tcex.tcex_ti_indicator module

ThreatConnect Batch Import Module

class tcex.tcex_ti_indicator.ASN(as_number, **kwargs)[source]

Bases: tcex.tcex_ti_indicator.Indicator

ThreatConnect Batch ASN Object.

class tcex.tcex_ti_indicator.Address(ip, **kwargs)[source]

Bases: tcex.tcex_ti_indicator.Indicator

ThreatConnect Batch Address Object

class tcex.tcex_ti_indicator.CIDR(block, **kwargs)[source]

Bases: tcex.tcex_ti_indicator.Indicator

ThreatConnect Batch CIDR Object

class tcex.tcex_ti_indicator.EmailAddress(address, **kwargs)[source]

Bases: tcex.tcex_ti_indicator.Indicator

ThreatConnect Batch EmailAddress Object

class tcex.tcex_ti_indicator.File(md5=None, sha1=None, sha256=None, **kwargs)[source]

Bases: tcex.tcex_ti_indicator.Indicator

ThreatConnect Batch File Object

action(relationship)[source]

Add a File Action.

md5

Return Indicator md5.

sha1

Return Indicator sha1.

sha256

Return Indicator sha256.

size

Return Indicator size.

class tcex.tcex_ti_indicator.FileAction(parent_xid, relationship)[source]

Bases: object

ThreatConnect Batch FileAction Object

__str__()[source]

Return string represtentation of object.

action(relationship)[source]

Add a nested File Action.

data

Return File Occurrence data.

class tcex.tcex_ti_indicator.FileOccurrence(file_name=None, path=None, date=None)[source]

Bases: object

ThreatConnect Batch FileAction Object.

__str__()[source]

Return string represtentation of object.

data

Return File Occurrence data.

date

Return File Occurrence date.

file_name

Return File Occurrence file name.

path

Return File Occurrence path.

class tcex.tcex_ti_indicator.Host(hostname, **kwargs)[source]

Bases: tcex.tcex_ti_indicator.Indicator

ThreatConnect Batch Host Object

dns_active

Return Indicator dns active.

whois_active

Return Indicator whois active.

class tcex.tcex_ti_indicator.Indicator(indicator_type, summary, **kwargs)[source]

Bases: object

ThreatConnect Batch Indicator Object

__str__()[source]

Return string represtentation of object

active

Return Indicator active.

add_key_value(key, value)[source]

Add custom field to Indicator object.

Note

The key must be the exact name required by the batch schema.

Example:

file_hash = tcex.batch.file('File', '1d878cdc391461e392678ba3fc9f6f32')
file_hash.add_key_value('size', '1024')
Parameters:
  • key (str) – The field key to add to the JSON batch data.
  • value (str) – The field value to add to the JSON batch data.
association(group_xid)[source]

Add association using xid value.

Parameters:group_xid (str) – The external id of the Group to associate.
attribute(attr_type, attr_value, displayed=False, source=None, unique=True, formatter=None)[source]

Return instance of Attribute

unique:
  • False - Attribute type:value can be duplicated.
  • Type - Attribute type has to be unique (e.g., only 1 Description Attribute).
  • True - Attribute type:value combo must be unique.
Parameters:
  • attr_type (str) – The ThreatConnect defined attribute type.
  • attr_value (str) – The value for this attribute.
  • (bool, default (displayed) – false): If True the supported attribute will be marked for display.
  • source (str, optional) – The source value for this attribute.
  • unique (bool|string, optional) – Control attribute creation.
  • formatter (method, optional) – A method that takes a single attribute value and returns a single formatted value.
Returns:

An instance of Attribute.

Return type:

obj

static build_summary(val1=None, val2=None, val3=None)[source]

Build the Indicator summary using available values.

confidence

Return Indicator confidence.

data

Return Indicator data.

date_added

Return Indicator dateAdded.

last_modified

Return Indicator lastModified.

occurrence(file_name=None, path=None, date=None)[source]

Add a file Occurrence.

Parameters:
  • file_name (str, optional) – The file name for this occurrence.
  • path (str, optional) – The file path for this occurrence.
  • date (str, optional) – The datetime expression for this occurrence.
Returns:

An instance of Occurrence.

Return type:

obj

private_flag

Return Indicator private flag.

rating

Return Indicator rating.

security_label(name, description=None, color=None)[source]

Return instance of SecurityLabel.

Note

The provided security label will be create if it doesn’t exist. If the security label already exists nothing will be changed.

Parameters:
  • name (str) – The value for this security label.
  • description (str) – A description for this security label.
  • color (str) – A color (hex value) for this security label.
Returns:

An instance of SecurityLabel.

Return type:

obj

summary

Return Indicator summary.

tag(name, formatter=None)[source]

Return instance of Tag.

Parameters:
  • name (str) – The value for this tag.
  • formatter (method, optional) – A method that take a tag value and returns a formatted tag.
Returns:

An instance of Tag.

Return type:

obj

type

Return Group type.

xid

Return Group xid.

class tcex.tcex_ti_indicator.Mutex(mutex, **kwargs)[source]

Bases: tcex.tcex_ti_indicator.Indicator

ThreatConnect Batch Mutex Object

class tcex.tcex_ti_indicator.RegistryKey(key_name, value_name, value_type, **kwargs)[source]

Bases: tcex.tcex_ti_indicator.Indicator

ThreatConnect Batch Registry Key Object

class tcex.tcex_ti_indicator.URL(text, **kwargs)[source]

Bases: tcex.tcex_ti_indicator.Indicator

ThreatConnect Batch URL Object

class tcex.tcex_ti_indicator.UserAgent(text, **kwargs)[source]

Bases: tcex.tcex_ti_indicator.Indicator

ThreatConnect Batch User Agent Object

tcex.tcex_ti_indicator.custom_indicator_class_factory(indicator_type, base_class, class_dict, value_fields)[source]

Internal method for dynamically building Custom Indicator Class.