TheHive DXL Python Service 0.1.0

TheHive service for use with the OpenDXL Python Client

Overview

TheHive DXL Python Service exposes access to the TheHive REST APIs via the Data Exchange Layer (DXL) fabric.

Documentation

See the Wiki for an overview of TheHive API DXL Python Service and usage examples.


See TheHive DXL Python Service documentation for installation instructions, API documentation, and usage examples.


Icon by icons8 licensed under Creative Commons Attribution-NoDerivs 3.0 Unported.

Bootprint

TheHive DXL Service

Version: 0.1.0

The TheHive DXL service exposes access to the TheHive REST APIs via the Data Exchange Layer (DXL) fabric.

Solutions

TheHive DXL Service

The TheHive DXL Service.

TheHive REST API Reference

Version:

0.1.0

TheHive DXL Service

Services

Requests

/opendxl-thehive/service/thehive-api/alert/create

Invokes an TheHive 'Create Alert' command and returns the results.

TheHive API: Alert

payload: object

For a list of additional attributes that can be used with this command, see: TheHive API: Alert (Model Definition).

{
"description": "Created by the OpenDXL Alert Example",
"severity": 3,
"source": "OpenDXL",
"sourceRef": "1b9e593c-b113-4c0f-a0b0-30b15d4b9268",
"title": "OpenDXL Alert Example",
"type": "external"
}
title: string

Title of the alert.

description: string

description of the alert.

type: string

Type of the alert (read only).

source: string

Source of the alert (read only).

sourceRef: string

Source reference of the alert (read only).

The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.

payload: object

{
"_id": "237c6fbc97b86f81b30365acfc7e04c8",
"_parent": null,
"_routing": "237c6fbc97b86f81b30365acfc7e04c8",
"_type": "alert",
"_version": 1,
"artifacts": [
]
,
"createdAt": 1524002836273,
"createdBy": "admin",
"date": 1524002836301,
"description": "Created by the OpenDXL Alert Example",
"follow": true,
"id": "237c6fbc97b86f81b30365acfc7e04c8",
"lastSyncDate": 1524002836302,
"severity": 3,
"source": "OpenDXL",
"sourceRef": "1471d7d94f6042cd",
"status": "New",
"title": "OpenDXL Alert Example",
"tlp": 2,
"type": "external"
}
Error Code: 0

payload: object

"Error handling request: Attribute \"title\" is missing"
                                                                            

/opendxl-thehive/service/thehive-api/alert/get

Invokes an TheHive 'Get Alert' command and returns the results.

TheHive API: Alert

payload: object

{
"id": "237c6fbc97b86f81b30365acfc7e04c8"
}
id: string

id string corresponding to the alert. This ID is part of the response from a 'Create Alert' command, in the id field.

The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.

payload: object

{
"_id": "237c6fbc97b86f81b30365acfc7e04c8",
"_parent": null,
"_routing": "237c6fbc97b86f81b30365acfc7e04c8",
"_type": "alert",
"_version": 1,
"artifacts": [
]
,
"createdAt": 1524002836273,
"createdBy": "admin",
"date": 1524002836301,
"description": "Created by the OpenDXL Alert Example",
"follow": true,
"id": "237c6fbc97b86f81b30365acfc7e04c8",
"lastSyncDate": 1524002836302,
"severity": 3,
"source": "OpenDXL",
"sourceRef": "1471d7d94f6042cd",
"status": "New",
"title": "OpenDXL Alert Example",
"tlp": 2,
"type": "external"
}
Error Code: 0

payload: object

"Error handling request: Attribute \"title\" is missing"
                                                                            

/opendxl-thehive/service/thehive-api/case/create

Invokes an TheHive 'Create Case' command and returns the results.

TheHive API: Case

payload: object

For a list of attributes that can be used with this command, see: TheHive API: Case (Model Definition).

{
"description": "Created by the OpenDXL Case Example",
"severity": 3,
"title": "OpenDXL Case Example"
}
description: integer

Description of the case.

title: string

Title of the task.

The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.

payload: object

{
"_id": "AWLVqGV4EL_PtpkToK8t",
"_parent": null,
"_routing": "AWLVqGV4EL_PtpkToK8t",
"_type": "case",
"_version": 1,
"caseId": 90,
"createdAt": 1524003005674,
"createdBy": "admin",
"customFields": {
}
,
"description": "Created by the OpenDXL Case Example",
"flag": false,
"id": "AWLVqGV4EL_PtpkToK8t",
"metrics": {
}
,
"owner": "admin",
"severity": 3,
"startDate": 1524003005814,
"status": "Open",
"title": "OpenDXL Case Example",
"tlp": 2
}
Error Code: 0

payload: object

"Error handling request: Attribute \"title\" is missing"
                                                                            

/opendxl-thehive/service/thehive-api/case/get

Invokes an TheHive 'Get Case' command and returns the results.

TheHive API: Case

payload: object

{
"id": "AWLVqGV4EL_PtpkToK8t"
}
id: string

id string corresponding to the case. This ID is part of the response from a 'Create Case' command, in the id field. It is not the same as the caseId.

The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.

payload: object

{
"_id": "AWLVqGV4EL_PtpkToK8t",
"_parent": null,
"_routing": "AWLVqGV4EL_PtpkToK8t",
"_type": "case",
"_version": 1,
"caseId": 90,
"createdAt": 1524003005674,
"createdBy": "admin",
"customFields": {
}
,
"description": "Created by the OpenDXL Case Example",
"flag": false,
"id": "AWLVqGV4EL_PtpkToK8t",
"metrics": {
}
,
"owner": "admin",
"severity": 3,
"startDate": 1524003005814,
"status": "Open",
"title": "OpenDXL Case Example",
"tlp": 2
}
Error Code: 0

payload: object

"Error handling request: Attribute \"title\" is missing"
                                                                            

/opendxl-thehive/service/thehive-api/case/observable/create

Invokes an TheHive 'Create Observable' command and returns the results.

TheHive API: Observable

payload: object

For a list of additional attributes that can be used with this command, see: TheHive API: Observable (Model Definition).

{
"caseId": 7,
"data": "OpenDXL",
"dataType": "user-agent",
"message": "Created by the OpenDXL Observable Example"
}
caseId: integer

ID of the case.

data: string

Cannot be provided if attachment provided. Required if attachment not provided.

attachment: string

Binary data as string. Cannot be provided if data provided. Required if data not provided.

The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.

payload: object

{
"_id": "7179b9c6564146841b69bfe0699013db",
"_parent": "AWLVqGV4EL_PtpkToK8t",
"_routing": "AWLVqGV4EL_PtpkToK8t",
"_type": "case_artifact",
"_version": 1,
"createdAt": 1524003006922,
"createdBy": "admin",
"data": "OpenDXL",
"dataType": "user-agent",
"id": "7179b9c6564146841b69bfe0699013db",
"ioc": false,
"message": "Created by the OpenDXL Observable Example",
"reports": {
}
,
"sighted": false,
"startDate": 1524003006946,
"status": "Ok",
"tags": [
]
,
"tlp": 2
}
Error Code: 0

payload: object

"Error handling request: Attribute \"title\" is missing"
                                                                            

/opendxl-thehive/service/thehive-api/case/observable/get

Invokes an TheHive 'Get Observable' command and returns the results.

TheHive API: Observable

payload: object

{
"id": "AWLVqGV4EL_PtpkToK8t"
}
id: string

id string corresponding to the case. This ID is part of the response from a 'Create Case' command, in the id field. It is not the same as the caseId.

The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.

payload: object

{
"_id": "7179b9c6564146841b69bfe0699013db",
"_parent": "AWLVqGV4EL_PtpkToK8t",
"_routing": "AWLVqGV4EL_PtpkToK8t",
"_type": "case_artifact",
"_version": 1,
"createdAt": 1524003006922,
"createdBy": "admin",
"data": "OpenDXL",
"dataType": "user-agent",
"id": "7179b9c6564146841b69bfe0699013db",
"ioc": false,
"message": "Created by the OpenDXL Observable Example",
"reports": {
}
,
"sighted": false,
"startDate": 1524003006946,
"status": "Ok",
"tags": [
]
,
"tlp": 2
}
Error Code: 0

payload: object

"Error handling request: Attribute \"title\" is missing"
                                                                            

/opendxl-thehive/service/thehive-api/case/task/create

Invokes an TheHive 'Create Task' command and returns the results.

TheHive API: Task

payload: object

For a list of additional attributes that can be used with this command, see: TheHive API: Task (Model Definition).

{
"caseId": "7",
"owner": "myuser",
"title": "OpenDXL Task Example"
}
caseId: integer

ID of the case.

title: string

Title of the task.

The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.

payload: object

{
"_id": "AVqqeXc9yQ6w1DNC8aDj",
"_type": "case_task",
"createdAt": 1488918771513,
"createdBy": "admin",
"flag": false,
"id": "AVqqeXc9yQ6w1DNC8aDj",
"order": 0,
"status": "Waiting",
"title": "OpenDXL Task Example",
"user": "myuser"
}
Error Code: 0

payload: object

"Error handling request: Attribute \"title\" is missing"
                                                                            

/opendxl-thehive/service/thehive-api/case/task/get

Invokes an TheHive 'Get Task' command and returns the results.

TheHive API: Task

payload: object

{
"id": "AWLVqGV4EL_PtpkToK8t"
}
id: string

id string corresponding to the case. This ID is part of the response from a 'Create Case' command, in the id field. It is not the same as the caseId.

The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.

payload: object

{
"_id": "AWLVqVSlEL_PtpkToK_D",
"_parent": "AWLVqVBjEL_PtpkToK_B",
"_routing": "AWLVqVBjEL_PtpkToK_B",
"_type": "case_task",
"_version": 1,
"createdAt": 1524003067041,
"createdBy": "admin",
"description": "Created by the OpenDXL Task Example",
"flag": false,
"id": "AWLVqVSlEL_PtpkToK_D",
"order": 0,
"status": "InProgress",
"title": "OpenDXL Task Example"
}
Error Code: 0

payload: object

"Error handling request: Attribute \"title\" is missing"
                                                                            

Definitions

Error Response Object: object

"Error handling request: Attribute \"title\" is missing"