def __init__(self, url, token, log_level="info", ssl_verify=False):
"""Constructor method
"""
# Check configuration
self.ssl_verify = ssl_verify
if url is None or len(token) == 0:
raise ValueError("Url configuration must be configured")
if token is None or len(token) == 0 or token == "ChangeMe":
raise ValueError(
"Token configuration must be the same as APP__ADMIN__TOKEN")
# Configure logger
self.log_level = log_level
numeric_level = getattr(logging, self.log_level.upper(), None)
if not isinstance(numeric_level, int):
raise ValueError("Invalid log level: " + self.log_level)
logging.basicConfig(level=numeric_level)
# Define API
self.api_token = token
self.api_url = url + "/graphql"
self.request_headers = {"Authorization": "Bearer " + token}
# Define the dependencies
self.job = OpenCTIApiJob(self)
self.connector = OpenCTIApiConnector(self)
self.stix2 = OpenCTIStix2(self)
# Define the entities
self.tag = Tag(self)
self.marking_definition = MarkingDefinition(self)
self.external_reference = ExternalReference(self)
self.kill_chain_phase = KillChainPhase(self)
self.stix_entity = StixEntity(self)
self.stix_domain_entity = StixDomainEntity(self, File)
self.stix_observable = StixObservable(self)
self.stix_relation = StixRelation(self)
self.stix_sighting = StixSighting(self)
self.stix_observable_relation = StixObservableRelation(self)
self.identity = Identity(self)
self.threat_actor = ThreatActor(self)
self.intrusion_set = IntrusionSet(self)
self.campaign = Campaign(self)
self.incident = Incident(self)
self.malware = Malware(self)
self.tool = Tool(self)
self.vulnerability = Vulnerability(self)
self.attack_pattern = AttackPattern(self)
self.course_of_action = CourseOfAction(self)
self.report = Report(self)
self.note = Note(self)
self.opinion = Opinion(self)
self.indicator = Indicator(self)
# Check if openCTI is available
if not self.health_check():
raise ValueError(
"OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration..."
)
def __init__(self,
url,
token,
log_level="info",
ssl_verify=False,
proxies={}):
"""Constructor method"""
# Check configuration
# 校验一下配置
self.ssl_verify = ssl_verify
self.proxies = proxies
if url is None or len(token) == 0:
raise ValueError("Url configuration must be configured")
if token is None or len(token) == 0 or token == "ChangeMe":
raise ValueError(
"Token configuration must be the same as APP__ADMIN__TOKEN")
# Configure logger
# 设置日志等级
self.log_level = log_level
numeric_level = getattr(logging, self.log_level.upper(), None)
if not isinstance(numeric_level, int):
raise ValueError("Invalid log level: " + self.log_level)
logging.basicConfig(level=numeric_level)
# Define API
# 定义api
self.api_token = token
self.api_url = url + "/graphql"
self.request_headers = {"Authorization": "Bearer " + token}
# Define the dependencies
# 定义工作器、连接器、规范
self.work = OpenCTIApiWork(self)
self.connector = OpenCTIApiConnector(self)
self.stix2 = OpenCTIStix2(self)
# Define the entities
# 定义一些实体
self.label = Label(self)
self.marking_definition = MarkingDefinition(self)
self.external_reference = ExternalReference(self)
self.kill_chain_phase = KillChainPhase(self)
self.opencti_stix_object_or_stix_relationship = StixObjectOrStixRelationship(
self)
self.stix_domain_object = StixDomainObject(self, File)
self.stix_cyber_observable = StixCyberObservable(self, File)
self.stix_core_relationship = StixCoreRelationship(self)
self.stix_sighting_relationship = StixSightingRelationship(self)
self.stix_cyber_observable_relationship = StixCyberObservableRelationship(
self)
self.identity = Identity(self)
self.location = Location(self)
self.threat_actor = ThreatActor(self)
self.intrusion_set = IntrusionSet(self)
self.infrastructure = Infrastructure(self)
self.campaign = Campaign(self)
self.x_opencti_incident = XOpenCTIIncident(self)
self.malware = Malware(self)
self.tool = Tool(self)
self.vulnerability = Vulnerability(self)
self.attack_pattern = AttackPattern(self)
self.course_of_action = CourseOfAction(self)
self.report = Report(self)
self.note = Note(self)
self.observed_data = ObservedData(self)
self.opinion = Opinion(self)
self.indicator = Indicator(self)
# Check if openCTI is available
# 做一下心跳检测
if not self.health_check():
raise ValueError(
"OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration..."
)
def opencti_stix2(api_client):
return OpenCTIStix2(api_client)
def __init__(
self,
url,
token,
log_level="info",
ssl_verify=False,
proxies=None,
json_logging=False,
):
"""Constructor method"""
# Check configuration
self.ssl_verify = ssl_verify
self.proxies = proxies
if url is None or len(url) == 0:
raise ValueError("An URL must be set")
if token is None or len(token) == 0 or token == "ChangeMe":
raise ValueError("A TOKEN must be set")
# Configure logger
self.log_level = log_level
numeric_level = getattr(logging, self.log_level.upper(), None)
if not isinstance(numeric_level, int):
raise ValueError("Invalid log level: " + self.log_level)
if json_logging:
log_handler = logging.StreamHandler()
log_handler.setLevel(self.log_level.upper())
formatter = CustomJsonFormatter(
"%(timestamp)s %(level)s %(name)s %(message)s")
log_handler.setFormatter(formatter)
logging.basicConfig(handlers=[log_handler],
level=numeric_level,
force=True)
else:
logging.basicConfig(level=numeric_level)
# Define API
self.api_token = token
self.api_url = url + "/graphql"
self.request_headers = {"Authorization": "Bearer " + token}
self.session = requests.session()
# Define the dependencies
self.work = OpenCTIApiWork(self)
self.connector = OpenCTIApiConnector(self)
self.stix2 = OpenCTIStix2(self)
# Define the entities
self.label = Label(self)
self.marking_definition = MarkingDefinition(self)
self.external_reference = ExternalReference(self, File)
self.kill_chain_phase = KillChainPhase(self)
self.opencti_stix_object_or_stix_relationship = StixObjectOrStixRelationship(
self)
self.stix = Stix(self)
self.stix_domain_object = StixDomainObject(self, File)
self.stix_core_object = StixCoreObject(self, File)
self.stix_cyber_observable = StixCyberObservable(self, File)
self.stix_core_relationship = StixCoreRelationship(self)
self.stix_sighting_relationship = StixSightingRelationship(self)
self.stix_cyber_observable_relationship = StixCyberObservableRelationship(
self)
self.identity = Identity(self)
self.location = Location(self)
self.threat_actor = ThreatActor(self)
self.intrusion_set = IntrusionSet(self)
self.infrastructure = Infrastructure(self)
self.campaign = Campaign(self)
self.incident = Incident(self)
self.malware = Malware(self)
self.tool = Tool(self)
self.vulnerability = Vulnerability(self)
self.attack_pattern = AttackPattern(self)
self.course_of_action = CourseOfAction(self)
self.report = Report(self)
self.note = Note(self)
self.observed_data = ObservedData(self)
self.opinion = Opinion(self)
self.indicator = Indicator(self)
# Check if openCTI is available
if not self.health_check():
raise ValueError(
"OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration..."
)