Sixgill clients package
Project description
Sixgill Clients
This module provides simple clients for two of Sixgill’s APIs:
- Sixgill Feed (IOC) Client
- Sixgill Alerts Client
Sixgill Feed Client Arguments
- client_id (Mandatory) - Your client id obtained by Sixgill’s portal,
- client_secret (Mandatory) - Your client secret obtained by Sixgill’s portal,
- channel_id (Mandatory) - Supported Sixgill channel id. If you don't have such a channel id please contact Sixgill's support (support@cybersixgill.com).
- feed_stream (Mandatory) - One of the feed streams supported by Sixgill.
- logger (Optional) - Logger.
- bulk_size (Optional) - requests bulk size, default 1000 items.
- session (Optional) - Session object which manage and persist settings across requests (cookies, auth, proxies) default=requests.Session().
- verify (Optional) - Verify SSL certificates for HTTPS requests default=False.
- num_of_attempts (Optional) - Number of request attempts until failure default=5.
Supported Feed Streams
- DARKFEED
- DARKFEED_FREEMIUM
Supported Functions
get_bundle(self) -> Dict[str, Any]
- Returns a Bundle - A collection of arbitrary STIX v2.0 Objects
{
'id': 'bundle--bcbb94ea-2d3a-43f1-8c1a-62002594d2ba',
'objects': [{<STIX Domain Object, STIX Relationship Object, Marking Definition>}],
'spec_version': '2.0',
'type': 'bundle'
}
get_indicator(self)
- Returns a generator of STIX v2.0 items, while auto committing items that are read
commit_indicators(self)
- Commit on bundle.
- Ack server and notify indicators were received.
- As long as the server doesn't receive an Ack, the same items on each get_bundle() function call will be retrieved.
Quick Example
from sixgill.sixgill_feed_client import SixgillFeedClient
from sixgill.sixgill_constants import FeedStream
CLIENT_ID = "<Replace with your client id>"
CLIENT_SECRET = "<Replace with your client secret>"
CHANNEL_ID = "<Replace with channel id>"
sixgill_darkfeed_client = SixgillFeedClient(CLIENT_ID, CLIENT_SECRET, CHANNEL_ID, FeedStream.DARKFEED)
for indicator in sixgill_darkfeed_client.get_indicator():
print(indicator)
Sixgill Alert Client Arguments
- client_id (Mandatory) - Your client id obtained by Sixgill’s portal,
- client_secret (Mandatory) - Your client secret obtained by Sixgill’s portal,
- channel_id (Mandatory) - Supported Sixgill channel id. If you don't have such a channel id please contact Sixgill's support (support@cybersixgill.com).
- logger (Optional) - Logger.
- bulk_size (Optional) - requests bulk size, default 1000 items.
- session (Optional) - Session object which manage and persist settings across requests (cookies, auth, proxies) default=requests.Session().
- verify (Optional) - Verify SSL certificates for HTTPS requests default=False.
- num_of_attempts (Optional) - Number of request attempts until failure default=5.
Supported Functions
get_alerts_bulk(self, include_delivered_items: bool = True, sort_by: str = None, sort_order: str = None, is_read: str = None, severity: str = None, threat_level: str = None, threat_type: str = None) -> List[Dict[str, Any]]
-
params:
- include_delivered_items (Optional) - Should previously-delivered items be included in the response, Default False.
- sort_by (Optional) - One of the following [date, alert_name, severity, threat_level]. Default date.
- sort_order (Optional) - One of the following [asc, desc]. Default desc.
- is_read (Optional) - Filter alerts that were read \ unread. One of the following[read, unread]. Default None.
- severity (Optional) - Filter by alert severity. One of the following[low, med, high]. Default None.
- threat_level (Optional) - Filter by alert threat level. One of the following[imminent, emerging]. Default None.
- threat_type (Optional) - Filter by field threat type. Default None.
-
Returns a list of Sixgill alerts
get_alert(self, sort_by: str = None, sort_order: str = None, is_read: str = None, severity: str = None, threat_level: str = None, threat_type: str = None)
-
params:
- sort_by (Optional) - One of the following [date, alert_name, severity, threat_level]. Default date.
- sort_order (Optional) - One of the following [asc, desc]. Default desc.
- is_read (Optional) - Filter alerts that were read \ unread. One of the following[read, unread]. Default None.
- severity (Optional) - Filter by alert severity. One of the following[low, med, high]. Default None.
- threat_level (Optional) - Filter by alert threat level. One of the following[imminent, emerging]. Default None.
- threat_type (Optional) - Filter by field threat type. Default None.
-
Returns generator of Sixgill alerts, while auto committing on every bulk of ids
mark_digested_item(self, item)
- Mark an alert as consumed by storing alert id
commit_digested_items(self, force: bool = False)
- Mark a bulk of ids as consumed on Sixgill's servers
- This command is called automatically when using get_alert
Quick Example
from sixgill.sixgill_alert_client import SixgillAlertClient
CLIENT_ID = "<Replace with your client id>"
CLIENT_SECRET = "<Replace with your client secret>"
CHANNEL_ID = "<Replace with channel id>"
sixgill_alert_client = SixgillAlertClient(CLIENT_ID, CLIENT_SECRET, CHANNEL_ID)
for alert in sixgill_alert_client.get_alert():
sixgill_alert_client.mark_digested_item(alert)
print(alert)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
sixgill-clients-0.1.3.tar.gz
(11.4 kB
view hashes)
Built Distribution
Close
Hashes for sixgill_clients-0.1.3-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 325a40c612b67b395fb53aa0f9117bcbb9253cb64b6fb59990a51e1ee37e2e62 |
|
| MD5 | 3a66b30a2cc03f5d270649f350907b15 |
|
| BLAKE2b-256 | 6a5b399632495d3184cf7c1181202b9e1fd1ea5dd388bf88c6f5172026f3ca1a |
