msticpy.context.http_provider module
HTTP Lookup base class.
Input can be a single item or a pandas DataFrame containing multiple items. Processing may require a an API key and processing performance may be limited to a specific number of requests per minute for the account type that you have.
- class msticpy.context.http_provider.APILookupParams(path: str = '', verb: str = 'GET', full_url: bool = False, headers: Dict[str, str] = _Nothing.NOTHING, params: Dict[str, str | int | float] = _Nothing.NOTHING, data: Dict[str, str] = _Nothing.NOTHING, auth_type: str = '', auth_str: List[str] = _Nothing.NOTHING, sub_type: str = '')
Bases:
object
HTTP Lookup Params definition.
Method generated by attrs for class APILookupParams.
- auth_str: List[str]
- auth_type: str
- data: Dict[str, str]
- full_url: bool
- headers: Dict[str, str]
- params: Dict[str, str | int | float]
- path: str
- sub_type: str
- verb: str
- class msticpy.context.http_provider.HttpProvider(**kwargs)
Bases:
Provider
HTTP Generic lookup provider base class.
For subclasses:
Define Base URL of the service
_BASE_URL = "https://my.api.org/"
Define query parameters for different item types (keys)
..code:: python
_QUERIES: Dict[str, APILookupParams] = {}
For example:
_QUERIES = { # Community API "ipv4": APILookupParams( path="/v3/community/{observable}", headers={"key": "{AuthKey}"}, ), # Enterprise API Quick Lookup "ipv4-quick": APILookupParams( ...
Define list of required __init__ params
_REQUIRED_PARAMS: List[str] = []
For example:
_REQUIRED_PARAMS = ["AuthKey"]
In __init__
Be sure to call
super().__init__(**kwargs)``
Supply any additional checkers/pre-processors with
See also
PreProcessor
,HttpTIProvider
Initialize the class.
- classmethod is_known_type(item_type: str) bool
Return True if this a known IoC Type.
- Parameters:
item_type (str) – IoCType string to test
- Returns:
True if known type.
- Return type:
bool
- is_supported_type(item_type: str | IoCType) bool
Return True if the passed type is supported.
- Parameters:
item_type (Union[str, Type]) – type name or instance
- Returns:
True if supported.
- Return type:
bool
- property item_query_defs: Dict[str, Any]
Return current dictionary of IoC query/request definitions.
- Returns:
IoC query/request definitions keyed by IoCType
- Return type:
Dict[str, Any]
- abstract lookup_item(item: str, item_type: str | None = None, query_type: str | None = None, **kwargs) DataFrame
Lookup from an item value.
- Parameters:
item (str) – item to lookup
item_type (str, optional) – The Type of the item to lookup, by default None (type will be inferred)
query_type (str, optional) – Specify the data subtype to be queried, by default None. If not specified the default record type for the item_value will be returned.
- Returns:
The lookup result: result - Positive/Negative, details - Lookup Details (or status if failure), raw_result - Raw Response reference - URL of the item
- Return type:
pd.DataFrame
- Raises:
NotImplementedError – If attempting to use an HTTP method or authentication protocol that is not supported.
Notes
Note: this method uses memoization (lru_cache) to cache results for a particular item to try avoid repeated network calls for the same item.
- lookup_items(data: DataFrame | Dict[str, str] | Iterable[str], item_col: str | None = None, item_type_col: str | None = None, query_type: str | None = None, **kwargs) DataFrame
Lookup collection of items.
- Parameters:
data (Union[pd.DataFrame, Dict[str, str], Iterable[str]]) – Data input in one of three formats: 1. Pandas dataframe (you must supply the column name in item_col parameter) 2. Dict of items 3. Iterable of items
item_col (str, optional) – DataFrame column to use for items, by default None
item_type_col (str, optional) – DataFrame column to use for types, by default None
query_type (str, optional) – Specify the data subtype to be queried, by default None. If not specified the default record type for the type will be returned.
- Returns:
DataFrame of results.
- Return type:
pd.DataFrame
- async lookup_items_async(data: DataFrame | Dict[str, str] | Iterable[str], item_col: str | None = None, item_type_col: str | None = None, query_type: str | None = None, **kwargs) DataFrame
Lookup collection of items.
- Parameters:
data (Union[pd.DataFrame, Dict[str, str], Iterable[str]]) – Data input in one of three formats: 1. Pandas dataframe (you must supply the column name in item_col parameter) 2. Dict of items, Type 3. Iterable of items - Types will be inferred
item_col (str, optional) – DataFrame column to use for items, by default None
item_type_col (str, optional) – DataFrame column to use for Types, by default None
query_type (str, optional) – Specify the data subtype to be queried, by default None. If not specified the default record type for the item will be returned.
- Returns:
DataFrame of results.
- Return type:
pd.DataFrame
- property name: str
Return the name of the provider.
- static resolve_item_type(item: str) str
Return Type determined by ItemExtract.
- Parameters:
item (str) – Item string
- Returns:
Type (or unknown if type could not be determined)
- Return type:
str
- property supported_types: List[str]
Return list of supported types for this provider.
- Returns:
List of supported type names
- Return type:
List[str]
- classmethod usage()
Print usage of provider.