Skip to content

case shell

Jump to bottom
MBromiley edited this page May 16, 2019 · 1 revision

Pollen Logo

pollen has a command shell which allows you to interact with TheHive without having to leave the command line. The command shell is based off of Python's Cmd class, and is dynamic in that it changes as you move through cases and tasks. There are technically four different shells within pollen; in this page we're examining the 'case' shell.

Accessing the pollen shell

To hop into pollen's case shell, run the following:

python3 pollen.py -c
(pollen) case

Select a case, which will change your prompt to the following:

(pollen) (case: <selected_case_title>)

If you are greeted with a question to setup your configuration, please check out the configuration Wiki page first!

Navigation Notes

pollen is built on multiple shells that have situational-awareness. Meaning, you cannot add a task log without first being in a case and task command prompt! However, each shell has the following options:

  • back: Back to the previous shell
  • exit: Exit back to the previous shell
  • clear: Clear the screen (simply runs the Linux clear command)
  • All inputs will accept Ctrl+C to drop you back to the previous menu

case shell

Your command prompt will look like: (pollen) (case: <selected_case_title>)

This is your case shell prompt, which means you've selected a particular case and can perform operations within that case. Your options include:

newtask

The newtask command allows you to create a new task within a case. Upon entering this command, you'll be prompted for some details.

(At the moment, pollen only configures the task title and description. Additional metadata will be in a future release)

(pollen) (case: Sample Case Title) newtask
Let's create a new task within this case! The next few steps will request some data from you:
Task Title: This is a sample task title
Task Description: This is a sample task description
Successfully created task This is a sample task title with the case Sample Case Title.
(pollen) (case: Sample Case Title)

After task creation, you'll be dropped back in to the case shell. You can navigate to your new task using the take command.

take

The take command allows you to "take" a task, and effectively switch in the task shell for that particular task. When you enter take, pollen will automatically query TheHive and provide you a list of all the available tasks.

Here is some sample output:

(pollen) (case: Sample Case Title) take
Please select a task number to move to that task:
# - Task Title
0 - Yet another sample task
1 - This is a sample task title
Please select a value from 0-1. (Press Ctrl+C to exit)

By selecting the number corresponding to a particular task, we can jump into the prompt for that task.

tasks

The tasks command displays the tasks available for a particular case, as well as their current status. Note that tasks does not move you into the task prompt, it merely displays what's available.

Here's some sample output:

(pollen) (case: Sample Case Title) tasks
***** Task Details for Case: Sample Case Title *****

There are currently 2 tasks.

Task Details:
	Task Title: Yet another sample task | Status: Waiting
	Task Title: This is a sample task title | Status: Waiting

This command allows you to gain high-level insight into what tasks are currently available in the case, what their status is. A later release of pollen will update the details presented here as well.

pollen wiki

Clone this wiki locally