def search(self):
"""
Prepare the query to search the observables with the specified filters.
:returns: Query Object.
"""
self._validate_search_params()
url = "{}{}".format(self.base_url, self._search_endpoint)
query = Query(self.config,
url,
Methods.POST,
query_string=self.query_params.serialize())
return query.set_params(self.payload_params)
def extract_terms(self):
"""Extracts IOCs from unstructured text and returns a list of entities ready to be submitted.
You have to call 'set_text_to_be_extracted' before calling this method.
:returns: HTTP response with parsed entities in its content.
"""
if not self.payload_params.get("text"):
raise AttributeError(
"You did not set any text for entities extraction. Call 'set_text_to_be_extracted' before."
)
result = Query(self.config, self.extract_endpoint, Methods.POST).set_params(self.payload_params).execute()
return TruStarResponse(status_code=result.status_code, data=result.json())
def get_from_submission(self,
submission_id,
id_type=ID_Types.INTERNAL.value):
"""
Prepare the query to get the observables from a submission.
:param submission_id: The guid of the submission
:param id_type (optional): 'INTERNAL' | 'EXTERNAL' | 'UNRECOGNIZED'
:returns: Query Object.
"""
url = "{}{}".format(self.base_url, self._get_from_submission_endpoint)
self.set_query_param(ObservablesEnum.SUBMISSION_ID.value,
submission_id)
self.set_query_param(ObservablesEnum.ID_TYPE.value, id_type)
query = Query(self.config, url, Methods.GET)
return query.set_query_string(self.query_params)
def get_safelist_libraries(self):
"""Retrieves safelist details given a library guid.
You have to call 'set_library_guid' before calling this method.
:returns: HTTP response with safelist library summaries in it's content.
"""
result = Query(self.config, self.summaries_endpoint, Methods.GET).set_params(self.payload_params).execute()
data = result.json()
if result.status_code == STATUS_OK:
data = [SafelistLibrary.from_dict(s) for s in data]
return TruStarResponse(
status_code=result.status_code,
data=data
)
def get_safelist_details(self):
"""Retrieves safelist details given a library guid.
You have to call 'set_library_guid' before calling this method.
:returns: HTTP response with Safelist Library Details in it's content.
"""
self._validate_library_guid_is_present()
result = Query(self.config, self.details_endpoint, Methods.GET).set_params(self.payload_params).execute()
data = result.json()
if result.status_code == STATUS_OK:
data = SafelistLibrary.from_dict(data)
return TruStarResponse(
status_code=result.status_code,
data=data
)
def delete_entry(self, entry_guid):
"""Deletes an entry from a safelist library.
You have to call 'set_library_guid' before calling this method.
:param entry_guid: entry guid to be deleted.
"""
self._validate_library_guid_is_present()
endpoint = self.details_endpoint + "/" + entry_guid
result = Query(self.config, endpoint, Methods.DELETE).set_params(self.payload_params).execute()
return TruStarResponse(status_code=result.status_code, data="OK" if result.status_code < 300 else "ERROR")
def create_safelist(self):
"""Creates a new safelist library with the corresponding name.
You have to call 'set_library_name' before calling this method.
:returns: HTTP response with safelist library summaries in it's content.
"""
if not self.payload_params.get("name"):
raise AttributeError(
"You must provide a name for the new library. Call the 'set_library_name' method before."
)
result = Query(self.config, self.summaries_endpoint, Methods.POST).set_params(self.payload_params).execute()
data = result.json()
if result.status_code == STATUS_OK:
data = SafelistLibrary.from_dict(data)
return TruStarResponse(
status_code=result.status_code,
data=data
)
def create_entries(self):
"""Creates a new entry in a safelist library.
You have to call 'set_safelist_entries' and 'set_library_guid'
before calling this method.
:returns: HTTP response with Safelist Library Details in it's content.
"""
self._validate_library_guid_is_present()
if not self.payload_params.get(SafelistEnum.ENTRIES.value):
raise AttributeError(
"You must call the 'set_safelist_entries' method before calling this method."
)
result = Query(self.config, self.details_endpoint, Methods.PATCH).set_params(self.payload_params).execute()
data = result.json()
if result.status_code == STATUS_OK:
data = SafelistLibrary.from_dict(data)
return TruStarResponse(
status_code=result.status_code,
data=data
)
def create_query(self, method):
return Query(self.config, self.endpoint, method)
def create_query(self, method, specific_endpoint=""):
"""Returns a new instance of a Query object according config, endpoint and method."""
endpoint = self.endpoint + specific_endpoint
return Query(self.config, endpoint, method)
def alter_tags(self):
result = (Query(self.config, self.tag_endpoint,
Methods.POST).set_params(
self.payload_params).execute())
return TruStarResponse(status_code=result.status_code,
data=result.json())