def test_crate_bundle(): stix_splitter = OpenCTIStix2Splitter() report = Report( report_types=["campaign"], name="Bad Cybercrime", published="2016-04-06T20:03:00.000Z", object_refs=["indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7"], ).serialize() observables = [report] bundle = stix_splitter.stix2_create_bundle(observables, use_json=False, event_version=None) for key in ["type", "id", "spec_version", "objects"]: assert key in bundle assert len(bundle.keys()) == 4 bundle = stix_splitter.stix2_create_bundle(observables, use_json=False, event_version=1) for key in [ "type", "id", "spec_version", "objects", "x_opencti_event_version" ]: assert key in bundle assert len(bundle.keys()) == 5
def test_split_bundle(): stix_splitter = OpenCTIStix2Splitter() with open("./tests/data/enterprise-attack.json") as file: content = file.read() bundles = stix_splitter.split_bundle(content) assert len(bundles) == 7028
def test_split_bundle(): stix_splitter = OpenCTIStix2Splitter() with open("./tests/data/enterprise-attack.json") as file: content = file.read() bundles = stix_splitter.split_bundle(content) assert len(bundles) == 7028 with open("./tests/data/enterprise-attack-orphan.json") as file_orphan: content_orphan = file_orphan.read() # With orphan removal stix_no_orphan_splitter = OpenCTIStix2Splitter(remove_orphan=False) bundles_orphan = stix_no_orphan_splitter.split_bundle(content_orphan) assert len(bundles_orphan) == 7029 # With orphan removal stix_no_orphan_splitter = OpenCTIStix2Splitter(remove_orphan=True) bundles_orphan = stix_no_orphan_splitter.split_bundle(content_orphan) assert len(bundles_orphan) == 7021
def send_stix2_bundle(self, bundle, **kwargs) -> list: """send a stix2 bundle to the API :param work_id: a valid work id :param bundle: valid stix2 bundle :type bundle: :param entities_types: list of entities, defaults to None :type entities_types: list, optional :param update: whether to updated data in the database, defaults to False :type update: bool, optional :param split: whether to split the stix bundle before processing, defaults to True :type split: bool, optional :raises ValueError: if the bundle is empty :return: list of bundles :rtype: list """ work_id = kwargs.get("work_id", self.work_id) entities_types = kwargs.get("entities_types", None) update = kwargs.get("update", False) split = kwargs.get("split", True) if entities_types is None: entities_types = [] if split: stix2_splitter = OpenCTIStix2Splitter() bundles = stix2_splitter.split_bundle(bundle) if len(bundles) == 0: raise ValueError("Nothing to import") if work_id is not None: self.api.work.add_expectations(work_id, len(bundles)) pika_connection = pika.BlockingConnection( pika.URLParameters(self.config["uri"]) ) channel = pika_connection.channel() for sequence, bundle in enumerate(bundles, start=1): self._send_bundle( channel, bundle, work_id=work_id, entities_types=entities_types, sequence=sequence, update=update, ) channel.close() return bundles else: pika_connection = pika.BlockingConnection( pika.URLParameters(self.config["uri"]) ) channel = pika_connection.channel() self._send_bundle( channel, bundle, entities_types=entities_types, update=update ) channel.close() return [bundle]
def send_stix2_bundle(self, bundle, **kwargs) -> list: """send a stix2 bundle to the API :param work_id: a valid work id :param bundle: valid stix2 bundle :type bundle: :param entities_types: list of entities, defaults to None :type entities_types: list, optional :param update: whether to updated data in the database, defaults to False :type update: bool, optional :raises ValueError: if the bundle is empty :return: list of bundles :rtype: list """ work_id = kwargs.get("work_id", self.work_id) entities_types = kwargs.get("entities_types", None) update = kwargs.get("update", False) if entities_types is None: entities_types = [] stix2_splitter = OpenCTIStix2Splitter() bundles = stix2_splitter.split_bundle(bundle) if len(bundles) == 0: raise ValueError("Nothing to import") if work_id is not None: self.api.work.add_expectations(work_id, len(bundles)) pika_credentials = pika.PlainCredentials( self.config["connection"]["user"], self.config["connection"]["pass"] ) pika_parameters = pika.ConnectionParameters( host=self.config["connection"]["host"], port=self.config["connection"]["port"], virtual_host="/", credentials=pika_credentials, ssl_options=pika.SSLOptions( create_ssl_context(), self.config["connection"]["host"] ) if self.config["connection"]["use_ssl"] else None, ) pika_connection = pika.BlockingConnection(pika_parameters) channel = pika_connection.channel() for sequence, bundle in enumerate(bundles, start=1): self._send_bundle( channel, bundle, work_id=work_id, entities_types=entities_types, sequence=sequence, update=update, ) channel.close() return bundles
def send_stix2_bundle(self, bundle, **kwargs) -> list: """send a stix2 bundle to the API :param work_id: a valid work id :param bundle: valid stix2 bundle :type bundle: :param entities_types: list of entities, defaults to None :type entities_types: list, optional :param update: whether to updated data in the database, defaults to False :type update: bool, optional :raises ValueError: if the bundle is empty :return: list of bundles :rtype: list """ work_id = kwargs.get("work_id", self.work_id) entities_types = kwargs.get("entities_types", None) update = kwargs.get("update", False) event_version = kwargs.get("event_version", None) bypass_split = kwargs.get("bypass_split", False) bypass_validation = kwargs.get("bypass_validation", False) entity_id = kwargs.get("entity_id", None) file_name = kwargs.get("file_name", None) if not file_name and work_id: file_name = f"{work_id}.json" if self.connect_validate_before_import and not bypass_validation and file_name: self.api.upload_pending_file( file_name=file_name, data=bundle, mime_type="application/json", entity_id=entity_id, ) return [] if entities_types is None: entities_types = [] if bypass_split: bundles = [bundle] else: stix2_splitter = OpenCTIStix2Splitter() bundles = stix2_splitter.split_bundle(bundle, True, event_version) if len(bundles) == 0: raise ValueError("Nothing to import") if work_id: self.api.work.add_expectations(work_id, len(bundles)) pika_credentials = pika.PlainCredentials( self.config["connection"]["user"], self.config["connection"]["pass"] ) pika_parameters = pika.ConnectionParameters( host=self.config["connection"]["host"], port=self.config["connection"]["port"], virtual_host="/", credentials=pika_credentials, ssl_options=pika.SSLOptions( create_ssl_context(), self.config["connection"]["host"] ) if self.config["connection"]["use_ssl"] else None, ) pika_connection = pika.BlockingConnection(pika_parameters) channel = pika_connection.channel() for sequence, bundle in enumerate(bundles, start=1): self._send_bundle( channel, bundle, work_id=work_id, entities_types=entities_types, sequence=sequence, update=update, ) channel.close() return bundles