tcex.tcex_ti_group module

ThreatConnect Batch Import Module

class tcex.tcex_ti_group.Adversary(name, **kwargs)[source]

Bases: tcex.tcex_ti_group.Group

ThreatConnect Batch Adversary Object

class tcex.tcex_ti_group.Campaign(name, **kwargs)[source]

Bases: tcex.tcex_ti_group.Group

ThreatConnect Batch Campaign Object

first_seen

Return Document first seen.

class tcex.tcex_ti_group.Document(name, file_name, **kwargs)[source]

Bases: tcex.tcex_ti_group.Group

ThreatConnect Batch Document Object

file_content

Return Group files.

file_data

Return Group files.

malware

Return Document malware.

password

Return Document password.

class tcex.tcex_ti_group.Email(name, subject, header, body, **kwargs)[source]

Bases: tcex.tcex_ti_group.Group

ThreatConnect Batch Email Object

from_addr

Return Email to.

score

Return Email to.

to_addr

Return Email to.

class tcex.tcex_ti_group.Event(name, **kwargs)[source]

Bases: tcex.tcex_ti_group.Group

ThreatConnect Batch Event Object

event_date

Return the Events “event date” value.

status

Return the Events status value.

class tcex.tcex_ti_group.Group(group_type, name, **kwargs)[source]

Bases: object

ThreatConnect Batch Group Object

__str__()[source]

Return string representation of object.

add_file(filename, file_content)[source]

Add a file for Document and Report types.

Example:

document = tcex.batch.group('Document', 'My Document')
document.add_file('my_file.txt', 'my contents')
Parameters:
  • filename (str) – The name of the file.
  • file_content (bytes|method|str) – The contents of the file or callback to get contents.
add_key_value(key, value)[source]

Add custom field to Group object.

Note

The key must be the exact name required by the batch schema.

Example:

document = tcex.batch.group('Document', 'My Document')
document.add_key_value('fileName', 'something.pdf')
Parameters:
  • key (str) – The field key to add to the JSON batch data.
  • value (str) – The field value to add to the JSON batch data.
association(group_xid)[source]

Add association using xid value.

Parameters:group_xid (str) – The external id of the Group to associate.
attribute(attr_type, attr_value, displayed=False, source=None, unique=True, formatter=None)[source]

Return instance of Attribute

unique:
  • False - Attribute type:value can be duplicated.
  • ‘Type’ - Attribute type has to be unique (e.g., only 1 Description Attribute).
  • True - Attribute type:value combo must be unique.
Parameters:
  • attr_type (str) – The ThreatConnect defined attribute type.
  • attr_value (str) – The value for this attribute.
  • (bool, default (displayed) – false): If True the supported attribute will be marked for display.
  • source (str, optional) – The source value for this attribute.
  • unique (bool|string, optional) – Control attribute creation.
  • formatter (method, optional) – A method that takes a single attribute value and returns a single formatted value.
Returns:

An instance of Attribute.

Return type:

obj

data

Return Group data.

date_added

Return Group dateAdded.

file_data

Return Group file (only supported for Document and Report).

name

Return Group name.

processed

Return processed value.

Note

Processed value indicates that a group with this xid has already been processed.

security_label(name, description=None, color=None)[source]

Return instance of SecurityLabel.

Note

The provided security label will be create if it doesn’t exist. If the security label already exists nothing will be changed.

Parameters:
  • name (str) – The value for this security label.
  • description (str) – A description for this security label.
  • color (str) – A color (hex value) for this security label.
Returns:

An instance of SecurityLabel.

Return type:

obj

tag(name, formatter=None)[source]

Return instance of Tag.

Parameters:
  • name (str) – The value for this tag.
  • formatter (method, optional) – A method that take a tag value and returns a formatted tag.
Returns:

An instance of Tag.

Return type:

obj

type

Return Group type.

xid

Return Group xid.

class tcex.tcex_ti_group.Incident(name, **kwargs)[source]

Bases: tcex.tcex_ti_group.Group

ThreatConnect Batch Incident Object

event_date

Return Incident event date.

status

Return Incident status.

class tcex.tcex_ti_group.IntrusionSet(name, **kwargs)[source]

Bases: tcex.tcex_ti_group.Group

ThreatConnect Batch Adversary Object

class tcex.tcex_ti_group.Report(name, **kwargs)[source]

Bases: tcex.tcex_ti_group.Group

ThreatConnect Batch Report Object

file_content

Return Group files.

file_data

Return Group files.

publish_date

Return Report publish date.

class tcex.tcex_ti_group.Signature(name, file_name, file_type, file_text, **kwargs)[source]

Bases: tcex.tcex_ti_group.Group

ThreatConnect Batch Signature Object

class tcex.tcex_ti_group.Threat(name, **kwargs)[source]

Bases: tcex.tcex_ti_group.Group

ThreatConnect Batch Threat Object