diff --git a/DigitalShadows/api.py b/DigitalShadows/api.py index f3c5bbf..4b6fa41 100644 --- a/DigitalShadows/api.py +++ b/DigitalShadows/api.py @@ -1,10 +1,9 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 # -*- coding: utf-8 -*- -from __future__ import (absolute_import, division, - print_function, unicode_literals) -import requests +import requests +import json class DigitalShadowsApi(): """ @@ -21,8 +20,8 @@ def __init__(self, config): self.proxies = config['proxies'] self.verify = config['verify'] self.headers = { - 'Content-Type': 'application/vnd.polaris-v22+json', - 'Accept': 'application/vnd.polaris-v22+json' + 'Content-Type': 'application/vnd.polaris-v28+json', + 'Accept': 'application/vnd.polaris-v28+json' } self.session = requests.Session() self.auth = requests.auth.HTTPBasicAuth(username=self.key, @@ -33,7 +32,7 @@ def getIncidents(self, id, fulltext='false'): headers = self.headers try: return self.session.get(req, headers=headers, auth=self.auth, - proxies=self.proxies, verify=False) + proxies=self.proxies, verify=self.verify) except requests.exceptions.RequestException as e: sys.exit("Error: {}".format(e)) @@ -45,3 +44,69 @@ def getIntelIncidents(self, id, fulltext='false'): proxies=self.proxies, verify=self.verify) except requests.exceptions.RequestException as e: sys.exit("Error: {}".format(e)) + + def find_incident(self, since, property='occurred', direction='DESCENDING', detailed='true', fulltext='false'): + req = self.url + '/api/incidents/find' + headers = self.headers + payload = {'since': since , 'sort.property': property, 'sort.direction':direction, 'detailed': detailed, 'fulltext':fulltext} + try: + return self.session.get(req, headers=headers, auth=self.auth, proxies=self.proxies, params=payload, verify=self.verify) + except requests.exceptions.RequestException as e: + sys.exit("Error: {}".format(e)) + + def find_intel_incident(self, since, property='verified', direction='ASCENDING'): + req = self.url + '/api/intel-incidents/find' + headers = self.headers + + payload = json.dumps({ + "filter": { + "severities": [], + "tags": [], + "tagOperator": "AND", + "dateRange": since, + "dateRangeField": "occurred", + "types": [], + "withFeedback": True, + "withoutFeedback": True + }, + "sort": { + "property": property, + "direction": direction + }, + "pagination": { + "size": 50, + "offset": 0 + } + }) + + + try: + return self.session.post(req, headers=headers, auth=self.auth, proxies=self.proxies, data=payload, verify=self.verify) + except requests.exceptions.RequestException as e: + sys.exit("Error: {}".format(e)) + + def get_intel_incident_iocs(self, id): + req = "{}/api/intel-incidents/{}/iocs".format(self.url, id) + headers = self.headers + payload = { + "filter": {}, + "sort": { + "property": "value", + "direction": "ASCENDING" + } + } + try: + return self.session.post(req, headers=headers, auth=self.auth, proxies=self.proxies, + data=json.dumps(payload), verify=self.verify) + except requests.exceptions.RequestException as e: + sys.exit("Error: {}".format(e)) + + + def get_intel_incident_thumbnail(self, id): + req = "{}/api/thumbnails/{}".format(self.url, id) + headers = self.headers + try: + return self.session.get(req, headers=headers, auth=self.auth, proxies=self.proxies, + verify=self.verify) + except requests.exceptions.RequestException as e: + sys.exit("Error: {}".format(e)) diff --git a/README.md b/README.md index a88d0b7..c319f50 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,7 @@ Copy `config.py.template` into `config.py` and fill all connection information n ## Usage -Identify an interesting incident on DigitalShadows website you want to import un TheHive. Note the incident number and run the following command on the system it sits : ``` -$ ds2th.py -i +$ ds2th.py -t