def delete_asset(self, asset_id, asset_obj): """ add a asset to a victim """ prop = self._resource_properties['asset_delete'] ro = RequestObject() ro.set_description('delete asset type {0} with to {1}'.format(asset_obj.resource_type, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner(self.owner_name) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id, asset_obj.uri_attribute, asset_id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def victim_associations(self): """ retrieve associations for this group. associations are not stored within the object """ prop = self._resource_properties['association_victims'] ro = RequestObject() ro.set_description('retrieve victim associations for {0}'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_owner(self.owner_name) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) for item in self._tc.result_pagination(ro, 'victim'): yield parse_victim(item, api_filter=ro.description, request_uri=ro.request_uri)
def delete(self): """ delete indicator """ prop = self._resource_properties['delete'] ro = RequestObject() ro.set_description('delete group "{0}".'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) if self.owner_name is not None: ro.set_owner(self.owner_name) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self.resource_type) self._tc.api_request(ro) self.set_phase(3)
def delete_asset(self, asset_id, asset_obj): """ add a asset to a victim """ prop = self._resource_properties['asset_delete'] ro = RequestObject() ro.set_description('delete asset type {0} with to {1}'.format( asset_obj.resource_type, self._name)) ro.set_http_method(prop['http_method']) ro.set_owner(self.owner_name) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id, asset_obj.uri_attribute, asset_id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) self._resource_container.add_commit_queue(self.id, ro)
def indicator_associations(self): """ retrieve associations for this group. associations are not stored within the object """ prop = self._resource_properties['association_indicators'] ro = RequestObject() ro.set_description('retrieve indicator associations for {0}'.format(self._name)) ro.set_owner(self.owner_name) ro.set_http_method(prop['http_method']) ro.set_owner(self.owner_name) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) for item in self._tc.result_pagination(ro, 'indicator'): yield threatconnect.IndicatorObject.parse_indicator( item, api_filter=ro.description, request_uri=ro.request_uri, indicators_regex=self._tc._indicators_regex)
def tc_indicators(owners, limit): tc = get_client() tc.set_api_result_limit(limit) ro = RequestObject() ro.set_http_method('GET') ro.set_request_uri('/v2/indicators?resultLimit={}'.format(limit)) if owners is not None: ro.set_owner(owners) ro.set_owner_allowed(True) response = tc.api_request(ro).json() indicators = response['data']['indicator'] ec, indicators = create_context(indicators, include_dbot_score=True) return ec, indicators, response
def load_tags(self): """ retrieve tags for this group """ prop = self._resource_properties['tags_load'] ro = RequestObject() ro.set_description('load tags for {0}'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner(self.owner_name) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) ro.set_resource_type(self._resource_type) api_response = self._tc.api_request(ro) if api_response.headers['content-type'] == 'application/json': api_response_dict = api_response.json() if api_response_dict['status'] == 'Success': data = api_response_dict['data']['tag'] for item in data: self._resource_obj.add_tag(parse_tag(item)) # add to main resource object
def main(): """ """ # set threat connect log (tcl) level tc.set_tcl_file('log/tc.log', 'debug') tc.set_tcl_console_level('critical') if enable_example1: """ get community/source status using basic retrieve """ # build INDICATORS request object # ro = RequestObject() ro.set_http_method('GET') ro.set_owner(owners) ro.set_owner_allowed(True) ro.set_resource_pagination(True) ro.set_request_uri('/v2/indicators/bulk') # # retrieve and display the results # try: results = tc.api_request(ro) except RuntimeError as e: print(e) sys.exit(1) if results.headers['content-type'] == 'application/json': data = results.json() print(json.dumps(data, indent=4)) if enable_example2: """ get bulk indicators """ # optionally set max results tc.set_api_result_limit(500) # indicator object indicators = tc.bulk_indicators() # filter results try: filter1 = indicators.add_filter() filter1.add_owner(owners) # filter1.add_pf_confidence(90, FilterOperator.GE) # filter1.add_pf_date_added('2014-04-10T00:00:00Z', FilterOperator.GE) # filter1.add_pf_rating('4.0', FilterOperator.GE) # filter1.add_pf_type('Host') # filter1.add_pf_type('Address') # filter1.add_pf_last_modified('2015-01-21T00:31:44Z', FilterOperator.GE) # filter1.add_pf_threat_assess_confidence('50', FilterOperator.GE) # filter1.add_pf_threat_assess_rating('4.0', FilterOperator.GE) # filter1.add_pf_tag('EXAMPLE', FilterOperator.EQ) # filter1.add_pf_attribute('Description', FilterOperator.EQ) except AttributeError as e: print('Error: {0!s}'.format(e)) sys.exit(1) # retrieve indicators try: indicators.retrieve() except RuntimeError as e: print('Error: {0!s}'.format(e)) sys.exit(1) # show indicator data show_data(indicators) if enable_example3: """ get bulk indicators """ # optionally set max results tc.set_api_result_limit(500) # indicator object indicators = tc.bulk_indicators() # filter results try: filter1 = indicators.add_filter() filter1.add_owner(owners) # filter1.add_pf_confidence(50, FilterOperator.GE) # filter1.add_pf_rating('2.5', FilterOperator.GE) filter1.add_pf_tag('CnC', FilterOperator.EQ) except AttributeError as e: print('Error: {0!s}'.format(e)) sys.exit(1) # retrieve indicators try: indicators.retrieve() except RuntimeError as e: print('Error: {0!s}'.format(e)) sys.exit(1) # show indicator data show_data(indicators) if enable_example4: """ get bulk indicator in csv format """ # build INDICATORS request object # ro = RequestObject() ro.set_http_method('GET') ro.set_owner(owners) ro.set_owner_allowed(True) ro.set_resource_pagination(True) ro.set_request_uri('/v2/indicators/bulk/csv') # # retrieve and display the results # results = tc.api_request(ro) if results.headers['content-type'] == 'text/csv': data = results.content print(data)
from threatconnect.RequestObject import RequestObject """ Toggle the Boolean to enable specific examples """ enable_example1 = False enable_example2 = False if enable_example1: # # build DOCUMENT request object # ro = RequestObject() ro.set_http_method('POST') body = {'name': 'Raw Upload Example', 'fileName': 'raw_example.txt'} ro.set_body(json.dumps(body)) ro.set_content_type('application/json') ro.set_owner('Example Community') ro.set_owner_allowed(True) ro.set_resource_pagination(False) ro.set_request_uri('/v2/groups/documents') # display request object parameters print(ro) # # retrieve and display the results # results = tc.api_request(ro) if results.headers['content-type'] == 'application/json': data = results.json() print(json.dumps(data, indent=4))
tc.report_enable() """ Toggle the Boolean to enable specific examples """ enable_example1 = False enable_example2 = False if enable_example1: # # build DOCUMENT request object # ro = RequestObject() ro.set_http_method('POST') body = {'name': 'Raw Upload Example', 'fileName': 'raw_example.txt'} ro.set_body(json.dumps(body)) ro.set_content_type('application/json') ro.set_owner('Example Community') ro.set_owner_allowed(True) ro.set_resource_pagination(False) ro.set_request_uri('/v2/groups/documents') # display request object parameters print(ro) # # retrieve and display the results # results = tc.api_request(ro) if results.headers['content-type'] == 'application/json': data = results.json() print(json.dumps(data, indent=4))
def commit(self): # phase 0 (no action) -> don't validate and don't POST group, only POST items in commit queue. # phase 1 (add) -> validate before POST group, only POST items in commit queue if group POST succeeded. # phase 2 (update) -> don't validate before PUT group, POST/PUT items in commit queue. """ commit group and related associations, attributes, security labels and tags """ r_id = self.id ro = RequestObject() ro.set_body(self.gen_body) if self.owner_name is not None: ro.set_owner(self.owner_name) ro.set_resource_type(self.resource_type) if self.phase == 1: prop = self._resource_properties['add'] ro.set_description('adding group "{0}".'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) if self.validate: api_response = self._tc.api_request(ro) if api_response.headers['content-type'] == 'application/json': api_response_dict = api_response.json() if api_response_dict['status'] == 'Success': resource_key = ApiProperties.api_properties[self.resource_type.name]['resource_key'] r_id = api_response_dict['data'][resource_key]['id'] else: self._tc.tcl.debug('Resource Object'.format(self)) raise AttributeError(ErrorCodes.e10040.value) elif self.phase == 2: prop = self._resource_properties['update'] ro.set_description('update group "{0}".'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) api_response = self._tc.api_request(ro) if api_response.headers['content-type'] == 'application/json': api_response_dict = api_response.json() if api_response_dict['status'] != 'Success': self._tc.tcl.error('API Request Failure: [{0}]'.format(ro.description)) # validate all required fields are present if r_id is not None: # # commit all associations, attributes, tags, etc # for ro in self._resource_container.commit_queue(self.id): if self.owner_name is not None: ro.set_owner(self.owner_name) # replace the id if self.phase == 1 and self.id != r_id: request_uri = str(ro.request_uri.replace(str(self.id), str(r_id))) ro.set_request_uri(request_uri) self._tc.tcl.debug('Replacing {0} with {1}'.format(self.id, str(r_id))) api_response2 = self._tc.api_request(ro) if 'content-type' in api_response2.headers: if api_response2.headers['content-type'] == 'application/json': api_response_dict2 = api_response2.json() if api_response_dict2['status'] != 'Success': self._tc.tcl.error('API Request Failure: [{0}]'.format(ro.description)) else: if ro.success_callback is not None: ro.success_callback(ro, api_response2) elif api_response2.headers['content-type'] == 'application/octet-stream': if api_response2.status_code in [200, 201, 202]: self.set_contents(ro.body) if ro.success_callback is not None: ro.success_callback(ro, api_response2) else: # upload PUT response if api_response2.status_code in [200, 201, 202]: self.set_contents(ro.body) if ro.success_callback is not None: ro.success_callback(ro, api_response2) # clear the commit queue self._resource_container.clear_commit_queue_id(self.id) self.set_id(r_id) # clear phase self.set_phase(0) if self._reload_attributes: self.load_attributes(automatically_reload=True) # return object return self
def commit(self): """ commit victim and related assets, associations """ r_id = self.id ro = RequestObject() ro.set_body(self.gen_body) if self.owner_name is not None: ro.set_owner(self.owner_name) ro.set_resource_type(self.resource_type) if self.phase == 1: prop = self._resource_properties['add'] ro.set_description('adding group "{0}".'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) # validate all required fields are present if self.validate: api_response = self._tc.api_request(ro) if api_response.headers['content-type'] == 'application/json': api_response_dict = api_response.json() if api_response_dict['status'] == 'Success': resource_key = ApiProperties.api_properties[self.resource_type.name]['resource_key'] r_id = api_response_dict['data'][resource_key]['id'] else: self._tc.tcl.debug('Resource Object'.format(self)) raise AttributeError(ErrorCodes.e10040.value) elif self.phase == 2: prop = self._resource_properties['update'] ro.set_description('update indicator "{0}".'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) api_response = self._tc.api_request(ro) if api_response.headers['content-type'] == 'application/json': api_response_dict = api_response.json() if api_response_dict['status'] != 'Success': self._tc.tcl.error('API Request Failure: [{0}]'.format(ro.description)) # submit all attributes, tags or associations for ro in self._resource_container.commit_queue(self.id): # if self.owner_name is not None: # ro.set_owner(self.owner_name) # replace the id if self.phase == 1 and self.id != r_id: request_uri = str(ro.request_uri.replace(str(self.id), str(r_id))) ro.set_request_uri(request_uri) self._tc.tcl.debug('Replacing {0} with {1}'.format(self.id, str(r_id))) self._tc.tcl.debug('RO {0}'.format(ro)) api_response2 = self._tc.api_request(ro) if api_response2.headers['content-type'] == 'application/json': api_response_dict2 = api_response2.json() if api_response_dict2['status'] != 'Success': self._tc.tcl.error('API Request Failure: [{0}]'.format(ro.description)) self.set_id(r_id) self._resource_container.clear_commit_queue_id(self.id) self.set_phase(0) # return object return self
def commit(self): """ commit victim and related assets, associations """ r_id = self.id ro = RequestObject() ro.set_body(self.gen_body) if self.owner_name is not None: ro.set_owner(self.owner_name) ro.set_resource_type(self.resource_type) if self.phase == 1: prop = self._resource_properties['add'] ro.set_description('adding group "{0}".'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) # validate all required fields are present if self.validate: api_response = self._tc.api_request(ro) if api_response.headers['content-type'] == 'application/json': api_response_dict = api_response.json() if api_response_dict['status'] == 'Success': resource_key = ApiProperties.api_properties[ self.resource_type.name]['resource_key'] r_id = api_response_dict['data'][resource_key]['id'] else: self._tc.tcl.debug('Resource Object'.format(self)) raise AttributeError(ErrorCodes.e10040.value) elif self.phase == 2: prop = self._resource_properties['update'] ro.set_description('update indicator "{0}".'.format(self._name)) ro.set_http_method(prop['http_method']) ro.set_owner_allowed(prop['owner_allowed']) ro.set_request_uri(prop['uri'].format(self._id)) ro.set_resource_pagination(prop['pagination']) api_response = self._tc.api_request(ro) if api_response.headers['content-type'] == 'application/json': api_response_dict = api_response.json() if api_response_dict['status'] != 'Success': self._tc.tcl.error('API Request Failure: [{0}]'.format( ro.description)) # submit all attributes, tags or associations for ro in self._resource_container.commit_queue(self.id): # if self.owner_name is not None: # ro.set_owner(self.owner_name) # replace the id if self.phase == 1 and self.id != r_id: request_uri = str( ro.request_uri.replace(str(self.id), str(r_id))) ro.set_request_uri(request_uri) self._tc.tcl.debug('Replacing {0} with {1}'.format( self.id, str(r_id))) self._tc.tcl.debug('RO {0}'.format(ro)) api_response2 = self._tc.api_request(ro) if api_response2.headers['content-type'] == 'application/json': api_response_dict2 = api_response2.json() if api_response_dict2['status'] != 'Success': self._tc.tcl.error('API Request Failure: [{0}]'.format( ro.description)) self.set_id(r_id) self._resource_container.clear_commit_queue_id(self.id) self.set_phase(0) # return object return self