Links API Support#98
Closed
hudson-woomer wants to merge 81 commits into
Closed
Conversation
Test for Google SOAR
Additional files
Team name update
This is a Github actions workflow to publish via a trusted publisher account to pypi.
…l-patch-1 Create release.yml
updated environment variable release name
Playbook Alerts and Analyst Notes Markdown.
Fixes - Remove the “guessing” of the endpoint, preferring a mapped PBA type to endpoint - Remove the generic markdown “this alert is not supported yet” - PSengine will still search for all the alerts but will filter out the types it doesnt recognize - Remove the PBA_Generic from the types of alert returned. The ADT will still be used by other ADT but will not be exposed in public facing methods. Malware PBA - Add malware pba markdown PBA Update - PBA update method to support pba IDs to update along with PBA ADT PBA Pagination - Fix the pagination method which is not returning all the fields
docs only
* PSF-1001 - add organization * PSF-1085 - add rel time and test * PSF-1002 - soar endpoint and limit decrease * version and changelog * PSF-1073 - fix markdown for non mandatory fields * changelog * PSF-1012 - fix geopol markdown of events * ruff * PSF-972 - add match in ValueError tests * docstring change * PSF-950 - change to validator and tests * PSF-1085 - moved to validator * Makefile change min coverage * ruff * typo * deleted files * change ca example and md * update ca md * update docs detection relative time * ruff * [ci skip] changelog date * remove examples from typos * typo in regex test * PSF-887: add links method * gitignore fix * ruff format * ernest - code review tweaks * changelog pre merge --------- Co-authored-by: ebartosevic <ernest.bartosevic@recordedfuture.com>
* starting fusion module * mocking tests * client update header * PSF-919 - add fusion tests and endpoints * add permission error test * fusion api docs * mkdocs * fusion docs examples * typo * fusion docs in mkdocs * ruff * PSF-1088 - adding malware report * PSF-1088 - fix model and manager * PSF-1088 - adt * PSF-1088 - docstring * PSF-1088 - docs * PSF-1088 - MalwareReportIn validation * ruff * PSF-1088 - model fix * PSF-1088 - change default_factory for better accessability * PSF-1088 - change default_factory for better accessability * PSF-1098 - fix model * PSF-1098 - tests and adt fix * PSF-1098 - adt __hash__ fix * analyst note change docstring * PSF-1120: risk history started * PSF-1120: risk history tests and api docs * PSF-1120: risk history docs started * PSF-1126 switch to subject field * examples * ruff * PSF-1099 model renames * add model exports for easy access outside modules * ruff * readme * changelog and version --------- Co-authored-by: ebartosevic <ernest.bartosevic@recordedfuture.com>
* Add CVSSv4 field for vulnerability enrichment * Format * change cvssv4 version to str * version bump + changelog --------- Co-authored-by: ebartosevic <ernest.bartosevic@recordedfuture.com>
* dedup of entities * str test to check for dedups * scanner model * fix tagged_text analyst notes * changelogs and verison * tests on not found entity deduplication * changelog tweaks * version * scanner field * test fix --------- Co-authored-by: ebartosevic <ernest.bartosevic@recordedfuture.com>
* model fix * changelog and version
* PSF-1180 minimal dev token changes * PSF-1180 cleaner regex * PSF-1186 pba mgr search to use offset for pagination * PSF-1179 len check before pagination + test fixes * changelog + version bump * PSF-1197 - malware report end_date optional * PSF-1180 - fix regex * PSF-1193 - started implementing fix * PSF-1193 - started testing fix * PSF-1193 - documenting testing functions * changelog * DetectioMgr.search correctly set limit * bump changelog date --------- Co-authored-by: mmedici <moise.medici@recordedfuture.com>
* PSF-1204 remove duplicated version and source it from _version.py * PSF-1222 PBA panel_status: alert_rule model, pass 1 * PSF-1204 drop dynamic version from toml * PSF-1222 finalised alert_rule model * fix: PSF-1228 geopol pba event url to str * PSF-1223 use alert_rule in markdown (fallback to label)+ test updates * PSF-1227 PBA fetch_bulk() does not ignore alerts_per_page for bulk lookup calls * ruff * 2.4.2 changelog --------- Co-authored-by: dmartinson <drew.martinson@recordedfuture.com> Co-authored-by: mmedici <moise.medici@recordedfuture.com>
### Added - Added support for Python 3.14 - `PlaybookAlertMgr.search` now supports filter for a single or a list of organisations. - `TimeHelpers.rel_time_to_date` now supports a starting time from where the math begins. If not specified it will be the UTC execution time. - `TimeHelpers.rel_time_to_date` now supports increment calculation, with `+1h`. - `TimeHelpers.rel_time_to_date` now supports increment or decrement of minutes with `+10m` or `-10m`. - Added `malware_intel.AutoYaraMgr` and `malware_intel.AutoSigmaMgr` managers to interact with auto-yara and auto-sigma APIs. - `ClassicAlertMgr.fetch` and `ClassicAlertMgr.fetch_bulk` now allow to fetch images directly via the `fetch_images` argument. Defaults to `False`. - `AnalystNote` model now supports `is_threat_actor` field. ### Fixed - `playbook_alerts.helpers.save_pba_images` now allow for all alert types that support images. - `IdentityMgr.fetch_incident_report` now support a single string `organization_id` field. ### Changed - `IdentityMgr` methods now support 1000 maximum identities returned instead of 500. ### Removed - Removed support for Python 3.9 --------- Co-authored-by: ebartosevic <ernest.bartosevic@recordedfuture.com> Co-authored-by: dmartinson <drew.martinson@recordedfuture.com>
hudson-woomer
force-pushed
the
links-api-support
branch
from
07a6af2 to
94d2392
Compare
Collaborator
Author
|
updated and removed files as requested. |
Collaborator
Author
|
submitting again for links support. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Support for the Links API completed.