Merge pull request #269 from TheHive-Project/feature/alert-promotion

Add parameters to method alert.promote_to_case()
TheHive-Project · Jan 13, 2023 · a527e6d · a527e6d
2 parents 0593e35 + e47d5f5
commit a527e6d
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 3 deletions.
diff --git a/tests/test_alert_endpoint.py b/tests/test_alert_endpoint.py
@@ -72,9 +72,12 @@ def test_follow_and_unfollow(self, thehive: TheHiveApi, test_alert: OutputAlert)
     def test_promote_to_case(self, thehive: TheHiveApi, test_alert: OutputAlert):
         alert_id = test_alert["_id"]
 
-        case_from_alert = thehive.alert.promote_to_case(alert_id=alert_id)
+        case_from_alert = thehive.alert.promote_to_case(
+            alert_id=alert_id, fields={"title": "promoted title"}
+        )
         promoted_alert = thehive.alert.get(alert_id=alert_id)
         assert promoted_alert.get("caseId") == case_from_alert["_id"]
+        assert promoted_alert["title"] != case_from_alert["title"]
 
     def test_merge_into_case(
         self, thehive: TheHiveApi, test_alert: OutputAlert, test_case: OutputCase

diff --git a/thehive4py/endpoints/alert.py b/thehive4py/endpoints/alert.py
@@ -10,6 +10,7 @@
     InputAlert,
     InputBulkUpdateAlert,
     InputUpdateAlert,
+    InputPromoteAlert,
     OutputAlert,
 )
 from thehive4py.types.case import OutputCase
@@ -59,11 +60,13 @@ def follow(self, alert_id: str) -> None:
     def unfollow(self, alert_id: str) -> None:
         self._session.make_request("POST", path=f"/api/v1/alert/{alert_id}/unfollow")
 
-    def promote_to_case(self, alert_id: str) -> OutputCase:
+    def promote_to_case(
+        self, alert_id: str, fields: InputPromoteAlert = {}
+    ) -> OutputCase:
         return self._session.make_request(
             "POST",
             path=f"/api/v1/alert/{alert_id}/case",
-            json={"placholder": ""},  # TODO: replace with optional body definition
+            json=fields,
         )
 
     def create_observable(

diff --git a/thehive4py/types/alert.py b/thehive4py/types/alert.py
@@ -2,6 +2,8 @@
 
 from thehive4py.types.custom_field import InputCustomFieldValue, OutputCustomFieldValue
 from thehive4py.types.observable import InputObservable
+from thehive4py.types.share import InputShare
+from thehive4py.types.task import InputTask
 
 
 class InputAlertRequired(TypedDict):
@@ -88,3 +90,24 @@ class InputUpdateAlert(TypedDict, total=False):
 
 class InputBulkUpdateAlert(InputUpdateAlert):
     ids: List[str]
+
+
+class InputPromoteAlert(TypedDict, total=False):
+    title: str
+    description: str
+    severity: int
+    startDate: int
+    endDate: int
+    tags: List[str]
+    flag: bool
+    tlp: int
+    pap: int
+    status: str
+    summary: str
+    assignee: str
+    customFields: List[InputCustomFieldValue]
+    caseTemplate: str
+    tasks: List[InputTask]
+    sharingParameters: List[InputShare]
+    taskRule: str
+    observableRule: str