The ThreatGrid Leaf
-
class
cmaple.threatgrid.threatgrid.
TG
(**kwargs)[source] This class defines the API interface for the FMC.
Inherits generic REST functionality from RestBase.
Overrides methods in RestBase where necessary.
Method names not beginning with “_” are made available to cmaple_cli.py for use in operations config files.
-
__init__
(**kwargs)[source] __init__ receives a kwargs dict to define parameters. This allows __init__ to pass these parameters to the superclass.
Returns a ThreatGrid leaf object.
Parameters
- TG_host: string, keyword, default=None
- The ip address or fqdn of ThreatGrid
- TG_API_key: string, keyword, default=None
- The ThreatGrid API key.
- API_path_delimiter: string, keyword, default=’/’
- The default delimiter for the API path.
- API_version: string, keyword, default=’v2’
- The API version supported by the target ThreatGrid.
- verify: boolean, keyword, default=False
- If True, verify the certificate. If False disable verification.
- default_get_item_limit: integer, keyword, default=400
- The default number of items to request in a GET request.
- rpm_retries: integer, keyword, default=5
- The number of times to retry in response to a 429 error.
- backoff_timer: integer, keyword, default=30
- The interval to wait between retry attempts
- persist_responses: boolean, keyword, default=True
- If True, responses will be pickle persisted by url into the leaf’s working directory.
- restore_responses: boolean, keyword, default=False
- If True, pickled persistent responses will be restored prior to all other operations.
- leaf_dir: string, keyword, default=None
- Provided by CMapleTree when this leaf type is instantiated. Contains the directory where working files for the leaf instance are stored.
-
_request_wrapper
(recursed=False, **kwargs)[source] Wraps all requests for a TG leaf in order to handle TG specifics. This should only be called by internal methods.
Parameters
- recursed: boolean, keyword, default=False
- Signals if this is the top level call.
- **kwargs: dictionary
- Used to pass through arguments to wrapped methods.
-
get_datetime_obj
(year=2018, month=1, day=1, hour=0, minute=0, second=0, tz_str='Etc/GMT-0')[source] Gets a Python datetime object representing the given parameters.
Returns: Python datetime object
Parameters
- year: integer, keyword, default=2018
- The datetime year
- month: integer, keyword, default=1
- The datetime month
- day: integer, keyword, default=1
- The datetime day
- hour: integer, keyword, default=0
- The datetime hour
- minute: integer, keyword, default=0
- The datetime minute
- second: integer, keyword, default=0
- The datetime second
- tz_str: string, keyword, default=Etc/GMT-0
- The datetime time zone
-
get_datetime_str
(year=2018, month=1, day=1, hour=0, minute=0, second=0, tz_str='Etc/GMT-0')[source] Gets a datetime string for the given parameters.
Returns: A datetime string formatted with strftime
Parameters
- year: integer, keyword, default=2018
- The datetime year
- month: integer, keyword, default=1
- The datetime month
- day: integer, keyword, default=1
- The datetime day
- hour: integer, keyword, default=0
- The datetime hour
- minute: integer, keyword, default=0
- The datetime minute
- second: integer, keyword, default=0
- The datetime second
- tz_str: string, keyword, default=Etc/GMT-0
- The datetime time zone
-
get_datetime_now_str
()[source] Gets a datetime string for the current time formatted with strftime.
Returns: A datetime string for the current time formatted with strftime
Parameters
None
-
get_datetime_delta_str
(_strftime=None, days=0, seconds=0, microseconds=0, milliseconds=0, minutes=0, hours=0, weeks=0)[source] Gets a datetime string for the delta with _strftime time formatted with strftime.
Returns: A datetime string for the current time formatted with strftime
Parameters
- _strftime: string, keyword, default=None
- The base time formatted with strftime
- days: integer, keyword, default=0
- The +- number of days
- seconds: integer, keyword, default=0
- The +- number of seconds
- microseconds: integer, keyword, default=0
- The +- number of microseconds
- milliseconds: integer, keyword, default=0
- The +- number of milliseconds
- minutes: integer, keyword, default=0
- The +- number of minutes
- hours: integer, keyword, default=0
- The +- number of hours
- weeks: integer, keyword, default=0
- The +- number of weeks
-
free_form
(base_paths=None, scope_params=None, responses_dict=None)[source] Gets threatgrid samples.
Returns: a responses dictionary
Parameters
- sample_search_paths: dictionary, keyword, default=None
- Defines the search parameters (e.g. checksum=<sha256>).
- params: dictionary, keyword, default=None
- Defines the search scope parameters (e.g. before=<strftime>).
- responses_dict: dictionary, keyword, default=None
- Allows the caller to override the default behavior to store responses in the self.responses_dict. Useful if caller would like to keep the responses isolated.
-
search_samples
(sample_search_paths=None, params=None, responses_dict=None)[source] Gets threatgrid samples.
Returns: a responses dictionary
Parameters
- sample_search_paths: dictionary, keyword, default=None
- Defines the search parameters (e.g. checksum=<sha256>).
- params: dictionary, keyword, default=None
- Defines the search scope parameters (e.g. before=<strftime>).
- responses_dict: dictionary, keyword, default=None
- Allows the caller to override the default behavior to store responses in the self.responses_dict. Useful if caller would like to keep the responses isolated.
-
get_samples
(params=None, responses_dict=None)[source] Gets threatgrid samples.
Returns: a responses dictionary
Parameters
- params: dictionary, keyword, default=None
- Defines the search scope parameters (e.g. before=<strftime>).
- responses_dict: dictionary, keyword, default=None
- Allows the caller to override the default behavior to store responses in the self.responses_dict. Useful if caller would like to keep the responses isolated.
-
walk_samples
(sample_id_paths=None, params=None, responses_dict=None)[source] Walks threatgrid samples by id.
Returns: a responses dictionary
Parameters
- sample_id_paths: dictionary, keyword, default=None
- Defines the paths to retrieve for each id.
- params: dictionary, keyword, default=None
- Defines the search scope parameters (e.g. before=<strftime>).
- responses_dict: dictionary, keyword, default=None
- Allows the caller to override the default behavior to store responses in the self.responses_dict. Useful if caller would like to keep the responses isolated.
-
_prepare_url
(url=None, params=None)[source] Prepares the url by replacing parameter placeholders with values. This should only be called by internal methods.
Parameters
- url: string, keyword, default=None
- The url to prepare.
- params: dictionary, keyword, default=None
- The parameters dictionary.
-
GET_API_path
(url, include_filter_regex=None, exclude_filter_regex=None, stop_on_error=False, use_cache=False, responses_dict=None, get_item_limit=None) Wrapper for a REST GET request.
***Inherited from RestBase…***
Returns a Python dictionary object containing the response results for the GET.
By default stores all responses in self.responses_dict unless a dictionary is passed in using the responses_dict parameter.
Parameters
- url : string
- The starting url of the path to walk. Must be a fully valid FMC api “GET” path. url can include the host prefix or start from the resource path. If the host prefix is missing, it will be added automatically.
- use_cache: boolean, keyword, default=False
- If set to True, any path that has already been requested will not generate a new request
- include_filter_regex: string, keyword, default=None
- A regex string defining which urls to include in walk.
- exclude_filter_regex: string, keyword, default=None
- A regex string defining which urls to exclude from walk.
- stop_on_error: boolean, keyword, default=False
- If set to True, walk will halt when a non positive status code response is received.
- get_item_limit: integer, keyword, default=25
- Specifies the number of items to return for each GET request.
- responses_dict: dictionary, keyword, default=None
- Allows the caller to override the default behavior to store responses in the self.responses_dict. Useful if caller would like to keep the responses isolated.
-
GET_responses_by_jsonpath
(jsonpath, responses_dict=None) Returns responses matching a jsonpath query.
***Inherited from RestBase…***
Returns - The matching responses.
Parameters
- jsonpath: string
- The jsonpath query to match responses.
- responses_dict: dictionary, keyword, default=None
- The response dictionary to query.
-
_collect_responses
(url, response_dict, responses_dict) Utility method called by wrappers to request all pages for a given url. Normally not called directly.
***Inherited from RestBase…***
Returns a Python dictionary object containing the response results.
By default stores all responses in self.responses_dict unless a dictionary is passed in using the responses_dict parameter.
Parameters
- url: string
- The url of the path to GET. Must be a fully valid FMC api “GET” path.
- response_dict: dictionary
- A dictionary reference updated by this method to include all responses.
- responses_dict: dictionary, keyword, default=None
- Allows the caller to override the default behavior to store responses in the self.responses_dict. Useful if caller would like to keep the responses isolated.
-
_get_child_urls
() Must override in parent class
***Inherited from RestBase…***
-
_prepare_url_for_migration
() Must override in parent class
***Inherited from RestBase…***
-
_recurse_API_child_gets
(url, use_cache=True, end_path_regex=None, include_filter_regex=None, exclude_filter_regex=None, stop_on_error=False, filtered=False, cache_hit=False, get_item_limit=None, responses_dict=None, parent_url='') Handles recursion of a given url path. Normally not called directly but from a wrapper method. Begins at given API url path and recursively GET walks path and child paths until complete. Automatically handles pagination and discovery of child urls.
***Inherited from RestBase…***
Returns a Python dictionary object containing the response results for all url path GETs.
By default stores all responses in self.responses_dict unless a dictionary is passed in using the responses_dict parameter.
Parameters
- url : string
- The starting url of the path to recurse. Must be a fully valid FMC api “GET” path. url can include the host prefix or start from the resource path. If the host prefix is missing, it will be added automatically.
- use_cache: boolean, keyword, default=False
- If set to True, any path that has already been requested will not generate a new request
- include_filter_regex: string, keyword, default=None
- A regex string defining which urls to include in walk.
- exclude_filter_regex: string, keyword, default=None
- A regex string defining which urls to exclude from walk.
- stop_on_error: boolean, keyword, default=False
- If set to True, walk will halt when a non positive status code response is received.
- get_item_limit: integer, keyword, default=25
- Specifies the number of items to return for each GET request.
- responses_dict: dictionary, keyword, default=None
- Allows the caller to override the default behavior to store responses in the self.responses_dict. Useful if caller would like to keep the responses isolated.
- parent_url: string, keyword, default=’‘
- Specifies the url of the parent of this child url. Used to prevent recursion loops where the API model contains a circular object.
-
_set_json_properties_by_objectpath
(json_dict=None, properties_dict=None) Sets properties in json_dict from properties_dict.
***Inherited from RestBase…***
Returns - The modified json_dict.
Parameters
- json_dict: dictionary, keyword, default=None
- The json_dict to modify.
- properties_dict: dictionary, keyword, default=None
- The properties to modify {property:value}.
-
chained_smart_get
(base_paths=None, params=None, responses_dict=None, query_dict=None) Gets threatgrid samples.
Returns: a responses dictionary
Parameters
- sample_search_paths: dictionary, keyword, default=None
- Defines the search parameters (e.g. checksum=<sha256>).
- params: dictionary, keyword, default=None
- Defines the search scope parameters (e.g. before=<strftime>).
- responses_dict: dictionary, keyword, default=None
- Allows the caller to override the default behavior to store responses in the self.responses_dict. Useful if caller would like to keep the responses isolated.
-
get_all_items
(url, use_cache=True, end_path_regex=None, include_filter_regex=None, exclude_filter_regex=None, stop_on_error=False, filtered=False, cache_hit=False, get_item_limit=None, responses_dict=None) Performs a get to retrieve the “Items” listing for the url.
***Inherited from RestBase…***
Returns a Python dictionary object containing the response results.
By default stores all responses in self.responses_dict unless a dictionary is passed in using the responses_dict parameter.
Parameters
- url : string
- The url for which to retrieve the items list. Must be a fully valid FMC api “GET” path. url can include the host prefix or start from the resource path. If the host prefix is missing, it will be added automatically.
- use_cache: boolean, keyword, default=False
- If set to True, any path that has already been requested will not generate a new request
- include_filter_regex: string, keyword, default=None
- A regex string defining which urls to include in walk.
- exclude_filter_regex: string, keyword, default=None
- A regex string defining which urls to exclude from walk.
- stop_on_error: boolean, keyword, default=False
- If set to True, walk will halt when a non positive status code response is received.
- get_item_limit: integer, keyword, default=25
- Specifies the number of items to return for each GET request.
- responses_dict: dictionary, keyword, default=None
- Allows the caller to override the default behavior to store responses in the self.responses_dict. Useful if caller would like to keep the responses isolated.
-
get_json_request
(url, responses_dict=None) Generic wrapper for a REST API GET request.
***Inherited from RestBase…***
Returns a Python dictionary object containing the response results for the Post.
By default stores all responses in self.responses_dict unless a dictionary is passed in using the responses_dict parameter.
Parameters
- url: string
- The url of the path to GET. Must be a fully valid FMC api “GET” path. url can include the host prefix or start from the resource path. If the host prefix is missing, it will be added automatically.
- responses_dict: dictionary, keyword, default=None
- Allows the caller to override the default behavior to store responses in the self.responses_dict. Useful if caller would like to keep the responses isolated.
-
or_migrate_config
() Must override in parent class
***Inherited from RestBase…***
-
post_csv_template
(url=None, file_path=None) Reads a csv file containing flatlined records (flattened with output_transforms.flatten_json(json_dict) and posts each record individually to the target.
***Inherited from RestBase…***
Returns - No return value.
Parameters
- url: string, keyword, default=None
- The target url to post records.
- file_path: string, keyword, default=None
- The full path to the file containing the csv records.
-
post_json_request
(url, json_dict, responses_dict=None) Generic wrapper for a REST API Post request.
***Inherited from RestBase…***
Returns a Python dictionary object containing the response results for the Post.
By default stores all responses in self.responses_dict unless a dictionary is passed in using the responses_dict parameter.
Parameters
- url: string
- The url of the path to POST. Must be a fully valid FMC api “GET” path. url can include the host prefix or start from the resource path. If the host prefix is missing, it will be added automatically.
- json_dict: dictionary, argument
- The Python dictionary containing the request json
- responses_dict: dictionary, keyword, default=None
- Allows the caller to override the default behavior to store responses in the self.responses_dict. Useful if caller would like to keep the responses isolated.
-
put_json_request
(url, json_dict, responses_dict=None) Generic wrapper for a REST API Put request.
***Inherited from RestBase…***
Returns a Python dictionary object containing the response results for the Post.
By default stores all responses in self.responses_dict unless a dictionary is passed in using the responses_dict parameter.
Parameters
- url: string
- The url of the path to POST. Must be a fully valid FMC api “GET” path. url can include the host prefix or start from the resource path. If the host prefix is missing, it will be added automatically.
- json_dict: dictionary, argument
- The Python dictionary containing the request json
- responses_dict: dictionary, keyword, default=None
- Allows the caller to override the default behavior to store responses in the self.responses_dict. Useful if caller would like to keep the responses isolated.
-
query_json_field
(query_field=None, json_to_query=None) Returns a list of objects matching the query_field query.
***Inherited from RestBase…***
Returns - A list of the matching objects
Parameters
- query_field: string, keyword, default=None
- The field for which to query fields.
- json_to_query: dictionary, keyword, default=None
- The json dictionary to query.
-
query_json_field_from_url
(query_url=None, json_to_query=None) Returns a list of json fields matching an objectpath query.
***Inherited from RestBase…***
Returns - A list of the matching fields.
Parameters
- query_url: string, keyword, default=None
- The url for which to query fields.
- json_to_query: dictionary, keyword, default=None
- The json dictionary to query.
-
query_with_list
(query_url=None, query_list=None, responses_dict=None) Iterates over and substitutes the values in query_list in query_url
***Inherited from RestBase…***
Returns - All responses obtained.
Parameters
- query_url: string, keyword, default=None
- The url for which to query fields.
- query_list: list, keyword, default=None
- The list of values to iterate over and substitute in query_url.
-
set_json_properties
(json_dict=None, properties_dict=None) Sets properties in json_dict from properties_dict.
***Inherited from RestBase…***
Returns - The modified json_dict.
Parameters
- json_dict: dictionary, keyword, default=None
- The json_dict to modify.
- properties_dict: dictionary, keyword, default=None
- The properties to modify {property:value}.
-
walk_API_path_gets
(url, end_path_regex=None, include_filter_regex=None, exclude_filter_regex=None, use_cache=True, stop_on_error=False, get_item_limit=None, responses_dict=None) Begins at given API url path and recursively GET walks path and child paths until complete.
***Inherited from RestBase…***
Returns a Python dictionary object containing the response results for all url path GETs.
By default stores all responses in self.responses_dict unless a dictionary is passed in using the responses_dict parameter.
Parameters
- url : string
- The starting url of the path to walk. Must be a fully valid FMC api “GET” path. url can include the host prefix or start from the resource path. If the host prefix is missing, it will be added automatically.
- use_cache: boolean, keyword, default=False
- If set to True, any path that has already been requested will not generate a new request
- include_filter_regex: string, keyword, default=None
- A regex string defining which urls to include in walk.
- exclude_filter_regex: string, keyword, default=None
- A regex string defining which urls to exclude from walk.
- stop_on_error: boolean, keyword, default=False
- If set to True, walk will halt when a non positive status code response is received.
- get_item_limit: integer, keyword, default=25
- Specifies the number of items to return for each GET request.
- responses_dict: dictionary, keyword, default=None
- Allows the caller to override the default behavior to store responses in the self.responses_dict. Useful if caller would like to keep the responses isolated.
-
write_csv_template_from_response
(response_json=None, file=<colorama.ansitowin32.StreamWrapper object>) Flatlines response_json and writes to a csv record.
***Inherited from RestBase…***
Returns - The csv records.
Parameters
- response_json: list, keyword, default=None
- The list of responses to write to csv.
- file: file_handle, keyword, default=sys.stdout
- The file_handle target for the csv records.
-