def apimethod_get_pulse_detail(pulse_id, hide_ioc=False):
"""Disable the config flag to start contributing to OTX
Args:
pulse_id(string): Pulse ID
Returns:
success (bool): True if successful, False elsewhere
result(string): Error message if there was an error or empty string otherwise.
"""
pulse_id = pulse_id.lower()
try:
pulse_db = PulseDB()
p_data = pulse_db.get(pulse_id)
del pulse_db
pulse = ast.literal_eval(p_data)
pulse['total_indicators'] = len(pulse['indicators'])
if hide_ioc is True:
pulse.pop('indicators', False)
elif len(pulse['indicators']) > 0:
indicators = {}
for ioc in pulse['indicators']:
ioc_key = hashlib.md5(ioc.get('indicator', '')).hexdigest()
indicators[ioc_key] = ioc
pulse['indicators'] = indicators
except RedisDBKeyNotFound, err:
api_log.error(
"[apimethod_get_pulse_detail] Cannot find the Pulse ID [%s]: %s" %
(str(pulse_id), str(err)))
return False, "Cannot find the Pulse ID [%s]: %s" % (str(pulse_id),
str(err))
def __init__(self, key, server="https://otx.alienvault.com/"):
self.key = key
self.server = server
self.url_base = "%sapi/v1" % server
self.pulse_db = PulseDB()
self.pulse_correlation_db = PulseCorrelationDB()
self.date_types = {
"events": "latest_events_call_date",
"subscribed": "latest_subscribed_call_date"
}
def __init__(self, key, server="https://otx.alienvault.com/"):
self.key = key
self.server = server
self.url_base = "{}api/v1".format(server)
self.avproxy = AVProxy()
self.pulse_db = PulseDB()
self.pulse_correlation_db = PulseCorrelationDB()
self.date_types = {
"events": "latest_events_call_date",
"subscribed": "latest_subscribed_call_date"
}
self.otx_user_version = self.get_otx_user_version()
def apimethod_get_otx_pulse_stats_summary(user):
"""Get the pulse statistics:
#Pulses, #IOCs, Last Updated, #Alarms with Pulses, #Events with Pulses
Args:
user(string): User Login
Returns:
success (bool): True if successful, False elsewhere
result(dic) : Error message if there was an error or dic with the pulse stats.
"""
stats = {
"pulses": 0,
"iocs": 0,
"last_updated": "",
"alarms": 0,
"events": 0
}
if apimethod_is_otx_enabled() is False:
return False, 'OTX is not activated'
try:
pulse_db = PulseDB()
pulses = pulse_db.get_range(0, -1)
del pulse_db
#Getting the number of pulses
stats['pulses'] = len(pulses)
#Counting the number of indicators for each pulse.
for p in pulses:
stats['iocs'] += len(p.get('indicators'))
stats['alarms'] = db_get_otx_alarms(user)
stats['events'] = db_get_otx_events(user)
except Exception as err:
api_log.error("[apimethod_get_otx_pulse_stats] %s" % str(err))
return False, "Error retrieving the Pulse Stats: %s" % str(err)
success, last_updated = db_get_config("open_threat_exchange_latest_update")
if not success:
api_log.error("[apimethod_get_otx_pulse_stats] %s" % str(last_updated))
return False, "Error retrieving the Pulse Stats: %s" % str(
last_updated)
stats['last_updated'] = last_updated
return True, stats
def apimethod_get_pulse_list(page=0, page_row=10):
"""Returns the list of current_status messages matching the given criteria.
Args:
page(int) : Page number
page_row(int): Number of items per page
Returns:
A tuple (boolean,data) where the first argument indicates whether the operation went well or not,
and the second one contains the data, in case the operation went wll or an error string otherwise
"""
pulse_list = {"total": 0, "pulses": []}
start = page
end = start + page_row - 1
try:
pulse_db = PulseDB()
p_keys = pulse_db.keys()
p_vals = pulse_db.get_range(start, end, 'desc')
del pulse_db
pulses = []
for p in p_vals:
pulses.append({
"id": p.get('id'),
"name": p.get('name'),
"author_name": p.get('author_name'),
"created": p.get('created'),
"description": p.get('description'),
"modified": p.get('modified'),
"tags": p.get('tags')
})
pulse_list["total"] = len(p_keys)
pulse_list["pulses"] = pulses
except Exception as err:
api_log.error("[apimethod_get_pulse_list] %s" % str(err))
return False, "Error retrieving the Pulse List: %s" % str(err)
return True, pulse_list
def apimethod_remove_otx_account():
"""Remove the OTX configuration from the database
Returns:
success (bool): True if successful, False elsewhere
result(string): Error message if there was an error or empty string otherwise.
"""
#Removing the OTX config vars
keys = [
"open_threat_exchange", "open_threat_exchange_key",
"open_threat_exchange_username", "open_threat_exchange_user_id",
"open_threat_exchange_last", "open_threat_exchange_latest_update",
"open_threat_exchange_key_version"
]
for k in keys:
success, info = db_set_config(k, "")
if not success:
api_log.error("[apimethod_remove_otx_account] %s" % str(info))
return False, str(info)
#Removing the pulse database
try:
pulse_db = PulseDB()
pulse_correlation_db = PulseCorrelationDB()
pulse_db.flush_db()
pulse_correlation_db.purge_all()
pulse_correlation_db.sync()
del pulse_db
del pulse_correlation_db
except Exception as err:
api_log.error("[apimethod_remove_otx_account] %s" % str(err))
return False, "Error removing OTX Account: Pulse List Cannot Be removed at this time."
return True, ""
