def subscribe_watchlist(cb, parser, args): try: cb.select(Feed, args.feed_id) except ObjectNotFoundError: eprint("Nonexistent or private feed: {}".format(args.feed_id)) sys.exit(1) classifier = { "key": "feed_id", "value": args.feed_id, } watchlist_dict = { "name": args.watchlist_name, "description": args.description, "tags_enabled": args.tags, "alerts_enabled": args.alerts, "create_timestamp": args.timestamp, "last_update_timestamp": args.last_update, "report_ids": [], "classifier": classifier, } watchlist = cb.create(Watchlist, watchlist_dict) watchlist.save()
def replace_report(cb, parser, args): feed = get_feed(cb, feed_id=args.id, feed_name=args.feedname) imported = json.loads(sys.stdin.read()) reports = feed.reports existing_report = next((report for report in reports if imported["id"] == report.id), None) if existing_report: existing_report.update(**imported) else: eprint("No existing report to replace") sys.exit(1)
def replace_report(cb, parser, args): feed = get_feed(cb, feed_id=args.id, feed_name=args.feedname) imported = json.loads(sys.stdin.read()) reports = feed.reports existing_report = next( (report for report in reports if imported["id"] == report.id), None) if existing_report: existing_report.update(**imported) else: eprint("No existing report to replace") sys.exit(1)
def import_report(cb, parser, args): feed = get_feed(cb, feed_id=args.id, feed_name=args.feedname) imp_dict = json.loads(sys.stdin.read()) reports = feed.reports existing_report = next((report for report in reports if imp_dict["id"] == report.id), None) if existing_report: eprint("Report already exists; use replace-report.") sys.exit(1) else: imp_report = cb.create(Report, imp_dict) feed.append_reports([imp_report])
def get_report(feed, report_id=None, report_name=None): if report_id: reports = [report for report in feed.reports if report.id == report_id] if not reports: eprint("No reports with ID '{}'".format(report_id)) sys.exit(1) elif len(reports) > 1: eprint("More than one report with ID '{}'".format(report_id)) sys.exit(1) elif report_name: reports = [ report for report in feed.reports if report.title == report_name ] if not reports: eprint("No reports named '{}'".format(report_name)) sys.exit(1) elif len(reports) > 1: eprint("More than one report named '{}'".format(report_name)) sys.exit(1) else: raise ValueError("expected either report_id or report_name") return reports[0]
def import_report(cb, parser, args): feed = get_feed(cb, feed_id=args.id, feed_name=args.feedname) imp_dict = json.loads(sys.stdin.read()) reports = feed.reports existing_report = next( (report for report in reports if imp_dict["id"] == report.id), None) if existing_report: eprint("Report already exists; use replace-report.") sys.exit(1) else: imp_report = cb.create(Report, imp_dict) feed.append_reports([imp_report])
def list_feeds(cb, parser, args): if args.iocs and not args.reports: eprint("--iocs specified without --reports") sys.exit(1) feeds = cb.select(Feed).where(include_public=args.public) for feed in feeds: print(feed) if args.reports: for report in feed.reports: print(report) if args.iocs: for ioc in report.iocs_: print(ioc)
def get_watchlist(cb, watchlist_id=None, watchlist_name=None): if watchlist_id: return cb.select(Watchlist, watchlist_id) elif watchlist_name: feeds = [feed for feed in cb.select(Watchlist) if feed.name == watchlist_name] if not feeds: eprint("No watchlist named {}".format(watchlist_name)) sys.exit(1) elif len(feeds) > 1: eprint("More than one feed named {}, not continuing".format(watchlist_name)) sys.exit(1) return feeds[0] else: raise ValueError("expected either watchlist_id or watchlist_name")
def get_report(watchlist, report_id=None, report_name=None): if report_id: reports = [report for report in watchlist.reports if report.id == report_id] elif report_name: reports = [report for report in watchlist.reports if report.title == report_name] else: raise ValueError("expected either report_id or report_name") if not reports: eprint("No matching reports found.") sys.exit(1) if len(reports) > 1: eprint("More than one matching report found.") sys.exit(1) return reports[0]
def get_feed(cb, feed_id=None, feed_name=None): if feed_id: return cb.select(Feed, feed_id) elif feed_name: feeds = [feed for feed in cb.select(Feed) if feed.name == feed_name] if not feeds: eprint("No feeds named '{}'".format(feed_name)) sys.exit(1) elif len(feeds) > 1: eprint("More than one feed named '{}'".format(feed_name)) sys.exit(1) return feeds[0] else: raise ValueError("expected either feed_id or feed_name")
def alter_ioc(cb, parser, args): watchlist = get_watchlist(cb, watchlist_id=args.watchlist_id) report = get_report(watchlist, report_id=args.report_id) iocs = [ioc for ioc in report.iocs_ if ioc.id == args.ioc_id] if not iocs: eprint("No IOC with ID {} found.".format(args.ioc_id)) sys.exit(1) elif len(iocs) > 1: eprint("More than one IOC with ID {} found.".format(args.ioc_id)) sys.exit(1) if args.activate: iocs[0].unignore() elif args.deactivate: iocs[0].ignore()
def get_report_feed(watchlist, report_id=None, report_name=None): reports = watchlist.feed.reports if report_id: reports = [report for report in reports if report.id == report_id] elif report_name: reports = [report for report in reports if report.title == report_name] else: raise ValueError("expected either report_id or report_name") if not reports: eprint("No matching reports found.") sys.exit(1) if len(reports) > 1: eprint("More than one matching report found.") sys.exit(1) return reports[0]
def get_watchlist(cb, watchlist_id=None, watchlist_name=None): if watchlist_id: return cb.select(Watchlist, watchlist_id) elif watchlist_name: feeds = [ feed for feed in cb.select(Watchlist) if feed.name == watchlist_name ] if not feeds: eprint("No watchlist named {}".format(watchlist_name)) sys.exit(1) elif len(feeds) > 1: eprint("More than one feed named {}, not continuing".format( watchlist_name)) sys.exit(1) return feeds[0] else: raise ValueError("expected either watchlist_id or watchlist_name")
def get_report(feed, report_id=None, report_name=None): if report_id: reports = [report for report in feed.reports if report.id == report_id] if not reports: eprint("No reports with ID '{}'".format(report_id)) sys.exit(1) elif len(reports) > 1: eprint("More than one report with ID '{}'".format(report_id)) sys.exit(1) elif report_name: reports = [report for report in feed.reports if report.title == report_name] if not reports: eprint("No reports named '{}'".format(report_name)) sys.exit(1) elif len(reports) > 1: eprint("More than one report named '{}'".format(report_name)) sys.exit(1) else: raise ValueError("expected either report_id or report_name") return reports[0]