Skip to content
This repository has been archived by the owner on Oct 10, 2019. It is now read-only.

Commit

Permalink
Merge pull request #54 from automationator/master
Browse files Browse the repository at this point in the history 
Adds support to filter indicators by intel reference value
  • Loading branch information
@automationator
automationator committed Mar 29, 2019
2 parents 5860f7e + fc499c2 commit 0dd9ffb
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
6 changes: 6 additions & 0 deletions services/web/project/api/routes/indicator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -489,6 +489,7 @@ def read_indicators():
:query modified_after: Parsable date or datetime in GMT. Ex: YYYY-MM-DD or YYYY-MM-DD HH:MM:SS
:query modified_before: Parsable date or datetime in GMT. Ex: YYYY-MM-DD or YYYY-MM-DD HH:MM:SS
:query not_sources: Comma-separated list of intel sources to EXCLUDE
:query reference: Intel reference value
:query sources: Comma-separated list of intel sources
:query status: Status value
:query substring: True/False
Expand Down Expand Up @@ -553,6 +554,11 @@ def read_indicators():
for ns in not_sources:
filters.add(~Indicator.references.any(IntelReference.source.has(IntelSource.value == ns)))

# Reference filter (IntelReference)
if 'reference' in request.args:
reference = request.args.get('reference')
filters.add(Indicator.references.any(IntelReference.reference == reference))

# Source filter (IntelReference)
if 'sources' in request.args:
sources = request.args.get('sources').split(',')
Expand Down
7 changes: 7 additions & 0 deletions services/web/project/tests/api/test_indicator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1011,6 +1011,13 @@ def test_read_with_filters(client):
assert len(response['items']) == 1
assert response['items'][0]['value'] == '1.1.1.1'

# Filter by intel reference
request = client.get('/api/indicators?reference=http://blahblah.com')
response = json.loads(request.data.decode())
assert request.status_code == 200
assert len(response['items']) == 1
assert response['items'][0]['value'] == '1.1.1.1'

# Filter by intel source
request = client.get('/api/indicators?sources=OSINT')
response = json.loads(request.data.decode())
Expand Down

0 comments on commit 0dd9ffb

Please sign in to comment.