Skip to content

Commit

Permalink
[api] Update observables attributes when upddate is true (#1078)
Browse files Browse the repository at this point in the history
  • Loading branch information
Samuel Hassine committed Feb 14, 2021
1 parent 621eb1a commit 3b3dd4e
Show file tree
Hide file tree
Showing 2 changed files with 175 additions and 1 deletion.
20 changes: 19 additions & 1 deletion opencti-platform/opencti-graphql/src/database/middleware.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ import {
} from '../schema/stixDomainObject';
import { ENTITY_TYPE_LABEL, isStixMetaObject } from '../schema/stixMetaObject';
import { isStixSightingRelationship } from '../schema/stixSightingRelationship';
import { isStixCyberObservable } from '../schema/stixCyberObservable';
import { isStixCyberObservable, stixCyberObservableFieldsToBeUpdated } from '../schema/stixCyberObservable';
import { BUS_TOPICS, logger } from '../config/conf';
import {
dayFormat,
Expand Down Expand Up @@ -1499,6 +1499,24 @@ const upsertElementRaw = async (user, id, type, data) => {
}
}
}
if (isStixCyberObservable(type) && data.update === true) {
const fields = stixCyberObservableFieldsToBeUpdated[type];
if (fields) {
const patch = {};
for (let fieldIndex = 0; fieldIndex < fields.length; fieldIndex += 1) {
const fieldKey = fields[fieldIndex];
const inputData = data[fieldKey];
if (isNotEmptyField(inputData)) {
patch[fieldKey] = Array.isArray(inputData) ? inputData : [inputData];
}
}
if (!R.isEmpty(patch)) {
const patched = await patchAttributeRaw(user, element, patch);
impactedInputs.push(...patched.impactedInputs);
updatedReplaceInputs.push(...patched.updatedInputs);
}
}
}
// Upsert markings
const rawRelations = [];
const targetsPerType = [];
Expand Down
156 changes: 156 additions & 0 deletions opencti-platform/opencti-graphql/src/schema/stixCyberObservable.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,162 @@ export const stixCyberObservableOptions = {
},
};

export const stixCyberObservableFieldsToBeUpdated = {
[ENTITY_AUTONOMOUS_SYSTEM]: ['x_opencti_description', 'x_opencti_score', 'number', 'name', 'rir'],
[ENTITY_DIRECTORY]: ['x_opencti_description', 'x_opencti_score', 'path', 'path_enc', 'ctime', 'mtime', 'atime'],
[ENTITY_DOMAIN_NAME]: ['x_opencti_description', 'x_opencti_score', 'value'],
[ENTITY_EMAIL_ADDR]: ['x_opencti_description', 'x_opencti_score', 'value', 'display_name'],
[ENTITY_EMAIL_MESSAGE]: [
'x_opencti_description',
'x_opencti_score',
'is_multipart',
'attribute_date',
'content_type',
'message_id',
'subject',
'received_lines',
'body',
],
[ENTITY_EMAIL_MIME_PART_TYPE]: [
'x_opencti_description',
'x_opencti_score',
'body',
'content_type',
'content_disposition',
],
[ENTITY_HASHED_OBSERVABLE_ARTIFACT]: [
'x_opencti_description',
'x_opencti_score',
'hashes',
'payload_bin',
'url',
'encryption_algorithm',
'decryption_key',
],
[ENTITY_HASHED_OBSERVABLE_STIX_FILE]: [
'x_opencti_description',
'x_opencti_score',
'hashes',
'extensions',
'size',
'name',
'name_enc',
'magic_number_hex',
'ctime',
'mtime',
'atime',
'x_opencti_additional_names',
],
[ENTITY_HASHED_OBSERVABLE_X509_CERTIFICATE]: [
'x_opencti_description',
'x_opencti_score',
'is_self_signed',
'version',
'serial_number',
'signature_algorithm',
'issuer',
'validity_not_before',
'validity_not_after',
'subject',
'subject_public_key_algorithm',
'subject_public_key_modulus',
'subject_public_key_exponent',
],
[ENTITY_IPV4_ADDR]: ['x_opencti_description', 'x_opencti_score', 'value'],
[ENTITY_IPV6_ADDR]: ['x_opencti_description', 'x_opencti_score', 'value'],
[ENTITY_MAC_ADDR]: ['x_opencti_description', 'x_opencti_score', 'value'],
[ENTITY_MUTEX]: ['x_opencti_description', 'x_opencti_score', 'name'],
[ENTITY_NETWORK_TRAFFIC]: [
'x_opencti_description',
'x_opencti_score',
'extensions',
'start',
'end',
'is_active',
'src_port',
'dst_port',
'protocols',
'src_byte_count',
'dst_byte_count',
'src_packets',
'dst_packets',
],
[ENTITY_PROCESS]: [
'x_opencti_description',
'x_opencti_score',
'extensions',
'is_hidden',
'pid',
'created_time',
'cwd',
'command_line',
'environment_variables',
],
[ENTITY_SOFTWARE]: [
'x_opencti_description',
'x_opencti_score',
'name',
'cpe',
'swid',
'languages',
'vendor',
'version',
],
[ENTITY_URL]: ['x_opencti_description', 'x_opencti_score', 'value'],
[ENTITY_USER_ACCOUNT]: [
'x_opencti_description',
'x_opencti_score',
'extensions',
'user_id',
'credential',
'account_login',
'account_type',
'display_name',
'is_service_account',
'is_privileged',
'can_escalate_privs',
'is_disabled',
'account_created',
'account_expires',
'credential_last_changed',
'account_first_login',
'account_last_login',
],
[ENTITY_WINDOWS_REGISTRY_KEY]: [
'x_opencti_description',
'x_opencti_score',
'attribute_key',
'modified_time',
'number_of_subkeys',
],
[ENTITY_WINDOWS_REGISTRY_VALUE_TYPE]: ['x_opencti_description', 'x_opencti_score', 'name', 'data', 'data_type'],
[ENTITY_X509_V3_EXTENSIONS_TYPE]: [
'x_opencti_description',
'x_opencti_score',
'basic_constraints',
'name_constraints',
'policy_constraints',
'key_usage',
'extended_key_usage',
'subject_key_identifier',
'authority_key_identifier',
'subject_alternative_name',
'issuer_alternative_name',
'subject_directory_attributes',
'crl_distribution_points',
'inhibit_any_policy',
'private_key_usage_period_not_before',
'private_key_usage_period_not_after',
'certificate_policies',
'policy_mappings',
],
[ENTITY_X_OPENCTI_CRYPTOGRAPHIC_KEY]: ['x_opencti_description', 'x_opencti_score', 'value'],
[ENTITY_X_OPENCTI_CRYPTOGRAPHIC_WALLET]: ['x_opencti_description', 'x_opencti_score', 'value'],
[ENTITY_X_OPENCTI_HOSTNAME]: ['x_opencti_description', 'x_opencti_score', 'value'],
[ENTITY_X_OPENCTI_TEXT]: ['x_opencti_description', 'x_opencti_score', 'value'],
[ENTITY_X_OPENCTI_USER_AGENT]: ['x_opencti_description', 'x_opencti_score', 'value'],
};

export const stixCyberObservablesAttributes = {
[ENTITY_AUTONOMOUS_SYSTEM]: [
'internal_id',
Expand Down

0 comments on commit 3b3dd4e

Please sign in to comment.