SiemplifyDataModel module
class SiemplifyDataModel.ActionLogRecord
class
SiemplifyDataModel
.
ActionLogRecord
(
record_type
,
message
,
original_source_file_name
=
None
,
case_id
=
None
,
alert_id
=
None
,
workflow_id
=
None
,
environment
=
None
,
source_system_name
=
None
,
exception_message
=
None
,
integration
=
None
,
action_definition_name
=
None
,
timestamp
=
None
)
Bases: object
class SiemplifyDataModel.Alert
class
SiemplifyDataModel
. Alert
( identifier
, alert_group_identifier
, creation_time
, modification_time
, case_identifier
, reporting_vendor
, reporting_product
, environment
, name
, description
, external_id
, severity
, rule_generator
, tags
, detected_time
, security_events
, domain_relations
, domain_entities
, additional_properties
, additional_data
)
Bases: AlertInfo
get_alert_start_time(creation_time, security_events)
static get_prop_if_exists(dictionary, prop_name, default_value)
class SiemplifyDataModel.AlertInfo
class
SiemplifyDataModel
. AlertInfo
( identifier
, alert_group_identifier
, creation_time
, modification_time
, case_identifier
, reporting_vendor
, reporting_product
, environment
, name
, description
, external_id
, severity
, rule_generator
, tags
, detected_time
, additional_properties
, additional_data
)
Bases: Base
class SiemplifyDataModel.ApiPeriodTypeEnum
class
SiemplifyDataModel
. ApiPeriodTypeEnum
Bases: objectThis object represents the time units of an SLA period.
DAYS= 'Days'
HOURS= 'Hours'
MINUTES= 'Minutes'
classmethod validate(value)
classmethod values()
class SiemplifyDataModel.ApiSyncAlertCloseReasonEnum
class
SiemplifyDataModel
. ApiSyncAlertCloseReasonEnum
Bases: object
INCONCLUSIVE= 3
MAINTENANCE= 2
MALICIOUS= 0
NOT_MALICIOUS= 1
UNKNOWN= 4
class SiemplifyDataModel.ApiSyncAlertPriorityEnum
class
SiemplifyDataModel
. ApiSyncAlertPriorityEnum
Bases: object
CRITICAL= 5
HIGH= 4
INFORMATIVE= 0
LOW= 2
MEDIUM= 3
UNCHANGED= 1
class SiemplifyDataModel.ApiSyncAlertStatusEnum
class
SiemplifyDataModel
. ApiSyncAlertStatusEnum
Bases: object
CLOSED= 1
OPENED= 0
class SiemplifyDataModel.ApiSyncAlertUsefulnessEnum
class
SiemplifyDataModel
. ApiSyncAlertUsefulnessEnum
Bases: object
NONE= 0
NOT_USEFUL= 1
USEFUL= 2
class SiemplifyDataModel.ApiSyncCasePriorityEnum
class
SiemplifyDataModel
. ApiSyncCasePriorityEnum
Bases: object
CRITICAL= 5
HIGH= 4
INFORMATIVE= 0
LOW= 2
MEDIUM= 3
UNCHANGED= 1
class SiemplifyDataModel.ApiSyncCaseStatusEnum
class
SiemplifyDataModel
. ApiSyncCaseStatusEnum
Bases: object
ALL= 2
CLOSED= 2
CREATION_PENDING= 4
MERGED= 3
OPENED= 1
class SiemplifyDataModel.Attachment
class
SiemplifyDataModel
.
Attachment
(
case_identifier
,
alert_identifier
,
base64_blob
,
attachment_type
,
name
,
description
,
is_favorite
,
orig_size
,
size
)
Bases: Base
static fromfile(path, case_id=None, alert_identifier=None, description=None, is_favorite=False)
property is_identifier_mandatory
class SiemplifyDataModel.Base
class
SiemplifyDataModel
. Base
( identifier
, creation_time
= None
, modification_time
= None
, additional_properties
= None
)
Bases: object
property is_identifier_mandatory
class SiemplifyDataModel.CaseFilterOperatorEnum
class
SiemplifyDataModel
. CaseFilterOperatorEnum
Bases: object
AND= 'AND'
OR= 'OR'
class SiemplifyDataModel.CaseFilterSortByEnum
class
SiemplifyDataModel
. CaseFilterSortByEnum
Bases: object
CLOSE_TIME= 'CLOSE_TIME'
START_TIME= 'START_TIME'
UPDATE_TIME= 'UPDATE_TIME'
class SiemplifyDataModel.CaseFilterSortOrderEnum
class
SiemplifyDataModel
. CaseFilterSortOrderEnum
Bases: object
ASC= 'ASC'
DESC= 'DESC'
class SiemplifyDataModel.CaseFilterStatusEnum
class
SiemplifyDataModel
. CaseFilterStatusEnum
Bases: object
BOTH= 'BOTH'
CLOSE= 'CLOSE'
OPEN= 'OPEN'
class SiemplifyDataModel.CaseFilterValue
class
SiemplifyDataModel
. CaseFilterValue
( value
, title
)
Bases: object
class SiemplifyDataModel.CaseStatus
class
SiemplifyDataModel
. CaseStatus
Bases: object
CLOSE= 'CLOSE'
OPEN= 'OPEN'
class SiemplifyDataModel.CasesFilter
class
SiemplifyDataModel
.
CasesFilter
(
environments
=
None
,
analysts
=
None
,
statuses
=
None
,
case_names
=
None
,
tags
=
None
,
priorities
=
None
,
stages
=
None
,
case_types
=
None
,
products
=
None
,
networks
=
None
,
ticked_ids_free_search
=
''
,
case_ids_free_search
=
''
,
wall_data_free_search
=
''
,
entities_free_search
=
''
,
start_time_unix_time_in_ms
=
-
1
,
end_time_unix_time_in_ms
=
-
1
)
Bases: object
class SiemplifyDataModel.ConnectorLogRecord
class
SiemplifyDataModel
.
ConnectorLogRecord
(
record_type
,
message
,
connector_identifier
,
result_data_type
,
original_source_file_name
=
None
,
result_package_items_count
=
None
,
environment
=
None
,
source_system_name
=
None
,
exception_message
=
None
,
integration
=
None
,
connector_definition_name
=
None
,
timestamp
=
None
)
Bases: object
class SiemplifyDataModel.CustomList
class
SiemplifyDataModel
. CustomList
( identifier
, category
, environment
)
Bases: Base
property is_identifier_mandatory
class SiemplifyDataModel.CyberCase
class
SiemplifyDataModel
.
CyberCase
(
identifier
,
creation_time
,
modification_time
,
alert_count
,
priority
,
is_touched
,
is_merged
,
is_important
,
environment
,
assigned_user
,
title
,
description
,
status
,
is_incident
,
stage
,
has_suspicious_entity
,
high_risk_products
,
is_locked
,
has_workflow
,
sla_expiration_unix_time
,
cyber_alerts
,
additional_properties
)
Bases: CyberCaseInfo
class SiemplifyDataModel.CyberCaseInfo
class
SiemplifyDataModel
.
CyberCaseInfo
(
identifier
,
creation_time
,
modification_time
,
alert_count
,
priority
,
is_touched
,
is_merged
,
is_important
,
assigned_user
,
title
,
description
,
status
,
environment
,
is_incident
,
stage
,
has_suspicious_entity
,
high_risk_products
,
is_locked
,
has_workflow
,
sla_expiration_unix_time
,
additional_properties
)
Bases: Base
class SiemplifyDataModel.DomainEntityInfo
class
SiemplifyDataModel
.
DomainEntityInfo
(
identifier
,
creation_time
,
modification_time
,
case_identifier
,
alert_identifier
,
entity_type
,
is_internal
,
is_suspicious
,
is_artifact
,
is_enriched
,
is_vulnerable
,
is_pivot
,
additional_properties
)
Bases: Base
to_dict()
class SiemplifyDataModel.DomainRelationInfo
class
SiemplifyDataModel
.
DomainRelationInfo
(
identifier
,
creation_time
,
modification_time
,
case_identifier
,
alert_identifier
,
security_event_identifier
,
relation_type
,
event_id
,
from_identifier
,
to_identifier
,
device_product
,
device_vendor
,
event_class_id
,
severity
,
start_time
,
end_time
,
destination_port
,
category_outcome
,
additional_properties
,
to_type
=
None
,
from_type
=
None
)
Bases: Base
class SiemplifyDataModel.EntityTypes
class
SiemplifyDataModel
. EntityTypes
Bases: object
ADDRESS= 'ADDRESS'
ALERT= 'ALERT'
APPLICATION= 'APPLICATION'
CHILDHASH= 'CHILDHASH'
CHILDPROCESS= 'CHILDPROCESS'
CLUSTER= 'CLUSTER'
CONTAINER= 'CONTAINER'
CREDITCARD= 'CREDITCARD'
CVE= 'CVE'
CVEID= 'CVEID'
DATABASE= 'DATABASE'
DEPLOYMENT= 'DEPLOYMENT'
DESTINATIONDOMAIN= 'DESTINATIONDOMAIN'
DOMAIN= 'DOMAIN'
EMAILMESSAGE= 'EMAILSUBJECT'
EVENT= 'EVENT'
FILEHASH= 'FILEHASH'
FILENAME= 'FILENAME'
GENERIC= 'GENERICENTITY'
HOSTNAME= 'HOSTNAME'
IPSET= 'IPSET'
MACADDRESS= 'MacAddress'
PARENTHASH= 'PARENTHASH'
PARENTPROCESS= 'PARENTPROCESS'
PHONENUMBER= 'PHONENUMBER'
POD= 'POD'
PROCESS= 'PROCESS'
SERVICE= 'SERVICE'
SOURCEDOMAIN= 'SOURCEDOMAIN'
THREATACTOR= 'THREATACTOR'
THREATCAMPAIGN= 'THREATCAMPAIGN'
THREATSIGNATURE= 'THREATSIGNATURE'
URL= 'DestinationURL'
USB= 'USB'
USER= 'USERUNIQNAME'
class SiemplifyDataModel.InsightSeverity
class
SiemplifyDataModel
. InsightSeverity
Bases: object
ERROR= 2
INFO= 0
WARN= 1
class SiemplifyDataModel.InsightType
class
SiemplifyDataModel
. InsightType
Bases: object
Entity= 1
General= 0
class SiemplifyDataModel.LogRecordTypeEnum
class
SiemplifyDataModel
. LogRecordTypeEnum
Bases: object
ERROR= 1
INFO= 0
KEEP_ALIVE= 2
class SiemplifyDataModel.LogRow
class
SiemplifyDataModel
. LogRow
( message
, log_level
, timestamp
)
Bases: object
class SiemplifyDataModel.SecurityEventInfo
class
SiemplifyDataModel
.
SecurityEventInfo
(
identifier
=
None
,
creation_time
=
None
,
modification_time
=
None
,
case_identifier
=
None
,
alert_identifier
=
None
,
name
=
None
,
description
=
None
,
event_id
=
None
,
device_severity
=
None
,
device_product
=
None
,
device_vendor
=
None
,
device_version
=
None
,
event_class_id
=
None
,
severity
=
None
,
start_time
=
None
,
end_time
=
None
,
event_type
=
None
,
rule_generator
=
None
,
is_correlation
=
None
,
device_host_name
=
None
,
device_address
=
None
,
source_dns_domain
=
None
,
source_nt_domain
=
None
,
source_host_name
=
None
,
source_address
=
None
,
source_user_name
=
None
,
source_user_id
=
None
,
source_process_name
=
None
,
destination_dns_domain
=
None
,
destination_nt_domain
=
None
,
destination_host_name
=
None
,
destination_address
=
None
,
destination_user_name
=
None
,
destination_url
=
None
,
destination_port
=
None
,
destination_process_name
=
None
,
file_name
=
None
,
file_hash
=
None
,
file_type
=
None
,
email_subject
=
None
,
usb
=
None
,
application_protocol
=
None
,
transport_protocol
=
None
,
category_outcome
=
None
,
signature
=
None
,
deployment
=
None
,
additional_properties
=
None
,
threat_actor
=
None
,
source_mac_address
=
None
,
destination_mac_address
=
None
,
credit_card
=
None
,
phone_number
=
None
,
cve
=
None
,
threat_campaign
=
None
,
generic_entity
=
None
,
process
=
None
,
parent_process
=
None
,
parent_hash
=
None
,
child_process
=
None
,
child_hash
=
None
,
source_domain
=
None
,
destination_domain
=
None
,
ipset
=
None
,
cluster
=
None
,
application
=
None
,
database
=
None
,
pod
=
None
,
container
=
None
,
service
=
None
)
Bases: Base
property is_identifier_mandatory
class SiemplifyDataModel.SyncAlert
class
SiemplifyDataModel
. SyncAlert
( alert_group_id
, alert_id
, case_id
, environment
, priority
, status
, ticket_id
, creation_time
, close_comment
, close_reason
, close_root_cause
, close_usefulness
)
Bases: object
class SiemplifyDataModel.SyncAlertMetadata
class
SiemplifyDataModel
. SyncAlertMetadata
( alert_group_id
, tracking_time
)
Bases: object
class SiemplifyDataModel.SyncCase
class
SiemplifyDataModel
. SyncCase
( case_id
, environment
, priority
, stage
, status
, external_case_id
, title
)
Bases: object
class SiemplifyDataModel.SyncCaseIdMatch
class
SiemplifyDataModel
. SyncCaseIdMatch
( case_id
, external_case_id
)
Bases: objectThis object represents a matching between a Siemplify internal case ID and an external case ID in an external system.
class SiemplifyDataModel.SyncCaseMetadata
class
SiemplifyDataModel
. SyncCaseMetadata
( case_id
, tracking_time
)
Bases: object
class SiemplifyDataModel.Task
class
SiemplifyDataModel
. Task
( case_id
, content
, creator_user_id
, due_date_unix_time_ms
= None
, is_important
= False
, is_favorite
= False
, owner_comment
= None
, priority
= 0
, owner
= None
, status
= 0
, completion_comment
= None
, completion_date_time_unix_time_in_ms
= None
, alert_identifier
= None
, id
= 0
, title
= None
, creator_full_name
= None
, owner_full_name
= None
, creation_time_unix_time_in_ms
= 0
, modification_time_unix_time_in_ms
= 0
, last_modifier
= None
, last_modifier_full_name
= None
, completor
= None
, completor_full_name
= None
)
Bases: Base
