Merge branch 'release/1.4.0'

CHANGELOG.md

@@ -0,0 +1,133 @@
+# Change Log
+
+## [Unreleased](https://github.com/CERT-BDF/TheHive4py/tree/HEAD)
+
+[Full Changelog](https://github.com/CERT-BDF/TheHive4py/compare/1.3.1...HEAD)
+
+**Implemented enhancements:**
+
+- Provide just the template name when creating a case from a template [\#45](https://github.com/CERT-BDF/TheHive4py/issues/45)
+- Add support of custom fields to the case model [\#39](https://github.com/CERT-BDF/TheHive4py/issues/39)
+- Case helper [\#37](https://github.com/CERT-BDF/TheHive4py/pull/37) ([npratley](https://github.com/npratley))
+
+**Fixed bugs:**
+
+- Error updating case [\#51](https://github.com/CERT-BDF/TheHive4py/issues/51)
+
+**Closed issues:**
+
+- Add a query builder capabilities [\#49](https://github.com/CERT-BDF/TheHive4py/issues/49)
+- Run Cortex analyzer through api [\#40](https://github.com/CERT-BDF/TheHive4py/issues/40)
+- Update case [\#5](https://github.com/CERT-BDF/TheHive4py/issues/5)
+
+**Merged pull requests:**
+
+- Added missing attributes to the Case class. [\#50](https://github.com/CERT-BDF/TheHive4py/pull/50) ([npratley](https://github.com/npratley))
+- Added the functionality to run a Cortex analyzer on an observable [\#44](https://github.com/CERT-BDF/TheHive4py/pull/44) ([alexgoedeke](https://github.com/alexgoedeke))
+- Added get\_task\_logs method [\#42](https://github.com/CERT-BDF/TheHive4py/pull/42) ([billmurrin](https://github.com/billmurrin))
+- Added a method to update a case. [\#41](https://github.com/CERT-BDF/TheHive4py/pull/41) ([npratley](https://github.com/npratley))
+
+## [1.3.1](https://github.com/CERT-BDF/TheHive4py/tree/1.3.1) (2017-09-17)
+[Full Changelog](https://github.com/CERT-BDF/TheHive4py/compare/1.3.0...1.3.1)
+
+**Fixed bugs:**
+
+- Basic auth doesn't work with version 1.3.0 [\#38](https://github.com/CERT-BDF/TheHive4py/issues/38)
+
+## [1.3.0](https://github.com/CERT-BDF/TheHive4py/tree/1.3.0) (2017-09-15)
+[Full Changelog](https://github.com/CERT-BDF/TheHive4py/compare/1.2.3...1.3.0)
+
+**Implemented enhancements:**
+
+- Allow specifying range to return \> 10 cases, observables, etc., [\#30](https://github.com/CERT-BDF/TheHive4py/issues/30)
+- fix two cases of bad indentation in exception handling code [\#26](https://github.com/CERT-BDF/TheHive4py/pull/26) ([Rolinh](https://github.com/Rolinh))
+- fix default severity level of an alert [\#25](https://github.com/CERT-BDF/TheHive4py/pull/25) ([Rolinh](https://github.com/Rolinh))
+
+**Fixed bugs:**
+
+- certificate verify option not included in create\_case\_task [\#27](https://github.com/CERT-BDF/TheHive4py/issues/27)
+
+**Closed issues:**
+
+- Add an API method to create users [\#33](https://github.com/CERT-BDF/TheHive4py/issues/33)
+- Feature Request - Task Log Template/Boilerplate Text [\#32](https://github.com/CERT-BDF/TheHive4py/issues/32)
+- Add support to authentication by API key [\#36](https://github.com/CERT-BDF/TheHive4py/issues/36)
+- Add a find\_alerts method to search for alerts [\#31](https://github.com/CERT-BDF/TheHive4py/issues/31)
+
+**Merged pull requests:**
+
+- Added verify parameter to calls [\#28](https://github.com/CERT-BDF/TheHive4py/pull/28) ([billmurrin](https://github.com/billmurrin))
+
+## [1.2.3](https://github.com/CERT-BDF/TheHive4py/tree/1.2.3) (2017-07-20)
+[Full Changelog](https://github.com/CERT-BDF/TheHive4py/compare/1.2.2...1.2.3)
+
+**Implemented enhancements:**
+
+- Adding option for an Internal CA  [\#24](https://github.com/CERT-BDF/TheHive4py/issues/24)
+
+**Merged pull requests:**
+
+- Find first [\#23](https://github.com/CERT-BDF/TheHive4py/pull/23) ([3c7](https://github.com/3c7))
+
+## [1.2.2](https://github.com/CERT-BDF/TheHive4py/tree/1.2.2) (2017-07-06)
+[Full Changelog](https://github.com/CERT-BDF/TheHive4py/compare/1.2.1...1.2.2)
+
+**Fixed bugs:**
+
+- Remove print calls from TheHiveApi.find\_cases method [\#22](https://github.com/CERT-BDF/TheHive4py/issues/22)
+
+## [1.2.1](https://github.com/CERT-BDF/TheHive4py/tree/1.2.1) (2017-06-29)
+[Full Changelog](https://github.com/CERT-BDF/TheHive4py/compare/1.2.0...1.2.1)
+
+**Fixed bugs:**
+
+- Fix the issue related to wrong base64 decoding when creating alerts [\#20](https://github.com/CERT-BDF/TheHive4py/issues/20)
+- python-magic dependency not in setup.py [\#19](https://github.com/CERT-BDF/TheHive4py/issues/19)
+- "future" dependency not documented in requirements.txt [\#18](https://github.com/CERT-BDF/TheHive4py/issues/18)
+
+**Merged pull requests:**
+
+- Install python-magic package on setup [\#16](https://github.com/CERT-BDF/TheHive4py/pull/16) ([ilyaglow](https://github.com/ilyaglow))
+
+## [1.2.0](https://github.com/CERT-BDF/TheHive4py/tree/1.2.0) (2017-05-12)
+[Full Changelog](https://github.com/CERT-BDF/TheHive4py/compare/1.1.1...1.2.0)
+
+**Closed issues:**
+
+- Add the ability to create a TheHive alert [\#13](https://github.com/CERT-BDF/TheHive4py/issues/13)
+
+**Merged pull requests:**
+
+- Added ability to find tasks by caseId [\#11](https://github.com/CERT-BDF/TheHive4py/pull/11) ([AverageS](https://github.com/AverageS))
+
+## [1.1.1](https://github.com/CERT-BDF/TheHive4py/tree/1.1.1) (2017-05-11)
+[Full Changelog](https://github.com/CERT-BDF/TheHive4py/compare/1.1.0...1.1.1)
+
+**Fixed bugs:**
+
+- Use basic auth when calling TheHive apis [\#14](https://github.com/CERT-BDF/TheHive4py/issues/14)
+
+## [1.1.0](https://github.com/CERT-BDF/TheHive4py/tree/1.1.0) (2017-03-23)
+[Full Changelog](https://github.com/CERT-BDF/TheHive4py/compare/1.0.1...1.1.0)
+
+**Implemented enhancements:**
+
+- Search for cases [\#4](https://github.com/CERT-BDF/TheHive4py/issues/4)
+- Add observables to a case [\#3](https://github.com/CERT-BDF/TheHive4py/issues/3)
+
+## [1.0.1](https://github.com/CERT-BDF/TheHive4py/tree/1.0.1) (2017-03-08)
+[Full Changelog](https://github.com/CERT-BDF/TheHive4py/compare/1.0.0...1.0.1)
+
+**Fixed bugs:**
+
+- Issue creating a cases without metrics and without case template [\#8](https://github.com/CERT-BDF/TheHive4py/issues/8)
+
+## [1.0.0](https://github.com/CERT-BDF/TheHive4py/tree/1.0.0) (2017-03-08)
+**Closed issues:**
+
+- 2nd typo in setup.py [\#2](https://github.com/CERT-BDF/TheHive4py/issues/2)
+- Typo in setup.py [\#1](https://github.com/CERT-BDF/TheHive4py/issues/1)
+
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

samples/test-case-create.py

@@ -9,19 +9,32 @@
 import json
 import time
 from thehive4py.api import TheHiveApi
-from thehive4py.models import Case, CaseTask
+from thehive4py.models import Case, CaseTask, CustomFieldHelper
 
 api = TheHiveApi('http://127.0.0.1:9000', 'username', 'password', {'http': '', 'https': ''})
 
-
 # Prepare the sample case
 tasks = [
     CaseTask(title='Tracking'),
     CaseTask(title='Communication'),
     CaseTask(title='Investigation', status='Waiting', flag=True)
 ]
-# tasks = []
-case = Case(title='From TheHive4Py', tlp=3, flag=True, tags=['TheHive4Py', 'sample'], description='N/A', tasks=tasks)
+
+# Prepare the custom fields
+customFields = CustomFieldHelper()\
+    .add_boolean('booleanField', True)\
+    .add_string('businessImpact', 'HIGH')\
+    .add_date('occurDate', int(time.time())*1000)\
+    .add_number('cvss', 9)\
+    .build()
+
+case = Case(title='From TheHive4Py',
+            tlp=3,
+            flag=True,
+            tags=['TheHive4Py', 'sample'],
+            description='N/A',
+            tasks=tasks,
+            customFields=customFields)
 
 # Create the case
 print('Create Case')

samples/test-case-create__case-helper.py

@@ -0,0 +1,53 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from __future__ import print_function
+from __future__ import unicode_literals
+
+import json
+import sys
+import time
+
+from thehive4py.api import TheHiveApi
+from thehive4py.exceptions import CaseException
+from thehive4py.models import CaseTask
+
+thehive = TheHiveApi('http://127.0.0.1:9000', 'username', 'password', {'http': '', 'https': ''})
+
+
+# Prepare the sample case
+tasks = [
+    CaseTask(title='Tracking'),
+    CaseTask(title='Communication'),
+    CaseTask(title='Investigation', status='Waiting', flag=True)
+]
+# tasks = []
+
+# Create the case
+print('Create Case')
+print('-----------------------------')
+case = None
+try:
+    case = thehive.case.create(title='From TheHive4Py', description='N/A', tlp=3, flag=True,
+                           tags=['TheHive4Py', 'sample'], tasks=tasks)
+except CaseException as e:
+    print("Error creating case. {}".format(e))
+    sys.exit(1)
+
+# Print the details of the created case
+print(case.jsonify())
+
+# Add a new task to the created case
+print('Add a task {}'.format(case.id))
+print('-----------------------------')
+response = thehive.create_case_task(case.id, CaseTask(
+    title='Yet Another Task',
+    status='InProgress',
+    owner='nabil',
+    flag=True,
+    startDate=int(time.time())*1000))
+if response.status_code == 201:
+    print(json.dumps(response.json(), indent=4, sort_keys=True))
+    print('')
+else:
+    print('ko: {}/{}'.format(response.status_code, response.text))

samples/test-case-search.py

@@ -7,6 +7,7 @@
 import sys
 import json
 from thehive4py.api import TheHiveApi
+from thehive4py.query import *
 
 api = TheHiveApi('http://127.0.0.1:9000', 'username', 'password', {'http': '', 'https': ''})
 
@@ -24,15 +25,8 @@ def search(title, query, range, sort):
         sys.exit(0)
 
 
-search("List Amber cases", {"_field": "tlp", "_value": 2}, 'all', [])
-search("List White cases",
-       {
-           "_in": {
-               "_field": "tlp",
-               "_values": ["1", "3"]
-           }
-       },
-       'all',
-       ['+tlp']
-       )
-search("Case of title containing 'TheHive4Py'", {"_string": "title:'TheHive4Py'"}, 'all', [])
+search("List Amber cases", Eq('tlp', 2), 'all', [])
+search("List cases having some TLP values", In('tlp', [1, 3]), 'all', ['+tlp'])
+search("Case of title containing 'TheHive4Py'", String("title:'TheHive4Py'"), 'all', [])
+search("Closed cases, with tlp greater than or equal to Amber", And(Eq('status', 'Resolved'), Gte('tlp', 2), Gt('severity', 2)), '0-1', [])
+

samples/test-case-template.py

@@ -11,19 +11,9 @@
 
 api = TheHiveApi('http://127.0.0.1:9000', 'username', 'password', {'http': '', 'https': ''})
 
-# Get the template by it's name
-print('Fetch case template')
-print('-----------------------------')
-template = api.get_case_template('Phishing')
-
-caseTemplate = CaseTemplate(json=template)
-print(caseTemplate.jsonify())
-print('')
-
-
 print('Create case from template')
 print('-----------------------------')
-case = Case(title='From TheHive4Py based on the Phishing template', description='N/A', tlp=2, template=caseTemplate)
+case = Case(title='From TheHive4Py based on the Phishing template', description='N/A', tlp=2, template='Phishing')
 print(case.jsonify())
 
 print('Create Case')

samples/test-case-update.py

@@ -0,0 +1,26 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from thehive4py.api import TheHiveApi
+
+
+thehive = TheHiveApi('http://127.0.0.1:9000', 'username', 'password', {'http': '', 'https': ''})
+
+# Create a new case
+case = thehive.case.create(title='From TheHive4Py', description='N/A', tlp=3, flag=True,
+                           tags=['TheHive4Py', 'sample'], tasks=[])
+
+# Save the new case's ID for later use
+case_id = case.id
+
+# Change some attributes of the new case
+case.tlp = 1
+case.severity = 1
+case.flag = False
+
+# Update the case
+thehive.update_case(case)
+
+# Retrieve the case from the server and check the updated values
+new_case = thehive.case(case_id)
+print("Case ID {}\nTLP: {}, Severity: {}".format(new_case.id, new_case.tlp, new_case.severity))

setup.py

@@ -11,7 +11,7 @@
 
 setup(
     name='thehive4py',
-    version='1.3.1',
+    version='1.4.0',
     description='Python API client for TheHive.',
     long_description=read_md('README.md'),
     author='TheHive-Project',

tests/test_case.py

@@ -0,0 +1,39 @@
+import mock
+
+from thehive4py.api import TheHiveApi
+
+
+@mock.patch('thehive4py.api.requests.get')
+def test_get_case(mock_get):
+    thehive = TheHiveApi('http://127.0.0.1:9000', 'username', 'password', {'http': '', 'https': ''})
+
+    test_id = 'AV55EOIsPQ_zDQrlj4a9'
+    test_json = {
+        '_type': 'case',
+        'caseId': 5,
+        'createdAt': 1505269703195,
+        'createdBy': 'username',
+        'customFields': {},
+        'description': 'test description',
+        'flag': False,
+        'id': test_id,
+        'metrics': {},
+        'owner': 'username',
+        'severity': 2,
+        'startDate': 1505269703000,
+        'status': 'Open',
+        'tags': [],
+        'title': 'test case',
+        'tlp': 2,
+        'user': 'username'
+    }
+
+    mock_response = mock.Mock()
+    mock_response.json.return_value = test_json
+    mock_response.status_code = 200
+    mock_get.return_value = mock_response
+
+    case = thehive.case(test_id)
+
+    assert mock_response.json.call_count == 1
+    assert case.id == test_id