# 🐍 Python Basics

This notebook will introduce core Python concepts essential for scripting and automation.


## Variables
In Python, variables are used to store data that your program can use and manipulate. Think of a variable as a container that holds information: like a name, a number, or even a list of IP addresses.

Python is a dynamically typed language, which means you don’t need to declare the data type of a variable, Python figures it out automatically.

### Naming Rules
* Variable names are case-sensitive
* Must start with a letter or underscore (_)
* Can include letters, numbers, and underscores
* Should be descriptive for readability

✅ **Valid**:  
```python
ioc_list = []
_threat_actor = "APT28"
```
❌ **Invalid**:
```python
2score = 100       # Starts with a number
is-threat = False  # Hyphens are not allowed
```

**Below example covers the basic data types: `int`, `float`, `str`, `bool`**.

In [None]:
name = "Analyst" # name variable store a string
threat_level = 5 # threat_level is an integer
confidence_score = 87.5 # This stores a float/decimal point
is_malicious = True # Boolean value (True or False)

print(name, threat_level)

### Exercise

* Create a variable to store your name.
* Create another variable to store the current threat score.


In [None]:
# Write your code below


## Container Data Types

Container data types are special types in Python that can hold multiple items (like a group of IP addresses, a list of file hashes, or a mapping of domains to threat scores). They are essential for organizing, storing, and processing collections of data.

1. **list**
* Ordered, changeable, and allows duplicates
* Defined using square brackets []

2. **tuple**
* Ordered, immutable (unchangeable), and allows duplicates
* Defined using parentheses ()

3. **dict** (Dictionary)
* Ordered (since 3.6), changeable, stores key-value pairs
* Defined using curly braces {}

4. **set**
* Unordered, changeable, no duplicate values
* Defined using curly braces {} or the set() function

In [1]:
ioc_list = ["domain.com", "192.168.1.1"]
ioc_tuple = ("hash1", "hash2")
ioc_dict = {"domain": "example.com", "ip": "8.8.8.8"}
ioc_set = {"ioc1", "ioc2"}
print(ioc_list, ioc_tuple, ioc_dict, ioc_set)

['domain.com', '192.168.1.1'] ('hash1', 'hash2') {'domain': 'example.com', 'ip': '8.8.8.8'} {'ioc2', 'ioc1'}


## Text Output & Formatting
In Python, the most common way to display information is using the `print()` function. Formatting helps you make the output readable, organized, and dynamic.

### String Concatenation

* You can join strings using `+`
* Using f-strings

In [2]:
name = "CTI Analyst"
alerts = 4
print(f"{name} handled {alerts} alerts today.")

CTI Analyst handled 4 alerts today.


## Conditional Statements
Conditional statements let your program make decisions and take different actions based on whether a condition is True or False.

Think of them as cybersecurity playbooks:

> “If this alert is critical, then escalate it.”

In [None]:
# if statement
threat_level = "High"

if threat_level == "High":
    print("Escalate to Incident Response Team.")

In [None]:
# if-else statement
is_malicious = True

if is_malicious:
    print("Block the IP.")
else:
    print("Log and monitor.")

In [None]:
# if-elif-else statement
score = 85

if score >= 90:
    print("Severity: Critical")
elif score >= 70:
    print("Severity: High")
elif score >= 50:
    print("Severity: Medium")
else:
    print("Severity: Low")

In [None]:
# match-case statement
threat_type = "ransomware"

match threat_type:
    case "phishing":
        print("Check email headers.")
    case "ransomware":
        print("Isolate infected hosts.")
    case _:
        print("Log and investigate.")

## Loops
Loops help you run a block of code multiple times. In Python, you can either use `for` or `while` loop.

* `for` Loop: Used to iterate over a sequence like a list, string, or range of numbers.
* `while` Loop: Used to repeat a block of code as long as a condition is true.

In Cyber Threat Intelligence, loops can be used to:
* Iterate over lists of IOCs (Indicators of Compromise)
* Process log files
* Scan open ports or IPs
* Automate data parsing

In [None]:
# for loop

iocs = ["192.168.1.10", "malicious.com", "abc123.exe"]

for ioc in iocs:
    print(f"Analyzing IOC: {ioc}")

In [None]:
# while loop

threats_remaining = 3

while threats_remaining > 0:
    print("Investigating threat...")
    threats_remaining -= 1

### break and continue
* `break` exits the loop immediately.
* `continue` skips the current iteration.

In [None]:
iocs = ["192.168.1.10", "malicious.com", "abc123.exe", "127.0.0.1", "endfile.txt", "hello.txt"]

for ioc in iocs:
    if ioc.endswith(".exe"):
        print(f"Skipping file: {ioc}")
        continue
    elif ioc == "endfile.txt":
        print("Need to stop processing the file now")
        break
    print(f"Checking IOC: {ioc}")


## Import Packages
In Python, the import statement is used to bring external code (modules/packages) into your current program. Think of it like plugging in a new tool to your toolbox. You don’t have to reinvent the wheel every time you write code.

Without import, you’d have to manually rewrite all the functionalities for making web requests, parsing files, or doing math — every time!

### Importing Built-in Modules
These come pre-installed with Python as a part of Standard Library. No need to install separately.

In [None]:
import os
import sys
import json

### Importing Third-Party Packages
These are external libraries created by the Python community. To use them, you first install them using pip:

```bash
pip install requests
```

Then import in your Python code:

In [None]:
import requests

response = requests.get("https://api.abuseipdb.com/api/v2/check?ipAddress=8.8.8.8")
print(response.status_code)

## Functions
A function is a reusable block of code that performs a specific task. Instead of repeating the same code again and again, you define it once and call it whenever needed.

### Built-in Functions
Python provides many ready-to-use functions:

In [None]:
print("Hello CTI!")  # outputs text
len("APT29")         # returns length
int("123")           # converts string to int

### Functions from Modules
You can also use functions from imported modules:

In [None]:
import math

print(math.sqrt(25))  # square root

### Writing Your Own Functions
You define a function using the `def` keyword:

In [None]:
def greet_threat_analyst(name):
    print(f"Hello, {name}. Stay alert!")

greet_threat_analyst("Alice")

## Exception Handling
An exception is an error that occurs during the execution of a program. If not handled properly, it can cause your program to crash. Instead of crashing your script, you can gracefully handle these errors using `try` and `except`.

In [None]:
try:
    result = 10 / 0
except ZeroDivisionError as e:
    print("Error occurred:", e)