db=db)
db_observable = Observable(type=db_observable_type,
value=observable_instance.value)
# Associate the observable instance with its observable
new_observable_instance.observable = db_observable
# Save the new analysis to the database
db.add(new_observable_instance)
crud.commit(db)
response.headers["Content-Location"] = request.url_for(
"get_observable_instance", uuid=new_observable_instance.uuid)
helpers.api_route_create(router, create_observable_instance)
#
# READ
#
# def get_all_observable_instances(db: Session = Depends(get_db)):
# return crud.read_all(db_table=ObservableInstance, db=db)
def get_observable_instance(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=ObservableInstance, db=db)
# It does not make sense to have a get_all_observable_instances route at this point (and not without pagination).
# helpers.api_route_read_all(router, get_all_observable_instances, List[ObservableInstanceRead])
#
def create_alert_type(
alert_type: AlertTypeCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=alert_type, db_table=AlertType, db=db)
response.headers["Content-Location"] = request.url_for("get_alert_type",
uuid=uuid)
helpers.api_route_create(router, create_alert_type)
#
# READ
#
def get_all_alert_types(db: Session = Depends(get_db)):
return crud.read_all(db_table=AlertType, db=db)
def get_alert_type(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=AlertType, db=db)
helpers.api_route_read_all(router, get_all_alert_types, List[AlertTypeRead])
value=alert.tool_instance, db_table=AlertToolInstance, db=db)
# Alerts must point to an Analysis, so if we get this far without any errors, a new Analysis needs to be created.
new_alert.analysis = create_node(node_create=AnalysisCreate(),
db_node_type=Analysis,
db=db)
# Save the new alert (including the new analysis) to the database
db.add(new_alert)
crud.commit(db)
response.headers["Content-Location"] = request.url_for("get_alert",
uuid=new_alert.uuid)
helpers.api_route_create(router, create_alert)
#
# READ
#
# def get_all_alerts(db: Session = Depends(get_db)):
# return crud.read_all(db_table=Alert, db=db)
def get_alert(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=Alert, db=db)
# It does not make sense to have a get_all_alerts route at this point (and certainly not without pagination).
# helpers.api_route_read_all(router, get_all_alerts, List[AlertRead])
# This counts a modifying the node, so it should receive a new version.
db_node.version = uuid4()
# Set the user on the comment
new_comment.user = crud.read_user_by_username(username=node_comment.user,
db=db)
# Save the new comment to the database
db.add(new_comment)
crud.commit(db)
response.headers["Content-Location"] = request.url_for(
"get_node_comment", uuid=new_comment.uuid)
helpers.api_route_create(router, create_node_comment)
#
# READ
#
# def get_all_node_directives(db: Session = Depends(get_db)):
# return crud.read_all(db_table=NodeDirective, db=db)
def get_node_comment(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=NodeComment, db=db)
# It does not make sense to have a get_all_node_comments route at this point (and certainly not without pagination).
# helpers.api_route_read_all(router, get_all_node_directives, List[NodeDirectiveRead])
new_observable = Observable(**observable.dict())
# Get the observable type from the database to associate with the new observable
new_observable.type = crud.read_by_value(observable.type,
db_table=ObservableType,
db=db)
# Save the new observable to the database
db.add(new_observable)
crud.commit(db)
response.headers["Content-Location"] = request.url_for(
"get_observable", uuid=new_observable.uuid)
helpers.api_route_create(router, create_observable)
#
# READ
#
def get_all_observables(db: Session = Depends(get_db)):
return crud.read_all(db_table=Observable, db=db)
def get_observable(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=Observable, db=db)
helpers.api_route_read_all(router, get_all_observables, List[ObservableRead])
#
def create_node_threat_actor(
node_threat_actor: NodeThreatActorCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=node_threat_actor, db_table=NodeThreatActor, db=db)
response.headers["Content-Location"] = request.url_for(
"get_node_threat_actor", uuid=uuid)
helpers.api_route_create(router, create_node_threat_actor)
#
# READ
#
def get_all_node_threat_actors(db: Session = Depends(get_db)):
return crud.read_all(db_table=NodeThreatActor, db=db)
def get_node_threat_actor(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=NodeThreatActor, db=db)
helpers.api_route_read_all(router, get_all_node_threat_actors,
uuid=analysis.parent_observable_uuid,
db_table=ObservableInstance,
db=db)
# This counts as editing the observable instance, so it should receive an updated version
new_analysis.parent_observable.version = uuid4()
# Save the new analysis to the database
db.add(new_analysis)
crud.commit(db)
response.headers["Content-Location"] = request.url_for(
"get_analysis", uuid=new_analysis.uuid)
helpers.api_route_create(router, create_analysis)
#
# READ
#
# def get_all_analysis(db: Session = Depends(get_db)):
# return crud.read_all(db_table=Analysis, db=db)
def get_analysis(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=Analysis, db=db)
# It does not make sense to have a get_all_analysis route at this point (and certainly not without pagination).
# helpers.api_route_read_all(router, get_all_analysis, List[AnalysisRead])
# CREATE
#
def create_node_history_action(
node_history_action: NodeHistoryActionCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=node_history_action, db_table=NodeHistoryAction, db=db)
response.headers["Content-Location"] = request.url_for("get_node_history_action", uuid=uuid)
helpers.api_route_create(router, create_node_history_action)
#
# READ
#
def get_all_node_history_actions(db: Session = Depends(get_db)):
return crud.read_all(db_table=NodeHistoryAction, db=db)
def get_node_history_action(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=NodeHistoryAction, db=db)
#
def create_alert_queue(
alert_queue: AlertQueueCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=alert_queue, db_table=AlertQueue, db=db)
response.headers["Content-Location"] = request.url_for("get_alert_queue",
uuid=uuid)
helpers.api_route_create(router, create_alert_queue)
#
# READ
#
def get_all_alert_queues(db: Session = Depends(get_db)):
return crud.read_all(db_table=AlertQueue, db=db)
def get_alert_queue(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=AlertQueue, db=db)
helpers.api_route_read_all(router, get_all_alert_queues, List[AlertQueueRead])
#
def create_event_source(
event_source: EventSourceCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=event_source, db_table=EventSource, db=db)
response.headers["Content-Location"] = request.url_for("get_event_source",
uuid=uuid)
helpers.api_route_create(router, create_event_source)
#
# READ
#
def get_all_event_sources(db: Session = Depends(get_db)):
return crud.read_all(db_table=EventSource, db=db)
def get_event_source(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=EventSource, db=db)
helpers.api_route_read_all(router, get_all_event_sources,
db=db)
if event.vectors:
new_event.vectors = crud.read_by_values(values=event.vectors,
db_table=EventVector,
db=db)
# Save the new event to the database
db.add(new_event)
crud.commit(db)
response.headers["Content-Location"] = request.url_for("get_event",
uuid=new_event.uuid)
helpers.api_route_create(router, create_event)
#
# READ
#
# def get_all_events(db: Session = Depends(get_db)):
# return crud.read_all(db_table=Event, db=db)
def get_event(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=Event, db=db)
# It does not make sense to have a get_all_events route at this point (and certainly not without pagination).
# helpers.api_route_read_all(router, get_all_events, List[EventRead])
# CREATE
#
def create_event_remediation(
event_remediation: EventRemediationCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=event_remediation, db_table=EventRemediation, db=db)
response.headers["Content-Location"] = request.url_for("get_event_remediation", uuid=uuid)
helpers.api_route_create(router, create_event_remediation)
#
# READ
#
def get_all_event_remediations(db: Session = Depends(get_db)):
return crud.read_all(db_table=EventRemediation, db=db)
def get_event_remediation(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=EventRemediation, db=db)
# CREATE
#
def create_event_vector(
event_vector: EventVectorCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=event_vector, db_table=EventVector, db=db)
response.headers["Content-Location"] = request.url_for("get_event_vector", uuid=uuid)
helpers.api_route_create(router, create_event_vector)
#
# READ
#
def get_all_event_vectors(db: Session = Depends(get_db)):
return crud.read_all(db_table=EventVector, db=db)
def get_event_vector(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=EventVector, db=db)
def create_event_prevention_tool(
event_prevention_tool: EventPreventionToolCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=event_prevention_tool,
db_table=EventPreventionTool,
db=db)
response.headers["Content-Location"] = request.url_for(
"get_event_prevention_tool", uuid=uuid)
helpers.api_route_create(router, create_event_prevention_tool)
#
# READ
#
def get_all_event_prevention_tools(db: Session = Depends(get_db)):
return crud.read_all(db_table=EventPreventionTool, db=db)
def get_event_prevention_tool(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=EventPreventionTool, db=db)
helpers.api_route_read_all(router, get_all_event_prevention_tools,
#
def create_event_risk_level(
event_risk_level: EventRiskLevelCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=event_risk_level, db_table=EventRiskLevel, db=db)
response.headers["Content-Location"] = request.url_for(
"get_event_risk_level", uuid=uuid)
helpers.api_route_create(router, create_event_risk_level)
#
# READ
#
def get_all_event_risk_levels(db: Session = Depends(get_db)):
return crud.read_all(db_table=EventRiskLevel, db=db)
def get_event_risk_level(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=EventRiskLevel, db=db)
helpers.api_route_read_all(router, get_all_event_risk_levels,
#
def create_user_role(
user_role: UserRoleCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=user_role, db_table=UserRole, db=db)
response.headers["Content-Location"] = request.url_for("get_user_role",
uuid=uuid)
helpers.api_route_create(router, create_user_role)
#
# READ
#
def get_all_user_roles(db: Session = Depends(get_db)):
return crud.read_all(db_table=UserRole, db=db)
def get_user_role(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=UserRole, db=db)
helpers.api_route_read_all(router, get_all_user_roles, List[UserRoleRead])
# If required tags were given, get them from the database and use them in the new analysis module type
db_required_tags = []
if analysis_module_type.required_tags:
db_required_tags = crud.read_by_values(
values=analysis_module_type.required_tags, db_table=NodeTag, db=db)
new_analysis_module_type.required_tags = db_required_tags
# Save the new analysis module type to the database
db.add(new_analysis_module_type)
crud.commit(db)
response.headers["Content-Location"] = request.url_for(
"get_analysis_module_type", uuid=new_analysis_module_type.uuid)
helpers.api_route_create(router, create_analysis_module_type)
#
# READ
#
def get_all_analysis_module_types(db: Session = Depends(get_db)):
return crud.read_all(db_table=AnalysisModuleType, db=db)
def get_analysis_module_type(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=AnalysisModuleType, db=db)
helpers.api_route_read_all(router, get_all_analysis_module_types,
#
def create_alert_tool(
alert_tool: AlertToolCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=alert_tool, db_table=AlertTool, db=db)
response.headers["Content-Location"] = request.url_for("get_alert_tool",
uuid=uuid)
helpers.api_route_create(router, create_alert_tool)
#
# READ
#
def get_all_alert_tools(db: Session = Depends(get_db)):
return crud.read_all(db_table=AlertTool, db=db)
def get_alert_tool(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=AlertTool, db=db)
helpers.api_route_read_all(router, get_all_alert_tools, List[AlertToolRead])
#
def create_disposition(
disposition: AlertDispositionCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=disposition, db_table=AlertDisposition, db=db)
response.headers["Content-Location"] = request.url_for("get_disposition",
uuid=uuid)
helpers.api_route_create(router, create_disposition)
#
# READ
#
def get_all_dispositions(db: Session = Depends(get_db)):
return crud.read_all(db_table=AlertDisposition, db=db)
def get_disposition(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=AlertDisposition, db=db)
helpers.api_route_read_all(router, get_all_dispositions,
# CREATE
#
def create_event_status(
event_status: EventStatusCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=event_status, db_table=EventStatus, db=db)
response.headers["Content-Location"] = request.url_for("get_event_status", uuid=uuid)
helpers.api_route_create(router, create_event_status)
#
# READ
#
def get_all_event_statuses(db: Session = Depends(get_db)):
return crud.read_all(db_table=EventStatus, db=db)
def get_event_status(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=EventStatus, db=db)
def create_alert_tool_instance(
alert_tool_instance: AlertToolInstanceCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=alert_tool_instance,
db_table=AlertToolInstance,
db=db)
response.headers["Content-Location"] = request.url_for(
"get_alert_tool_instance", uuid=uuid)
helpers.api_route_create(router, create_alert_tool_instance)
#
# READ
#
def get_all_alert_tool_instances(db: Session = Depends(get_db)):
return crud.read_all(db_table=AlertToolInstance, db=db)
def get_alert_tool_instance(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=AlertToolInstance, db=db)
helpers.api_route_read_all(router, get_all_alert_tool_instances,
# Create the new node threat
new_threat = NodeThreat(**node_threat.dict())
# Set the threat types on the new node threat
new_threat.types = db_threat_types
# Save the new node threat to the database
db.add(new_threat)
crud.commit(db)
response.headers["Content-Location"] = request.url_for(
"get_node_threat", uuid=new_threat.uuid)
helpers.api_route_create(router, create_node_threat)
#
# READ
#
def get_all_node_threats(db: Session = Depends(get_db)):
return crud.read_all(db_table=NodeThreat, db=db)
def get_node_threat(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=NodeThreat, db=db)
helpers.api_route_read_all(router, get_all_node_threats, List[NodeThreatRead])
# CREATE
#
def create_event_type(
event_type: EventTypeCreate,
request: Request,
response: Response,
db: Session = Depends(get_db),
):
uuid = crud.create(obj=event_type, db_table=EventType, db=db)
response.headers["Content-Location"] = request.url_for("get_event_type", uuid=uuid)
helpers.api_route_create(router, create_event_type)
#
# READ
#
def get_all_event_types(db: Session = Depends(get_db)):
return crud.read_all(db_table=EventType, db=db)
def get_event_type(uuid: UUID, db: Session = Depends(get_db)):
return crud.read(uuid=uuid, db_table=EventType, db=db)
