csle_rest_api.resources.recovery_ai.rag package

Submodules

csle_rest_api.resources.recovery_ai.rag.ioc_analyzer module

class csle_rest_api.resources.recovery_ai.rag.ioc_analyzer.IOCAnalyzer[source]

Bases: object

static analyze(urls: List[str], ips: List[str], hostnames: List[str], domains: List[str], cves: List[str], nids: List[str]) → Dict[str, Any][source]

static enrich_logs(log_text: str, analysis: Dict[str, Any]) → str[source]

Enriches a given log text with threat intelligence

Parameters

log_text – the log text to enrich
analysis – the threat intelligence analysis

Returns

the enriched log text

static find_iocs(log_text: str) → Tuple[List[str], List[str], List[str], List[str], List[str], List[str]][source]

Extracts IOCs from log text.

Parameters: log_text – the log text
Returns: the list of IOCs

csle_rest_api.resources.recovery_ai.rag.ioc_extractor module

class csle_rest_api.resources.recovery_ai.rag.ioc_extractor.IOCExtractor[source]

Bases: object

Class with regular expressions and utility functions for extracting IOCs from logs (e.g., CVEs, hostnames, IPs, etc.)

static extract_cves(text: str) → List[str][source]

Extracts all CVEs from a given text string

Parameters: text – the input text
Returns: the list of CVEs

static extract_domains(text: str) → List[str][source]

Extracts all domains from a given text string

Parameters: text – the input text
Returns: the list of domains

static extract_hostnames(text: str) → List[str][source]

Extracts all hostnames from a given text string

Parameters: text – the input text
Returns: the list of hostnames

static extract_ips(text: str) → List[str][source]

Extracts all IPs from a given text string

Parameters: text – the input text
Returns: the list of IPs

static extract_nids(text: str) → List[str][source]

Extracts all NIDs from a given text string

Parameters: text – the input text
Returns: the list of NIDs

static extract_urls(text: str) → List[str][source]

Exctracts all URLs from a given text string

Parameters: text – the input text
Returns: a list of found URLs

csle_rest_api.resources.recovery_ai.rag.otx_lookup module

class csle_rest_api.resources.recovery_ai.rag.otx_lookup.OTXLookup[source]

Bases: object

Class with utility functions for fetching threat intelligence from the OTX API

static lookup_cve(cve: str) → Response[source]

Sends a query to OTX to lookup information about a given CVE

Parameters: cve – the CVE to lookup
Returns: the information returned by the OTX API

static lookup_domain(domain: str) → Response[source]

Sends a query to OTX to lookup information about a given domain

Parameters: domain – the domain to lookup
Returns: the information returned by the OTX API

static lookup_hostname(hostname: str) → Response[source]

Sends a query to OTX to lookup information about a given hostname

Parameters: hostname – the hostname to lookup
Returns: the information returned by the OTX API

static lookup_ip(ip: str) → Response[source]

Sends a query to OTX to lookup information about a given IP address

Parameters: ip – the IP to lookup
Returns: the information returned by the OTX API

static lookup_url(url: str) → Response[source]

Sends a query to OTX to lookup information about a given URL

Parameters: url – the URL to lookup
Returns: the information returned by the OTX API

csle_rest_api.resources.recovery_ai.rag package

Submodules

csle_rest_api.resources.recovery_ai.rag.ioc_analyzer module

csle_rest_api.resources.recovery_ai.rag.ioc_extractor module

csle_rest_api.resources.recovery_ai.rag.otx_lookup module

Module contents