Support pycti on Mac/Macbooks using Apple Silicon for enterprise customers #960
Description
Problem to Solve
pycti does not install and run on Apple Silicon (all m-series CPUs on all new Mac/Macbooks) on typical laptop & workstation configurations in Enterprise Corporate environments.
The issue here is the dependency on python-magic, which isn’t available for this architecture. The solution suggested variously in the github issues is to instead install libmagic from homebrew via https://stackoverflow.com/a/76560266 or https://github.com/SHi-ON/libmagic-apple-silicon .
Unfortunately, access to brew install isn’t generally available in corporate environments.
This makes it harder for Mac-using OpenCTI analysts and administrators to write and test scripts using pycti, who would typically need to do this on dev/staging servers instead.
Current Workaround
Run pycti on dev/staging server remotely, using IDE/etc.
Proposed Solution
GenAI YOLO:
• Replace the top-level import magic with an internal helper that tries to import on first use:
• Update the small number of call sites that need MIME detection to use detect_mime().
• Result: users who never touch file upload/inspection won’t need libmagic, and those who do will still work well enough with the stdlib fallback
This issue already exists here, although the business impact is more sigificant as Macbook penetration increases.