Overview
TheHive DXL Python Service exposes access to the TheHive REST APIs via the Data Exchange Layer (DXL) fabric.
Documentation
See the Wiki for an overview of TheHive API DXL Python Service and usage examples.
See TheHive DXL Python Service documentation for installation instructions, API documentation, and usage examples.
Icon by icons8 licensed under Creative Commons Attribution-NoDerivs 3.0 Unported.
-
Version 0.1.0
- 987 Downloads
TheHive DXL Service
Version: 0.1.0
The TheHive DXL service exposes access to the TheHive REST APIs via the Data Exchange Layer (DXL) fabric.
Solutions
TheHive DXL Service
Services
TheHive DXL Service
The TheHive DXL service exposes access to the TheHive REST APIs via the Data Exchange Layer (DXL) fabric.
TheHive DXL Python Service (GitHub)
- Version:
-
0.1.0
Requests
/opendxl-thehive/service/thehive-api/alert/create
Invokes an TheHive 'Create Alert' command and returns the results.
For a list of additional attributes that can be used with this command, see: TheHive API: Alert (Model Definition).
{
"description": "Created by the OpenDXL Alert Example",
"severity": 3,
"source": "OpenDXL",
"sourceRef": "1b9e593c-b113-4c0f-a0b0-30b15d4b9268",
"title": "OpenDXL Alert Example",
"type": "external"
}
- title: string
-
Title of the alert.
- description: string
-
description of the alert.
- type: string
-
Type of the alert (read only).
- source: string
-
Source of the alert (read only).
- sourceRef: string
-
Source reference of the alert (read only).
The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.
{
"_id": "237c6fbc97b86f81b30365acfc7e04c8",
"_parent": null,
"_routing": "237c6fbc97b86f81b30365acfc7e04c8",
"_type": "alert",
"_version": 1,
"artifacts": [
],
"createdAt": 1524002836273,
"createdBy": "admin",
"date": 1524002836301,
"description": "Created by the OpenDXL Alert Example",
"follow": true,
"id": "237c6fbc97b86f81b30365acfc7e04c8",
"lastSyncDate": 1524002836302,
"severity": 3,
"source": "OpenDXL",
"sourceRef": "1471d7d94f6042cd",
"status": "New",
"title": "OpenDXL Alert Example",
"tlp": 2,
"type": "external"
}
- Error Code: 0
/opendxl-thehive/service/thehive-api/alert/get
Invokes an TheHive 'Get Alert' command and returns the results.
The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.
{
"_id": "237c6fbc97b86f81b30365acfc7e04c8",
"_parent": null,
"_routing": "237c6fbc97b86f81b30365acfc7e04c8",
"_type": "alert",
"_version": 1,
"artifacts": [
],
"createdAt": 1524002836273,
"createdBy": "admin",
"date": 1524002836301,
"description": "Created by the OpenDXL Alert Example",
"follow": true,
"id": "237c6fbc97b86f81b30365acfc7e04c8",
"lastSyncDate": 1524002836302,
"severity": 3,
"source": "OpenDXL",
"sourceRef": "1471d7d94f6042cd",
"status": "New",
"title": "OpenDXL Alert Example",
"tlp": 2,
"type": "external"
}
- Error Code: 0
/opendxl-thehive/service/thehive-api/alert/search
Invokes an TheHive 'Alert Search' command and returns the results.
{
"query": {
"_string": "title:(OpenDXL AND Example)"
},
"range": "0-1",
"sort": [
"-createdAt"
]
}
- query: object
-
A search parameter JSON object to match against case properties.
The example payload provided here demonstrates how to match only alerts with a value for the 'title' field which includes the words 'OpenDXL' and 'Example'.
- range: object
-
The range to return from the search results.
- sort: string[]
-
The order and value by which to sort the results. (For example: '-createdAt' will sort by the createdAt attribute, in descending order.
string
The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.
[
{
"_id": "237c6fbc97b86f81b30365acfc7e04c8",
"_parent": null,
"_routing": "237c6fbc97b86f81b30365acfc7e04c8",
"_type": "alert",
"_version": 1,
"artifacts": [
],
"createdAt": 1524002836273,
"createdBy": "admin",
"date": 1524002836301,
"description": "Created by the OpenDXL Alert Example",
"follow": true,
"id": "237c6fbc97b86f81b30365acfc7e04c8",
"lastSyncDate": 1524002836302,
"severity": 3,
"source": "OpenDXL",
"sourceRef": "1471d7d94f6042cd",
"status": "New",
"title": "OpenDXL Alert Example",
"tlp": 2,
"type": "external"
}
]
- Error Code: 0
/opendxl-thehive/service/thehive-api/case/create
Invokes an TheHive 'Create Case' command and returns the results.
For a list of attributes that can be used with this command, see: TheHive API: Case (Model Definition).
{
"description": "Created by the OpenDXL Case Example",
"severity": 3,
"title": "OpenDXL Case Example"
}
- description: integer
-
Description of the case.
- title: string
-
Title of the task.
The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.
{
"_id": "AWLVqGV4EL_PtpkToK8t",
"_parent": null,
"_routing": "AWLVqGV4EL_PtpkToK8t",
"_type": "case",
"_version": 1,
"caseId": 90,
"createdAt": 1524003005674,
"createdBy": "admin",
"customFields": {
},
"description": "Created by the OpenDXL Case Example",
"flag": false,
"id": "AWLVqGV4EL_PtpkToK8t",
"metrics": {
},
"owner": "admin",
"severity": 3,
"startDate": 1524003005814,
"status": "Open",
"title": "OpenDXL Case Example",
"tlp": 2
}
- Error Code: 0
/opendxl-thehive/service/thehive-api/case/get
Invokes an TheHive 'Get Case' command and returns the results.
The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.
{
"_id": "AWLVqGV4EL_PtpkToK8t",
"_parent": null,
"_routing": "AWLVqGV4EL_PtpkToK8t",
"_type": "case",
"_version": 1,
"caseId": 90,
"createdAt": 1524003005674,
"createdBy": "admin",
"customFields": {
},
"description": "Created by the OpenDXL Case Example",
"flag": false,
"id": "AWLVqGV4EL_PtpkToK8t",
"metrics": {
},
"owner": "admin",
"severity": 3,
"startDate": 1524003005814,
"status": "Open",
"title": "OpenDXL Case Example",
"tlp": 2
}
- Error Code: 0
/opendxl-thehive/service/thehive-api/case/observable/create
Invokes an TheHive 'Create Observable' command and returns the results.
For a list of additional attributes that can be used with this command, see: TheHive API: Observable (Model Definition).
{
"caseId": 7,
"data": "OpenDXL",
"dataType": "user-agent",
"message": "Created by the OpenDXL Observable Example"
}
- caseId: integer
-
ID of the case.
- data: string
-
Cannot be provided if attachment provided. Required if attachment not provided.
- attachment: string
-
Binary data as string. Cannot be provided if data provided. Required if data not provided.
The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.
{
"_id": "7179b9c6564146841b69bfe0699013db",
"_parent": "AWLVqGV4EL_PtpkToK8t",
"_routing": "AWLVqGV4EL_PtpkToK8t",
"_type": "case_artifact",
"_version": 1,
"createdAt": 1524003006922,
"createdBy": "admin",
"data": "OpenDXL",
"dataType": "user-agent",
"id": "7179b9c6564146841b69bfe0699013db",
"ioc": false,
"message": "Created by the OpenDXL Observable Example",
"reports": {
},
"sighted": false,
"startDate": 1524003006946,
"status": "Ok",
"tags": [
],
"tlp": 2
}
- Error Code: 0
/opendxl-thehive/service/thehive-api/case/observable/get
Invokes an TheHive 'Get Observable' command and returns the results.
The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.
{
"_id": "7179b9c6564146841b69bfe0699013db",
"_parent": "AWLVqGV4EL_PtpkToK8t",
"_routing": "AWLVqGV4EL_PtpkToK8t",
"_type": "case_artifact",
"_version": 1,
"createdAt": 1524003006922,
"createdBy": "admin",
"data": "OpenDXL",
"dataType": "user-agent",
"id": "7179b9c6564146841b69bfe0699013db",
"ioc": false,
"message": "Created by the OpenDXL Observable Example",
"reports": {
},
"sighted": false,
"startDate": 1524003006946,
"status": "Ok",
"tags": [
],
"tlp": 2
}
- Error Code: 0
/opendxl-thehive/service/thehive-api/case/observable/search
Invokes an TheHive 'Observable Search' command and returns the results.
{
"query": {
"_string": "title:(OpenDXL AND Example)"
},
"range": "0-1",
"sort": [
"-createdAt"
]
}
- query: object
-
A search parameter JSON object to match against case properties.
The example payload provided here demonstrates how to match only observables with a value for the 'title' field which includes the words 'OpenDXL' and 'Example'.
- range: object
-
The range to return from the search results.
- sort: string[]
-
The order and value by which to sort the results. (For example: '-createdAt' will sort by the createdAt attribute, in descending order.
string
The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.
[
{
"_id": "7179b9c6564146841b69bfe0699013db",
"_parent": "AWLVqGV4EL_PtpkToK8t",
"_routing": "AWLVqGV4EL_PtpkToK8t",
"_type": "case_artifact",
"_version": 1,
"createdAt": 1524003006922,
"createdBy": "admin",
"data": "OpenDXL",
"dataType": "user-agent",
"id": "7179b9c6564146841b69bfe0699013db",
"ioc": false,
"message": "Created by the OpenDXL Observable Example",
"reports": {
},
"sighted": false,
"startDate": 1524003006946,
"status": "Ok",
"tags": [
],
"tlp": 2
}
]
- Error Code: 0
/opendxl-thehive/service/thehive-api/case/search
Invokes an TheHive 'Case Search' command and returns the results.
{
"query": {
"_string": "title:(OpenDXL AND Example)"
},
"range": "0-1",
"sort": [
"-createdAt"
]
}
- query: object
-
A search parameter JSON object to match against case properties.
The example payload provided here demonstrates how to match only cases with a value for the 'title' field which includes the words 'OpenDXL' and 'Example'.
- range: object
-
The range to return from the search results.
- sort: string[]
-
The order and value by which to sort the results. (For example: '-createdAt' will sort by the createdAt attribute, in descending order.
string
The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.
[
{
"_id": "AWLVqVBjEL_PtpkToK_B",
"_parent": null,
"_routing": "AWLVqVBjEL_PtpkToK_B",
"_type": "case",
"_version": 1,
"caseId": 91,
"createdAt": 1524003064979,
"createdBy": "admin",
"customFields": {
},
"description": "Created by the OpenDXL Case Example",
"flag": false,
"id": "AWLVqVBjEL_PtpkToK_B",
"metrics": {
},
"owner": "admin",
"severity": 3,
"startDate": 1524003065953,
"status": "Open",
"title": "OpenDXL Case Task Example",
"tlp": 2
}
]
- Error Code: 0
/opendxl-thehive/service/thehive-api/case/task/create
Invokes an TheHive 'Create Task' command and returns the results.
For a list of additional attributes that can be used with this command, see: TheHive API: Task (Model Definition).
{
"caseId": "7",
"owner": "myuser",
"title": "OpenDXL Task Example"
}
- caseId: integer
-
ID of the case.
- title: string
-
Title of the task.
The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.
- Error Code: 0
/opendxl-thehive/service/thehive-api/case/task/get
Invokes an TheHive 'Get Task' command and returns the results.
The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.
{
"_id": "AWLVqVSlEL_PtpkToK_D",
"_parent": "AWLVqVBjEL_PtpkToK_B",
"_routing": "AWLVqVBjEL_PtpkToK_B",
"_type": "case_task",
"_version": 1,
"createdAt": 1524003067041,
"createdBy": "admin",
"description": "Created by the OpenDXL Task Example",
"flag": false,
"id": "AWLVqVSlEL_PtpkToK_D",
"order": 0,
"status": "InProgress",
"title": "OpenDXL Task Example"
}
- Error Code: 0
/opendxl-thehive/service/thehive-api/case/task/search
Invokes an TheHive 'Task Search' command and returns the results.
{
"query": {
"_string": "title:(OpenDXL AND Example)"
},
"range": "0-1",
"sort": [
"-createdAt"
]
}
- query: object
-
A search parameter JSON object to match against case properties.
The example payload provided here demonstrates how to match only tasks with a value for the 'title' field which includes the words 'OpenDXL' and 'Example'.
- range: object
-
The range to return from the search results.
- sort: string[]
-
The order and value by which to sort the results. (For example: '-createdAt' will sort by the createdAt attribute, in descending order.
string
The contents of the DXL response payload are provided as a JSON string form of the response provided by the TheHive API. Please see the TheHive API for further details.
[
{
"_id": "AWLVqVSlEL_PtpkToK_D",
"_parent": "AWLVqVBjEL_PtpkToK_B",
"_routing": "AWLVqVBjEL_PtpkToK_B",
"_type": "case_task",
"_version": 1,
"createdAt": 1524003067041,
"createdBy": "admin",
"description": "Created by the OpenDXL Task Example",
"flag": false,
"id": "AWLVqVSlEL_PtpkToK_D",
"order": 0,
"status": "InProgress",
"title": "OpenDXL Task Example"
}
]
- Error Code: 0