def __init__(self, url = None, username = None, password = None, apiKey = None, proxies={}, cert=True, organisation=None, version=None, sid = "", logger = None): self.logger = logger if version=="TheHive4": self.logger.debug("[TH25] TheHive version is 4.x") if sys.version_info[0] < 3: version = Version.THEHIVE_4 else: version = Version.THEHIVE_4.value elif version=="TheHive3": self.logger.debug("[TH26] TheHive version is 3.x") if sys.version_info[0] < 3: version = Version.THEHIVE_3 else: version = Version.THEHIVE_3.value else: self.logger.warning("[TH27] No valid version of TheHive was found for the given type: \""+str(version)+"\". Default will be used (TheHive 3)") if sys.version_info[0] < 3: version = Version.THEHIVE_3 else: version = Version.THEHIVE_3.value try : if sys.version_info[0] < 3: if apiKey is not None: TheHiveApi.__init__(self,url=str(url),principal=str(apiKey),password=None,proxies=proxies,cert=cert,organisation=organisation,version=version) elif password is not None: TheHiveApi.__init__(self,url=str(url),principal=username,password=password,proxies=proxies,cert=cert,organisation=organisation,version=version) else: self.logger.error("[TH30-ERROR] THE_HIVE_AUTHENTICATION - Password AND API Key are null values") exit(30) else: if apiKey is not None: super().__init__(url=str(url),principal=str(apiKey),password=None,proxies=proxies,cert=cert,organisation=organisation,version=version) elif password is not None: super().__init__(url=str(url),principal=username,password=password,proxies=proxies,cert=cert,organisation=organisation,version=version) else: self.logger.error("[TH31-ERROR] THE_HIVE_AUTHENTICATION - Password AND API Key are null values") exit(31) self.logger.debug("[TH35] TheHive instance is initialized") # Try to connect to the API by recovering some cases self.find_cases(query={}, range='all') if apiKey is not None: self.logger.debug("[TH40] TheHive API connection to (URL=\""+url+"\",API key=\""+apiKey+"\") is successful") elif password is not None: self.logger.debug("[TH41] TheHive API connection to (URL=\""+url+"\",Username=\""+username+"\",Password=\""+password+"\") is successful") except thehive4py.exceptions.TheHiveException as e: if "CERTIFICATE_VERIFY_FAILED" in str(e): self.logger.warning("[TH45] THE_HIVE_CERTIFICATE_FAILED - It seems that the certificate verification failed. Please check that the certificate authority is added to \""+str(certifi.where())+"\". Complete error: "+str(e)) sys.exit(45) else: self.logger.error("[TH46-GENERIC-ERROR] THE_HIVE_CONNECTION_ERROR - Error: "+str(e)) sys.exit(46) self.__sid = sid
def __init__(self, url=None, username=None, password=None, apiKey=None, proxies={}, cert=None, verify=True, organisation=None, version=None, sid="", logger=None): self.logger = logger if version == "TheHive4": self.logger.debug("[TH25] TheHive version is 4.x") if sys.version_info[0] < 3: version = Version.THEHIVE_4 else: version = Version.THEHIVE_4.value elif version == "TheHive3": self.logger.debug("[TH26] TheHive version is 3.x") if sys.version_info[0] < 3: version = Version.THEHIVE_3 else: version = Version.THEHIVE_3.value else: self.logger.warning( "[TH27] No valid version of TheHive was found for the given type: \"" + str(version) + "\". Default will be used (TheHive 3)") if sys.version_info[0] < 3: version = Version.THEHIVE_3 else: version = Version.THEHIVE_3.value try: if sys.version_info[0] < 3: if apiKey is not None: TheHiveApi.__init__(self, url=str(url), principal=str(apiKey), password=None, proxies=proxies, verify=verify, cert=cert, organisation=organisation, version=version) elif password is not None: TheHiveApi.__init__(self, url=str(url), principal=username, password=password, proxies=proxies, verify=verify, cert=cert, organisation=organisation, version=version) else: self.logger.error( "[TH30-ERROR] THE_HIVE_AUTHENTICATION - Password AND API Key are null values" ) exit(30) else: if apiKey is not None: super().__init__(url=str(url), principal=str(apiKey), password=None, proxies=proxies, verify=verify, cert=cert, organisation=organisation, version=version) elif password is not None: super().__init__(url=str(url), principal=username, password=password, proxies=proxies, verify=verify, cert=cert, organisation=organisation, version=version) else: self.logger.error( "[TH31-ERROR] THE_HIVE_AUTHENTICATION - Password AND API Key are null values" ) exit(31) self.logger.debug("[TH35] TheHive instance is initialized") # Try to connect to the API by recovering some cases self.find_cases(query={}, range='all') if apiKey is not None: self.logger.debug("[TH40] TheHive API connection to (URL=\"" + url + "\",API key=\"" + apiKey + "\") is successful") elif password is not None: self.logger.debug("[TH41] TheHive API connection to (URL=\"" + url + "\",Username=\"" + username + "\",Password=\"" + password + "\") is successful") except thehive4py.exceptions.TheHiveException as e: if "CERTIFICATE_VERIFY_FAILED" in str(e): self.logger.warning( "[TH45] THE_HIVE_CERTIFICATE_FAILED - It seems that the certificate verification failed. Please check that the certificate authority is added to \"" + str(certifi.where()) + "\". Complete error: " + str(e)) sys.exit(45) elif "HANDSHAKE_FAILURE" in str(e): self.logger.warning( "[TH46] THE_HIVE_HANDHSHAKE_FAILURE - It seems that the SSL handshake failed. A possible solution is to check if the remote server/proxy is not expecting a client certificate. Complete error: " + str(e)) sys.exit(46) elif "Proxy Authentication Required" in str(e): self.logger.warning( "[TH47] THE_HIVE_PROXY_AUTHENTICATION_ERROR - It seems that the connection to the proxy has failed as it's required an authentication (none was provided or the username/password is not working). Proxy information are: " + str(proxies) + ". Complete error: " + str(e)) sys.exit(47) elif "ProxyError" in str(e): self.logger.warning( "[TH48] THE_HIVE_PROXY_ERROR - It seems that the connection to the proxy has failed. Proxy information are: " + str(proxies) + ". Complete error: " + str(e)) sys.exit(48) else: self.logger.error( "[TH60-GENERIC-ERROR] THE_HIVE_CONNECTION_ERROR - Error: " + str(e)) sys.exit(60) self.__sid = sid