Skip to content

ADT

psengine.enrich.lookup

EnrichedCompany

Bases: BaseEnrichedEntity

Company Enriched by /v2/company/{id} and /v2/company/by_domain/{domain} endpoint. Inherit behaviours from BaseEnrichedEntity.

ai_insights class-attribute instance-attribute 

ai_insights: Optional[AIInsights] = Field(
    alias='aiInsights', default=None
)

analyst_notes class-attribute instance-attribute 

analyst_notes: Optional[list[AnalystNote]] = Field(
    alias='analystNotes', default=[]
)

counts class-attribute instance-attribute 

counts: Optional[list[ReferenceCount]] = []

curated class-attribute instance-attribute 

curated: Optional[bool] = None

entity class-attribute instance-attribute 

entity: Optional[IdNameTypeDescription] = None

intel_card class-attribute instance-attribute 

intel_card: Optional[str] = Field(
    alias='intelCard', default=None
)

metrics class-attribute instance-attribute 

metrics: Optional[list[Metric]] = []

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

related_entities class-attribute instance-attribute 

related_entities: Optional[list[RelatedEntities]] = Field(
    alias='relatedEntities', default=[]
)

risk class-attribute instance-attribute 

risk: Optional[EntityRisk] = None

risk_mapping class-attribute instance-attribute 

risk_mapping: Optional[list[RiskMapping]] = Field(
    alias='riskMapping', default=None
)

sightings class-attribute instance-attribute 

sightings: Optional[list[Sighting]] = []

threat_list class-attribute instance-attribute 

threat_list: Optional[list[IdNameTypeDescription]] = Field(
    alias='threatLists', default=None
)

timestamps class-attribute instance-attribute 

timestamps: Optional[Timestamps] = None

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

EnrichedDomain

Bases: BaseEnrichedEntity

Domain Enriched by /v2/domain/{domain} endpoint. Inherit behaviours from BaseEnrichedEntity.

ai_insights class-attribute instance-attribute 

ai_insights: Optional[AIInsights] = Field(
    alias='aiInsights', default=None
)

analyst_notes class-attribute instance-attribute 

analyst_notes: Optional[list[AnalystNote]] = Field(
    alias='analystNotes', default=[]
)

counts class-attribute instance-attribute 

counts: Optional[list[ReferenceCount]] = []

enterprise_lists class-attribute instance-attribute 

enterprise_lists: Optional[list[EnterpriseList]] = Field(
    alias='enterpriseLists', default=None
)

entity class-attribute instance-attribute 

entity: Optional[IdNameTypeDescription] = None

intel_card class-attribute instance-attribute 

intel_card: Optional[str] = Field(
    alias='intelCard', default=None
)

links: Optional[Links] = None

metrics class-attribute instance-attribute 

metrics: Optional[list[Metric]] = []

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

related_entities class-attribute instance-attribute 

related_entities: Optional[list[RelatedEntities]] = Field(
    alias='relatedEntities', default=[]
)

risk class-attribute instance-attribute 

risk: Optional[EntityRisk] = None

risk_mapping class-attribute instance-attribute 

risk_mapping: Optional[list[RiskMapping]] = Field(
    alias='riskMapping', default=None
)

sightings class-attribute instance-attribute 

sightings: Optional[list[Sighting]] = []

threat_lists class-attribute instance-attribute 

threat_lists: Optional[list[IdNameTypeDescription]] = Field(
    alias='threatLists', default=None
)

timestamps class-attribute instance-attribute 

timestamps: Optional[Timestamps] = None

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

EnrichedHash

Bases: BaseEnrichedEntity

Hash Enriched by /v2/hash/{hash} endpoint. Inherit behaviours from BaseEnrichedEntity.

ai_insights class-attribute instance-attribute 

ai_insights: Optional[AIInsights] = Field(
    alias='aiInsights', default=None
)

analyst_notes class-attribute instance-attribute 

analyst_notes: Optional[list[AnalystNote]] = Field(
    alias='analystNotes', default=[]
)

counts class-attribute instance-attribute 

counts: Optional[list[ReferenceCount]] = []

enterprise_lists class-attribute instance-attribute 

enterprise_lists: Optional[list[EnterpriseList]] = Field(
    alias='enterpriseLists', default=None
)

entity class-attribute instance-attribute 

entity: Optional[IdNameTypeDescription] = None

file_hashes class-attribute instance-attribute 

file_hashes: Optional[list[str]] = Field(
    alias='fileHashes', default=None
)

hash_algorithm class-attribute instance-attribute 

hash_algorithm: Optional[str] = Field(
    alias='hashAlgorithm', default=None
)

intel_card class-attribute instance-attribute 

intel_card: Optional[str] = Field(
    alias='intelCard', default=None
)

links: Optional[Links] = None

metrics class-attribute instance-attribute 

metrics: Optional[list[Metric]] = []

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

related_entities class-attribute instance-attribute 

related_entities: Optional[list[RelatedEntities]] = Field(
    alias='relatedEntities', default=[]
)

risk class-attribute instance-attribute 

risk: Optional[EntityRisk] = None

risk_mapping class-attribute instance-attribute 

risk_mapping: Optional[list[RiskMapping]] = Field(
    alias='riskMapping', default=None
)

sightings class-attribute instance-attribute 

sightings: Optional[list[Sighting]] = []

threat_list class-attribute instance-attribute 

threat_list: Optional[list[IdNameTypeDescription]] = Field(
    alias='threatLists', default=None
)

timestamps class-attribute instance-attribute 

timestamps: Optional[Timestamps] = None

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

EnrichedIP

Bases: BaseEnrichedEntity

IP Enriched by /v2/ip/{ip} endpoint. Inherit behaviours from BaseEnrichedEntity.

ai_insights class-attribute instance-attribute 

ai_insights: Optional[AIInsights] = Field(
    alias='aiInsights', default=None
)

analyst_notes class-attribute instance-attribute 

analyst_notes: Optional[list[AnalystNote]] = Field(
    alias='analystNotes', default=[]
)

counts class-attribute instance-attribute 

counts: Optional[list[ReferenceCount]] = []

dns_port_cert class-attribute instance-attribute 

dns_port_cert: Optional[DnsPortCert] = Field(
    alias='dnsPortCert', default=None
)

enterprise_lists class-attribute instance-attribute 

enterprise_lists: Optional[list[EnterpriseList]] = Field(
    alias='enterpriseLists', default=None
)

entity class-attribute instance-attribute 

entity: Optional[IdNameTypeDescription] = None

intel_card class-attribute instance-attribute 

intel_card: Optional[str] = Field(
    alias='intelCard', default=None
)

links: Optional[Links] = None

location class-attribute instance-attribute 

location: Optional[IPLocation] = None

metrics class-attribute instance-attribute 

metrics: Optional[list[Metric]] = []

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

related_entities class-attribute instance-attribute 

related_entities: Optional[list[RelatedEntities]] = Field(
    alias='relatedEntities', default=[]
)

risk class-attribute instance-attribute 

risk: Optional[EntityRisk] = None

risk_mapping class-attribute instance-attribute 

risk_mapping: Optional[list[RiskMapping]] = Field(
    alias='riskMapping', default=None
)

risky_cidr_ips class-attribute instance-attribute 

risky_cidr_ips: Optional[list[RiskyCIDRPIP]] = Field(
    alias='riskyCIDRIPs', default=None
)

sightings class-attribute instance-attribute 

sightings: Optional[list[Sighting]] = []

threat_list class-attribute instance-attribute 

threat_list: Optional[list[IdNameTypeDescription]] = Field(
    alias='threatLists', default=None
)

timestamps class-attribute instance-attribute 

timestamps: Optional[Timestamps] = None

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

EnrichedMalware

Bases: BaseEnrichedEntity

Malware Enriched by /v2/malware/{id} endpoint. Inherit behaviours from BaseEnrichedEntity.

ai_insights class-attribute instance-attribute 

ai_insights: Optional[AIInsights] = Field(
    alias='aiInsights', default=None
)

analyst_notes class-attribute instance-attribute 

analyst_notes: Optional[list[AnalystNote]] = Field(
    alias='analystNotes', default=[]
)

categories class-attribute instance-attribute 

categories: Optional[list[IdNameType]] = None

counts class-attribute instance-attribute 

counts: Optional[list[ReferenceCount]] = []

entity class-attribute instance-attribute 

entity: Optional[IdNameTypeDescription] = None

intel_card class-attribute instance-attribute 

intel_card: Optional[str] = Field(
    alias='intelCard', default=None
)

links: Optional[Links] = None

metrics class-attribute instance-attribute 

metrics: Optional[list[Metric]] = []

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

related_entities class-attribute instance-attribute 

related_entities: Optional[list[RelatedEntities]] = Field(
    alias='relatedEntities', default=[]
)

sightings class-attribute instance-attribute 

sightings: Optional[list[Sighting]] = []

timestamps class-attribute instance-attribute 

timestamps: Optional[Timestamps] = None

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

EnrichedURL

Bases: BaseEnrichedEntity

URL Enriched by /v2/url/{url} endpoint. Inherit behaviours from BaseEnrichedEntity.

ai_insights class-attribute instance-attribute 

ai_insights: Optional[AIInsights] = Field(
    alias='aiInsights', default=None
)

analyst_notes class-attribute instance-attribute 

analyst_notes: Optional[list[AnalystNote]] = Field(
    alias='analystNotes', default=[]
)

counts class-attribute instance-attribute 

counts: Optional[list[ReferenceCount]] = []

enterprise_lists class-attribute instance-attribute 

enterprise_lists: Optional[list[EnterpriseList]] = Field(
    alias='enterpriseLists', default=None
)

entity class-attribute instance-attribute 

entity: Optional[IdNameTypeDescription] = None

intel_card class-attribute instance-attribute 

intel_card: Optional[str] = Field(
    alias='intelCard', default=None
)

links: Optional[Links] = None

metrics class-attribute instance-attribute 

metrics: Optional[list[Metric]] = []

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

related_entities class-attribute instance-attribute 

related_entities: Optional[list[RelatedEntities]] = Field(
    alias='relatedEntities', default=[]
)

risk class-attribute instance-attribute 

risk: Optional[EntityRisk] = None

risk_mapping class-attribute instance-attribute 

risk_mapping: Optional[list[RiskMapping]] = Field(
    alias='riskMapping', default=None
)

sightings class-attribute instance-attribute 

sightings: Optional[list[Sighting]] = []

timestamps class-attribute instance-attribute 

timestamps: Optional[Timestamps] = None

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

EnrichedVulnerability

Bases: BaseEnrichedEntity

Vulnerability Enriched by /v2/vulnerability/{cve} endpoint. Inherit behaviours from BaseEnrichedEntity.

ai_insights class-attribute instance-attribute 

ai_insights: Optional[AIInsights] = Field(
    alias='aiInsights', default=None
)

analyst_notes class-attribute instance-attribute 

analyst_notes: Optional[list[AnalystNote]] = Field(
    alias='analystNotes', default=[]
)

common_names class-attribute instance-attribute 

common_names: Optional[list[str]] = Field(
    alias='commonNames', default=None
)

counts class-attribute instance-attribute 

counts: Optional[list[ReferenceCount]] = []

cpe class-attribute instance-attribute 

cpe: Optional[list[str]] = None

cpe_22_uri class-attribute instance-attribute 

cpe_22_uri: Optional[list[str]] = Field(
    alias='cpe22uri', default=None
)

cvss class-attribute instance-attribute 

cvss: Optional[CVSS] = None

cvss_ratings class-attribute instance-attribute 

cvss_ratings: list[CVSSRating] = Field(
    alias='cvssRatings', default=None
)

cvssv3 class-attribute instance-attribute 

cvssv3: Optional[CVSSV3] = None

enterprise_lists class-attribute instance-attribute 

enterprise_lists: Optional[list[EnterpriseList]] = Field(
    alias='enterpriseLists', default=None
)

entity class-attribute instance-attribute 

entity: Optional[IdNameTypeDescription] = None

intel_card class-attribute instance-attribute 

intel_card: Optional[str] = Field(
    alias='intelCard', default=None
)

lifecycle_stage class-attribute instance-attribute 

lifecycle_stage: Optional[str] = Field(
    alias='lifecycleStage', default=None
)

linked_malware class-attribute instance-attribute 

linked_malware: Optional[LinkedMalware] = Field(
    alias='linkedMalware', default=None
)

links: Optional[Links] = None

metrics class-attribute instance-attribute 

metrics: Optional[list[Metric]] = []

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

nvd_description class-attribute instance-attribute 

nvd_description: Optional[str] = Field(
    alias='nvdDescription', default=None
)

nvd_references class-attribute instance-attribute 

nvd_references: Optional[list[NvdReference]] = Field(
    alias='nvdReferences', default=None
)

raw_risk class-attribute instance-attribute 

raw_risk: Optional[list[RawRisk]] = Field(
    alias='rawrisk', default=None
)

related_entities class-attribute instance-attribute 

related_entities: Optional[list[RelatedEntities]] = Field(
    alias='relatedEntities', default=[]
)

related_links: Optional[list[str]] = Field(
    alias='relatedLinks', default=None
)

risk class-attribute instance-attribute 

risk: Optional[EntityRisk] = None

risk_mapping class-attribute instance-attribute 

risk_mapping: Optional[list[RiskMapping]] = Field(
    alias='riskMapping', default=None
)

sightings class-attribute instance-attribute 

sightings: Optional[list[Sighting]] = []

threat_list class-attribute instance-attribute 

threat_list: Optional[list[IdNameTypeDescription]] = Field(
    alias='threatLists', default=None
)

timestamps class-attribute instance-attribute 

timestamps: Optional[Timestamps] = None

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)

EnrichmentData

Bases: RFBaseModel

Model for the custom return of IOC lookups.

This class supports hashing, equality comparison, string representation, and total ordering of EnrichmentData instances based on their content.

Hashing

Returns a hash value based on the content's attributes.

  • If content is an instance of EnrichedMalware: The hash is calculated using the entity id_ and the last seen timestamp.
  • Else: The hash includes the entity id_, risk score, and the last seen timestamp.
Equality

Checks equality between two EnrichmentData instances based on their content.

  • If content is an instance of EnrichedMalware: Equality is determined by comparing the entity name and the last seen timestamp.
  • Else: Equality is determined by comparing the entity name, last seen timestamp, and risk score.
Greater-than Comparison

Defines a greater-than comparison between EnrichmentData instances based on their content.

  • If content is an instance of EnrichedMalware: Comparison is based on the last seen timestamp and entity name.
  • Else: Comparison is based on the last seen timestamp, entity name, and risk score.
String Representation

__str__ and __repr__ return a formatted string representation of the instance.

  • If content is an instance of EnrichedMalware: Includes class name, entity name, and last seen timestamp.
  • Else: Includes class name, entity name, risk score, and last seen timestamp.
1
2
>>> print(enrichment_data)
EnrichedIP: 1.1.1.1, Risk Score: 85, Last Seen: 2024-05-21 01:30:00PM
Total ordering

The ordering of EnrichmentData instances is determined by the content's last seen timestamp.

  • If content is an instance of EnrichedMalware: If two instances have the same last seen timestamp, their entity name is used as a secondary criterion.
  • Else: If two instances have the same last seen timestamp, their entity name and risk score are used as secondary criteria.

content instance-attribute 

content: Union[str, _EnrichmentObjectType]

entity instance-attribute 

entity: str

entity_type instance-attribute 

entity_type: Optional[str]

is_enriched instance-attribute 

is_enriched: bool

model_config class-attribute instance-attribute 

model_config = ConfigDict(
    extra=get('RF_MODEL_EXTRA', 'ignore')
)

__eq__ 

__eq__(other: EnrichmentData)
Source code in psengine/enrich/lookup.py 
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
def __eq__(self, other: 'EnrichmentData'):
    if isinstance(self.content, EnrichedMalware):
        return (
            self.content.entity.name,
            self.content.timestamps.last_seen,
        ) == (
            other.content.entity.name,
            other.content.timestamps.last_seen,
        )
    if isinstance(self.content, str):
        return self.entity == other.entity
    return (
        self.content.risk.score,
        self.content.entity.name,
        self.content.timestamps.last_seen,
    ) == (
        other.content.risk.score,
        other.content.entity.name,
        other.content.timestamps.last_seen,
    )

__gt__ 

__gt__(other: EnrichmentData)
Source code in psengine/enrich/lookup.py 
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
def __gt__(self, other: 'EnrichmentData'):
    if isinstance(self.content, EnrichedMalware):
        return (
            self.content.timestamps.last_seen,
            self.content.entity.name,
        ) > (
            other.content.timestamps.last_seen,
            other.content.entity.name,
        )
    if isinstance(self.content, str):
        return self.entity > other.entity
    return (
        self.content.risk.score,
        self.content.timestamps.last_seen,
        self.content.entity.name,
    ) > (
        other.content.risk.score,
        other.content.timestamps.last_seen,
        other.content.entity.name,
    )

__hash__ 

__hash__()
Source code in psengine/enrich/lookup.py 
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
def __hash__(self):
    if isinstance(self.content, EnrichedMalware):
        return hash(
            (
                self.content.entity.id_,
                self.content.timestamps.last_seen,
            )
        )
    if isinstance(self.content, str):
        return hash(self.entity)

    return hash(
        (
            self.content.entity.id_,
            self.content.risk.score,
            self.content.timestamps.last_seen,
        )
    )

__repr__ 

__repr__()
Source code in psengine/enrich/lookup.py 
281
282
283
284
285
286
287
288
289
290
291
292
293
def __repr__(self):
    if isinstance(self.content, EnrichedMalware):
        return (
            f'{self.content.__class__.__name__}: {self.content.entity.name}, '
            f'Last Seen: {self.content.timestamps.last_seen.strftime(TIMESTAMP_STR)}'
        )
    if isinstance(self.content, str):
        return f'{self.entity}: {self.content}'
    return (
        f'{self.content.__class__.__name__}: {self.content.entity.name}, '
        f'Risk Score: {self.content.risk.score}, '
        f'Last Seen: {self.content.timestamps.last_seen.strftime(TIMESTAMP_STR)}'
    )

__str__ 

__str__()
Source code in psengine/enrich/lookup.py 
267
268
269
270
271
272
273
274
275
276
277
278
279
def __str__(self):
    if isinstance(self.content, EnrichedMalware):
        return (
            f'{self.content.__class__.__name__}: {self.content.entity.name}, '
            f'Last Seen: {self.content.timestamps.last_seen.strftime(TIMESTAMP_STR)}'
        )
    if isinstance(self.content, str):
        return f'{self.entity}: {self.content}'
    return (
        f'{self.content.__class__.__name__}: {self.content.entity.name}, '
        f'Risk Score: {self.content.risk.score}, '
        f'Last Seen: {self.content.timestamps.last_seen.strftime(TIMESTAMP_STR)}'
    )

json 

json(
    by_alias: bool = True,
    exclude_none: bool = True,
    auto_exclude_unset: bool = True,
    **kwargs,
)

JSON representation of models. It is inherited by every model.

PARAMETER DESCRIPTION
by_alias

Alias flag:

  • If True, writes fields with their API alias (e.g., IpAddress)
  • If False uses the Python attribute name alias.

TYPE: bool DEFAULT: True

exclude_none

Whether to exclude fields equal to None.

TYPE: bool DEFAULT: True

auto_exclude_unset

Whether to auto exclude values not set.

  • If True, uses RF_EXTRA_MODEL config to decide inclusion of unmapped fields.
  • If False, you must specify exclude_unset manually.

TYPE: bool DEFAULT: True

Source code in psengine/common_models.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
def json(
    self,
    by_alias: Annotated[
        bool,
        Doc(
            """
            Alias flag:

            - If `True`, writes fields with their API alias (e.g., `IpAddress`)
            - If `False` uses the Python attribute name alias.
            """
        ),
    ] = True,
    exclude_none: Annotated[bool, Doc('Whether to exclude fields equal to None.')] = True,
    auto_exclude_unset: Annotated[
        bool,
        Doc("""
            Whether to auto exclude values not set.

            - If `True`, uses `RF_EXTRA_MODEL` config to decide inclusion of unmapped fields.
            - If `False`, you must specify `exclude_unset` manually.
            """),
    ] = True,
    **kwargs,
):
    """JSON representation of models. It is inherited by every model."""
    if not auto_exclude_unset and kwargs.get('exclude_unset') is None:
        raise ValueError('`auto_exclude_unset` is False, `exclude_unset has to be provided`')

    exclude_unset = (
        bool(self.model_config['extra'] != 'allow')
        if auto_exclude_unset
        else kwargs['exclude_unset']
    )
    kwargs['exclude_unset'] = exclude_unset
    return self.model_dump(mode='json', by_alias=by_alias, exclude_none=exclude_none, **kwargs)