|
| 1 | +# coding: utf-8 |
| 2 | +import os |
| 3 | +from datetime import datetime, timedelta, timezone |
| 4 | +from pprint import pprint |
| 5 | + |
| 6 | +from pycti import OpenCTIApiClient |
| 7 | + |
| 8 | +# Variables |
| 9 | +api_url = os.getenv("OPENCTI_API_URL", "http://opencti:4000") |
| 10 | +api_token = os.getenv("OPENCTI_API_TOKEN", "bfa014e0-e02e-4aa6-a42b-603b19dcf159") |
| 11 | + |
| 12 | +# OpenCTI initialization |
| 13 | +opencti_api_client = OpenCTIApiClient(api_url, api_token) |
| 14 | +now = datetime.now(timezone.utc) |
| 15 | +in_4_weeks = now + timedelta(weeks=4) |
| 16 | + |
| 17 | +# Setup, create a security coverage to link to the result |
| 18 | +report = opencti_api_client.report.create( |
| 19 | + name="Report for SCR", |
| 20 | + published=now.isoformat(), |
| 21 | +) |
| 22 | +if not report or "id" not in report: |
| 23 | + raise RuntimeError("Failed to create report") |
| 24 | +securityCoverage = opencti_api_client.security_coverage.create( |
| 25 | + name="SC for SCR", |
| 26 | + description="Super Security Coverage", |
| 27 | + objectCovered=report["id"], |
| 28 | + auto_enrichment_disable=False, |
| 29 | +) |
| 30 | +if not securityCoverage or "id" not in report: |
| 31 | + raise RuntimeError("Failed to create security coverage") |
| 32 | + |
| 33 | +# Create a security coverage result |
| 34 | +scr = opencti_api_client.security_coverage_result.create( |
| 35 | + resultOf=securityCoverage["id"], |
| 36 | + external_uri="my-oaev-instance-1", |
| 37 | + coverage_last_result=now.isoformat(), |
| 38 | + coverage_valid_from=now.isoformat(), |
| 39 | + coverage_valid_to=in_4_weeks.isoformat(), |
| 40 | + coverage_information=[ |
| 41 | + {"coverage_name": "Prevention", "coverage_score": 45}, |
| 42 | + {"coverage_name": "Detection", "coverage_score": 90}, |
| 43 | + ], |
| 44 | +) |
| 45 | +pprint(scr) |
0 commit comments