Project description

cc-taxii2-client

Minimal CloudCover TAXII2.1 Python client library.

Installation

To install from PyPI run:

pip install cc-taxii2-client

To install from source, run the following commands:

git clone https://github.com/cloudcover-cc/cc-taxii2-client
cd cc-taxii2-client
pip install .

Basic usage examples:

from itertools import chain
from cc_taxii2_client import (CCTaxiiClient, count_indicators, ip_search,
                              description_search)

# Create a CloudCover TAXII2.1 server connection client object:
connection = CCTaxiiClient("testaccount", "XxXxXx")
# RETURNS:
# CCTaxiiClient(account='testaccount',
#               url='https://taxii2.cloudcover.net',
#               headers={
#                   'Accept': 'application/taxii+json;version=2.1',
#                   'Content-Type': 'application/taxii+json;version=2.1',
#                   'Authorization': 'Basic dGVzdF9hY2NvdW50Olh4WHhYeA=='
#               })

# Get collection IDs for the public (/api/) root silo
connection.get_collections()
# RETURNS:
# ['decb0efc-6a36-4dd7-a4dd-7f955f42b977']

# Get collection IDS for private (/account/) root silo
connection.get_collections("testaccount")
# RETURNS:
# ['c774c554-038c-46a6-8339-9ddfae4cd871']

# Create a generator object that yields all indicators in the public root
#   silo default collection, grouped in pages of 1000 (default) indicators:
generate_indicators = connection.get_cc_indicators_generator(follow_pages=True)

# Count total number of indicators yielded from the generator:
count_indicators(generate_indicators)
# RETURNS:
# 711

# Create a generator object that yields all indicators in the private root
#   silo default collection, grouped in pages of 2 indicators, added only
#   after 2023-11-03T19:07:51.812746Z:
generate_indicators = connection.get_cc_indicators_generator(
    private=True,
    limit=2,
    added_after="2023-11-03T19:07:51.812746Z",
    follow_pages=True)

# Yield the pages of indicators:
next(generate_indicators)
# YIELDS:
# [
#     CCIndicator(created='2023-11-03T19:07:51.812746Z',
#                 description='#Recon# ICMP PING',
#                 id='indicator--5c46d792-93a9-435c-a04f-b843de740fe6',
#                 modified='2023-11-03T19:07:51.812746Z',
#                 name='CloudCover Detected IOC',
#                 pattern="[ipv4-addr:value = '13.127.11.123']",
#                 pattern_type='stix',
#                 pattern_version='2.1',
#                 spec_version='2.1',
#                 type='indicator',
#                 valid_from='2023-11-03T19:07:51.812746Z'),
#     CCIndicator(created='2023-11-03T19:07:51.816509Z',
#                 description='#Recon# ICMP PING',
#                 id='indicator--3d217760-a17a-41b4-af5f-5b5bf72ff396',
#                 modified='2023-11-03T19:07:51.816509Z',
#                 name='CloudCover Detected IOC',
#                 pattern="[ipv4-addr:value = '34.219.199.125']",
#                 pattern_type='stix',
#                 pattern_version='2.1',
#                 spec_version='2.1',
#                 type='indicator',
#                 valid_from='2023-11-03T19:07:51.816509Z')
# ]

# Search generator results for indicators containing a specific IP address:
generate_indicators = connection.get_cc_indicators_generator(private=True,
                                                             follow_pages=True)
ip_search("13.127.11.123", generate_indicators)
# RETURNS:
# [
#     CCIndicator(created='2023-11-03T19:07:51.812746Z',
#                 description='#Recon# ICMP PING',
#                 id='indicator--5c46d792-93a9-435c-a04f-b843de740fe6',
#                 modified='2023-11-03T19:07:51.812746Z',
#                 name='CloudCover Detected IOC',
#                 pattern="[ipv4-addr:value = '13.127.11.123']",
#                 pattern_type='stix',
#                 pattern_version='2.1',
#                 spec_version='2.1',
#                 type='indicator',
#                 valid_from='2023-11-03T19:07:51.812746Z')
# ]

# Search generator results for indicators containing "Recon" in the description
#   field, then get the total number found:
generate_indicators = connection.get_cc_indicators_generator(private=True,
                                                             follow_pages=True)
indicators = description_search("Recon", generate_indicators)
len(indicators)
# RETURNS:
# 264

# Create a generator object that yields all indicators in the private root
#   silo default collection, grouped in pages of 1000 (default) indicators,
#   of type "indicator" that match the two indicator IDs given. Then combine
#   all found indicator objects into a single list:
generate_indicators = connection.get_cc_indicators_generator(
    private=True,
    follow_pages=True,
    matches={
        "type":
        "indicator",
        "id": ("indicator--5c46d792-93a9-435c-a04f-b843de740fe6,"
               "indicator--6b405c16-ac9b-4446-8d13-1cc17a4cf867")
    })
list(chain(*generate_indicators))
# RETURNS:
# [
#     CCIndicator(created='2023-11-03T19:07:51.812746Z',
#                 description='#Recon# ICMP PING',
#                 id='indicator--5c46d792-93a9-435c-a04f-b843de740fe6',
#                 modified='2023-11-03T19:07:51.812746Z',
#                 name='CloudCover Detected IOC',
#                 pattern="[ipv4-addr:value = '13.127.11.123']",
#                 pattern_type='stix',
#                 pattern_version='2.1',
#                 spec_version='2.1',
#                 type='indicator',
#                 valid_from='2023-11-03T19:07:51.812746Z'),
#     CCIndicator(created='2023-11-03T19:07:51.817258Z',
#                 description='#Recon# ICMP PING',
#                 id='indicator--6b405c16-ac9b-4446-8d13-1cc17a4cf867',
#                 modified='2023-11-03T19:07:51.817258Z',
#                 name='CloudCover Detected IOC',
#                 pattern="[ipv4-addr:value = '34.218.245.10']",
#                 pattern_type='stix',
#                 pattern_version='2.1',
#                 spec_version='2.1',
#                 type='indicator',
#                 valid_from='2023-11-03T19:07:51.817258Z')
# ]

Project details

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

This version

0.1.5

Jan 17, 2024

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cc_taxii2_client-0.1.5.tar.gz (20.7 kB view details)

Uploaded Jan 17, 2024 Source

Built Distribution

cc_taxii2_client-0.1.5-py3-none-any.whl (21.9 kB view details)

Uploaded Jan 17, 2024 Python 3

File details

Details for the file cc_taxii2_client-0.1.5.tar.gz.

File metadata

Download URL: cc_taxii2_client-0.1.5.tar.gz
Upload date: Jan 17, 2024
Size: 20.7 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/4.0.2 CPython/3.11.7

File hashes

Hashes for cc_taxii2_client-0.1.5.tar.gz
Algorithm	Hash digest
SHA256	`746c0f21a12790ebc3eecb298b696114518e23b1aa89e346f12aad64dc7ab307`
MD5	`7fa2f020891074b48ef565ccad2277b3`
BLAKE2b-256	`de3e86da72d5eb59a2513f16e04b83f13a34ac23a243f20e44f7a3c3f6dbf166`

See more details on using hashes here.

File details

Details for the file cc_taxii2_client-0.1.5-py3-none-any.whl.

File metadata

Download URL: cc_taxii2_client-0.1.5-py3-none-any.whl
Upload date: Jan 17, 2024
Size: 21.9 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/4.0.2 CPython/3.11.7

File hashes

Hashes for cc_taxii2_client-0.1.5-py3-none-any.whl
Algorithm	Hash digest
SHA256	`91af22f6e5302dee443badb1d6d4d22885f59369706069c7f97669d160347427`
MD5	`a4bd9b23af1c79ca71f1a8fed4e18e30`
BLAKE2b-256	`9598c6202305214627fe4155585fb5439553f31a1b30bcc2e90112af784416db`