Merge pull request #107 from intezer/modify/change-var-name

modify/change-var-name

Author: matany90

README.md

@@ -17,6 +17,8 @@ Currently, the following options are available in the SDK:
 - IOCs, Dynamic TTPs and Capabilities
 - Strings related samples
 - Search a family
+- Ingest an alert from any source
+- Ingest a raw email alert (.msg or .eml file)
 
 ## Installation
 

intezer_sdk/__init__.py

@@ -1 +1 @@
-__version__ = '1.18.3'
+__version__ = '1.18.4'

intezer_sdk/alerts.py

@@ -227,7 +227,7 @@ def send(cls,
 
     @classmethod
     def send_phishing_email(cls,
-                            raw_alert: BinaryIO,
+                            raw_email: BinaryIO,
                             api: IntezerApiClient = None,
                             environment: Optional[str] = None,
                             default_verdict: Optional[str] = None,
@@ -238,7 +238,7 @@ def send_phishing_email(cls,
         """
         Send an alert for further investigation using the Intezer Analyze API.
 
-        :param raw_alert: The raw alert data.
+        :param raw_email: The raw alert data.
         :param api: The API connection to Intezer.
         :param environment: The environment of the alert.
         :param default_verdict: The default verdict to send the alert with.
@@ -250,12 +250,12 @@ def send_phishing_email(cls,
                  resulting alert object will be initialized with the alert triage data.
         """
         _api = IntezerApi(api or get_global_api())
-        if not bool(raw_alert.getvalue()):
+        if not bool(raw_email.getvalue()):
             raise ValueError('alert cannot be empty')
 
         send_alert_params = dict(
-            alert=raw_alert,
-            file_name=cls._parse_alert_id_from_alert_stream(raw_alert),
+            alert=raw_email,
+            file_name=cls._parse_alert_id_from_alert_stream(raw_email),
             alert_source='phishing_emails',
             environment=environment,
             display_fields=','.join(['sender', 'received', 'subject', 'message_id', 'to']),

tests/unit/test_alerts.py

@@ -111,7 +111,7 @@ def test_ingest_binary_alert_success(self):
                      status=HTTPStatus.OK,
                      json={'result': True, 'alert_id': alert_id})
             # Act
-            alert = Alert.send_phishing_email(raw_alert=raw_alert,
+            alert = Alert.send_phishing_email(raw_email=raw_alert,
                                               alert_sender='alert_sender')
 
             # Assert