def new(cls,
params,
request_dict=False,
retries=None,
headers=None,
proxies=None,
verify=None):
"""
Submit params to the graph to add an object. We will submit to the
object URL used for creating new objects in the graph. When submitting
new objects you must provide privacy type and privacy members if the
privacy type is something other than visible.
:param params: The parameters to submit.
:type params: dict
:param request_dict: Return a request dictionary only.
:type request_dict: bool
:param retries: Number of retries to submit before stopping.
:type retries: int
:param headers: header info for requests.
:type headers: dict
:param proxies: proxy info for requests.
:type proxies: dict
:param verify: verify info for requests.
:type verify: bool, str
:returns: dict (using json.loads()), str
"""
if cls.__name__ != 'ThreatPrivacyGroup':
if td.PRIVACY_TYPE not in params:
raise pytxValueError('Must provide a %s' % td.PRIVACY_TYPE)
pass
else:
if (params[td.PRIVACY_TYPE] != pt.VISIBLE and
len(params[td.PRIVACY_MEMBERS].split(',')) < 1):
raise pytxValueError('Must provide %s' % td.PRIVACY_MEMBERS)
if request_dict:
return Broker.request_dict('POST',
cls._URL,
body=params)
return Broker.post(cls._URL,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)
def new(cls,
params,
request_dict=False,
retries=None,
headers=None,
proxies=None,
verify=None):
"""
Submit params to the graph to add an object. We will submit to the
object URL used for creating new objects in the graph. When submitting
new objects you must provide privacy type and privacy members if the
privacy type is something other than visible.
:param params: The parameters to submit.
:type params: dict
:param request_dict: Return a request dictionary only.
:type request_dict: bool
:param retries: Number of retries to submit before stopping.
:type retries: int
:param headers: header info for requests.
:type headers: dict
:param proxies: proxy info for requests.
:type proxies: dict
:param verify: verify info for requests.
:type verify: bool, str
:returns: dict (using json.loads()), str
"""
if cls.__name__ != 'ThreatPrivacyGroup':
if td.PRIVACY_TYPE not in params:
raise pytxValueError('Must provide a %s' % td.PRIVACY_TYPE)
pass
else:
if (params[td.PRIVACY_TYPE] != pt.VISIBLE
and len(params[td.PRIVACY_MEMBERS].split(',')) < 1):
raise pytxValueError('Must provide %s' %
td.PRIVACY_MEMBERS)
if request_dict:
return Broker.request_dict('POST', cls._URL, body=params)
return Broker.post(cls._URL,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)
def save(self,
params=None,
request_dict=False,
retries=None,
headers=None,
proxies=None,
verify=None):
"""
Submit changes to the graph to update an object. We will determine the
Details URL and submit there (used for updating an existing object). If
no parameters are provided, we will try to use get_changed() which may
or may not be accurate (you have been warned!).
:param params: The parameters to submit.
:type params: dict
:param request_dict: Return a request dictionary only.
:type request_dict: bool
:param retries: Number of retries to submit before stopping.
:type retries: int
:param headers: header info for requests.
:type headers: dict
:param proxies: proxy info for requests.
:type proxies: dict
:param verify: verify info for requests.
:type verify: bool, str
:returns: dict (using json.loads()), str
"""
if params is None:
params = self.get_changed()
if request_dict:
return Broker.request_dict('POST',
self._DETAILS,
body=params)
return Broker.post(self._DETAILS,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)
def save(self,
params=None,
request_dict=False,
retries=None,
headers=None,
proxies=None,
verify=None):
"""
Submit changes to the graph to update an object. We will determine the
Details URL and submit there (used for updating an existing object). If
no parameters are provided, we will try to use get_changed() which may
or may not be accurate (you have been warned!).
:param params: The parameters to submit.
:type params: dict
:param request_dict: Return a request dictionary only.
:type request_dict: bool
:param retries: Number of retries to submit before stopping.
:type retries: int
:param headers: header info for requests.
:type headers: dict
:param proxies: proxy info for requests.
:type proxies: dict
:param verify: verify info for requests.
:type verify: bool, str
:returns: dict (using json.loads()), str
"""
if params is None:
params = self.get_changed()
if request_dict:
return Broker.request_dict('POST', self._DETAILS, body=params)
return Broker.post(self._DETAILS,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)
def connections(cls_or_self,
id=None,
connection=None,
fields=None,
limit=None,
full_response=False,
dict_generator=False,
request_dict=False,
retries=None,
headers=None,
proxies=None,
verify=None,
metadata=False):
"""
Get object connections. Allows you to limit the fields returned for the
objects.
NOTE: This method can be used on both instantiated and uninstantiated
classes like so:
foo = ThreatIndicator(id='1234')
foo.connections(connections='foo')
foo = ThreatIndicator.connetions(id='1234'
connections='foo')
:param id: The ID of the object to get connections for if the class is
not instantiated.
:type id: str
:param fields: The fields to limit the details to.
:type fields: None, str, list
:param limit: Limit the results.
:type limit: None, int
:param connection: The connection to find other related objects with.
:type connection: None, str
:param full_response: Return the full response instead of the generator.
Takes precedence over dict_generator.
:type full_response: bool
:param dict_generator: Return a dictionary instead of an instantiated
object.
:type dict_generator: bool
:param request_dict: Return a request dictionary only.
:type request_dict: bool
:param retries: Number of retries to fetch a page before stopping.
:type retries: int
:param headers: header info for requests.
:type headers: dict
:param proxies: proxy info for requests.
:type proxies: dict
:param verify: verify info for requests.
:type verify: bool, str
:param metadata: Get extra metadata in the response.
:type metadata: bool
:returns: Generator, dict, class, str
"""
if isinstance(cls_or_self, type):
url = t.URL + t.VERSION + id + '/'
else:
url = cls_or_self._DETAILS
if connection:
url = url + connection + '/'
params = Broker.build_get_parameters(limit=limit)
if isinstance(fields, basestring):
fields = fields.split(',')
if fields is not None and not isinstance(fields, list):
raise pytxValueError('fields must be a list')
if fields is not None:
params[t.FIELDS] = ','.join(f.strip() for f in fields)
if metadata:
params[t.METADATA] = 1
if request_dict:
return Broker.request_dict('GET',
url,
params=params)
if full_response:
return Broker.get(url,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)
else:
# Avoid circular imports
from malware import Malware
from malware_family import MalwareFamily
from threat_indicator import ThreatIndicator
from threat_descriptor import ThreatDescriptor
conns = {
conn.DESCRIPTORS: ThreatDescriptor,
conn.DROPPED: Malware,
conn.DROPPED_BY: Malware,
conn.FAMILIES: MalwareFamily,
conn.MALWARE_ANALYSES: Malware,
conn.RELATED: ThreatIndicator,
conn.THREAT_INDICATORS: ThreatIndicator,
conn.VARIANTS: Malware,
}
klass = conns.get(connection, None)
return Broker.get_generator(klass,
url,
to_dict=dict_generator,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)
def send(cls_or_self,
id_=None,
params=None,
type_=None,
request_dict=False,
retries=None,
headers=None,
proxies=None,
verify=None):
"""
Send custom params to the object URL. If `id` is provided it will be
appended to the URL. If this is an uninstantiated class we will use the
object type url (ex: /threat_descriptors/). If this is an instantiated
object we will use the details URL. The type_ should be either GET or
POST. We will default to GET if this is an uninstantiated class, and
POST if this is an instantiated class.
:param id_: ID of a graph object.
:type id_: str
:param params: Parameters to submit in the request.
:type params: dict
:param type_: GET or POST
:type type_: str
:param request_dict: Return a request dictionary only.
:type request_dict: bool
:param retries: Number of retries to submit before stopping.
:type retries: int
:param headers: header info for requests.
:type headers: dict
:param proxies: proxy info for requests.
:type proxies: dict
:param verify: verify info for requests.
:type verify: bool, str
:returns: dict (using json.loads()), str
"""
if isinstance(cls_or_self, type):
url = cls_or_self._URL
if type_ is None:
type_ = 'GET'
else:
url = cls_or_self._DETAILS
if type_ is None:
type_ = 'POST'
if id_ is not None and len(id_) > 0:
url = url + id_ + '/'
if params is None:
params = {}
if type_ == 'GET':
if request_dict:
return Broker.request_dict('GET',
url,
params=params)
return Broker.get(url,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)
else:
if request_dict:
return Broker.request_dict('POST',
url,
body=params)
return Broker.post(url,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)
def objects(cls,
text=None,
strict_text=False,
type_=None,
threat_type=None,
sample_type=None,
fields=None,
limit=None,
since=None,
until=None,
include_expired=False,
max_confidence=None,
min_confidence=None,
owner=None,
status=None,
review_status=None,
share_level=None,
__raw__=None,
full_response=False,
dict_generator=False,
request_dict=False,
retries=None,
headers=None,
proxies=None,
verify=None):
"""
Get objects from ThreatExchange.
:param text: The text used for limiting the search.
:type text: str
:param strict_text: Whether we should use strict searching.
:type strict_text: bool, str, int
:param type_: The Indicator type to limit to.
:type type_: str
:param threat_type: The Threat type to limit to.
:type threat_type: str
:param sample_type: The Sample type to limit to.
:type sample_type: str
:param fields: Select specific fields to pull
:type fields: str, list
:param limit: The maximum number of objects to return.
:type limit: int, str
:param since: The timestamp to limit the beginning of the search.
:type since: str
:param until: The timestamp to limit the end of the search.
:type until: str
:param include_expired: Include expired content in your results.
:type include_expired: bool
:param max_confidence: The max confidence level to search for.
:type max_confidence: int
:param min_confidence: The min confidence level to search for.
:type min_confidence: int
:param owner: The owner to limit to. This can be comma-delimited to
include multiple owners.
:type owner: str
:param status: The status to limit to.
:type status: str
:param review_status: The review status to limit to.
:type review_status: str
:param share_level: The share level to limit to.
:type share_level: str
:param __raw__: Provide a dictionary to force as GET parameters.
Overrides all other arguments.
:type __raw__: dict
:param full_response: Return the full response instead of the generator.
Takes precedence over dict_generator.
:type full_response: bool
:param dict_generator: Return a dictionary instead of an instantiated
object.
:type dict_generator: bool
:param request_dict: Return a request dictionary only.
:type request_dict: bool
:param retries: Number of retries to fetch a page before stopping.
:type retries: int
:param headers: header info for requests.
:type headers: dict
:param proxies: proxy info for requests.
:type proxies: dict
:param verify: verify info for requests.
:type verify: bool, str
:returns: Generator, dict (using json.loads()), str
"""
if __raw__:
if isinstance(__raw__, dict):
params = __raw__
else:
raise pytxValueError('__raw__ must be of type dict')
else:
params = Broker.build_get_parameters(
text=text,
strict_text=strict_text,
type_=type_,
threat_type=threat_type,
sample_type=sample_type,
fields=fields,
limit=limit,
since=since,
until=until,
include_expired=include_expired,
max_confidence=max_confidence,
min_confidence=min_confidence,
owner=owner,
status=status,
review_status=review_status,
share_level=share_level
)
if request_dict:
return Broker.request_dict('GET',
cls._URL,
params=params)
if full_response:
return Broker.get(cls._URL,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)
else:
return Broker.get_generator(cls,
cls._URL,
to_dict=dict_generator,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)
def send(cls_or_self,
id_=None,
params=None,
type_=None,
request_dict=False,
retries=None,
headers=None,
proxies=None,
verify=None):
"""
Send custom params to the object URL. If `id` is provided it will be
appended to the URL. If this is an uninstantiated class we will use the
object type url (ex: /threat_descriptors/). If this is an instantiated
object we will use the details URL. The type_ should be either GET or
POST. We will default to GET if this is an uninstantiated class, and
POST if this is an instantiated class.
:param id_: ID of a graph object.
:type id_: str
:param params: Parameters to submit in the request.
:type params: dict
:param type_: GET or POST
:type type_: str
:param request_dict: Return a request dictionary only.
:type request_dict: bool
:param retries: Number of retries to submit before stopping.
:type retries: int
:param headers: header info for requests.
:type headers: dict
:param proxies: proxy info for requests.
:type proxies: dict
:param verify: verify info for requests.
:type verify: bool, str
:returns: dict (using json.loads()), str
"""
if isinstance(cls_or_self, type):
url = cls_or_self._URL
if type_ is None:
type_ = 'GET'
else:
url = cls_or_self._DETAILS
if type_ is None:
type_ = 'POST'
if id_ is not None and len(id_) > 0:
url = url + id_ + '/'
if params is None:
params = {}
if type_ == 'GET':
if request_dict:
return Broker.request_dict('GET', url, params=params)
return Broker.get(url,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)
else:
if request_dict:
return Broker.request_dict('POST', url, body=params)
return Broker.post(url,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)
def objects(cls,
text=None,
strict_text=False,
type_=None,
threat_type=None,
sample_type=None,
fields=None,
limit=None,
since=None,
until=None,
include_expired=False,
max_confidence=None,
min_confidence=None,
owner=None,
status=None,
review_status=None,
share_level=None,
__raw__=None,
full_response=False,
dict_generator=False,
request_dict=False,
retries=None,
headers=None,
proxies=None,
verify=None):
"""
Get objects from ThreatExchange.
:param text: The text used for limiting the search.
:type text: str
:param strict_text: Whether we should use strict searching.
:type strict_text: bool, str, int
:param type_: The Indicator type to limit to.
:type type_: str
:param threat_type: The Threat type to limit to.
:type threat_type: str
:param sample_type: The Sample type to limit to.
:type sample_type: str
:param fields: Select specific fields to pull
:type fields: str, list
:param limit: The maximum number of objects to return.
:type limit: int, str
:param since: The timestamp to limit the beginning of the search.
:type since: str
:param until: The timestamp to limit the end of the search.
:type until: str
:param include_expired: Include expired content in your results.
:type include_expired: bool
:param max_confidence: The max confidence level to search for.
:type max_confidence: int
:param min_confidence: The min confidence level to search for.
:type min_confidence: int
:param owner: The owner to limit to. This can be comma-delimited to
include multiple owners.
:type owner: str
:param status: The status to limit to.
:type status: str
:param review_status: The review status to limit to.
:type review_status: str
:param share_level: The share level to limit to.
:type share_level: str
:param __raw__: Provide a dictionary to force as GET parameters.
Overrides all other arguments.
:type __raw__: dict
:param full_response: Return the full response instead of the generator.
Takes precedence over dict_generator.
:type full_response: bool
:param dict_generator: Return a dictionary instead of an instantiated
object.
:type dict_generator: bool
:param request_dict: Return a request dictionary only.
:type request_dict: bool
:param retries: Number of retries to fetch a page before stopping.
:type retries: int
:param headers: header info for requests.
:type headers: dict
:param proxies: proxy info for requests.
:type proxies: dict
:param verify: verify info for requests.
:type verify: bool, str
:returns: Generator, dict (using json.loads()), str
"""
if __raw__:
if isinstance(__raw__, dict):
params = __raw__
else:
raise pytxValueError('__raw__ must be of type dict')
else:
params = Broker.build_get_parameters(
text=text,
strict_text=strict_text,
type_=type_,
threat_type=threat_type,
sample_type=sample_type,
fields=fields,
limit=limit,
since=since,
until=until,
include_expired=include_expired,
max_confidence=max_confidence,
min_confidence=min_confidence,
owner=owner,
status=status,
review_status=review_status,
share_level=share_level)
if request_dict:
return Broker.request_dict('GET', cls._URL, params=params)
if full_response:
return Broker.get(cls._URL,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)
else:
return Broker.get_generator(cls,
cls._URL,
to_dict=dict_generator,
params=params,
retries=retries,
headers=headers,
proxies=proxies,
verify=verify)