Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow file observable creation from memory #35

Closed
ninSmith opened this issue Sep 12, 2017 · 4 comments · Fixed by #135
Closed

Allow file observable creation from memory #35

ninSmith opened this issue Sep 12, 2017 · 4 comments · Fixed by #135
Labels
category:feature-request
Milestone
1.8.0

Comments

@ninSmith
Copy link

Request Type

Feature Request

Summary

Allow file observable creation from memory

Description

Currently, to create a file observable, it is needed to provide the path to the file to TheHive4py.
It would be nice to allow file observable creation from memory.
Basically, in some case, it is not well-designed to write the file to disk and then delete it "just" for observable creation.
@jojoob
Copy link

jojoob commented Nov 21, 2018

I've implemented this for creating task logs: kapschcdc@deac360
Maybe you can adopt it for observable creation.

@DarrenSykes
Copy link

DarrenSykes commented Feb 10, 2019
edited
Loading

It appears just to be a case of modifying models.py thus:

`class CaseObservable(JSONSerializable):
def init(self, **attributes):
if attributes.get('json', False):
attributes = attributes['json']
self.dataType = attributes.get('dataType', None)
self.message = attributes.get('message', None)
self.tlp = attributes.get('tlp', 2)
self.tags = attributes.get('tags', [])
self.ioc = attributes.get('ioc', False)
self.sighted = attributes.get('sighted', False)

    data = attributes.get('data', [])
    if self.dataType == 'file':
        if type(data[0]) is tuple:
            file,filename = data[0]

            #we've passed a file object, rather than a filename
            mimetype = magic.Magic(mime=True).from_buffer(file.read())

            file.seek(0)
            self.data = [{'attachment': (filename, file, mimetype)}]
        else:
            self.data = [{'attachment': (os.path.basename(data[0]), open(data[0], 'rb'), magic.Magic(mime=True).from_file(data[0]))}]
    else:
        self.data = data

`

@nadouani
Copy link
Contributor

Hello, could you make it a PR, verify it so that I can merge it ;)

Thanks

@PierreNei PierreNei mentioned this issue Apr 15, 2019
Closed
@jaredjennings jaredjennings mentioned this issue Dec 21, 2019
Closed
jaredjennings added a commit to jaredjennings/TheHive4py that referenced this issue Dec 21, 2019
@jaredjennings
support passing in a file-like object for case observable file attach…
25b5fd6 
…ments (TheHive-Project#35)
jaredjennings added a commit to jaredjennings/TheHive4py that referenced this issue Dec 22, 2019
@jaredjennings
support use of caller-provided file-like objects for alert artifacts …
6195478 
…of dataType file (TheHive-Project#35)
jaredjennings added a commit to jaredjennings/TheHive4py that referenced this issue Dec 24, 2019
@jaredjennings
support passing in a file-like object for case observable file attach…
7ca5872 
…ments (TheHive-Project#35)
jaredjennings added a commit to jaredjennings/TheHive4py that referenced this issue Dec 24, 2019
@jaredjennings
add a test for file case observables given using a file object (TheHi…
9f6bd09 
…ve-Project#35)
jaredjennings added a commit to jaredjennings/TheHive4py that referenced this issue Dec 24, 2019
@jaredjennings
support use of caller-provided file-like objects for alert artifacts …
299770c 
…of dataType file (TheHive-Project#35)
This was referenced Dec 24, 2019
Merged
Closed
jaredjennings added a commit to jaredjennings/TheHive4py that referenced this issue Dec 26, 2019
@jaredjennings
support use of caller-provided file-like objects for alert artifacts …
4bba0cb 
…of dataType file (TheHive-Project#35)
@ehooo
Copy link

ehooo commented Jan 13, 2020

I think could be a good idea allows also set the mime-type, cause in case of the "text files" the Magic is not working very good.

@nadouani nadouani added this to the 1.8.0 milestone Jun 3, 2020
nadouani pushed a commit that referenced this issue Nov 27, 2020
@jaredjennings
Pass in file-like objects for case observables (#135)
1c972dc 
* add a test that adds a file observable to a case

* support passing in a file-like object for case observable file attachments (#35)

* add a test for file case observables given using a file object (#35)

* fix StringIO construction on Python 2.7
@nadouani nadouani reopened this Nov 27, 2020
nadouani added a commit that referenced this issue Nov 27, 2020
@nadouani
#35 Allow using in-memory files when creating alerts with file observ…
8689dfb 
…ables
nadouani added a commit that referenced this issue Nov 27, 2020
@nadouani
#35 #35 Allow using in-memory files when creating task logs with file…
a8f1ba8 
… attachment
nadouani added a commit that referenced this issue Nov 27, 2020
@nadouani
#35 Allow using in-memory files when creating task logs with file att…
f105f2d 
…achment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
category:feature-request
Projects
None yet
Milestone
1.8.0
Development

Successfully merging a pull request may close this issue.

Pass in file-like objects for case observables jaredjennings/TheHive4py
5 participants
@nadouani @ehooo @jojoob @ninSmith @DarrenSykes