sentineliqsdk 0.1.3

A Python library of utility classes for SentinelIQ analyzers and responders

Sentineliqsdk

Modern Python library of utility classes for SentinelIQ analyzers and responders.

Note: This SDK now exposes only the modern API (Python 3.13). Legacy helper aliases such as getData, getParam, checkTlp, and notSupported were removed. Migrate to get_data, get_param, and rely on automatic TLP/PAP enforcement in Worker.

Installing

To install this package, run:

pip install sentineliqsdk

Using

Example usage:

from sentineliqsdk import Analyzer, Responder, Worker, Extractor, runner


class EchoAnalyzer(Analyzer):
    def run(self) -> None:
        data = self.get_data()
        self.report({"echo": data})


if __name__ == "__main__":
    runner(EchoAnalyzer)

Internal structure (for maintainers):

• src/sentineliqsdk/core/worker.py
• src/sentineliqsdk/analyzers/base.py
• src/sentineliqsdk/responders/base.py
• src/sentineliqsdk/extractors/regex.py (Extractor uses stdlib validators: ipaddress, urlparse)

Extractor

The Extractor detects common IOC types using Python's standard library instead of complex regular expressions:

• ip: ipaddress.ip_address
• url/uri: urllib.parse.urlparse
• mail: email.utils.parseaddr
• hash: length + hex digits check
• domain/fqdn/registry/user‑agent: simple heuristics aligned with the test suite

Migration (Breaking Changes)

• Import from the top-level package only:
  • Before: from sentineliqsdk.analyzer import Analyzer
  • After: from sentineliqsdk import Analyzer
• Removed legacy helpers: getData, getParam, checkTlp, notSupported, unexpectedError.
• Removed legacy config key: config.auto_extract_artifacts (use config.auto_extract).
• Removed legacy module paths: sentineliqsdk.analyzer, sentineliqsdk.responder, sentineliqsdk.worker, sentineliqsdk.extractor (all exported at top-level instead).

Contributing

Prerequisites

1. Generate an SSH key and add the SSH key to your GitHub account.

2. Configure SSH to automatically load your SSH keys:

   cat << EOF >> ~/.ssh/config
   
   Host *
     AddKeysToAgent yes
     IgnoreUnknown UseKeychain
     UseKeychain yes
     ForwardAgent yes
   EOF
   

3. Install Docker Desktop.

4. Install VS Code and VS Code's Dev Containers extension. Alternatively, install PyCharm.

5. Optional: install a Nerd Font such as FiraCode Nerd Font and configure VS Code or PyCharm to use it.

Development environments

The following development environments are supported:

1. ⭐️ GitHub Codespaces: click on Open in GitHub Codespaces to start developing in your browser.

2. ⭐️ VS Code Dev Container (with container volume): click on Open in Dev Containers to clone this repository in a container volume and create a Dev Container with VS Code.

3. ⭐️ uv: clone this repository and run the following from root of the repository:

   # Create and install a virtual environment
   uv sync --python 3.13 --all-extras
   
   # Activate the virtual environment
   source .venv/bin/activate
   
   # Install the pre-commit hooks
   pre-commit install --install-hooks
   

4. VS Code Dev Container: clone this repository, open it with VS Code, and run Ctrl/⌘ + ⇧ + P → Dev Containers: Reopen in Container.

5. PyCharm Dev Container: clone this repository, open it with PyCharm, create a Dev Container with Mount Sources, and configure an existing Python interpreter at /opt/venv/bin/python.

Developing

• This project follows the Conventional Commits standard to automate Semantic Versioning and Keep A Changelog with Commitizen.
• Run poe from within the development environment to print a list of Poe the Poet tasks available to run on this project.
• Run tests with coverage: poe test (writes reports/coverage.xml and shows a summary).
• Run uv add {package} from within the development environment to install a run time dependency and add it to pyproject.toml and uv.lock. Add --dev to install a development dependency.
• Run uv sync --upgrade from within the development environment to upgrade all dependencies to the latest versions allowed by pyproject.toml. Add --only-dev to upgrade the development dependencies only.
• Run cz bump to bump the package's version, update the CHANGELOG.md, and create a git tag. Then push the changes and the git tag with git push origin main --tags.

Security and privacy

• Error payloads sanitize config keys containing any of: key, password, secret, token.
• You can override or extend this list via the secret_phrases parameter to Worker(...).