import requests class IrisClient: def __init__(self, url: str, token: str): self.url = url self.token = token self.post_headers = {"Authorization": f"Bearer {self.token}", "content-type": "application/json"} def alert(self, body: dict): resp = requests.post(f"{self.url}/alerts/add", headers=self.post_headers, json=body, verify=False) if resp.status_code != 200: print(resp) return -1 resp = resp.json() if resp["status"] != "success": print(resp["message"]) return -1 print(f"Success: {resp}") return resp["data"] def case_new(self, ip: str, brief_desc: str): body = { "case_soc_id": "SOC_1", "case_customer": 1, "case_name": f"{ip} - WEB", "case_description": f"Case trigger: {brief_desc}" } resp = requests.post(f"{self.url}/manage/cases/add", headers=self.post_headers, json=body, verify=False) if resp.status_code != 200: print(resp) return -1 resp = resp.json() if resp["status"] != "success": print(resp["message"]) return -1 print(f"Success: {resp}") return resp["data"] def cases_list(self): resp = requests.get(f"{self.url}/manage/cases/list", headers=self.post_headers, verify=False) if resp.status_code != 200: print(resp) return -1 resp = resp.json() if resp["status"] != "success": print(f"Not successful: {resp}") return -1 return resp["data"] def merge_alert_to_case(self, alert: int, case: int, iocs: list): body = { "iocs_import_list": iocs.copy(), "assets_import_list": [], "note": "auto-triggered event.", "import_as_event": True, "target_case_id": str(case), } resp = requests.post(f"{self.url}/alerts/merge/{alert}", headers=self.post_headers, verify=False, json=body) if resp.status_code != 200: print(resp.text) return -1 resp = resp.json() if resp["status"] != "success": print(f"Not successful: {resp}") return -1 return resp["data"]