def apimethod_get_pulse_detail(pulse_id, hide_ioc=False): """Disable the config flag to start contributing to OTX Args: pulse_id(string): Pulse ID Returns: success (bool): True if successful, False elsewhere result(string): Error message if there was an error or empty string otherwise. """ pulse_id = pulse_id.lower() try: pulse_db = PulseDB() p_data = pulse_db.get(pulse_id) del pulse_db pulse = ast.literal_eval(p_data) pulse['total_indicators'] = len(pulse['indicators']) if hide_ioc is True: pulse.pop('indicators', False) elif len(pulse['indicators']) > 0: indicators = {} for ioc in pulse['indicators']: ioc_key = hashlib.md5(ioc.get('indicator', '')).hexdigest() indicators[ioc_key] = ioc pulse['indicators'] = indicators except RedisDBKeyNotFound, err: api_log.error( "[apimethod_get_pulse_detail] Cannot find the Pulse ID [%s]: %s" % (str(pulse_id), str(err))) return False, "Cannot find the Pulse ID [%s]: %s" % (str(pulse_id), str(err))
def __init__(self, key, server="https://otx.alienvault.com/"): self.key = key self.server = server self.url_base = "%sapi/v1" % server self.pulse_db = PulseDB() self.pulse_correlation_db = PulseCorrelationDB() self.date_types = { "events": "latest_events_call_date", "subscribed": "latest_subscribed_call_date" }
def __init__(self, key, server="https://otx.alienvault.com/"): self.key = key self.server = server self.url_base = "{}api/v1".format(server) self.avproxy = AVProxy() self.pulse_db = PulseDB() self.pulse_correlation_db = PulseCorrelationDB() self.date_types = { "events": "latest_events_call_date", "subscribed": "latest_subscribed_call_date" } self.otx_user_version = self.get_otx_user_version()
def apimethod_get_otx_pulse_stats_summary(user): """Get the pulse statistics: #Pulses, #IOCs, Last Updated, #Alarms with Pulses, #Events with Pulses Args: user(string): User Login Returns: success (bool): True if successful, False elsewhere result(dic) : Error message if there was an error or dic with the pulse stats. """ stats = { "pulses": 0, "iocs": 0, "last_updated": "", "alarms": 0, "events": 0 } if apimethod_is_otx_enabled() is False: return False, 'OTX is not activated' try: pulse_db = PulseDB() pulses = pulse_db.get_range(0, -1) del pulse_db #Getting the number of pulses stats['pulses'] = len(pulses) #Counting the number of indicators for each pulse. for p in pulses: stats['iocs'] += len(p.get('indicators')) stats['alarms'] = db_get_otx_alarms(user) stats['events'] = db_get_otx_events(user) except Exception as err: api_log.error("[apimethod_get_otx_pulse_stats] %s" % str(err)) return False, "Error retrieving the Pulse Stats: %s" % str(err) success, last_updated = db_get_config("open_threat_exchange_latest_update") if not success: api_log.error("[apimethod_get_otx_pulse_stats] %s" % str(last_updated)) return False, "Error retrieving the Pulse Stats: %s" % str( last_updated) stats['last_updated'] = last_updated return True, stats
def apimethod_get_pulse_list(page=0, page_row=10): """Returns the list of current_status messages matching the given criteria. Args: page(int) : Page number page_row(int): Number of items per page Returns: A tuple (boolean,data) where the first argument indicates whether the operation went well or not, and the second one contains the data, in case the operation went wll or an error string otherwise """ pulse_list = {"total": 0, "pulses": []} start = page end = start + page_row - 1 try: pulse_db = PulseDB() p_keys = pulse_db.keys() p_vals = pulse_db.get_range(start, end, 'desc') del pulse_db pulses = [] for p in p_vals: pulses.append({ "id": p.get('id'), "name": p.get('name'), "author_name": p.get('author_name'), "created": p.get('created'), "description": p.get('description'), "modified": p.get('modified'), "tags": p.get('tags') }) pulse_list["total"] = len(p_keys) pulse_list["pulses"] = pulses except Exception as err: api_log.error("[apimethod_get_pulse_list] %s" % str(err)) return False, "Error retrieving the Pulse List: %s" % str(err) return True, pulse_list
def apimethod_remove_otx_account(): """Remove the OTX configuration from the database Returns: success (bool): True if successful, False elsewhere result(string): Error message if there was an error or empty string otherwise. """ #Removing the OTX config vars keys = [ "open_threat_exchange", "open_threat_exchange_key", "open_threat_exchange_username", "open_threat_exchange_user_id", "open_threat_exchange_last", "open_threat_exchange_latest_update", "open_threat_exchange_key_version" ] for k in keys: success, info = db_set_config(k, "") if not success: api_log.error("[apimethod_remove_otx_account] %s" % str(info)) return False, str(info) #Removing the pulse database try: pulse_db = PulseDB() pulse_correlation_db = PulseCorrelationDB() pulse_db.flush_db() pulse_correlation_db.purge_all() pulse_correlation_db.sync() del pulse_db del pulse_correlation_db except Exception as err: api_log.error("[apimethod_remove_otx_account] %s" % str(err)) return False, "Error removing OTX Account: Pulse List Cannot Be removed at this time." return True, ""