def dotransform(request, response, config):

    try:
        incidents = get_linked_incidents(request.fields['ThreatCentral.resourceId'])
    except ThreatCentralError as err:
        response += UIMessage(err.value, type='PartialError')
        return response
    except KeyError:
        response += UIMessage("No resourceId!", type='PartialError')
        return response
    else:
        try:
            for incident in incidents:

                if incident.get('tcScore'):
                    weight = int(incident.get('tcScore'))
                else:
                    weight = 1

                e = Incident(encode_to_utf8(incident.get('title')), weight=weight)
                e.title = encode_to_utf8(incident.get('title'))
                e.resourceId = incident.get('resourceId')
                e.reportedOn = incident.get('reportedOn')
                e += Label('Reported On', incident.get('reportedOn'))

                if len(incident.get('incidentCategory', list())) is not 0:
                    e += Label('Incident Category', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                 for _ in incident.get('incidentCategory',
                                                                                       list())]))

                if len(incident.get('affectedAsset', list())) is not 0:
                    e += Label('Affected Asset', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                              for _ in incident.get('affectedAsset', list())]))

                if len(incident.get('incidentEffect', list())) is not 0:
                    e += Label('Incident Effect', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                               for _ in incident.get('incidentEffect', list())]))

                if len(incident.get('discoveryMethod', list())) is not 0:
                    e += Label('Discovery Method', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                for _ in incident.get('discoveryMethod', list())]))

                if incident.get('description'):
                    e += Label('Description', '<br/>'.join(encode_to_utf8(incident.get('description')
                                                                          ).split('\n')))

                response += e

        except AttributeError as err:
            response += UIMessage('Error: {}'.format(err), type='PartialError')
        except ThreatCentralError as err:
            response += UIMessage(err.value, type='PartialError')
        except TypeError:
            return response

    return response
def dotransform(request, response, config):

    try:
        incidents = search_incident(request.value)
    except ThreatCentralError as err:
        response += UIMessage(err.value, type='PartialError')
        return response
    else:
        try:
            for incident in incidents:
                if incident.get('tcScore'):
                    weight = int(incident.get('tcScore'))
                else:
                    weight = 1
                incident = incident.get('resource')
                if incident:
                    e = Incident(encode_to_utf8(incident.get('title')), weight=weight)
                    e.title = encode_to_utf8(incident.get('title'))
                    e.resourceId = incident.get('resourceId')
                    # e.resourceId = incident.get('id')
                    e.reportedOn = incident.get('reportedOn')
                    e += Label('Reported On', incident.get('reportedOn'))

                    if len(incident.get('incidentCategory', list())) is not 0:
                        e += Label('Incident Category', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                     for _ in incident.get('incidentCategory',
                                                                                           list())]))

                    if len(incident.get('affectedAsset', list())) is not 0:
                        e += Label('Affected Asset', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                  for _ in incident.get('affectedAsset', list())]))

                    if len(incident.get('incidentEffect', list())) is not 0:
                        e += Label('Incident Effect', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                   for _ in incident.get('incidentEffect', list())]))

                    if len(incident.get('discoveryMethod', list())) is not 0:
                        e += Label('Discovery Method', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                    for _ in incident.get('discoveryMethod', list())]))

                    if incident.get('description'):
                        e += Label('Description', '<br/>'.join(encode_to_utf8(incident.get('description')
                                                                              ).split('\n')))

                    response += e

        except AttributeError as err:
            response += UIMessage('Error: {}'.format(err), type='PartialError')
        except ThreatCentralError as err:
            response += UIMessage(err.value, type='PartialError')
        except TypeError:
            return response

    return response
Example #3
0
            response += UIMessage(err.value, type='PartialError')

        else:
            try:
                # Show incidents
                if len(case.get('incidents', list())) is not 0:
                    for incident in case.get('incidents'):
                        if incident.get('tcScore'):
                            weight = int(incident.get('tcScore'))
                        else:
                            weight = 1
                        e = Incident(encode_to_utf8(incident.get('title')),
                                     weight=weight)
                        e.title = encode_to_utf8(incident.get('title'))
                        e.resourceId = incident.get('resourceId')
                        e.reportedOn = incident.get('reportedOn')
                        e += Label('Reported On', incident.get('reportedOn'))

                        if len(incident.get('incidentCategory',
                                            list())) is not 0:
                            e += Label(
                                'Incident Category', '<br/>'.join([
                                    encode_to_utf8(_.get('displayName'))
                                    for _ in incident.get(
                                        'incidentCategory', list())
                                ]))

                        if len(incident.get('affectedAsset', list())) is not 0:
                            e += Label(
                                'Affected Asset', '<br/>'.join([
                                    encode_to_utf8(_.get('displayName'))