#8 Add support to responders

TheHive-Project · Mar 4, 2019 · b9a0227 · b9a0227
1 parent 27194f4
commit b9a0227
Show file tree

Hide file tree

Showing 10 changed files with 134 additions and 7 deletions.
diff --git a/cortex4py/api.py b/cortex4py/api.py
@@ -10,6 +10,7 @@
 from .controllers.users import UsersController
 from .controllers.jobs import JobsController
 from .controllers.analyzers import AnalyzersController
+from .controllers.responders import RespondersController
 
 
 class Api(object):
@@ -33,6 +34,7 @@ def __init__(self, url, api_key, **kwargs):
         self.users = UsersController(self)
         self.jobs = JobsController(self)
         self.analyzers = AnalyzersController(self)
+        self.responders = RespondersController(self)
 
     @staticmethod
     def __recover(exception):

diff --git a/cortex4py/controllers/__init__.py b/cortex4py/controllers/__init__.py
@@ -4,3 +4,4 @@
 from .users import UsersController
 from .jobs import JobsController
 from .analyzers import AnalyzersController
+from .responders import RespondersController
diff --git a/cortex4py/controllers/responders.py b/cortex4py/controllers/responders.py
@@ -0,0 +1,70 @@
+from typing import List
+
+from cortex4py.query import *
+from .abstract import AbstractController
+from ..models import Responder, Job, ResponderDefinition
+
+
+class RespondersController(AbstractController):
+    def __init__(self, api):
+        AbstractController.__init__(self, 'responder', api)
+
+    def find_all(self, query, **kwargs) -> List[Responder]:
+        return self._wrap(self._find_all(query, **kwargs), Responder)
+
+    def find_one_by(self, query, **kwargs) -> Responder:
+        return self._wrap(self._find_one_by(query, **kwargs), Responder)
+
+    def get_by_id(self, worker_id) -> Responder:
+        return self._wrap(self._get_by_id(worker_id), Responder)
+
+    def get_by_name(self, name) -> Responder:
+        return self._wrap(self._find_one_by(Eq('name', name)), Responder)
+
+    def get_by_type(self, data_type) -> List[Responder]:
+        return self._wrap(self._api.do_get('responder/type/{}'.format(data_type)).json(), Responder)
+
+    def definitions(self) -> List[ResponderDefinition]:
+        return self._wrap(self._api.do_get('responderdefinition').json(), ResponderDefinition)
+
+    def enable(self, responder_name, config) -> Responder:
+        url = 'organization/responder/{}'.format(responder_name)
+        config['name'] = responder_name
+
+        return self._wrap(self._api.do_post(url, config).json(), Responder)
+
+    def update(self, worker_id, config) -> Responder:
+        url = 'responder/{}'.format(worker_id)
+        config.pop('name', None)
+
+        return self._wrap(self._api.do_patch(url, config).json(), Responder)
+
+    def disable(self, worker_id) -> bool:
+        return self._api.do_delete('responder/{}'.format(worker_id))
+
+    def run_by_id(self, worker_id, data, **kwargs) -> Job:
+        tlp = data.get('tlp', 2)
+        data_type = data.get('dataType', None)
+
+        post = {
+            'dataType': data_type,
+            'tlp': tlp
+        }
+
+        params = {}
+        if 'force' in kwargs:
+            params['force'] = kwargs.get('force', 1)
+
+        # add additional details
+        for key in ['message', 'parameters']:
+            if key in data:
+                post[key] = data.get(key, None)
+
+        post['data'] = data.get('data')
+
+        return self._wrap(self._api.do_post('responder/{}/run'.format(worker_id), post, params).json(), Job)
+
+    def run_by_name(self, responder_name, observable, **kwargs) -> Job:
+        responder = self.get_by_name(responder_name)
+
+        return self.run_by_id(responder.id, observable, **kwargs)
diff --git a/cortex4py/models/__init__.py b/cortex4py/models/__init__.py
@@ -2,5 +2,7 @@
 from .user import User
 from .analyzer import Analyzer
 from .analyzer_definition import AnalyzerDefinition
+from .responder import Responder
+from .responder_definition import ResponderDefinition
 from .job import Job
 from .job_artifact import JobArtifact
diff --git a/cortex4py/models/analyzer.py b/cortex4py/models/analyzer.py
@@ -7,7 +7,7 @@ def __init__(self, data):
         defaults = {
             'id': None,
             'name': None,
-            'analyzerDefinitionId': None,
+            'workerDefinitionId': None,
             'description': None,
             'version': None,
             'author': None,
@@ -17,7 +17,9 @@ def __init__(self, data):
             'configuration': {},
             'rate': None,
             'rateUnit': None,
-            'jobCache': None
+            'jobCache': None,
+            'maxPap': None,
+            'maxTlp': None
         }
 
         if data is None:

diff --git a/cortex4py/models/analyzer_definition.py b/cortex4py/models/analyzer_definition.py
@@ -7,7 +7,6 @@ def __init__(self, data):
         defaults = {
             'id': None,
             'name': None,
-            'analyzerDefinitionId': None,
             'description': None,
             'version': None,
             'author': None,

diff --git a/cortex4py/models/job.py b/cortex4py/models/job.py
@@ -6,10 +6,11 @@ class Job(Model):
     def __init__(self, data):
         defaults = {
             'id': None,
+            'type': None,
             'organization': None,
-            'analyzerId': None,
-            'analyzerDefinitionId': None,
-            'analyzerName': None,
+            'workerId': None,
+            'workerDefinitionId': None,
+            'workerName': None,
             'status': None,
             'dataType': None,
             'tlp': 1,

diff --git a/cortex4py/models/responder.py b/cortex4py/models/responder.py
@@ -0,0 +1,27 @@
+from .model import Model
+
+
+class Responder(Model):
+
+    def __init__(self, data):
+        defaults = {
+            'id': None,
+            'name': None,
+            'workerDefinitionId': None,
+            'description': None,
+            'version': None,
+            'author': None,
+            'url': None,
+            'license': None,
+            'dataTypeList': [],
+            'configuration': {},
+            'rate': None,
+            'rateUnit': None,
+            'maxPap': None,
+            'maxTlp': None
+        }
+
+        if data is None:
+            data = dict(defaults)
+
+        self.__dict__ = {k: v for k, v in data.items() if not k.startswith('_')}
diff --git a/cortex4py/models/responder_definition.py b/cortex4py/models/responder_definition.py
@@ -0,0 +1,23 @@
+from .model import Model
+
+
+class ResponderDefinition(Model):
+
+    def __init__(self, data):
+        defaults = {
+            'id': None,
+            'name': None,
+            'description': None,
+            'version': None,
+            'author': None,
+            'url': None,
+            'license': None,
+            'basicConfig': None,
+            'dataTypeList': [],
+            'configurationItems': []
+        }
+
+        if data is None:
+            data = dict(defaults)
+
+        self.__dict__ = {k: v for k, v in data.items() if not k.startswith('_')}
diff --git a/setup.py b/setup.py
@@ -11,7 +11,7 @@
 
 setup(
     name='cortex4py',
-    version='2.0.1',
+    version='2.1.0',
     description='Python API client for Cortex.',
     long_description=read_md('README.md'),
     author='TheHive-Project',