[client] Introduce security coverage entity (#1018)

Co-authored-by: Julien Richard <[email protected]>

Author: SamuelHassine

pycti/api/opencti_api_client.py

@@ -52,6 +52,7 @@
 from pycti.entities.opencti_opinion import Opinion
 from pycti.entities.opencti_report import Report
 from pycti.entities.opencti_role import Role
+from pycti.entities.opencti_security_coverage import SecurityCoverage
 from pycti.entities.opencti_settings import Settings
 from pycti.entities.opencti_stix import Stix
 from pycti.entities.opencti_stix_core_object import StixCoreObject
@@ -223,6 +224,7 @@ def __init__(
         self.narrative = Narrative(self)
         self.language = Language(self)
         self.vulnerability = Vulnerability(self)
+        self.security_coverage = SecurityCoverage(self)
         self.attack_pattern = AttackPattern(self)
         self.course_of_action = CourseOfAction(self)
         self.data_component = DataComponent(self)

pycti/connector/opencti_connector.py

@@ -43,6 +43,8 @@ def __init__(
         auto: bool,
         only_contextual: bool,
         playbook_compatible: bool,
+        auto_update: bool,
+        enrichment_resolution: str,
         listen_callback_uri=None,
     ):
         self.id = connector_id
@@ -55,6 +57,8 @@ def __init__(
         else:
             self.scope = []
         self.auto = auto
+        self.auto_update = auto_update
+        self.enrichment_resolution = enrichment_resolution
         self.only_contextual = only_contextual
         self.playbook_compatible = playbook_compatible
         self.listen_callback_uri = listen_callback_uri
@@ -72,6 +76,8 @@ def to_input(self) -> dict:
                 "type": self.type.name,
                 "scope": self.scope,
                 "auto": self.auto,
+                "auto_update": self.auto_update,
+                "enrichment_resolution": self.enrichment_resolution,
                 "only_contextual": self.only_contextual,
                 "playbook_compatible": self.playbook_compatible,
                 "listen_callback_uri": self.listen_callback_uri,

pycti/connector/opencti_connector_helper.py

@@ -365,6 +365,16 @@ def _data_handler(self, json_data) -> None:
             event_data = json_data["event"]
             entity_id = event_data.get("entity_id")
             entity_type = event_data.get("entity_type")
+            stix_entity = (
+                json.loads(event_data.get("stix_entity"))
+                if event_data.get("stix_entity")
+                else None
+            )
+            stix_objects = (
+                json.loads(event_data.get("stix_objects"))
+                if event_data.get("stix_objects")
+                else None
+            )
             validation_mode = event_data.get("validation_mode", "workbench")
             force_validation = event_data.get("force_validation", False)
             # Set the API headers
@@ -430,17 +440,18 @@ def _data_handler(self, json_data) -> None:
                 else:
                     # If not playbook but enrichment, compute object on enrichment_entity
                     opencti_entity = event_data["enrichment_entity"]
-                    stix_objects = self.helper.api.stix2.prepare_export(
-                        entity=self.helper.api.stix2.generate_export(
-                            copy.copy(opencti_entity)
+                    if stix_objects is None:
+                        stix_objects = self.helper.api.stix2.prepare_export(
+                            entity=self.helper.api.stix2.generate_export(
+                                copy.copy(opencti_entity)
+                            )
                         )
-                    )
-                    stix_entity = [
-                        e
-                        for e in stix_objects
-                        if e["id"] == opencti_entity["standard_id"]
-                        or e["id"] == "x-opencti-" + opencti_entity["standard_id"]
-                    ][0]
+                        stix_entity = [
+                            e
+                            for e in stix_objects
+                            if e["id"] == opencti_entity["standard_id"]
+                            or e["id"] == "x-opencti-" + opencti_entity["standard_id"]
+                        ][0]
                     event_data["stix_objects"] = stix_objects
                     event_data["stix_entity"] = stix_entity
                 # Handle organization propagation
@@ -1116,6 +1127,15 @@ def __init__(self, config: Dict, playbook_compatible=False) -> None:
         self.connect_auto = get_config_variable(
             "CONNECTOR_AUTO", ["connector", "auto"], config, default=False
         )
+        self.connect_auto_update = get_config_variable(
+            "CONNECTOR_AUTO_UPDATE", ["connector", "auto_update"], config, default=False
+        )
+        self.connect_enrichment_resolution = get_config_variable(
+            "CONNECTOR_ENRICHMENT_RESOLUTION",
+            ["connector", "enrichment_resolution"],
+            config,
+            default="none",
+        )
         self.bundle_send_to_queue = get_config_variable(
             "CONNECTOR_SEND_TO_QUEUE",
             ["connector", "send_to_queue"],
@@ -1231,14 +1251,16 @@ def __init__(self, config: Dict, playbook_compatible=False) -> None:
         )
         # Register the connector in OpenCTI
         self.connector = OpenCTIConnector(
-            self.connect_id,
-            self.connect_name,
-            self.connect_type,
-            self.connect_scope,
-            self.connect_auto,
-            self.connect_only_contextual,
-            playbook_compatible,
-            (
+            connector_id=self.connect_id,
+            connector_name=self.connect_name,
+            connector_type=self.connect_type,
+            scope=self.connect_scope,
+            auto=self.connect_auto,
+            only_contextual=self.connect_only_contextual,
+            playbook_compatible=playbook_compatible,
+            auto_update=self.connect_auto_update,
+            enrichment_resolution=self.connect_enrichment_resolution,
+            listen_callback_uri=(
                 self.listen_protocol_api_uri + self.listen_protocol_api_path
                 if self.listen_protocol == "API"
                 else None