Helpers

class dfir_iris_client.helper.analysis_status.AnalysisStatusHelper(session)

Handles the analysis status methods

get_analysis_status(analysis_status_id: int) → ApiResponse

Returns an analysis status from its ID

Parameters:

analysis_status_id – Status ID to lookup

Returns:

ApiResponse object

list_analysis_status_types() → ApiResponse

Returns a list of all analysis statuses

Args:

Returns:

APIResponse object

lookup_analysis_status_name(analysis_status_name: str) → int | None

Returns an analysis status ID from its name otherwise None

Parameters:

analysis_status_name – str:

Returns:

Union[int, None] - analysis status ID matching provided analysis status name or None if not found

class dfir_iris_client.helper.assets_type.AssetTypeHelper(session)

Handles the assets type methods

get_asset_type(asset_type_id: int) → ApiResponse

Returns an asset type data from its id

Parameters:

asset_type_id – ID of asset type to fetch

Returns:

ApiResponse

list_asset_types() → ApiResponse

Returns a list of all assets types available

Args:

Returns:

APIResponse object

lookup_asset_type_name(asset_type_name: str) → int | None

Returns an asset type ID from its name otherwise None

Raise:

Exception if server data is invalid

Parameters:

asset_type_name – Name of the asset type to lookup

Returns:

Asset type ID matching provided asset type name

Return type:

Union[int, None]

class dfir_iris_client.helper.authorization.CaseAccessLevel(value)

An enumeration.

class dfir_iris_client.helper.authorization.Permissions(value)

An enumeration.

class dfir_iris_client.helper.case_classifications.CaseClassificationsHelper(session)

Handles the case classifications methods

get_case_classification(case_classification_id: int) → ApiResponse

Returns a case classification from its ID

Parameters:

case_classification_id – Case classification ID

Returns:

APIResponse object

list_case_classifications() → ApiResponse

Returns a list of all case classifications

Args:

Returns:

APIResponse object

lookup_case_classification_name(case_classification_name: str) → None | int

Returns a case_classification_name from its name otherwise None

Parameters:

case_classification_name – Case classification name to lookup

Returns:

case_classification_name matching provided case classification name otherwise none

Defines standard colors of events used in the GUI. While custom color can be used, it’s recommended to use the same to keep consistency.

class dfir_iris_client.helper.compromise_status.CompromiseStatusHelper(session)

Handles the compromise status methods

list_compromise_status_types()

Returns a list of all compromise statuses

lookup_compromise_status_name(compromise_status_name: str) → int | None

Returns a compromise status ID from its name otherwise None

Parameters:

compromise_status_name – str:

Returns:

Union[int, None] - compromise status ID matching provided analysis status name or None if not found

class dfir_iris_client.helper.errors.IrisStatus(message=None, data=None, uri=None, is_error=False)

Defines a custom status class, used by the abstraction layer to communicate about API and operations feedbacks

Args:

Returns:

is_error() → bool

Simply return true if status is an error

Args:

Returns:

bool

is_success() → bool

Simply return true if status is a success

Returns:

True if status is a success

Args:

Returns:

bool

set_error() → None

Force the status to error

Args:

Returns:

None

set_success() → None

Force the status to success

Args:

Returns:

None

class dfir_iris_client.helper.errors.IrisStatusError(message=None, data=None, uri=None)

Overlay of IrisStatus, defining a base error status

class dfir_iris_client.helper.errors.IrisStatusSuccess(message=None, data=None, uri=None)

Overlay of IrisStatus, defining a base success status

class dfir_iris_client.helper.events_categories.EventCategoryHelper(session)

Handles the event category methods

get_event_category(event_category_id: int) → ApiResponse

Returns an event category from its ID

Parameters:

event_category_id – Event category to lookup

Returns:

ApiResponse object

list_events_categories() → ApiResponse

Returns a list of all events categories available

Args:

Returns:

ApiResponse object

lookup_event_category_name(event_category: str) → None | int

Returns an event category ID from its name otherwise None

Parameters:

event_category – Name of the event to lookup

Returns:

Event category ID matching provided event_category name

Return type:

Union[None, int]

class dfir_iris_client.helper.ioc_types.IocTypeHelper(session)

Handles the IOC types methods

get_ioc_type(ioc_type_id: int) → ApiResponse

Returns an ioc type from its ID

Parameters:

ioc_type_id – Type ID to lookup

Returns:

ApiResponse object

list_ioc_types() → ApiResponse

Returns a list of all ioc types

Args:

Returns:

APIResponse object

lookup_ioc_type_name(ioc_type_name: str) → None | int

Returns an ioc_type_name from its name otherwise None

Parameters:

ioc_type_name – IOC type name to lookup

Returns:

ioc_type_name matching provided ioc type name otherwise none

Defines standard template types

class dfir_iris_client.helper.report_template_types.ReportTemplateLanguage(value)

An enumeration.

class dfir_iris_client.helper.report_template_types.ReportTemplateType(value)

An enumeration.

class dfir_iris_client.helper.task_status.TaskStatusHelper(session)

Handles the analysis status methods

get_task_status(task_status_id: int) → ApiResponse

Returns a task status from its ID

Parameters:

task_status_id – int: Task ID to lookup

Returns:

ApiResponse object

list_task_status_types() → ApiResponse

Returns a list of all tasks statuses

Args:

Returns:

ApiResponse

lookup_task_status_name(task_status_name: str) → int | None

Returns a task status ID from its name otherwise None

Parameters:

task_status_name – str: Task name to lookup

Returns:

Union[int, None] - task status ID matching provided task status name

class dfir_iris_client.helper.tlps.TlpHelper(session)

Handles the TLP methods

get_tlp(tlp_id: int) → ApiResponse

Returns a tlp from its ID

Parameters:

tlp_id – TLP ID to lookup

Returns:

ApiResponse object

list_tlps() → ApiResponse

Returns a list of all tlps available

Args:

Returns:

ApiResponse object

lookup_tlp_name(tlp_name: str) → int | None

Returns a tlp ID from its name otherwise None

Returns:

tlp ID matching provided tlp name or None

Parameters:

tlp_name – str: Name of the TLP

Returns:

Union[int, None]

class dfir_iris_client.helper.utils.ApiResponse(response: str | None = None, uri: str | None = None)

Handles API returns and error. It parses the standard API returns and build an standard ApiResponse object.

is_error()

Returns:

Bool - True if return is error

is_success()

Returns:

Bool - True if return is success

dfir_iris_client.helper.utils.ClientApiData(message=None, data=None, status=None)

Parameters:

• message – (Default value = None)

• data – (Default value = None)

• status – (Default value = None)

Returns:

dfir_iris_client.helper.utils.ClientApiError(error=None, msg=None)

Parameters:

• error – (Default value = None)

• msg – (Default value = None)

Returns:

dfir_iris_client.helper.utils.assert_api_resp(api_response: ApiResponse, soft_fail=True) → IrisStatus

Convert an ApiResponse to an IrisStatus for the overlay

Parameters:

• api_response – ApiResponse: Object to assert

• soft_fail – Set to false to raise exception (Default value = True)

Returns:

dfir_iris_client.helper.utils.get_data_from_resp(api_response: ApiResponse)

Returns the data of an ApiResponse object

Parameters:

api_response – ApiResponse:

Returns:

dfir_iris_client.helper.utils.get_iris_session()

Return the global variable client session

Args:

Returns:

ClientSession

dfir_iris_client.helper.utils.map_object(obj, data_obj: dict, obj_type=None, strict=False) → IrisStatus

Map a Python IrisObject with a known Iris API return. The mapping is done thanks to objects_def. Each field is attributed to an attribute of the provided obj.

The methods takes advantage of iris_abj_attribute and iris_dynamic_attribute to preprocess data if needed.

Parameters:

• obj – Object where attributes need to be set

• obj_type – Force the object type. Unused (Default value = None)

• data_obj – Dict describing the data to set

• strict – Set to true to fail if an attribute is missing (Default value = False)

Returns:

IrisStatus

dfir_iris_client.helper.utils.parse_api_data(data: dict, path: list | str, strict=True) → any

Parses the data field of an API response. Path describes a path to fetch a specific value in data. If strict is set, an exception is raised, otherwise None is returned.

Parameters:

• data – Dict from the API response

• path – Value to get from within data

• strict – Set to true to fails if path is not found in data (default)

Returns:

ApiResponse