Comments (12)
The new version is on the branch develop
: https://github.com/TheHive-Project/TheHive4py/tree/develop
It's not released yet on pip. It will come with version 2.0
Note that the current version of the client is still compatible with TheHive 5 as the compatibility with the APIs v0 were kept.
from thehive-feedback.
Type and Source are displayed in the same cell to gain on width, otherwise users would need a very large screen to display all the columns.
- O = Occured date =
date
field in alert - C = Created = metadata field
_createdAt
, set when the entity is created - U = Update = metadata field
_updatedAt
set when the entity is updated
from thehive-feedback.
I am going to start to test it today. Thanks.
from thehive-feedback.
@vdebergue I installed from the developer branch, then created a service user account.
I am getting this error:
from pathlib import Path
from typing import List
from thehive4py.client import TheHiveApi
from thehive4py.errors import TheHiveError
from thehive4py.query.filters import Eq
from thehive4py.query.sort import Asc
from thehive4py.types.alert import InputBulkUpdateAlert, InputUpdateAlert, OutputAlert
from thehive4py.types.case import OutputCase
from thehive4py.types.observable import InputObservable
thehive = TheHiveApi(
url='http://192.168.2.17:9001',
username="[email protected]",
apikey='xHlTQTDZj3Wd6e5LfqSnSllXuH/I97y1',
verify = False
)
try:
created_alert = thehive.alert.create(
{
"title": "my first alert",
"description": "...",
"type": "test",
"source": "test",
"sourceRef": "first",
"externalLink": "http://",
"date": 123,
"tags": ["whatever"],
}
)
fetched_alert = thehive.alert.get(created_alert["_id"])
assert created_alert == fetched_alert
except TheHiveError as hep:
print(hep)
Generic error, not sure what it means ...
A client error occurred on POST /api/v1/alert :
User configuration
from thehive-feedback.
Your script worked on my instance with the develop branch.
Do you have more details on the exception that is thrown ?
Also can you try the following curl to see if your instance can be accessed with your parameters ?
curl -v -H 'Authorization: Bearer xHlTQTDZj3Wd6e5LfqSnSllXuH/I97y1' "http://192.168.2.17:9001/api/v1/alert" -H 'Content-Type: application/json' --data '
{
"title": "my first alert",
"description": "...",
"type": "test",
"source": "test",
"sourceRef": "first",
"externalLink": "http://",
"date": 123,
"tags": ["whatever"],
}
'
from thehive-feedback.
Ops my bad port 9001 was pointing to Cortex not to Hive as I got confused.
This is all working now, but I noticed a small glitch in the UI
Type and Source columns are sort of merged into one cell.
{
"title": "auto alert",
"description": "a description here",
"type": "alert_type",
"source": "ava_bot",
"sourceRef": "123456789",
"externalLink": "http://xyz.priam.ai/123456789",
"date": now_to_ts(),
"severity":4,
"flag":True,
"status":"New",
"tlp":0,
"pap":0,
"summary":"this is a summary",
"tags": ["a","b","c"],
}
Also just as a reminder:
- O: opened?
- C: created?
- U: modified?
I didn't open the alert yet but it has the same date as C, is this by design?
I forgot what does the Flag field indicate if set to True?
from thehive-feedback.
Would also be nice to have example code to include the customFields in the alert creation.
from thehive-feedback.
What about the search functionality it seems to all reside in this now:
/api/v1/docs/index.html#tag/Search
but it doesn't explain the query string.
Curious to see how can I search and filter through alerts and cases.
from thehive-feedback.
If you want to list and filter alerts and cases, I recommend that you use the Query api instead: https://docs.strangebee.com/thehive/api-docs/#operation/Query%20API
This api is used by the frontend to display the lists of elements. You can always make your query in the frontend using the UI elements and copy/adapt the network request that is made.
The search api is more of a vestige of version 4 and is not really used by the UI anymore: it allows to search with a string on all elements of the database
from thehive-feedback.
Thanks for the pointer, so I am looking at the python class:
https://github.com/TheHive-Project/TheHive4py/blob/develop/thehive4py/query/__init__.py
However I cannot find a query method in the client yet.
Should I use the REST API for now until the python library is more complete?
Cheers!
from thehive-feedback.
you have some example in the tests:
https://github.com/TheHive-Project/TheHive4py/blob/develop/tests/test_case_endpoint.py#L229-L236=
This would need more documentation but the .find(...)
methods should be working and allow you to filter and sort the entities.
from thehive-feedback.
That was an embarrassing CTRL+F fail, I was searching for "search" instead of find.
Yes all good.
from thehive-feedback.
Related Issues (20)
- [Bug] UI doesn't display list of cases and alerts after migrating from v4.1.21 (Docker) HOT 8
- Proxy settings defaulting to port 3128 [Bug] HOT 2
- THeHive5 LDAP Requests Issue[Bug] HOT 37
- [Bug] Migration 4 to 5 hangs HOT 1
- [Bug] Custom fields sort alphabetically and not how arranged in case template
- [Bug] Problem when merginc case by title HOT 1
- [Bug] Issue exporting cases to MISP HOT 10
- Dark Mode[Feature Request] HOT 1
- [Bug] Unable to remove custom fields in alert context
- [Feature Request] Implement an option to make comment upon alert closure mandatory or not
- [Feature Request] Move custom fields to the top of the case / alert HOT 1
- [Bug] Analyzer reports surpressed for IP type IOCs
- [Feature Request] On the Case timeline "Add Custom Event" does not show the description text in the Timeline HOT 1
- [Feature Request] Make Timeline List view in Cases selectable by default
- [Bug] Missing webhooks for Tasks
- [Bug]
- [Bug]
- [Feature Request] enable usage of aws keyspace HOT 1
- [Feature Request] Incorporate MITRE map or json export for selected TTP's in a case HOT 1
- Example code for custom fields HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from thehive-feedback.