def test_api(server, apikey): """ Test API connectivity to TheHive :param server: Server IP address or URL :param apikey: API Key to connect to TheHive server :return: Connectivity status """ test_api = TheHiveApi(server, apikey) try: test_api.find_first() except KeyError: print("WARNING: API Key failed\n") return False except TheHiveException: print("WARNING: Cannot reach hostname provided\n") return False return True
def test_api(server, apikey): """Test API connectivity to TheHive :param server: Server IP address or URL :param apikey: API Key to connect to TheHive server :return: Connectivity status :rtype: boolean """ # Basic API call; this happens quite frequently throughout the script, and was easier to model here. api_test = TheHiveApi(server, apikey) try: api_test.find_first() # TODO: Let's see if we can make this more TheHive exception specific except KeyError: print("WARNING: API Key failed\n") return False except TheHiveException: print("WARNING: Cannot reach hostname provided\n") return False return True
def updateACase(caseId, bigGroup, fromField, attachments): api = TheHiveApi(config['thehiveURL'], config['thehiveUser'], config['thehivePassword'], { 'http': '', 'https': '' }) resolved = parseBody("Resolved", bigGroup) resolved = resolved.lower() Tags = parseBody("Tags", bigGroup) Title = parseBody("Title", bigGroup) TLP = parseBody("TLP", bigGroup) Description = parseBody("Description", bigGroup) AlbertID = parseBody("Albert Id", bigGroup) Severity = parseBody("Severity", bigGroup) ReplaceTags = parseBody("ReplaceTags", bigGroup) ReplaceTags = ReplaceTags.lower() resolvedStatus = parseBody( "Resolution Status", bigGroup ) # (Indeterminate,FalsePositive, TruePositive, Other or Duplicated) ImpactStatus = parseBody( "Impact Status", bigGroup) #(NoImpact, WithImpact or NotApplicable) - Summary = parseBody("Summary", bigGroup) query = Eq('caseId', caseId) try: d = api.find_first(query=query) for key, value in d.items(): if key == "_routing": requestCase = value except: print( "unable to find the caseId in the update email, this is required to uniquely identify a case to update. ending.." ) sys.exit(0) try: updated_case = api.case.update(requestCase) print(updated_case.jsonify()) updated_case.title = Title updated_case.description = Description try: TLP = int(TLP) updated_case.tlp = TLP except: print("Issue with updating TLP, skipping") try: Severity = int(Severity) updated_case.severity = Severity except: print("Issue with updating severity, skipping") print("TAGS HERE") print(Tags) if len(Tags) > 1: newTags = Tags.split(",") if "no" in ReplaceTags: #if replaceTags is no, don't replace tags, instead, append the unique ones for x in newTags: if x not in updated_case.tags: if x + "\r" in updated_case.tags: pass else: updated_case.tags.append(x) #append the tag else: #if replacetags is yes or anything else, replace all tags with specified print("replacing tags") updated_case.tags = newTags # (Indeterminate,FalsePositive, TruePositive, Other or Duplicated) correctResolutions = [ "Indeterminate", "FalsePositive", "TruePositive", "Other", "Duplicated" ] if resolvedStatus not in correctResolutions: print("invalid resolution status") pass if resolvedStatus in correctResolutions: updated_case.resolutionStatus = resolvedStatus correctImpactStatus = ["NoImpact", "WithImpact", "NotApplicable"] if ImpactStatus not in correctImpactStatus: print("invalid impact status") pass if ImpactStatus in correctImpactStatus: updated_case.impactStatus = ImpactStatus updated_case.summary = Summary #overwrite albert id if len(AlbertID) > 1: customFields = CustomFieldHelper() \ .add_string('from', fromField) \ .add_string('attachment', str(attachments)) \ .add_string('albertId', AlbertID) \ .build() updated_case.customFields = customFields if "yes" in resolved: print("resolved") resolveUpdate = api.case.update(requestCase, status='Resolved') if "no" in resolved: print("OPEN") resolveUpdate = api.case.update(requestCase, status='Open') api.update_case(updated_case) except FileExistsError as e: print("Error updating case. {}".format(e))