SMTP_SERVER = 'server.example.com' SMTP_DEFAULT_SEND_FROM = '*****@*****.**' SMTP_DEFAULT_SEND_TO = [ '*****@*****.**', ] # needs to be a list, even if single address HOST_LOOKUP_ENABLED = True PATH_TO_HOST_CSV = r'C:\Users\user\Desktop\example.csv' # pre-populate a dictionary of user names, as only the user ID is present in case # json. '_TheHiveApi__find_rows' is a way to access the __find_rows private method # within the TheHiveApi class. # See https://stackoverflow.com/questions/9145499/calling-private-function-within-the-same-class-python # and https://www.geeksforgeeks.org/name-mangling-in-python/ for additional details USER_DICT = { item['id']: item['name'] for item in API._TheHiveApi__find_rows('/api/user/_search').json() } # define fields to be extracted from json response, as well as any post-processing # desired for output formatting, all of which occur in by customParseJson() CASE_FIELDS_TO_PARSE = [ { 'jsonField': 'serviceNowTicketNumber', 'displayName': 'SNOW Ticket #(s)', 'isCustom': True, 'postProcessing': None, 'functionOnPostProcessingException': None, 'valueOnPostProcessingException': None, }, { 'jsonField': 'title',
from thehive4py.query import * from pymemcache.client.base import Client memcached_host = parser.get('memcached', 'host') memcached_port = int(parser.get('memcached', 'port')) memcached_agetime = int(parser.get('memcached', 'agetime')) memcached_sleeptime = int(parser.get('memcached', 'sleeptime')) memcached = Client((memcached_host, memcached_port)) hive_url = parser.get('hive', 'url') hive_key = parser.get('hive', 'apikey') api = TheHiveApi(hive_url, hive_key) ioc_query = {"ioc": "true"} response = api._TheHiveApi__find_rows('/api/case/artifact/_search?nparent=1', query=ioc_query) def getObservables(): if response.status_code == 200: #print(json.dumps(response.json(), indent=4, sort_keys=True)) jsondata = response.json() for i in jsondata: case_id = str(i['case']['_id']) case_title = i['case']['title'] observable_value = i['data'] observable_type = i['dataType'] # Memcached if observable_value != "": memcached_key = observable_type + '-' + observable_value memcached.set(memcached_key, case_id, memcached_agetime)