def sixgill_get_indicators_command():
max_indicators = get_limit(
demisto.args().get('maxIndicators', MAX_INDICATORS), MAX_INDICATORS)
sixgill_darkfeed_client = SixgillFeedClient(
demisto.params()['client_id'],
demisto.params()['client_secret'], CHANNEL_CODE, FeedStream.DARKFEED,
demisto, max_indicators, SESSION, VERIFY)
bundle = sixgill_darkfeed_client.get_bundle()
sixgill_darkfeed_client.commit_indicators()
num_of_indicators = 0
for stix_item in bundle.get("objects"):
if is_indicator(stix_item):
num_of_indicators += 1
if stix_item.get("sixgill_severity"):
stix_item['score'] = to_demisto_score(
stix_item.get("sixgill_severity", 0))
human_readable = f"# Fetched {num_of_indicators} DarkFeed indicators"
bundle_id = bundle.get("id", "bundle")
entry = fileResult(f'{bundle_id}.json', json.dumps(bundle),
entryTypes['entryInfoFile'])
entry["HumanReadable"] = human_readable
entry["ContentsFormat"] = formats["markdown"]
demisto.results(entry)
def fetch_indicators_command(client: SixgillFeedClient,
limit: int = 0,
get_indicators_mode: bool = False,
tags: list = []):
bundle = client.get_bundle()
indicators_to_create: List = []
indicator_values_set: Set = set()
for stix_indicator in bundle.get("objects"):
if is_indicator(stix_indicator):
demisto_indicators = stix2_to_demisto_indicator(
stix_indicator, demisto, tags)
for indicator in demisto_indicators:
if indicator.get("value") not in indicator_values_set:
indicator_values_set.add(indicator.get("value"))
indicators_to_create.append(indicator)
if get_indicators_mode and len(indicators_to_create) == limit:
break
if not get_indicators_mode:
client.commit_indicators()
return indicators_to_create
def fetch_indicators_command(client: SixgillFeedClient,
limit: int = 0,
get_indicators_mode: bool = False):
bundle = client.get_bundle()
indicators_to_create: List = []
for stix_indicator in bundle.get("objects"):
if is_indicator(stix_indicator):
demisto_indicators = stix2_to_demisto_indicator(
stix_indicator, demisto)
indicators_to_create.extend(demisto_indicators)
if get_indicators_mode and len(indicators_to_create) == limit:
break
if not get_indicators_mode:
client.commit_indicators()
return indicators_to_create
def fetch_indicators_command(
client, limit: int = 0, get_indicators_mode: bool = False, tags: list = [], tlp_color: Optional[str] = None
):
indicators_list = []
try:
records = client.get_bundle()
records = records.get("objects", [])
for rec in records:
if is_indicator(rec):
# if not rec.get("type", "") == "marking-definition":
ind = stix_to_indicator(rec, tags, tlp_color)
indicators_list.append(ind)
if get_indicators_mode and len(indicators_list) == limit:
break
if not get_indicators_mode:
client.commit_indicators()
except Exception as err:
err_msg = f'Error in {INTEGRATION_NAME} Integration [{err}]\nTrace:\n{traceback.format_exc()}'
raise DemistoException(err_msg)
return indicators_list