How to use resilient - 10 common examples
To help you get started, we’ve selected a few resilient examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
ibmresilient / resilient-community-apps / older / rc-shell-runner / shell_runner / lib / disposition.py View on Github 
def test():
"""Test some basic functionality"""
from resilient_circuits.rest_helper import get_resilient_client
from resilient_circuits.actions_component import ActionMessage
import time
opts = vars(resilient.ArgumentParser(config_file=os.environ.get("APP_CONFIG_FILE")).parse_args())
client = get_resilient_client(opts)
action_event = None
result = Disposition(client, "new_incident").call(action_event, {"name": "new test incident", "discovered_date": 0})
LOG.debug(result)
assert result["id"] > 0
print("Created incident {}".format(result["id"]))
incident = result
action_event = ActionMessage(message={"incident": incident})
result = Disposition(client, "new_task").call(action_event, {"name": "new task"})
LOG.debug(result)
assert result["id"] > 0
action_event.task = result
result = Disposition(client, "update_task").call(action_event, {"name": "updated task"})
LOG.info(result)def main():
"""
program main
"""
config_file = resilient.get_config_file()
parser = ExampleArgumentParser(config_file)
opts = parser.parse_args()
inc_types = opts["itype"]
inc_queue = opts["queue"]
# Create SimpleClient for a REST connection to the Resilient services
client = resilient.get_client(opts)
# Discovered Date will be set to the current time
time_now = int(time.time() * 1000)
try:
uri = '/incidents'
rf_config = configparser.ConfigParser()def main():
"""
program main
"""
config_file = resilient.get_config_file()
parser = ExampleArgumentParser(config_file)
opts = parser.parse_args()
inc_types = opts["itype"]
inc_limit = opts["limit"]
# Create SimpleClient for a REST connection to the Resilient services
client = resilient.get_client(opts)
# Discovered Date will be set to the current time
time_now = int(time.time() * 1000)
try:
uri = '/incidents'
rf_config = configparser.ConfigParser()def __init__(self, config_file=None):
self.config_file = config_file or resilient.get_config_file()
super(OptParser, self).__init__(config_file=self.config_file)
#
# Note this is a trick used by resilient-circuits. resilient.ArgumentParser will
# validate the arguments of the command line. Since we use command line
# argument of input/output files, we don't want that validation, so we
# erase them before we call parse_args(). So parse_args() only
# reads from app.config
#
sys.argv = sys.argv[0:1]
self.opts = self.parse_args()
if self.config:
for section in self.config.sections():
#
# Handle sections other than [resilient] in app.config
#requests.packages.urllib3.disable_warnings()
verify = False
elif os.path.isfile(cafile):
#
# User specified a cafile for trusted certificate
#
verify = cafile
except:
verify = True
args = {"base_url": url,
"verify": verify,
"org_name": org}
resilient_client = resilient.SimpleClient(**args)
session = resilient_client.connect(email, password)
max_count = None
if opt_parser.getopt(MACHINE_LEARNING_SECTION, "max_count"):
max_count = int(opt_parser.getopt(MACHINE_LEARNING_SECTION, "max_count"))
time_start = opt_parser.getopt(MACHINE_LEARNING_SECTION, "time_start")
time_end = opt_parser.getopt(MACHINE_LEARNING_SECTION, "time_end")
res_filter = IncidentTimeFilter(time_start=time_start,
time_end=time_end,
in_log=LOG)
# get_incidents is going to download all the incidents using this resilient_client
# The optional max_count controls how many samples to process. The conversion from
# json to CSV will stop once reaches this limit.
num_inc = resilient_utils.get_incidents(res_client=resilient_client,
filename=csv_file,# ensure the incident is found
try:
incident = self.rest_client_helper.get("/incidents/{}".format(inc_id))
for object_type in object_type_names:
if not self.lookup.get(object_type):
LOG.error("Method for synchronization not found: %s", object_type)
else:
try:
type_info = type_info_index.get(object_type, None) # datatables will not have a type_info object at this time
sync_count = self.lookup[object_type](self.rest_client_helper, inc_id, type_info)
LOG.debug("inc_id: %s %s : %s", inc_id, object_type, sync_count)
except AttributeError:
LOG.error("Query error for synchronization method: %s", object_type)
except SimpleHTTPException:
pass:param data: Content to be added as note
:return: Response from Resilient for debug
"""
try:
uri = '/incidents/{}/comments'.format(incident_id)
resilient_client = self.rest_client()
heading = "Raw Proofpoint TRAP Event Payload:\n"
note = {
'format': 'text',
'content': '{}{}'.format(heading, pprint.pformat(data, indent=4))
}
payload = {'text': note}
comment_response = resilient_client.post(uri=uri, payload=payload)
return comment_response
except SimpleHTTPException as ex:
LOG.error("Failed to add note for incident %d: %s", incident_id, ex)
def _get_incident_fields(res_client):
try:
fields = res_client.get('/types/incident/fields')
if fields:
fields = {field["name"]: field["input_type"] for field in fields}
return fields
else:
LOG.error("Failed to get incident fields from Resilient")
raise Exception("Failed to get incident fields from Resilient")
except SimpleHTTPException as error:
LOG.exception("Failed to get incident fields from Resilient")
raise},
{
'field_name': 'plan_status',
'method': 'equals',
'value': 'A'
}
]
}],
'sorts': [{
'field_name': 'create_date',
'type': 'desc'
}]
}
try:
r_incidents = resilient_client.post(query_uri, query)
except SimpleHTTPException:
# Some versions of Resilient 30.2 onward have a bug that prevents query for numeric fields.
# To work around this issue, let's try a different query, and filter the results. (Expensive!)
query_uri = '/incidents/query?return_level=normal&field_handle={}'.format(threat_id)
query = {
'filters': [{
'conditions': [
{
'field_name': 'properties.{}'.format(idtype),
'method': 'has_a_value'
},
{
'field_name': 'plan_status',
'method': 'equals',
'value': 'A'
}
]"discovered_date": time_now}
# Create the incident
incident = client.post(uri, new_incident)
inc_id = incident["id"]
params = {
'ActionPlanGUID': ActionPlanGUID,
'Comment': "Created Resilient Incident ID #" + str(inc_id)
}
result = set_action_plan_comment(rf_opts, params)
print("Created incident {}".format(inc_id))
except resilient.SimpleHTTPException as ecode:
print("create failed : {}".format(ecode))resilient
Python client module for the IBM SOAR REST API
Package Health Score
72 / 100Popular resilient functions
- resilient.ArgumentParser
- resilient.client_w.Client
- resilient.get_client
- resilient.get_config_file
- resilient.ImportDefinition
- resilient.parse_parameters
- resilient.primitives.Barrier
- resilient.primitives.Cancellable
- resilient.primitives.Cancellable._stopped
- resilient.primitives.Cancellable.task_no
- resilient.primitives.NamedTask
- resilient.primitives.TaskId
- resilient.SimpleClient
- resilient.SimpleHTTPException