List-Like object. Summary of ESM watchlists.
>>> from msiempy import WatchlistManager >>> wl_list = WatchlistManager() >>> wl = wl_list.search('test_Watchlist')[0] >>> wl.add_values(['1.1.1.2', '2.2.2.1', '3.3.3.1'])
Watchlist| Method | __init__ | Initialize the watchlist manager. |
| Instance Variable | data | Undocumented |
| Method | load_details | Load the details of existing watchlists. |
| Method | refresh | Reloads the watchlist summary. |
| Method | add | Create a static watchlist. |
| Method | remove | Remove watchlist(s). |
| Method | get_wl_types | Get a list of watchlist types. |
| Method | _init_watchlist_summary | Loads the watchlist summary. |
Inherited from NitroList:
| Method | __str__ | str(obj) -> return text string. |
| Method | keys | List items keys. Every items should have the same set of keys. |
| Method | get_text | Return a csv or table string representation of the list |
| Method | text | Defaut table string, a shorcut to get_text() with no arguments. |
| Method | json | JSON list of dicts representing the list. |
| Method | search | Search elements in the list with a regex pattern |
| Method | perform | Wrapper to execute a function on the list of elements |
| Static Method | _confirm_func | Ask user inut to confirm the calling of func on elements. |
Inherited from NitroObject (via NitroList):
| Class | NitroJSONEncoder | Custom JSON encoder that will use the approprtiate propertie depending of the type of NitroObject. TODO support json json dumping of QueryFilers, may be by making them inherits from NitroDict. |
| Instance Variable | nitro | msiempy.core.session.NitroSession object. Interface to the SIEM. |
Create a static watchlist.
msiempy.watchlist.WatchlistManager.get_wl_types
Most common types are: "IPAddress", "Hash", "SHA1", "DSIDSigID", "Port", "MacAddress", "NormID", "AppID", "CommandID", "DomainID", "HostID", "ObjectID", "Filename", "File_Hash".Remove watchlist(s).
wl_id_list (list[int]): list of watchlist IDs. Example: [1, 2, 3].