) self.stix = Stix(self) self.stix_domain_object = StixDomainObject(self, File) self.stix_core_object = StixCoreObject(self, File) self.stix_cyber_observable = StixCyberObservable(self, File) self.stix_core_relationship = StixCoreRelationship(self) self.stix_sighting_relationship = StixSightingRelationship(self) self.stix_cyber_observable_relationship = StixCyberObservableRelationship( self) self.identity = Identity(self) self.location = Location(self) self.threat_actor = ThreatActor(self) self.intrusion_set = IntrusionSet(self) self.infrastructure = Infrastructure(self) self.campaign = Campaign(self) self.incident = Incident(self) self.malware = Malware(self) self.tool = Tool(self) self.vulnerability = Vulnerability(self) self.attack_pattern = AttackPattern(self) self.course_of_action = CourseOfAction(self) self.report = Report(self) self.note = Note(self) self.observed_data = ObservedData(self) self.opinion = Opinion(self) self.indicator = Indicator(self) # Check if openCTI is available if not self.health_check(): raise ValueError( "OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration..." )