msticpy.context.tiproviders.intsights module
Intsights Provider.
Input can be a single IoC observable or a pandas DataFrame containing multiple observables. Processing may require a an API key and processing performance may be limited to a specific number of requests per minute for the account type that you have.
- class msticpy.context.tiproviders.intsights.IntSights(**kwargs)
Bases:
HttpTIProvider
IntSights Lookup.
Initialize a new instance of the class.
- property ioc_query_defs: Dict[str, Any]
Return current dictionary of IoC query/request definitions.
- Returns
IoC query/request definitions keyed by IoCType
- Return type
Dict[str, Any]
- classmethod is_known_type(ioc_type: str) bool
Return True if this a known IoC Type.
- Parameters
ioc_type (str) – IoCType string to test
- Returns
True if known type.
- Return type
bool
- is_supported_type(ioc_type: Union[str, IoCType]) bool
Return True if the passed type is supported.
- Parameters
ioc_type (Union[str, IoCType]) – IoC type name or instance
- Returns
True if supported.
- Return type
bool
- lookup_ioc(ioc: str, ioc_type: str = None, query_type: str = None, **kwargs) LookupResult
Lookup a single item.
- Parameters
ioc (str) – Item value to lookup
ioc_type (str, optional) – The Type of the value to lookup, by default None (type will be inferred)
query_type (str, optional) – Specify the data subtype to be queried, by default None. If not specified the default record type for the item_value will be returned.
- Returns
The lookup result: result - Positive/Negative, details - Lookup Details (or status if failure), raw_result - Raw Response reference - URL of the item
- Return type
- Raises
NotImplementedError – If attempting to use an HTTP method or authentication protocol that is not supported.
Notes
Note: this method uses memoization (lru_cache) to cache results for a particular observable to try avoid repeated network calls for the same item.
- lookup_iocs(data: Union[DataFrame, Dict[str, str], Iterable[str]], obs_col: Optional[str] = None, ioc_type_col: Optional[str] = None, query_type: Optional[str] = None, **kwargs) DataFrame
Lookup collection of IoC observables.
- Parameters
data (Union[pd.DataFrame, Dict[str, str], Iterable[str]]) – Data input in one of three formats: 1. Pandas dataframe (you must supply the column name in obs_col parameter) 2. Dict of observable, IoCType 3. Iterable of observables - IoCTypes will be inferred
obs_col (str, optional) – DataFrame column to use for observables, by default None
ioc_type_col (str, optional) – DataFrame column to use for IoCTypes, by default None
query_type (str, optional) – Specify the data subtype to be queried, by default None. If not specified the default record type for the IoC type will be returned.
- Returns
DataFrame of results.
- Return type
pd.DataFrame
- async lookup_iocs_async(data: Union[DataFrame, Dict[str, str], Iterable[str]], obs_col: Optional[str] = None, ioc_type_col: Optional[str] = None, query_type: Optional[str] = None, **kwargs) DataFrame
Lookup collection of IoC observables.
- Parameters
data (Union[pd.DataFrame, Dict[str, str], Iterable[str]]) – Data input in one of three formats: 1. Pandas dataframe (you must supply the column name in obs_col parameter) 2. Dict of observable, IoCType 3. Iterable of observables - IoCTypes will be inferred
obs_col (str, optional) – DataFrame column to use for observables, by default None
ioc_type_col (str, optional) – DataFrame column to use for IoCTypes, by default None
query_type (str, optional) – Specify the data subtype to be queried, by default None. If not specified the default record type for the IoC type will be returned.
- Returns
DataFrame of results.
- Return type
pd.DataFrame
- property name: str
Return the name of the provider.
- parse_results(response: LookupResult) Tuple[bool, ResultSeverity, Any]
Return the details of the response.
- Parameters
response (LookupResult) – The returned data response
- Returns
bool = positive or negative hit ResultSeverity = enumeration of severity Object with match details
- Return type
Tuple[bool, ResultSeverity, Any]
- static resolve_ioc_type(observable: str) str
Return IoCType determined by IoCExtract.
- Parameters
observable (str) – IoC observable string
- Returns
IoC Type (or unknown if type could not be determined)
- Return type
str
- property supported_types: List[str]
Return list of supported IoC types for this provider.
- Returns
List of supported type names
- Return type
List[str]
- classmethod usage()
Print usage of provider.