def tc_create_event(name, owner, event_date, tag=None, status=None, description=None): tc = get_client() ro = RequestObject() ro.set_http_method('POST') ro.set_request_uri('/v2/groups/events') body = {'name': name, 'eventDate': event_date, 'status': status} ro.set_body(json.dumps(body)) response = tc.api_request(ro).json() if response.get('status') == 'Success': output = response.get('data', {}).get('event', {}) event_id = output['id'] if description is not None: # Associate Attribute description ro = RequestObject() ro.set_http_method('POST') ro.set_request_uri( '/v2/groups/events/{}/attributes'.format(event_id)) body = { 'type': 'Description', 'value': description, 'displayed': 'true' } ro.set_body(json.dumps(body)) tc.api_request(ro).json() return output else: return_error('Failed to create event')
class VictimAssetFilterObject(FilterObject): """ """ def __init__(self, base_uri, tcl, victim_asset_type_enum=None): """ """ super(VictimAssetFilterObject, self).__init__(base_uri, tcl) self._owners = [] # get resource type from indicator type if isinstance(victim_asset_type_enum, VictimAssetType): # get resource type from indicator type number resource_type = ResourceType(victim_asset_type_enum.value) # get resource properties from resource type name self._properties = ResourceProperties[resource_type.name].value(base_uri=self.base_uri) else: self._properties = ResourceProperties['VICTIM_ASSETS'].value(base_uri=self.base_uri) self._resource_type = self._properties.resource_type # create default request object for filtered request with only owners self._request_object = RequestObject('victimAssets', 'default') self._request_object.set_http_method(self._properties.http_method) self._request_object.set_owner_allowed(self._properties.base_owner_allowed) self._request_object.set_request_uri(self._properties.base_path) self._request_object.set_resource_pagination(self._properties.resource_pagination) self._request_object.set_resource_type(self._properties.resource_type) # # add_obj filter methods # for method_name in self._properties.filters: method = getattr(FilterMethods, method_name) setattr(self, method_name, types.MethodType(method, self))
class BulkIndicatorFilterObject(FilterObject): """ """ def __init__(self, base_uri, tcl): """ """ super(BulkIndicatorFilterObject, self).__init__(base_uri, tcl) self._owners = [] # pd('IndicatorFilterObject', header=True) # pd('indicator_type_enum', indicator_type_enum) self._properties = BulkIndicatorsProperties(base_uri=self.base_uri) self._resource_type = self._properties.resource_type # create default request object for filtered request with only owners self._request_object = RequestObject('indicators', 'default') self._request_object.set_http_method(self._properties.http_method) self._request_object.set_owner_allowed(self._properties.base_owner_allowed) self._request_object.set_request_uri(self._properties.base_path) self._request_object.set_resource_pagination(self._properties.resource_pagination) self._request_object.set_resource_type(self._properties.resource_type) # # add_obj filter methods # for method_name in self._properties.filters: # pd('method_name', method_name) method = getattr(FilterMethods, method_name) setattr(self, method_name, types.MethodType(method, self))
def add_indicator(self, data, indicator_type=None): """ filter api results by indicator """ # validation indicator if not SharedMethods.validate_indicator(self.tc._indicators_regex, data): raise AttributeError(ErrorCodes.e5010.value.format(data)) # get indicator uri attribute if indicator_type is None: indicator_type = SharedMethods.get_resource_type( self.tc._indicators_regex, data) indicator_uri_attribute = ApiProperties.api_properties[ indicator_type.name]['uri_attribute'] prop = self._resource_properties['indicator'] ro = RequestObject() ro.set_description('api filter by indicator id {0}'.format(data)) ro.set_owner_allowed(prop['owner_allowed']) # TODO: Check this logic if self._resource_type == ResourceType.INDICATORS: ro.set_request_uri( prop['uri'], [indicator_uri_attribute, SharedMethods.urlsafe(data)]) else: ro.set_request_uri(prop['uri'], [SharedMethods.urlsafe(data)]) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(indicator_type) self._add_request_objects(ro)
def load_security_labels(self): """ retrieve attributes for this indicator """ prop = self._resource_properties['load_security_labels'] ro = RequestObject() ro.set_description( 'load security labels for attribute {0} of object {1}'.format( self.id, self._container.id)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) resource_uri = self._container._resource_properties['id']['uri'] try: resource_uri = resource_uri.format(self._container.indicator) except AttributeError: resource_uri = resource_uri.format(self._container.id) ro.set_request_uri(prop['uri'].format(resource_uri, self.id)) ro.set_resource_pagination(prop['pagination']) api_response = self._container._tc.api_request(ro) if api_response.headers['content-type'] == 'application/json': api_response_dict = api_response.json() if api_response_dict['status'] == 'Success': self._security_labels = [] data = api_response_dict['data']['securityLabel'] for item in data: self.__add_security_label(parse_security_label( item)) # add to main resource object
def tc_get_indicator_types_request(): tc = get_client() ro = RequestObject() ro.set_http_method('GET') ro.set_request_uri('/v2/types/indicatorTypes') return tc.api_request(ro).json()
def filter_associations(self, base_resource_type, identifier): """Get victims associated with base resource object GET /v2/groups/adversaries/747266/victims GET /v2/indicators/addresses/4.3.2.1/victims """ base_properties = ResourceProperties[base_resource_type.name].value() request_uri = base_properties.base_path + '/' request_uri += str(identifier) request_uri += '/victims' description = 'Get victim associations for {0} resource ({1}).'.format( base_resource_type.name.lower(), str(identifier)) filter_type = 'victim association' ro = RequestObject( filter_type, '{0}|{1}'.format(base_resource_type.name.lower(), identifier)) ro.set_description(description) ro.set_owner_allowed(False) ro.set_resource_pagination(True) ro.set_request_uri(request_uri) ro.set_resource_type(ResourceType.VICTIMS) self._add_request_objects(ro)
def upload(self, body): """ upload document """ if self._resource_type == ResourceType.DOCUMENTS: prop = self._resource_properties['document_upload'] elif self._resource_type == ResourceType.SIGNATURES: prop = self._resource_properties['signature_upload'] else: self._tc.tcl.error('Upload requested for wrong resource type.') raise AttributeError(ErrorCodes.e10330.value) ro = RequestObject() ro.set_body(body) ro.set_content_type('application/octet-stream') ro.set_description('upload document for "{0}"'.format(self._name)) # determine whether the file contents exist using phase (not 100%) if self.phase == 1: ro.set_http_method(prop['http_method']) else: ro.set_http_method('PUT') ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) success_callback = lambda request, response: self.set_contents(request.body) ro.set_success_callback(success_callback) self._resource_container.add_commit_queue(self.id, ro)
def get_events_request(): tc = get_client() ro = RequestObject() ro.set_http_method('GET') ro.set_request_uri('/v2/groups/events') return tc.api_request(ro).json()
class BulkFilterObject(FilterObject): """ """ def __init__(self, base_uri, tcl): """ """ super(BulkFilterObject, self).__init__(base_uri, tcl) self._owners = [] # define properties for resource type # self._properties = BulkProperties(base_uri=self.base_uri) self._properties = None self._resource_type = self._properties.resource_type # create default request object for filtered request with only owners self._request_object = RequestObject('groups', 'default') self._request_object.set_http_method(self._properties.http_method) self._request_object.set_owner_allowed( self._properties.base_owner_allowed) self._request_object.set_request_uri(self._properties.base_path) self._request_object.set_resource_pagination( self._properties.resource_pagination) self._request_object.set_resource_type(self._properties.resource_type) # # add_obj filter methods # for method_name in self._properties.filters: method = getattr(IndicatorFilterMethods, method_name) setattr(self, method_name, types.MethodType(method, self))
def log_to_api(self): if len(self.entries) > 0: # make api call ro = RequestObject() ro.set_http_method('POST') ro.set_owner_allowed(True) ro.set_resource_pagination(False) ro.set_request_uri('/v2/logs/app') ro.set_body(dumps(self.entries)) # retrieve and display the results; don't log during api request so we don't end up with duplicate info try: self.tc.api_request(ro, log=False) except RuntimeError as re: # can't really do anything if it fails error_data = { 'levelname': 'ERROR', 'created': time.time(), 'msg': 'API LOGGING FAILURE -- Unable to send log entries to api: {}' .format(self.entries) } lr = makeLogRecord(error_data) self.entries = [] self.emit(lr) self.entries = []
def add_indicator(self, data, indicator_type = None): """ filter api results by indicator """ # validation indicator if not SharedMethods.validate_indicator(self.tc._indicators_regex, data): raise AttributeError(ErrorCodes.e5010.value.format(data)) # get indicator uri attribute if indicator_type is None: indicator_type = SharedMethods.get_resource_type(self.tc._indicators_regex, data) indicator_uri_attribute = ApiProperties.api_properties[indicator_type.name]['uri_attribute'] prop = self._resource_properties['indicator'] ro = RequestObject() ro.set_description('api filter by indicator id {0}'.format(data)) ro.set_owner_allowed(prop['owner_allowed']) # TODO: Check this logic if self._resource_type == ResourceType.INDICATORS: ro.set_request_uri(prop['uri'], [indicator_uri_attribute, SharedMethods.urlsafe(data)]) else: ro.set_request_uri(prop['uri'], [SharedMethods.urlsafe(data)]) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(indicator_type) self._add_request_objects(ro)
def add_security_label(self, security_label_name): """ retrieve attributes for this indicator """ prop = self._resource_properties['add_security_label'] ro = RequestObject() ro.set_description( 'deleting security label {0} for attribute {1} of object {2}'. format(security_label_name, self.id, self._container.id)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) resource_uri = self._container._resource_properties['id']['uri'] try: resource_uri = resource_uri.format(self._container.indicator) except AttributeError: resource_uri = resource_uri.format(self._container.id) ro.set_request_uri(prop['uri'].format(resource_uri, self.id, security_label_name)) ro.set_resource_pagination(prop['pagination']) callback = lambda status: self.__failed_add_security_label( security_label_name) ro.set_failure_callback(callback) self._container._resource_container.add_commit_queue( self._container.id, ro) security_label = SecurityLabelObject() security_label.set_name(security_label_name) self.__add_security_label(security_label)
def add_id(self, data_int, asset_id=None): """ """ resource_type = ResourceType(self._resource_type.value - 5) properties = ResourceProperties[resource_type.name].value() if asset_id is not None: # resource_type = ResourceType(self._resource_type.value - 5) # properties = ResourceProperties[resource_type.name].value() uri_data = [data_int, asset_id] else: # properties = self._properties uri_data = [data_int] # validation of data input if not isinstance(data_int, int): self.add_error(ErrorCodes.e4020.value.format(data_int)) self._error = True else: filter_type = 'id' if asset_id is not None: filter_values = '{0}-{1}'.format(data_int, asset_id) else: filter_values = data_int ro = RequestObject(filter_type, filter_values) ro.set_owner_allowed(properties.id_owner_allowed) ro.set_resource_pagination(properties.resource_pagination) ro.set_request_uri(properties.id_path, uri_data) ro.set_resource_type(properties.resource_type) self._add_request_objects(ro)
class BulkFilterObject(FilterObject): """ """ def __init__(self, base_uri, tcl): """ """ super(BulkFilterObject, self).__init__(base_uri, tcl) self._owners = [] # define properties for resource type # self._properties = BulkProperties(base_uri=self.base_uri) self._properties = None self._resource_type = self._properties.resource_type # create default request object for filtered request with only owners self._request_object = RequestObject('groups', 'default') self._request_object.set_http_method(self._properties.http_method) self._request_object.set_owner_allowed(self._properties.base_owner_allowed) self._request_object.set_request_uri(self._properties.base_path) self._request_object.set_resource_pagination(self._properties.resource_pagination) self._request_object.set_resource_type(self._properties.resource_type) # # add_obj filter methods # for method_name in self._properties.filters: method = getattr(IndicatorFilterMethods, method_name) setattr(self, method_name, types.MethodType(method, self))
class SignatureFilterObject(FilterObject): """ """ def __init__(self, base_uri, tcl): """ """ super(SignatureFilterObject, self).__init__(base_uri, tcl) self._owners = [] # define properties for resource type self._properties = SignaturesProperties(base_uri=self.base_uri) self._resource_type = self._properties.resource_type # create default request object for filtered request with only owners self._request_object = RequestObject('signatures', 'default') self._request_object.set_http_method(self._properties.http_method) self._request_object.set_owner_allowed(self._properties.base_owner_allowed) self._request_object.set_request_uri(self._properties.base_path) self._request_object.set_resource_pagination(self._properties.resource_pagination) self._request_object.set_resource_type(self._properties.resource_type) # # add_obj filter methods # for method_name in self._properties.filters: # special case for download if method_name == 'add_id': method = getattr(FilterMethods, 'add_id_signature') setattr(self, method_name, types.MethodType(method, self)) else: method = getattr(FilterMethods, method_name) setattr(self, method_name, types.MethodType(method, self))
def tc_get_tags(): tc = get_client() ro = RequestObject() ro.set_http_method('GET') ro.set_request_uri('/v2/tags') return tc.api_request(ro).json()
def get_groups_request(group_type): tc = get_client() ro = RequestObject() ro.set_http_method('GET') ro.set_request_uri('/v2/groups/{}'.format(group_type)) return tc.api_request(ro).json()
def tc_delete_group(group_id, group_type): tc = get_client() ro = RequestObject() ro.set_http_method('DELETE') ro.set_request_uri('/v2/groups/{}/{}'.format(group_type, group_id)) response = tc.api_request(ro).json() return response['status'] == 'Success'
def tc_owners(): tc = get_client() ro = RequestObject() ro.set_http_method('GET') ro.set_request_uri('/v2/owners') results = tc.api_request(ro) return results.json()
def add_group_security_label_request(group_type, group_id, security_label): tc = get_client() ro = RequestObject() ro.set_http_method('POST') ro.set_request_uri('/v2/groups/{}/{}/securityLabels/{}'.format( group_type, group_id, security_label)) response = tc.api_request(ro).json() return response.get('status') == 'Success'
def associate_indicator_request(indicator_type, indicator, group_type, group_id): tc = get_client() ro = RequestObject() ro.set_http_method('POST') ro.set_request_uri('/v2/indicators/{}/{}/groups/{}/{}'.format( indicator_type, indicator, group_type, group_id)) response = tc.api_request(ro).json() return response
def add_group_tags_request(group_type, group_id, tag_name): tc = get_client() ro = RequestObject() ro.set_http_method('POST') ro.set_request_uri('/v2/groups/{}/{}/tags/{}'.format( group_type, group_id, tag_name)) response = tc.api_request(ro).json() return response.get('status') == 'Success'
def tc_get_indicators_by_tag(tag, owner): tc = get_client() ro = RequestObject() ro.set_http_method('GET') cmd = '/v2/tags/{}/indicators'.format(tag) if owner is not None: cmd += '?owner={}'.format(owner) ro.set_request_uri(cmd) return tc.api_request(ro).json()
def default_request_object(self): """ default request when only a owner filter is provided """ request_object = RequestObject() request_object.set_description('filter by owner') request_object.set_http_method(self._resource_properties['base']['http_method']) request_object.set_owner_allowed(self._resource_properties['base']['owner_allowed']) request_object.set_request_uri(self._resource_properties['base']['uri']) request_object.set_resource_pagination(self._resource_properties['base']['pagination']) request_object.set_resource_type(self._resource_type) return request_object
def default_request_object(self): """ default request when no filters are provided """ resource_properties = ApiProperties.api_properties[self._resource_type.name]['properties'] # create default request object for non-filtered requests request_object = RequestObject() request_object.set_http_method(resource_properties['base']['http_method']) request_object.set_owner_allowed(resource_properties['base']['owner_allowed']) request_object.set_request_uri(resource_properties['base']['uri']) request_object.set_resource_pagination(resource_properties['base']['pagination']) request_object.set_resource_type(self._resource_type) return request_object
def add_tag(self, tag): """ add a tag to an indicator """ prop = self._resource_properties['tag_add'] ro = RequestObject() ro.set_description('add tag "{0}" to "{1}"'.format(tag, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id, self._urlsafe(tag))) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def delete_attribute(self, attr_id): """ delete attribute from group by id """ prop = self._resource_properties['attribute_delete'] ro = RequestObject() ro.set_description('delete attribute id {0} from "{1}"'.format(attr_id, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format( self._id, attr_id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def update_asset(self, asset_id, asset_obj): """ add a asset to a victim """ prop = self._resource_properties['asset_update'] ro = RequestObject() ro.set_body(asset_obj.gen_body) ro.set_description('update asset type {0} with to {1}'.format(asset_obj.resource_type, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id, asset_obj.uri_attribute, asset_id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def delete_security_label(self, label): """ set the security label for this indicator """ prop = self._resource_properties['security_label_delete'] ro = RequestObject() ro.set_description('delete security label "{0}" from {1}'.format(label, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format( self._id, self._urlsafe(label))) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def delete_tag(self, tag): """ delete tag from group """ prop = self._resource_properties['tag_delete'] ro = RequestObject() ro.set_description('delete tag "{0}" from "{1}"'.format(tag, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format( self._id, self._urlsafe(tag))) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def add_indicator(self, data, data_type_enum=None): """ """ if data_type_enum is None: # use indicator value to get the resource type data_type_enum = _get_resource_type(data) else: # indicator type provided if isinstance(data_type_enum, IndicatorType): data_type_enum = ResourceType(data_type_enum.value) error = False # validation indicator if not validate_indicator(data): self.add_error(ErrorCodes.e5010.value.format(data)) self._error = True error = True # validation resource type if not isinstance(data_type_enum, ResourceType): self.add_error(ErrorCodes.e5011.value.format(data_type_enum)) self._error = True error = True if not error: # get properties for indicator # (e.g ADDRESSES is 515 and ADDRESS is 510. indicator_resource_type = ResourceType(data_type_enum.value - 5) indicator_properties = ResourceProperties[indicator_resource_type.name].value() indicator_type = indicator_properties.resource_uri_attribute # determine properties indicator_resources = [ 'INDICATORS', 'ADDRESSES', 'EMAIL_ADDRESSES', 'FILES', 'HOSTS', 'URLS'] if self._properties.resource_type.name in indicator_resources: # if the resource type is one of the above use the properties of that indicator properties = indicator_properties else: # otherwise use the properties of the resource properties = self._properties # url if data_type_enum == ResourceType.URLS: data = urllib.quote(data, safe='~') filter_type = data_type_enum.name.lower() ro = RequestObject(filter_type, data) ro.set_owner_allowed(properties.indicator_owner_allowed) ro.set_resource_pagination(properties.resource_pagination) ro.set_request_uri( properties.indicator_path, [indicator_type, data]) ro.set_resource_type(properties.resource_type) self._add_request_objects(ro)
class VictimFilterObject(FilterObject): """ """ def __init__(self, base_uri, tcl): """ """ super(VictimFilterObject, self).__init__(base_uri, tcl) self._owners = [] # define properties for resource type self._properties = VictimsProperties(base_uri=self.base_uri) self._resource_type = self._properties.resource_type # create default request object for filtered request with only owners self._request_object = RequestObject('victims', 'default') self._request_object.set_http_method(self._properties.http_method) self._request_object.set_owner_allowed(self._properties.base_owner_allowed) self._request_object.set_request_uri(self._properties.base_path) self._request_object.set_resource_pagination(self._properties.resource_pagination) self._request_object.set_resource_type(self._properties.resource_type) # # add_obj filter methods # for method_name in self._properties.filters: method = getattr(FilterMethods, method_name) setattr(self, method_name, types.MethodType(method, self)) # special case for indicator associations def filter_associations(self, base_resource_type, identifier): """Get victims associated with base resource object GET /v2/groups/adversaries/747266/victims GET /v2/indicators/addresses/4.3.2.1/victims """ base_properties = ResourceProperties[base_resource_type.name].value() request_uri = base_properties.base_path + '/' request_uri += str(identifier) request_uri += '/victims' description = 'Get victim associations for {0} resource ({1}).'.format( base_resource_type.name.lower(), str(identifier)) filter_type = 'victim association' ro = RequestObject( filter_type, '{0}|{1}'.format(base_resource_type.name.lower(), identifier)) ro.set_description(description) ro.set_owner_allowed(False) ro.set_resource_pagination(True) ro.set_request_uri(request_uri) ro.set_resource_type(ResourceType.VICTIMS) self._add_request_objects(ro)
def add_victim_id(self, data_int): """ """ if not isinstance(data_int, int): raise AttributeError(ErrorCodes.e4090.value.format(data_int)) prop = self._resource_properties['victims'] ro = RequestObject() ro.set_description('api filter by victim id {0}'.format(data_int)) ro.set_owner_allowed(prop['owner_allowed']) ro.set_resource_pagination(prop['pagination']) ro.set_request_uri(prop['uri'], [data_int]) ro.set_resource_type(self._resource_type) self._add_request_objects(ro)
def associate_indicator(self, indicator_type, indicator): """ associate a group to group by id """ prop = self._resource_properties['association_indicator_add'] ro = RequestObject() ro.set_description('associate indicator {0} to "{1}"'.format( indicator, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_resource_pagination(prop['pagination']) indicator_uri_attribute = ApiProperties.api_properties[indicator_type.name]['uri_attribute'] ro.set_request_uri(prop['uri'].format(indicator_uri_attribute, self._urlsafe(indicator), self.id)) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def associate_victim(self, resource_id): """ associate victim from group """ prop = self._resource_properties['association_victim_add'] ro = RequestObject() ro.set_description('associate victim id {0} from "{1}"'.format( resource_id, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format( self._id, resource_id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def associate_group(self, resource_type, resource_id): """ associate a group to group by id """ prop = self._resource_properties['association_group_add'] ro = RequestObject() ro.set_description('associate group type "{0}" id {1} to "{2}"'.format( resource_type.name, resource_id, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_resource_pagination(prop['pagination']) group_uri_attribute = ApiProperties.api_properties[resource_type.name]['uri_attribute'] ro.set_request_uri(prop['uri'].format(self._id, group_uri_attribute, resource_id)) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def add_tag(self, data): """ """ if not isinstance(data, str): raise AttributeError(ErrorCodes.e4070.value.format(data)) prop = self._resource_properties['tags'] ro = RequestObject() ro.set_description('api filter by tag "{0}"'.format(data)) ro.set_owner_allowed(prop['owner_allowed']) ro.set_resource_pagination(prop['pagination']) ro.set_request_uri(prop['uri'], [SharedMethods.urlsafe(data)]) ro.set_resource_type(self._resource_type) self._add_request_objects(ro)
def group_associations(self): """ retrieve associations for this group. associations are not stored within the object """ prop = self._resource_properties['association_groups'] ro = RequestObject() ro.set_description('retrieve group associations for {0}'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) # ro.set_owner(self.owner_name) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) for item in self._tc.result_pagination(ro)['group']: yield threatconnect.GroupObject.parse_group(item, api_filter=ro.description, request_uri=ro.request_uri)
def add_threat_id(self, data_int): """ """ if not isinstance(data_int, int): raise AttributeError(ErrorCodes.e4080.value.format(data_int)) prop = self._resource_properties['groups'] ro = RequestObject() ro.set_description('api filter by threat id {0}'.format(data_int)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'], ['threats', data_int]) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._add_request_objects(ro)
def delete(self): """ delete indicator """ prop = self._resource_properties['delete'] ro = RequestObject() ro.set_description('delete group "{0}".'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) if self.owner_name is not None: ro.set_owner(self.owner_name) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self.resource_type) self._tc.api_request(ro) self.set_phase(3)
def victim_associations(self): """ retrieve associations for this group. associations are not stored within the object """ prop = self._resource_properties['association_victims'] ro = RequestObject() ro.set_description('retrieve victim associations for {0}'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_owner(self.owner_name) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) for item in self._tc.result_pagination(ro, 'victim'): yield parse_victim(item, api_filter=ro.description, request_uri=ro.request_uri)
def update_attribute(self, attr_id, attr_value): """ update indicator attribute by id """ prop = self._resource_properties['attribute_update'] ro = RequestObject() ro.set_body(json.dumps({'value': attr_value})) ro.set_description('update attribute id {0} with value "{1}" on "{2}"'.format( attr_id, attr_value, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id, attr_id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def download_errors(self): prop = self._resource_properties['batch_error_download'] ro = RequestObject() ro.set_description('download errors for batchjob {0}'.format(self._id)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) api_response = self._tc.api_request(ro) if api_response.headers['content-type'] in ['application/octet-stream', 'text/plain']: self.set_errors(api_response.content)
def add_threat_id(self, data_int): """ """ if not isinstance(data_int, int): raise AttributeError(ErrorCodes.e4080.value.format(data_int)) prop = self._resource_properties['groups'] ro = RequestObject() ro.set_description('api filter by threat id {0}'.format(data_int)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'], ['threats', data_int]) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._add_request_objects(ro)
def add_tag(self, data): """ """ properties = self._properties if not isinstance(data, str): self.add_error(ErrorCodes.e4080.value.format(data)) self._error = True else: filter_type = 'tag' ro = RequestObject(filter_type, data) ro.set_owner_allowed(properties.tag_owner_allowed) ro.set_resource_pagination(properties.resource_pagination) ro.set_request_uri(properties.tag_path, [data]) ro.set_resource_type(properties.resource_type) self._add_request_objects(ro)
def add_security_label(self, data): """ filter api results by security label """ # validation of data input if not isinstance(data, str): raise AttributeError(ErrorCodes.e4050.value.format(data)) prop = self._resource_properties['security_labels'] ro = RequestObject() ro.set_description('api filter by security label "{0}"'.format(data)) ro.set_owner_allowed(prop['owner_allowed']) ro.set_resource_pagination(prop['pagination']) ro.set_request_uri(prop['uri'], [SharedMethods.urlsafe(data)]) ro.set_resource_type(self._resource_type) self._add_request_objects(ro)
def add_security_label(self, data): """ filter api results by security label """ # validation of data input if not isinstance(data, str): raise AttributeError(ErrorCodes.e4050.value.format(data)) prop = self._resource_properties['security_labels'] ro = RequestObject() ro.set_description('api filter by security label "{0}"'.format(data)) ro.set_owner_allowed(prop['owner_allowed']) ro.set_resource_pagination(prop['pagination']) ro.set_request_uri(prop['uri'], [SharedMethods.urlsafe(data)]) ro.set_resource_type(self._resource_type) self._add_request_objects(ro)