PyPI - psengine - Versions diffs - 2.0.6__tar.gz → 2.0.7__tar.gz - Mend

psengine 2.0.6tar.gz → 2.0.7tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (127) hide show

{psengine-2.0.6 → psengine-2.0.7}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: psengine
-Version: 2.0.6
+Version: 2.0.7
 Summary: psengine is a simple, yet elegant, library for rapid development of integrations with Recorded Future.
 Author-email: Moise Medici <moise.medici@recordedfuture.com>, Patrick Kinsella <patrick.kinsella@recordedfuture.com>, Ernest Bartosevic <ernest.bartosevic@recordedfuture.com>
 License-Expression: MIT

{psengine-2.0.6 → psengine-2.0.7}/psengine/_version.py RENAMED Viewed

@@ -11,4 +11,4 @@
 # accessed from any third party API.                                                         #
 ##############################################################################################
-__version__ = '2.0.6'
+__version__ = '2.0.7'

{psengine-2.0.6 → psengine-2.0.7}/psengine/classic_alerts/markdown/markdown.py RENAMED Viewed

@@ -94,7 +94,8 @@ def _process_hit_fragment(
         content.append(f'{blockquote(fragment)}\n')
     else:
         content.append(
-            f'_Reference text is missing, check the Recorded Future {link("Portal", str(classic_alert.url.portal))} for more information._\n'  # noqa: E501
+            '_Reference text is missing, check the Recorded Future '
+            f'{link("Portal", str(classic_alert.url.portal))} for more information._\n'
         )
     if include_triggered_by:

{psengine-2.0.6 → psengine-2.0.7}/psengine/entity_lists/entity_list.py RENAMED Viewed

@@ -314,7 +314,8 @@ class EntityList(RFBaseModel):
         response = self.rf_client.request('get', url)
         validated_status = ListStatusOut.model_validate(response.json())
         self.log.debug(
-            f"List '{self.name}' status: {validated_status.status}, entities: {validated_status.size}"  # noqa: E501
+            f"List '{self.name}' status: {validated_status.status}, "
+            f'entities: {validated_status.size}'
         )
         return validated_status

{psengine-2.0.6 → psengine-2.0.7}/psengine/playbook_alerts/__init__.py RENAMED Viewed

@@ -11,7 +11,9 @@
 # accessed from any third party API.                                                         #
 ##############################################################################################
+from .constants import PBA_WITH_IMAGES_INST
 from .errors import (
+    PlaybookAlertBulkFetchError,
     PlaybookAlertError,
     PlaybookAlertFetchError,
     PlaybookAlertRetrieveImageError,
@@ -27,6 +29,7 @@ from .playbook_alerts import (
     PBA_DomainAbuse,
     PBA_Generic,
     PBA_IdentityNovelExposure,
+    PBA_MalwareReport,
     PBA_ThirdPartyRisk,
     PreviewAlertOut,
     SearchIn,

{psengine-2.0.6 → psengine-2.0.7}/psengine/playbook_alerts/constants.py RENAMED Viewed

@@ -10,30 +10,53 @@
 # for having all necessary licenses, permissions, rights, and/or consents to any data        #
 # accessed from any third party API.                                                         #
 ##############################################################################################
-from typing import Union
+from pathlib import Path
+from typing import Literal, Union
+from ..constants import ROOT_DIR
+from ..playbook_alerts.pa_category import PACategory
 from .playbook_alerts import (
     PBA_CodeRepoLeakage,
     PBA_CyberVulnerability,
     PBA_DomainAbuse,
-    PBA_Generic,
     PBA_GeopoliticsFacility,
     PBA_IdentityNovelExposure,
+    PBA_MalwareReport,
     PBA_ThirdPartyRisk,
 )
 STATUS_PANEL_NAME = 'status'
-DEFAULT_PBA_OUTPUT_DIR = 'playbook_alerts'
-DEFAULT_PBA_FILE_NAME = 'playbook_alerts_{}.json'
+DEFAULT_ALERTS_OUTPUT_DIR = Path(ROOT_DIR) / 'playbook_alerts'
+PLAYBOOK_ALERTS_OUTPUT_FNAME = 'rf_playbook_alerts_'
 PLAYBOOK_ALERT_TYPE = Union[
-    PBA_Generic,
     PBA_CodeRepoLeakage,
     PBA_CyberVulnerability,
     PBA_DomainAbuse,
     PBA_IdentityNovelExposure,
     PBA_ThirdPartyRisk,
+    PBA_GeopoliticsFacility,
+    PBA_MalwareReport,
 ]
+PLAYBOOK_ALERT_INST = (
+    PBA_CodeRepoLeakage,
+    PBA_CyberVulnerability,
+    PBA_DomainAbuse,
+    PBA_IdentityNovelExposure,
+    PBA_ThirdPartyRisk,
+    PBA_GeopoliticsFacility,
+    PBA_MalwareReport,
+)
 PBA_WITH_IMAGES_TYPE = Union[PBA_DomainAbuse, PBA_GeopoliticsFacility]
+PBA_WITH_IMAGES_VALIDATOR = Union[
+    Literal[PACategory.DOMAIN_ABUSE.value], Literal[PACategory.GEOPOLITICS_FACILITY.value]
+]
 PBA_WITH_IMAGES_INST = (PBA_DomainAbuse, PBA_GeopoliticsFacility)
+ALERTS_PER_PAGE = 50
+BULK_LOOKUP_BATCH_SIZE = 200

{psengine-2.0.6 → psengine-2.0.7}/psengine/playbook_alerts/errors.py RENAMED Viewed

@@ -31,5 +31,9 @@ class PlaybookAlertFetchError(PlaybookAlertError):
     """Error raised when playbook alert fetch fails."""
+class PlaybookAlertBulkFetchError(PlaybookAlertError):
+    """Error raised when playbook alert bulk fetch fails."""
 class PlaybookAlertRetrieveImageError(PlaybookAlertError):
     """Error raised when playbook alert image fetch fails."""

{psengine-2.0.6 → psengine-2.0.7}/psengine/playbook_alerts/helpers.py RENAMED Viewed

@@ -16,7 +16,7 @@ from typing import Union
 from ..errors import WriteFileError
 from ..helpers import OSHelpers, debug_call
-from .constants import DEFAULT_PBA_OUTPUT_DIR
+from .constants import DEFAULT_ALERTS_OUTPUT_DIR
 from .playbook_alerts import PBA_DomainAbuse
 LOG = logging.getLogger('psengine.playbook_alerts.helpers')
@@ -25,7 +25,7 @@ LOG = logging.getLogger('psengine.playbook_alerts.helpers')
 @debug_call
 def save_pba_images(
     playbook_alerts: Union[PBA_DomainAbuse, list[PBA_DomainAbuse]],
-    output_directory: str = DEFAULT_PBA_OUTPUT_DIR,
+    output_directory: str = DEFAULT_ALERTS_OUTPUT_DIR,
 ) -> None:
     """Save Domain Abuse images/screenshots to disk as a .png file.
@@ -56,7 +56,9 @@ def save_pba_images(
 def _save_image(
-    file_name: str, image_bytes: bytes, output_directory: Union[str, Path] = DEFAULT_PBA_OUTPUT_DIR
+    file_name: str,
+    image_bytes: bytes,
+    output_directory: Union[str, Path] = DEFAULT_ALERTS_OUTPUT_DIR,
 ) -> None:
     """Save image to disk as a .png file.

{psengine-2.0.6 → psengine-2.0.7}/psengine/playbook_alerts/markdown/markdown.py RENAMED Viewed

@@ -17,13 +17,13 @@ from ...constants import TIMESTAMP_STR, TRUNCATE_COMMENT
 from ...markdown import (
     MarkdownMaker,
 )
-from ..models.common_models import ResolvedEntity
 from ..pa_category import PACategory
 from .markdown_code_repo import _code_repo_markdown
 from .markdown_cyber_vulnerability import _cyber_vulnerability_markdown
 from .markdown_domain_abuse import _domain_abuse_markdown
 from .markdown_geopolitics_facility import _geopolitics_facility_markdown
 from .markdown_identity_exposure import _identity_exposure_markdown
+from .markdown_malware_report import _malware_report_markdown
 from .markdown_third_party_risk import _third_party_risk_markdown
 PORTAL_URL = 'https://app.recordedfuture.com/portal/playbook-alerts/{}'
@@ -37,6 +37,7 @@ MARKDOWN_BY_PBA_TYPE = {
     PACategory.THIRD_PARTY_RISK.value: _third_party_risk_markdown,
     PACategory.GEOPOLITICS_FACILITY.value: _geopolitics_facility_markdown,
     PACategory.CYBER_VULNERABILITY.value: _cyber_vulnerability_markdown,
+    PACategory.MALWARE_REPORT.value: _malware_report_markdown,
 }
@@ -56,27 +57,8 @@ def _generic_pba_summary(pba, md_maker: MarkdownMaker):
     md_maker.add_section('Summary', general_info)
-def _unmapped_pba(pba, md_maker: MarkdownMaker, *args, **kwargs) -> str:  # noqa: ARG001
-    md_maker.sections.insert(
-        0,
-        md_maker.validate_section(
-            'Warning',
-            [
-                (
-                    '> 🚨 The markdown of this alert is not fully supported yet. '
-                    'For full details check the portal 🚨'
-                )
-            ],
-        ),
-    )
-    if targets := pba.panel_status.targets:
-        if any(isinstance(t, str) for t in targets):
-            md_maker.add_section('Targets', ', '.join(t for t in targets))
-        elif any(isinstance(t, ResolvedEntity) for t in targets):
-            md_maker.add_section('Targets', [t.name for t in targets])
-    return md_maker.format_output()
+def _unsupported_pba(pba, *args, **kwargs) -> str:  # noqa: ARG001
+    raise NotImplementedError(f'No markdown function for playbook alert category: {pba.category}')
 def _markdown_playbook_alert(
@@ -97,7 +79,7 @@ def _markdown_playbook_alert(
     )
     _generic_pba_summary(playbook_alert, md_maker)
-    if markdown := MARKDOWN_BY_PBA_TYPE.get(playbook_alert.category, _unmapped_pba)(
+    if markdown := MARKDOWN_BY_PBA_TYPE.get(playbook_alert.category, _unsupported_pba)(
         playbook_alert, md_maker, html_tags, extra_context
     ):
         return markdown

{psengine-2.0.6 → psengine-2.0.7}/psengine/playbook_alerts/markdown/markdown_code_repo.py RENAMED Viewed

@@ -20,7 +20,7 @@ from ...constants import TIMESTAMP_STR
 from ...markdown import MarkdownMaker, clean_text, divider, html_textarea
 if TYPE_CHECKING:
-    from ..playbook_alerts.playbook_alerts import PBA_CodeRepoLeakage
+    from ...playbook_alerts.playbook_alerts import PBA_CodeRepoLeakage
 def _add_repository(pba, md_maker: MarkdownMaker):

psengine-2.0.7/psengine/playbook_alerts/markdown/markdown_malware_report.py ADDED Viewed

@@ -0,0 +1,66 @@
+##################################### TERMS OF USE ###########################################
+# The following code is provided for demonstration purpose only, and should not be used      #
+# without independent verification. Recorded Future makes no representations or warranties,  #
+# express, implied, statutory, or otherwise, regarding any aspect of this code or of the     #
+# information it may retrieve, and provides it both strictly “as-is” and without assuming    #
+# responsibility for any information it may retrieve. Recorded Future shall not be liable    #
+# for, and you assume all risk of using, the foregoing. By using this code, Customer         #
+# represents that it is solely responsible for having all necessary licenses, permissions,   #
+# rights, and/or consents to connect to third party APIs, and that it is solely responsible  #
+# for having all necessary licenses, permissions, rights, and/or consents to any data        #
+# accessed from any third party API.                                                         #
+##############################################################################################
+from typing import TYPE_CHECKING
+from markdown_strings import bold, header
+from ...markdown import MarkdownMaker, divider
+from ...markdown.markdown import html_collapsible
+if TYPE_CHECKING:
+    from ...playbook_alerts.playbook_alerts import PBA_MalwareReport
+def _add_hashes(pba: 'PBA_MalwareReport', md_maker: MarkdownMaker, html_tags: bool):
+    matched_hashes = []
+    detected_malwares = ', '.join(
+        [f'{m.name.upper()} ({m.count})' for m in pba.panel_evidence_summary.detected_malwares]
+    )
+    if detected_malwares:
+        matched_hashes.append(bold('Detected Malwares') + f' {detected_malwares}  ')
+    sorted_hashes = sorted(
+        pba.panel_evidence_summary.matched_hashes, key=lambda h: h.risk_score, reverse=True
+    )
+    for _, _hash in enumerate(sorted_hashes):
+        matched_hashes.append(divider())
+        hash_header = f'{header((f"{_hash.sha256} ({_hash.risk_score})"), 5)}'
+        matched_hashes.append(hash_header)
+        sandbox_reports = []
+        for report in _hash.report_overviews:
+            report_header = f'{header(report.report_id.split("-", 1)[1], 6)}  '
+            score = f'{bold("Sandbox Score:")} {report.sandbox_score}  '
+            tags = f'{bold("Tags:")} {", ".join(report.tags).upper()}  '
+            sandbox_reports.extend([report_header, score, tags])
+        if html_tags:
+            html = html_collapsible('Sandbox Reports', '\n\n' + '\n'.join(sandbox_reports) + '\n')
+            matched_hashes.append(html)
+        else:
+            matched_hashes.extend(sandbox_reports)
+    md_maker.add_section(f'Matched Hashes ({len(sorted_hashes)})', matched_hashes)
+def _malware_report_markdown(
+    pba: 'PBA_MalwareReport',
+    md_maker: MarkdownMaker,
+    html_tags: bool,
+    *args,  # noqa: ARG001
+) -> str:
+    _add_hashes(pba, md_maker, html_tags)
+    return md_maker.format_output()

{psengine-2.0.6 → psengine-2.0.7}/psengine/playbook_alerts/models/pba_malware_report.py RENAMED Viewed

@@ -47,9 +47,9 @@ class SandboxScore(RFBaseModel):
 class MalwareReportPanelEvidence(RFBaseModel):
-    notification_title: str
-    report_limit_reached: bool
-    number_of_reports: int
-    matched_hashes: list[MatchedHash]
-    detected_malwares: list[DetectedMalware]
-    sandbox_scores: list[SandboxScore]
+    notification_title: Optional[str] = None
+    report_limit_reached: Optional[bool] = None
+    number_of_reports: Optional[int] = None
+    matched_hashes: Optional[list[MatchedHash]] = []
+    detected_malwares: Optional[list[DetectedMalware]] = []
+    sandbox_scores: Optional[list[SandboxScore]] = []

{psengine-2.0.6 → psengine-2.0.7}/psengine/playbook_alerts/pa_category.py RENAMED Viewed

@@ -36,4 +36,3 @@ class PACategory(Enum):
     IDENTITY_NOVEL_EXPOSURES = 'identity_novel_exposures'
     GEOPOLITICS_FACILITY = 'geopolitics_facility'
     MALWARE_REPORT = 'malware_report'
-    UNMAPPED_ALERT = 'unmapped_alert'

psengine 2.0.6__tar.gz → 2.0.7__tar.gz

psengine 2.0.6tar.gz → 2.0.7tar.gz