b1td Class¶
-
class
bloxone.
b1td
(cfg_file='config.ini')[source]¶ BloxOne ThreatDefence API Wrapper Covers TIDE and Dossier
-
dossier_sources
()[source]¶ Get Sources for Dossier
Returns: Requests response object Return type: response object
-
dossier_target_sources
(type='host')[source]¶ Get supported target types for Dossier
Parameters: type (str) – target type Returns: Request response object Return type: response object
-
dossier_target_types
()[source]¶ Get supported target types for Dossier
Returns: Request response object Return type: response object
-
dossierquery
(query, type='host', sources='all', wait=True)[source]¶ Simple Dossier Query
Parameters: - query (str or list) – single query or list of same type
- type (str) – “host”, “ip” or “url”
- sources (str) – set of sources or “all”
Returns: Requests response object
Return type: response object
-
expand_mitre_vector
(mitre)[source]¶ Expand MITRE Vector details
Parameters: mitre (str) – MITRE Vector Returns: Requests response object Return type: response object
-
get
(objpath, **params)[source]¶ Generic get object wrapper for TIDE data objects
Parameters: - objpath (str) – Swagger object path
- action (str) – Optional object action
Returns: Requests response object
Return type: response object
-
historical_threat_counts
()[source]¶ Query Infoblox TIDE for historical threat counts
Returns: Requests response object Return type: response object
-
post
(objpath, body='')[source]¶ Generic create object wrapper for ddi objects
Parameters: - objpath (str) – Swagger object path
- body (str) – JSON formatted data payload
Returns: Requests response object
Return type: response object
-
querytide
(datatype, query, **params)[source]¶ Query Infoblox TIDE for all avaialble threat data related to query.
Parameters: - datatype (str) – “host”, “ip” or “url”
- query (str) – query data
Returns: Requests response object
Return type: response object
-
querytideactive
(datatype, query, **params)[source]¶ Query Infoblox TIDE for “active” threat data i.e. threat data that has not expired at time of call
Parameters: - datatype (str) – “host”, “ip” or “url”
- query (str) – query data
Returns: Requests response object
Return type: response object
-
querytidestate
(datatype, query, **params)[source]¶ Query Infoblox TIDE State Tables for specific query
Parameters: - datatype (str) – “host”, “ip” or “url”
- query (str) – query data
Returns: Requests response object
Return type: response object
-
threat_actor
(name)[source]¶ Get Threat Actor details
Parameters: name (str) – Name of Threat Actor Returns: Requests response object Return type: response object
-
threat_classes
(**params)[source]¶ Get list of threat classes
Parameters:
Returns: Requests response object Return type: response object
-
threat_counts
()[source]¶ Query Infoblox TIDE for active threat counts
Returns: Requests response object Return type: response object
-
threat_properties
(threatclass='', **params)[source]¶ Get list of threat properties
Parameters: threatclass (str) – Threat Class Returns: Requests response object Return type: response object
-
tideactivefeed
(datatype, profile='', threatclass='', threatproperty='', **params)[source]¶ Bulk “active” threat intel download from Infoblox TIDE state tables for specified datatype.
Parameters: - datatype (str) – “host”, “ip” or “url”
- profile (str, optional) – Data provider
- threatclass (str, optional) – tide data class
- threatproperty (str, optional) – tide data property
Returns: Requests response object
Return type: response object
-
tidedatafeed
(datatype, profile='', threatclass='', threatproperty='', **params)[source]¶ Bulk threat intel download from Infoblox TIDE for specified datatype. Please use wisely.
Parameters: - datatype (str) – “host”, “ip” or “url”
- profile (str, optional) – Data provider
- threatclass (str, optional) – tide data class
- threatproperty (str, optional) – tide data property
Returns: Requests response object
Return type: response object
-