Skip to content

ADT

psengine.collective_insights.insight

Insight

Bases: RFBaseModel

Validate a single insight.

This class supports hashing, equality comparison, string representation, and total ordering of Insight instances.

Hashing

Returns a hash value based on the IOC value.

Equality

Checks equality between two Insight instances based on their IOC value and timestamp.

Greater-than Comparison

Defines a greater-than comparison between two Insight instances based on their timestamp and IOC value.

String Representation

Returns a string representation of the Insight instance including the IOC value, timestamp, and detection type.

1
2
>>> print(insight)
IOC: mal_dom.com, Timestamp: 2024-05-21 10:42:30AM, Detection Type: sandbox
Total ordering

Ordering of Insight instances is determined primarily by the timestamp. If two instances have the same timestamp, their IOC value is used as a secondary criterion.

detection instance-attribute 

detection: RequestDetection

incident class-attribute instance-attribute 

incident: Optional[IdNameType] = None

ioc instance-attribute 

ioc: RequestIOC

malwares class-attribute instance-attribute 

malwares: Optional[list[str]] = None

mitre_codes class-attribute instance-attribute 

mitre_codes: Optional[list[str]] = None

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

timestamp instance-attribute 

timestamp: datetime

__eq__ 

__eq__(other: Insight)
Source code in psengine/collective_insights/insight.py 
69
70
def __eq__(self, other: 'Insight'):
    return (self.ioc.value, self.timestamp) == (other.ioc.value, other.timestamp)

__gt__ 

__gt__(other: Insight)
Source code in psengine/collective_insights/insight.py 
72
73
def __gt__(self, other: 'Insight'):
    return (self.timestamp, self.ioc.value) > (other.timestamp, other.ioc.value)

__hash__ 

__hash__()
Source code in psengine/collective_insights/insight.py 
66
67
def __hash__(self):
    return hash(self.ioc.value)

__str__ 

__str__()
Source code in psengine/collective_insights/insight.py 
75
76
77
78
79
def __str__(self):
    return (
        f'IOC: {self.ioc.value}, Timestamp: {self.timestamp.strftime(TIMESTAMP_STR)}, '
        f'Detection Type: {self.detection.type_}'
    )

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

InsightsIn

Bases: RFBaseModel

Validate data received from CI.

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

result instance-attribute 

result: SubmissionResult

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

InsightsOut

Bases: RFBaseModel

Validate data sent to CI.

data instance-attribute 

data: list[Insight]

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

options class-attribute instance-attribute 

options: Optional[RequestOptions] = None

organization_ids class-attribute instance-attribute 

organization_ids: Optional[list[str]] = None

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)