[client] Enhance reports resolving

Samuel Hassine · Samuel Hassine · commit 125752ce0cdc · 2019-12-13T12:45:02.000+01:00
diff --git a/pycti/entities/opencti_report.py b/pycti/entities/opencti_report.py
@@ -344,12 +344,12 @@ def create(self, **kwargs):
                         value=graph_data
                     )
                     object_result['graph_data'] = graph_data
-                if external_reference_id is not None:
-                    self.opencti.stix_entity.add_external_reference(
-                        id=object_result['id'],
-                        entity=object_result,
-                        external_reference_id=external_reference_id
-                    )
+            if external_reference_id is not None:
+                self.opencti.stix_entity.add_external_reference(
+                    id=object_result['id'],
+                    entity=object_result,
+                    external_reference_id=external_reference_id
+                )
             return object_result
         else:
             report = self.create_raw(
diff --git a/pycti/entities/opencti_stix_domain_entity.py b/pycti/entities/opencti_stix_domain_entity.py
@@ -142,6 +142,41 @@ def __init__(self, opencti):
                 published
                 object_status
                 source_confidence_level
+                objectRefs {
+                    edges {
+                        node {
+                            id
+                            stix_id_key
+                            entity_type
+                        }
+                        relation {
+                            id
+                        }
+                    }
+                }
+                observableRefs {
+                    edges {
+                        node {
+                            id
+                            stix_id_key
+                            entity_type
+                        }
+                        relation {
+                            id
+                        }
+                    }
+                }
+                relationRefs {
+                    edges {
+                        node {
+                            id
+                            stix_id_key
+                        }
+                        relation {
+                            id
+                        }
+                    }
+                }
             }
         """
 
diff --git a/pycti/entities/opencti_stix_entity.py b/pycti/entities/opencti_stix_entity.py
@@ -133,6 +133,47 @@ def __init__(self, opencti):
                     }
                 }                
             }
+            ... on Report {
+                report_class
+                published
+                object_status
+                source_confidence_level
+                objectRefs {
+                    edges {
+                        node {
+                            id
+                            stix_id_key
+                            entity_type
+                        }
+                        relation {
+                            id
+                        }
+                    }
+                }
+                observableRefs {
+                    edges {
+                        node {
+                            id
+                            stix_id_key
+                            entity_type
+                        }
+                        relation {
+                            id
+                        }
+                    }
+                }
+                relationRefs {
+                    edges {
+                        node {
+                            id
+                            stix_id_key
+                        }
+                        relation {
+                            id
+                        }
+                    }
+                }
+            }            
             ... on StixRelation {
                 killChainPhases {
                     edges {
diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py
@@ -261,24 +261,18 @@ def extract_embedded_relationships(self, stix_object, types=None):
 
                     if 'external_id' in external_reference:
                         title = title + ' (' + external_reference['external_id'] + ')'
+
+                    author = self.resolve_author(title)
                     report = self.opencti.report.create(
                         name=title,
                         external_reference_id=external_reference_id,
                         description=external_reference['description'] if 'description' in external_reference else '',
                         published=published,
                         report_class='Threat Report',
                         object_status=2,
+                        createdByRef=author,
                         update=True
                     )
-                    # Resolve author
-                    author = self.resolve_author(title)
-                    if author is not None:
-                        self.opencti.stix_entity.update_created_by_ref(
-                            id=report['id'],
-                            entity=report,
-                            identity_id=author['id']
-                        )
-
                     # Add marking
                     if 'marking_tlpwhite' in self.mapping_cache:
                         object_marking_ref_result = self.mapping_cache['marking_tlpwhite']
