Python wrappers for some NSOC tools.
Python wrapper for some NSOC tools. Corsair aims to implement RESTFul wrappers for different tools commonly used by Network and Security Operations Centers (NSOC).
The main idea behind Corsair is to provide a method to access different APIs to facilitate the task of integrating tools. So far, each tool has at least three kinds of classes:
Api: the higher level of abstraction, which connects to the API.
Endpoint: uses endpoints to connect to certain API resources, by using CRUD methods.
Request: execute actions in a given API endpoint or resource, using HTTP methods.
Api class has particular properties according to the API it's representing. The
Endpoint class implements the CRUD methods themselves, usually:
createto insert new items,
readto retrieve a certain number of items,
updateto alter certain items, and
deleteto erase items.
Request class implements methods to interact with the server using HTTP, by handling URLs (filter parameters), headers (like
Authorization), and methods (like
DELETE). As all examples accross this repository present, the user will only have to connect to certain API using
Api classes and understand what endpoints are available in
Endpoint class. This should be enough to make all interactions.
It's a project decision to return almost "raw" data from API, so the consumer must treat this data. This is done because at this point of the project, it'll take a lot of time to understand all resources provided by each API and organize the way they will output data.
This is the URL template Corsair tries to implement:
https://app.corp/api/endpoint/resource/suffix?filter=f1&filter2=2 \__________________/\_______/\_______/\_____/\__________________/ Base URL Endpoint Resource Suffix Filters \___________________________/\__________________________________/ Corsair will implement Corsair will facilitate, but programmer must implement
According to common bibliography, that
suffix field doesn't exist, but some APIs use it, like IBM/QRadar. In that case, when the programmer wants details on certain resources, he must insert
/results in the URL. It exposes some issues around standardization accross multiple vendors, because some of them wisely prefer to use filters for such things, but others use the
resources field or even HTTP headers.
By default, Corsair wrappers will verify TLS certificates, but sometimes programmer could want to avoid this behaviour. That's why
Api classes have the
tls_verify parameter set to
True. Changing the value to
False makes Corsair inform to
urllib.urlopen to use a different context that bypasses TLS verification.
Another important project decision is to implement all wrappers using only the Python Standard Library.
Run tests with:
$ python -m unittest tests.test_prime_api $ python -m unittest tests.test_netbox_api $ python -m unittest tests.test_qradar_api $ python -m unittest tests.test_hibp_api $ python -m unittest tests.test_vt_api $ python -m unittest tests.test_ise_api $ python -m unittest tests.test_rdap_api
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size & hash||File type||Python version||Upload date|
|Corsair-0.4.2.tar.gz (7.3 kB) View hashes||Source||None|