API Documentation

class endpoint_query.APIRequestHandler

Bases: object

Standard class to call FireEye REST API

Variables

  • URL (str) – initial value: ‘https://api.isightpartners.com

  • public_key (str) – initial value: ‘’

  • private_key (str) – initial value: ‘’

  • accept_version (str) – initial value: ‘2.5’

  • logger (logging.Logger) – initial value: logging.Logger

  • session (requests.Session) – initial value: requests.Session()

getIocs(startDate: datetime.datetime = datetime.datetime(2020, 9, 25, 1, 32, 8, 871206), endDate: datetime.datetime = datetime.datetime(2020, 10, 2, 1, 32, 8, 871206), accept_header: str = 'application/json')

Gets IoCs in a timerange from FireEye iSight API

Parameters

  • datetime (endDate) – Start time. Defaults to datetime.now()-timedelta(days=7).

  • datetime – End time. Defaults to datetime.now().

  • str (accept_header) – Mimetype return format. Defaults to ‘application/json’.

Returns

Depending on accept_header, returns either dictionary json data or request response

Return type

dict OR request.Response

getReport(reportId: str, accept_header: str = 'application/stix')

Gets report endpoint for IoCs

Parameters

  • reportId (str) – ID of report

  • accept_header (str) – header to accept different datatypes returned. Defaults to “application/stix”.

Returns

Report request response

Return type

requests.Response

init(URL: str = None, public_key: str = None, private_key: str = None, accept_version: str = None, logger: logging.Logger = None, session: requests.sessions.Session = None)

Initializes class with optional attributes

Parameters

  • URL (str) – URL for FireEye iSight. Defaults to ‘https://api.isightpartners.com

  • public_key (str) – Public API Key. Defaults to ‘’

  • private_key (str) – Private API Key. Defaults to ‘’

  • accept_version (str) – FireEye iSight version. Defaults to ‘2.5’

  • logger (logging.Logger) – Logger object. Defaults to logging.getLogger(__name__)

  • session (requests.Session) – Requests session. Defaults to requests.Session()

prepare_headers(endpoint: str, accept: str)

Attaches headers to handler session

Parameters

  • endpoint (str) – endpoint to hit for hashing

  • accept (str) – content type to get for acceptance

returnHelper(response: requests.models.Response)
taxiiPush(**kwargs)

Pushes taxii data to a taxii server

jwt_auth_url is required for JWT based authentication. If it is not specified but username and password are provided, client will configure Basic authentication.

SSL authentication can be combined with JWT and Basic authentication.

Parameters

  • ca_cert (str) – a path to CA SSL certificate file

  • cert_file (str) – a path to SSL certificate file

  • key_file (str) – a path to SSL key file

  • username (str) – username, used in basic auth or JWT auth

  • password (str) – password, used in basic auth or JWT auth

  • key_password (str) – same argument as in ssl.SSLContext.load_cert_chain - may be a function to call to get the password for decrypting the private key or string/bytes/bytearray. It will only be called if the private key is encrypted and a password is necessary.

  • jwt_auth_url (str) – URL used to obtain JWT token

  • verify_ssl (bool/str) – set to False to skip checking host’s SSL certificate. Set to True to check certificate against public CAs or set to filepath to check against custom CA bundle.

  • content (str) – content to push

  • content_binding (string or cabby.entities.ContentBinding) – content binding for a content

  • collection_names (list) – destination collection names

  • timestamp (datetime) – timestamp label of the content block (current UTC time by default)

  • uri (str) – URI path to a specific Inbox Service

Raises

  • ValueError – if URI provided is invalid or schema is not supported

  • cabby.exceptions.HTTPError – if HTTP error happened

  • cabby.exceptions.UnsuccessfulStatusError – if Status Message received and status_type is not SUCCESS

  • cabby.exceptions.ServiceNotFoundError – if no service found

  • cabby.exceptions.AmbiguousServicesError – more than one service with type specified

  • cabby.exceptions.NoURIProvidedError – no URI provided and client can’t discover services

Returns

STIX object from python-stix

Return type

stix.core.stix_package.STIXPackage

uploadFile(filename: str, FILE: _io.StringIO)

Upload file to search list

Parameters

  • filename (str) – Name of the file you’re uploading

  • FILE (StringIO) – File-like object

Returns

Return the response

Return type

request.Response: