def __init__(self, url = None, username = None, password = None, apiKey = None, proxies={}, cert=True, organisation=None, version=None, sid = "", logger = None):
self.logger = logger
if version=="TheHive4":
self.logger.debug("[TH25] TheHive version is 4.x")
if sys.version_info[0] < 3:
version = Version.THEHIVE_4
else:
version = Version.THEHIVE_4.value
elif version=="TheHive3":
self.logger.debug("[TH26] TheHive version is 3.x")
if sys.version_info[0] < 3:
version = Version.THEHIVE_3
else:
version = Version.THEHIVE_3.value
else:
self.logger.warning("[TH27] No valid version of TheHive was found for the given type: \""+str(version)+"\". Default will be used (TheHive 3)")
if sys.version_info[0] < 3:
version = Version.THEHIVE_3
else:
version = Version.THEHIVE_3.value
try :
if sys.version_info[0] < 3:
if apiKey is not None:
TheHiveApi.__init__(self,url=str(url),principal=str(apiKey),password=None,proxies=proxies,cert=cert,organisation=organisation,version=version)
elif password is not None:
TheHiveApi.__init__(self,url=str(url),principal=username,password=password,proxies=proxies,cert=cert,organisation=organisation,version=version)
else:
self.logger.error("[TH30-ERROR] THE_HIVE_AUTHENTICATION - Password AND API Key are null values")
exit(30)
else:
if apiKey is not None:
super().__init__(url=str(url),principal=str(apiKey),password=None,proxies=proxies,cert=cert,organisation=organisation,version=version)
elif password is not None:
super().__init__(url=str(url),principal=username,password=password,proxies=proxies,cert=cert,organisation=organisation,version=version)
else:
self.logger.error("[TH31-ERROR] THE_HIVE_AUTHENTICATION - Password AND API Key are null values")
exit(31)
self.logger.debug("[TH35] TheHive instance is initialized")
# Try to connect to the API by recovering some cases
self.find_cases(query={}, range='all')
if apiKey is not None:
self.logger.debug("[TH40] TheHive API connection to (URL=\""+url+"\",API key=\""+apiKey+"\") is successful")
elif password is not None:
self.logger.debug("[TH41] TheHive API connection to (URL=\""+url+"\",Username=\""+username+"\",Password=\""+password+"\") is successful")
except thehive4py.exceptions.TheHiveException as e:
if "CERTIFICATE_VERIFY_FAILED" in str(e):
self.logger.warning("[TH45] THE_HIVE_CERTIFICATE_FAILED - It seems that the certificate verification failed. Please check that the certificate authority is added to \""+str(certifi.where())+"\". Complete error: "+str(e))
sys.exit(45)
else:
self.logger.error("[TH46-GENERIC-ERROR] THE_HIVE_CONNECTION_ERROR - Error: "+str(e))
sys.exit(46)
self.__sid = sid
def __init__(self,
url=None,
username=None,
password=None,
apiKey=None,
proxies={},
cert=None,
verify=True,
organisation=None,
version=None,
sid="",
logger=None):
self.logger = logger
if version == "TheHive4":
self.logger.debug("[TH25] TheHive version is 4.x")
if sys.version_info[0] < 3:
version = Version.THEHIVE_4
else:
version = Version.THEHIVE_4.value
elif version == "TheHive3":
self.logger.debug("[TH26] TheHive version is 3.x")
if sys.version_info[0] < 3:
version = Version.THEHIVE_3
else:
version = Version.THEHIVE_3.value
else:
self.logger.warning(
"[TH27] No valid version of TheHive was found for the given type: \""
+ str(version) + "\". Default will be used (TheHive 3)")
if sys.version_info[0] < 3:
version = Version.THEHIVE_3
else:
version = Version.THEHIVE_3.value
try:
if sys.version_info[0] < 3:
if apiKey is not None:
TheHiveApi.__init__(self,
url=str(url),
principal=str(apiKey),
password=None,
proxies=proxies,
verify=verify,
cert=cert,
organisation=organisation,
version=version)
elif password is not None:
TheHiveApi.__init__(self,
url=str(url),
principal=username,
password=password,
proxies=proxies,
verify=verify,
cert=cert,
organisation=organisation,
version=version)
else:
self.logger.error(
"[TH30-ERROR] THE_HIVE_AUTHENTICATION - Password AND API Key are null values"
)
exit(30)
else:
if apiKey is not None:
super().__init__(url=str(url),
principal=str(apiKey),
password=None,
proxies=proxies,
verify=verify,
cert=cert,
organisation=organisation,
version=version)
elif password is not None:
super().__init__(url=str(url),
principal=username,
password=password,
proxies=proxies,
verify=verify,
cert=cert,
organisation=organisation,
version=version)
else:
self.logger.error(
"[TH31-ERROR] THE_HIVE_AUTHENTICATION - Password AND API Key are null values"
)
exit(31)
self.logger.debug("[TH35] TheHive instance is initialized")
# Try to connect to the API by recovering some cases
self.find_cases(query={}, range='all')
if apiKey is not None:
self.logger.debug("[TH40] TheHive API connection to (URL=\"" +
url + "\",API key=\"" + apiKey +
"\") is successful")
elif password is not None:
self.logger.debug("[TH41] TheHive API connection to (URL=\"" +
url + "\",Username=\"" + username +
"\",Password=\"" + password +
"\") is successful")
except thehive4py.exceptions.TheHiveException as e:
if "CERTIFICATE_VERIFY_FAILED" in str(e):
self.logger.warning(
"[TH45] THE_HIVE_CERTIFICATE_FAILED - It seems that the certificate verification failed. Please check that the certificate authority is added to \""
+ str(certifi.where()) + "\". Complete error: " + str(e))
sys.exit(45)
elif "HANDSHAKE_FAILURE" in str(e):
self.logger.warning(
"[TH46] THE_HIVE_HANDHSHAKE_FAILURE - It seems that the SSL handshake failed. A possible solution is to check if the remote server/proxy is not expecting a client certificate. Complete error: "
+ str(e))
sys.exit(46)
elif "Proxy Authentication Required" in str(e):
self.logger.warning(
"[TH47] THE_HIVE_PROXY_AUTHENTICATION_ERROR - It seems that the connection to the proxy has failed as it's required an authentication (none was provided or the username/password is not working). Proxy information are: "
+ str(proxies) + ". Complete error: " + str(e))
sys.exit(47)
elif "ProxyError" in str(e):
self.logger.warning(
"[TH48] THE_HIVE_PROXY_ERROR - It seems that the connection to the proxy has failed. Proxy information are: "
+ str(proxies) + ". Complete error: " + str(e))
sys.exit(48)
else:
self.logger.error(
"[TH60-GENERIC-ERROR] THE_HIVE_CONNECTION_ERROR - Error: "
+ str(e))
sys.exit(60)
self.__sid = sid
