o ɶdO@sddlmZddlmZddlmZddlmZmZddlm Z ddl m Z m Z ddl mZddlmZmZmZd d lmZed ZGd d d eZdS))absolute_import)requests)six)retrycircuit_breaker) BaseClient)get_config_value_or_defaultvalidate_config)Signer)Sentinel#get_signer_from_authentication_typeAUTHENTICATION_TYPE_FIELD_NAME) threat_intelligence_type_mappingZMissingc@s@eZdZdZddZddZddZdd Zd d Zd d Z dS)ThreatintelClienta Use the Threat Intelligence API to search for information about known threat indicators, including suspicious IP addresses, domain names, and other digital fingerprints. Threat Intelligence is a managed database of curated threat intelligence that comes from first party Oracle security insights, open source feeds, and vendor-procured data. For more information, see the [Threat Intelligence documentation](/iaas/Content/threat-intel/home.htm). c Kst||ddd|vr|d}n"t|vrt|}nt|d|d|d|dt|d|dd }d |d d d i|dd|dtj|dd}d|vrY|d|d<|dduretj|d<d|vrp|d|d<t d||t fi||_ |d|_ |d|_ dS)a Creates a new service client :param dict config: Configuration keys and values as per `SDK and Tool Configuration `__. The :py:meth:`~oci.config.from_file` method can be used to load configuration from a file. Alternatively, a ``dict`` can be passed. You can validate_config the dict using :py:meth:`~oci.config.validate_config` :param str service_endpoint: (optional) The endpoint of the service to call using this client. For example ``https://iaas.us-ashburn-1.oraclecloud.com``. If this keyword argument is not provided then it will be derived using the region in the config parameter. You should only provide this keyword argument if you have an explicit need to specify a service endpoint. :param timeout: (optional) The connection and read timeouts for the client. The default values are connection timeout 10 seconds and read timeout 60 seconds. This keyword argument can be provided as a single float, in which case the value provided is used for both the read and connection timeouts, or as a tuple of two floats. If a tuple is provided then the first value is used as the connection timeout and the second value as the read timeout. :type timeout: float or tuple(float, float) :param signer: (optional) The signer to use when signing requests made by the service client. The default is to use a :py:class:`~oci.signer.Signer` based on the values provided in the config parameter. One use case for this parameter is for `Instance Principals authentication `__ by passing an instance of :py:class:`~oci.auth.signers.InstancePrincipalsSecurityTokenSigner` as the value for this keyword argument :type signer: :py:class:`~oci.signer.AbstractBaseSigner` :param obj retry_strategy: (optional) A retry strategy to apply to all calls made by this service client (i.e. at the client level). There is no retry strategy applied by default. Retry strategies can also be applied at the operation level by passing a ``retry_strategy`` keyword argument as part of calling the operation. Any value provided at the operation level will override whatever is specified at the client level. This should be one of the strategies available in the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` is also available. The specifics of the default retry strategy are described `here `__. :param obj circuit_breaker_strategy: (optional) A circuit breaker strategy to apply to all calls made by this service client (i.e. at the client level). This client uses :py:data:`~oci.circuit_breaker.DEFAULT_CIRCUIT_BREAKER_STRATEGY` as default if no circuit breaker strategy is provided. The specifics of circuit breaker strategy are described `here `__. :param function circuit_breaker_callback: (optional) Callback function to receive any exceptions triggerred by the circuit breaker. :param bool client_level_realm_specific_endpoint_template_enabled: (optional) A boolean flag to indicate whether or not this client should be created with realm specific endpoint template enabled or disable. By default, this will be set as None. :param allow_control_chars: (optional) allow_control_chars is a boolean to indicate whether or not this client should allow control characters in the response object. By default, the client will not allow control characters to be in the response object. signer)rtenancyuser fingerprintZkey_file pass_phraseZ key_content)rrrZprivate_key_file_locationrZprivate_key_contentTservice_endpointz /20220901z8https://api-threatintel.{region}.oci.{secondLevelDomain}skip_deserializationFcircuit_breaker_strategy5client_level_realm_specific_endpoint_template_enabled)Zregional_clientr base_pathZservice_endpoint_templateZ#service_endpoint_template_per_realmrrrtimeoutNallow_control_charsZ threatintelretry_strategycircuit_breaker_callback)r getr r r rrZGLOBAL_CIRCUIT_BREAKER_STRATEGYZ DEFAULT_CIRCUIT_BREAKER_STRATEGYrr base_clientrr)selfconfigkwargsrZbase_client_init_kwargsr$Nusr/lib/python3.10/site-packages/oci/threat_intelligence/threatintel_client.py__init__s>3        zThreatintelClient.__init__c sddg}d}d}d}d}gdfdd t|D} | r%td | d|i} d d t| D} t| D]\} } | d usNt| tjrUt| dkrUtd| q8d|i} dd t| D} dd| dt d}dd t|D}|j j | d|j d}|d urtj}|rt|tjs|j |||j|j|j j||| | |d| d|||d S|j j||| | |d| d|||d S)a Get detailed information about a threat indicator with a given identifier. :param str indicator_id: (required) The unique identifier (OCID) of the threat indicator. :param str compartment_id: (required) The OCID of the tenancy (root compartment) that is used to filter results. :param str opc_request_id: (optional) The client request ID for tracing. :param obj retry_strategy: (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level. This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation uses :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` as default if no retry strategy is provided. The specifics of the default retry strategy are described `here `__. To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`. :param bool allow_control_chars: (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings :return: A :class:`~oci.response.Response` object with data of type :class:`~oci.threat_intelligence.models.Indicator` :rtype: :class:`~oci.response.Response` :example: Click `here `__ to see an example of how to use get_indicator API. Z indicatorId compartmentIdz/indicators/{indicatorId}GET get_indicatorzRhttps://docs.oracle.com/iaas/api/#/en/threat-intel/20220901/Indicator/GetIndicator)rropc_request_idcg|]}|vr|qSr$r$.0_keyZexpected_kwargsr$r% z3ThreatintelClient.get_indicator..z&get_indicator got unknown kwargs: {!r}cSsi|] \}}|tur||qSr$missingr-kvr$r$r% sz3ThreatintelClient.get_indicator..Nrz7Parameter {} cannot be None, whitespace or empty stringcS&i|]\}}|tur|dur||qSNr2r4r$r$r%r7&application/jsonr*acceptz content-typezopc-request-idcSr8r9r2r4r$r$r%r7r:rZoperation_retry_strategyZclient_retry_strategyZ Indicatorr) resource_pathmethod path_params query_params header_params response_typeroperation_nameapi_reference_linkrequired_arguments)riterkeys ValueErrorformat iteritems isinstanceZ string_typeslenstriprr3r get_preferred_retry_strategyrrDEFAULT_RETRY_STRATEGYNoneRetryStrategyadd_opc_client_retries_headeradd_circuit_breaker_callbackrmake_retrying_callcall_api)r!Z indicator_idcompartment_idr#rGr?r@rErF extra_kwargsrAr5r6rBrCrr$r/r%r)rsz!$     zThreatintelClient.get_indicatorc sZdg}d}d}d}d}gdfddt|D}|r$td |d |vr9d d g} |d | vr9td | ||d td} ddt| D} dd|dtd} ddt| D} |jj|d|j d} | durst j } | rt | t j s|j| | |j| j|jj||| | d|d|||d S|jj||| | d|d|||d S)ac Get the current count of each threat indicator type. Indicator counts can be sorted in ascending or descending order. :param str compartment_id: (required) The OCID of the tenancy (root compartment) that is used to filter results. :param str opc_request_id: (optional) The client request ID for tracing. :param str sort_order: (optional) The sort order to use, either 'ASC' or 'DESC'. Allowed values are: "ASC", "DESC" :param obj retry_strategy: (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level. This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation uses :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` as default if no retry strategy is provided. The specifics of the default retry strategy are described `here `__. To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`. :param bool allow_control_chars: (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings :return: A :class:`~oci.response.Response` object with data of type :class:`~oci.threat_intelligence.models.IndicatorCountCollection` :rtype: :class:`~oci.response.Response` :example: Click `here `__ to see an example of how to use list_indicator_counts API. r'z/indicatorCountsr(list_indicator_countszhhttps://docs.oracle.com/iaas/api/#/en/threat-intel/20220901/IndicatorCountCollection/ListIndicatorCounts)rrr* sort_ordercr+r$r$r,r/r$r%r0r1z;ThreatintelClient.list_indicator_counts..z.list_indicator_counts got unknown kwargs: {!r}rYASCDESC2Invalid value for `sort_order`, must be one of {0})r' sortOrdercSr8r9r2r4r$r$r%r7r:z;ThreatintelClient.list_indicator_counts..r;r*r<cSr8r9r2r4r$r$r%r7%r:rr>NZIndicatorCountCollectionr r?r@rBrCrDrrErFrGrrHrIrJrr3rKr rOrrrPrLrQrRrSrrTrU r!rVr#rGr?r@rErFrWsort_order_allowed_valuesrBrCrr$r/r%rXsv#       z'ThreatintelClient.list_indicator_countsc s<dg}d}d}d}d}gdfddt|D}|r$td |d |vr9gd } |d | vr9td | d |vrNddg} |d | vrNtd| d|vrcgd} |d| vrctd| ||j|dtd|d t|dt|dt|dt|dt|dt|dt|dt|dt|dt|dt|d t|dtd } d!d"t| D} d#d#|d$td%} d&d"t| D} |jj |d'|j d(}|d)urt j }|r t |t js|j| ||j|j|jj||| | d*|d+|||d, S|jj||| | d*|d+|||d, S)-a Get a list of threat indicator summaries based on the search criteria. :param str compartment_id: (required) The OCID of the tenancy (root compartment) that is used to filter results. :param list[str] threat_type_name: (optional) The threat type of entites to be returned. To filter for multiple threat types, repeat this parameter. :param str type: (optional) The indicator type of entities to be returned. Allowed values are: "DOMAIN_NAME", "FILE_NAME", "MD5_HASH", "SHA1_HASH", "SHA256_HASH", "IP_ADDRESS", "URL" :param str value: (optional) The indicator value of entities to be returned. :param int confidence_greater_than_or_equal_to: (optional) The minimum confidence score of entities to be returned. :param datetime time_updated_greater_than_or_equal_to: (optional) The oldest update time of entities to be returned. :param datetime time_updated_less_than: (optional) Return indicators updated before the provided time. :param datetime time_last_seen_greater_than_or_equal_to: (optional) The oldest last seen time of entities to be returned. :param datetime time_last_seen_less_than: (optional) Return indicators last seen before the provided time. :param datetime time_created_greater_than_or_equal_to: (optional) The oldest created/first seen time of entities to be returned. :param datetime time_created_less_than: (optional) Return indicators created/first seen before the provided time. :param int limit: (optional) The maximum number of items to return. :param str page: (optional) A token representing the position at which to start retrieving results. This must come from the `opc-next-page` header field of a previous response. :param str sort_order: (optional) The sort order to use, either 'ASC' or 'DESC'. Allowed values are: "ASC", "DESC" :param str sort_by: (optional) The field to sort by. Only one field to sort by may be provided. Allowed values are: "confidence", "timeCreated", "timeUpdated", "timeLastSeen" :param str opc_request_id: (optional) The client request ID for tracing. :param obj retry_strategy: (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level. This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation uses :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` as default if no retry strategy is provided. The specifics of the default retry strategy are described `here `__. To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`. :param bool allow_control_chars: (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings :return: A :class:`~oci.response.Response` object with data of type :class:`~oci.threat_intelligence.models.IndicatorSummaryCollection` :rtype: :class:`~oci.response.Response` :example: Click `here `__ to see an example of how to use list_indicators API. r'z /indicatorsr(list_indicatorszehttps://docs.oracle.com/iaas/api/#/en/threat-intel/20220901/IndicatorSummaryCollection/ListIndicators)rrthreat_type_nametypevalue#confidence_greater_than_or_equal_to%time_updated_greater_than_or_equal_totime_updated_less_than'time_last_seen_greater_than_or_equal_totime_last_seen_less_than%time_created_greater_than_or_equal_totime_created_less_thanlimitpagerYsort_byr*cr+r$r$r,r/r$r%r0r1z5ThreatintelClient.list_indicators..z(list_indicators got unknown kwargs: {!r}rd)Z DOMAIN_NAMEZ FILE_NAMEZMD5_HASHZ SHA1_HASHZ SHA256_HASHZ IP_ADDRESSURLz,Invalid value for `type`, must be one of {0}rYrZr[r\ro)Z confidenceZ timeCreatedZ timeUpdatedZ timeLastSeenz/Invalid value for `sort_by`, must be one of {0}rcZmultirerfrgrhrirjrkrlrmrn)r'ZthreatTypeNamerdreZconfidenceGreaterThanOrEqualToZtimeUpdatedGreaterThanOrEqualToZtimeUpdatedLessThanZ timeLastSeenGreaterThanOrEqualToZtimeLastSeenLessThanZtimeCreatedGreaterThanOrEqualToZtimeCreatedLessThanrmrnr]ZsortBycSr8r9r2r4r$r$r%r7r:z5ThreatintelClient.list_indicators..r;r*r<cSr8r9r2r4r$r$r%r7r:rr>NIndicatorSummaryCollectionrr^)rrHrIrJr Z generate_collection_format_paramrr3rKrOrrrPrLrQrRrSrrTrU)r!rVr#rGr?r@rErFrWZtype_allowed_valuesraZsort_by_allowed_valuesrBrCrr$r/r%rbIsN                     z!ThreatintelClient.list_indicatorsc sndg}d}d}d}d}gdfddt|D}|r$td |d |vr9d d g} |d | vr9td | ||dt|dt|d td} ddt| D} dd|dtd} ddt| D} |jj|d|j d} | dur}t j } | rt | t j s|j| | |j| j|jj||| | d|d|||d S|jj||| | d|d|||d S)a Gets a list of threat types that are available to use as parameters when querying indicators. The list is sorted by threat type name according to the sort order query param. :param str compartment_id: (required) The OCID of the tenancy (root compartment) that is used to filter results. :param int limit: (optional) The maximum number of items to return. :param str page: (optional) A token representing the position at which to start retrieving results. This must come from the `opc-next-page` header field of a previous response. :param str sort_order: (optional) The sort order to use, either 'ASC' or 'DESC'. Allowed values are: "ASC", "DESC" :param str opc_request_id: (optional) The client request ID for tracing. :param obj retry_strategy: (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level. This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation uses :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` as default if no retry strategy is provided. The specifics of the default retry strategy are described `here `__. To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`. :param bool allow_control_chars: (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings :return: A :class:`~oci.response.Response` object with data of type :class:`~oci.threat_intelligence.models.ThreatTypesCollection` :rtype: :class:`~oci.response.Response` :example: Click `here `__ to see an example of how to use list_threat_types API. r'z /threatTypesr(list_threat_typeszahttps://docs.oracle.com/iaas/api/#/en/threat-intel/20220901/ThreatTypesCollection/ListThreatTypes)rrrmrnrYr*cr+r$r$r,r/r$r%r0@r1z7ThreatintelClient.list_threat_types..z*list_threat_types got unknown kwargs: {!r}rYrZr[r\rmrn)r'rmrnr]cSr8r9r2r4r$r$r%r7Rr:z7ThreatintelClient.list_threat_types..r;r*r<cSr8r9r2r4r$r$r%r7Yr:rr>NZThreatTypesCollectionrr^r_r`r$r/r%rrsz*         z#ThreatintelClient.list_threat_typesc s>dg}d}d}d}d}gdfddt|D} | r$td | ||d t|d td } d dt| D} dd|dtd} ddt| D} |jj|d|j d} | durct j } | rt | t j sw|j| | |j| j|jj||| | |d|d|||d S|jj||| | |d|d|||d S)a\ Get indicator summaries based on advanced search criteria. :param str compartment_id: (required) The OCID of the tenancy (root compartment) that is used to filter results. :param oci.threat_intelligence.models.SummarizeIndicatorsDetails summarize_indicators_details: (required) Query Parameters to search for indicators. :param str opc_request_id: (optional) The client request ID for tracing. :param int limit: (optional) The maximum number of items to return. :param str page: (optional) A token representing the position at which to start retrieving results. This must come from the `opc-next-page` header field of a previous response. :param obj retry_strategy: (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level. This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation uses :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` as default if no retry strategy is provided. The specifics of the default retry strategy are described `here `__. To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`. :param bool allow_control_chars: (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings :return: A :class:`~oci.response.Response` object with data of type :class:`~oci.threat_intelligence.models.IndicatorSummaryCollection` :rtype: :class:`~oci.response.Response` :example: Click `here `__ to see an example of how to use summarize_indicators API. r'z/indicators/actions/summarizeZPOSTsummarize_indicatorszYhttps://docs.oracle.com/iaas/api/#/en/threat-intel/20220901/Indicator/SummarizeIndicators)rrr*rmrncr+r$r$r,r/r$r%r0r1z:ThreatintelClient.summarize_indicators..z-summarize_indicators got unknown kwargs: {!r}rmrn)r'rmrncSr8r9r2r4r$r$r%r7r:z:ThreatintelClient.summarize_indicators..r;r*r<cSr8r9r2r4r$r$r%r7r:rr>Nrqr) r?r@rBrCbodyrDrrErFrGr_) r!rVZsummarize_indicators_detailsr#rGr?r@rErFrWrBrCrr$r/r%rs}sp'       z&ThreatintelClient.summarize_indicatorsN) __name__ __module__ __qualname____doc__r&r)rXrbrrrsr$r$r$r%rsXlk? vrN) __future__rZ oci._vendorrrocirrZoci.base_clientrZ oci.configrr Z oci.signerr Zoci.utilr r r Zmodelsrr3objectrr$r$r$r%s