[client] Killchain management

Samuel Hassine · Samuel Hassine · commit 03858dd0b9aa · 2020-06-04T02:21:50.000+02:00
diff --git a/pycti/entities/opencti_tool.py b/pycti/entities/opencti_tool.py
@@ -332,6 +332,47 @@ def create(self, **kwargs):
                 tags=tags,
             )
 
+    """
+        Import an Tool object from a STIX2 object
+
+        :param stixObject: the Stix-Object Tool
+        :return Tool object
+    """
+
+    def import_from_stix2(self, **kwargs):
+        stix_object = kwargs.get("stixObject", None)
+        extras = kwargs.get("extras", {})
+        update = kwargs.get("update", False)
+        if stix_object is not None:
+            return self.opencti.tool.create(
+                name=stix_object["name"],
+                description=self.opencti.stix2.convert_markdown(stix_object["description"])
+                if "description" in stix_object
+                else "",
+                alias=self.opencti.stix2.pick_aliases(stix_object),
+                id=stix_object[CustomProperties.ID]
+                if CustomProperties.ID in stix_object
+                else None,
+                stix_id_key=stix_object["id"] if "id" in stix_object else None,
+                created=stix_object["created"] if "created" in stix_object else None,
+                modified=stix_object["modified"] if "modified" in stix_object else None,
+                createdByRef=extras["created_by_ref_id"]
+                if "created_by_ref_id" in extras
+                else None,
+                markingDefinitions=extras["marking_definitions_ids"]
+                if "marking_definitions_ids" in extras
+                else None,
+                killChainPhases=extras["kill_chain_phases_ids"]
+                if "kill_chain_phases_ids" in extras
+                else None,
+                tags=extras["tags_ids"] if "tags_ids" in extras else [],
+                update=update,
+            )
+        else:
+            self.opencti.log(
+                "error", "[opencti_tool] Missing parameters: stixObject"
+            )
+
     """
         Export an Tool object in STIX2
     
diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py
@@ -270,9 +270,13 @@ def extract_embedded_relationships(self, stix_object, types=None) -> dict:
         kill_chain_phases_ids = []
         if "kill_chain_phases" in stix_object:
             for kill_chain_phase in stix_object["kill_chain_phases"]:
-                if kill_chain_phase["phase_name"] in self.mapping_cache:
+                if (
+                    kill_chain_phase["kill_chain_name"] + kill_chain_phase["phase_name"]
+                    in self.mapping_cache
+                ):
                     kill_chain_phase = self.mapping_cache[
-                        kill_chain_phase["phase_name"]
+                        kill_chain_phase["kill_chain_name"]
+                        + kill_chain_phase["phase_name"]
                     ]
                 else:
                     kill_chain_phase = self.opencti.kill_chain_phase.create(
@@ -294,7 +298,10 @@ def extract_embedded_relationships(self, stix_object, types=None) -> dict:
                         if CustomProperties.MODIFIED in kill_chain_phase
                         else None,
                     )
-                    self.mapping_cache[kill_chain_phase["phase_name"]] = {
+                    self.mapping_cache[
+                        kill_chain_phase["kill_chain_name"]
+                        + kill_chain_phase["phase_name"]
+                    ] = {
                         "id": kill_chain_phase["id"],
                         "type": kill_chain_phase["entity_type"],
                     }
@@ -1883,31 +1890,9 @@ def create_malware(self, stix_object, extras, update=False):
             update=update,
         )
 
-    # TODO move in Tool
     def create_tool(self, stix_object, extras, update=False):
-        return self.opencti.tool.create(
-            name=stix_object["name"],
-            description=self.convert_markdown(stix_object["description"])
-            if "description" in stix_object
-            else "",
-            alias=self.pick_aliases(stix_object),
-            id=stix_object[CustomProperties.ID]
-            if CustomProperties.ID in stix_object
-            else None,
-            stix_id_key=stix_object["id"] if "id" in stix_object else None,
-            created=stix_object["created"] if "created" in stix_object else None,
-            modified=stix_object["modified"] if "modified" in stix_object else None,
-            createdByRef=extras["created_by_ref_id"]
-            if "created_by_ref_id" in extras
-            else None,
-            markingDefinitions=extras["marking_definitions_ids"]
-            if "marking_definitions_ids" in extras
-            else None,
-            killChainPhases=extras["kill_chain_phases_ids"]
-            if "kill_chain_phases_ids" in extras
-            else None,
-            tags=extras["tags_ids"] if "tags_ids" in extras else [],
-            update=update,
+        return self.opencti.tool.import_from_stix2(
+            stixObject=stix_object, extras=extras, update=update
         )
 
     # TODO move in Vulnerability
diff --git a/requirements.txt b/requirements.txt
@@ -2,7 +2,7 @@ requests==2.23.0
 PyYAML==5.3.1
 setuptools==47.1.1
 python-dateutil==2.8.1
-datefinder==0.7.1
+datefinder==0.7.0
 stix2==1.4.0
 pytz==2020.1
 pika==1.1.0
diff --git a/setup.py b/setup.py
@@ -5,7 +5,7 @@
 from setuptools import setup
 from setuptools.command.install import install
 
-VERSION = "3.3.1"
+VERSION = "3.3.2"
 
 with open("README.md", "r") as fh:
     long_description = fh.read()
