Skip to content

Endpoints

thehive4py.endpoints

alert

AlertEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
create(alert, attachment_map=None)

Create an alert.

Parameters:

Name Type Description Default
alert InputAlert

The body of the alert.

 required
attachment_map Optional[Dict[str, str]]

An optional mapping of observable attachment keys and paths.

 None

Returns:

Type Description
OutputAlert

The created alert.
Source code in thehive4py/endpoints/alert.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
def create(
    self, alert: InputAlert, attachment_map: Optional[Dict[str, str]] = None
) -> OutputAlert:
    """Create an alert.

    Args:
        alert: The body of the alert.
        attachment_map: An optional mapping of observable attachment keys and paths.

    Returns:
        The created alert.
    """
    if attachment_map:
        files: Dict[str, Any] = {
            key: self._fileinfo_from_filepath(path)
            for key, path in attachment_map.items()
        }
        files["_json"] = jsonlib.dumps(alert)
        kwargs: dict = {"files": files}
    else:
        kwargs = {"json": alert}
    return self._session.make_request("POST", path="/api/v1/alert", **kwargs)
get(alert_id)

Get an alert by id.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required

Returns:

Type Description
OutputAlert

The alert specified by the id.
Source code in thehive4py/endpoints/alert.py 
48
49
50
51
52
53
54
55
56
57
58
def get(self, alert_id: str) -> OutputAlert:
    """Get an alert by id.

    Args:
        alert_id: The id of the alert.

    Returns:
        The alert specified by the id.
    """

    return self._session.make_request("GET", path=f"/api/v1/alert/{alert_id}")
delete(alert_id)

Delete an alert.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/alert.py 
60
61
62
63
64
65
66
67
68
69
def delete(self, alert_id: str) -> None:
    """Delete an alert.

    Args:
        alert_id: The id of the alert.

    Returns:
        N/A
    """
    return self._session.make_request("DELETE", path=f"/api/v1/alert/{alert_id}")
update(alert_id, fields)

Update an alert.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
fields InputUpdateAlert

The fields of the alert to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/alert.py 
71
72
73
74
75
76
77
78
79
80
81
82
83
def update(self, alert_id: str, fields: InputUpdateAlert) -> None:
    """Update an alert.

    Args:
        alert_id: The id of the alert.
        fields: The fields of the alert to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path=f"/api/v1/alert/{alert_id}", json=fields
    )
bulk_update(fields)

Update multiple alerts with the same values.

Parameters:

Name Type Description Default
fields InputBulkUpdateAlert

The ids and the fields of the alerts to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/alert.py 
85
86
87
88
89
90
91
92
93
94
95
96
def bulk_update(self, fields: InputBulkUpdateAlert) -> None:
    """Update multiple alerts with the same values.

    Args:
        fields: The ids and the fields of the alerts to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path="/api/v1/alert/_bulk", json=fields
    )
promote_to_case(alert_id, fields={})

Promote an alert into a case.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
fields InputPromoteAlert

Override for the fields of the case created from the alert.

 {}

Returns:

Type Description
OutputCase

The case from the promoted alert.
Source code in thehive4py/endpoints/alert.py 
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
def promote_to_case(
    self, alert_id: str, fields: InputPromoteAlert = {}
) -> OutputCase:
    """Promote an alert into a case.

    Args:
        alert_id: The id of the alert.
        fields: Override for the fields of the case created from the alert.

    Returns:
        The case from the promoted alert.
    """
    return self._session.make_request(
        "POST",
        path=f"/api/v1/alert/{alert_id}/case",
        json=fields,
    )
follow(alert_id)

Follow an alert.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/alert.py 
116
117
118
119
120
121
122
123
124
125
def follow(self, alert_id: str) -> None:
    """Follow an alert.

    Args:
        alert_id: The id of the alert.

    Returns:
        N/A
    """
    self._session.make_request("POST", path=f"/api/v1/alert/{alert_id}/follow")
unfollow(alert_id)

Unfollow an alert.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/alert.py 
127
128
129
130
131
132
133
134
135
136
def unfollow(self, alert_id: str) -> None:
    """Unfollow an alert.

    Args:
        alert_id: The id of the alert.

    Returns:
        N/A
    """
    self._session.make_request("POST", path=f"/api/v1/alert/{alert_id}/unfollow")
merge_into_case(alert_id, case_id)

Merge an alert into an existing case.

Parameters:

Name Type Description Default
alert_id str

The id of the alert to merge.

 required
case_id str

The id of the case to merge the alert into.

 required

Returns:

Type Description
OutputCase

The case into which the alert was merged.
Source code in thehive4py/endpoints/alert.py 
138
139
140
141
142
143
144
145
146
147
148
149
150
def merge_into_case(self, alert_id: str, case_id: str) -> OutputCase:
    """Merge an alert into an existing case.

    Args:
        alert_id: The id of the alert to merge.
        case_id: The id of the case to merge the alert into.

    Returns:
        The case into which the alert was merged.
    """
    return self._session.make_request(
        "POST", path=f"/api/v1/alert/{alert_id}/merge/{case_id}"
    )
import_into_case(alert_id, case_id)

Import alert observables and procedures into an existing case.

Parameters:

Name Type Description Default
alert_id str

The id of the alert to merge.

 required
case_id str

The id of the case to merge the alert into.

 required

Returns:

Type Description
OutputCase

The case into which the alert observables/procedures were imported.
Source code in thehive4py/endpoints/alert.py 
152
153
154
155
156
157
158
159
160
161
162
163
164
def import_into_case(self, alert_id: str, case_id: str) -> OutputCase:
    """Import alert observables and procedures into an existing case.

    Args:
        alert_id: The id of the alert to merge.
        case_id: The id of the case to merge the alert into.

    Returns:
        The case into which the alert observables/procedures were imported.
    """
    return self._session.make_request(
        "POST", path=f"/api/v1/alert/{alert_id}/import/{case_id}"
    )
bulk_merge_into_case(case_id, alert_ids)

Merge an alert into an existing case.

Parameters:

Name Type Description Default
case_id str

The id of the case to merge the alerts into.

 required
alert_ids List[str]

The list of alert ids to merge.

 required

Returns:

Type Description
OutputCase

The case into which the alerts were merged.
Source code in thehive4py/endpoints/alert.py 
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
def bulk_merge_into_case(self, case_id: str, alert_ids: List[str]) -> OutputCase:
    """Merge an alert into an existing case.

    Args:
        case_id: The id of the case to merge the alerts into.
        alert_ids: The list of alert ids to merge.

    Returns:
        The case into which the alerts were merged.
    """
    return self._session.make_request(
        "POST",
        path="/api/v1/alert/merge/_bulk",
        json={"caseId": case_id, "alertIds": alert_ids},
    )
bulk_delete(ids)

Delete multiple alerts.

Parameters:

Name Type Description Default
ids List[str]

The ids of the alerts to delete.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/alert.py 
182
183
184
185
186
187
188
189
190
191
192
193
def bulk_delete(self, ids: List[str]) -> None:
    """Delete multiple alerts.

    Args:
        ids: The ids of the alerts to delete.

    Returns:
        N/A
    """
    return self._session.make_request(
        "POST", path="/api/v1/alert/delete/_bulk", json={"ids": ids}
    )
get_similar_observables(alert_id, alert_or_case_id)

Get similar observables between an alert and another alert or case.

Parameters:

Name Type Description Default
alert_id str

The id of the alert to use as base for observable similarity.

 required
alert_or_case_id str

The id of the alert/case to get similar observables from.

 required

Returns:

Type Description
List[OutputObservable]

The list of similar observables.
Source code in thehive4py/endpoints/alert.py 
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
def get_similar_observables(
    self, alert_id: str, alert_or_case_id: str
) -> List[OutputObservable]:
    """Get similar observables between an alert and another alert or case.

    Args:
        alert_id: The id of the alert to use as base for observable similarity.
        alert_or_case_id: The id of the alert/case to get similar observables from.

    Returns:
        The list of similar observables.
    """
    return self._session.make_request(
        "GET",
        path=f"/api/v1/alert/{alert_id}/similar/{alert_or_case_id}/observables",
    )
add_attachment(alert_id, attachment_paths, can_rename=True)

Create an attachment in an alert.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
attachment_paths List[str]

List of paths to the attachments to create.

 required
can_rename bool

If set to True, the files can be renamed if they already exist with the same name.

 True

Returns:

Type Description
List[OutputAttachment]

The created alert attachments.
Source code in thehive4py/endpoints/alert.py 
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
def add_attachment(
    self,
    alert_id: str,
    attachment_paths: List[str],
    can_rename: bool = True,
) -> List[OutputAttachment]:
    """Create an attachment in an alert.

    Args:
        alert_id: The id of the alert.
        attachment_paths: List of paths to the attachments to create.
        can_rename: If set to True, the files can be renamed if they already exist
            with the same name.

    Returns:
        The created alert attachments.
    """
    files = [
        ("attachments", self._fileinfo_from_filepath(attachment_path))
        for attachment_path in attachment_paths
    ]
    return self._session.make_request(
        "POST",
        f"/api/v1/alert/{alert_id}/attachments",
        data={"canRename": can_rename},
        files=files,
    )["attachments"]
delete_attachment(alert_id, attachment_id)

Delete an alert attachment.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
attachment_id str

The id of the alert attachment.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/alert.py 
240
241
242
243
244
245
246
247
248
249
250
251
252
253
def delete_attachment(self, alert_id: str, attachment_id: str) -> None:
    """Delete an alert attachment.

    Args:
        alert_id: The id of the alert.
        attachment_id: The id of the alert attachment.

    Returns:
        N/A
    """

    return self._session.make_request(
        "DELETE", path=f"/api/v1/alert/{alert_id}/attachment/{attachment_id}"
    )
download_attachment(alert_id, attachment_id, attachment_path)

Download an alert attachment.

Warning

Deprecated: use organisation.download_attachment instead

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
attachment_id str

The id of the alert attachment.

 required
attachment_path str

The local path to download the attachment to.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/alert.py 
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
def download_attachment(
    self, alert_id: str, attachment_id: str, attachment_path: str
) -> None:
    """Download an alert attachment.

    !!! warning
        Deprecated: use [organisation.download_attachment]
        [thehive4py.endpoints.organisation.OrganisationEndpoint.download_attachment]
        instead

    Args:
        alert_id: The id of the alert.
        attachment_id: The id of the alert attachment.
        attachment_path: The local path to download the attachment to.

    Returns:
        N/A
    """

    warnings.warn(
        message=(
            "Deprecated: use the organisation.download_attachment method instead"
        ),
        category=DeprecationWarning,
        stacklevel=2,
    )
    return self._session.make_request(
        "GET",
        path=f"/api/v1/alert/{alert_id}/attachment/{attachment_id}/download",
        download_path=attachment_path,
    )
create_observable(alert_id, observable, observable_path=None)

Create an observable in an alert.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
observable InputObservable

The fields of the observable to create.

 required
observable_path Optional[str]

Optional path in case of a file based observable.

 None

Returns:

Type Description
List[OutputObservable]

The created alert observables.
Source code in thehive4py/endpoints/alert.py 
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
def create_observable(
    self,
    alert_id: str,
    observable: InputObservable,
    observable_path: Optional[str] = None,
) -> List[OutputObservable]:
    """Create an observable in an alert.

    Args:
        alert_id: The id of the alert.
        observable: The fields of the observable to create.
        observable_path: Optional path in case of a file based observable.

    Returns:
        The created alert observables.
    """

    kwargs = self._build_observable_kwargs(
        observable=observable, observable_path=observable_path
    )
    return self._session.make_request(
        "POST", path=f"/api/v1/alert/{alert_id}/observable", **kwargs
    )
find(filters=None, sortby=None, paginate=None)

Find multiple alerts.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputAlert]

The list of alerts matched by the query or an empty list.
Source code in thehive4py/endpoints/alert.py 
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
def find(
    self,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputAlert]:
    """Find multiple alerts.

    Args:
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of alerts matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "listAlert"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "alerts"},
        json={"query": query},
    )
count(filters=None)

Count alerts.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None

Returns:

Type Description
int

The count of alerts matched by the query.
Source code in thehive4py/endpoints/alert.py 
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
def count(self, filters: Optional[FilterExpr] = None) -> int:
    """Count alerts.

    Args:
        filters: The filter expressions to apply in the query.

    Returns:
        The count of alerts matched by the query.
    """

    query: QueryExpr = [
        {"_name": "listAlert"},
        *self._build_subquery(filters=filters),
        {"_name": "count"},
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "alerts.count"},
        json={"query": query},
    )
find_observables(alert_id, filters=None, sortby=None, paginate=None)

Find observables related to an alert.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputObservable]

The list of alert observables matched by the query or an empty list.
Source code in thehive4py/endpoints/alert.py 
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
def find_observables(
    self,
    alert_id: str,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputObservable]:
    """Find observables related to an alert.

    Args:
        alert_id: The id of the alert.
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of alert observables matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "getAlert", "idOrName": alert_id},
        {"_name": "observables"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]
    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "alert-observables"},
        json={"query": query},
    )
find_comments(alert_id, filters=None, sortby=None, paginate=None)

Find comments related to an alert.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputComment]

The list of alert comments matched by the query or an empty list.
Source code in thehive4py/endpoints/alert.py 
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
def find_comments(
    self,
    alert_id: str,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputComment]:
    """Find comments related to an alert.

    Args:
        alert_id: The id of the alert.
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of alert comments matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "getAlert", "idOrName": alert_id},
        {"_name": "comments"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]
    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "alert-comments"},
        json={"query": query},
    )
create_procedure(alert_id, procedure)

Create an alert procedure.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
procedure InputProcedure

The fields of the procedure to create.

 required

Returns:

Type Description
OutputProcedure

The created alert procedure.
Source code in thehive4py/endpoints/alert.py 
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
def create_procedure(
    self, alert_id: str, procedure: InputProcedure
) -> OutputProcedure:
    """Create an alert procedure.

    Args:
        alert_id: The id of the alert.
        procedure: The fields of the procedure to create.

    Returns:
        The created alert procedure.
    """
    return self._session.make_request(
        "POST", path=f"/api/v1/alert/{alert_id}/procedure", json=procedure
    )
find_procedures(alert_id, filters=None, sortby=None, paginate=None)

Find procedures related to an alert.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputProcedure]

The list of alert procedures matched by the query or an empty list.
Source code in thehive4py/endpoints/alert.py 
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
def find_procedures(
    self,
    alert_id: str,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputProcedure]:
    """Find procedures related to an alert.

    Args:
        alert_id: The id of the alert.
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of alert procedures matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "getAlert", "idOrName": alert_id},
        {"_name": "procedures"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "alert-procedures"},
        json={"query": query},
    )
find_attachments(alert_id, filters=None, sortby=None, paginate=None)

Find attachments related to an alert.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputAttachment]

The list of alert attachments matched by the query or an empty list.
Source code in thehive4py/endpoints/alert.py 
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
def find_attachments(
    self,
    alert_id: str,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputAttachment]:
    """Find attachments related to an alert.

    Args:
        alert_id: The id of the alert.
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of alert attachments matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "getAlert", "idOrName": alert_id},
        {"_name": "attachments"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]
    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "alert-attachments"},
        json={"query": query},
    )

case

CaseId = Union[str, int] module-attribute

CaseEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
create(case)

Create a case.

Parameters:

Name Type Description Default
case InputCase

The body of the case.

 required

Returns:

Type Description
OutputCase

The created case.
Source code in thehive4py/endpoints/case.py 
42
43
44
45
46
47
48
49
50
51
def create(self, case: InputCase) -> OutputCase:
    """Create a case.

    Args:
        case: The body of the case.

    Returns:
        The created case.
    """
    return self._session.make_request("POST", path="/api/v1/case", json=case)
get(case_id)

Get a case by id.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required

Returns:

Type Description
OutputCase

The case specified by the id.
Source code in thehive4py/endpoints/case.py 
53
54
55
56
57
58
59
60
61
62
def get(self, case_id: CaseId) -> OutputCase:
    """Get a case by id.

    Args:
        case_id: The id of the case.

    Returns:
        The case specified by the id.
    """
    return self._session.make_request("GET", path=f"/api/v1/case/{case_id}")
delete(case_id)

Delete a case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
64
65
66
67
68
69
70
71
72
73
def delete(self, case_id: CaseId) -> None:
    """Delete a case.

    Args:
        case_id: The id of the case.

    Returns:
        N/A
    """
    self._session.make_request("DELETE", path=f"/api/v1/case/{case_id}")
update(case_id, fields={}, **kwargs)

Update a case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
fields Optional[InputUpdateCase]

The fields of the case to update.

 {}

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
def update(
    self, case_id: CaseId, fields: Optional[InputUpdateCase] = {}, **kwargs
) -> None:
    """Update a case.

    Args:
        case_id: The id of the case.
        fields: The fields of the case to update.

    Returns:
        N/A
    """

    if not fields:
        if "case" not in kwargs:
            raise TheHiveError(
                f"Unrecognized keyword arguments: {list(kwargs.keys())}. "
                "Please use the `fields` argument to supply case update values."
            )
        warnings.warn(
            message="The `case` argument has been deprecated to follow the same "
            "convention like other update methods. Please use the `fields` "
            "argument to prevent breaking changes in the future.",
            category=DeprecationWarning,
            stacklevel=2,
        )
        fields = kwargs["case"]

    return self._session.make_request(
        "PATCH", path=f"/api/v1/case/{case_id}", json=fields
    )
bulk_update(fields)

Update multiple cases with the same values.

Parameters:

Name Type Description Default
fields InputBulkUpdateCase

The ids and the fields of the cases to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
107
108
109
110
111
112
113
114
115
116
117
118
def bulk_update(self, fields: InputBulkUpdateCase) -> None:
    """Update multiple cases with the same values.

    Args:
        fields: The ids and the fields of the cases to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path="/api/v1/case/_bulk", json=fields
    )
merge(case_ids)

Merge multiple cases into one final case.

Parameters:

Name Type Description Default
case_ids Sequence[CaseId]

The ids of the cases to merge.

 required

Returns:

Type Description
OutputCase

The merged case.
Source code in thehive4py/endpoints/case.py 
120
121
122
123
124
125
126
127
128
129
130
131
132
def merge(self, case_ids: Sequence[CaseId]) -> OutputCase:
    """Merge multiple cases into one final case.

    Args:
        case_ids: The ids of the cases to merge.

    Returns:
        The merged case.
    """
    case_id_subpath = ",".join([str(case_id) for case_id in case_ids])
    return self._session.make_request(
        "POST", path=f"/api/v1/case/_merge/{case_id_subpath}"
    )

Unlink an alert from a case.

Parameters:

Name Type Description Default
case_id str

The id of the case to unlink the alert from.

 required
alert_id str

The id of the alert to unlink.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
134
135
136
137
138
139
140
141
142
143
144
145
146
def unlink_alert(self, case_id: str, alert_id: str) -> None:
    """Unlink an alert from a case.

    Args:
        case_id: The id of the case to unlink the alert from.
        alert_id: The id of the alert to unlink.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE", path=f"/api/v1/case/{case_id}/alert/{alert_id}"
    )
merge_similar_observables(case_id)

Merge similar observables of a case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case to merge similar observables for.

 required

Returns:

Type Description
OutputCaseObservableMerge

The metadata of the observable merge operation.
Source code in thehive4py/endpoints/case.py 
148
149
150
151
152
153
154
155
156
157
158
159
def merge_similar_observables(self, case_id: CaseId) -> OutputCaseObservableMerge:
    """Merge similar observables of a case.

    Args:
        case_id: The id of the case to merge similar observables for.

    Returns:
        The metadata of the observable merge operation.
    """
    return self._session.make_request(
        "POST", path=f"/api/v1/case/{case_id}/observable/_merge"
    )
get_linked_cases(case_id)

Get other cases linked to a case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case to get linked cases for.

 required

Returns:

Type Description
List[OutputCaseLink]

The list of linked cases.
Source code in thehive4py/endpoints/case.py 
161
162
163
164
165
166
167
168
169
170
def get_linked_cases(self, case_id: CaseId) -> List[OutputCaseLink]:
    """Get other cases linked to a case.

    Args:
        case_id: The id of the case to get linked cases for.

    Returns:
        The list of linked cases.
    """
    return self._session.make_request("GET", path=f"/api/v1/case/{case_id}/links")
delete_custom_field(custom_field_id)

Delete a custom field from a case.

Parameters:

Name Type Description Default
custom_field_id str

The id of the specific custom field to delete from a case.

 required
Retruns

N/A

Source code in thehive4py/endpoints/case.py 
172
173
174
175
176
177
178
179
180
181
182
183
def delete_custom_field(self, custom_field_id: str) -> None:
    """Delete a custom field from a case.

    Args:
        custom_field_id: The id of the specific custom field to delete from a case.

    Retruns:
        N/A
    """
    return self._session.make_request(
        "DELETE", path=f"/api/v1/case/customField/{custom_field_id}"
    )
import_from_file(import_case, import_path)

Import a case from a .thar archive file.

Parameters:

Name Type Description Default
import_case InputImportCase

The metadata of the case import.

 required
import_path str

The filepath to the .thar archive.

 required

Returns:

Type Description
OutputImportCase

The metadata of the case import operation.
Source code in thehive4py/endpoints/case.py 
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
def import_from_file(
    self, import_case: InputImportCase, import_path: str
) -> OutputImportCase:
    """Import a case from a .thar archive file.

    Args:
        import_case: The metadata of the case import.
        import_path: The filepath to the .thar archive.

    Returns:
        The metadata of the case import operation.
    """
    return self._session.make_request(
        "POST",
        path="/api/v1/case/import",
        data={"_json": jsonlib.dumps(import_case)},
        files={"file": self._fileinfo_from_filepath(import_path)},
    )
export_to_file(case_id, password, export_path)

Export a case to a .thar archive file.

The file can be used to import the case in an other TheHive instance

Parameters:

Name Type Description Default
case_id CaseId

The id of the case to export.

 required
password str

The password to encrypt the .thar file with.

 required
export_path str

The filepath to save the case export to.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
def export_to_file(self, case_id: CaseId, password: str, export_path: str) -> None:
    """Export a case to a .thar archive file.

    The file can be used to import the case in an other TheHive instance

    Args:
        case_id: The id of the case to export.
        password: The password to encrypt the .thar file with.
        export_path: The filepath to save the case export to.

    Returns:
        N/A
    """
    return self._session.make_request(
        "GET",
        path=f"/api/v1/case/{case_id}/export",
        params={"password": password},
        download_path=export_path,
    )
apply_case_template(fields)

Retroactively apply a case template on a case.

Parameters:

Name Type Description Default
fields InputApplyCaseTemplate

The metadata of the case template apply operation.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
224
225
226
227
228
229
230
231
232
233
234
235
def apply_case_template(self, fields: InputApplyCaseTemplate) -> None:
    """Retroactively apply a case template on a case.

    Args:
        fields: The metadata of the case template apply operation.

    Returns:
        N/A
    """
    return self._session.make_request(
        "POST", "/api/v1/case/_bulk/caseTemplate", json=fields
    )
change_owner_organisation(case_id, fields)

Update the current owner of the case.

Beware, the current organisation could lose access to the case if no profile is set.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
fields InputCaseOwnerOrganisation

The metadata of the case owner organisation.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
def change_owner_organisation(
    self, case_id: CaseId, fields: InputCaseOwnerOrganisation
) -> None:
    """Update the current owner of the case.

    Beware, the current organisation could lose access to the case
    if no profile is set.

    Args:
        case_id: The id of the case.
        fields: The metadata of the case owner organisation.

    Returns:
        N/A
    """
    return self._session.make_request(
        "POST", f"/api/v1/case/{case_id}/owner", json=fields
    )
manage_access(case_id, fields)

Make a case private or public and manage the selected users.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
fields InputCaseAccess

The metadata of the case access.

 required
Source code in thehive4py/endpoints/case.py 
256
257
258
259
260
261
262
263
264
265
def manage_access(self, case_id: CaseId, fields: InputCaseAccess) -> None:
    """Make a case private or public and manage the selected users.

    Args:
        case_id: The id of the case.
        fields: The metadata of the case access.
    """
    return self._session.make_request(
        "POST", f"/api/v1/case/{case_id}/access", json=fields
    )
get_similar_observables(case_id, alert_or_case_id)

Get similar observables between a case and another case or alert.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case to use as base for observable similarity.

 required
alert_or_case_id str

The id of the alert/case to get similar observables from.

 required

Returns:

Type Description
List[OutputObservable]

The list of similar observables.
Source code in thehive4py/endpoints/case.py 
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
def get_similar_observables(
    self, case_id: CaseId, alert_or_case_id: str
) -> List[OutputObservable]:
    """Get similar observables between a case and another case or alert.

    Args:
        case_id: The id of the case to use as base for observable similarity.
        alert_or_case_id: The id of the alert/case to get similar observables from.

    Returns:
        The list of similar observables.
    """
    return self._session.make_request(
        "GET", path=f"/api/v1/case/{case_id}/similar/{alert_or_case_id}/observables"
    )

Add link with another case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case to link.

 required
fields InputCaseLink

The metadata of the case link.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
283
284
285
286
287
288
289
290
291
292
293
294
295
def link_case(self, case_id: CaseId, fields: InputCaseLink) -> None:
    """Add link with another case.

    Args:
        case_id: The id of the case to link.
        fields: The metadata of the case link.

    Returns:
        N/A
    """
    return self._session.make_request(
        "POST", f"/api/v1/case/{case_id}/link/case/add", json=fields
    )

Add link with an external URL.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case to link.

 required
fields InputURLLink

The metadata of the URL link.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
297
298
299
300
301
302
303
304
305
306
307
308
309
def link_url(self, case_id: CaseId, fields: InputURLLink) -> None:
    """Add link with an external URL.

    Args:
        case_id: The id of the case to link.
        fields: The metadata of the URL link.

    Returns:
        N/A
    """
    return self._session.make_request(
        "POST", f"/api/v1/case/{case_id}/link/external/add", json=fields
    )

Delete link with an another case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case to unlink.

 required
fields InputCaseLink

The metadata of the existing case link.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
311
312
313
314
315
316
317
318
319
320
321
322
323
def delete_case_link(self, case_id: CaseId, fields: InputCaseLink) -> None:
    """Delete link with an another case.

    Args:
        case_id: The id of the case to unlink.
        fields: The metadata of the existing case link.

    Returns:
        N/A
    """
    return self._session.make_request(
        "POST", f"/api/v1/case/{case_id}/link/case/remove", json=fields
    )

Delete link with an external URL.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case to unlink.

 required
fields InputURLLink

The metadata of the existing case link.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
325
326
327
328
329
330
331
332
333
334
335
336
337
def delete_url_link(self, case_id: CaseId, fields: InputURLLink) -> None:
    """Delete link with an external URL.

    Args:
        case_id: The id of the case to unlink.
        fields: The metadata of the existing case link.

    Returns:
        N/A
    """
    return self._session.make_request(
        "POST", f"/api/v1/case/{case_id}/link/external/remove", json=fields
    )

Get all link types.

Returns:

Type Description
List[str]

The list of all link types.
Source code in thehive4py/endpoints/case.py 
339
340
341
342
343
344
345
346
def get_link_types(self) -> List[str]:
    """Get all link types.

    Returns:
        The list of all link types.

    """
    return self._session.make_request("GET", "/api/v1/case/link/types")
get_timeline(case_id)

Get the timeline of a case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case with the timeline.

 required

Returns:

Type Description
OutputTimeline

The case timeline.
Source code in thehive4py/endpoints/case.py 
348
349
350
351
352
353
354
355
356
357
def get_timeline(self, case_id: CaseId) -> OutputTimeline:
    """Get the timeline of a case.

    Args:
        case_id: The id of the case with the timeline.

    Returns:
        The case timeline.
    """
    return self._session.make_request("GET", f"/api/v1/case/{case_id}/timeline")
add_attachment(case_id, attachment_paths)

Create an attachment in a case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
attachment_paths List[str]

List of paths to the attachments to create.

 required

Returns:

Type Description
List[OutputAttachment]

The created case attachments.
Source code in thehive4py/endpoints/case.py 
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
def add_attachment(
    self, case_id: CaseId, attachment_paths: List[str]
) -> List[OutputAttachment]:
    """Create an attachment in a case.

    Args:
        case_id: The id of the case.
        attachment_paths: List of paths to the attachments to create.

    Returns:
        The created case attachments.
    """

    files = [
        ("attachments", self._fileinfo_from_filepath(attachment_path))
        for attachment_path in attachment_paths
    ]
    return self._session.make_request(
        "POST", f"/api/v1/case/{case_id}/attachments", files=files
    )["attachments"]
download_attachment(case_id, attachment_id, attachment_path)

Download a case attachment.

Warning

Deprecated: use organisation.download_attachment instead

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
attachment_id str

The id of the case attachment.

 required
attachment_path str

The local path to download the attachment to.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
def download_attachment(
    self, case_id: CaseId, attachment_id: str, attachment_path: str
) -> None:
    """Download a case attachment.

    !!! warning
        Deprecated: use [organisation.download_attachment]
        [thehive4py.endpoints.organisation.OrganisationEndpoint.download_attachment]
        instead

    Args:
        case_id: The id of the case.
        attachment_id: The id of the case attachment.
        attachment_path: The local path to download the attachment to.

    Returns:
        N/A
    """
    warnings.warn(
        message=(
            "Deprecated: use the organisation.download_attachment method instead"
        ),
        category=DeprecationWarning,
        stacklevel=2,
    )
    return self._session.make_request(
        "GET",
        path=f"/api/v1/case/{case_id}/attachment/{attachment_id}/download",
        download_path=attachment_path,
    )
delete_attachment(case_id, attachment_id)

Delete a case attachment.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
attachment_id str

The id of the case attachment.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
411
412
413
414
415
416
417
418
419
420
421
422
423
def delete_attachment(self, case_id: CaseId, attachment_id: str) -> None:
    """Delete a case attachment.

    Args:
        case_id: The id of the case.
        attachment_id: The id of the case attachment.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE", path=f"/api/v1/case/{case_id}/attachment/{attachment_id}"
    )
list_shares(case_id)

List all organisation shares of a case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required

Returns:

Type Description
List[OutputShare]

The list of organisation shares of the case.
Source code in thehive4py/endpoints/case.py 
425
426
427
428
429
430
431
432
433
434
def list_shares(self, case_id: CaseId) -> List[OutputShare]:
    """List all organisation shares of a case.

    Args:
        case_id: The id of the case.

    Returns:
        The list of organisation shares of the case.
    """
    return self._session.make_request("GET", path=f"/api/v1/case/{case_id}/shares")
set_share(case_id, shares)

Set the share for a case with other organisations.

For each organisation, you can define a profile (level of access) that the org will receive. Contrary to share this method can delete and update already existing shares.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
shares List[InputShare]

The list of organisational share rules.

 required

Returns:

Type Description
List[OutputShare]

The list of organisation shares of the case.
Source code in thehive4py/endpoints/case.py 
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
def set_share(self, case_id: CaseId, shares: List[InputShare]) -> List[OutputShare]:
    """Set the share for a case with other organisations.

    For each organisation, you can define a profile (level of access) that the org
    will receive. Contrary to `share` this method can delete and update already
    existing shares.

    Args:
        case_id: The id of the case.
        shares: The list of organisational share rules.

    Returns:
        The list of organisation shares of the case.
    """
    return self._session.make_request(
        "PUT", path=f"/api/v1/case/{case_id}/shares", json={"shares": shares}
    )
share(case_id, shares)

Share the case with other organisations.

For each organisation, you can define a profile (level of access) that the org will receive. This method will only create new shares and will not update or delete existing shares.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
shares List[InputShare]

The list of organisational share rules.

 required

Returns:

Type Description
List[OutputShare]

The list of organisation shares of the case.
Source code in thehive4py/endpoints/case.py 
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
def share(self, case_id: CaseId, shares: List[InputShare]) -> List[OutputShare]:
    """Share the case with other organisations.

    For each organisation, you can define a profile (level of access) that the org
    will receive. This method will only create new shares and will not update or
    delete existing shares.

    Args:
        case_id: The id of the case.
        shares: The list of organisational share rules.

    Returns:
        The list of organisation shares of the case.
    """
    return self._session.make_request(
        "POST", path=f"/api/v1/case/{case_id}/shares", json={"shares": shares}
    )
unshare(case_id, organisation_ids)

Unshare a case from other organisations.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
organisation_ids List[str]

The ids of the organisations to unshare from.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
def unshare(self, case_id: CaseId, organisation_ids: List[str]) -> None:
    """Unshare a case from other organisations.

    Args:
        case_id: The id of the case.
        organisation_ids: The ids of the organisations to unshare from.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE",
        path=f"/api/v1/case/{case_id}/shares",
        json={"organisations": organisation_ids},
    )
remove_share(share_id)

Remove a specific organisation share from a case.

Parameters:

Name Type Description Default
share_id str

The id of the share to remove.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
488
489
490
491
492
493
494
495
496
497
498
499
def remove_share(self, share_id: str) -> None:
    """Remove a specific organisation share from a case.

    Args:
        share_id: The id of the share to remove.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE", path=f"/api/v1/case/share/{share_id}"
    )
find(filters=None, sortby=None, paginate=None)

Find multiple cases.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputCase]

The list of cases matched by the query or an empty list.
Source code in thehive4py/endpoints/case.py 
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
def find(
    self,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputCase]:
    """Find multiple cases.

    Args:
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of cases matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "listCase"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "cases"},
        json={"query": query},
    )
count(filters=None)

Count cases.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None

Returns:

Type Description
int

The count of cases matched by the query.
Source code in thehive4py/endpoints/case.py 
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
def count(self, filters: Optional[FilterExpr] = None) -> int:
    """Count cases.

    Args:
        filters: The filter expressions to apply in the query.

    Returns:
        The count of cases matched by the query.
    """
    query: QueryExpr = [
        {"_name": "listCase"},
        *self._build_subquery(filters=filters),
        {"_name": "count"},
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "cases.count"},
        json={"query": query},
    )
create_task(case_id, task)

Create a case task.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
task InputTask

The fields of the task to create.

 required

Returns:

Type Description
OutputTask

The created case task.
Source code in thehive4py/endpoints/case.py 
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
def create_task(self, case_id: CaseId, task: InputTask) -> OutputTask:
    """Create a case task.

    Args:
        case_id: The id of the case.
        task: The fields of the task to create.

    Returns:
        The created case task.
    """
    return self._session.make_request(
        "POST",
        path=f"/api/v1/case/{case_id}/task",
        json=task,
    )
find_tasks(case_id, filters=None, sortby=None, paginate=None)

Find tasks related to a case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputTask]

The list of case tasks matched by the query or an empty list.
Source code in thehive4py/endpoints/case.py 
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
def find_tasks(
    self,
    case_id: CaseId,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputTask]:
    """Find tasks related to a case.

    Args:
        case_id: The id of the case.
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of case tasks matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "getCase", "idOrName": case_id},
        {"_name": "tasks"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "case-tasks"},
        json={"query": query},
    )
create_observable(case_id, observable, observable_path=None)

Create an observable in an case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
observable InputObservable

The fields of the observable to create.

 required
observable_path Optional[str]

Optional path in case of a file based observable.

 None

Returns:

Type Description
List[OutputObservable]

The created case observables.
Source code in thehive4py/endpoints/case.py 
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
def create_observable(
    self,
    case_id: CaseId,
    observable: InputObservable,
    observable_path: Optional[str] = None,
) -> List[OutputObservable]:
    """Create an observable in an case.

    Args:
        case_id: The id of the case.
        observable: The fields of the observable to create.
        observable_path: Optional path in case of a file based observable.

    Returns:
        The created case observables.
    """
    kwargs = self._build_observable_kwargs(
        observable=observable, observable_path=observable_path
    )
    return self._session.make_request(
        "POST", path=f"/api/v1/case/{case_id}/observable", **kwargs
    )
find_observables(case_id, filters=None, sortby=None, paginate=None)

Find observables related to a case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputObservable]

The list of case observables matched by the query or an empty list.
Source code in thehive4py/endpoints/case.py 
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
def find_observables(
    self,
    case_id: CaseId,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputObservable]:
    """Find observables related to a case.

    Args:
        case_id: The id of the case.
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of case observables matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "getCase", "idOrName": case_id},
        {"_name": "observables"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]
    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "case-observables"},
        json={"query": query},
    )
create_procedure(case_id, procedure)

Create a case procedure.

Parameters:

Name Type Description Default
case_id str

The id of the case.

 required
procedure InputProcedure

The fields of the procedure to create.

 required

Returns:

Type Description
OutputProcedure

The created case procedure.
Source code in thehive4py/endpoints/case.py 
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
def create_procedure(
    self, case_id: str, procedure: InputProcedure
) -> OutputProcedure:
    """Create a case procedure.

    Args:
        case_id: The id of the case.
        procedure: The fields of the procedure to create.

    Returns:
        The created case procedure.
    """
    return self._session.make_request(
        "POST", path=f"/api/v1/case/{case_id}/procedure", json=procedure
    )
find_procedures(case_id, filters=None, sortby=None, paginate=None)

Find procedures related to a case.

Parameters:

Name Type Description Default
case_id str

The id of the case.

 required
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputProcedure]

The list of case procedures matched by the query or an empty list.
Source code in thehive4py/endpoints/case.py 
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
def find_procedures(
    self,
    case_id: str,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputProcedure]:
    """Find procedures related to a case.

    Args:
        case_id: The id of the case.
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of case procedures matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "getCase", "idOrName": case_id},
        {"_name": "procedures"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "case-procedures"},
        json={"query": query},
    )
create_page(case_id, page)

Create a page in a case.

Parameters:

Name Type Description Default
case_id str

The id of the case.

 required
page InputCasePage

The fields of the page to create.

 required

Returns:

Type Description
OutputCasePage

The created case page.
Source code in thehive4py/endpoints/case.py 
698
699
700
701
702
703
704
705
706
707
708
709
710
def create_page(self, case_id: str, page: InputCasePage) -> OutputCasePage:
    """Create a page in a case.

    Args:
        case_id: The id of the case.
        page: The fields of the page to create.

    Returns:
        The created case page.
    """
    return self._session.make_request(
        "POST", path=f"/api/v1/case/{case_id}/page", json=page
    )
delete_page(case_id, page_id)

Delete a page from a case.

Parameters:

Name Type Description Default
case_id str

The id of the case.

 required
page_id str

The id of the page to delete.

 required
Retruns

N/A

Source code in thehive4py/endpoints/case.py 
712
713
714
715
716
717
718
719
720
721
722
723
724
def delete_page(self, case_id: str, page_id: str) -> None:
    """Delete a page from a case.

    Args:
        case_id: The id of the case.
        page_id: The id of the page to delete.

    Retruns:
        N/A
    """
    return self._session.make_request(
        "DELETE", path=f"/api/v1/case/{case_id}/page/{page_id}"
    )
update_page(case_id, page_id, page)

Update a page of a case.

Parameters:

Name Type Description Default
case_id str

The id of the case.

 required
page_id str

The id of the page to update.

 required
page InputUpdateCasePage

The fields of the page to update.

 required
Retruns

N/A

Source code in thehive4py/endpoints/case.py 
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
def update_page(
    self, case_id: str, page_id: str, page: InputUpdateCasePage
) -> None:
    """Update a page of a case.

    Args:
        case_id: The id of the case.
        page_id: The id of the page to update.
        page: The fields of the page to update.

    Retruns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path=f"/api/v1/case/{case_id}/page/{page_id}", json=page
    )
find_pages(case_id, filters=None, sortby=None, paginate=None)

Find pages related to a case.

Parameters:

Name Type Description Default
case_id str

The id of the case.

 required
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputProcedure]

The list of case pages matched by the query or an empty list.
Source code in thehive4py/endpoints/case.py 
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
def find_pages(
    self,
    case_id: str,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputProcedure]:
    """Find pages related to a case.

    Args:
        case_id: The id of the case.
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of case pages matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "getCase", "idOrName": case_id},
        {"_name": "pages"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "case-pages"},
        json={"query": query},
    )
find_attachments(case_id, filters=None, sortby=None, paginate=None)

Find attachments related to a case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputAttachment]

The list of case attachments matched by the query or an empty list.
Source code in thehive4py/endpoints/case.py 
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
def find_attachments(
    self,
    case_id: CaseId,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputAttachment]:
    """Find attachments related to a case.

    Args:
        case_id: The id of the case.
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of case attachments matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "getCase", "idOrName": case_id},
        {"_name": "attachments"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]
    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "case-attachments"},
        json={"query": query},
    )
find_comments(case_id, filters=None, sortby=None, paginate=None)

Find comments related to a case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputComment]

The list of case comments matched by the query or an empty list.
Source code in thehive4py/endpoints/case.py 
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
def find_comments(
    self,
    case_id: CaseId,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputComment]:
    """Find comments related to a case.

    Args:
        case_id: The id of the case.
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of case comments matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "getCase", "idOrName": case_id},
        {"_name": "comments"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]
    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "case-comments"},
        json={"query": query},
    )
close(case_id, status, summary, impact_status='NotApplicable')

Close a case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
status CaseStatusValue

The status to close the case with.

 required
summary str

The closure summary of the case.

 required
impact_status ImpactStatusValue

The impact status of the case.

 'NotApplicable'

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
def close(
    self,
    case_id: CaseId,
    status: CaseStatusValue,
    summary: str,
    impact_status: ImpactStatusValue = "NotApplicable",
) -> None:
    """Close a case.

    Args:
        case_id: The id of the case.
        status: The status to close the case with.
        summary: The closure summary of the case.
        impact_status: The impact status of the case.

    Returns:
        N/A
    """
    case: InputUpdateCase = {
        "status": status,
        "impactStatus": impact_status,
        "summary": summary,
    }
    return self.update(
        case_id,
        case,
    )
open(case_id, status=CaseStatus.InProgress)

Open a closed case.

Parameters:

Name Type Description Default
case_id CaseId

The id of the case.

 required
status CaseStatusValue

The status to re-open the case with.

 InProgress

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case.py 
862
863
864
865
866
867
868
869
870
871
872
873
874
875
def open(
    self, case_id: CaseId, status: CaseStatusValue = CaseStatus.InProgress
) -> None:
    """Open a closed case.

    Args:
        case_id: The id of the case.
        status: The status to re-open the case with.

    Returns:
        N/A
    """
    case: InputUpdateCase = {"status": status}
    return self.update(case_id, case)

case_template

CaseTemplateEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
create(case_template)

Create a case template.

Parameters:

Name Type Description Default
case_template InputCaseTemplate

The body of the case template.

 required

Returns:

Type Description
OutputCaseTemplate

The created case template.
Source code in thehive4py/endpoints/case_template.py 
13
14
15
16
17
18
19
20
21
22
23
24
def create(self, case_template: InputCaseTemplate) -> OutputCaseTemplate:
    """Create a case template.

    Args:
        case_template: The body of the case template.

    Returns:
        The created case template.
    """
    return self._session.make_request(
        "POST", path="/api/v1/caseTemplate", json=case_template
    )
get(case_template_id)

Get a case template by id.

Parameters:

Name Type Description Default
case_template_id str

The id of the case template.

 required

Returns:

Type Description
OutputCaseTemplate

The case template specified by the id.
Source code in thehive4py/endpoints/case_template.py 
26
27
28
29
30
31
32
33
34
35
36
37
def get(self, case_template_id: str) -> OutputCaseTemplate:
    """Get a case template by id.

    Args:
        case_template_id: The id of the case template.

    Returns:
        The case template specified by the id.
    """
    return self._session.make_request(
        "GET", path=f"/api/v1/caseTemplate/{case_template_id}"
    )
delete(case_template_id)

Delete a case template.

Parameters:

Name Type Description Default
case_template_id str

The id of the case template.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case_template.py 
39
40
41
42
43
44
45
46
47
48
49
50
def delete(self, case_template_id: str) -> None:
    """Delete a case template.

    Args:
        case_template_id: The id of the case template.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE", path=f"/api/v1/caseTemplate/{case_template_id}"
    )
update(case_template_id, fields)

Update a case template.

Parameters:

Name Type Description Default
case_template_id str

The id of the case template.

 required
fields InputCaseTemplate

The fields of the case template to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case_template.py 
52
53
54
55
56
57
58
59
60
61
62
63
64
def update(self, case_template_id: str, fields: InputCaseTemplate) -> None:
    """Update a case template.

    Args:
        case_template_id: The id of the case template.
        fields: The fields of the case template to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path=f"/api/v1/caseTemplate/{case_template_id}", json=fields
    )
link_page_templates(case_template_id, page_template_ids)

Link page templates to a case template.

Parameters:

Name Type Description Default
case_template_id str

The id or name of the case template.

 required
page_template_ids List[str]

The list of page template ids to link.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/case_template.py 
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
def link_page_templates(
    self, case_template_id: str, page_template_ids: List[str]
) -> None:
    """Link page templates to a case template.

    Args:
        case_template_id: The id or name of the case template.
        page_template_ids: The list of page template ids to link.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PUT",
        path=f"/api/v1/caseTemplate/{case_template_id}/pageTemplate/link",
        json={"pageTemplateIds": page_template_ids},
    )
find(filters=None, sortby=None, paginate=None)

Find multiple case templates.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination expression to apply in the query.

 None

Returns:

Type Description
List[OutputCaseTemplate]

The list of case templates matched by the query or an empty list.
Source code in thehive4py/endpoints/case_template.py 
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
def find(
    self,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputCaseTemplate]:
    """Find multiple case templates.

    Args:
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination expression to apply in the query.

    Returns:
        The list of case templates matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "listCaseTemplate"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        json={"query": query},
        params={"name": "caseTemplate"},
    )
find_page_templates(case_template_id, filters=None, sortby=None, paginate=None)

Find page templates related to a case template.

Parameters:

Name Type Description Default
case_template_id str

The case template id.

 required
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination expression to apply in the query.

 None

Returns:

Type Description
List[OutputPageTemplate]

The list of page templates matched by the query or an empty list.
Source code in thehive4py/endpoints/case_template.py 
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
def find_page_templates(
    self,
    case_template_id: str,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputPageTemplate]:
    """Find page templates related to a case template.

    Args:
        case_template_id: The case template id.
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination expression to apply in the query.

    Returns:
        The list of page templates matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "getCaseTemplate", "idOrName": case_template_id},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
        {"_name": "pageTemplates"},
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        json={"query": query},
        params={"name": "pageTemplate"},
    )

comment

CommentEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
create_in_alert(alert_id, comment)
Source code in thehive4py/endpoints/comment.py 
 7
 8
 9
10
def create_in_alert(self, alert_id: str, comment: InputComment) -> OutputComment:
    return self._session.make_request(
        "POST", path=f"/api/v1/alert/{alert_id}/comment", json=comment
    )
create_in_case(case_id, comment)
Source code in thehive4py/endpoints/comment.py 
12
13
14
15
def create_in_case(self, case_id: str, comment: InputComment) -> OutputComment:
    return self._session.make_request(
        "POST", path=f"/api/v1/case/{case_id}/comment", json=comment
    )
get(comment_id)
Source code in thehive4py/endpoints/comment.py 
17
18
19
20
21
22
23
24
25
26
27
def get(self, comment_id: str) -> OutputComment:
    # TODO: temp implementation until a dedicated get endpoint
    comments = self._session.make_request(
        "POST",
        path="/api/v1/query",
        json={"query": [{"_name": "getComment", "idOrName": comment_id}]},
    )
    try:
        return comments[0]
    except IndexError:
        raise TheHiveError("404 - Comment not found")
delete(comment_id)
Source code in thehive4py/endpoints/comment.py 
29
30
31
32
def delete(self, comment_id: str) -> None:
    return self._session.make_request(
        "DELETE", path=f"/api/v1/comment/{comment_id}"
    )
update(comment_id, fields)
Source code in thehive4py/endpoints/comment.py 
34
35
36
37
def update(self, comment_id: str, fields: InputUpdateComment) -> None:
    return self._session.make_request(
        "PATCH", path=f"/api/v1/comment/{comment_id}", json=fields
    )

cortex

CortexEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
create_analyzer_job(job)
Source code in thehive4py/endpoints/cortex.py 
14
15
16
17
def create_analyzer_job(self, job: InputAnalyzerJob) -> OutputAnalyzerJob:
    return self._session.make_request(
        "POST", path="/api/connector/cortex/job", json=job
    )
create_responder_action(action)
Source code in thehive4py/endpoints/cortex.py 
19
20
21
22
23
24
def create_responder_action(
    self, action: InputResponderAction
) -> OutputResponderAction:
    return self._session.make_request(
        "POST", path="/api/connector/cortex/action", json=action
    )
list_analyzers(range=None)
Source code in thehive4py/endpoints/cortex.py 
26
27
28
29
30
def list_analyzers(self, range: Optional[str] = None) -> List[OutputAnalyzer]:
    params = {"range": range}
    return self._session.make_request(
        "GET", path="/api/connector/cortex/analyzer", params=params
    )
list_analyzers_by_type(data_type)
Source code in thehive4py/endpoints/cortex.py 
32
33
34
35
def list_analyzers_by_type(self, data_type: str) -> List[OutputAnalyzer]:
    return self._session.make_request(
        "GET", path=f"/api/connector/cortex/analyzer/type/{data_type}"
    )
get_analyzer(analyzer_id)
Source code in thehive4py/endpoints/cortex.py 
37
38
39
40
def get_analyzer(self, analyzer_id: str) -> OutputAnalyzer:
    return self._session.make_request(
        "GET", path=f"/api/connector/cortex/analyzer/{analyzer_id}"
    )
get_analyzer_job(job_id)
Source code in thehive4py/endpoints/cortex.py 
42
43
44
45
def get_analyzer_job(self, job_id: str) -> OutputAnalyzerJob:
    return self._session.make_request(
        "GET", path=f"/api/connector/cortex/job/{job_id}"
    )
list_responders(entity_type, entity_id)
Source code in thehive4py/endpoints/cortex.py 
47
48
49
50
51
52
def list_responders(
    self, entity_type: str, entity_id: str
) -> List[OutputResponder]:
    return self._session.make_request(
        "GET", f"/api/connector/cortex/responder/{entity_type}/{entity_id}"
    )

custom_field

CustomFieldEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
list()

List all custom fields.

Returns:

Type Description
List[OutputCustomField]

The list of all custom fields.
Source code in thehive4py/endpoints/custom_field.py 
12
13
14
15
16
17
18
def list(self) -> List[OutputCustomField]:
    """List all custom fields.

    Returns:
        The list of all custom fields.
    """
    return self._session.make_request("GET", path="/api/v1/customField")
create(custom_field)

Create a custom field.

Parameters:

Name Type Description Default
custom_field InputCustomField

The body of the custom field.

 required

Returns:

Type Description
OutputCustomField

The created custom field.
Source code in thehive4py/endpoints/custom_field.py 
20
21
22
23
24
25
26
27
28
29
30
31
def create(self, custom_field: InputCustomField) -> OutputCustomField:
    """Create a custom field.

    Args:
        custom_field: The body of the custom field.

    Returns:
        The created custom field.
    """
    return self._session.make_request(
        "POST", path="/api/v1/customField", json=custom_field
    )
delete(custom_field_id, force=False)

Delete a custom field.

Parameters:

Name Type Description Default
custom_field_id str

The id of the custom field.

 required
force bool

Whether to forcefully delete the custom field.

 False

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/custom_field.py 
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
def delete(self, custom_field_id: str, force: bool = False) -> None:
    """Delete a custom field.

    Args:
        custom_field_id: The id of the custom field.
        force: Whether to forcefully delete the custom field.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE",
        path=f"/api/v1/customField/{custom_field_id}",
        params={"force": force},
    )
update(custom_field_id, fields)

Update a custom field.

Parameters:

Name Type Description Default
custom_field_id str

The id of the custom field.

 required
fields InputUpdateCustomField

The fields of the custom field to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/custom_field.py 
49
50
51
52
53
54
55
56
57
58
59
60
61
def update(self, custom_field_id: str, fields: InputUpdateCustomField) -> None:
    """Update a custom field.

    Args:
        custom_field_id: The id of the custom field.
        fields: The fields of the custom field to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path=f"/api/v1/customField/{custom_field_id}", json=fields
    )

observable

ObservableEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
create_in_case(case_id, observable, observable_path=None)

Create one or more observables in a case.

Parameters:

Name Type Description Default
case_id str

The id of the case.

 required
observable InputObservable

The fields of the observable to create.

 required
observable_path Optional[str]

Optional path in case of file based observables.

 None

Returns:

Type Description
List[OutputObservable]

The created case observables.
Source code in thehive4py/endpoints/observable.py 
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
def create_in_case(
    self,
    case_id: str,
    observable: InputObservable,
    observable_path: Optional[str] = None,
) -> List[OutputObservable]:
    """Create one or more observables in a case.

    Args:
        case_id: The id of the case.
        observable: The fields of the observable to create.
        observable_path: Optional path in case of file based observables.

    Returns:
        The created case observables.
    """
    kwargs = self._build_observable_kwargs(
        observable=observable, observable_path=observable_path
    )
    return self._session.make_request(
        "POST", path=f"/api/v1/case/{case_id}/observable", **kwargs
    )
create_in_alert(alert_id, observable, observable_path=None)

Create one or more observables in an alert.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
observable InputObservable

The fields of the observable to create.

 required
observable_path Optional[str]

Optional path in case of file based observables.

 None

Returns:

Type Description
List[OutputObservable]

The created alert observables.
Source code in thehive4py/endpoints/observable.py 
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
def create_in_alert(
    self,
    alert_id: str,
    observable: InputObservable,
    observable_path: Optional[str] = None,
) -> List[OutputObservable]:
    """Create one or more observables in an alert.

    Args:
        alert_id: The id of the alert.
        observable: The fields of the observable to create.
        observable_path: Optional path in case of file based observables.

    Returns:
        The created alert observables.
    """
    kwargs = self._build_observable_kwargs(
        observable=observable, observable_path=observable_path
    )
    return self._session.make_request(
        "POST", path=f"/api/v1/alert/{alert_id}/observable", **kwargs
    )
get(observable_id)

Get an observable by id.

Parameters:

Name Type Description Default
observable_id str

The id of the observable.

 required

Returns:

Type Description
OutputObservable

The observable specified by the id.
Source code in thehive4py/endpoints/observable.py 
64
65
66
67
68
69
70
71
72
73
74
75
def get(self, observable_id: str) -> OutputObservable:
    """Get an observable by id.

    Args:
        observable_id: The id of the observable.

    Returns:
        The observable specified by the id.
    """
    return self._session.make_request(
        "GET", path=f"/api/v1/observable/{observable_id}"
    )
delete(observable_id)

Delete an observable.

Parameters:

Name Type Description Default
observable_id str

The id of the observable.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/observable.py 
77
78
79
80
81
82
83
84
85
86
87
88
def delete(self, observable_id: str) -> None:
    """Delete an observable.

    Args:
        observable_id: The id of the observable.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE", path=f"/api/v1/observable/{observable_id}"
    )
update(observable_id, fields)

Update an observable.

Parameters:

Name Type Description Default
observable_id str

The id of the observable.

 required
fields InputUpdateObservable

The fields of the observable to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/observable.py 
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
def update(self, observable_id: str, fields: InputUpdateObservable) -> None:
    """Update an observable.

    Args:
        observable_id: The id of the observable.
        fields: The fields of the observable to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path=f"/api/v1/observable/{observable_id}", json=fields
    )
bulk_update(fields)

Update multiple observables with the same values.

Parameters:

Name Type Description Default
fields InputBulkUpdateObservable

The ids and the fields of the observables to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/observable.py 
104
105
106
107
108
109
110
111
112
113
114
115
def bulk_update(self, fields: InputBulkUpdateObservable) -> None:
    """Update multiple observables with the same values.

    Args:
        fields: The ids and the fields of the observables to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path="/api/v1/observable/_bulk", json=fields
    )
download_attachment(observable_id, attachment_id, observable_path, as_zip=False)

Download an observable attachment.

Parameters:

Name Type Description Default
observable_id str

The id of the observable.

 required
attachment_id str

The id of the observable attachment.

 required
observable_path str

The local path to download the observable attachment to.

 required
as_zip bool

If True, the attachment will be sent as a zip file with a password. Default password is 'malware'

 False

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/observable.py 
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
def download_attachment(
    self,
    observable_id: str,
    attachment_id: str,
    observable_path: str,
    as_zip: bool = False,
) -> None:
    """Download an observable attachment.

    Args:
        observable_id: The id of the observable.
        attachment_id: The id of the observable attachment.
        observable_path: The local path to download the observable attachment to.
        as_zip: If `True`, the attachment will be sent as a zip file with a
            password. Default password is 'malware'

    Returns:
        N/A
    """
    return self._session.make_request(
        "GET",
        path=(
            f"/api/v1/observable/{observable_id}"
            f"/attachment/{attachment_id}/download"
        ),
        params={"asZip": as_zip},
        download_path=observable_path,
    )
list_shares(observable_id)

List all organisation shares of an observable.

Parameters:

Name Type Description Default
observable_id str

The id of the observable.

 required

Returns:

Type Description
List[OutputShare]

The list of organisation shares of the observable.
Source code in thehive4py/endpoints/observable.py 
146
147
148
149
150
151
152
153
154
155
156
157
def list_shares(self, observable_id: str) -> List[OutputShare]:
    """List all organisation shares of an observable.

    Args:
        observable_id: The id of the observable.

    Returns:
        The list of organisation shares of the observable.
    """
    return self._session.make_request(
        "GET", path=f"/api/v1/case/{observable_id}/shares"
    )
share(observable_id, organisations)

Share the observable with other organisations.

The case that owns the observable must already be shared with the target organisations.

Parameters:

Name Type Description Default
observable_id str

The id of the observable.

 required
organisations List[str]

The list of organisation names or ids.

 required

Returns:

Type Description
None

The list of organisation shares of the observable.
Source code in thehive4py/endpoints/observable.py 
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
def share(self, observable_id: str, organisations: List[str]) -> None:
    """Share the observable with other organisations.

    The case that owns the observable must already be shared with the target
    organisations.

    Args:
        observable_id: The id of the observable.
        organisations: The list of organisation names or ids.

    Returns:
        The list of organisation shares of the observable.
    """
    return self._session.make_request(
        "POST",
        path=f"/api/v1/observable/{observable_id}/shares",
        json={"organisations": organisations},
    )
unshare(observable_id, organisations)

Unshare an observable from other organisations.

Parameters:

Name Type Description Default
observable_id str

The id of the observable.

 required
organisations List[str]

The list of organisation names or ids.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/observable.py 
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
def unshare(self, observable_id: str, organisations: List[str]) -> None:
    """Unshare an observable from other organisations.

    Args:
        observable_id: The id of the observable.
        organisations: The list of organisation names or ids.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE",
        path=f"/api/v1/observable/{observable_id}/shares",
        json={"organisations": organisations},
    )
find(filters=None, sortby=None, paginate=None)

Find multiple observables.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputObservable]

The list of observables matched by the query or an empty list.
Source code in thehive4py/endpoints/observable.py 
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
def find(
    self,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputObservable]:
    """Find multiple observables.

    Args:
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of observables matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "listObservable"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "observables"},
        json={"query": query},
    )
count(filters=None)

Count observables.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None

Returns:

Type Description
int

The count of observables matched by the query.
Source code in thehive4py/endpoints/observable.py 
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
def count(self, filters: Optional[FilterExpr] = None) -> int:
    """Count observables.

    Args:
        filters: The filter expressions to apply in the query.

    Returns:
        The count of observables matched by the query.
    """
    query: QueryExpr = [
        {"_name": "listObservable"},
        *self._build_subquery(filters=filters),
        {"_name": "count"},
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "observable.count"},
        json={"query": query},
    )

observable_type

ObservableTypeEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
get(observable_type_id)

Get an observable type by id.

Parameters:

Name Type Description Default
observable_type_id str

The id of the observable type.

 required

Returns:

Type Description
OutputObservableType

The observable type specified by the id.
Source code in thehive4py/endpoints/observable_type.py 
12
13
14
15
16
17
18
19
20
21
22
23
def get(self, observable_type_id: str) -> OutputObservableType:
    """Get an observable type by id.

    Args:
        observable_type_id: The id of the observable type.

    Returns:
        The observable type specified by the id.
    """
    return self._session.make_request(
        "GET", path=f"/api/v1/observable/type/{observable_type_id}"
    )
delete(observable_type_id)

Delete an observable type.

Parameters:

Name Type Description Default
observable_type_id str

The id of the observable type.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/observable_type.py 
25
26
27
28
29
30
31
32
33
34
35
36
def delete(self, observable_type_id: str) -> None:
    """Delete an observable type.

    Args:
        observable_type_id: The id of the observable type.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE", path=f"/api/v1/observable/type/{observable_type_id}"
    )
create(observable_type)

Create an observable type.

Parameters:

Name Type Description Default
observable_type InputObservableType

The body of the observable type.

 required

Returns:

Type Description
OutputObservableType

The created observable type.
Source code in thehive4py/endpoints/observable_type.py 
38
39
40
41
42
43
44
45
46
47
48
49
def create(self, observable_type: InputObservableType) -> OutputObservableType:
    """Create an observable type.

    Args:
        observable_type: The body of the observable type.

    Returns:
        The created observable type.
    """
    return self._session.make_request(
        "POST", path="/api/v1/observable/type", json=observable_type
    )
find(filters=None, sortby=None, paginate=None)

Find multiple observable types.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination expression to apply in the query.

 None

Returns:

Type Description
List[OutputObservableType]

The list of observable types matched by the query or an empty list.
Source code in thehive4py/endpoints/observable_type.py 
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
def find(
    self,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputObservableType]:
    """Find multiple observable types.

    Args:
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination expression to apply in the query.

    Returns:
        The list of observable types matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "listObservableType"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "observableTypes"},
        json={"query": query},
    )

organisation

OrganisationEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
add_attachment(attachment_paths, can_rename=True)

Add attachment to organisation.

Parameters:

Name Type Description Default
attachment_paths List[str]

List of paths to the attachments to create.

 required
can_rename bool

If set to True, the files can be renamed if they already exist with the same name

 True

Returns:

Type Description
List[OutputAttachment]

The created attachments.
Source code in thehive4py/endpoints/organisation.py 
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
def add_attachment(
    self, attachment_paths: List[str], can_rename: bool = True
) -> List[OutputAttachment]:
    """Add attachment to organisation.

    Args:
        attachment_paths: List of paths to the attachments to create.
        can_rename: If set to True, the files can be renamed if they already exist
            with the same name

    Returns:
        The created attachments.
    """
    files = [
        ("attachments", self._fileinfo_from_filepath(attachment_path))
        for attachment_path in attachment_paths
    ]
    return self._session.make_request(
        "POST", "/api/v1/attachment", data={"canRename": can_rename}, files=files
    )["attachments"]
delete_attachment(attachment_id)

Delete an attachment.

Parameters:

Name Type Description Default
attachment_id str

The id of the attachment.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/organisation.py 
42
43
44
45
46
47
48
49
50
51
52
53
def delete_attachment(self, attachment_id: str) -> None:
    """Delete an attachment.

    Args:
        attachment_id: The id of the attachment.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE", path=f"/api/v1/attachment/{attachment_id}"
    )
download_attachment(attachment_id, attachment_path)

Download an attachment.

Parameters:

Name Type Description Default
attachment_id str

The id of the attachment.

 required
attachment_path str

The local path to download the attachment to.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/organisation.py 
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
def download_attachment(self, attachment_id: str, attachment_path: str) -> None:
    """Download an attachment.

    Args:
        attachment_id: The id of the attachment.
        attachment_path: The local path to download the attachment to.

    Returns:
        N/A
    """
    return self._session.make_request(
        "GET",
        path=f"/api/v1/attachment/{attachment_id}/download",
        download_path=attachment_path,
    )
find_attachments(org_id, filters=None, sortby=None, paginate=None)

Find attachments related to an organisation.

Parameters:

Name Type Description Default
org_id str

The id of the organisation.

 required
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputAttachment]

The list of case attachments matched by the query or an empty list.
Source code in thehive4py/endpoints/organisation.py 
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
def find_attachments(
    self,
    org_id: str,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputAttachment]:
    """Find attachments related to an organisation.

    Args:
        org_id: The id of the organisation.
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of case attachments matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "getOrganisation", "idOrName": org_id},
        {"_name": "attachments"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]
    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "organisation-attachments"},
        json={"query": query},
    )
create(organisation)

Create an organisation.

Parameters:

Name Type Description Default
organisation InputOrganisation

The body of the organisation.

 required

Returns:

Type Description
OutputOrganisation

The created organisation.
Source code in thehive4py/endpoints/organisation.py 
101
102
103
104
105
106
107
108
109
110
111
112
def create(self, organisation: InputOrganisation) -> OutputOrganisation:
    """Create an organisation.

    Args:
        organisation: The body of the organisation.

    Returns:
        The created organisation.
    """
    return self._session.make_request(
        "POST", path="/api/v1/organisation", json=organisation
    )
get(org_id)

Get an organisation.

Parameters:

Name Type Description Default
org_id str

The id of the organisation.

 required

Returns:

Type Description
OutputOrganisation

The organisation specified by the id.
Source code in thehive4py/endpoints/organisation.py 
114
115
116
117
118
119
120
121
122
123
def get(self, org_id: str) -> OutputOrganisation:
    """Get an organisation.

    Args:
        org_id: The id of the organisation.

    Returns:
        The organisation specified by the id.
    """
    return self._session.make_request("GET", path=f"/api/v1/organisation/{org_id}")
update(org_id, fields)

Get an organisation.

Parameters:

Name Type Description Default
org_id str

The id of the organisation.

 required
fields InputUpdateOrganisation

The fields of the organisation to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/organisation.py 
125
126
127
128
129
130
131
132
133
134
135
136
137
def update(self, org_id: str, fields: InputUpdateOrganisation) -> None:
    """Get an organisation.

    Args:
        org_id: The id of the organisation.
        fields: The fields of the organisation to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path=f"/api/v1/organisation/{org_id}", json=fields
    )
get_avatar(org_id, file_hash, avatar_path)

Get an organisaton avatar.

Parameters:

Name Type Description Default
org_id str

The id of the organisation.

 required
file_hash str

The hash of the organisation avatar.

 required
avatar_path str

The local path to download the organisation avatar to.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/organisation.py 
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
def get_avatar(self, org_id: str, file_hash: str, avatar_path: str) -> None:
    """Get an organisaton avatar.

    Args:
        org_id: The id of the organisation.
        file_hash: The hash of the organisation avatar.
        avatar_path: The local path to download the organisation avatar to.

    Returns:
        N/A
    """
    return self._session.make_request(
        "GET",
        path=f"/api/v1/organisation/{org_id}/avatar/{file_hash}",
        download_path=avatar_path,
    )

Link two organisatons.

Parameters:

Name Type Description Default
org_id str

The id of the organisation.

 required
other_org_id str

The id of the other organisation.

 required
link InputOrganisationLink

The type of organisation links.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/organisation.py 
156
157
158
159
160
161
162
163
164
165
166
167
168
169
def link(self, org_id: str, other_org_id: str, link: InputOrganisationLink) -> None:
    """Link two organisatons.

    Args:
        org_id: The id of the organisation.
        other_org_id: The id of the other organisation.
        link: The type of organisation links.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PUT", path=f"/api/v1/organisation/{org_id}/link/{other_org_id}", json=link
    )

Unlink two organisatons.

Parameters:

Name Type Description Default
org_id str

The id of the organisation.

 required
other_org_id str

The id of the other organisation.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/organisation.py 
171
172
173
174
175
176
177
178
179
180
181
182
183
def unlink(self, org_id: str, other_org_id: str) -> None:
    """Unlink two organisatons.

    Args:
        org_id: The id of the organisation.
        other_org_id: The id of the other organisation.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE", path=f"/api/v1/organisation/{org_id}/link/{other_org_id}"
    )

List links of an organisatons.

Parameters:

Name Type Description Default
org_id str

The id of the organisation.

 required

Returns:

Type Description
List[OutputOrganisationLink]

The list of organisation links.
Source code in thehive4py/endpoints/organisation.py 
185
186
187
188
189
190
191
192
193
194
195
196
def list_links(self, org_id: str) -> List[OutputOrganisationLink]:
    """List links of an organisatons.

    Args:
        org_id: The id of the organisation.

    Returns:
        The list of organisation links.
    """
    return self._session.make_request(
        "GET", path=f"/api/v1/organisation/{org_id}/links"
    )

Bulk link organisations.

Parameters:

Name Type Description Default
org_id str

The id of the organisation.

 required
links List[InputBulkOrganisationLink]

The list of organisation links.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/organisation.py 
198
199
200
201
202
203
204
205
206
207
208
209
210
def bulk_link(self, org_id: str, links: List[InputBulkOrganisationLink]) -> None:
    """Bulk link organisations.

    Args:
        org_id: The id of the organisation.
        links: The list of organisation links.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PUT", path=f"/api/v1/organisation/{org_id}/links", json={"links": links}
    )
list_sharing_profiles()

List all sharing profiles.

Returns:

Type Description
List[OutputSharingProfile]

The list of sharing profiles.
Source code in thehive4py/endpoints/organisation.py 
212
213
214
215
216
217
218
def list_sharing_profiles(self) -> List[OutputSharingProfile]:
    """List all sharing profiles.

    Returns:
        The list of sharing profiles.
    """
    return self._session.make_request("GET", path="/api/v1/sharingProfile")
find(filters=None, sortby=None, paginate=None)

Find multiple organisations.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputOrganisation]

The list of organisations matched by the query or an empty list.
Source code in thehive4py/endpoints/organisation.py 
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
def find(
    self,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputOrganisation]:
    """Find multiple organisations.

    Args:
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of organisations matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "listOrganisation"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "organisations"},
        json={"query": query},
    )
count(filters=None)

Count organisations.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None

Returns:

Type Description
int

The count of organisations matched by the query.
Source code in thehive4py/endpoints/organisation.py 
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
def count(self, filters: Optional[FilterExpr] = None) -> int:
    """Count organisations.

    Args:
        filters: The filter expressions to apply in the query.

    Returns:
        The count of organisations matched by the query.
    """
    query: QueryExpr = [
        {"_name": "listOrganisation"},
        *self._build_subquery(filters=filters),
        {"_name": "count"},
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "organisations.count"},
        json={"query": query},
    )

page_template

PageTemplateEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
create(page_template)

Create a page template.

Parameters:

Name Type Description Default
page_template InputPageTemplate

The body of the page template.

 required

Returns:

Type Description
OutputPageTemplate

The created page template.
Source code in thehive4py/endpoints/page_template.py 
17
18
19
20
21
22
23
24
25
26
27
28
def create(self, page_template: InputPageTemplate) -> OutputPageTemplate:
    """Create a page template.

    Args:
        page_template: The body of the page template.

    Returns:
        The created page template.
    """
    return self._session.make_request(
        "POST", path="/api/v1/pageTemplate", json=page_template
    )
delete(page_template_id)

Delete a page template.

Parameters:

Name Type Description Default
page_template_id str

The id of the page template.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/page_template.py 
30
31
32
33
34
35
36
37
38
39
40
41
def delete(self, page_template_id: str) -> None:
    """Delete a page template.

    Args:
        page_template_id: The id of the page template.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE", path=f"/api/v1/pageTemplate/{page_template_id}"
    )
update(page_template_id, fields)

Update a page template.

Parameters:

Name Type Description Default
page_template_id str

The id of the page template.

 required
fields InputUpdatePageTemplate

The fields of the page template to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/page_template.py 
43
44
45
46
47
48
49
50
51
52
53
54
55
def update(self, page_template_id: str, fields: InputUpdatePageTemplate) -> None:
    """Update a page template.

    Args:
        page_template_id: The id of the page template.
        fields: The fields of the page template to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path=f"/api/v1/pageTemplate/{page_template_id}", json=fields
    )
find(filters=None, sortby=None, paginate=None)

Find multiple page templates.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination expression to apply in the query.

 None

Returns:

Type Description
List[OutputPageTemplate]

The list of page templates matched by the query or an empty list.
Source code in thehive4py/endpoints/page_template.py 
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
def find(
    self,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputPageTemplate]:
    """Find multiple page templates.

    Args:
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination expression to apply in the query.

    Returns:
        The list of page templates matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "listPageTemplate"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        json={"query": query},
        params={"name": "listPageTemplate"},
    )
get(page_template_id)

Get a page template by id.

Parameters:

Name Type Description Default
page_template_id str

The id of the page template.

 required

Returns:

Type Description
OutputPageTemplate

The page template specified by the id.
Source code in thehive4py/endpoints/page_template.py 
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
def get(self, page_template_id: str) -> OutputPageTemplate:
    """Get a page template by id.

    Args:
        page_template_id: The id of the page template.

    Returns:
        The page template specified by the id.
    """
    # TODO: temp implementation until a dedicated get endpoint [if ever ;)]
    page_templates = self._session.make_request(
        "POST",
        path="/api/v1/query",
        json={
            "query": [{"_name": "getPageTemplate", "idOrName": page_template_id}]
        },
    )

    if not page_templates:
        raise TheHiveError("404 - Page Template Not Found")

    return page_templates[0]

procedure

ProcedureEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
create_in_case(case_id, procedure)

Create a procedure in a case.

Parameters:

Name Type Description Default
case_id str

The id of the case.

 required
procedure InputProcedure

The fields of the procedure to create.

 required

Returns:

Type Description
OutputProcedure

The created procedure.
Source code in thehive4py/endpoints/procedure.py 
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
def create_in_case(
    self, case_id: str, procedure: InputProcedure
) -> OutputProcedure:
    """Create a procedure in a case.

    Args:
        case_id: The id of the case.
        procedure: The fields of the procedure to create.

    Returns:
        The created procedure.
    """
    return self._session.make_request(
        "POST", path=f"/api/v1/case/{case_id}/procedure", json=procedure
    )
bulk_create_in_case(case_id, procedures)

Create several procedures in a case.

Parameters:

Name Type Description Default
case_id str

The id of the case.

 required
procedures List[InputProcedure]

The list of procedures to create.

 required

Returns:

Type Description
List[OutputProcedure]

The list of created procedures.
Source code in thehive4py/endpoints/procedure.py 
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
def bulk_create_in_case(
    self, case_id: str, procedures: List[InputProcedure]
) -> List[OutputProcedure]:
    """Create several procedures in a case.

    Args:
        case_id: The id of the case.
        procedures: The list of procedures to create.

    Returns:
        The list of created procedures.
    """
    return self._session.make_request(
        "POST",
        path=f"/api/v1/case/{case_id}/procedures",
        json={"procedures": procedures},
    )
create_in_alert(alert_id, procedure)

Create a procedure in an alert.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
procedure InputProcedure

The fields of the procedure to create.

 required

Returns:

Type Description
OutputProcedure

The created procedure.
Source code in thehive4py/endpoints/procedure.py 
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
def create_in_alert(
    self, alert_id: str, procedure: InputProcedure
) -> OutputProcedure:
    """Create a procedure in an alert.

    Args:
        alert_id: The id of the alert.
        procedure: The fields of the procedure to create.

    Returns:
        The created procedure.
    """
    return self._session.make_request(
        "POST", path=f"/api/v1/alert/{alert_id}/procedure", json=procedure
    )
bulk_create_in_alert(alert_id, procedures)

Create multiple procedures in an alert.

Parameters:

Name Type Description Default
alert_id str

The id of the alert.

 required
procedures List[InputProcedure]

The list of procedures to create.

 required

Returns:

Type Description
List[OutputProcedure]

The list of created procedures.
Source code in thehive4py/endpoints/procedure.py 
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
def bulk_create_in_alert(
    self, alert_id: str, procedures: List[InputProcedure]
) -> List[OutputProcedure]:
    """Create multiple procedures in an alert.

    Args:
        alert_id: The id of the alert.
        procedures: The list of procedures to create.

    Returns:
        The list of created procedures.
    """
    return self._session.make_request(
        "POST",
        path=f"/api/v1/alert/{alert_id}/procedures",
        json={"procedures": procedures},
    )
delete(procedure_id)

Delete a procedure.

Parameters:

Name Type Description Default
procedure_id str

The id of the procedure.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/procedure.py 
85
86
87
88
89
90
91
92
93
94
95
96
def delete(self, procedure_id: str) -> None:
    """Delete a procedure.

    Args:
        procedure_id: The id of the procedure.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE", path=f"/api/v1/procedure/{procedure_id}"
    )
update(procedure_id, fields)

Update a procedure.

Parameters:

Name Type Description Default
procedure_id str

The id of the procedure.

 required
fields InputUpdateProcedure

The fields of the procedure to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/procedure.py 
 98
 99
100
101
102
103
104
105
106
107
108
109
110
def update(self, procedure_id: str, fields: InputUpdateProcedure) -> None:
    """Update a procedure.

    Args:
        procedure_id: The id of the procedure.
        fields: The fields of the procedure to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path=f"/api/v1/procedure/{procedure_id}", json=fields
    )
bulk_delete(procedure_ids)

Delete multiple procedures.

Parameters:

Name Type Description Default
procedure_ids List[str]

The list of procedure ids to delete.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/procedure.py 
112
113
114
115
116
117
118
119
120
121
122
123
124
125
def bulk_delete(self, procedure_ids: List[str]) -> None:
    """Delete multiple procedures.

    Args:
        procedure_ids: The list of procedure ids to delete.

    Returns:
        N/A
    """
    return self._session.make_request(
        "POST",
        path="/api/v1/procedure/delete/_bulk",
        json={"ids": procedure_ids},
    )
find(filters=None, sortby=None, paginate=None)

Find multiple procedures.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination expression to apply in the query.

 None

Returns:

Type Description
List[OutputProcedure]

The list of procedures matched by the query or an empty list.
Source code in thehive4py/endpoints/procedure.py 
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
def find(
    self,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputProcedure]:
    """Find multiple procedures.

    Args:
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination expression to apply in the query.

    Returns:
        The list of procedures matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "listProcedure"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "procedures"},
        json={"query": query},
    )
get(procedure_id)

Get a procedure by id.

Parameters:

Name Type Description Default
procedure_id str

The id of the procedure.

 required

Returns:

Type Description
OutputProcedure

The procedure specified by the id.
Source code in thehive4py/endpoints/procedure.py 
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
def get(self, procedure_id: str) -> OutputProcedure:
    """Get a procedure by id.

    Args:
        procedure_id: The id of the procedure.

    Returns:
        The procedure specified by the id.
    """
    # TODO: temp implementation until a dedicated get endpoint
    procedures = self._session.make_request(
        "POST",
        path="/api/v1/query",
        json={"query": [{"_name": "getProcedure", "idOrName": procedure_id}]},
    )
    try:
        return procedures[0]
    except IndexError:
        raise TheHiveError("404 - Procedure not found")

profile

ProfileEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
create(profile)
Source code in thehive4py/endpoints/profile.py 
12
13
def create(self, profile: InputProfile) -> OutputProfile:
    return self._session.make_request("POST", path="/api/v1/profile", json=profile)
get(profile_id)
Source code in thehive4py/endpoints/profile.py 
15
16
def get(self, profile_id: str) -> OutputProfile:
    return self._session.make_request("GET", path=f"/api/v1/profile/{profile_id}")
delete(profile_id)
Source code in thehive4py/endpoints/profile.py 
18
19
def delete(self, profile_id: str) -> None:
    return self._session.make_request("DELETE", f"/api/v1/profile/{profile_id}")
update(profile_id, fields)
Source code in thehive4py/endpoints/profile.py 
21
22
23
24
def update(self, profile_id: str, fields: InputUpdateProfile) -> None:
    return self._session.make_request(
        "PATCH", f"/api/v1/profile/{profile_id}", json=fields
    )
find(filters=None, sortby=None, paginate=None)
Source code in thehive4py/endpoints/profile.py 
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
def find(
    self,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputProfile]:
    query: QueryExpr = [
        {"_name": "listProfile"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "profiles"},
        json={"query": query},
    )
count(filters=None)
Source code in thehive4py/endpoints/profile.py 
44
45
46
47
48
49
50
51
52
53
54
55
56
def count(self, filters: Optional[FilterExpr] = None) -> int:
    query: QueryExpr = [
        {"_name": "listProfile"},
        *self._build_subquery(filters=filters),
        {"_name": "count"},
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "profile.count"},
        json={"query": query},
    )

query

QueryEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
run(query, exclude_fields=[])
Source code in thehive4py/endpoints/query.py 
 7
 8
 9
10
11
12
13
14
def run(
    self, query: typing.List[dict], exclude_fields: typing.List[str] = []
) -> typing.Any:
    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        json={"query": query, "excludeFields": exclude_fields},
    )

task

TaskEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
create(case_id, task)

Create a task.

Parameters:

Name Type Description Default
case_id str

The id of the case to create the task for.

 required
task InputTask

The body of the task.

 required

Returns:

Type Description
OutputTask

The created task.
Source code in thehive4py/endpoints/task.py 
19
20
21
22
23
24
25
26
27
28
29
30
31
def create(self, case_id: str, task: InputTask) -> OutputTask:
    """Create a task.

    Args:
        case_id: The id of the case to create the task for.
        task: The body of the task.

    Returns:
        The created task.
    """
    return self._session.make_request(
        "POST", path=f"/api/v1/case/{case_id}/task", json=task
    )
get(task_id)

Get a task by id.

Parameters:

Name Type Description Default
task_id str

The id of the task.

 required

Returns:

Type Description
OutputTask

The task specified by the id.
Source code in thehive4py/endpoints/task.py 
33
34
35
36
37
38
39
40
41
42
def get(self, task_id: str) -> OutputTask:
    """Get a task by id.

    Args:
        task_id: The id of the task.

    Returns:
        The task specified by the id.
    """
    return self._session.make_request("GET", path=f"/api/v1/task/{task_id}")
delete(task_id)

Delete a task.

Parameters:

Name Type Description Default
task_id str

The id of the task.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/task.py 
44
45
46
47
48
49
50
51
52
53
def delete(self, task_id: str) -> None:
    """Delete a task.

    Args:
        task_id: The id of the task.

    Returns:
        N/A
    """
    return self._session.make_request("DELETE", path=f"/api/v1/task/{task_id}")
update(task_id, fields)

Update a task.

Parameters:

Name Type Description Default
task_id str

The id of the task.

 required
fields InputUpdateTask

The fields of the task to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/task.py 
55
56
57
58
59
60
61
62
63
64
65
66
67
def update(self, task_id: str, fields: InputUpdateTask) -> None:
    """Update a task.

    Args:
        task_id: The id of the task.
        fields: The fields of the task to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path=f"/api/v1/task/{task_id}", json=fields
    )
bulk_update(fields)

Update multiple tasks with the same values.

Parameters:

Name Type Description Default
fields InputBulkUpdateTask

The ids and the fields of the tasks to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/task.py 
69
70
71
72
73
74
75
76
77
78
79
80
def bulk_update(self, fields: InputBulkUpdateTask) -> None:
    """Update multiple tasks with the same values.

    Args:
        fields: The ids and the fields of the tasks to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path="/api/v1/task/_bulk", json=fields
    )
get_required_actions(task_id)

Get the required actions per organization for a specific task.

Parameters:

Name Type Description Default
task_id str

The id of the task.

 required

Returns:

Type Description
Dict[str, bool]

A dictionary where the keys are organization ids and the values are
Dict[str, bool]

booleans indicating whether the task is required for that organization.
Source code in thehive4py/endpoints/task.py 
82
83
84
85
86
87
88
89
90
91
92
93
94
def get_required_actions(self, task_id: str) -> Dict[str, bool]:
    """Get the required actions per organization for a specific task.

    Args:
        task_id: The id of the task.

    Returns:
        A dictionary where the keys are organization ids and the values are
        booleans indicating whether the task is required for that organization.
    """
    return self._session.make_request(
        "GET", path=f"/api/v1/task/{task_id}/actionRequired"
    )
set_as_required(task_id, org_id)

Set a task as required.

Parameters:

Name Type Description Default
task_id str

The id of the task.

 required
org_id str

The id of the organization where the task is required.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/task.py 
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
def set_as_required(self, task_id: str, org_id: str) -> None:
    """Set a task as required.

    Args:
        task_id: The id of the task.
        org_id: The id of the organization where the task is required.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PUT", f"/api/v1/task/{task_id}/actionRequired/{org_id}"
    )
set_as_done(task_id, org_id)

Set a task as done. Args: task_id: The id of the task. org_id: The id of the organization where the task is done. Returns: N/A

Source code in thehive4py/endpoints/task.py 
110
111
112
113
114
115
116
117
118
119
120
def set_as_done(self, task_id: str, org_id: str) -> None:
    """Set a task as done.
    Args:
        task_id: The id of the task.
        org_id: The id of the organization where the task is done.
    Returns:
        N/A
    """
    return self._session.make_request(
        "PUT", f"/api/v1/task/{task_id}/actionDone/{org_id}"
    )
list_shares(task_id)

List the shares of a task.

Parameters:

Name Type Description Default
task_id str

The id of the task.

 required

Returns:

Type Description
List[OutputShare]

A list of shares associated with the task.
Source code in thehive4py/endpoints/task.py 
122
123
124
125
126
127
128
129
130
131
def list_shares(self, task_id: str) -> List[OutputShare]:
    """List the shares of a task.

    Args:
        task_id: The id of the task.

    Returns:
        A list of shares associated with the task.
    """
    return self._session.make_request("GET", f"/api/v1/task/{task_id}/shares")
share(task_id, organisations)

Share the task with other organisations.

The case that owns the observable must already be shared with the target organisations.

Parameters:

Name Type Description Default
task_id str

The id of the task to share.

 required
organisations List[str]

The list of organisation ids or names.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/task.py 
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
def share(self, task_id: str, organisations: List[str]) -> None:
    """Share the task with other organisations.

    The case that owns the observable must already be shared with the
    target organisations.

    Args:
        task_id: The id of the task to share.
        organisations: The list of organisation ids or names.

    Returns:
        N/A
    """
    return self._session.make_request(
        "POST",
        f"/api/v1/task/{task_id}/shares",
        json={"organisations": organisations},
    )
unshare(task_id, organisations)

Unshare the task with other organisations.

Parameters:

Name Type Description Default
task_id str

The id of the task to unshare.

 required
organisations List[str]

The list of organisation ids or names.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/task.py 
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
def unshare(self, task_id: str, organisations: List[str]) -> None:
    """Unshare the task with other organisations.

    Args:
        task_id: The id of the task to unshare.
        organisations: The list of organisation ids or names.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE",
        f"/api/v1/task/{task_id}/shares",
        json={"organisations": organisations},
    )
find(filters=None, sortby=None, paginate=None)

Find multiple tasks.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination expression to apply in the query.

 None

Returns:

Type Description
List[OutputTask]

The list of tasks matched by the query or an empty list.
Source code in thehive4py/endpoints/task.py 
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
def find(
    self,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputTask]:
    """Find multiple tasks.

    Args:
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination expression to apply in the query.

    Returns:
        The list of tasks matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "listTask"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "tasks"},
        json={"query": query},
    )
count(filters=None)

Count tasks.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None

Returns:

Type Description
int

The count of tasks matched by the query.
Source code in thehive4py/endpoints/task.py 
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
def count(self, filters: Optional[FilterExpr] = None) -> int:
    """Count tasks.

    Args:
        filters: The filter expressions to apply in the query.

    Returns:
        The count of tasks matched by the query.
    """
    query: QueryExpr = [
        {"_name": "listTask"},
        *self._build_subquery(filters=filters),
        {"_name": "count"},
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "task.count"},
        json={"query": query},
    )
create_log(task_id, task_log)

Create a task log.

Parameters:

Name Type Description Default
task_id str

The id of the task to create the log for.

 required
task_log InputTaskLog

The body of the task log.

 required

Returns: The created task log.

Source code in thehive4py/endpoints/task.py 
218
219
220
221
222
223
224
225
226
227
228
229
def create_log(self, task_id: str, task_log: InputTaskLog) -> OutputTaskLog:
    """Create a task log.

    Args:
        task_id: The id of the task to create the log for.
        task_log: The body of the task log.
    Returns:
        The created task log.
    """
    return self._session.make_request(
        "POST", path=f"/api/v1/task/{task_id}/log", json=task_log
    )
find_logs(task_id, filters=None, sortby=None, paginate=None)

Find task logs.

Parameters:

Name Type Description Default
task_id str

The id of the task to find logs for.

 required
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination expression to apply in the query.

 None

Returns:

Type Description
List[OutputTaskLog]

The list of task logs matched by the query or an empty list.
Source code in thehive4py/endpoints/task.py 
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
def find_logs(
    self,
    task_id: str,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputTaskLog]:
    """Find task logs.

    Args:
        task_id: The id of the task to find logs for.
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination expression to apply in the query.

    Returns:
        The list of task logs matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "getTask", "idOrName": task_id},
        {"_name": "logs"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "case-task-logs"},
        json={"query": query},
    )

task_log

TaskLogEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
create(task_id, task_log)

Create a task log.

Parameters:

Name Type Description Default
task_id str

The id of the task to create the log in.

 required
task_log InputTaskLog

The body of the task log.

 required

Returns:

Type Description
OutputTaskLog

The created task_log.
Source code in thehive4py/endpoints/task_log.py 
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
def create(
    self,
    task_id: str,
    task_log: InputTaskLog,
) -> OutputTaskLog:
    """Create a task log.

    Args:
        task_id: The id of the task to create the log in.
        task_log: The body of the task log.

    Returns:
        The created task_log.
    """
    if "attachments" in task_log:
        files: List[tuple] = [
            ("attachments", self._fileinfo_from_filepath(attachment_path))
            for attachment_path in task_log["attachments"]
        ]
        files.append(("_json", jsonlib.dumps(task_log)))
        kwargs: dict = {"files": files}
    else:
        kwargs = {"json": task_log}
    return self._session.make_request(
        "POST", path=f"/api/v1/task/{task_id}/log", **kwargs
    )
delete(task_log_id)

Delete a task log.

Parameters:

Name Type Description Default
task_log_id str

The id of the task log.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/task_log.py 
38
39
40
41
42
43
44
45
46
47
def delete(self, task_log_id: str) -> None:
    """Delete a task log.

    Args:
        task_log_id: The id of the task log.

    Returns:
        N/A
    """
    return self._session.make_request("DELETE", path=f"/api/v1/log/{task_log_id}")
update(task_log_id, fields)

Update a task log.

Parameters:

Name Type Description Default
task_log_id str

The id of the task log.

 required
fields InputUpdateTaskLog

The fields of the task log to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/task_log.py 
49
50
51
52
53
54
55
56
57
58
59
60
61
def update(self, task_log_id: str, fields: InputUpdateTaskLog) -> None:
    """Update a task log.

    Args:
        task_log_id: The id of the task log.
        fields: The fields of the task log to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path=f"/api/v1/log/{task_log_id}", json=fields
    )
add_attachment(task_log_id, attachment_paths)

Add attachments to a task log.

Parameters:

Name Type Description Default
task_log_id str

The id of the task log.

 required
attachment_paths List[str]

List of paths to the attachments to create.

 required

Returns:

Type Description
None

The created task log attachments.
Source code in thehive4py/endpoints/task_log.py 
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
def add_attachment(self, task_log_id: str, attachment_paths: List[str]) -> None:
    """Add attachments to a task log.

    Args:
        task_log_id: The id of the task log.
        attachment_paths: List of paths to the attachments to create.

    Returns:
        The created task log attachments.
    """
    files = [
        ("attachments", self._fileinfo_from_filepath(attachment_path))
        for attachment_path in attachment_paths
    ]
    return self._session.make_request(
        "POST", f"/api/v1/log/{task_log_id}/attachments", files=files
    )
add_attachments(task_log_id, attachment_paths)

Add attachments to a task log.

Warning

Deprecated: use task_log.add_attachment instead

Parameters:

Name Type Description Default
task_log_id str

The id of the task log.

 required
attachment_paths List[str]

List of paths to the attachments to create.

 required

Returns:

Type Description
None

The created task log attachments.
Source code in thehive4py/endpoints/task_log.py 
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
def add_attachments(self, task_log_id: str, attachment_paths: List[str]) -> None:
    """Add attachments to a task log.

    !!! warning
        Deprecated: use [task_log.add_attachment]
        [thehive4py.endpoints.task_log.TaskLogEndpoint.add_attachment]
        instead

    Args:
        task_log_id: The id of the task log.
        attachment_paths: List of paths to the attachments to create.

    Returns:
        The created task log attachments.
    """
    warnings.warn(
        message=("Deprecated: use the task_log.add_attachment method instead"),
        category=DeprecationWarning,
        stacklevel=2,
    )
    files = [
        ("attachments", self._fileinfo_from_filepath(attachment_path))
        for attachment_path in attachment_paths
    ]
    return self._session.make_request(
        "POST", f"/api/v1/log/{task_log_id}/attachments", files=files
    )
delete_attachment(task_log_id, attachment_id)

Delete a task log attachment.

Parameters:

Name Type Description Default
task_log_id str

The id of the task log.

 required
attachment_id str

The id of the task log attachment.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/task_log.py 
109
110
111
112
113
114
115
116
117
118
119
120
121
def delete_attachment(self, task_log_id: str, attachment_id: str) -> None:
    """Delete a task log attachment.

    Args:
        task_log_id: The id of the task log.
        attachment_id: The id of the task log attachment.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE", f"/api/v1/log/{task_log_id}/attachments/{attachment_id}"
    )
get(task_log_id)

Get a task log by id.

Parameters:

Name Type Description Default
task_log_id str

The id of the task log.

 required

Returns:

Type Description
OutputTaskLog

The task log specified by the id.
Source code in thehive4py/endpoints/task_log.py 
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
def get(self, task_log_id: str) -> OutputTaskLog:
    """Get a task log by id.

    Args:
        task_log_id: The id of the task log.

    Returns:
        The task log specified by the id.
    """
    # TODO: temp implementation until a dedicated get endpoint [if ever ;)]
    logs = self._session.make_request(
        "POST",
        path="/api/v1/query",
        json={"query": [{"_name": "getLog", "idOrName": task_log_id}]},
    )

    try:
        return logs[0]
    except IndexError:
        raise TheHiveError("404 - Task Log Not Found")

timeline

TimelineEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
get(case_id)
Source code in thehive4py/endpoints/timeline.py 
11
12
def get(self, case_id: str) -> OutputTimeline:
    return self._session.make_request("GET", f"/api/v1/case/{case_id}/timeline")
create_event(case_id, event)
Source code in thehive4py/endpoints/timeline.py 
14
15
16
17
def create_event(self, case_id: str, event: InputCustomEvent) -> OutputCustomEvent:
    return self._session.make_request(
        "POST", path=f"/api/v1/case/{case_id}/customEvent", json=event
    )
delete_event(event_id)
Source code in thehive4py/endpoints/timeline.py 
19
20
21
22
def delete_event(self, event_id: str) -> None:
    return self._session.make_request(
        "DELETE", path=f"/api/v1/customEvent/{event_id}"
    )
update_event(event_id, fields)
Source code in thehive4py/endpoints/timeline.py 
24
25
26
27
def update_event(self, event_id: str, fields: InputUpdateCustomEvent) -> None:
    return self._session.make_request(
        "PATCH", path=f"/api/v1/customEvent/{event_id}", json=fields
    )

user

UserEndpoint(session)

Bases: EndpointBase

Source code in thehive4py/endpoints/_base.py 
15
16
def __init__(self, session: TheHiveSession):
    self._session = session
get_current()

Get the current session's user.

Returns:

Type Description
OutputUser

The current session user.
Source code in thehive4py/endpoints/user.py 
19
20
21
22
23
24
25
def get_current(self) -> OutputUser:
    """Get the current session's user.

    Returns:
        The current session user.
    """
    return self._session.make_request("GET", path="/api/v1/user/current")
create(user)

Create a user.

Parameters:

Name Type Description Default
user InputUser

The body of the user.

 required

Returns:

Type Description
OutputUser

The created user.
Source code in thehive4py/endpoints/user.py 
27
28
29
30
31
32
33
34
35
36
def create(self, user: InputUser) -> OutputUser:
    """Create a user.

    Args:
        user: The body of the user.

    Returns:
        The created user.
    """
    return self._session.make_request("POST", path="/api/v1/user", json=user)
get(user_id)

Get a user by id.

Parameters:

Name Type Description Default
user_id str

The id of the user.

 required

Returns:

Type Description
OutputUser

The user specified by the id.
Source code in thehive4py/endpoints/user.py 
38
39
40
41
42
43
44
45
46
47
def get(self, user_id: str) -> OutputUser:
    """Get a user by id.

    Args:
        user_id: The id of the user.

    Returns:
        The user specified by the id.
    """
    return self._session.make_request("GET", path=f"/api/v1/user/{user_id}")
lock(user_id)

Lock a user.

Warning

Deprecated: use the generic user.update method to set the locked field to True

Parameters:

Name Type Description Default
user_id str

The id of the user.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/user.py 
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
def lock(self, user_id: str) -> None:
    """Lock a user.

    !!! warning
        Deprecated: use the generic [user.update]
        [thehive4py.endpoints.user.UserEndpoint.update] method
        to set the `locked` field to `True`

    Args:
        user_id: The id of the user.

    Returns:
        N/A
    """
    warnings.warn(
        message=(
            "Deprecated: use the generic user.update method to "
            "set the `locked` field to True"
        ),
        category=DeprecationWarning,
        stacklevel=2,
    )
    return self.update(user_id=user_id, fields={"locked": True})
unlock(user_id)

Unlock a user.

Warning

Deprecated: use the generic user.update method to set the locked field to False

Parameters:

Name Type Description Default
user_id str

The id of the user.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/user.py 
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
def unlock(self, user_id: str) -> None:
    """Unlock a user.

    !!! warning
        Deprecated: use the generic [user.update]
        [thehive4py.endpoints.user.UserEndpoint.update] method
        to set the `locked` field to `False`

    Args:
        user_id: The id of the user.

    Returns:
        N/A
    """
    warnings.warn(
        message=(
            "Deprecated: use the generic user.update method to "
            "set the `locked` field to False"
        ),
        category=DeprecationWarning,
        stacklevel=2,
    )
    return self.update(user_id=user_id, fields={"locked": False})
update(user_id, fields)

Update a user.

Parameters:

Name Type Description Default
user_id str

The id of the user.

 required
fields InputUpdateUser

The fields of the user to update.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/user.py 
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
def update(self, user_id: str, fields: InputUpdateUser) -> None:
    """Update a user.

    Args:
        user_id: The id of the user.
        fields: The fields of the user to update.

    Returns:
        N/A
    """
    return self._session.make_request(
        "PATCH", path=f"/api/v1/user/{user_id}", json=fields
    )
delete(user_id, organisation=None)

Delete a user.

Parameters:

Name Type Description Default
user_id str

The id of the user.

 required
organisation Optional[str]

The organisation from which the user should be deleted.

 None

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/user.py 
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
def delete(self, user_id: str, organisation: Optional[str] = None) -> None:
    """Delete a user.

    Args:
        user_id: The id of the user.
        organisation: The organisation from which the user should be deleted.

    Returns:
        N/A
    """
    return self._session.make_request(
        "DELETE",
        path=f"/api/v1/user/{user_id}/force",
        params={"organisation": organisation},
    )
set_organisations(user_id, organisations)

Set the organisations of a user.

Parameters:

Name Type Description Default
user_id str

The id of the user.

 required
organisations List[InputUserOrganisation]

The list of organisations to set to the user.

 required

Returns:

Type Description
List[OutputUserOrganisation]

The list of the set user organisations.
Source code in thehive4py/endpoints/user.py 
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
def set_organisations(
    self, user_id: str, organisations: List[InputUserOrganisation]
) -> List[OutputUserOrganisation]:
    """Set the organisations of a user.

    Args:
        user_id: The id of the user.
        organisations: The list of organisations to set to the user.

    Returns:
        The list of the set user organisations.
    """
    return self._session.make_request(
        "PUT",
        path=f"/api/v1/user/{user_id}/organisations",
        json={"organisations": organisations},
    )["organisations"]
set_password(user_id, password)

Set the password of a user.

Parameters:

Name Type Description Default
user_id str

The id of the user.

 required
password str

The new password of the user.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/user.py 
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
def set_password(self, user_id: str, password: str) -> None:
    """Set the password of a user.

    Args:
        user_id: The id of the user.
        password: The new password of the user.

    Returns:
        N/A
    """
    return self._session.make_request(
        "POST",
        path=f"/api/v1/user/{user_id}/password/set",
        json={"password": password},
    )
change_password(user_id, password, current_password)

Change the password of a user.

Parameters:

Name Type Description Default
user_id str

The id of the user.

 required
password str

The new password of the user.

 required
current_password str

The old password of the user.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/user.py 
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
def change_password(
    self, user_id: str, password: str, current_password: str
) -> None:
    """Change the password of a user.

    Args:
        user_id: The id of the user.
        password: The new password of the user.
        current_password: The old password of the user.

    Returns:
        N/A
    """
    return self._session.make_request(
        "POST",
        path=f"/api/v1/user/{user_id}/password/change",
        json={"password": password, "currentPassword": current_password},
    )
get_apikey(user_id)

Get the apikey of a user.

Parameters:

Name Type Description Default
user_id str

The id of the user.

 required

Returns:

Type Description
str

The apikey of the user.
Source code in thehive4py/endpoints/user.py 
180
181
182
183
184
185
186
187
188
189
def get_apikey(self, user_id: str) -> str:
    """Get the apikey of a user.

    Args:
        user_id: The id of the user.

    Returns:
        The apikey of the user.
    """
    return self._session.make_request("GET", path=f"/api/v1/user/{user_id}/key")
remove_apikey(user_id)

Remove the apikey of a user.

Parameters:

Name Type Description Default
user_id str

The id of the user.

 required

Returns:

Type Description
None

N/A
Source code in thehive4py/endpoints/user.py 
191
192
193
194
195
196
197
198
199
200
def remove_apikey(self, user_id: str) -> None:
    """Remove the apikey of a user.

    Args:
        user_id: The id of the user.

    Returns:
        N/A
    """
    return self._session.make_request("DELETE", path=f"/api/v1/user/{user_id}/key")
renew_apikey(user_id)

Renew the apikey of a user.

Parameters:

Name Type Description Default
user_id str

The id of the user.

 required

Returns:

Type Description
str

The renewed apikey of the user.
Source code in thehive4py/endpoints/user.py 
202
203
204
205
206
207
208
209
210
211
212
213
def renew_apikey(self, user_id: str) -> str:
    """Renew the apikey of a user.

    Args:
        user_id: The id of the user.

    Returns:
        The renewed apikey of the user.
    """
    return self._session.make_request(
        "POST", path=f"/api/v1/user/{user_id}/key/renew"
    )
find(filters=None, sortby=None, paginate=None)

Find multiple users.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None
sortby Optional[SortExpr]

The sort expressions to apply in the query.

 None
paginate Optional[Paginate]

The pagination experssion to apply in the query.

 None

Returns:

Type Description
List[OutputUser]

The list of users matched by the query or an empty list.
Source code in thehive4py/endpoints/user.py 
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
def find(
    self,
    filters: Optional[FilterExpr] = None,
    sortby: Optional[SortExpr] = None,
    paginate: Optional[Paginate] = None,
) -> List[OutputUser]:
    """Find multiple users.

    Args:
        filters: The filter expressions to apply in the query.
        sortby: The sort expressions to apply in the query.
        paginate: The pagination experssion to apply in the query.

    Returns:
        The list of users matched by the query or an empty list.
    """
    query: QueryExpr = [
        {"_name": "listUser"},
        *self._build_subquery(filters=filters, sortby=sortby, paginate=paginate),
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "users"},
        json={"query": query},
    )
count(filters=None)

Count users.

Parameters:

Name Type Description Default
filters Optional[FilterExpr]

The filter expressions to apply in the query.

 None

Returns:

Type Description
int

The count of users matched by the query.
Source code in thehive4py/endpoints/user.py 
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
def count(self, filters: Optional[FilterExpr] = None) -> int:
    """Count users.

    Args:
        filters: The filter expressions to apply in the query.

    Returns:
        The count of users matched by the query.
    """
    query: QueryExpr = [
        {"_name": "listUser"},
        *self._build_subquery(filters=filters),
        {"_name": "count"},
    ]

    return self._session.make_request(
        "POST",
        path="/api/v1/query",
        params={"name": "cases.count"},
        json={"query": query},
    )