TcEx

tcex.tcex

TcEx Framework

class tcex.tcex.TcEx(**kwargs)[source]

Bases: object

Provides basic functionality for all types of TxEx Apps.

Parameters:

  • config (dict, kwargs) – A dictionary containing configuration items typically used by external Apps.

  • config_file (str, kwargs) – A filename containing JSON configuration items typically used by external Apps.

_signal_handler(signal_interrupt: int, _)[source]

Handle signal interrupt.

advanced_request(session: Session, output_prefix: str, timeout: Optional[int] = 600) AdvancedRequest[source]

Return instance of AdvancedRequest.

Parameters:

  • session – An instance of requests.Session.

  • output_prefix – A value to prepend to outputs.

  • timeout – The number of second before timing out the request.

property api: API

Return instance of Threat Intel Utils.

exit(code: Optional[ExitCode] = None, msg: Optional[str] = None)[source]

Application exit method with proper exit code

The method will run the Python standard sys.exit() with the exit code previously defined via exit_code() or provided during the call of this method.

Parameters:

  • code – The exit code value for the app.

  • msg – A message to log and add to message tc output.

property exit_code: ExitCode

Return the current exit code.

exit_service

Makes a value unique for each thread and also acts as a @property decorator.

Essentially, a thread-and-process local value. When used to decorate a function, will treat that function as a factory for the underlying value, and will invoke it to produce a value for each thread the value is requested from.

Note that this also provides a cache: each thread will re-use the value previously created for it.

file_operations

Include the Utils module.

static get_exit_service(inputs) ExitService[source]

Create an ExitService object.

get_playbook(context: Optional[str] = None, output_variables: Optional[list] = None) Playbook[source]

Return a new instance of playbook module.

Parameters:

  • context – The KV Store context/session_id. For PB Apps the context is provided on startup, but for service Apps each request gets a different context.

  • output_variables – The requested output variables. For PB Apps outputs are provided on startup, but for service Apps each request gets different outputs.

static get_redis_client(host: str, port: int, db: int = 0, blocking_pool: bool = False, **kwargs) Redis[source]

Return a new instance of Redis client.

For a full list of kwargs see https://redis-py.readthedocs.io/en/latest/#redis.Connection.

Parameters:

  • host – The REDIS host. Defaults to localhost.

  • port – The REDIS port. Defaults to 6379.

  • db – The REDIS db. Defaults to 0.

  • blocking_pool – Use BlockingConnectionPool instead of ConnectionPool.

  • **kwargs – Additional keyword arguments.

Keyword Arguments:

  • errors (str) – The REDIS errors policy (e.g. strict).

  • max_connections (int) – The maximum number of connections to REDIS.

  • password (Sensitive) – The REDIS password.

  • socket_timeout (int) – The REDIS socket timeout.

  • timeout (int) – The REDIS Blocking Connection Pool timeout value.

  • username (str) – The REDIS username.

get_session_external() ExternalSession[source]

Return an instance of Requests Session configured for the ThreatConnect API.

get_session_tc(auth: Optional[Union[HmacAuth, TokenAuth, TcAuth]] = None, base_url: Optional[str] = None, log_curl: Optional[bool] = None, proxies: Optional[Dict[str, str]] = None, proxies_enabled: Optional[bool] = None, verify: Optional[Union[bool, str]] = None) TcSession[source]

Return an instance of Requests Session configured for the ThreatConnect API.

No args are required to get a working instance of TC Session instance.

This method allows for getting a new instance of TC Session instance. This can be very useful when connecting between multiple TC instances (e.g., migrating data).

key_value_store

Makes a value unique for each thread and also acts as a @property decorator.

Essentially, a thread-and-process local value. When used to decorate a function, will treat that function as a factory for the underlying value, and will invoke it to produce a value for each thread the value is requested from.

Note that this also provides a cache: each thread will re-use the value previously created for it.

property log: TraceLogger

Return a valid logger.

logger

Return logger.

playbook

Makes a value unique for each thread and also acts as a @property decorator.

Essentially, a thread-and-process local value. When used to decorate a function, will treat that function as a factory for the underlying value, and will invoke it to produce a value for each thread the value is requested from.

Note that this also provides a cache: each thread will re-use the value previously created for it.

proxies

Format the proxy configuration for Python Requests module.

Generates a dictionary for use with the Python Requests module format when proxy is required for remote connections.

Example Response

{"http": "http://user:[email protected]:3128/"}
Returns:

Dictionary of proxy settings

Return type:

(dict)

redis_client

Makes a value unique for each thread and also acts as a @property decorator.

Essentially, a thread-and-process local value. When used to decorate a function, will treat that function as a factory for the underlying value, and will invoke it to produce a value for each thread the value is requested from.

Note that this also provides a cache: each thread will re-use the value previously created for it.

results_tc(key: str, value: str)[source]

Write data to results_tc file in TcEX specified directory.

The TcEx platform support persistent values between executions of the App. This method will store the values for TC to read and put into the Database.

Parameters:

  • key – The data key to be stored.

  • value – The data value to be stored.

service

Include the Service Module.

session_external

Makes a value unique for each thread and also acts as a @property decorator.

Essentially, a thread-and-process local value. When used to decorate a function, will treat that function as a factory for the underlying value, and will invoke it to produce a value for each thread the value is requested from.

Note that this also provides a cache: each thread will re-use the value previously created for it.

session_tc

Makes a value unique for each thread and also acts as a @property decorator.

Essentially, a thread-and-process local value. When used to decorate a function, will treat that function as a factory for the underlying value, and will invoke it to produce a value for each thread the value is requested from.

Note that this also provides a cache: each thread will re-use the value previously created for it.

set_exit_code(exit_code: int)[source]

Set the exit code (registry)

property ti_utils: ThreatIntelUtils

Return instance of Threat Intel Utils.

token

Return token object.

utils

Include the Utils module.

v2

Return a case management instance.

v3

Return a case management instance.