Code Overview¶
PhishMe Intelligence¶
-
class
core.intelligence.
Malware
(malware)¶ Malware class holds a single PhishMe Intelligence object.
-
class
BlockSet
(block_set)¶ -
malware_family
¶ Parameters: self – Returns:
-
malware_family_description
¶ Returns:
-
watchlist_ioc
¶ Returns:
-
watchlist_ioc_host
¶ Returns:
-
watchlist_ioc_path
¶ Returns:
-
-
class
DomainSet
(domain_set)¶
-
class
ExecutableSet
(executable_set)¶ -
malware_family
¶ Parameters: self – Returns:
-
malware_family_description
¶ Returns:
-
subtype
¶ Parameters: self – Returns:
-
-
class
SenderEmailSet
(sender_email_set)¶
-
class
SenderIPSet
(sender_ip_set)¶
-
class
SpamURLSet
(spam_url_set)¶
-
class
SubjectSet
(subject_set)¶
-
block_set
¶ Returns:
-
brand
¶ Returns:
-
domain_set
¶ Returns:
-
executable_set
¶ Returns:
-
malware_family
¶ Parameters: self – Returns:
-
sender_email_set
¶ Returns:
-
sender_ip_set
¶ Returns:
-
spam_url_set
¶ Returns:
-
subject_set
¶ Returns:
-
class
PhishMe Brand Intelligence¶
Entry point for using this library¶
Copyright 2013-2017 PhishMe, Inc. All rights reserved.
This software is provided by PhishMe, Inc. (“PhishMe”) on an “as is” basis and any express or implied warranties, including but not limited to the implied warranties of merchantability and fitness for a particular purpose, are disclaimed in all aspects. In no event will PhishMe be liable for any direct, indirect, special, incidental or consequential damages relating to the use of this software, even if advised of the possibility of such damage. Use of this software is pursuant to, and permitted only in accordance with, the agreement between you and PhishMe.
Support: support@phishme.com
-
class
core.phishme.
PhishMeIntelligence
(config, config_file_location)¶ Contains helper methods for interacting with PhishMe Intelligence RESTful API, handling lock file to prevent concurrent execution, reading command line arguments, and reading a ConfigParser config file.
-
search
()¶ Use this method to search PhishMe Intelligence for one or more IOCs. This method will be implemented at a later date.
Returns: This method will return either core.intelligence.Malware
orcore.brand_intelligence.Phish
-
sync
()¶ This will contact the PhishMe Intelligence API, retrieve any new or modified threat intelligence since the last successful check-in, process it into the output(s) designated by config.ini, and return.
Returns: This method does not return anything.
-
-
core.phishme.
read_args
(script_description)¶ Parse all input arguments.
Parameters: script_description – Returns:
-
core.phishme.
read_config
(config_file)¶ Read configuration file.
Parameters: config_file – Returns:
Helpers for interacting with PhishMe Intelligence API¶
-
class
core.rest_api.
RestApi
(config, product)¶ -
connect_to_api
(verb, url, auth=None, data=None, headers=None, params=None, proxies=None)¶ Parameters: - verb –
- url –
- auth –
- data –
- headers –
- params –
- proxies –
Returns:
-
-
class
core.sqlite.
SQLite
(location, data_retention_days)¶ -
add_threat_id
(intel)¶ Parameters: intel – Returns:
-
get_threats
()¶ Returns:
-
-
class
core.supported_integrations.
SupportedIntegration
(config_name, mrti_format, output_product_module, class_name)¶