class msiempy.core.types.NitroList(collections.UserList, NitroObject): (source)
Known subclasses: msiempy.core.query.FilteredQueryList, msiempy.DevTree, msiempy.WatchlistManager
Base class for list objects.
It offers search and other data list actions.
This classe and subclasses fully implements list interface and is suitable for list operations, see: https://docs.python.org/3/library/stdtypes.html#sequence-types-list-tuple-range
Concrete classes have to cast the list items in their __init__ method !
Subclassing requirements: Subclasses of UserList are expected to offer a constructor which can be called with either no arguments or one argument. List operations which return a new sequence attempt to create an instance of the actual implementation class. To do so, it assumes that the constructor can be called with a single parameter, which is a sequence object used as a data source. If a derived class does not wish to comply with this requirement, all of the special methods supported by this class will need to be overridden; please consult the sources for information about the methods which need to be provided in that case. See: https://docs.python.org/3.8/library/collections.html?highlight=userdict#userlist-objects
| Instance Variable | data | Underlying list object |
| Method | __init__ | Create a new list |
| Method | __str__ | str(obj) -> return text string. |
| Method | keys | List items keys. Every items should have the same set of keys. |
| Method | get_text | Return a csv or table string representation of the list |
| Method | text | Defaut table string, a shorcut to get_text() with no arguments. |
| Method | json | JSON list of dicts representing the list. |
| Method | search | Search elements in the list with a regex pattern |
| Method | refresh | Execute refresh function on all items. |
| Method | perform | Wrapper to execute a function on the list of elements |
| Static Method | _confirm_func | Ask user inut to confirm the calling of func on elements. |
Inherited from NitroObject:
| Class | NitroJSONEncoder | Custom JSON encoder that will use the approprtiate propertie depending of the type of NitroObject. TODO support json json dumping of QueryFilers, may be by making them inherits from NitroDict. |
| Instance Variable | nitro | msiempy.core.session.NitroSession object. Interface to the SIEM. |
list objectCreate a new list
alist: list object to wrap.Return a csv or table string representation of the list
fields (lis[str]): list of fields you want in the table. If None : default fields are returned by .keys attribute and sorted.max_column_width (int): when using prettytable onlyget_text_nest_attr (dict): attributes passed to the nested msiempy.core.types.NitroList.get_text elements if any. Useful to control events appearence.get_text() with no arguments.Search elements in the list with a regex pattern
term (str): String regex pattern to look for in the list items values. More on regex https://docs.python.org/3/library/re.html#re.Pattern.searchinvert (bool): Weither or not to invert the search and return elements that doesn't not match search.fields (list[str]): Dictionnary fields to consider in the search, all keys are considered by default. Patterns are compared to str representation of values.If you wish to apply non-regex filters to, use filter() or list comprehension:
[e for e in events if int(e['severity']) > 50]
Exemple:
>>> from msiempy import WatchlistManager >>> wl_list = WatchlistManager() >>> wl_ip_list = wl_list.search("IPAddress", fields=["type"]) >>> print(len(wl_ip_list)) 2 # There is two "IPAddress" watchlists
Wrapper to execute a function on the list of elements
func (callable): Function. func is going to be called like func(item, **func_args) on all items in data.data (list): Choose a custom list to execute the function on (Default value = list(self))func_args (dict): arguments that will be passed by default to func in all calls.confirm (bool): will ask interactively confirmation.asynch (bool): execute the task asynchronously with concurrent.futures.ThreadPoolExecutor. Carefull not to nest 2 asynchronous executions within eachother, it will be a mess.workers (int): number of parrallel tasks, mandatory if asynch is true.progress (bool): to show progress bar with ETA (tqdm).message (str): To show to the user.This method is where the core of asynchronous tasks resides. func will be executed on all data elements.
Basically, if asynch==True, will return:
returned=list(concurrent.futures.ThreadPoolExecutor(
max_workers=workers ).map(
func, data))
if asynch==False, will iterate and return:
for index_or_item in data:
returned.append(func(index_or_item))
list of returned results.func on elements.