Skip to content

Commit db23885

Browse files
CelineSebeCelineSebe
authored
[client] Add new SCO - SSH-key (#10905)
Co-authored-by: ValentinBouzinFiligran
1 parent a6fc501 commit db23885

File tree

7 files changed

+120
-0
lines changed

7 files changed

+120
-0
lines changed

examples/create_observable_sshkey.py

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
# coding: utf-8
2+
import os
3+
4+
from pycti import OpenCTIApiClient
5+
6+
# Variables
7+
api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000")
8+
api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159")
9+
10+
# OpenCTI initialization
11+
opencti_api_client = OpenCTIApiClient(api_url, api_token)
12+
13+
observable_sshkey = opencti_api_client.stix_cyber_observable.create(
14+
observableData={"type": "SSH-Key", "fingerprint_sha256": "sha256_test"}
15+
)
16+
17+
print(observable_sshkey)

examples/delete_observable_sshkey.py

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
# coding: utf-8
2+
import os
3+
4+
from pycti import OpenCTIApiClient
5+
6+
# Variables
7+
api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000")
8+
api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159")
9+
10+
# OpenCTI initialization
11+
opencti_api_client = OpenCTIApiClient(api_url, api_token)
12+
13+
opencti_api_client.stix_cyber_observable.create(
14+
observableData={"type": "SSH-Key", "fingerprint_sha256": "sha256_test"}
15+
)
16+
17+
observable_sshkey = opencti_api_client.stix_cyber_observable.read(
18+
filters={
19+
"mode": "and",
20+
"filters": [{"key": "fingerprint_sha256", "values": ["sha256_test"]}],
21+
"filterGroups": [],
22+
}
23+
)
24+
25+
opencti_api_client.stix_cyber_observable.delete(id=observable_sshkey.get("id"))

examples/update_observable_attributes.py

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,3 +52,12 @@
5252
opencti_api_client.stix_cyber_observable.update_created_by(
5353
id=observable["id"], identity_id=author["id"]
5454
)
55+
56+
observable_sshkey = opencti_api_client.stix_cyber_observable.create(
57+
observableData={"type": "SSH-Key", "fingerprint_sha256": "sha256_test"}
58+
)
59+
60+
opencti_api_client.stix_cyber_observable.update_field(
61+
id=observable_sshkey.get("id"),
62+
input={"key": "fingerprint_sha256", "value": "sha256_test_edit_name"},
63+
)

pycti/entities/opencti_stix_cyber_observable.py

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -287,6 +287,8 @@ def create(self, **kwargs):
287287
type = "IPv6-Addr"
288288
elif type.lower() == "persona":
289289
type = "Persona"
290+
elif type.lower() == "ssh-key":
291+
type = "SSH-Key"
290292
elif type.lower() == "hostname" or type.lower() == "x-opencti-hostname":
291293
type = "Hostname"
292294
elif type.lower() == "payment-card" or type.lower() == "x-opencti-payment-card":
@@ -420,6 +422,7 @@ def create(self, **kwargs):
420422
$PaymentCard: PaymentCardAddInput
421423
$Persona: PersonaAddInput
422424
$MediaContent: MediaContentAddInput
425+
$SSHKey: SSHKeyAddInput
423426
) {
424427
stixCyberObservableAdd(
425428
type: $type,
@@ -465,6 +468,7 @@ def create(self, **kwargs):
465468
PaymentCard: $PaymentCard
466469
Persona: $Persona
467470
MediaContent: $MediaContent
471+
SSHKey: $SSHKey
468472
) {
469473
id
470474
standard_id
@@ -713,6 +717,49 @@ def create(self, **kwargs):
713717
else None
714718
),
715719
}
720+
elif type == "SSH-Key" or type.lower() == "ssh-key":
721+
input_variables["SSHKey"] = {
722+
"key_type": (
723+
observable_data["key_type"]
724+
if "key_type" in observable_data
725+
else None
726+
),
727+
"public_key": (
728+
observable_data["public_key"]
729+
if "public_key" in observable_data
730+
else None
731+
),
732+
"fingerprint_sha256": (
733+
observable_data["fingerprint_sha256"]
734+
if "fingerprint_sha256" in observable_data
735+
else False
736+
),
737+
"fingerprint_md5": (
738+
observable_data["fingerprint_md5"]
739+
if "fingerprint_md5" in observable_data
740+
else None
741+
),
742+
"key_length": (
743+
observable_data["key_length"]
744+
if "key_length" in observable_data
745+
else None
746+
),
747+
"comment": (
748+
observable_data["comment"]
749+
if "comment" in observable_data
750+
else None
751+
),
752+
"created": (
753+
observable_data["created"]
754+
if "created" in observable_data
755+
else None
756+
),
757+
"expiration_date": (
758+
observable_data["expiration_date"]
759+
if "expiration_date" in observable_data
760+
else None
761+
),
762+
}
716763
elif type == "IPv4-Addr":
717764
input_variables["IPv4Addr"] = {
718765
"value": (

pycti/entities/stix_cyber_observable/opencti_stix_cyber_observable_properties.py

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -173,6 +173,16 @@
173173
algorithm
174174
hash
175175
}
176+
}
177+
... on SSHKey {
178+
key_type
179+
public_key
180+
fingerprint_sha256
181+
fingerprint_md5
182+
key_length
183+
expiration_date
184+
comment
185+
created
176186
}
177187
... on IPv4Addr {
178188
value
@@ -479,6 +489,16 @@
479489
hash
480490
}
481491
}
492+
... on SSHKey {
493+
key_type
494+
public_key
495+
fingerprint_sha256
496+
fingerprint_md5
497+
key_length
498+
expiration_date
499+
comment
500+
created
501+
}
482502
... on IPv4Addr {
483503
value
484504
}

pycti/utils/constants.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,7 @@ class StixCyberObservableTypes(Enum):
4646
MEDIA_CONTENT = "Media-Content"
4747
SIMPLE_OBSERVABLE = "Simple-Observable"
4848
PERSONA = "Persona"
49+
SSH_KEY = "SSH-Key"
4950

5051
@classmethod
5152
def has_value(cls, value: str) -> bool:

pycti/utils/opencti_stix2_utils.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,7 @@
103103
"media-content": "Media-Content",
104104
"simple-observable": "Simple-Observable",
105105
"persona": "Persona",
106+
"ssh-key": "SSH-Key",
106107
}
107108

108109
STIX_OBJECTS = (

0 commit comments

Comments
 (0)