pyintelowl modules

pyintelowl.pyintelowl module

class pyintelowl.pyintelowl.IntelOwl(token: str, instance_url: str, certificate: Optional[str] = None, logger: Optional[logging.Logger] = None, cli: bool = False)[source]

Bases: object

ask_analysis_availability(md5: str, analyzers_needed: List[str], run_all_available_analyzers: bool = False, check_reported_analysis_too: bool = False)Dict[source]

Search for already available analysis.

Endpoint: /api/ask_analysis_availability

Parameters

  • md5 (str) – md5sum of the observable or file

  • analyzers_needed (List[str]) – list of analyzers to invoke

  • run_all_available_analyzers (bool, optional) –

  • True, runs all compatible analyzers. Defaults to False. (If) –

  • check_reported_analysis_too (bool, optional) –

  • against all existing jobs. Defaults to False. (Check) –

Raises

IntelOwlClientException – on client/HTTP error

Returns

JSON body

Return type

Dict

create_tag(label: str, color: str)[source]

Creates new tag by sending a POST Request Endpoint: /api/tags

Parameters

  • label ([str]) – [Label of the tag to be created]

  • color ([str]) – [Color of the tag to be created]

delete_job_by_id(job_id: int)bool[source]

Send delete job request.

Method: DELETE Endpoint: /api/jobs/{job_id}

Parameters

job_id (int) – id of job to kill

Raises

IntelOwlClientException – on client/HTTP error

Returns

deleted or not

Return type

Bool

delete_tag_by_id(tag_id: int)bool[source]

Send delete tag request.

Method: DELETE Endpoint: /api/tags/{tag_id}

Parameters

tag_id (int) – id of tag to delete

Raises

IntelOwlClientException – on client/HTTP error

Returns

deleted or not

Return type

Bool

edit_tag(tag_id: Union[int, str], label: str, color: str)[source]

Edits existing tag by sending PUT request Endpoint: api/tags

Parameters

  • id ([int]) – [Id of the existing tag]

  • label ([str]) – [Label of the tag to be created]

  • color ([str]) – [Color of the tag to be created]

get_all_jobs()List[Dict[str, Any]][source]

Fetch list of all jobs.

Endpoint: /api/jobs

Raises

IntelOwlClientException – on client/HTTP error

Returns

List of jobs

Return type

List[Dict[str, Any]]

get_all_tags()List[Dict[str, str]][source]

Fetch list of all tags.

Endpoint: /api/tags

Raises

IntelOwlClientException – on client/HTTP error

Returns

List of tags

Return type

List[Dict[str, str]]

get_analyzer_configs()[source]

Get current state of analyzer_config.json from the IntelOwl instance.

Endpoint: /api/get_analyzer_configs

get_job_by_id(job_id: Union[int, str])Dict[str, Any][source]

Fetch job info by ID. Endpoint: /api/job/{job_id}

Parameters

job_id (Union[int, str]) – Job ID

Raises

IntelOwlClientException – on client/HTTP error

Returns

JSON body.

Return type

Dict[str, Any]

static get_md5(to_hash: AnyStr, type_='observable')str[source]

Returns md5sum of given observable or file object.

Parameters

  • to_hash (AnyStr) – either an observable string, file contents as bytes or path to a file

  • type (Union["observable", "binary", "file"], optional) – observable, binary, file. Defaults to “observable”.

Raises

IntelOwlClientException – on client/HTTP error

Returns

md5sum

Return type

str

get_tag_by_id(tag_id: Union[int, str])Dict[str, str][source]

Fetch tag info by ID.

Endpoint: /api/tag/{tag_id}

Parameters

tag_id (Union[int, str]) – Tag ID

Raises

IntelOwlClientException – on client/HTTP error

Returns

Dict with 3 keys: id, label and color.

Return type

Dict[str, str]

kill_running_job(job_id: int)bool[source]

Send kill_running_job request.

Method: PATCH Endpoint: /api/jobs/{job_id}/kill

Parameters

job_id (int) – id of job to kill

Raises

IntelOwlClientException – on client/HTTP error

Returns

killed or not

Return type

Bool

logger: logging.Logger
send_analysis_batch(rows: List[Dict])[source]

Send multiple analysis requests. Can be mix of observable or file analysis requests.

Used by the pyintelowl CLI.

Parameters

rows (List[Dict]) – Each row should be a dictionary with keys, value, type, analyzers_list, run_all force_privacy, private_job, disable_external_analyzers, check.

send_file_analysis_request(analyzers_requested: List[str], filename: str, binary: bytes, force_privacy: bool = False, private_job: bool = False, disable_external_analyzers: bool = False, run_all_available_analyzers: bool = False, runtime_configuration: Optional[Dict] = None, tags: Optional[List[int]] = None)Dict[source]

Send analysis request for a file.

Endpoint: /api/send_analysis_request

Parameters

  • analyzers_requested (List[str]) – List of analyzers to invoke

  • filename (str) – Filename

  • binary (bytes) – File contents as bytes

  • force_privacy (bool, optional) – Disable analyzers that can leak info. Defaults to False.

  • private_job (bool, optional) – Limit view permissions to your groups . Defaults to False.

  • disable_external_analyzers (bool, optional) – Disable analyzers that use external services. Defaults to False.

  • tags (List[int]) – List of tags associated with this job

  • run_all_available_analyzers (bool, optional) – If True, runs all compatible analyzers. Defaults to False.

  • runtime_configuration (Dict, optional) – Overwrite configuration for analyzers. Defaults to {}.

Raises

IntelOwlClientException – on client/HTTP error

Returns

JSON body

Return type

Dict

send_observable_analysis_request(analyzers_requested: List[str], observable_name: str, force_privacy: bool = False, private_job: bool = False, disable_external_analyzers: bool = False, run_all_available_analyzers: bool = False, runtime_configuration: Optional[Dict] = None, tags: Optional[List[int]] = None)Dict[source]

Send analysis request for an observable.

Endpoint: /api/send_analysis_request

Parameters

  • analyzers_requested (List[str]) – List of analyzers to invoke

  • observable_name (str) – Observable value

  • force_privacy (bool, optional) – Disable analyzers that can leak info. Defaults to False.

  • private_job (bool, optional) – Limit view permissions to your groups . Defaults to False.

  • disable_external_analyzers (bool, optional) – Disable analyzers that use external services. Defaults to False.

  • tags (List[int]) – List of tags associated with this job

  • run_all_available_analyzers (bool, optional) – If True, runs all compatible analyzers. Defaults to False.

  • runtime_configuration (Dict, optional) – Overwrite configuration for analyzers. Defaults to {}.

Raises

IntelOwlClientException – on client/HTTP error

Returns

JSON body

Return type

Dict

property session: requests.sessions.Session

Internal use only.

pyintelowl.exceptions module

exception pyintelowl.exceptions.IntelOwlClientException[source]

Bases: Exception

exception pyintelowl.exceptions.IntelOwlInvalidAPITokenException[source]

Bases: Exception