def get_submission_status(self, submission_id):
"""Returns submission status for a given submission id"""
endpoint = "/{}/status".format(submission_id)
result = self.create_query(Methods.GET,
specific_endpoint=endpoint).execute()
return TruStarResponse(status_code=result.status_code,
data=result.json())
def delete(self):
"""Deletes a submission according to query_params set before."""
self._raise_without_id()
result = (self.create_query(
Methods.DELETE,
specific_endpoint=self._submission_category).set_query_string(
self.query_string_params).execute())
return TruStarResponse(status_code=result.status_code,
data=result.content)
def get_enclaves(self):
"""Returns all user enclaves with according permissions."""
result = self.create_query(Methods.GET,
specific_endpoint="/enclaves").execute()
data = result.json()
if result.status_code == STATUS_OK:
data = [Enclave.from_dict(e) for e in data]
return TruStarResponse(status_code=result.status_code, data=data)
def delete(self):
"""Deletes a specific workflow by ID in TruSTAR platform.
You'll need to call to 'set_workflow_id' before calling this method.
"""
self._raise_if_workflow_id_is_not_set_up()
result = (self.create_query(Methods.DELETE, "/{}".format(
self.workflow_guid)).set_params(self.payload_params).execute())
return TruStarResponse(
status_code=result.status_code,
data="OK" if result.status_code == STATUS_OK else "ERROR")
def next(self):
if not self.stop:
result = self.api.fetch(self, use_empty_payload=True)
self._update_params_from_response(result.json())
return TruStarResponse(
status_code=result.status_code,
data=self._get_content_from_endpoint(result))
else:
raise StopIteration
def get_by_id(self):
"""Gets a specific workflow by ID in TruSTAR platform.
You'll need to call to 'set_workflow_id' before calling this method.
"""
self._raise_if_workflow_id_is_not_set_up()
result = (self.create_query(Methods.GET, "/{}".format(
self.workflow_guid)).set_params(self.payload_params).execute())
return TruStarResponse(
status_code=result.status_code,
data=(WorkflowModel.from_dict(result.json())
if result.status_code == STATUS_OK else result.json()))
def delete_entry(self, entry_guid):
"""Deletes an entry from a safelist library.
You have to call 'set_library_guid' before calling this method.
:param entry_guid: entry guid to be deleted.
"""
self._validate_library_guid_is_present()
endpoint = self.details_endpoint + "/" + entry_guid
result = Query(self.config, endpoint, Methods.DELETE).set_params(self.payload_params).execute()
return TruStarResponse(status_code=result.status_code, data="OK" if result.status_code < 300 else "ERROR")
def upsert(self):
"""Update a submission if it already exists or create a new one if it doesn't."""
for k in self.SUBMISSION_MANDATORY_FIELDS:
if k not in self.payload_params:
raise AttributeError(
"{} field should be in your submission".format(k))
result = (self.create_query(
Methods.POST,
specific_endpoint=self._submission_category +
"/upsert").set_params(self.payload_params).set_query_string(
self.query_string_params).execute())
return TruStarResponse(status_code=result.status_code,
data=result.json())
def create(self):
"""
Creates a new workflow in TruSTAR platform.
You'll need to call 'set_name' and 'set_workflow_config' before
calling to this method.
"""
self._raise_if_payload_is_not_set_up()
result = self.create_query(Methods.POST).set_params(
self.payload_params).execute()
return TruStarResponse(
status_code=result.status_code,
data=(WorkflowModel.from_dict(result.json())
if result.status_code == STATUS_OK else result.json()))
def extract_terms(self):
"""Extracts IOCs from unstructured text and returns a list of entities ready to be submitted.
You have to call 'set_text_to_be_extracted' before calling this method.
:returns: HTTP response with parsed entities in its content.
"""
if not self.payload_params.get("text"):
raise AttributeError(
"You did not set any text for entities extraction. Call 'set_text_to_be_extracted' before."
)
result = Query(self.config, self.extract_endpoint, Methods.POST).set_params(self.payload_params).execute()
return TruStarResponse(status_code=result.status_code, data=result.json())
def get(self, structured_indicators=True):
"""Retrieves a submission according to query_params set before."""
self._submission_category = "/events" if not structured_indicators else "/indicators"
self._raise_without_id()
result = (self.create_query(
Methods.GET,
specific_endpoint=self._submission_category).set_query_string(
self.query_string_params).execute())
Submission = StructuredSubmissionDetails if structured_indicators else UnstructuredSubmissionDetails
return TruStarResponse(
status_code=result.status_code,
data=(
Submission.from_dict(result.json()) if result.status_code < 400
and self.query_params.get(SubmissionEnum.INCLUDE_CONTENT.value)
else result.json()))
def get_safelist_libraries(self):
"""Retrieves safelist details given a library guid.
You have to call 'set_library_guid' before calling this method.
:returns: HTTP response with safelist library summaries in it's content.
"""
result = Query(self.config, self.summaries_endpoint, Methods.GET).set_params(self.payload_params).execute()
data = result.json()
if result.status_code == STATUS_OK:
data = [SafelistLibrary.from_dict(s) for s in data]
return TruStarResponse(
status_code=result.status_code,
data=data
)
def update(self):
"""Updates a workflow in TruSTAR platform.
You'll need to call to the following methods calling to this method:
- set_name
- set_workflow_config
- set_safelist_ids
- set_workflow_id
"""
self._raise_if_payload_is_not_set_up()
self._raise_if_workflow_id_is_not_set_up()
result = (self.create_query(Methods.PUT, "/{}".format(
self.workflow_guid)).set_params(self.payload_params).execute())
return TruStarResponse(
status_code=result.status_code,
data=(WorkflowModel.from_dict(result.json())
if result.status_code == STATUS_OK else result.json()))
def get_safelist_details(self):
"""Retrieves safelist details given a library guid.
You have to call 'set_library_guid' before calling this method.
:returns: HTTP response with Safelist Library Details in it's content.
"""
self._validate_library_guid_is_present()
result = Query(self.config, self.details_endpoint, Methods.GET).set_params(self.payload_params).execute()
data = result.json()
if result.status_code == STATUS_OK:
data = SafelistLibrary.from_dict(data)
return TruStarResponse(
status_code=result.status_code,
data=data
)
def get(self):
"""
Gets all workflows in TruSTAR platform.
You can optionally call any of the following methods to filter the results:
- set_type
- set_name
- set_created_from
- set_created_to
_ set_updated_from
- set_updated_to
"""
result = (self.create_query(Methods.GET).set_query_string(
self.query_params.serialize()).set_params(
self.payload_params).execute())
content = ([
WorkflowModel.from_dict(w) for w in result.json().get("items")
] if result.status_code == STATUS_OK else result.json())
return TruStarResponse(status_code=result.status_code, data=content)
def create_safelist(self):
"""Creates a new safelist library with the corresponding name.
You have to call 'set_library_name' before calling this method.
:returns: HTTP response with safelist library summaries in it's content.
"""
if not self.payload_params.get("name"):
raise AttributeError(
"You must provide a name for the new library. Call the 'set_library_name' method before."
)
result = Query(self.config, self.summaries_endpoint, Methods.POST).set_params(self.payload_params).execute()
data = result.json()
if result.status_code == STATUS_OK:
data = SafelistLibrary.from_dict(data)
return TruStarResponse(
status_code=result.status_code,
data=data
)
def create_entries(self):
"""Creates a new entry in a safelist library.
You have to call 'set_safelist_entries' and 'set_library_guid'
before calling this method.
:returns: HTTP response with Safelist Library Details in it's content.
"""
self._validate_library_guid_is_present()
if not self.payload_params.get(SafelistEnum.ENTRIES.value):
raise AttributeError(
"You must call the 'set_safelist_entries' method before calling this method."
)
result = Query(self.config, self.details_endpoint, Methods.PATCH).set_params(self.payload_params).execute()
data = result.json()
if result.status_code == STATUS_OK:
data = SafelistLibrary.from_dict(data)
return TruStarResponse(
status_code=result.status_code,
data=data
)
def ping(self):
"""Tests connectiviy against TruSTAR API."""
result = self.create_query(Methods.GET,
specific_endpoint="/ping").execute()
return TruStarResponse(status_code=result.status_code,
data={"result": result.text})
def alter_tags(self):
result = (Query(self.config, self.tag_endpoint,
Methods.POST).set_params(
self.payload_params).execute())
return TruStarResponse(status_code=result.status_code,
data=result.json())