Python Indicator Exemples

Exemple #1

def trending_indicators():
    return [
        Indicator(
            correlation_count=724,
            type="URL",
            value="badware.info"
        ),
        Indicator(
            correlation_count=694,
            type="URL",
            value="botvrij.eu"
        )
    ]

Exemple #2

def related_indicators(mocker):
    return mocker.Mock(
        items=[
            Indicator(
                type="SHA256",
                value="a127d88fb73f8f1a3671557f3084d02d981396d5f5218163ef26d61314ced3c1"
            ),
            Indicator(
                type="URL",
                value="www.testUrl.com"
            )
        ]
    )

Exemple #3

def whitelisted_indicators(mocker):
    return mocker.Mock(
        items=[
            Indicator(
                type="MD5",
                value="1e82dd741e908d02e4eff82461f1297e"
            ),
            Indicator(
                type="EMAIL_ADDRESS",
                value="*****@*****.**"
            )
        ]
    )

Exemple #4

    def remove_from_whitelist(self, indicator=None, indicator_type=None):
        """
        Deletes an indicator from the Company's whitelist.

        :param indicator: Indicator to be deleted.
        :param indicator_type: type of the indicator to be deleted.

        :return: Message with the result of the request.
        """
        ts_indicator = Indicator(value=indicator, type=indicator_type)
        try:
            self.client.delete_indicator_from_whitelist(ts_indicator)
            return f'{indicator} removed from the whitelist successfully'
        except Exception:
            return 'Indicator could not be removed from the whitelist.'

Exemple #5

def indicators_metadata():
    return [
        Indicator(
            value="185.220.101.141",
            first_seen=1588884576620,
            last_seen=1588923302059,
            correlation_count=0,
            type="IP",
            enclave_ids=[
                '011ad71b-fd7d-44c2-834a-0d751299fb1f',
                '71f337a0-9696-4331-988a-5679271656a0',
                'd915e45a-d0c8-4a75-987a-775649020c96'
            ]
        )
    ]

Exemple #6

Fichier : TruSTAR_V2.py Projet : vtvikasdagar/content

    def get_indicators_metadata(self, indicators=None, enclave_ids=None):
        """
        Provide metadata associated with a list of indicators. The metadata is determined based on the
        enclaves the user making the request has READ access to.

        :param indicators: indicators list to search the corresponding metadata.
        :param enclave_ids: list of enclave IDs to restrict to. By default, uses all of the user’s enclaves.

        :return: Entry context with indicators metadata.
        """

        ts_indicators = [Indicator(value=i) for i in indicators]
        response = self.client.get_indicators_metadata(ts_indicators, enclave_ids)

        if not response:
            return 'No indicators metadata were found.'

        results = self.context_manager.get_indicators_context(response, "IndicatorsMetadata")
        return results