Adding Pulsedive as Threat Intel provider (#609)

* Adding Pulsedive as TI provider Coded a module for Pulsedive API * Pulsedive Lookup Notebook * Delete PulsediveLookup.ipynb * Pulsedive Notebook * Delete pulsedive.py * update pulsedive.py Pylint * Adding regular TI provider for pulsedive - pulsedive.py and __init__.py Refactored some code in original class to make it a bit cleaner. Added unit test in test_pulsedive.py Some minor fixes for MyPy and linting errors. Updated notebook for modified API and to describe standard Pulsedive TIProvider use. * Forcing using of main mpconfig-test yaml for Tiprovider tests * Changing absolute to relative msticpy references --------- Co-authored-by: Ian Hellen <ianhelle@microsoft.com>
microsoft · Mar 11, 2023 · 59348cd · 59348cd
1 parent 5674e79
commit 59348cd
Show file tree

Hide file tree

Showing 10 changed files with 1,681 additions and 8 deletions.
diff --git a/docs/notebooks/PulsediveLookup.ipynb b/docs/notebooks/PulsediveLookup.ipynb
diff --git a/msticpy/context/lookup_result.py b/msticpy/context/lookup_result.py
@@ -4,16 +4,20 @@
 # license information.
 # --------------------------------------------------------------------------
 """Lookup Status class."""
-from collections import namedtuple
 from enum import Enum
+from typing import NamedTuple, Optional
 
 from .._version import VERSION
 
 __version__ = VERSION
 __author__ = "Ian Hellen"
 
 
-SanitizedObservable = namedtuple("SanitizedObservable", ["observable", "status"])
+class SanitizedObservable(NamedTuple):
+    """Encoded version of observable."""
+
+    observable: Optional[str]
+    status: Optional[str]
 
 
 class LookupStatus(Enum):

diff --git a/msticpy/context/preprocess_observable.py b/msticpy/context/preprocess_observable.py
@@ -267,7 +267,7 @@ def check(self, value: str, value_type: str, **kwargs) -> SanitizedObservable:
                Otherwise, it has an error message.
 
         """
-        proc_value = value.strip()
+        proc_value: Optional[str] = value.strip()
         result = SanitizedObservable(proc_value, "ok")
         for processor in self._processors.get(value_type, []):
             if processor == self._TYPE_CHECK:

diff --git a/msticpy/context/tiproviders/__init__.py b/msticpy/context/tiproviders/__init__.py
@@ -23,4 +23,5 @@
     "Tor": ("tor_exit_nodes", "Tor"),
     "VirusTotal": ("virustotal", "VirusTotal"),
     "RiskIQ": ("riskiq", "RiskIQ"),
+    "Pulsedive": ("pulsedive", "Pulsedive"),
 }