msiempy.Watchlist

class documentation

class msiempy.Watchlist(NitroDict): (source)

View In Hierarchy

Dict-Like object. Represent a ESM Watchlist.

Dictionary keys:
  • name: The name of the watchlist
  • type: The watchlist type
  • customType: The watchlist custom type (custom field)
  • dynamic: Whether this watchlist is dynamic
  • hidden: Whether this watchlist is hidden
  • scored: Whether this watchlist has a scoring component (GTI for example)
  • valueCount: The number of values in this watchlist
  • active: Whether this watchlist is a active
  • errorMsg: The error message, if there is one associated with this watchlist
  • source: source
  • id: The id of the watchlist
  • values: values
  • And others, see SIEM API docs
Note:
Complete list of watchlist fields is loaded once load_details is called.
See:
Object WatchlistManager
Method __init__ Create a new Watchlist object from parameters or ID.
Method add_values Add values to static watchlist.
Method remove_values Remove values from static watchlist.
Method data_from_id Retrieve watchlist data from given ID.
Method load_details Load Watchlist details.
Method refresh Load Watchlist details. Same as load_details()
Method load_values Load Watchlist values into the values Watchlist dict key.
Method get_id Returns: int: The Watchlist ID.

Inherited from NitroDict:

Instance Variable data Underlying dict object
Method __str__ str(obj) -> return text string.
Method __repr__ repr(obj) -> return json string.
Method json JSON representation of a item
Method text Text list of item's values

Inherited from NitroObject (via NitroDict):

Class NitroJSONEncoder Custom JSON encoder that will use the approprtiate propertie depending of the type of NitroObject. TODO support json json dumping of QueryFilers, may be by making them inherits from NitroDict.
Instance Variable nitro msiempy.core.session.NitroSession object. Interface to the SIEM.
def __init__(self, *args, **kwargs): (source)
overrides msiempy.core.types.NitroDict.__init__

Create a new Watchlist object from parameters or ID.

Arguments:
  • adict (dict): Watchlist dict parameters
  • id (str): The watchlist ID to instanciate. Will load informations for the SIEM.
def add_values(self, values): (source)

Add values to static watchlist.

Arguments:
  • values (list): list of values
def remove_values(self, values): (source)

Remove values from static watchlist.

Arguments:
  • values (list): list of values
def data_from_id(self, id): (source)
overrides msiempy.core.types.NitroDict.data_from_id

Retrieve watchlist data from given ID.

Arguments:
  • id (str): watchlist ID
Returns:
dict: The watchlist paramaters
def load_details(self): (source)
Load Watchlist details.
def refresh(self): (source)
overrides msiempy.core.types.NitroObject.refresh
Load Watchlist details. Same as load_details()
def load_values(self): (source)

Load Watchlist values into the values Watchlist dict key.

Raises:
KeyError if watchlist invalid.
Note:
Uses the internal API method SYS_GETWATCHLISTDETAILS
def get_id(self): (source)
overrides msiempy.core.types.NitroDict.get_id
Returns:
int: The Watchlist ID.
API Documentation for msiempy, generated by pydoctor 20.7.1 at 2020-11-18 14:02:21.