Comments (5)
i think you can use function __find_rows
for that. It basically works as if you use REST API /case/artifact/_search endpoint. You just have to submit search path. Resulting Json will contain case Id unter _parent IIRC.
from thehive4py.
This will be part of the library re writing #85
from thehive4py.
i think you can use function
__find_rows
for that. It basically works as if you use REST API /case/artifact/_search endpoint. You just have to submit search path. Resulting Json will contain case Id unter _parent IIRC.
This is 100% valid.
from thehive4py.
So, using a generalized search, it would look something like:
api = TheHiveApi("https://thehive.company.com", username, password)
refinement = {"_string":"!_type:audit AND !_type:data AND !_type:user AND !_type:analyzer AND !_type:alert AND !_type:case_artifact_job_log AND !status:Deleted"}
searchTerm = 'ioc:true'
ioc_query = {
"_and": [
{"_string": searchTerm},
refinement
]
}
ioc_rows = api.__find_rows("/api/_search?nparent=10", query=ioc_query)
from thehive4py.
No your can directly call /api/case/artifact/_search
with {"ioc":true}
ioc_query = {"ioc":true}
api.__find_rows(`/api/case/artifact/_search?nparent=1`, query=ioc_query)
from thehive4py.
Related Issues (20)
- How to configure webhook for the cases with "Filtered Event" for case updates alone? Seems like webhook when case is updated flow has been removed. HOT 1
- Pytest: Issues when running it HOT 6
- Export (Reports, Notifications Integration (API) Incidents HOT 1
- Docstring for the endpoints scripts
- find_cases() with ContainsStrings() not compatible with TH5 HOT 3
- Enhance readme HOT 1
- TheHive4py integration tests - No persistence for licensing HOT 4
- Getting rid of develop branch HOT 2
- Enhance cortex endpoint
- Add automatic build and pypi deployment workflow HOT 2
- Create more thorough documentation
- Revisit 5.x endpoints
- Develop a query builder for the query endpoint
- Change licensing to MIT
- [Tests] kamforka/thehive4py-integrator:thehive-5.2.4 doesn't exist HOT 1
- Get rid of setup.cfg in favor of pyproject.toml
- Unable to create Observables during Alert creation or after HOT 8
- Review type hints for Input/Output objects
- Attachement to an alert HOT 1
- Add the possibility to download files and keep them in a variable HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from thehive4py.