PyPI - psengine - Versions diffs - 2.1.1__tar.gz → 2.3.0__tar.gz - Mend

psengine 2.1.1tar.gz → 2.3.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (153) hide show

psengine-2.3.0/PKG-INFO ADDED Viewed

@@ -0,0 +1,108 @@
+Metadata-Version: 2.4
+Name: psengine
+Version: 2.3.0
+Summary: psengine is a simple, yet elegant, library for rapid development of integrations with Recorded Future.
+Author-email: Moise Medici <moise.medici@recordedfuture.com>, Patrick Kinsella <patrick.kinsella@recordedfuture.com>, Ernest Bartosevic <ernest.bartosevic@recordedfuture.com>
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/RecordedFuture-ProfessionalServices/psengine
+Project-URL: Changelog, https://recordedfuture-professionalservices.github.io/psengine/CHANGELOG/
+Keywords: API,Recorded Future,Cyber Security Engineering,Threat Intelligence
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Programming Language :: Python
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Requires-Python: <3.14,>=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: requests>=2.27.1
+Requires-Dist: jsonpath_ng<=1.6.1,>=1.5.3
+Requires-Dist: stix2~=3.0.1
+Requires-Dist: python-dateutil>=2.7.0
+Requires-Dist: more-itertools<=10.2.0,>=9.0.0
+Requires-Dist: pydantic<3.0.0,>=2.7
+Requires-Dist: pydantic-settings[toml]<2.11.0,>=2.5.2
+Requires-Dist: markdown-strings==3.4.0
+Provides-Extra: dev
+Requires-Dist: pytest==8.3.4; extra == "dev"
+Requires-Dist: pytest-cov==6.0.0; extra == "dev"
+Requires-Dist: pytest-mock==3.14.0; extra == "dev"
+Requires-Dist: pytest-md==0.2.0; extra == "dev"
+Requires-Dist: pytest-random-order==1.1.1; extra == "dev"
+Requires-Dist: pytest-httpdbg==0.9.0; extra == "dev"
+Requires-Dist: ruff~=0.11.0; extra == "dev"
+Requires-Dist: mimesis>=12.1.0; extra == "dev"
+Requires-Dist: build==1.3.0; extra == "dev"
+Requires-Dist: wheel==0.45.1; extra == "dev"
+Requires-Dist: setuptools==80.9.0; extra == "dev"
+Provides-Extra: docs
+Requires-Dist: ruff~=0.11.0; extra == "docs"
+Requires-Dist: mike~=2.1.3; extra == "docs"
+Requires-Dist: mkdocs~=1.6.1; extra == "docs"
+Requires-Dist: mkdocs-material~=9.6.18; extra == "docs"
+Requires-Dist: mkdocstrings[python]>=0.18; extra == "docs"
+Requires-Dist: griffe-typingdoc~=0.2.8; extra == "docs"
+Requires-Dist: mkdocs-codeinclude-plugin~=0.2.1; extra == "docs"
+Requires-Dist: markdown-include~=0.8.1; extra == "docs"
+Requires-Dist: mkdocs-exclude~=1.0.2; extra == "docs"
+Requires-Dist: rich; extra == "docs"
+Requires-Dist: logging-tree; extra == "docs"
+Dynamic: license-file
+**Documentation**: <https://recordedfuture-professionalservices.github.io/psengine/>
+**Github**: <https://github.com/RecordedFuture-ProfessionalServices/psengine>
+**PyPi**: <https://pypi.org/project/psengine/>
+---
+PSEngine is a simple, yet elegant, library for rapid development of integrations with Recorded Future.
+PSEngine allows you to interact with the Recorded Future API extremely easily. There’s no need to manually build the URLs and query parameters, just use the modules dedicated to individual API endpoints.
+PSEngine is a Python package solely built and maintained by the Cyber Security Engineering team powering a number of high profile integrations, such as: Elasticsearch, QRadar, Anomali, Jira, TheHive, etc.
+## Installation
+PSEngine is a Python package that can be installed using `pip`. To install PSengine, run the following command:
+```bash
+pip install psengine
+```
+PSEngine officially supports Python >= 3.9, < 3.14.
+## Supported Features & Best Practices
+PSEngine is ready for the demands of building robust and reliable integrations.
+It can easily interact with the following Recorded Future datasets:
+- Analyst Notes
+- Collective Insights
+- Classic & Playbook Alerts
+- Detection Rules
+- Fusion File management
+- Identity Exposures management
+- List management
+- Malware Sandbox reports download
+- On demand IOC enrichment
+- Risklists
+- Risk History
+- STIX conversion
+And facilitate the development with features like:
+- Built-in logging
+- Easy configuration management
+- Markdown creation from certain data types
+- Proxy support

psengine-2.3.0/README.md ADDED Viewed

@@ -0,0 +1,52 @@
+**Documentation**: <https://recordedfuture-professionalservices.github.io/psengine/>
+**Github**: <https://github.com/RecordedFuture-ProfessionalServices/psengine>
+**PyPi**: <https://pypi.org/project/psengine/>
+---
+PSEngine is a simple, yet elegant, library for rapid development of integrations with Recorded Future.
+PSEngine allows you to interact with the Recorded Future API extremely easily. There’s no need to manually build the URLs and query parameters, just use the modules dedicated to individual API endpoints.
+PSEngine is a Python package solely built and maintained by the Cyber Security Engineering team powering a number of high profile integrations, such as: Elasticsearch, QRadar, Anomali, Jira, TheHive, etc.
+## Installation
+PSEngine is a Python package that can be installed using `pip`. To install PSengine, run the following command:
+```bash
+pip install psengine
+```
+PSEngine officially supports Python >= 3.9, < 3.14.
+## Supported Features & Best Practices
+PSEngine is ready for the demands of building robust and reliable integrations.
+It can easily interact with the following Recorded Future datasets:
+- Analyst Notes
+- Collective Insights
+- Classic & Playbook Alerts
+- Detection Rules
+- Fusion File management
+- Identity Exposures management
+- List management
+- Malware Sandbox reports download
+- On demand IOC enrichment
+- Risklists
+- Risk History
+- STIX conversion
+And facilitate the development with features like:
+- Built-in logging
+- Easy configuration management
+- Markdown creation from certain data types
+- Proxy support

{psengine-2.1.1 → psengine-2.3.0}/psengine/_version.py RENAMED Viewed

@@ -11,4 +11,4 @@
 # accessed from any third party API.                                                         #
 ##############################################################################################
-__version__ = '2.1.1'
+__version__ = '2.3.0'

{psengine-2.1.1 → psengine-2.3.0}/psengine/analyst_notes/errors.py RENAMED Viewed

@@ -19,24 +19,24 @@ class AnalystNoteError(RecordedFutureError):
 class AnalystNoteLookupError(RecordedFutureError):
-    """Error raise when cannot lookup an analyst note."""
+    """Raised when an analyst note cannot be retrieved."""
 class AnalystNoteSearchError(RecordedFutureError):
-    """Error raise when cannot search analyst notes."""
+    """Raised when an analyst note cannot be searched."""
 class AnalystNoteAttachmentError(RecordedFutureError):
-    """Error raise when cannot lookup an analyst note."""
+    """Raised when an analyst note attachment cannot be retrieved."""
 class AnalystNoteDeleteError(RecordedFutureError):
-    """Error raise when cannot delete an analyst note."""
+    """Raised when an analyst note cannot be deleted."""
 class AnalystNotePreviewError(RecordedFutureError):
-    """Error raise when cannot post to preview endpoint."""
+    """Raised when an analyst note cannot be previewed."""
 class AnalystNotePublishError(RecordedFutureError):
-    """Error raise when cannot post to publish endpoint."""
+    """Raised when an analyst note cannot be published."""

{psengine-2.1.1 → psengine-2.3.0}/psengine/analyst_notes/models.py RENAMED Viewed

@@ -13,11 +13,12 @@
 import logging
 from datetime import datetime
-from typing import Any, Optional, Union
+from typing import Annotated, Any, Optional, Union
-from pydantic import Field, ValidationError, field_validator, model_validator
+from pydantic import BeforeValidator, Field, ValidationError, field_validator, model_validator
 from ..common_models import IdNameType, IdNameTypeDescription, RFBaseModel
+from ..helpers import Validators
 class DiamondModel(RFBaseModel):
@@ -198,7 +199,10 @@ class PreviewAttributesIn(RFBaseModel):
     text: str
     note_entities: Optional[list[str]] = []
     context_entities: Optional[list[str]] = []
-    topic: Union[list[str], str, None] = []
+    topic: Annotated[
+        Union[list[str], str, None],
+        BeforeValidator(Validators.convert_str_to_list),
+    ] = []
     labels: Optional[list[str]] = []
     validation_urls: Optional[list[str]] = []

{psengine-2.1.1 → psengine-2.3.0}/psengine/analyst_notes/note_mgr.py RENAMED Viewed

@@ -210,9 +210,6 @@ class AnalystNoteMgr:
             ValidationError: If any supplied parameter is of incorrect type.
             AnalystNotePreviewRequest: If connection error occurs.
         """
-        if topic:
-            topic = topic if isinstance(topic, list) else [topic]
         data = {
             'attributes': {
                 'title': title,
@@ -262,9 +259,6 @@ class AnalystNoteMgr:
             ValidationError: If any supplied parameter is of incorrect type.
             AnalystNotePublishError: If connection error occurs.
         """
-        if topic:
-            topic = topic if isinstance(topic, list) else [topic]
         data = {
             'attributes': {
                 'title': title,
@@ -308,15 +302,21 @@ class AnalystNoteMgr:
             Fetch and save an attachment from an analyst note:
             ```python
-            from psengine.analyst_notes import save_attachment
+            from pathlib import Path
+            from psengine.analyst_notes import AnalystNoteMgr, save_attachment
+            OUTPUT_DIR = Path(__file__).parent / 'attachments'
+            OUTPUT_DIR.mkdir(exist_ok=True)
             # Note with PDF attachment
             attachment, extension = note_mgr.fetch_attachment('tPtLVw')
-            save_attachment('tPtLVw', attachment, extension)
+            save_attachment('tPtLVw', attachment, extension, OUTPUT_DIR)
             # Note with YAR attachment
             attachment, extension = note_mgr.fetch_attachment('oJeqDP')
-            save_attachment('oJeqDP', attachment, extension)
+            save_attachment('oJeqDP', attachment, extension, OUTPUT_DIR)
             ```
         Raises:

{psengine-2.1.1 → psengine-2.3.0}/psengine/base_http_client.py RENAMED Viewed

@@ -97,7 +97,7 @@ class BaseHTTPClient:
         self,
         method: Annotated[str, Doc('An HTTP method.')],
         url: Annotated[str, Doc('A URL to make the request to.')],
-        data: Annotated[Union[dict, list[dict], None], Doc('A request body.')] = None,
+        data: Annotated[Union[dict, list[dict], bytes, None], Doc('A request body.')] = None,
         *,
         params: Annotated[Union[dict, None], Doc('HTTP query parameters.')] = None,
         headers: Annotated[
@@ -124,7 +124,8 @@ class BaseHTTPClient:
         if 'User-Agent' not in headers:
             headers['User-Agent'] = self._get_user_agent_header()
-        data = json.dumps(data) if data is not None else None
+        if not isinstance(data, bytes):
+            data = json.dumps(data) if data is not None else None
         try:
             response = method_func(

{psengine-2.1.1 → psengine-2.3.0}/psengine/classic_alerts/classic_alert_mgr.py RENAMED Viewed

@@ -157,10 +157,11 @@ class ClassicAlertMgr:
             Optional[list[str]],
             Doc(
                 """
-                Fields to include in the search result.
+                Fields to include in the fetch result.
                 **Note:**
-                Defaults fields are `id`, `log`, `title`, `rule` which are always retrieved.
+                All fields are collected by default. Specify the fields needed, however the fields
+                `id`, `log`, `title`, `rule` are always retrieved.
                 Any provided fields are added to these."
                 """
             ),
@@ -216,10 +217,11 @@ class ClassicAlertMgr:
             Optional[list[str]],
             Doc(
                 """
-                Fields to include in the search result.
+                Fields to include in the fetch result.
                 **Note:**
-                Defaults fields are `id`, `log`, `title`, `rule` which are always retrieved.
+                All fields are collected by default. Specify the fields needed, however the fields
+                `id`, `log`, `title`, `rule` are always retrieved.
                 Any provided fields are added to these."
                 """
             ),

{psengine-2.1.1 → psengine-2.3.0}/psengine/classic_alerts/markdown/markdown.py RENAMED Viewed

@@ -18,7 +18,7 @@ from typing import TYPE_CHECKING
 from markdown_strings import blockquote, bold, esc_format, link
 if TYPE_CHECKING:
-    from ..classic_alerts.classic_alert import ClassicAlert
+    from ...classic_alerts.classic_alert import ClassicAlert
 from ...constants import TIMESTAMP_STR, TRUNCATE_COMMENT
 from ...markdown import (
@@ -132,9 +132,9 @@ def _process_entities(entities, hit) -> list[list[str]]:
 def _hits_markdown(
     classic_alert: 'ClassicAlert',
     hits,
-    include_fragment_entities: bool = True,
-    include_triggered_by: bool = True,
-    html_tags: bool = False,
+    include_fragment_entities: bool,
+    include_triggered_by: bool,
+    html_tags: bool,
 ) -> list:
     sections = []
     for idx, hit in enumerate(hits):
@@ -202,7 +202,9 @@ def _enriched_entities_markdown(classic_alert: 'ClassicAlert') -> list:
     return results
-def _target_entities_markdown(classic_alert: 'ClassicAlert', html_tags: bool = False) -> list:
+def _target_entities_markdown(
+    classic_alert: 'ClassicAlert', triggered_by: bool, html_tags: bool = False
+) -> list:
     results = []
     for entity in classic_alert.enriched_entities:
         result = {'title': f'Target {entity.entity.name}'}
@@ -210,6 +212,7 @@ def _target_entities_markdown(classic_alert: 'ClassicAlert', html_tags: bool = F
             classic_alert,
             hits=entity.references,
             include_fragment_entities=False,
+            include_triggered_by=triggered_by,
             html_tags=html_tags,
         )
         if len(result['content']):
@@ -268,7 +271,7 @@ def _add_ai_insights_section(
 def _add_enriched_entities_sections(
-    md_maker: MarkdownMaker, classic_alert: 'ClassicAlert', html_tags: bool
+    md_maker: MarkdownMaker, classic_alert: 'ClassicAlert', triggered_by: bool, html_tags: bool
 ) -> None:
     """Adds sections related to enriched entities (evidence and references)."""
     if any(x.evidence for x in classic_alert.enriched_entities):
@@ -278,7 +281,7 @@ def _add_enriched_entities_sections(
     if any(x.references for x in classic_alert.enriched_entities):
         md_maker.add_section(
             'Target Entities',
-            _target_entities_markdown(classic_alert, html_tags),
+            _target_entities_markdown(classic_alert, triggered_by, html_tags),
         )
@@ -350,7 +353,7 @@ def _markdown_alert(
         _add_ai_insights_section(md_maker, classic_alert, ai_insights)
         if classic_alert.enriched_entities:
-            _add_enriched_entities_sections(md_maker, classic_alert, html_tags)
+            _add_enriched_entities_sections(md_maker, classic_alert, triggered_by, html_tags)
         else:
             _add_hits_section_if_no_enriched_entities(
                 md_maker, classic_alert, fragment_entities, triggered_by, html_tags

{psengine-2.1.1 → psengine-2.3.0}/psengine/collective_insights/collective_insights.py RENAMED Viewed

@@ -67,11 +67,6 @@ class CollectiveInsights:
         Raises:
             ValidationError: If any supplied parameter is of incorrect type.
         """
-        malwares = malwares if isinstance(malwares, list) else [malwares] if malwares else None
-        mitre_codes = (
-            mitre_codes if isinstance(mitre_codes, list) else [mitre_codes] if mitre_codes else None
-        )
         incident = {'id': incident_id, 'type': incident_type, 'name': incident_name}
         detection = {
             'id': detection_id,

{psengine-2.1.1 → psengine-2.3.0}/psengine/collective_insights/insight.py RENAMED Viewed

@@ -13,10 +13,13 @@
 from datetime import datetime
 from functools import total_ordering
-from typing import Optional
+from typing import Annotated, Optional
+from pydantic import BeforeValidator
 from ..common_models import IdNameType, RFBaseModel
 from ..constants import TIMESTAMP_STR
+from ..helpers import Validators
 from .models import (
     RequestDetection,
     RequestIOC,
@@ -59,8 +62,10 @@ class Insight(RFBaseModel):
     timestamp: datetime
     ioc: RequestIOC
     incident: Optional[IdNameType] = None
-    mitre_codes: Optional[list[str]] = None
-    malwares: Optional[list[str]] = None
+    mitre_codes: Annotated[Optional[list[str]], BeforeValidator(Validators.convert_str_to_list)] = (
+        None
+    )
+    malwares: Annotated[Optional[list[str]], BeforeValidator(Validators.convert_str_to_list)] = None
     detection: RequestDetection
     def __hash__(self):

{psengine-2.1.1 → psengine-2.3.0}/psengine/detection/detection_mgr.py RENAMED Viewed

@@ -45,22 +45,22 @@ class DetectionMgr:
     def search(
         self,
         detection_rule: Annotated[
-            Union[list[str], str, None], Doc('Types of detection rules to search for.')
+            Union[str, list[str], None], Doc('Types of detection rules to search for.')
         ] = None,
         entities: Annotated[
             Optional[list[str]], Doc('List of entities to filter the search.')
         ] = None,
         created_before: Annotated[
-            Optional[str], Doc('Filter for rules created before this date.')
+            Optional[str], Doc('Filter for rules created before this date or relative date.')
         ] = None,
         created_after: Annotated[
-            Optional[str], Doc('Filter for rules created after this date.')
+            Optional[str], Doc('Filter for rules created after this date or relative date.')
         ] = None,
         updated_before: Annotated[
-            Optional[str], Doc('Filter for rules updated before this date.')
+            Optional[str], Doc('Filter for rules updated before this date or relative date.')
         ] = None,
         updated_after: Annotated[
-            Optional[str], Doc('Filter for rules updated after this date.')
+            Optional[str], Doc('Filter for rules updated after this date or relative date.')
         ] = None,
         doc_id: Annotated[Optional[str], Doc('Filter by document ID.')] = None,
         title: Annotated[Optional[str], Doc('Filter by title.')] = None,
@@ -82,7 +82,6 @@ class DetectionMgr:
             ValidationError: If any supplied parameter is of incorrect type.
             DetectionRuleSearchError: If connection error occurs.
         """
-        detection_rule = [detection_rule] if isinstance(detection_rule, str) else detection_rule
         filters = {
             'types': detection_rule,
             'entities': entities,

{psengine-2.1.1 → psengine-2.3.0}/psengine/detection/models.py RENAMED Viewed

@@ -12,11 +12,12 @@
 ##############################################################################################
 from datetime import datetime
-from typing import Optional
+from typing import Annotated, Optional
-from pydantic import Field
+from pydantic import BeforeValidator, Field
 from ..common_models import DetectionRuleType, RFBaseModel
+from ..helpers import Validators
 class Entity(RFBaseModel):
@@ -34,12 +35,14 @@ class RuleContext(RFBaseModel):
 class TimeRange(RFBaseModel):
-    after: Optional[datetime] = None
-    before: Optional[datetime] = None
+    after: Annotated[Optional[datetime], BeforeValidator(Validators.convert_relative_time)] = None
+    before: Annotated[Optional[datetime], BeforeValidator(Validators.convert_relative_time)] = None
 class SearchFilter(RFBaseModel):
-    types: Optional[list[DetectionRuleType]] = None
+    types: Annotated[
+        Optional[list[DetectionRuleType]], BeforeValidator(Validators.convert_str_to_list)
+    ] = None
     entities: Optional[list[str]] = None
     created: Optional[TimeRange] = None
     updated: Optional[TimeRange] = None

{psengine-2.1.1 → psengine-2.3.0}/psengine/endpoints.py RENAMED Viewed

@@ -45,6 +45,9 @@ EP_CLASSIC_ALERTS_ID = EP_CLASSIC_ALERTS_V3 + '/alerts/{}'
 EP_RISKLIST = f'{BASE_URL}/{API_VERSION}/' + '{}/risklist'
 EP_FUSION_FILES = CONNECT_API_BASE_URL + '/fusion/files'
+EP_FUSION_FILES_V3 = f'{BASE_URL}/fusion/v3/files/'
+EP_FUSION_DIR_V3 = f'{BASE_URL}/fusion/v3/files/directory/'
 ###############################################################################
 # Playbook Alert Endpoints
 ###############################################################################
@@ -75,7 +78,7 @@ EP_SEARCH_LIST = EP_LIST + '/search'
 ###############################################################################
 # SOAR Endpoints
 ###############################################################################
-EP_SOAR_ENRICHMENT = CONNECT_API_BASE_URL + '/soar/enrichment'
+EP_SOAR_ENRICHMENT = BASE_URL + '/soar/v3/enrichment'
 ###############################################################################
 # Detection Rules API Endpoints
@@ -111,3 +114,15 @@ EP_IDENTITY_IP_LOOKUP = EP_IDENTITY + 'ip/lookup'
 EP_IDENTITY_CREDENTIALS_SEARCH = EP_IDENTITY + 'credentials/search'
 EP_IDENTITY_CREDENTIALS_LOOKUP = EP_IDENTITY + 'credentials/lookup'
 EP_IDENTITY_DUMP_SEARCH = EP_IDENTITY + 'metadata/dump/search'
+###############################################################################
+# Malware Intelligence API Endpoints
+###############################################################################
+EP_MALWARE_INTELLIGENCE = BASE_URL + '/malware-intelligence/v1/'
+EP_MALWARE_INTEL_REPORTS = EP_MALWARE_INTELLIGENCE + 'reports'
+###############################################################################
+# Risk History API Endpoints
+###############################################################################
+EP_RISK_HISTORY_BASE = BASE_URL + '/risk'
+EP_RISK_HISTORY = EP_RISK_HISTORY_BASE + '/history'

{psengine-2.1.1 → psengine-2.3.0}/psengine/enrich/constants.py RENAMED Viewed

@@ -23,40 +23,37 @@ from ..enrich import (
     EnrichedVulnerability,
 )
-SOAR_POST_ROWS = 2000
+SOAR_POST_ROWS = 1000
 ALLOWED_ENTITIES = Literal[
+    'Company',
     'company',
     'company_by_domain',
     'company/by_domain',
-    'domain',
-    'hash',
-    'ip',
-    'malware',
-    'url',
-    'vulnerability',
-    'Company',
     'Organization',
-    'InternetDomainName',
+    'organization',
+    'hash',
     'Hash',
+    'InternetDomainName',
+    'domain',
+    'ip',
     'IpAddress',
     'Malware',
+    'malware',
     'URL',
+    'url',
     'CyberVulnerability',
+    'vulnerability',
 ]
 ENTITY_FIELDS = ['entity', 'risk', 'timestamps']
 MALWARE_FIELDS = ['entity', 'timestamps']
 TYPE_MAPPING = {
     'company/by_domain': 'company_by_domain',
-    'Organization': 'company',
-    'Company': 'company',
-    'IpAddress': 'ip',
-    'InternetDomainName': 'domain',
-    'CyberVulnerability': 'vulnerability',
-    'URL': 'url',
-    'Malware': 'malware',
-    'Hash': 'hash',
+    'organization': 'company',
+    'ipaddress': 'ip',
+    'internetdomainname': 'domain',
+    'cybervulnerability': 'vulnerability',
 }

{psengine-2.1.1 → psengine-2.3.0}/psengine/enrich/lookup.py RENAMED Viewed

@@ -291,3 +291,21 @@ class EnrichmentData(RFBaseModel):
             f'Risk Score: {self.content.risk.score}, '
             f'Last Seen: {self.content.timestamps.last_seen.strftime(TIMESTAMP_STR)}'
         )
+    def links(self, from_section: str, entity_type: str) -> list[str]:
+        """Retrieve a list of entities from the links attribute of the specific type and section."""
+        results = []
+        if not hasattr(self.content, 'links'):
+            return []
+        results.extend(
+            entity.name
+            for hit in self.content.links.hits
+            for section in hit.sections
+            if section.section_id and section.section_id.name == from_section
+            for lst in section.lists
+            for entity in lst.entities
+            if entity.type_ == entity_type
+        )
+        return results

{psengine-2.1.1 → psengine-2.3.0}/psengine/enrich/lookup_mgr.py RENAMED Viewed

@@ -72,6 +72,7 @@ class LookupMgr:
         - `malware`
         - `Malware`
         - `Organization`
+        - `organization`
         - `url`
         - `URL`
         - `vulnerability`
@@ -181,6 +182,7 @@ class LookupMgr:
         - `malware`
         - `Malware`
         - `Organization`
+        - `organization`
         - `url`
         - `URL`
         - `vulnerability`
@@ -273,7 +275,7 @@ class LookupMgr:
         entity_type: str,
         fields: list,
     ):
-        entity_type = TYPE_MAPPING.get(entity_type, entity_type)
+        entity_type = TYPE_MAPPING.get(entity_type.lower(), entity_type.lower())
         enriched = self._fetch_data(
             entity=entity,

{psengine-2.1.1 → psengine-2.3.0}/psengine/enrich/soar_mgr.py RENAMED Viewed

@@ -61,7 +61,7 @@ class SoarMgr:
         vulnerabilities, URLs, and company domains. Uses multithreading if `max_workers` > 0.
         Endpoint:
-            `v2/soar/enrichment`
+            `soar/v3/enrichment`
         Example:
             Simple bulk enrichment:
@@ -81,7 +81,7 @@ class SoarMgr:
             ```
             Save enriched results to file:
-            ```
+            ```python
             from pathlib import Path
             from json import dumps
             from psengine.enrich import SoarMgr

psengine 2.1.1__tar.gz → 2.3.0__tar.gz

psengine 2.1.1tar.gz → 2.3.0tar.gz