def objects(cls, text=None, strict_text=False, type_=None, threat_type=None, fields=None, limit=None, since=None, until=None, __raw__=None, full_response=False, dict_generator=False, retries=None): """ Get objects from ThreatExchange. :param text: The text used for limiting the search. :type text: str :param strict_text: Whether we should use strict searching. :type strict_text: bool, str, int :param type_: The Indicator type to limit to. :type type_: str :param threat_type: The Threat type to limit to. :type threat_type: str :param fields: Select specific fields to pull :type fields: str, list :param limit: The maximum number of objects to return. :type limit: int, str :param since: The timestamp to limit the beginning of the search. :type since: str :param until: The timestamp to limit the end of the search. :type until: str :param __raw__: Provide a dictionary to force as GET parameters. Overrides all other arguments. :type __raw__: dict :param full_response: Return the full response instead of the generator. Takes precedence over dict_generator. :type full_response: bool :param dict_generator: Return a dictionary instead of an instantiated object. :type dict_generator: bool :param retries: Number of retries to fetch a page before stopping. :type retries: int :returns: Generator, dict (using json.loads()) """ if __raw__: if isinstance(__raw__, dict): params = __raw__ else: raise pytxValueError('__raw__ must be of type dict') else: params = Broker.build_get_parameters( text=text, strict_text=strict_text, type_=type_, threat_type=threat_type, fields=fields, limit=limit, since=since, until=until, ) if full_response: return Broker.get(cls._URL, params=params, retries=retries) else: return Broker.get_generator(cls, cls._URL, to_dict=dict_generator, params=params, retries=retries)
def mine(cls, role=None, full_response=False, dict_generator=False, retries=None, headers=None, proxies=None, verify=None): """ Find all of the Threat Privacy Groups that I am either the owner or a member. :param role: Whether you are an 'owner' or a 'member' :type role: str :param full_response: Return the full response instead of the generator. Takes precedence over dict_generator. :type full_response: bool :param dict_generator: Return a dictionary instead of an instantiated object. :type dict_generator: bool :param retries: Number of retries to fetch a page before stopping. :type retries: int :param headers: header info for requests. :type headers: dict :param proxies: proxy info for requests. :type proxies: dict :param verify: verify info for requests. :type verify: bool, str :returns: Generator, dict (using json.loads()) """ if role is None: raise pytxValueError('Must provide a role') app_id = get_app_id() + '/' if role == 'owner': role = t.THREAT_PRIVACY_GROUPS_OWNER elif role == 'member': role = t.THREAT_PRIVACY_GROUPS_MEMBER else: raise pytxValueError('Role must be "owner" or "member"') params = {'fields': ','.join(cls._fields)} url = t.URL + t.VERSION + app_id + role if full_response: return Broker.get(url, params=params, retries=retries, headers=headers, proxies=proxies, verify=verify) else: return Broker.get_generator(cls, url, params=params, to_dict=dict_generator, retries=retries, headers=headers, proxies=proxies, verify=verify)
def details(cls_or_self, id=None, fields=None, connection=None, full_response=False, dict_generator=False, retries=None, metadata=False): """ Get object details. Allows you to limit the fields returned in the object's details. Also allows you to provide a connection. If a connection is provided, the related objects will be returned instead of the object itself. NOTE: This method can be used on both instantiated and uninstantiated classes like so: foo = ThreatIndicator(id='1234') foo.details() foo = ThreatIndicator.details(id='1234') BE AWARE: Due to the nature of ThreatExchange allowing you to query for an object by ID but not actually telling you the type of object returned to you, using an ID for an object of a different type (ex: ID for a Malware object using ThreatIndicator class) will result in the wrong object populated with only data that is common between the two objects. :param id: The ID of the object to get details for if the class is not instantiated. :type id: str :param fields: The fields to limit the details to. :type fields: None, str, list :param connection: The connection to find other related objects with. :type connection: None, str :param full_response: Return the full response instead of the generator. Takes precedence over dict_generator. :type full_response: bool :param dict_generator: Return a dictionary instead of an instantiated object. :type dict_generator: bool :param retries: Number of retries to fetch a page before stopping. :type retries: int :param metadata: Get extra metadata in the response. :type metadata: bool :returns: Generator, dict, class """ if isinstance(cls_or_self, type): url = t.URL + t.VERSION + id + '/' else: url = cls_or_self._DETAILS if connection: url = url + connection + '/' params = Broker.build_get_parameters() if isinstance(fields, basestring): fields = fields.split(',') if fields is not None and not isinstance(fields, list): raise pytxValueError('fields must be a list') if fields is not None: params[t.FIELDS] = ','.join(f.strip() for f in fields) if metadata: params[t.METADATA] = 1 if full_response: return Broker.get(url, params=params, retries=retries) else: if connection: # Avoid circular imports from malware import Malware from malware_family import MalwareFamily from threat_indicator import ThreatIndicator from threat_descriptor import ThreatDescriptor conns = { conn.DESCRIPTORS: ThreatDescriptor, conn.DROPPED: Malware, conn.DROPPED_BY: Malware, conn.FAMILIES: MalwareFamily, conn.MALWARE_ANALYSES: Malware, conn.RELATED: ThreatIndicator, conn.THREAT_INDICATORS: ThreatIndicator, conn.VARIANTS: Malware, } klass = conns.get(connection, None) return Broker.get_generator(klass, url, to_dict=dict_generator, params=params, retries=retries) else: if isinstance(cls_or_self, type): return Broker.get_new( cls_or_self, Broker.get(url, params=params, retries=retries)) else: cls_or_self.populate( Broker.get(url, params=params, retries=retries)) cls_or_self._changed = []
def details(cls_or_self, id=None, fields=None, connection=None, full_response=False, dict_generator=False, retries=None, headers=None, proxies=None, verify=None, metadata=False): """ Get object details. Allows you to limit the fields returned in the object's details. Also allows you to provide a connection. If a connection is provided, the related objects will be returned instead of the object itself. NOTE: This method can be used on both instantiated and uninstantiated classes like so: foo = ThreatIndicator(id='1234') foo.details() foo = ThreatIndicator.details(id='1234') BE AWARE: Due to the nature of ThreatExchange allowing you to query for an object by ID but not actually telling you the type of object returned to you, using an ID for an object of a different type (ex: ID for a Malware object using ThreatIndicator class) will result in the wrong object populated with only data that is common between the two objects. :param id: The ID of the object to get details for if the class is not instantiated. :type id: str :param fields: The fields to limit the details to. :type fields: None, str, list :param connection: The connection to find other related objects with. :type connection: None, str :param full_response: Return the full response instead of the generator. Takes precedence over dict_generator. :type full_response: bool :param dict_generator: Return a dictionary instead of an instantiated object. :type dict_generator: bool :param retries: Number of retries to fetch a page before stopping. :type retries: int :param headers: header info for requests. :type headers: dict :param proxies: proxy info for requests. :type proxies: dict :param verify: verify info for requests. :type verify: bool, str :param metadata: Get extra metadata in the response. :type metadata: bool :returns: Generator, dict, class """ if isinstance(cls_or_self, type): url = t.URL + t.VERSION + id + '/' else: url = cls_or_self._DETAILS if connection: url = url + connection + '/' params = Broker.build_get_parameters() if isinstance(fields, basestring): fields = fields.split(',') if fields is not None and not isinstance(fields, list): raise pytxValueError('fields must be a list') if fields is not None: params[t.FIELDS] = ','.join(f.strip() for f in fields) if metadata: params[t.METADATA] = 1 if full_response: return Broker.get(url, params=params, retries=retries, headers=headers, proxies=proxies, verify=verify) else: if connection: # Avoid circular imports from malware import Malware from malware_family import MalwareFamily from threat_indicator import ThreatIndicator from threat_descriptor import ThreatDescriptor conns = { conn.DESCRIPTORS: ThreatDescriptor, conn.DROPPED: Malware, conn.DROPPED_BY: Malware, conn.FAMILIES: MalwareFamily, conn.MALWARE_ANALYSES: Malware, conn.RELATED: ThreatIndicator, conn.THREAT_INDICATORS: ThreatIndicator, conn.VARIANTS: Malware, } klass = conns.get(connection, None) return Broker.get_generator(klass, url, to_dict=dict_generator, params=params, retries=retries, headers=headers, proxies=proxies, verify=verify) else: if isinstance(cls_or_self, type): return Broker.get_new(cls_or_self, Broker.get(url, params=params, retries=retries, headers=headers, proxies=proxies, verify=verify)) else: cls_or_self.populate(Broker.get(url, params=params, retries=retries, headers=headers, proxies=proxies, verify=verify)) cls_or_self._changed = []
def objects(cls, text=None, strict_text=False, type_=None, threat_type=None, fields=None, limit=None, since=None, until=None, include_expired=False, max_confidence=None, min_confidence=None, owner=None, status=None, __raw__=None, full_response=False, dict_generator=False, retries=None, headers=None, proxies=None, verify=None): """ Get objects from ThreatExchange. :param text: The text used for limiting the search. :type text: str :param strict_text: Whether we should use strict searching. :type strict_text: bool, str, int :param type_: The Indicator type to limit to. :type type_: str :param threat_type: The Threat type to limit to. :type threat_type: str :param fields: Select specific fields to pull :type fields: str, list :param limit: The maximum number of objects to return. :type limit: int, str :param since: The timestamp to limit the beginning of the search. :type since: str :param until: The timestamp to limit the end of the search. :type until: str :param include_expired: Include expired content in your results. :type include_expired: bool :param max_confidence: The max confidence level to search for. :type max_confidence: int :param min_confidence: The min confidence level to search for. :type min_confidence: int :param owner: The owner to limit to. This can be comma-delimited to include multiple owners. :type owner: str :param status: The status to limit to. :type status: str :param __raw__: Provide a dictionary to force as GET parameters. Overrides all other arguments. :type __raw__: dict :param full_response: Return the full response instead of the generator. Takes precedence over dict_generator. :type full_response: bool :param dict_generator: Return a dictionary instead of an instantiated object. :type dict_generator: bool :param retries: Number of retries to fetch a page before stopping. :type retries: int :param headers: header info for requests. :type headers: dict :param proxies: proxy info for requests. :type proxies: dict :param verify: verify info for requests. :type verify: bool, str :returns: Generator, dict (using json.loads()) """ if __raw__: if isinstance(__raw__, dict): params = __raw__ else: raise pytxValueError('__raw__ must be of type dict') else: params = Broker.build_get_parameters( text=text, strict_text=strict_text, type_=type_, threat_type=threat_type, fields=fields, limit=limit, since=since, until=until, include_expired=include_expired, max_confidence=max_confidence, min_confidence=min_confidence, owner=owner, status=status ) if full_response: return Broker.get(cls._URL, params=params, retries=retries, headers=headers, proxies=proxies, verify=verify) else: return Broker.get_generator(cls, cls._URL, to_dict=dict_generator, params=params, retries=retries, headers=headers, proxies=proxies, verify=verify)
def objects(cls, text=None, strict_text=False, type_=None, threat_type=None, fields=None, limit=None, since=None, until=None, include_expired=False, max_confidence=None, min_confidence=None, owner=None, status=None, __raw__=None, full_response=False, dict_generator=False, retries=None, proxies=None, verify=None): """ Get objects from ThreatExchange. :param text: The text used for limiting the search. :type text: str :param strict_text: Whether we should use strict searching. :type strict_text: bool, str, int :param type_: The Indicator type to limit to. :type type_: str :param threat_type: The Threat type to limit to. :type threat_type: str :param fields: Select specific fields to pull :type fields: str, list :param limit: The maximum number of objects to return. :type limit: int, str :param since: The timestamp to limit the beginning of the search. :type since: str :param until: The timestamp to limit the end of the search. :type until: str :param include_expired: Include expired content in your results. :type include_expired: bool :param max_confidence: The max confidence level to search for. :type max_confidence: int :param min_confidence: The min confidence level to search for. :type min_confidence: int :param owner: The owner to limit to. This can be comma-delimited to include multiple owners. :type owner: str :param status: The status to limit to. :type status: str :param __raw__: Provide a dictionary to force as GET parameters. Overrides all other arguments. :type __raw__: dict :param full_response: Return the full response instead of the generator. Takes precedence over dict_generator. :type full_response: bool :param dict_generator: Return a dictionary instead of an instantiated object. :type dict_generator: bool :param retries: Number of retries to fetch a page before stopping. :type retries: int :param proxies: proxy info for requests. :type proxies: dict :param verify: verify info for requests. :type verify: bool, str :returns: Generator, dict (using json.loads()) """ if __raw__: if isinstance(__raw__, dict): params = __raw__ else: raise pytxValueError('__raw__ must be of type dict') else: params = Broker.build_get_parameters( text=text, strict_text=strict_text, type_=type_, threat_type=threat_type, fields=fields, limit=limit, since=since, until=until, include_expired=include_expired, max_confidence=max_confidence, min_confidence=min_confidence, owner=owner, status=status) if full_response: return Broker.get(cls._URL, params=params, retries=retries, proxies=proxies, verify=verify) else: return Broker.get_generator(cls, cls._URL, to_dict=dict_generator, params=params, retries=retries, proxies=proxies, verify=verify)
def connections(cls_or_self, id=None, connection=None, fields=None, limit=None, full_response=False, dict_generator=False, request_dict=False, retries=None, headers=None, proxies=None, verify=None, metadata=False): """ Get object connections. Allows you to limit the fields returned for the objects. NOTE: This method can be used on both instantiated and uninstantiated classes like so: foo = ThreatIndicator(id='1234') foo.connections(connections='foo') foo = ThreatIndicator.connetions(id='1234' connections='foo') :param id: The ID of the object to get connections for if the class is not instantiated. :type id: str :param fields: The fields to limit the details to. :type fields: None, str, list :param limit: Limit the results. :type limit: None, int :param connection: The connection to find other related objects with. :type connection: None, str :param full_response: Return the full response instead of the generator. Takes precedence over dict_generator. :type full_response: bool :param dict_generator: Return a dictionary instead of an instantiated object. :type dict_generator: bool :param request_dict: Return a request dictionary only. :type request_dict: bool :param retries: Number of retries to fetch a page before stopping. :type retries: int :param headers: header info for requests. :type headers: dict :param proxies: proxy info for requests. :type proxies: dict :param verify: verify info for requests. :type verify: bool, str :param metadata: Get extra metadata in the response. :type metadata: bool :returns: Generator, dict, class, str """ if isinstance(cls_or_self, type): url = t.URL + t.VERSION + id + '/' else: url = cls_or_self._DETAILS if connection: url = url + connection + '/' params = Broker.build_get_parameters(limit=limit) if isinstance(fields, basestring): fields = fields.split(',') if fields is not None and not isinstance(fields, list): raise pytxValueError('fields must be a list') if fields is not None: params[t.FIELDS] = ','.join(f.strip() for f in fields) if metadata: params[t.METADATA] = 1 if request_dict: return Broker.request_dict('GET', url, params=params) if full_response: return Broker.get(url, params=params, retries=retries, headers=headers, proxies=proxies, verify=verify) else: # Avoid circular imports from malware import Malware from malware_family import MalwareFamily from threat_indicator import ThreatIndicator from threat_descriptor import ThreatDescriptor conns = { conn.DESCRIPTORS: ThreatDescriptor, conn.DROPPED: Malware, conn.DROPPED_BY: Malware, conn.FAMILIES: MalwareFamily, conn.MALWARE_ANALYSES: Malware, conn.RELATED: ThreatIndicator, conn.THREAT_INDICATORS: ThreatIndicator, conn.VARIANTS: Malware, } klass = conns.get(connection, None) return Broker.get_generator(klass, url, to_dict=dict_generator, params=params, retries=retries, headers=headers, proxies=proxies, verify=verify)
def details(cls_or_self, id=None, fields=None, connection=None, full_response=False, dict_generator=False, metadata=False): """ Get object details. Allows you to limit the fields returned in the object's details. Also allows you to provide a connection. If a connection is provided, the related objects will be returned instead of the object itself. NOTE: This method can be used on both instantiated and uninstantiated classes like so: foo = ThreatIndicator(id='1234') foo.details() foo = ThreatIndicator.details(id='1234') BE AWARE: Due to the nature of ThreatExchange allowing you to query for an object by ID but not actually telling you the type of object returned to you, using an ID for an object of a different type (ex: ID for a Malware object using ThreatIndicator class) will result in the wrong object populated with only data that is common between the two objects. :param id: The ID of the object to get details for if the class is not instantiated. :type id: str :param fields: The fields to limit the details to. :type fields: None, str, list :param connection: The connection to find other related objects with. :type connection: None, str :param full_response: Return the full response instead of the generator. Takes precedence over dict_generator. :type full_response: bool :param dict_generator: Return a dictionary instead of an instantiated object. :type dict_generator: bool :param metadata: Get extra metadata in the response. :type metadata: bool :returns: Generator, dict, class """ if isinstance(cls_or_self, type): url = t.URL + t.VERSION + id + '/' else: url = cls_or_self._DETAILS if connection: url = url + connection + '/' params = Broker.build_get_parameters() if isinstance(fields, basestring): fields = fields.split(',') if fields is not None and not isinstance(fields, list): raise pytxValueError('fields must be a list') if fields is not None: params[t.FIELDS] = ','.join(f.strip() for f in fields) if metadata: params[t.METADATA] = 1 if full_response: return Broker.get(url, params=params) else: if connection: return Broker.get_generator(cls_or_self, url, t.NO_TOTAL, to_dict=dict_generator, params=params) else: if isinstance(cls_or_self, type): return Broker.get_new(cls_or_self, Broker.get(url, params=params)) else: cls_or_self.populate(Broker.get(url, params=params))