fhightower/threatconnect-python-snippets

The goal of this project is to make snippets such that you can write a useful python script that talks with ThreatConnect's API in less than less than 60 seconds.

As the name implies, you will need access to ThreatConnect's API before these snippets are useful. Additionally, these snippets are designed for use with Sublime Text. If you haven't tried it yet, I strongly encourage you to do so.

If a paradigms isn't worth your time, feel free to jump to the Examples section below (I don't want to shortchange anyone). For the rest, each snippet is constructed as follows:

tc<action><object>

The <action> is usually one letter that represents what we want to do (refer to the Actions section below). The <object> specifies the type of object (refer to the Objects section below for a list of possible objects) to which the aforementioned action will be done. For you language buffs, the <object> is really an indirect object.

List of possible objects coming soon...

• tcrindicators: In this snippet, r is the action (it stands for "retrieve") and indicators are the object. Thus, this snippet provides code to retrieve indicators.
• tcrgroups: In this snippet, r is the action (it stands for "retrieve") and groups are the object. Thus, this snippet provides code to retrieve groups.
• tccindicator: In this snippet, c is the action (it stands for "create") and indicator is the object. Thus, this snippet provides code to create an indicator.
• tclattributes: In this snippet, l is the action (it stands for "load") and attributes are the object. Thus, this snippet provides code to load the attributes for an object.

• tccommit: Generic commit
• tcconfig: TC configuration heading
• tccustomcall: Make a custom API call
• tcdelete: Generic delete
• tcfilter: Add a filter
• tcfilterparam: Add a filter parameter
• tcpostfilter: Add a post filter
• tcretrieve: Generic retrieve
• tctime: Time format for TC's Py SDK (REQUIRES: from datetime import datetime)

• tcradversaries: Retrieve adversaries
• tcrcampaigns: Retrieve campaigns
• tcrdocuments: Retrieve documents
• tcremails: Retrieve emails
• tcrgroups: Retrieve groups (all group types)
• tcrincidents: Retrieve incidents
• tcrsignatures: Retrieve signatures
• tcrthreats: Retrieve threats

• tccadversary: Create adversary
• tcccampaign: Create campaign
• tccdocument: Create document
• tccemail: Create email
• tccincident: Create incident
• tccsignature: Create signature
• tccthreat: Create threat

• tcuadversary: Update adversary
• tcucampaign: Update campaign
• tcudocument: Update document
• tcuemail: Update email
• tcuincident: Update incident
• tcusignature: Update signature
• tcuthreat: Update threat

• tcdadversaries: Delete adversaries
• tcdcampaigns: Delete campaigns
• tcddocuments: Delete documents
• tcdemails: Delete emails
• tcdincidents: Delete incidents
• tcdsignatures: Delete signatures
• tcdthreats: Delete threats

• tcrindicators: Retrieve indicators (all indicator types)

• tcrmaddresses: Retrieve multiple IP addresses
• tcrmemailAddresses: Retrieve multiple email addresses
• tcrmfiles: Retrieve multiple file indicators
• tcrmhosts: Retrieve multiple hosts
• tcrmurls: Retrieve multiple URLs

• tcrsindicator: Retrieve a single indicator

• tccindicator: Create indicator
• tccfileindicator: Create a file indicator

Coming soon...

• tcrtasks: Retrieve tasks

• tcctasks: Create a task

• tcutasks: Update a task

Coming soon...

• tclassocgroups: Retrieve associated groups
• tclassocindicators: Retrieve associated indicators
• tclassocvictims: Retrieve associated victims
• tclassociations: Load associations
• tclattributes: Load attributes
• tclfileoccurrences: Load file occurrences
• tclsecurity_labels: Load security labels
• tcltags: Load tags

• tcaassocgroup: Add an associated group
• tcaassocindicator: Add an associated indicator
• tcaassocvictim: Add an associated victim
• tcaattribute: Add an attribute
• tcaratings: Add threat and confidence ratings
• tcasecuritylabel: Add a security label
• tcatag: Add a tag

Coming soon...

Coming soon...

If you're using Package Control for Sublime Text, simply install the ThreatConnect Python Snippets package.

Alternatively, you can clone this repository directly into your Sublime plugin folder and install the snippets manually as described below:

cd ~/Library/Application Support/Sublime Text 3/Packages
git clone --depth 1 https://.com/fhightower/threatconnect-python-snippets.git

cd ~/.config/sublime-text-3/Packages
git clone --depth 1 https://.com/fhightower/threatconnect-python-snippets.git

cd "%APPDATA%\Sublime Text 3\Packages"
git clone --depth 1 https://.com/fhightower/threatconnect-python-snippets.git

Note: If you are having trouble finding the correct location to install the snippets, refer to the documentation on the subject.

The framework for this package was created from the Sublime Text Snippet Template available here: https://.com/agenoria/sublime-snippet-package-template.

The documentation was automatically generated using the script here: https://.com/fhightower/sublime_snippet_documenter.