TIPCommon.rest

TIPCommon.rest.auth.generate_jwt_from_sa

TIPCommon.rest.auth.generate_jwt_from_sa(service_account, expiry_length=3600, audience=None)

Generate a JSON Web Token to access Google Cloud API resources using REST.

Parameters
service_account str | dict

Google Cloud project service account with the necessary Identity and Access Management roles.
expiry_length int

Time set until the token expires in seconds. Default is 1 hour.
audience str

Google Cloud scope. If not provided, falls back to https://www.googleapis.com/auth/cloud-platform.

Returns

JWT token to use in the authorization header.

Return type

bytes

TIPCommon.rest.httplib.get_auth_session

TIPCommon.rest.httplib.get_auth_session(service_account, audience=None, verify_ssl=True)

Create an authorized HTTP session to a Google Cloud resource API.

Parameters
service_account str | dict

Google Cloud project service account with the necessary Identity and Access Management roles.
audience str

Google Cloud scope.
verify_ssl bool

Defines whether to create a session with SSL encryption.

Returns

An authorized session object.

Return type

requests.Session

TIPCommon.rest.soar_api.get_case_overview_details

TIPCommon.rest.soar_api.get_case_overview_details(chronicle_soar: SiemplifyAction | SiemplifyConnectorExecution | SiemplifyJob, case_id: int | str) → CaseDetails

Get case overview details by case ID.

Parameters
chronicle_soar ChronicleSOAR

A Google Security Operations SOAR SDK object.
case_id int | str

Case identifier.

Returns

The case details object.

Return type

(CaseDetails)

Raises

  • requests.HTTPError, if failed to request or request status is not 200.
  • json.JSONDecoderError, if failed to parse the response.

TIPCommon.rest.soar_api.get_env_action_def_files

TIPCommon.rest.soar_api.get_env_action_def_files(chronicle_soar: SiemplifyAction | SiemplifyConnectorExecution | SiemplifyJob)→ list[Dict[str, Any]]

Retrieve a list of environment action definition files.

Parameters
chronicle_soar ChronicleSOAR

A Google Security Operations SOAR SDK object.

Returns

A list of SingleJson objects representing the action definition files.

Return type

(list[SingleJson])

Raises

  • requests.HTTPError
  • json.JSONDecodeError

TIPCommon.rest.soar_api.get_installed_jobs

TIPCommon.rest.soar_api.get_installed_jobs(chronicle_soar: SiemplifyAction | SiemplifyConnectorExecution | SiemplifyJob)→ list[Dict[str, Any]]

Retrieve a list of environment action definition files.

Parameters
chronicle_soar ChronicleSOAR

A Google Security Operations SOAR SDK object.

Returns

A list of SingleJson objects representing the action definition files.

Return type

(list[SingleJson])

Raises

  • requests.HTTPError
  • json.JSONDecodeError

TIPCommon.rest.soar_api.get_integration_full_details

TIPCommon.rest.soar_api.get_integration_full_details(chronicle_soar: SiemplifyAction | SiemplifyConnectorExecution | SiemplifyJob, integration_identifier: str)→ Dict[str, Any]

Retrieve the full details file of the integration.

Parameters
chronicle_soar ChronicleSOAR

A Google Security Operations SOAR SDK object.
integration_identifier str

The integration ID.

Returns

JSON response containing the full details of the integration.

Return type

(SingleJSON)

Raises

  • requests.HTTPError
  • json.JSONDecodeError

TIPCommon.rest.soar_api.validate_response

TIPCommon.rest.soar_api.validate_response(response: Response, validate_json: bool = False) → None

Validate response and get it as a JSON.

Parameters
response requests.Response

The response to validate.

Raises

  • HTTPError, if the response status code indicates a failure.