def delete_asset(self, asset_id, asset_obj):
""" add a asset to a victim """
prop = self._resource_properties['asset_delete']
ro = RequestObject()
ro.set_description('delete asset type {0} with to {1}'.format(asset_obj.resource_type, self._name))
ro.set_http_method(prop['http_method'])
ro.set_owner(self.owner_name)
ro.set_owner_allowed(prop['owner_allowed'])
ro.set_request_uri(prop['uri'].format(self._id, asset_obj.uri_attribute, asset_id))
ro.set_resource_pagination(prop['pagination'])
ro.set_resource_type(self._resource_type)
self._resource_container.add_commit_queue(self.id, ro)
def victim_associations(self):
""" retrieve associations for this group. associations are not stored within the object """
prop = self._resource_properties['association_victims']
ro = RequestObject()
ro.set_description('retrieve victim associations for {0}'.format(self._name))
ro.set_http_method(prop['http_method'])
ro.set_owner_allowed(prop['owner_allowed'])
ro.set_owner(self.owner_name)
ro.set_request_uri(prop['uri'].format(self._id))
ro.set_resource_pagination(prop['pagination'])
ro.set_resource_type(self._resource_type)
for item in self._tc.result_pagination(ro, 'victim'):
yield parse_victim(item, api_filter=ro.description, request_uri=ro.request_uri)
def delete(self):
""" delete indicator """
prop = self._resource_properties['delete']
ro = RequestObject()
ro.set_description('delete group "{0}".'.format(self._name))
ro.set_http_method(prop['http_method'])
ro.set_owner_allowed(prop['owner_allowed'])
if self.owner_name is not None:
ro.set_owner(self.owner_name)
ro.set_request_uri(prop['uri'].format(self._id))
ro.set_resource_pagination(prop['pagination'])
ro.set_resource_type(self.resource_type)
self._tc.api_request(ro)
self.set_phase(3)
def delete_asset(self, asset_id, asset_obj):
""" add a asset to a victim """
prop = self._resource_properties['asset_delete']
ro = RequestObject()
ro.set_description('delete asset type {0} with to {1}'.format(
asset_obj.resource_type, self._name))
ro.set_http_method(prop['http_method'])
ro.set_owner(self.owner_name)
ro.set_owner_allowed(prop['owner_allowed'])
ro.set_request_uri(prop['uri'].format(self._id,
asset_obj.uri_attribute,
asset_id))
ro.set_resource_pagination(prop['pagination'])
ro.set_resource_type(self._resource_type)
self._resource_container.add_commit_queue(self.id, ro)
def indicator_associations(self):
""" retrieve associations for this group. associations are not stored within the object """
prop = self._resource_properties['association_indicators']
ro = RequestObject()
ro.set_description('retrieve indicator associations for {0}'.format(self._name))
ro.set_owner(self.owner_name)
ro.set_http_method(prop['http_method'])
ro.set_owner(self.owner_name)
ro.set_owner_allowed(prop['owner_allowed'])
ro.set_request_uri(prop['uri'].format(self._id))
ro.set_resource_pagination(prop['pagination'])
ro.set_resource_type(self._resource_type)
for item in self._tc.result_pagination(ro, 'indicator'):
yield threatconnect.IndicatorObject.parse_indicator(
item, api_filter=ro.description, request_uri=ro.request_uri, indicators_regex=self._tc._indicators_regex)
def tc_indicators(owners, limit):
tc = get_client()
tc.set_api_result_limit(limit)
ro = RequestObject()
ro.set_http_method('GET')
ro.set_request_uri('/v2/indicators?resultLimit={}'.format(limit))
if owners is not None:
ro.set_owner(owners)
ro.set_owner_allowed(True)
response = tc.api_request(ro).json()
indicators = response['data']['indicator']
ec, indicators = create_context(indicators, include_dbot_score=True)
return ec, indicators, response
def load_tags(self):
""" retrieve tags for this group """
prop = self._resource_properties['tags_load']
ro = RequestObject()
ro.set_description('load tags for {0}'.format(self._name))
ro.set_http_method(prop['http_method'])
ro.set_owner(self.owner_name)
ro.set_owner_allowed(prop['owner_allowed'])
ro.set_request_uri(prop['uri'].format(self._id))
ro.set_resource_pagination(prop['pagination'])
ro.set_resource_type(self._resource_type)
api_response = self._tc.api_request(ro)
if api_response.headers['content-type'] == 'application/json':
api_response_dict = api_response.json()
if api_response_dict['status'] == 'Success':
data = api_response_dict['data']['tag']
for item in data:
self._resource_obj.add_tag(parse_tag(item)) # add to main resource object
def main():
""" """
# set threat connect log (tcl) level
tc.set_tcl_file('log/tc.log', 'debug')
tc.set_tcl_console_level('critical')
if enable_example1:
""" get community/source status using basic retrieve """
# build INDICATORS request object
#
ro = RequestObject()
ro.set_http_method('GET')
ro.set_owner(owners)
ro.set_owner_allowed(True)
ro.set_resource_pagination(True)
ro.set_request_uri('/v2/indicators/bulk')
#
# retrieve and display the results
#
try:
results = tc.api_request(ro)
except RuntimeError as e:
print(e)
sys.exit(1)
if results.headers['content-type'] == 'application/json':
data = results.json()
print(json.dumps(data, indent=4))
if enable_example2:
""" get bulk indicators """
# optionally set max results
tc.set_api_result_limit(500)
# indicator object
indicators = tc.bulk_indicators()
# filter results
try:
filter1 = indicators.add_filter()
filter1.add_owner(owners)
# filter1.add_pf_confidence(90, FilterOperator.GE)
# filter1.add_pf_date_added('2014-04-10T00:00:00Z', FilterOperator.GE)
# filter1.add_pf_rating('4.0', FilterOperator.GE)
# filter1.add_pf_type('Host')
# filter1.add_pf_type('Address')
# filter1.add_pf_last_modified('2015-01-21T00:31:44Z', FilterOperator.GE)
# filter1.add_pf_threat_assess_confidence('50', FilterOperator.GE)
# filter1.add_pf_threat_assess_rating('4.0', FilterOperator.GE)
# filter1.add_pf_tag('EXAMPLE', FilterOperator.EQ)
# filter1.add_pf_attribute('Description', FilterOperator.EQ)
except AttributeError as e:
print('Error: {0!s}'.format(e))
sys.exit(1)
# retrieve indicators
try:
indicators.retrieve()
except RuntimeError as e:
print('Error: {0!s}'.format(e))
sys.exit(1)
# show indicator data
show_data(indicators)
if enable_example3:
""" get bulk indicators """
# optionally set max results
tc.set_api_result_limit(500)
# indicator object
indicators = tc.bulk_indicators()
# filter results
try:
filter1 = indicators.add_filter()
filter1.add_owner(owners)
# filter1.add_pf_confidence(50, FilterOperator.GE)
# filter1.add_pf_rating('2.5', FilterOperator.GE)
filter1.add_pf_tag('CnC', FilterOperator.EQ)
except AttributeError as e:
print('Error: {0!s}'.format(e))
sys.exit(1)
# retrieve indicators
try:
indicators.retrieve()
except RuntimeError as e:
print('Error: {0!s}'.format(e))
sys.exit(1)
# show indicator data
show_data(indicators)
if enable_example4:
""" get bulk indicator in csv format """
# build INDICATORS request object
#
ro = RequestObject()
ro.set_http_method('GET')
ro.set_owner(owners)
ro.set_owner_allowed(True)
ro.set_resource_pagination(True)
ro.set_request_uri('/v2/indicators/bulk/csv')
#
# retrieve and display the results
#
results = tc.api_request(ro)
if results.headers['content-type'] == 'text/csv':
data = results.content
print(data)
from threatconnect.RequestObject import RequestObject
""" Toggle the Boolean to enable specific examples """
enable_example1 = False
enable_example2 = False
if enable_example1:
#
# build DOCUMENT request object
#
ro = RequestObject()
ro.set_http_method('POST')
body = {'name': 'Raw Upload Example', 'fileName': 'raw_example.txt'}
ro.set_body(json.dumps(body))
ro.set_content_type('application/json')
ro.set_owner('Example Community')
ro.set_owner_allowed(True)
ro.set_resource_pagination(False)
ro.set_request_uri('/v2/groups/documents')
# display request object parameters
print(ro)
#
# retrieve and display the results
#
results = tc.api_request(ro)
if results.headers['content-type'] == 'application/json':
data = results.json()
print(json.dumps(data, indent=4))
tc.report_enable()
""" Toggle the Boolean to enable specific examples """
enable_example1 = False
enable_example2 = False
if enable_example1:
#
# build DOCUMENT request object
#
ro = RequestObject()
ro.set_http_method('POST')
body = {'name': 'Raw Upload Example', 'fileName': 'raw_example.txt'}
ro.set_body(json.dumps(body))
ro.set_content_type('application/json')
ro.set_owner('Example Community')
ro.set_owner_allowed(True)
ro.set_resource_pagination(False)
ro.set_request_uri('/v2/groups/documents')
# display request object parameters
print(ro)
#
# retrieve and display the results
#
results = tc.api_request(ro)
if results.headers['content-type'] == 'application/json':
data = results.json()
print(json.dumps(data, indent=4))
def commit(self):
# phase 0 (no action) -> don't validate and don't POST group, only POST items in commit queue.
# phase 1 (add) -> validate before POST group, only POST items in commit queue if group POST succeeded.
# phase 2 (update) -> don't validate before PUT group, POST/PUT items in commit queue.
""" commit group and related associations, attributes, security labels and tags """
r_id = self.id
ro = RequestObject()
ro.set_body(self.gen_body)
if self.owner_name is not None:
ro.set_owner(self.owner_name)
ro.set_resource_type(self.resource_type)
if self.phase == 1:
prop = self._resource_properties['add']
ro.set_description('adding group "{0}".'.format(self._name))
ro.set_http_method(prop['http_method'])
ro.set_owner_allowed(prop['owner_allowed'])
ro.set_request_uri(prop['uri'].format(self._id))
ro.set_resource_pagination(prop['pagination'])
if self.validate:
api_response = self._tc.api_request(ro)
if api_response.headers['content-type'] == 'application/json':
api_response_dict = api_response.json()
if api_response_dict['status'] == 'Success':
resource_key = ApiProperties.api_properties[self.resource_type.name]['resource_key']
r_id = api_response_dict['data'][resource_key]['id']
else:
self._tc.tcl.debug('Resource Object'.format(self))
raise AttributeError(ErrorCodes.e10040.value)
elif self.phase == 2:
prop = self._resource_properties['update']
ro.set_description('update group "{0}".'.format(self._name))
ro.set_http_method(prop['http_method'])
ro.set_owner_allowed(prop['owner_allowed'])
ro.set_request_uri(prop['uri'].format(self._id))
ro.set_resource_pagination(prop['pagination'])
api_response = self._tc.api_request(ro)
if api_response.headers['content-type'] == 'application/json':
api_response_dict = api_response.json()
if api_response_dict['status'] != 'Success':
self._tc.tcl.error('API Request Failure: [{0}]'.format(ro.description))
# validate all required fields are present
if r_id is not None:
#
# commit all associations, attributes, tags, etc
#
for ro in self._resource_container.commit_queue(self.id):
if self.owner_name is not None:
ro.set_owner(self.owner_name)
# replace the id
if self.phase == 1 and self.id != r_id:
request_uri = str(ro.request_uri.replace(str(self.id), str(r_id)))
ro.set_request_uri(request_uri)
self._tc.tcl.debug('Replacing {0} with {1}'.format(self.id, str(r_id)))
api_response2 = self._tc.api_request(ro)
if 'content-type' in api_response2.headers:
if api_response2.headers['content-type'] == 'application/json':
api_response_dict2 = api_response2.json()
if api_response_dict2['status'] != 'Success':
self._tc.tcl.error('API Request Failure: [{0}]'.format(ro.description))
else:
if ro.success_callback is not None:
ro.success_callback(ro, api_response2)
elif api_response2.headers['content-type'] == 'application/octet-stream':
if api_response2.status_code in [200, 201, 202]:
self.set_contents(ro.body)
if ro.success_callback is not None:
ro.success_callback(ro, api_response2)
else:
# upload PUT response
if api_response2.status_code in [200, 201, 202]:
self.set_contents(ro.body)
if ro.success_callback is not None:
ro.success_callback(ro, api_response2)
# clear the commit queue
self._resource_container.clear_commit_queue_id(self.id)
self.set_id(r_id)
# clear phase
self.set_phase(0)
if self._reload_attributes:
self.load_attributes(automatically_reload=True)
# return object
return self
def commit(self):
""" commit victim and related assets, associations """
r_id = self.id
ro = RequestObject()
ro.set_body(self.gen_body)
if self.owner_name is not None:
ro.set_owner(self.owner_name)
ro.set_resource_type(self.resource_type)
if self.phase == 1:
prop = self._resource_properties['add']
ro.set_description('adding group "{0}".'.format(self._name))
ro.set_http_method(prop['http_method'])
ro.set_owner_allowed(prop['owner_allowed'])
ro.set_request_uri(prop['uri'].format(self._id))
ro.set_resource_pagination(prop['pagination'])
# validate all required fields are present
if self.validate:
api_response = self._tc.api_request(ro)
if api_response.headers['content-type'] == 'application/json':
api_response_dict = api_response.json()
if api_response_dict['status'] == 'Success':
resource_key = ApiProperties.api_properties[self.resource_type.name]['resource_key']
r_id = api_response_dict['data'][resource_key]['id']
else:
self._tc.tcl.debug('Resource Object'.format(self))
raise AttributeError(ErrorCodes.e10040.value)
elif self.phase == 2:
prop = self._resource_properties['update']
ro.set_description('update indicator "{0}".'.format(self._name))
ro.set_http_method(prop['http_method'])
ro.set_owner_allowed(prop['owner_allowed'])
ro.set_request_uri(prop['uri'].format(self._id))
ro.set_resource_pagination(prop['pagination'])
api_response = self._tc.api_request(ro)
if api_response.headers['content-type'] == 'application/json':
api_response_dict = api_response.json()
if api_response_dict['status'] != 'Success':
self._tc.tcl.error('API Request Failure: [{0}]'.format(ro.description))
# submit all attributes, tags or associations
for ro in self._resource_container.commit_queue(self.id):
# if self.owner_name is not None:
# ro.set_owner(self.owner_name)
# replace the id
if self.phase == 1 and self.id != r_id:
request_uri = str(ro.request_uri.replace(str(self.id), str(r_id)))
ro.set_request_uri(request_uri)
self._tc.tcl.debug('Replacing {0} with {1}'.format(self.id, str(r_id)))
self._tc.tcl.debug('RO {0}'.format(ro))
api_response2 = self._tc.api_request(ro)
if api_response2.headers['content-type'] == 'application/json':
api_response_dict2 = api_response2.json()
if api_response_dict2['status'] != 'Success':
self._tc.tcl.error('API Request Failure: [{0}]'.format(ro.description))
self.set_id(r_id)
self._resource_container.clear_commit_queue_id(self.id)
self.set_phase(0)
# return object
return self
def commit(self):
""" commit victim and related assets, associations """
r_id = self.id
ro = RequestObject()
ro.set_body(self.gen_body)
if self.owner_name is not None:
ro.set_owner(self.owner_name)
ro.set_resource_type(self.resource_type)
if self.phase == 1:
prop = self._resource_properties['add']
ro.set_description('adding group "{0}".'.format(self._name))
ro.set_http_method(prop['http_method'])
ro.set_owner_allowed(prop['owner_allowed'])
ro.set_request_uri(prop['uri'].format(self._id))
ro.set_resource_pagination(prop['pagination'])
# validate all required fields are present
if self.validate:
api_response = self._tc.api_request(ro)
if api_response.headers['content-type'] == 'application/json':
api_response_dict = api_response.json()
if api_response_dict['status'] == 'Success':
resource_key = ApiProperties.api_properties[
self.resource_type.name]['resource_key']
r_id = api_response_dict['data'][resource_key]['id']
else:
self._tc.tcl.debug('Resource Object'.format(self))
raise AttributeError(ErrorCodes.e10040.value)
elif self.phase == 2:
prop = self._resource_properties['update']
ro.set_description('update indicator "{0}".'.format(self._name))
ro.set_http_method(prop['http_method'])
ro.set_owner_allowed(prop['owner_allowed'])
ro.set_request_uri(prop['uri'].format(self._id))
ro.set_resource_pagination(prop['pagination'])
api_response = self._tc.api_request(ro)
if api_response.headers['content-type'] == 'application/json':
api_response_dict = api_response.json()
if api_response_dict['status'] != 'Success':
self._tc.tcl.error('API Request Failure: [{0}]'.format(
ro.description))
# submit all attributes, tags or associations
for ro in self._resource_container.commit_queue(self.id):
# if self.owner_name is not None:
# ro.set_owner(self.owner_name)
# replace the id
if self.phase == 1 and self.id != r_id:
request_uri = str(
ro.request_uri.replace(str(self.id), str(r_id)))
ro.set_request_uri(request_uri)
self._tc.tcl.debug('Replacing {0} with {1}'.format(
self.id, str(r_id)))
self._tc.tcl.debug('RO {0}'.format(ro))
api_response2 = self._tc.api_request(ro)
if api_response2.headers['content-type'] == 'application/json':
api_response_dict2 = api_response2.json()
if api_response_dict2['status'] != 'Success':
self._tc.tcl.error('API Request Failure: [{0}]'.format(
ro.description))
self.set_id(r_id)
self._resource_container.clear_commit_queue_id(self.id)
self.set_phase(0)
# return object
return self
