0x221E/siem-integrations
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
siem-integrations/iris_api.py

84 lines
2.3 KiB
Python
Raw Permalink Blame History

import requests
class IrisClient:
def __init__(self, url: str, token: str):
self.url = url
self.token = token
self.post_headers = {"Authorization": f"Bearer {self.token}", "content-type": "application/json"}
def alert(self, body: dict):
resp = requests.post(f"{self.url}/alerts/add", headers=self.post_headers, json=body, verify=False)
if resp.status_code != 200:
print(resp)
return -1
resp = resp.json()
if resp["status"] != "success":
print(resp["message"])
return -1
print(f"Success: {resp}")
return resp["data"]
def case_new(self, case_name, brief_desc: str):
body = {
"case_soc_id": "SOC_1",
"case_customer": 1,
"case_name": case_name,
"case_description": f"Case trigger: {brief_desc}"
}
resp = requests.post(f"{self.url}/manage/cases/add", headers=self.post_headers, json=body, verify=False)
if resp.status_code != 200:
print(resp)
return -1
resp = resp.json()
if resp["status"] != "success":
print(resp["message"])
return -1
print(f"Success: {resp}")
return resp["data"]
def cases_list(self):
resp = requests.get(f"{self.url}/manage/cases/list", headers=self.post_headers, verify=False)
if resp.status_code != 200:
print(resp)
return -1
resp = resp.json()
if resp["status"] != "success":
print(f"Not successful: {resp}")
return -1
return resp["data"]
def merge_alert_to_case(self, alert: int, case: int, iocs: list):
body = {
"iocs_import_list": iocs.copy(),
"assets_import_list": [],
"note": "auto-triggered event.",
"import_as_event": True,
"target_case_id": str(case),
}
resp = requests.post(f"{self.url}/alerts/merge/{alert}", headers=self.post_headers, verify=False, json=body)
if resp.status_code != 200:
print(resp.text)
return -1
resp = resp.json()
if resp["status"] != "success":
print(f"Not successful: {resp}")
return -1
return resp["data"]
Reference in New Issue View Git Blame Copy Permalink