def main():
ts = TruStar(config_role="trustar")
token = ts.get_token()
if do_latest:
print("Get Latest Reports")
results = ts.get_latest_reports(token)
for result in results:
print("\t{}, {}, {}".format(result['id'],
result['distributionType'],
result['title']))
print()
if do_correlated:
print("Querying Correlated Reports")
results = ts.get_correlated_reports(token, query_indicators)
print("{} report(s) correlated with indicators '{}': ".format(
len(results), query_indicators))
for result in results:
print("\t%s" % result)
print()
if do_query_indicator:
print("Querying correlated indicators with '{}' (first 100)".format(
query_indicators))
results = ts.query_indicator(token, query_indicators, "100")
print("Correlated Incident Report indicators:")
for indicator_type, indicator_list in list(
results["indicators"].items()):
print("\n%s:\n\t%s" % (indicator_type, "\n\t".join(
['{}'.format(value) for value in indicator_list])))
print()
print("Correlated Open Source documents:")
for os_url in list(results["openSourceCorrelations"]):
print("\t%s" % (os_url))
print()
print("External Intelligence hits:")
for exint_url in list(results["externalIntelligence"]):
print("\t%s" % (exint_url))
print()
# Submit simple test report to community
if do_comm_submissions:
community_response = ts.submit_report(
token, submit_indicators, "COMMUNITY API SUBMISSION TEST ")
print("Community submission response: {0}".format(
json.dumps(community_response)))
if 'reportIndicators' in community_response:
print("Extracted the following community indicators: {}".format(
community_response['reportIndicators']))
# Submit simple test report to your enclave
if do_enclave_submissions:
enclave_response = ts.submit_report(token,
submit_indicators,
"ENCLAVE API SUBMISSION TEST ",
enclave=True)
print("Enclave submission response: {0}".format(
json.dumps(enclave_response)))
if 'reportIndicators' in enclave_response:
print("Extracted the following enclave indicators: {}".format(
enclave_response['reportIndicators']))
def main():
ts = TruStar(config_role="trustar")
token = ts.get_token()
if do_latest_reports:
print("Getting Latest Accessible Reports...")
results = ts.get_latest_reports(token)
for result in results:
print("\t%s, %s, %s" %
(result['id'], result['distributionType'], result['title']))
print()
if do_correlated:
print("Querying Accessible Correlated Reports...")
results = ts.get_correlated_reports(token, search_string)
print("%d report(s) correlated with indicators '%s':\n" %
(len(results), search_string))
print("\n".join(results))
print()
if do_latest_indicators:
print("Get Latest Indicators (first 100)")
results = ts.query_latest_indicators(token,
source='INCIDENT_REPORT',
indicator_types='ALL',
interval_size=24,
limit=100)
if 'indicators' in results:
for ioc_type, value in results['indicators'].items():
if len(value) > 0:
print("\t%s: %s" % (ioc_type, ','.join(value)))
print()
if do_report_details:
print("Get Report Details")
reports = ts.get_latest_reports(token)
for report in reports:
result = ts.get_report_details(token, report['id'])
print("Getting Report Details using '%s': \n%s" %
(report['id'], json.dumps(result, indent=4)))
print()
if do_query_indicators:
print(
"Querying correlated indicators with search string '%s' (first 100)"
% search_string)
results = ts.query_indicators(token, search_string, '100')
indicator_hits = list(results["indicators"])
if len(indicator_hits) > 0:
print("Correlated Incident Report Indicators:")
for indicator_type, indicator_list in list(
results["indicators"].items()):
print("\n%s:\n\t%s" % (indicator_type, "\n\t".join(
['{}'.format(value) for value in indicator_list])))
print()
os_hits = list(results["openSourceCorrelations"])
if len(os_hits) > 0:
print("Correlated Open Source Documents:")
for os_url in os_hits:
print("\t%s" % os_url)
print()
exint_hits = list(results["externalIntelligence"])
if len(exint_hits) > 0:
print("External Intelligence hits:")
print('\t'.join(exint_hits))
print()
# Submit simple test report to community
if do_comm_submissions:
community_response = ts.submit_report(token,
submit_indicators,
"COMMUNITY API SUBMISSION TEST",
began_time="2017-02-01T01:23:45")
print("\tURL: %s\n" %
ts.get_report_url(community_response['reportId']))
if 'reportIndicators' in community_response:
print("Extracted the following community indicators: \n%s\n" %
json.dumps(community_response['reportIndicators'], indent=2))
# Submit simple test report to your enclave
if do_enclave_submissions:
enclave_response = ts.submit_report(token,
submit_indicators,
"ENCLAVE API SUBMISSION TEST ",
enclave=True)
print("\tURL: %s\n" % ts.get_report_url(enclave_response['reportId']))
print(enclave_response)
if 'reportIndicators' in enclave_response:
print("Extracted the following enclave indicators: \n%s\n" %
json.dumps(enclave_response['reportIndicators'], indent=2))
