def delete_tag(self, tag):
""" delete tag from indicator """
ro = self._create_basic_request_object('tag_delete', urlsafe(tag))
ro.set_description('delete tag "{0}" from {1}'.format(
tag, self._reference_indicator))
self._resource_container.add_commit_queue(self.id, ro)
def add_tag(self, tag):
""" add a tag to an indicator """
ro = self._create_basic_request_object('tag_add', urlsafe(tag))
ro.set_description('add tag "{0}" to {1}'.format(
tag, self._reference_indicator))
self._resource_container.add_commit_queue(self.id, ro)
def add_security_label(self, label):
""" set the security label for this indicator """
ro = self._create_basic_request_object('security_label_add',
urlsafe(label))
ro.set_description('add security label "{0}" to {1}'.format(
label, self._reference_indicator))
self._resource_container.add_commit_queue(self.id, ro)
def set_indicator(self, data, resource_type=None, update=True):
"""Read-Write indicator metadata"""
_type = self.resource_type if self.resource_type is not None else resource_type
if _type == ResourceType.ADDRESSES:
self._ip = uni(data)
self._reference_indicator = urlsafe(self._ip)
# additional resource type specific attributes
self._properties['_ip'] = {
'api_field': 'ip',
'method': 'set_indicator',
'required': True,
}
elif _type == ResourceType.EMAIL_ADDRESSES:
self._address = uni(data)
self._reference_indicator = urlsafe(self._address)
# additional resource type specific attributes
self._properties['_address'] = {
'api_field': 'address',
'method': 'set_indicator',
'required': True,
}
elif _type == ResourceType.FILES:
# handle different hash type
hash_type = get_hash_type(data)
if hash_type == 'MD5':
self._md5 = data
if self._reference_indicator is None: # reference indicator for attr, tag, etc adds
self._reference_indicator = urlsafe(self._md5)
elif hash_type == 'SHA1':
self._sha1 = data
if self._reference_indicator is None: # reference indicator for attr, tag, etc adds
self._reference_indicator = urlsafe(self._sha1)
elif hash_type == 'SHA256':
self._sha256 = data
if self._reference_indicator is None: # reference indicator for attr, tag, etc adds
self._reference_indicator = urlsafe(self._sha256)
self._properties['_md5'] = {
'api_field': 'md5',
'method': 'set_indicator',
'required': True,
}
self._properties['_sha1'] = {
'api_field': 'sha1',
'method': 'set_indicator',
'required': True,
}
self._properties['_sha256'] = {
'api_field': 'sha256',
'method': 'set_indicator',
'required': True,
}
self._properties['_size'] = {
'api_field': 'size',
'method': 'set_size',
'required': False,
}
if update and self._phase == 0:
self._phase = 2
elif _type == ResourceType.HOSTS:
self._hostname = uni(data)
self._reference_indicator = urlsafe(self._hostname)
# additional resource type specific attributes
self._properties['_hostname'] = {
'api_field': 'hostName',
'method': 'set_indicator',
'required': True,
}
self._properties['_dns_active'] = {
'api_field': 'dnsActive',
'method': 'set_dns_active',
'required': False,
}
self._properties['_whois_active'] = {
'api_field': 'whoisActive',
'method': 'set_whois_active',
'required': False,
}
elif _type == ResourceType.URLS:
self._text = uni(data)
self._reference_indicator = urlsafe(self._text)
# additional resource type specific attributes
self._properties['_text'] = {
'api_field': 'text',
'method': 'set_indicator',
'required': True,
}
elif _type == ResourceType.CUSTOM_INDICATORS:
# make sure they're in the right order
if not isinstance(data, OrderedDict):
raise AttributeError("Custom Indicator must be an OrderedDict")
self._custom_fields = uni(data)
self._reference_indicator = urlsafe(' : '.join(
self._custom_fields.values()))
# additional resource type specific attributes
self._properties['_custom_fields'] = {
'api_field': self.api_entity,
'method': 'set_indicator',
'required': True,
}