def test_api(server, apikey):
""" Test API connectivity to TheHive
:param server: Server IP address or URL
:param apikey: API Key to connect to TheHive server
:return: Connectivity status
"""
test_api = TheHiveApi(server, apikey)
try:
test_api.find_first()
except KeyError:
print("WARNING: API Key failed\n")
return False
except TheHiveException:
print("WARNING: Cannot reach hostname provided\n")
return False
return True
def test_api(server, apikey):
"""Test API connectivity to TheHive
:param server: Server IP address or URL
:param apikey: API Key to connect to TheHive server
:return: Connectivity status
:rtype: boolean
"""
# Basic API call; this happens quite frequently throughout the script, and was easier to model here.
api_test = TheHiveApi(server, apikey)
try:
api_test.find_first()
# TODO: Let's see if we can make this more TheHive exception specific
except KeyError:
print("WARNING: API Key failed\n")
return False
except TheHiveException:
print("WARNING: Cannot reach hostname provided\n")
return False
return True
def updateACase(caseId, bigGroup, fromField, attachments):
api = TheHiveApi(config['thehiveURL'], config['thehiveUser'],
config['thehivePassword'], {
'http': '',
'https': ''
})
resolved = parseBody("Resolved", bigGroup)
resolved = resolved.lower()
Tags = parseBody("Tags", bigGroup)
Title = parseBody("Title", bigGroup)
TLP = parseBody("TLP", bigGroup)
Description = parseBody("Description", bigGroup)
AlbertID = parseBody("Albert Id", bigGroup)
Severity = parseBody("Severity", bigGroup)
ReplaceTags = parseBody("ReplaceTags", bigGroup)
ReplaceTags = ReplaceTags.lower()
resolvedStatus = parseBody(
"Resolution Status", bigGroup
) # (Indeterminate,FalsePositive, TruePositive, Other or Duplicated)
ImpactStatus = parseBody(
"Impact Status", bigGroup) #(NoImpact, WithImpact or NotApplicable) -
Summary = parseBody("Summary", bigGroup)
query = Eq('caseId', caseId)
try:
d = api.find_first(query=query)
for key, value in d.items():
if key == "_routing":
requestCase = value
except:
print(
"unable to find the caseId in the update email, this is required to uniquely identify a case to update. ending.."
)
sys.exit(0)
try:
updated_case = api.case.update(requestCase)
print(updated_case.jsonify())
updated_case.title = Title
updated_case.description = Description
try:
TLP = int(TLP)
updated_case.tlp = TLP
except:
print("Issue with updating TLP, skipping")
try:
Severity = int(Severity)
updated_case.severity = Severity
except:
print("Issue with updating severity, skipping")
print("TAGS HERE")
print(Tags)
if len(Tags) > 1:
newTags = Tags.split(",")
if "no" in ReplaceTags: #if replaceTags is no, don't replace tags, instead, append the unique ones
for x in newTags:
if x not in updated_case.tags:
if x + "\r" in updated_case.tags:
pass
else:
updated_case.tags.append(x) #append the tag
else: #if replacetags is yes or anything else, replace all tags with specified
print("replacing tags")
updated_case.tags = newTags
# (Indeterminate,FalsePositive, TruePositive, Other or Duplicated)
correctResolutions = [
"Indeterminate", "FalsePositive", "TruePositive", "Other",
"Duplicated"
]
if resolvedStatus not in correctResolutions:
print("invalid resolution status")
pass
if resolvedStatus in correctResolutions:
updated_case.resolutionStatus = resolvedStatus
correctImpactStatus = ["NoImpact", "WithImpact", "NotApplicable"]
if ImpactStatus not in correctImpactStatus:
print("invalid impact status")
pass
if ImpactStatus in correctImpactStatus:
updated_case.impactStatus = ImpactStatus
updated_case.summary = Summary
#overwrite albert id
if len(AlbertID) > 1:
customFields = CustomFieldHelper() \
.add_string('from', fromField) \
.add_string('attachment', str(attachments)) \
.add_string('albertId', AlbertID) \
.build()
updated_case.customFields = customFields
if "yes" in resolved:
print("resolved")
resolveUpdate = api.case.update(requestCase, status='Resolved')
if "no" in resolved:
print("OPEN")
resolveUpdate = api.case.update(requestCase, status='Open')
api.update_case(updated_case)
except FileExistsError as e:
print("Error updating case. {}".format(e))
