How to use the msticpy.sectools.tiproviders.ti_provider_base.TISeverity function in msticpy
To help you get started, we’ve selected a few msticpy examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
microsoft / msticpy / tests / test_tiproviders.py View on Github 
def test_tiseverity(self):
sev_inf = TISeverity.parse("information")
self.assertEqual(sev_inf, TISeverity.information)
sev_warn = TISeverity.parse(1)
self.assertEqual(sev_warn, TISeverity.warning)
sev_warn2 = TISeverity.parse(sev_warn)
self.assertEqual(sev_warn2, TISeverity.warning)
sev_unknown = TISeverity.unknown
sev_high = TISeverity.high
self.assertTrue(sev_inf == TISeverity.information)
self.assertTrue(sev_inf <= "information")
self.assertTrue(sev_inf < 1)
self.assertTrue(sev_warn > TISeverity.information)
self.assertFalse(sev_unknown > "high"))
result.provider = kwargs.get("provider_name", self.__class__.__name__)
result.result = bool(self._nodelist)
result.reference = self._BASE_URL
if result.status and not bool(self._nodelist):
result.status = TILookupStatus.query_failed.value
if result.status:
return result
tor_node = self._nodelist.get(ioc)
if tor_node:
result.set_severity(TISeverity.warning)
result.details = {
"NodeID": tor_node["ExitNode"],
"LastStatus": tor_node["LastStatus"],
}
result.raw_result = tor_node
else:
result.details = "Not found."
return resultdef _parse_one_record(dom_record: dict):
record_status = dom_record.get("status_code", 404)
severity = TISeverity.information
if record_status == 200:
return (
True,
severity,
{
"rank": dom_record.get("rank", "0"),
"page_rank": dom_record.get("page_rank_decimal", 0),
"error": dom_record.get("error", ""),
},
)
if record_status == 404:
return (
True,
TISeverity.warning,
{
"rank": dom_record.get("rank", "0"),TISeverity, str or int
Returns
-------
TISeverity
TISeverity instance.
"""
if isinstance(value, TISeverity):
return value
if isinstance(value, str) and value.lower() in cls.__members__:
return cls[value.lower()]
if isinstance(value, int):
if value in [v.value for v in cls.__members__.values()]:
return cls(value)
return TISeverity.unknown
return False, TISeverity.information, "Not found."
if "pulse_info" in response.raw_result:
pulses = response.raw_result["pulse_info"].get("pulses", {})
pulse_count = len(pulses)
if pulse_count == 0:
severity = TISeverity.information
return (
True,
severity,
{
"pulse_count": pulse_count,
"sections_available": response.raw_result["sections"],
},
)
if pulse_count == 1:
severity = TISeverity.warning
else:
severity = TISeverity.high
return (
True,
severity,
{
"pulse_count": pulse_count,
"names": [p.get("name") for p in pulses],
"tags": [p.get("tags") for p in pulses],
"references": [p.get("references") for p in pulses],
},
)
return True, TISeverity.information, {}if "detected_downloaded_samples" in response.raw_result:
self._extract_url_results(
response=response,
result_dict=result_dict,
hit_type="detected_downloaded_samples",
item_type="sha256",
date_name="date",
)
if "positives" in result_dict:
if result_dict["positives"] > 1:
severity = TISeverity.high
elif result_dict["positives"] > 0:
severity = TISeverity.warning
else:
severity = TISeverity.information
else:
severity = TISeverity.unknown
return True, severity, result_dictdef _check_severity(self, attribute, value):
del attribute
if isinstance(value, TISeverity):
self.severity = value.name
return
self.severity = TISeverity.parse(value).namerecord_status = dom_record.get("status_code", 404)
severity = TISeverity.information
if record_status == 200:
return (
True,
severity,
{
"rank": dom_record.get("rank", "0"),
"page_rank": dom_record.get("page_rank_decimal", 0),
"error": dom_record.get("error", ""),
},
)
if record_status == 404:
return (
True,
TISeverity.warning,
{
"rank": dom_record.get("rank", "0"),
"error": dom_record.get("error", ""),
},
)
return False, TISeverity.information, {}
Popular msticpy functions
- msticpy.analysis.anomalous_sequence.utils.data_structures.Cmd
- msticpy.analysis.anomalous_sequence.utils.data_structures.StateMatrix
- msticpy.common.exceptions.MsticpyException
- msticpy.common.exceptions.MsticpyKqlConnectionError
- msticpy.common.exceptions.MsticpyUserConfigError
- msticpy.common.keyvault_client.MPKeyVaultConfigException
- msticpy.common.pkg_config
- msticpy.common.pkg_config.settings.get
- msticpy.common.provider_settings.get_provider_settings
- msticpy.common.utility.export
- msticpy.common.utility.MsticpyException
- msticpy.data.azure_data.MsticpyAzureException
- msticpy.nbtools.entityschema.Entity
- msticpy.nbtools.entityschema.IpAddress
- msticpy.nbtools.query_defns.DataEnvironment
- msticpy.nbtools.query_defns.DataFamily
- msticpy.sectools.iocextract.IoCType
- msticpy.sectools.tiproviders.ti_provider_base.LookupResult
- msticpy.sectools.tiproviders.ti_provider_base.TISeverity
- msticpy.sectools.tiproviders.ti_provider_base.TISeverity.information