From c486386b0055238481a61669bd452583f3e39b83 Mon Sep 17 00:00:00 2001 From: CelineSebe Date: Fri, 10 Oct 2025 10:32:42 +0200 Subject: [PATCH 1/2] add ssh-key SCO (#10905) --- .../entities/opencti_stix_cyber_observable.py | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/pycti/entities/opencti_stix_cyber_observable.py b/pycti/entities/opencti_stix_cyber_observable.py index f23ced87..3b9c4c3a 100644 --- a/pycti/entities/opencti_stix_cyber_observable.py +++ b/pycti/entities/opencti_stix_cyber_observable.py @@ -287,6 +287,8 @@ def create(self, **kwargs): type = "IPv6-Addr" elif type.lower() == "persona": type = "Persona" + elif type.lower() == "ssh-key": + type = "SSH-Key" elif type.lower() == "hostname" or type.lower() == "x-opencti-hostname": type = "Hostname" elif type.lower() == "payment-card" or type.lower() == "x-opencti-payment-card": @@ -420,6 +422,7 @@ def create(self, **kwargs): $PaymentCard: PaymentCardAddInput $Persona: PersonaAddInput $MediaContent: MediaContentAddInput + $SSHKey: SSHKeyAddInput ) { stixCyberObservableAdd( type: $type, @@ -465,6 +468,7 @@ def create(self, **kwargs): PaymentCard: $PaymentCard Persona: $Persona MediaContent: $MediaContent + SSHKey: $SSHKey ) { id standard_id @@ -713,6 +717,49 @@ def create(self, **kwargs): else None ), } + elif type == "SSH-Key" or type.lower() == "ssh-key": + input_variables["SSHKey"] = { + "key_type": ( + observable_data["key_type"] + if "key_type" in observable_data + else False + ), + "public_key": ( + observable_data["public_key"] + if "public_key" in observable_data + else None + ), + "fingerprint_sha256": ( + observable_data["fingerprint_sha256"] + if "fingerprint_sha256" in observable_data + else None + ), + "fingerprint_md5": ( + observable_data["fingerprint_md5"] + if "fingerprint_md5" in observable_data + else None + ), + "key_length": ( + observable_data["key_length"] + if "key_length" in observable_data + else None + ), + "comment": ( + observable_data["comment"] + if "comment" in observable_data + else None + ), + "created": ( + observable_data["created"] + if "created" in observable_data + else None + ), + "expiration_date": ( + observable_data["expiration_date"] + if "expiration_date" in observable_data + else None + ), + } elif type == "IPv4-Addr": input_variables["IPv4Addr"] = { "value": ( From 0b1f281274d8d370662717669940faddf05b210b Mon Sep 17 00:00:00 2001 From: CelineSebe Date: Tue, 14 Oct 2025 09:09:51 +0200 Subject: [PATCH 2/2] changes after review (#10905) --- pycti/entities/opencti_stix_cyber_observable.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pycti/entities/opencti_stix_cyber_observable.py b/pycti/entities/opencti_stix_cyber_observable.py index 3b9c4c3a..3c2f47c0 100644 --- a/pycti/entities/opencti_stix_cyber_observable.py +++ b/pycti/entities/opencti_stix_cyber_observable.py @@ -722,7 +722,7 @@ def create(self, **kwargs): "key_type": ( observable_data["key_type"] if "key_type" in observable_data - else False + else None ), "public_key": ( observable_data["public_key"] @@ -732,7 +732,7 @@ def create(self, **kwargs): "fingerprint_sha256": ( observable_data["fingerprint_sha256"] if "fingerprint_sha256" in observable_data - else None + else False ), "fingerprint_md5": ( observable_data["fingerprint_md5"]