Skip to content

ADT

psengine.analyst_notes.note

AnalystNote

Bases: RFBaseModel

Validate data received from the /search and /analystnote/{note} endpoints.

This class supports hashing, equality comparison, string representation, and total ordering of AnalystNote instances.

Hashing

Returns a hash value based on the note id_.

Equality

Checks equality between two AnalystNote instances based on the id_ and published time.

Greater-than Comparison

Defines a greater-than comparison between two AnalystNote instances based on the published time and the id_.

String Representation

Returns a string representation of the AnalystNote instance including the id_, title, and published timestamp.

1
2
>>> print(analyst_note)
Analyst Note ID: 12345, Title: Cyber Vuln, Published: 2024-05-21 10:42:30AM
Ordering

The ordering of AnalystNote instances is determined primarily by the published timestamp. If two instances have the same published timestamp, the note id_ is used as a secondary criterion.

attributes instance-attribute 

attributes: Attributes

detection_rule_type property 

detection_rule_type: Optional[str]

Returns the attachment type if present, else None. It checks for specific types like sigma rule, yara rule, and snort rule in the topics of the note.

external_id class-attribute instance-attribute 

external_id: Optional[str] = None

id_ class-attribute instance-attribute 

id_: str = Field(alias='id')

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

portal_url property 

portal_url: str

Get the link to portal.

source instance-attribute 

source: IdNameTypeDescription

__eq__ 

__eq__(other: AnalystNote)
Source code in psengine/analyst_notes/note.py 
68
69
def __eq__(self, other: 'AnalystNote'):
    return (self.id_, self.attributes.published) == (other.id_, other.attributes.published)

__gt__ 

__gt__(other: AnalystNote)
Source code in psengine/analyst_notes/note.py 
71
72
def __gt__(self, other: 'AnalystNote'):
    return (self.attributes.published, self.id_) > (other.attributes.published, other.id_)

__hash__ 

__hash__()
Source code in psengine/analyst_notes/note.py 
65
66
def __hash__(self):
    return hash((self.id_, self.attributes.published))

__str__ 

__str__()
Source code in psengine/analyst_notes/note.py 
74
75
76
77
78
def __str__(self):
    return (
        f'Analyst Note ID: {self.id_}, Title: {self.attributes.title}, '
        f'Published: {self.attributes.published.strftime(TIMESTAMP_STR)}'
    )

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

markdown 

markdown(
    extract_entities: bool = True,
    diamond_model: bool = True,
    html_tags: bool = False,
    defang_malicious_infrastructure: bool = False,
    character_limit: Optional[int] = None,
) -> str

Return the markdown representation of the note.

PARAMETER DESCRIPTION
extract_entities

Extract and include entities in the markdown.

TYPE: bool DEFAULT: True

diamond_model

Include a diamond model visualization.

TYPE: bool DEFAULT: True

html_tags

Include HTML tags in the output.

TYPE: bool DEFAULT: False

defang_malicious_infrastructure

Defang URLs or other malicious indicators.

TYPE: bool DEFAULT: False

character_limit

Limit the output to a specified number of characters.

TYPE: Optional[int] DEFAULT: None

RETURNS DESCRIPTION
str

The generated markdown string.
Source code in psengine/analyst_notes/note.py 
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
def markdown(
    self,
    extract_entities: Annotated[
        bool, Doc('Extract and include entities in the markdown.')
    ] = True,
    diamond_model: Annotated[bool, Doc('Include a diamond model visualization.')] = True,
    html_tags: Annotated[bool, Doc('Include HTML tags in the output.')] = False,
    defang_malicious_infrastructure: Annotated[
        bool, Doc('Defang URLs or other malicious indicators.')
    ] = False,
    character_limit: Annotated[
        Optional[int],
        Doc('Limit the output to a specified number of characters.'),
    ] = None,
) -> Annotated[str, Doc('The generated markdown string.')]:
    """Return the markdown representation of the note."""
    return _markdown(
        self,
        extract_entities=extract_entities,
        diamond_model=diamond_model,
        html_tags=html_tags,
        defang_malicious_infrastructure=defang_malicious_infrastructure,
        character_limit=character_limit,
    )

AnalystNotePreviewIn

Bases: RFBaseModel

Validate data sent to /preview endpoint.

attributes instance-attribute 

attributes: PreviewAttributesIn

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

serialization class-attribute instance-attribute 

serialization: str = 'full'

source instance-attribute 

source: Optional[str]

tagged_text class-attribute instance-attribute 

tagged_text: bool = False

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

AnalystNotePreviewOut

Bases: RFBaseModel

Validate data received from /preview endpoint.

attributes instance-attribute 

attributes: PreviewAttributesOut

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

source instance-attribute 

source: IdNameTypeDescription

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

AnalystNotePublishIn

Bases: AnalystNotePreviewIn

Validate data sent to /publish endpoint.

attachment_content_details class-attribute instance-attribute 

attachment_content_details: Optional[RequestAttachment] = (
    None
)

attributes instance-attribute 

attributes: PreviewAttributesIn

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

note_id class-attribute instance-attribute 

note_id: Optional[str] = None

resolve_entities class-attribute instance-attribute 

resolve_entities: bool = True

serialization class-attribute instance-attribute 

serialization: str = 'full'

source class-attribute instance-attribute 

source: Optional[str] = None

tagged_text class-attribute instance-attribute 

tagged_text: bool = False

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

AnalystNotePublishOut

Bases: RFBaseModel

Validate data received from /publish endpoint.

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

note_id instance-attribute 

note_id: str

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

AnalystNoteSearchIn

Bases: RFBaseModel

Validate data sent to /search endpoint.

author class-attribute instance-attribute 

author: Optional[str] = None

entity class-attribute instance-attribute 

entity: Optional[str] = None

from_ class-attribute instance-attribute 

from_: Optional[str] = Field(alias='from', default=None)

label class-attribute instance-attribute 

label: Optional[str] = None

limit class-attribute instance-attribute 

limit: int = NOTES_PER_PAGE

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

published class-attribute instance-attribute 

published: Optional[str] = None

serialization class-attribute instance-attribute 

serialization: str = None

source class-attribute instance-attribute 

source: Optional[str] = None

tagged_text class-attribute instance-attribute 

tagged_text: bool = None

title class-attribute instance-attribute 

title: Optional[str] = None

topic class-attribute instance-attribute 

topic: Union[list[str], str, None] = []

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)