How to use investigate - 10 common examples

def as_for_ip(self, ip):
        '''Gets the AS information for a given IP address.'''
        if not Investigate.IP_PATTERN.match(ip):
            raise Investigate.IP_ERR

        uri = self._uris["as_for_ip"].format(ip)
        resp_json = self.get_parse(uri)

        return resp_json

def rr_history(self, query, query_type="A"):
        '''Get the RR (Resource Record) History of the given domain or IP.
        The default query type is for 'A' records, but the following query types
        are supported:

        A, NS, MX, TXT, CNAME

        For details, see https://investigate.umbrella.com/docs/api#dnsrr_domain
        '''
        if query_type not in Investigate.SUPPORTED_DNS_TYPES:
            raise Investigate.UNSUPPORTED_DNS_QUERY

        # if this is an IP address, query the IP
        if Investigate.IP_PATTERN.match(query):
            return self._ip_rr_history(query, query_type)

        # otherwise, query the domain
        return self._domain_rr_history(query, query_type)

def rr_history(self, query, query_type="A"):
        '''Get the RR (Resource Record) History of the given domain or IP.
        The default query type is for 'A' records, but the following query types
        are supported:

        A, NS, MX, TXT, CNAME

        For details, see https://investigate.umbrella.com/docs/api#dnsrr_domain
        '''
        if query_type not in Investigate.SUPPORTED_DNS_TYPES:
            raise Investigate.UNSUPPORTED_DNS_QUERY

        # if this is an IP address, query the IP
        if Investigate.IP_PATTERN.match(query):
            return self._ip_rr_history(query, query_type)

        # otherwise, query the domain
        return self._domain_rr_history(query, query_type)

def categorization(self, domains, labels=False):
        '''Get the domain status and categorization of a domain or list of domains.
        'domains' can be either a single domain, or a list of domains.
        Setting 'labels' to True will give back categorizations in human-readable
        form.

        For more detail, see https://investigate.umbrella.com/docs/api#categorization
        '''
        if type(domains) is str:
            return self._get_categorization(domains, labels)
        elif type(domains) is list:
            return self._post_categorization(domains, labels)
        else:
            raise Investigate.DOMAIN_ERR

def post(self, uri, params={}, data={}):
        '''A generic method to make POST requests to the OpenDNS Investigate API
        on the given URI.
        '''
        return self._session.post(
            urljoin(Investigate.BASE_URL, uri),
            params=self.params_with_utm_source(params) if self._utm_source else params,
            data=data,
            headers=self._auth_header,
            proxies=self.proxies
        )

params['start'] = int(time.mktime(start.timetuple()) * 1000)
        elif isinstance(start, int) and (datetime.datetime.now()-datetime.datetime.fromtimestamp(start/1000)).days < 30:
            params['start'] = int(start)
        else:
            raise Investigate.SEARCH_ERR

        if stop is None:
            stop = datetime.datetime.now()
        if isinstance(stop, datetime.timedelta):
            params['stop'] = int(time.mktime((datetime.datetime.utcnow() - stop).timetuple()) * 1000)
        elif isinstance(stop, datetime.datetime):
            params['stop'] = int(time.mktime(stop.timetuple()) * 1000)
        elif isinstance(stop, int) and (datetime.datetime.now() - datetime.datetime.fromtimestamp(stop/1000)).days < 30:
            params['stop'] = int(stop)
        else:
            raise Investigate.SEARCH_ERR

        if match is not None and match in ('all' or 'component' or 'exact'):
            params['match'] = match

        uri = self._uris['domain_volume'].format(domain)

        return self.get_parse(uri, params)

def rr_history(self, query, query_type="A"):
        '''Get the RR (Resource Record) History of the given domain or IP.
        The default query type is for 'A' records, but the following query types
        are supported:

        A, NS, MX, TXT, CNAME

        For details, see https://investigate.umbrella.com/docs/api#dnsrr_domain
        '''
        if query_type not in Investigate.SUPPORTED_DNS_TYPES:
            raise Investigate.UNSUPPORTED_DNS_QUERY

        # if this is an IP address, query the IP
        if Investigate.IP_PATTERN.match(query):
            return self._ip_rr_history(query, query_type)

        # otherwise, query the domain
        return self._domain_rr_history(query, query_type)

brand -- Brand name string to include in pattern searches. Brands that are also very common names may return lots of results
        exclude -- (Optional) list of domains that should be excluded from searches
        """

        if api_key is None or brand is None:
            raise Exception('No API key or Brand defined')

        self.api_key = api_key
        self.brand = brand
        self.exclude = exclude
        self.days = days
        self.limit = limit
        self.include_category=include_category
        self.regex_list = []

        self.inv = investigate.Investigate(api_key)
        self.generate()

def test_connectivity(self):
        """Connectivity Test which is used by resilient_circuits selftest.

        Calls http 'get' request against 'event_types' url.

        :return: Response
        """
        uri = self._uris["categories"]
        return self._session.get(urljoin(Investigate.BASE_URL, uri),
                                 params=None,
                                 headers=self._auth_header,
                                 proxies=self.proxies
                                 )
        return r

import logging
import datetime, time
import json
import sys
from investigate import Investigate

log = logging.getLogger(__name__)

class DATETIME_ERR(ValueError):
    def __init__(self, value):
        self.err_msg = value

    def __str__(self):
        return repr(self.err_msg)

class ResilientInv(Investigate):
    """ Extend base Investigate Class to add support for unsupported and buggy methods.

    """
    def __init__(self, api_key, base_url, proxies={}):
        """ New initialization parameters added.

        :param api_key: Thw api_kewy value from config.
        :param base_url: The base_url value from config.

        """
        super(ResilientInv, self).__init__(api_key, proxies)

        # If python version 2 convert existing uris to unicode object instead of string.
        if sys.version_info.major == 2:
            for k, v in self._uris.items():
                self._uris[k] = v.decode('unicode-escape')