Examples

Custom Metric Examples

Note

Available in 5.4+ version of the ThreatConnect API.

  • Direct Access: resource = tcex.resources.CustomMetric(tcex)
  • Dynamic Access: resource = tcex.resource('CustomMetric')

Read Metric Configs

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resource('CustomMetric')
    results = resource.request()
    print(json.dumps(results.get('data'), indent=4))


if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
{
  "status": "Success",
  "data": {
    "resultCount": 3,
    "customMetricConfig": [
      {
        "id": 2,
        "name": "Block Firewall Playbook Executions",
        "dataType": "Sum",
        "interval": "Hourly",
        "keyedValues": false,
        "description": "Execution count for HTTP trigger on Block Firewall"
      },
      {
        "id": 3,
        "name": "My Custom Metric",
        "dataType": "Sum",
        "interval": "Hourly",
        "keyedValues": true,
        "description": "A sum of all occurrences per Indicator Source"
      }
    ]
  }
}

Create Metric Config

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resource('CustomMetric')
    resource.http_method = 'POST'
    body = {
      'name': 'My Custom Metric',
      'dataType': 'Sum',
      'interval': 'Hourly',
      'keyedValues': true,
      'description': 'A sum of all occurrences per Indicator Source'
    }
    results = resource.request()
    print(json.dumps(results.get('data'), indent=4))


if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
{
  "status": "Success",
  "data": {
    "customMetricConfig": {
      "id": 3,
      "name": "My Custom Metric",
      "dataType": "Sum",
      "interval": "Hourly",
      "keyedValues": true,
      "description": "A sum of all occurrences per Indicator Source"
    }
  }
}

Read Metric Config (by ID)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resource('CustomMetric')
    resource.resource_id(3)
    results = resource.request()
    print(json.dumps(results.get('data'), indent=4))


if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
{
  "status": "Success",
  "data": {
    "customMetricConfig": {
      "id": 3,
      "name": "My Custom Metric",
      "dataType": "Sum",
      "interval": "Hourly",
      "keyedValues": true,
      "description": "A sum of all occurrences per Indicator Source"
    }
  }
}

Read Metric Config (by Name)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resource('CustomMetric')
    resource.resource_name('My Custom Metric')
    results = resource.request()
    print(json.dumps(results.get('data'), indent=4))


if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
{
  "status": "Success",
  "data": {
    "customMetricConfig": {
      "id": 3,
      "name": "My Custom Metric",
      "dataType": "Sum",
      "interval": "Hourly",
      "keyedValues": true,
      "description": "A sum of all occurrences per Indicator Source"
    }
  }
}

Update Metric Config

Note

Both the Metric ID and Metric Name can be used via the resource_id() or resource_name methods.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resource('CustomMetric')
    resource.resource_id(3)
    resource.http_method = PUT
    body = {
      'name': 'My Custom Metric',
      'dataType': 'Sum',
      'interval': 'Hourly',
      'keyedValues': true,
      'description': '(updated) A sum of all occurrences per Indicator Source'
    }
    results = resource.request()
    print(json.dumps(results.get('data'), indent=4))


if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
{
  "status": "Success",
  "data": {
    "customMetricConfig": {
      "id": 3,
      "name": "My Custom Metric",
      "dataType": "Sum",
      "interval": "Hourly",
      "keyedValues": true,
      "description": "(updated) A sum of all occurrences per Indicator Source"
    }
  }
}

Create Metric Data

Note

The weight parameter is optional.

Important

Creating metrics will return a 204 by default with no Data. To get updated Metrics use the returnValue=true query parameter.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resource('CustomMetric')
    resource.http_method = 'POST'
    resource.data(3)
    body = {
      "value": 1,
      "weight": 1
    }
    resource.body = json.dumps(body)
    results = resource.request()
    print(results.get('status_code'))


if __name__ == "__main__":
    main()

Response

No response returned.

Create Metric Data (with returnValue)

Note

The weight parameter is optional.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resource('CustomMetric')
    resource.http_method = 'POST'
    resource.data(3, True)
    body = {
      "name": "blue",
      "value": 1,
      "weight": 1
    }
    results = resource.request()
    print(json.dumps(results.get('data'), indent=4))


if __name__ == "__main__":
    main()

Response

The response contains the processed results for the reporting period. For example if the Metric configured for a sum over a 1 hour period and this was the second value of 1 posted the response value would be 2.

1
2
3
4
{
    "value": 2,
    "date": "2017-10-02T20:00:00-04:00"
}

Data Store Examples

  • Direct Access: resource = tcex.resources.DataStore(tcex)
  • Dynamic Access: resource = tcex.resource('DataStore')

Create Entry

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resources.DataStore(tcex)
    body = {'one': 1}
    results = resource.create('local', 'tcex', 1, body)
    print(json.dumps(results.get('data'), indent=4))


if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
{
    "_type": "24$tcex",
    "created": true,
    "_shards": {
        "successful": 1,
        "failed": 0,
        "total": 2
    },
    "_version": 1,
    "_index": "$local",
    "_id": "1"
}

Read Entry

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resources.DataStore(tcex)
    results = resource.read('local', 'tcex', 1)
    print(json.dumps(results.get('data'), indent=4))


if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
{
    "_type": "24$tcex",
    "_source": {
        "one": 1
    },
    "_index": "$local",
    "_version": 1,
    "found": true,
    "_id": "1"
}

Update Entry

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resources.DataStore(tcex)
    body = {'one': 1, 'two', 2}
    results = resource.update('local', 'tcex', 1, body)
    print(json.dumps(results.get('data'), indent=4))


if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
{
    "_type": "24$tcex",
    "created": false,
    "_shards": {
        "successful": 1,
        "failed": 0,
        "total": 2
    },
    "_version": 2,
    "_index": "$local",
    "_id": "1"
}

Delete Entry

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resources.DataStore(tcex)
    results = resource.delete('local', 'tcex', 1)
    print(json.dumps(results.get('data'), indent=4))


if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
{
    "_type": "24$tcex",
    "_shards": {
        "successful": 1,
        "failed": 0,
        "total": 2
    },
    "_index": "$local",
    "_version": 3,
    "found": true,
    "_id": "1"
}

Indicator Resource Examples

Resource Type Class
Indicator Direct resource = tcex.resources.Indicator(tcex)
Indicator Dynamic resource = tcex.resource(‘Indicator’)
Address Direct resource = tcex.resources.Address(tcex)
Address Dynamic resource = tcex.resource(‘Address’)
EmailAddress Direct resource = tcex.resources.EmailAddress(tcex)
EmailAddress Dynamic resource = tcex.resource(‘EmailAddress’)
File Direct resource = tcex.resources.File(tcex)
File Dynamic resource = tcex.resource(‘File’)
Host Direct resource = tcex.resources.Host(tcex)
Host Dynamic resource = tcex.resource(‘Host’)
URL Direct resource = tcex.resources.URL(tcex)
URL Dynamic resource = tcex.resource(‘URL’)

Note

Custom Indicator types can only be accessed via the Dynamic method.

Retrieve All Indicators

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resources.Indicator(tcex)
    resource.owner = 'Acme Corp'
    resource.url = args.tc_api_path

    for results in resource:  # pagination
        if results.get('status') == 'Success':
            print(json.dumps(results.get('data', []), indent=4))
        else:
            warn = 'Failed retrieving result during pagination.'
            tcex.log.error(warn)


if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[{
    "rating": 5.0,
    "confidence": 100,
    "dateAdded": "2017-02-23T20:23:59Z",
    "description": "Create via Playbook",
    "threatAssessConfidence": 100.0,
    "lastModified": "2017-03-02T19:05:03Z",
    "threatAssessRating": 5.0,
    "webLink": "https://app.threatconnect.com/auth/indicators/details/address.xhtml?address=1.1.1.4&owner=Acme+Corp",
    "summary": "1.1.1.4",
    "ownerName": "Acme Corp",
    "type": "Address",
    "id": 632128
},
{
    "rating": 5.0,
    "confidence": 100,
    "dateAdded": "2017-02-21T16:52:15Z",
    "description": "Test Description #5",
    "threatAssessConfidence": 77.5,
    "lastModified": "2017-02-21T00:00:00Z",
    "threatAssessRating": 5.0,
    "webLink": "https://app.threatconnect.com/auth/indicators/details/customIndicator.xhtml?id=603903&owner=Acme+Corp",
    "summary": "HKEY_LOCAL_MACHINE : my-registry-key : REG_DWORD",
    "ownerName": "Acme Corp",
    "type": "Registry Key",
    "id": 603903
},
<... snipped>
]

Retrieve Specific Indicator

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resource('Address')
    resource.owner = 'Acme Corp'
    resource.url = args.tc_api_path
    resource.resource_id('1.1.1.4')  # Optional

    results = resource.request()
    print(json.dumps(results.get('data'), indent=4))

if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
{
    "rating": 5.0,
    "confidence": 100,
    "dateAdded": "2017-02-23T20:23:59Z",
    "description": "Create via Playbook",
    "threatAssessConfidence": 100.0,
    "lastModified": "2017-03-02T19:05:03Z",
    "threatAssessRating": 5.0,
    "webLink": "https://app.threatconnect.com/auth/indicators/details/address.xhtml?address=1.1.1.4&owner=Acme+Corp",
    "ip": "1.1.1.4",
    "owner": {
        "type": "Organization",
        "id": 2,
        "name": "Acme Corp"
    },
    "id": 632128
}

Retrieve Filtered Indicators

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resource('Indicator')
    resource.owner = 'Acme Corp'
    resource.url = args.tc_api_path
    resource.add_filter('rating', '>', 1)
    resource.add_filter('confidence', '>', 50)

    for results in resource:  # pagination
        if results.get('status') == 'Success':
            print(json.dumps(results.get('data'), indent=4))
        else:
            warn = 'Failed retrieving result during pagination.'
            tcex.log.error(warn)


if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[{
    "rating": 5.0,
    "confidence": 100,
    "dateAdded": "2017-02-23T20:23:59Z",
    "description": "Create via Playbook",
    "threatAssessConfidence": 100.0,
    "lastModified": "2017-03-02T19:05:03Z",
    "threatAssessRating": 5.0,
    "webLink": "https://app.threatconnect.com/auth/indicators/details/address.xhtml?address=1.1.1.4&owner=Acme+Corp",
    "summary": "1.1.1.4",
    "ownerName": "Acme Corp",
    "type": "Address",
    "id": 632128
},
{
    "rating": 5.0,
    "confidence": 100,
    "dateAdded": "2017-02-21T16:52:15Z",
    "description": "Test Description #5",
    "threatAssessConfidence": 77.5,
    "lastModified": "2017-02-21T00:00:00Z",
    "threatAssessRating": 5.0,
    "webLink": "https://app.threatconnect.com/auth/indicators/details/customIndicator.xhtml?id=603903&owner=Acme+Corp",
    "summary": "HKEY_LOCAL_MACHINE : my-registry-key : REG_DWORD",
    "ownerName": "Acme Corp",
    "type": "Registry Key",
    "id": 603903
},
<... snipped>
]

Indicator Associations

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resource('Indicator')
    resource.owner = 'Acme Corp'
    resource.url = args.tc_api_path
    resource.add_filter('rating', '>', 1)
    resource.add_filter('confidence', '>', 50)

    for results in resource:  # pagination
        if results.get('status') == 'Success':
            for indicator_data in results.get('data', []):
                print(indicator_data.get('summary'))

                iocs = [x for x in resource.indicators(i)]  # get all iocs if more than 1
                ioc = iocs[0].get('value')  # only need the first one

                # Get new Resource Object of Indicator Type
                i_resource = tcex.resource(indicator_data.get('type'))
                i_resource.resource_id(ioc)  # set resource ID

                ar = tcex.resource('Adversary')  # Get Adversaries Instance
                associations_resource = i_resource.associations(ar)
                associations_results = associations_resource.request()
                print(json.dumps(associations_results.get('data', []), indent=4))

        else:
            warn = 'Failed retrieving result during pagination.'
            tcex.log.error(warn)


if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[{
    "rating": 5.0,
    "confidence": 100,
    "dateAdded": "2017-02-23T20:23:59Z",
    "description": "Create via Playbook",
    "threatAssessConfidence": 100.0,
    "lastModified": "2017-03-02T19:05:03Z",
    "threatAssessRating": 5.0,
    "webLink": "https://app.threatconnect.com/auth/indicators/details/address.xhtml?address=1.1.1.4&owner=Acme+Corp",
    "summary": "1.1.1.4",
    "ownerName": "Acme Corp",
    "type": "Address",
    "id": 632128
},
{
    "rating": 5.0,
    "confidence": 100,
    "dateAdded": "2017-02-21T16:52:15Z",
    "description": "Test Description #5",
    "threatAssessConfidence": 77.5,
    "lastModified": "2017-02-21T00:00:00Z",
    "threatAssessRating": 5.0,
    "webLink": "https://app.threatconnect.com/auth/indicators/details/customIndicator.xhtml?id=603903&owner=Acme+Corp",
    "summary": "HKEY_LOCAL_MACHINE : my-registry-key : REG_DWORD",
    "ownerName": "Acme Corp",
    "type": "Registry Key",
    "id": 603903
},
<... snipped>
]

Security Label Resource Examples

  • Direct Access: resource = tcex.resources.SecurityLabel(tcex)
  • Dynamic Access: resource = tcex.resource('SecurityLabel')

Retrieve All Security Labels

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resources.SecurityLabel(tcex)
    resource.owner = 'Acme Corp'
    resource.url = args.tc_api_path

    for results in resource:  # pagination
        if results.get('status') == 'Success':
            print(json.dumps(results.get('data', []), indent=4))
        else:
            warn = 'Failed retrieving result during pagination.'
            tcex.log.error(warn)


    if __name__ == "__main__":
        main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
[{
    "dateAdded": "2017-01-04T20:07:00Z",
    "name": "TLP Green",
    "description": "TLP Green"
},
{
    "dateAdded": "2016-12-05T23:00:05Z",
    "name": "TLP Red",
    "description": "TLP Red"
}]

Retrieve Specific Security Label

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resources.SecurityLabel(tcex)
    resource.owner = 'Acme Corp'
    resource.url = args.tc_api_path
    resource.resource_id('TLP Green')  # Optional

    results = resource.request()
    print(json.dumps(results.get('data', []), indent=4))


if __name__ == "__main__":
    main()

Response

1
2
3
4
5
{
    "dateAdded": "2017-01-04T20:07:00Z",
    "name": "TLP Green",
    "description": "TLP Green"
}

Retrieve Filtered Security Labels

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resource('SecurityLabel')
    resource.owner = 'Acme Corp'
    resource.url = args.tc_api_path
    resource.add_filter('name', '^', 'TLP')  # Optional

    for results in resource:  # pagination
        if results.get('status') == 'Success':
            print(json.dumps(results.get('data'), indent=4))
        else:
            warn = 'Failed retrieving result during pagination.'
            tcex.log.error(warn)


    if __name__ == "__main__":
        main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
[{
    "dateAdded": "2017-01-04T20:07:00Z",
    "name": "TLP Green",
    "description": "TLP Green"
},
{
    "dateAdded": "2016-12-05T23:00:05Z",
    "name": "TLP Red",
    "description": "TLP Red"
}]

Tag Resource Examples

  • Direct Access: resource = tcex.resources.Tag(tcex)
  • Dynamic Access: resource = tcex.resource('Tag')

Retrieve All Tags

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resources.Tag(tcex)
    resource.owner = 'Acme Corp'
    resource.url = args.tc_api_path

    for results in resource:  # pagination
        if results.get('status') == 'Success':
            print(json.dumps(results.get('data', []), indent=4))
        else:
            warn = 'Failed retrieving result during pagination.'
            tcex.log.error(warn)


if __name__ == "__main__":
    main()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
[{
    "name": "APT",
    "webLink": "https://api.threatconnect.com/auth/tags/tag.xhtml?tag=APT&owner=Acme+Corp"
},
{
    "name": "AutoEnriched",
    "webLink": "https://api.threatconnect.com/auth/tags/tag.xhtml?tag=AutoEnriched&owner=Acme+Corp"
},
{
    "name": "China",
    "webLink": "https://api.threatconnect.com/auth/tags/tag.xhtml?tag=China&owner=Acme+Corp"
},
{
    "name": "CrimeWare",
    "webLink": "https://api.threatconnect.com/auth/tags/tag.xhtml?tag=Crimeware&owner=Acme+Corp"
}]

Retrieve Specific Tag

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resources.Tag(tcex)
    resource.owner = 'Acme Corp'
    resource.url = args.tc_api_path
    resource.resource_id('APT')  # Optional

    results = resource.request()
    print(json.dumps(results.get('data', []), indent=4))


if __name__ == "__main__":
    main()

Response

1
2
3
4
{
    "name": "APT",
    "webLink": "https://api.threatconnect.com/auth/tags/tag.xhtml?tag=APT&owner=Acme+Corp"
}

Retrieve Filtered Tags

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
""" standard """
import json
from datetime import datetime
""" third party """
""" custom """
from tcex import TcEx

tcex = TcEx()
args = tcex.args


def main():
    """ """
    resource = tcex.resource('Tag')
    resource.owner = 'Acme Corp'
    resource.url = args.tc_api_path
    resource.add_filter('name', '=', 'APT')  # Optional

    for results in resource:  # pagination
        if results.get('status') == 'Success':
            print(json.dumps(results.get('data'), indent=4))
        else:
            warn = 'Failed retrieving result during pagination.'
            tcex.log.error(warn)


if __name__ == "__main__":
    main()

Response

1
2
3
4
[{
    "name": "APT",
    "webLink": "https://api.threatconnect.com/auth/tags/tag.xhtml?tag=APT&owner=Acme+Corp"
}]