msticpy.context.preprocess_observable module
Module for TILookup classes.
Input can be a single IoC observable or a pandas DataFrame containing multiple observables. Processing may require a an API key and processing performance may be limited to a specific number of requests per minute for the account type that you have.
- class msticpy.context.preprocess_observable.PreProcessor
Bases:
object
Observable pre-processing class.
Initialize the processor dictionary.
- add_check(value_type: str, checker: Callable[[...], SanitizedObservable]) None
Add a new checker to the processors.
- check(value: str, value_type: str, *, require_url_encoding: bool = False) SanitizedObservable
Apply processing checks to the input value.
- Parameters:
value (str) – The value to be checked.
value_type (str) – The type of value to be checked.
require_url_encoding (bool, Optional) – If true, apply URL encoding. Only applicable for URL observables.* Defaults to False.
- Returns:
Named tuple with two members:
observable - with the pre-processed result, This is set to None if a check fails.
status - this is set to “ok” if the checks completed. Otherwise, it has an error message.
- Return type:
- property processors: dict[str, list[str | CheckerType]]
Return _processors value.
- msticpy.context.preprocess_observable.get_schema_and_host(url: str, *, require_url_encoding: bool = False) tuple[str | None, str | None, str | None]
Return URL scheme and host and cleaned URL.
- Parameters:
url (str) – Input URL
require_url_encoding (bool) – Set to True if url needs encoding. Default is False.
- Returns:
tuple of URL, scheme, host
- Return type:
tuple[Optional[str], Optional[str], Optional[str]
- msticpy.context.preprocess_observable.preprocess_observable(observable: str, ioc_type: str, *, require_url_encoding: bool = False) SanitizedObservable
Preprocess and check validity of observable against declared IoC type.
- Parameters:
observable (_type_) – the value of the observable
ioc_type (_type_) – The type of observable
require_url_encoding (bool, optional) – If the observable needs URL-encoding (URL types only), by default False
- Returns:
Named tuple with two members:
- observable - with the pre-processed result,
This is set to None if a check fails.
- status - this is set to “ok” if the checks completed.
Otherwise, it has an error message.
- Return type: