PyFlowintel/examples/cases_sample.py at main · AbstractionsLab/PyFlowintel · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
"""
This example demonstrates case operations with the Flowintel API wrapper
"""
from pyflowintel import PyFlowintel
from pyflowintel.commons.exceptions import PyflowintelConfigurationError
from pyflowintel.commons.utils import pretty_json


def main():
    try:
        flowintel_client = PyFlowintel.from_config()
    except PyflowintelConfigurationError as e:
        print(f"Configuration error: {e}")
        return

    with flowintel_client:
        print("Listing all cases...")
        cases = flowintel_client.cases.list_all()
        print(f"Found {len(cases)} cases")
        pretty_json(cases)

        print("\nCreating a new case...")
        new_case = flowintel_client.cases.create(
            title = "Security Incident Case",
            description = "Investigation created from PyFlowintel",
            time_required = "6h"
        )
        print(f"Created case: {new_case}")

        # Get case details
        case_id = new_case.get("case_id")
        if case_id:
            print(f"\nGetting details for case {case_id}...")
            pretty_json(flowintel_client.cases.search_by_id(case_id))

            print(f"\nUpdating case {case_id}...")
            print(flowintel_client.cases.update(case_id, {"description": "With a modified description", "title": ""}))
            pretty_json(flowintel_client.cases.search_by_id(case_id))

            print(f"\nDeleting case {case_id}...")
            print(flowintel_client.cases.delete(case_id))


if __name__ == "__main__":
    main()