Beispiel #1
0
    async def update_case(self, case_id, url, api_key, title=None, description=None, tlp=None, severity=None,
                          tags=None, tags_mode="append"):

        self.logger.info(f'Updating case {case_id} in TheHive...')

        if not url.startswith("http"):
            url = f"http://{url}"

        api = TheHiveApi(url, api_key)
        case_helper = CaseHelper(api)

        case_kwargs = {}
        if title:
            case_kwargs["title"] = title
        if description:
            case_kwargs["description"] = description
        if tlp:
            case_kwargs["tlp"] = tlp
        if severity:
            case_kwargs["severity"] = severity
        if tags is not None:
            if tags_mode == "append":
                tags = case_helper(case_id).tags + tags
            case_kwargs["tags"] = tags

        return case_helper.update(case_id, **case_kwargs).id
Beispiel #2
0
    async def close_case(self,
                         case_id,
                         url,
                         api_key,
                         resolution_status,
                         impact_status,
                         summary,
                         tags=None,
                         tags_mode="append"):
        self.logger.info(f'Closing case {case_id} in TheHive...')

        if not url.startswith("http"):
            url = f"http://{url}"

        api = TheHiveApi(url, api_key)
        case_helper = CaseHelper(api)

        case_kwargs = {
            "status": "Resolved",
            "resolutionStatus": resolution_status,
            "impactStatus": impact_status,
            "summary": summary
        }

        if tags is not None:
            if tags_mode == "append":
                tags = case_helper(case_id).tags + tags
            case_kwargs["tags"] = tags

        return case_helper.update(case_id, **case_kwargs).id
Beispiel #3
0
    async def create_case(self,
                          url,
                          api_key,
                          title,
                          description="",
                          tlp=2,
                          severity=1,
                          tags=None):
        tags = tags if tags else []

        if not url.startswith("http"):
            url = f"http://{url}"

        api = TheHiveApi(url, api_key)
        self.logger.info('Creating a case in TheHive...')
        case_helper = CaseHelper(api)
        tags.append(f"walkoff_execution_id: {self.current_execution_id}")

        case_kwargs = {
            "tlp": tlp,
            "severity": severity,
            "tags": tags if tags is not None else []
        }

        return case_helper.create(title, description, **case_kwargs).id
Beispiel #4
0
    def __init__(self, url, principal, password=None, proxies={}, cert=True):

        self.url = url
        self.principal = principal
        self.password = password
        self.proxies = proxies

        if self.password is not None:
            self.auth = requests.auth.HTTPBasicAuth(self.principal,self.password)
        else:
            self.auth = BearerAuth(self.principal)

        self.cert = cert

        # Create a CaseHelper instance
        self.case = CaseHelper(self)