SiemplifyDataModel 모듈
SiemplifyDataModel.ActionLogRecord 클래스
class SiemplifyDataModel.ActionLogRecord(record_type, message, original_source_file_name=None, case_id=None, alert_id=None, workflow_id=None, environment=None, source_system_name=None, exception_message=None, integration=None, action_definition_name=None, timestamp=None)
기본: 객체
SiemplifyDataModel.Alert 클래스
class SiemplifyDataModel.Alert(identifier, alert_group_identifier, creation_time, modification_time, case_identifier, reporting_vendor, reporting_product, environment, name, description, external_id, severity, rule_generator, tags, detected_time, security_events, domain_relations, domain_entities, additional_properties, additional_data)
기본: AlertInfo
get_alert_start_time(creation_time, security_events)
static get_prop_if_exists(dictionary, prop_name, default_value)
SiemplifyDataModel.AlertInfo 클래스
class SiemplifyDataModel.AlertInfo(identifier, alert_group_identifier, creation_time, modification_time, case_identifier, reporting_vendor, reporting_product, environment, name, description, external_id, severity, rule_generator, tags, detected_time, additional_properties, additional_data)
기본: Base
class SiemplifyDataModel.ApiPeriodTypeEnum
class SiemplifyDataModel.ApiPeriodTypeEnum
기본: 객체
이 객체는 SLA 기간의 시간 단위를 나타냅니다.
DAYS= 'Days'
HOURS= 'Hours'
MINUTES= 'Minutes'
classmethod validate(value)
classmethod values()
SiemplifyDataModel.ApiSyncAlertCloseReasonEnum 클래스
class SiemplifyDataModel.ApiSyncAlertCloseReasonEnum
기본: 객체
INCONCLUSIVE= 3
MAINTENANCE= 2
MALICIOUS= 0
NOT_MALICIOUS= 1
UNKNOWN= 4
SiemplifyDataModel.ApiSyncAlertPriorityEnum 클래스
class SiemplifyDataModel.ApiSyncAlertPriorityEnum
기본: 객체
CRITICAL= 5
HIGH= 4
INFORMATIVE= 0
LOW= 2
MEDIUM= 3
UNCHANGED= 1
SiemplifyDataModel.ApiSyncAlertStatusEnum 클래스
class SiemplifyDataModel.ApiSyncAlertStatusEnum
기본: 객체
CLOSED= 1
OPENED= 0
SiemplifyDataModel.ApiSyncAlertUsefulnessEnum 클래스
class SiemplifyDataModel.ApiSyncAlertUsefulnessEnum
기본: 객체
NONE= 0
NOT_USEFUL= 1
USEFUL= 2
SiemplifyDataModel.ApiSyncCasePriorityEnum 클래스
class SiemplifyDataModel.ApiSyncCasePriorityEnum
기본: 객체
CRITICAL= 5
HIGH= 4
INFORMATIVE= 0
LOW= 2
MEDIUM= 3
UNCHANGED= 1
class SiemplifyDataModel.ApiSyncCaseStatusEnum
class SiemplifyDataModel.ApiSyncCaseStatusEnum
기본: 객체
ALL= 2
CLOSED= 2
CREATION_PENDING= 4
MERGED= 3
OPENED= 1
SiemplifyDataModel.Attachment 클래스
class SiemplifyDataModel.Attachment(case_identifier, alert_identifier, base64_blob, attachment_type, name, description, is_favorite, orig_size, size)
기본: Base
fromfile(path, case_id=None, alert_identifier=None, description=None, is_favorite=False)static
property is_identifier_mandatory
SiemplifyDataModel.Base 클래스
class SiemplifyDataModel.Base(identifier, creation_time=None, modification_time=None, additional_properties=None)
기본: 객체
property is_identifier_mandatory
SiemplifyDataModel.CaseFilterOperatorEnum 클래스
class SiemplifyDataModel.CaseFilterOperatorEnum
기본: 객체
AND= 'AND'
OR= 'OR'
class SiemplifyDataModel.CaseFilterSortByEnum
class SiemplifyDataModel.CaseFilterSortByEnum
기본: 객체
CLOSE_TIME= 'CLOSE_TIME'
START_TIME= 'START_TIME'
UPDATE_TIME= 'UPDATE_TIME'
class SiemplifyDataModel.CaseFilterSortOrderEnum
class SiemplifyDataModel.CaseFilterSortOrderEnum
기본: 객체
ASC= 'ASC'
DESC= 'DESC'
SiemplifyDataModel.CaseFilterStatusEnum 클래스
class SiemplifyDataModel.CaseFilterStatusEnum
기본: 객체
BOTH= 'BOTH'
CLOSE= 'CLOSE'
OPEN= 'OPEN'
SiemplifyDataModel.CaseFilterValue 클래스
class SiemplifyDataModel.CaseFilterValue(value, title)
기본: 객체
SiemplifyDataModel.CaseStatus 클래스
class SiemplifyDataModel.CaseStatus
기본: 객체
CLOSE= 'CLOSE'
OPEN= 'OPEN'
SiemplifyDataModel.CasesFilter 클래스
class SiemplifyDataModel.CasesFilter(environments=None, analysts=None, statuses=None, case_names=None, tags=None, priorities=None, stages=None, case_types=None, products=None, networks=None, ticked_ids_free_search='', case_ids_free_search='', wall_data_free_search='', entities_free_search='', start_time_unix_time_in_ms=-1, end_time_unix_time_in_ms=-1)
기본: 객체
SiemplifyDataModel.ConnectorLogRecord 클래스
class SiemplifyDataModel.ConnectorLogRecord(record_type, message, connector_identifier, result_data_type, original_source_file_name=None, result_package_items_count=None, environment=None, source_system_name=None, exception_message=None, integration=None, connector_definition_name=None, timestamp=None)
기본: 객체
SiemplifyDataModel.CustomList 클래스
class SiemplifyDataModel.CustomList(identifier, category, environment)
기본: Base
property is_identifier_mandatory
SiemplifyDataModel.CyberCase 클래스
class SiemplifyDataModel.CyberCase(identifier, creation_time, modification_time, alert_count, priority, is_touched, is_merged, is_important, environment, assigned_user, title, description, status, is_incident, stage, has_suspicious_entity, high_risk_products, is_locked, has_workflow, sla_expiration_unix_time, cyber_alerts, additional_properties)
기본: CyberCaseInfo
SiemplifyDataModel.CyberCaseInfo 클래스
class SiemplifyDataModel.CyberCaseInfo(identifier, creation_time, modification_time, alert_count, priority, is_touched, is_merged, is_important, assigned_user, title, description, status, environment, is_incident, stage, has_suspicious_entity, high_risk_products, is_locked, has_workflow, sla_expiration_unix_time, additional_properties)
기본: Base
SiemplifyDataModel.DomainEntityInfo 클래스
class SiemplifyDataModel.DomainEntityInfo(identifier, creation_time, modification_time, case_identifier, alert_identifier, entity_type, is_internal, is_suspicious, is_artifact, is_enriched, is_vulnerable, is_pivot, additional_properties)
기본: Base
to_dict()
SiemplifyDataModel.DomainRelationInfo 클래스
class SiemplifyDataModel.DomainRelationInfo(identifier, creation_time, modification_time, case_identifier, alert_identifier, security_event_identifier, relation_type, event_id, from_identifier, to_identifier, device_product, device_vendor, event_class_id, severity, start_time, end_time, destination_port, category_outcome, additional_properties, to_type=None, from_type=None)
기본: Base
SiemplifyDataModel.EntityTypes 클래스
class SiemplifyDataModel.EntityTypes
기본: 객체
ADDRESS= 'ADDRESS'
ALERT= 'ALERT'
APPLICATION= 'APPLICATION'
CHILDHASH= 'CHILDHASH'
CHILDPROCESS= 'CHILDPROCESS'
CLUSTER= 'CLUSTER'
CONTAINER= 'CONTAINER'
CREDITCARD= 'CREDITCARD'
CVE= 'CVE'
CVEID= 'CVEID'
DATABASE= 'DATABASE'
DEPLOYMENT= 'DEPLOYMENT'
DESTINATIONDOMAIN= 'DESTINATIONDOMAIN'
DOMAIN= 'DOMAIN'
EMAILMESSAGE= 'EMAILSUBJECT'
EVENT= 'EVENT'
FILEHASH= 'FILEHASH'
FILENAME= 'FILENAME'
GENERIC= 'GENERICENTITY'
HOSTNAME= 'HOSTNAME'
IPSET= 'IPSET'
MACADDRESS= 'MacAddress'
PARENTHASH= 'PARENTHASH'
PARENTPROCESS= 'PARENTPROCESS'
PHONENUMBER= 'PHONENUMBER'
POD= 'POD'
PROCESS= 'PROCESS'
SERVICE= 'SERVICE'
SOURCEDOMAIN= 'SOURCEDOMAIN'
THREATACTOR= 'THREATACTOR'
THREATCAMPAIGN= 'THREATCAMPAIGN'
THREATSIGNATURE= 'THREATSIGNATURE'
URL= 'DestinationURL'
USB= 'USB'
USER= 'USERUNIQNAME'
class SiemplifyDataModel.InsightSeverity
class SiemplifyDataModel.InsightSeverity
기본: 객체
ERROR= 2
INFO= 0
WARN= 1
SiemplifyDataModel.InsightType 클래스
class SiemplifyDataModel.InsightType
기본: 객체
Entity= 1
General= 0
SiemplifyDataModel.LogRecordTypeEnum 클래스
class SiemplifyDataModel.LogRecordTypeEnum
기본: 객체
ERROR= 1
INFO= 0
KEEP_ALIVE= 2
SiemplifyDataModel.LogRow 클래스
class SiemplifyDataModel.LogRow(message, log_level, timestamp)
기본: 객체
SiemplifyDataModel.SecurityEventInfo 클래스
class SiemplifyDataModel.SecurityEventInfo(identifier=None, creation_time=None, modification_time=None, case_identifier=None, alert_identifier=None, name=None, description=None, event_id=None, device_severity=None, device_product=None, device_vendor=None, device_version=None, event_class_id=None, severity=None, start_time=None, end_time=None, event_type=None, rule_generator=None, is_correlation=None, device_host_name=None, device_address=None, source_dns_domain=None, source_nt_domain=None, source_host_name=None, source_address=None, source_user_name=None, source_user_id=None, source_process_name=None, destination_dns_domain=None, destination_nt_domain=None, destination_host_name=None, destination_address=None, destination_user_name=None, destination_url=None, destination_port=None, destination_process_name=None, file_name=None, file_hash=None, file_type=None, email_subject=None, usb=None, application_protocol=None, transport_protocol=None, category_outcome=None, signature=None, deployment=None, additional_properties=None, threat_actor=None, source_mac_address=None, destination_mac_address=None, credit_card=None, phone_number=None, cve=None, threat_campaign=None, generic_entity=None, process=None, parent_process=None, parent_hash=None, child_process=None, child_hash=None, source_domain=None, destination_domain=None, ipset=None, cluster=None, application=None, database=None, pod=None, container=None, service=None)
기본: Base
property is_identifier_mandatory
SiemplifyDataModel.SyncAlert 클래스
class SiemplifyDataModel.SyncAlert(alert_group_id, alert_id, case_id, environment, priority, status, ticket_id, creation_time, close_comment, close_reason, close_root_cause, close_usefulness)
기본: 객체
SiemplifyDataModel.SyncAlertMetadata 클래스
class SiemplifyDataModel.SyncAlertMetadata(alert_group_id, tracking_time)
기본: 객체
SiemplifyDataModel.SyncCase 클래스
class SiemplifyDataModel.SyncCase(case_id, environment, priority, stage, status, external_case_id, title)
기본: 객체
SiemplifyDataModel.SyncCaseIdMatch 클래스
class SiemplifyDataModel.SyncCaseIdMatch(case_id, external_case_id)
기본: object
이 객체는 Siemplify 내부 케이스 ID와 외부 시스템의 외부 케이스 ID 간의 일치를 나타냅니다.
SiemplifyDataModel.SyncCaseMetadata 클래스
class SiemplifyDataModel.SyncCaseMetadata(case_id, tracking_time)
기본: 객체
SiemplifyDataModel.Task 클래스
class SiemplifyDataModel.Task(case_id, content, creator_user_id, due_date_unix_time_ms=None, is_important=False, is_favorite=False, owner_comment=None, priority=0, owner=None, status=0, completion_comment=None, completion_date_time_unix_time_in_ms=None, alert_identifier=None, id=0, title=None, creator_full_name=None, owner_full_name=None, creation_time_unix_time_in_ms=0, modification_time_unix_time_in_ms=0, last_modifier=None, last_modifier_full_name=None, completor=None, completor_full_name=None)
기본: Base