From 8f37b9bd7f9aa4de3f981002d3405f9d502981c9 Mon Sep 17 00:00:00 2001 From: Valentin Bouzin Date: Tue, 9 Jul 2024 09:07:47 +0200 Subject: [PATCH 1/4] [client] Support of KEV field for vulnerability entity (#7390) --- pycti/entities/opencti_vulnerability.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pycti/entities/opencti_vulnerability.py b/pycti/entities/opencti_vulnerability.py index 387ef3f1d..f381e2f24 100644 --- a/pycti/entities/opencti_vulnerability.py +++ b/pycti/entities/opencti_vulnerability.py @@ -105,6 +105,7 @@ def __init__(self, opencti): x_opencti_cvss_integrity_impact x_opencti_cvss_availability_impact x_opencti_cvss_confidentiality_impact + x_opencti_cisa_kev_exploited importFiles { edges { node { @@ -283,6 +284,7 @@ def create(self, **kwargs): x_opencti_cvss_base_score = kwargs.get("x_opencti_cvss_base_score", None) x_opencti_cvss_base_severity = kwargs.get("x_opencti_cvss_base_severity", None) x_opencti_cvss_attack_vector = kwargs.get("x_opencti_cvss_attack_vector", None) + x_opencti_cisa_kev_exploited = kwargs.get("x_opencti_cisa_kev_exploited", None) x_opencti_cvss_integrity_impact = kwargs.get( "x_opencti_cvss_integrity_impact", None ) @@ -333,6 +335,7 @@ def create(self, **kwargs): "x_opencti_cvss_integrity_impact": x_opencti_cvss_integrity_impact, "x_opencti_cvss_availability_impact": x_opencti_cvss_availability_impact, "x_opencti_cvss_confidentiality_impact": x_opencti_cvss_confidentiality_impact, + "x_opencti_cisa_kev_exploited": x_opencti_cisa_kev_exploited, "x_opencti_stix_ids": x_opencti_stix_ids, "x_opencti_workflow_id": x_opencti_workflow_id, "update": update, From 1c1874e74da4931b9c117402fc7d926d0dcbb68b Mon Sep 17 00:00:00 2001 From: Valentin Bouzin Date: Tue, 9 Jul 2024 15:25:08 +0200 Subject: [PATCH 2/4] key updated and import function updated --- pycti/entities/opencti_vulnerability.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/pycti/entities/opencti_vulnerability.py b/pycti/entities/opencti_vulnerability.py index f381e2f24..c29ad7da1 100644 --- a/pycti/entities/opencti_vulnerability.py +++ b/pycti/entities/opencti_vulnerability.py @@ -105,7 +105,7 @@ def __init__(self, opencti): x_opencti_cvss_integrity_impact x_opencti_cvss_availability_impact x_opencti_cvss_confidentiality_impact - x_opencti_cisa_kev_exploited + x_opencti_cisa_kev importFiles { edges { node { @@ -284,7 +284,7 @@ def create(self, **kwargs): x_opencti_cvss_base_score = kwargs.get("x_opencti_cvss_base_score", None) x_opencti_cvss_base_severity = kwargs.get("x_opencti_cvss_base_severity", None) x_opencti_cvss_attack_vector = kwargs.get("x_opencti_cvss_attack_vector", None) - x_opencti_cisa_kev_exploited = kwargs.get("x_opencti_cisa_kev_exploited", None) + x_opencti_cisa_kev= kwargs.get("x_opencti_cisa_kev", None) x_opencti_cvss_integrity_impact = kwargs.get( "x_opencti_cvss_integrity_impact", None ) @@ -335,7 +335,7 @@ def create(self, **kwargs): "x_opencti_cvss_integrity_impact": x_opencti_cvss_integrity_impact, "x_opencti_cvss_availability_impact": x_opencti_cvss_availability_impact, "x_opencti_cvss_confidentiality_impact": x_opencti_cvss_confidentiality_impact, - "x_opencti_cisa_kev_exploited": x_opencti_cisa_kev_exploited, + "x_opencti_cisa_kev": x_opencti_cisa_kev, "x_opencti_stix_ids": x_opencti_stix_ids, "x_opencti_workflow_id": x_opencti_workflow_id, "update": update, @@ -440,6 +440,7 @@ def import_from_stix2(self, **kwargs): stix_object["x_opencti_workflow_id"] = ( self.opencti.get_attribute_in_extension("workflow_id", stix_object) ) + return self.create( stix_id=stix_object["id"], createdBy=( @@ -521,6 +522,11 @@ def import_from_stix2(self, **kwargs): if "x_opencti_workflow_id" in stix_object else None ), + x_opencti_cisa_kev=( + stix_object["x_opencti_cisa_kev"] + if "x_opencti_cisa_kev" in stix_object + else None + ), update=update, ) else: From e26739079a16b0082f3eeba17c7a292f2d9373e9 Mon Sep 17 00:00:00 2001 From: Valentin Bouzin Date: Tue, 9 Jul 2024 15:48:07 +0200 Subject: [PATCH 3/4] search in extension for cisa kev updated --- pycti/entities/opencti_vulnerability.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pycti/entities/opencti_vulnerability.py b/pycti/entities/opencti_vulnerability.py index c29ad7da1..de717c5b7 100644 --- a/pycti/entities/opencti_vulnerability.py +++ b/pycti/entities/opencti_vulnerability.py @@ -440,6 +440,10 @@ def import_from_stix2(self, **kwargs): stix_object["x_opencti_workflow_id"] = ( self.opencti.get_attribute_in_extension("workflow_id", stix_object) ) + if "x_opencti_cisa_kev" not in stix_object: + stix_object["x_opencti_cisa_kev"] = ( + self.opencti.get_attribute_in_extension("cisa_kev", stix_object) + ) return self.create( stix_id=stix_object["id"], From 1b2c3357de9420f95a1d0abbace8aaf36a3593c7 Mon Sep 17 00:00:00 2001 From: Valentin Bouzin Date: Tue, 9 Jul 2024 16:39:56 +0200 Subject: [PATCH 4/4] linter --- pycti/entities/opencti_vulnerability.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pycti/entities/opencti_vulnerability.py b/pycti/entities/opencti_vulnerability.py index de717c5b7..23fbfbda5 100644 --- a/pycti/entities/opencti_vulnerability.py +++ b/pycti/entities/opencti_vulnerability.py @@ -284,7 +284,7 @@ def create(self, **kwargs): x_opencti_cvss_base_score = kwargs.get("x_opencti_cvss_base_score", None) x_opencti_cvss_base_severity = kwargs.get("x_opencti_cvss_base_severity", None) x_opencti_cvss_attack_vector = kwargs.get("x_opencti_cvss_attack_vector", None) - x_opencti_cisa_kev= kwargs.get("x_opencti_cisa_kev", None) + x_opencti_cisa_kev = kwargs.get("x_opencti_cisa_kev", None) x_opencti_cvss_integrity_impact = kwargs.get( "x_opencti_cvss_integrity_impact", None )