msticpy.context.tiproviders.lookup_result module

Lookup Result and Status classes.

class msticpy.context.tiproviders.lookup_result.LookupResult(ioc: str, ioc_type: str, sanitized_value: str = '', query_subtype: Optional[str] = None, provider: Optional[str] = None, result: bool = False, severity: int = 0, details: Optional[Any] = None, raw_result: Optional[Union[str, dict]] = None, reference: Optional[str] = None, status: int = 0)

Bases: object

Lookup result for IoCs.

Method generated by attrs for class LookupResult.

classmethod column_map()

Return a dictionary that maps fields to DF Names.

details: Any

ioc: str

ioc_type: str

provider: Optional[str]

query_subtype: Optional[str]

raw_result: Optional[Union[str, dict]]

property raw_result_fmtd

Print raw results of the Lookup Result.

reference: Optional[str]

result: bool

property safe_ioc: str

Return sanitized value.

sanitized_value: str

set_severity(value: Any)

Set the severity from enum, int or string.

Parameters

value (Any) – The severity value to set

severity: int

property severity_name: str

Return text description of severity score.

Returns

Severity description.

Return type

str

status: int

property summary

Print a summary of the Lookup Result.

property value: str

Return lookup value.

property value_type: str

Return lookup value type.

class msticpy.context.tiproviders.lookup_result.LookupStatus(value)

Bases: Enum

Threat intelligence lookup status.

BAD_FORMAT = 2

NOT_SUPPORTED = 1

NO_DATA = 4

OK = 0

OTHER = 10

QUERY_FAILED = 3

class msticpy.context.tiproviders.lookup_result.SanitizedObservable(observable, status)

Bases: tuple

Create new instance of SanitizedObservable(observable, status)

count(value, /)

Return number of occurrences of value.

index(value, start=0, stop=9223372036854775807, /)

Return first index of value.

Raises ValueError if the value is not present.

observable

Alias for field number 0

status

Alias for field number 1