Merge branch 'release/1.5.0'

TheHive-Project · Sep 25, 2018 · 486dc27 · 486dc27
2 parents da76a6b + 393a1cf
commit 486dc27
Show file tree

Hide file tree

Showing 5 changed files with 92 additions and 4 deletions.
diff --git a/samples/test-promote-alert.py b/samples/test-promote-alert.py
@@ -0,0 +1,27 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from __future__ import print_function
+from __future__ import unicode_literals
+
+import sys
+import json
+from thehive4py.api import TheHiveApi
+
+ALERT_ID = '** PUT AN ALERT ID HERE **'
+API_KEY = '** YOUR API KEY **'
+
+api = TheHiveApi('http://127.0.0.1:9000', API_KEY)
+
+print('Promoting alert %s to a case' % ALERT_ID)
+print('-----------------------------')
+
+response = api.promote_alert_to_case(ALERT_ID)
+
+if response.status_code == 201:
+    print(json.dumps(response.json(), indent=4, sort_keys=True))
+    print('')
+
+else:
+    print('ko: {}/{}'.format(response.status_code, response.text))
+    sys.exit(0)
diff --git a/samples/test-search-template.py b/samples/test-search-template.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from __future__ import print_function
+from __future__ import unicode_literals
+
+import sys
+import json
+from thehive4py.api import TheHiveApi
+from thehive4py.query import Eq
+
+api = TheHiveApi('http://127.0.0.1:9000', '**YOUR_API_KEY**')
+
+print('Search for case templates')
+print('-----------------------------')
+
+response = api.find_case_templates(query=Eq("status", "Ok"))
+
+if response.status_code == 200:
+    print(json.dumps(response.json(), indent=4, sort_keys=True))
+    print('')
+
+else:
+    print('ko: {}/{}'.format(response.status_code, response.text))
+    sys.exit(0)
diff --git a/setup.py b/setup.py
@@ -11,7 +11,7 @@
 
 setup(
     name='thehive4py',
-    version='1.4.4',
+    version='1.5.0',
     description='Python API client for TheHive.',
     long_description=read_md('README.md'),
     author='TheHive-Project',

diff --git a/tests/test_case.py b/tests/test_case.py
@@ -1,4 +1,4 @@
-import mock
+from unittest import mock
 
 from thehive4py.api import TheHiveApi
 
@@ -37,3 +37,4 @@ def test_get_case(mock_get):
 
     assert mock_response.json.call_count == 1
     assert case.id == test_id
+
diff --git a/thehive4py/api.py b/thehive4py/api.py
@@ -315,6 +315,13 @@ def get_linked_cases(self, case_id):
         except requests.exceptions.RequestException as e:
             raise CaseException("Linked cases fetch error: {}".format(e))
 
+    def find_case_templates(self, **attributes):
+        """
+            :return: list of case templates
+            :rtype: json
+        """
+        return self.__find_rows("/api/case/template/_search", **attributes)
+
     def get_case_template(self, name):
 
         """
@@ -382,7 +389,7 @@ def mark_alert_as_read(self, alert_id):
         try:
             return requests.post(req, headers={'Content-Type': 'application/json'}, proxies=self.proxies, auth=self.auth, verify=self.cert)
         except requests.exceptions.RequestException:
-            raise AlertException("Mark alert as read error: {}".format(e))    
+            raise AlertException("Mark alert as read error: {}".format(e))
 
     def mark_alert_as_unread(self, alert_id):
         """
@@ -395,7 +402,7 @@ def mark_alert_as_unread(self, alert_id):
         try:
             return requests.post(req, headers={'Content-Type': 'application/json'}, proxies=self.proxies, auth=self.auth, verify=self.cert)
         except requests.exceptions.RequestException:
-            raise AlertException("Mark alert as unread error: {}".format(e))    
+            raise AlertException("Mark alert as unread error: {}".format(e))
 
     def update_alert(self, alert_id, alert, fields=[]):
         """
@@ -441,6 +448,27 @@ def find_alerts(self, **attributes):
 
         return self.__find_rows("/api/alert/_search", **attributes)
 
+    def promote_alert_to_case(self, alert_id):
+        """
+            This uses the TheHiveAPI to promote an alert to a case
+
+            :param alert_id: Alert identifier
+            :return: TheHive Case
+            :rtype: json
+        """
+
+        req = self.url + "/api/alert/{}/createCase".format(alert_id)
+
+        try:
+            return requests.post(req, headers={'Content-Type': 'application/json'},
+                                 proxies=self.proxies, auth=self.auth,
+                                 verify=self.cert, data=json.dumps({}))
+
+        except requests.exceptions.RequestException as the_exception:
+            raise AlertException("Couldn't promote alert to case: {}".format(the_exception))
+
+        return None
+
     def run_analyzer(self, cortex_id, artifact_id, analyzer_id):
 
         """
@@ -461,6 +489,13 @@ def run_analyzer(self, cortex_id, artifact_id, analyzer_id):
         except requests.exceptions.RequestException as e:
             raise TheHiveException("Analyzer run error: {}".format(e))
 
+    def find_tasks(self, **attributes):
+        """
+            :return: list of Tasks
+            :rtype: json
+        """
+
+        return self.__find_rows("/api/case/task/_search", **attributes)
 
 # - addObservable(file)
 # - addObservable(data)