SiemplifyDataModel module
class SiemplifyDataModel.ActionLogRecord
class SiemplifyDataModel.ActionLogRecord(record_type, message, original_source_file_name=None, case_id=None, alert_id=None, workflow_id=None, environment=None, source_system_name=None, exception_message=None, integration=None, action_definition_name=None, timestamp=None)
Bases: object
class SiemplifyDataModel.Alert
class SiemplifyDataModel.Alert(identifier, alert_group_identifier, creation_time, modification_time, case_identifier, reporting_vendor, reporting_product, environment, name, description, external_id, severity, rule_generator, tags, detected_time, security_events, domain_relations, domain_entities, additional_properties, additional_data)
Bases: AlertInfo
get_alert_start_time(creation_time, security_events)
static get_prop_if_exists(dictionary, prop_name, default_value)
class SiemplifyDataModel.AlertInfo
class SiemplifyDataModel.AlertInfo(identifier, alert_group_identifier, creation_time, modification_time, case_identifier, reporting_vendor, reporting_product, environment, name, description, external_id, severity, rule_generator, tags, detected_time, additional_properties, additional_data)
Bases: Base
class SiemplifyDataModel.ApiPeriodTypeEnum
class SiemplifyDataModel.ApiPeriodTypeEnum
Bases: object
This object represents the time units of an SLA period.
DAYS= 'Days'
HOURS= 'Hours'
MINUTES= 'Minutes'
classmethod validate(value)
classmethod values()
class SiemplifyDataModel.ApiSyncAlertCloseReasonEnum
class SiemplifyDataModel.ApiSyncAlertCloseReasonEnum
Bases: object
INCONCLUSIVE= 3
MAINTENANCE= 2
MALICIOUS= 0
NOT_MALICIOUS= 1
UNKNOWN= 4
class SiemplifyDataModel.ApiSyncAlertPriorityEnum
class SiemplifyDataModel.ApiSyncAlertPriorityEnum
Bases: object
CRITICAL= 5
HIGH= 4
INFORMATIVE= 0
LOW= 2
MEDIUM= 3
UNCHANGED= 1
class SiemplifyDataModel.ApiSyncAlertStatusEnum
class SiemplifyDataModel.ApiSyncAlertStatusEnum
Bases: object
CLOSED= 1
OPENED= 0
class SiemplifyDataModel.ApiSyncAlertUsefulnessEnum
class SiemplifyDataModel.ApiSyncAlertUsefulnessEnum
Bases: object
NONE= 0
NOT_USEFUL= 1
USEFUL= 2
class SiemplifyDataModel.ApiSyncCasePriorityEnum
class SiemplifyDataModel.ApiSyncCasePriorityEnum
Bases: object
CRITICAL= 5
HIGH= 4
INFORMATIVE= 0
LOW= 2
MEDIUM= 3
UNCHANGED= 1
class SiemplifyDataModel.ApiSyncCaseStatusEnum
class SiemplifyDataModel.ApiSyncCaseStatusEnum
Bases: object
ALL= 2
CLOSED= 1
CREATION_PENDING= 4
MERGED= 3
OPENED= 0
class SiemplifyDataModel.Attachment
class SiemplifyDataModel.Attachment(case_identifier, alert_identifier, base64_blob, attachment_type, name, description, is_favorite, orig_size, size)
Bases: Base
static fromfile(path, case_id=None, alert_identifier=None, description=None, is_favorite=False)
property is_identifier_mandatory
class SiemplifyDataModel.Base
class SiemplifyDataModel.Base(identifier, creation_time=None, modification_time=None, additional_properties=None)
Bases: object
property is_identifier_mandatory
class SiemplifyDataModel.CaseFilterOperatorEnum
class SiemplifyDataModel.CaseFilterOperatorEnum
Bases: object
AND= 'AND'
OR= 'OR'
class SiemplifyDataModel.CaseFilterSortByEnum
class SiemplifyDataModel.CaseFilterSortByEnum
Bases: object
CLOSE_TIME= 'CLOSE_TIME'
START_TIME= 'START_TIME'
UPDATE_TIME= 'UPDATE_TIME'
class SiemplifyDataModel.CaseFilterSortOrderEnum
class SiemplifyDataModel.CaseFilterSortOrderEnum
Bases: object
ASC= 'ASC'
DESC= 'DESC'
class SiemplifyDataModel.CaseFilterStatusEnum
class SiemplifyDataModel.CaseFilterStatusEnum
Bases: object
BOTH= 'BOTH'
CLOSE= 'CLOSE'
OPEN= 'OPEN'
class SiemplifyDataModel.CaseFilterValue
class SiemplifyDataModel.CaseFilterValue(value, title)
Bases: object
class SiemplifyDataModel.CaseStatus
class SiemplifyDataModel.CaseStatus
Bases: object
CLOSE= 'CLOSE'
OPEN= 'OPEN'
class SiemplifyDataModel.CasesFilter
class SiemplifyDataModel.CasesFilter(environments=None, analysts=None, statuses=None, case_names=None, tags=None, priorities=None, stages=None, case_types=None, products=None, networks=None, ticked_ids_free_search='', case_ids_free_search='', wall_data_free_search='', entities_free_search='', start_time_unix_time_in_ms=-1, end_time_unix_time_in_ms=-1)
Bases: object
class SiemplifyDataModel.ConnectorLogRecord
class SiemplifyDataModel.ConnectorLogRecord(record_type, message, connector_identifier, result_data_type, original_source_file_name=None, result_package_items_count=None, environment=None, source_system_name=None, exception_message=None, integration=None, connector_definition_name=None, timestamp=None)
Bases: object
class SiemplifyDataModel.CustomList
class SiemplifyDataModel.CustomList(identifier, category, environment)
Bases: Base
property is_identifier_mandatory
class SiemplifyDataModel.CyberCase
class SiemplifyDataModel.CyberCase(identifier, creation_time, modification_time, alert_count, priority, is_touched, is_merged, is_important, environment, assigned_user, title, description, status, is_incident, stage, has_suspicious_entity, high_risk_products, is_locked, has_workflow, sla_expiration_unix_time, cyber_alerts, additional_properties)
Bases: CyberCaseInfo
class SiemplifyDataModel.CyberCaseInfo
class SiemplifyDataModel.CyberCaseInfo(identifier, creation_time, modification_time, alert_count, priority, is_touched, is_merged, is_important, assigned_user, title, description, status, environment, is_incident, stage, has_suspicious_entity, high_risk_products, is_locked, has_workflow, sla_expiration_unix_time, additional_properties)
Bases: Base
class SiemplifyDataModel.DomainEntityInfo
class SiemplifyDataModel.DomainEntityInfo(identifier, creation_time, modification_time, case_identifier, alert_identifier, entity_type, is_internal, is_suspicious, is_artifact, is_enriched, is_vulnerable, is_pivot, additional_properties)
Bases: Base
to_dict()
class SiemplifyDataModel.DomainRelationInfo
class SiemplifyDataModel.DomainRelationInfo(identifier, creation_time, modification_time, case_identifier, alert_identifier, security_event_identifier, relation_type, event_id, from_identifier, to_identifier, device_product, device_vendor, event_class_id, severity, start_time, end_time, destination_port, category_outcome, additional_properties, to_type=None, from_type=None)
Bases: Base
class SiemplifyDataModel.EntityTypes
class SiemplifyDataModel.EntityTypes
Bases: object
ADDRESS= 'ADDRESS'
ALERT= 'ALERT'
APPLICATION= 'APPLICATION'
CHILDHASH= 'CHILDHASH'
CHILDPROCESS= 'CHILDPROCESS'
CLUSTER= 'CLUSTER'
CONTAINER= 'CONTAINER'
CREDITCARD= 'CREDITCARD'
CVE= 'CVE'
CVEID= 'CVEID'
DATABASE= 'DATABASE'
DEPLOYMENT= 'DEPLOYMENT'
DESTINATIONDOMAIN= 'DESTINATIONDOMAIN'
DOMAIN= 'DOMAIN'
EMAILMESSAGE= 'EMAILSUBJECT'
EVENT= 'EVENT'
FILEHASH= 'FILEHASH'
FILENAME= 'FILENAME'
GENERIC= 'GENERICENTITY'
HOSTNAME= 'HOSTNAME'
IPSET= 'IPSET'
MACADDRESS= 'MacAddress'
PARENTHASH= 'PARENTHASH'
PARENTPROCESS= 'PARENTPROCESS'
PHONENUMBER= 'PHONENUMBER'
POD= 'POD'
PROCESS= 'PROCESS'
SERVICE= 'SERVICE'
SOURCEDOMAIN= 'SOURCEDOMAIN'
THREATACTOR= 'THREATACTOR'
THREATCAMPAIGN= 'THREATCAMPAIGN'
THREATSIGNATURE= 'THREATSIGNATURE'
URL= 'DestinationURL'
USB= 'USB'
USER= 'USERUNIQNAME'
class SiemplifyDataModel.InsightSeverity
class SiemplifyDataModel.InsightSeverity
Bases: object
ERROR= 2
INFO= 0
WARN= 1
class SiemplifyDataModel.InsightType
class SiemplifyDataModel.InsightType
Bases: object
Entity= 1
General= 0
class SiemplifyDataModel.LogRecordTypeEnum
class SiemplifyDataModel.LogRecordTypeEnum
Bases: object
ERROR= 1
INFO= 0
KEEP_ALIVE= 2
class SiemplifyDataModel.LogRow
class SiemplifyDataModel.LogRow(message, log_level, timestamp)
Bases: object
class SiemplifyDataModel.SecurityEventInfo
class SiemplifyDataModel.SecurityEventInfo(identifier=None, creation_time=None, modification_time=None, case_identifier=None, alert_identifier=None, name=None, description=None, event_id=None, device_severity=None, device_product=None, device_vendor=None, device_version=None, event_class_id=None, severity=None, start_time=None, end_time=None, event_type=None, rule_generator=None, is_correlation=None, device_host_name=None, device_address=None, source_dns_domain=None, source_nt_domain=None, source_host_name=None, source_address=None, source_user_name=None, source_user_id=None, source_process_name=None, destination_dns_domain=None, destination_nt_domain=None, destination_host_name=None, destination_address=None, destination_user_name=None, destination_url=None, destination_port=None, destination_process_name=None, file_name=None, file_hash=None, file_type=None, email_subject=None, usb=None, application_protocol=None, transport_protocol=None, category_outcome=None, signature=None, deployment=None, additional_properties=None, threat_actor=None, source_mac_address=None, destination_mac_address=None, credit_card=None, phone_number=None, cve=None, threat_campaign=None, generic_entity=None, process=None, parent_process=None, parent_hash=None, child_process=None, child_hash=None, source_domain=None, destination_domain=None, ipset=None, cluster=None, application=None, database=None, pod=None, container=None, service=None)
Bases: Base
property is_identifier_mandatory
class SiemplifyDataModel.SyncAlert
class SiemplifyDataModel.SyncAlert(alert_group_id, alert_id, case_id, environment, priority, status, ticket_id, creation_time, close_comment, close_reason, close_root_cause, close_usefulness)
Bases: object
class SiemplifyDataModel.SyncAlertMetadata
class SiemplifyDataModel.SyncAlertMetadata(alert_group_id, tracking_time)
Bases: object
class SiemplifyDataModel.SyncCase
class SiemplifyDataModel.SyncCase(case_id, environment, priority, stage, status, external_case_id, title)
Bases: object
class SiemplifyDataModel.SyncCaseIdMatch
class SiemplifyDataModel.SyncCaseIdMatch(case_id, external_case_id)
Bases: object
This object represents a matching between a Siemplify internal case ID and an
external case ID in an external system.
class SiemplifyDataModel.SyncCaseMetadata
class SiemplifyDataModel.SyncCaseMetadata(case_id, tracking_time)
Bases: object
class SiemplifyDataModel.Task
class SiemplifyDataModel.Task(case_id, content, creator_user_id, due_date_unix_time_ms=None, is_important=False, is_favorite=False, owner_comment=None, priority=0, owner=None, status=0, completion_comment=None, completion_date_time_unix_time_in_ms=None, alert_identifier=None, id=0, title=None, creator_full_name=None, owner_full_name=None, creation_time_unix_time_in_ms=0, modification_time_unix_time_in_ms=0, last_modifier=None, last_modifier_full_name=None, completor=None, completor_full_name=None)
Bases: Base