beagle.web.api package

Submodules

beagle.web.api.models module

class beagle.web.api.models.Graph(**kwargs)

Bases: sqlalchemy.ext.declarative.api.Model

category

comment

file_path

id

meta

sha256

to_json()

class beagle.web.api.models.JSONEncodedDict(*args, **kwargs)

Bases: sqlalchemy.sql.type_api.TypeDecorator

impl

alias of sqlalchemy.sql.sqltypes.VARCHAR

process_bind_param(value, dialect)

Receive a bound parameter value to be converted.

Subclasses override this method to return the value that should be passed along to the underlying TypeEngine object, and from there to the DBAPI execute() method.

The operation could be anything desired to perform custom behavior, such as transforming or serializing data. This could also be used as a hook for validating logic.

This operation should be designed with the reverse operation in mind, which would be the process_result_value method of this class.

Parameters:

• value – Data to operate upon, of any type expected by this method in the subclass. Can be None.
• dialect – the Dialect in use.

process_result_value(value, dialect)

Receive a result-row column value to be converted.

Subclasses should implement this method to operate on data fetched from the database.

Subclasses override this method to return the value that should be passed back to the application, given a value that is already processed by the underlying TypeEngine object, originally from the DBAPI cursor method fetchone() or similar.

The operation could be anything desired to perform custom behavior, such as transforming or serializing data. This could also be used as a hook for validating logic.

Parameters:

• value – Data to operate upon, of any type expected by this method in the subclass. Can be None.
• dialect – the Dialect in use.

This operation should be designed to be reversible by the “process_bind_param” method of this class.

beagle.web.api.views module

beagle.web.api.views.add(graph_id: int)

Add data to an existing NetworkX based graph.

Parameters:graph_id (int) – The graph ID to add to.

beagle.web.api.views.adhoc()

Allows for ad-hoc transformation of generic JSON Data based on one of two CIM models:

1. The Beagle CIM Model (defined in constants.py)
2. The OSSEM Model (defined in https://github.com/Cyb3rWard0g/OSSEM)

beagle.web.api.views.get_backends()

Returns all possible backends, their names, and their IDs.

The array contains elements with the following structure.

>>> {
    id: string, # class name
    name: string # Human-readable name
}

These map back to the __name__ attributes of Backend subclasses.

Returns:Array of {id: string, name: string} entries. Return type:List[dict]

beagle.web.api.views.get_categories()

Returns a list of categories as id, name pairs.

This list is made up of all categories specified in the category field for each datasource.

>>> {
    "id": "vt_sandbox",
    "name": "VT Sandbox"
}

Returns: Return type:List[dict]

beagle.web.api.views.get_category_items(category: str)

Returns the set of items that exist in this category, the path to their JSON files, the comment made on them, as well as their metadata.

>>> {
    comment: str,
    file_path: str,
    id: int,
    metadata: Dict[str, Any]
}

Returns 404 if the category is invalid.

Parameters:category (str) – The category to fetch data for. Returns: Return type:List[dict]

beagle.web.api.views.get_graph(graph_id: int)

Returns the JSON object for this graph. This is a networkx node_data JSON dump:

>>> {
    directed: boolean,
    links: [
        {...}
    ],
    multigraph: boolean,
    nodes: [
        {...}
    ]
}

Returns 404 if the graph is not found.

Parameters:graph_id (int) – The graph ID to fetch data for Returns:See https://networkx.github.io/documentation/stable/reference/readwrite/generated/networkx.readwrite.json_graph.node_link_graph.html Return type:Dict

beagle.web.api.views.get_graph_metadata(graph_id: int)

Returns the metadata for a single graph. This is automatically generated by the datasource classes.

Parameters:

• graph_id (int) – Graph ID.
• 404 if the graph ID is not found (Returns) –

Returns:

A dictionary representing the metadata of the current graph.

Return type:

Dict

beagle.web.api.views.get_transformers()

Returns all possible transformers, their names, and their IDs.

The array contains elements with the following structure.

>>> {
    id: string, # class name
    name: string # Human-readable name
}

These map back to the __name__ and .name attributes of Transformer subclasses.

Returns:Array of {id: string, name: string} entries. Return type:List[dict]

beagle.web.api.views.new()

Generate a new graph using the supplied DataSource, Transformer, and the parameters passed to the DataSource.

At minimum, the user must supply the following form parameters:

1. datasource
2. transformer
3. comment
4. backend

Outside of that, the user must supply at minimum the parameters marked by the datasource as required.

• Use the /api/datasources endpoint to see which ones these are.
• Programmatically, these are any parameters without a default value.

Failure to supply either the minimum three or the required parameters for that datasource returns a 400 status code with the missing parameters in the ‘message’ field.

If any part of the graph creation yields an error, a 500 HTTP code is returend with the python exception as a string in the ‘message’ field.

If the graph is succesfully created, the user is returned a dictionary with the ID of the graph and the URI path to viewing it in the beagle web interface.

For example:

>>> {
    id: 1,
    self: /fireeye_hx/1
}

Returns:{id: integer, self: string} Return type:dict

beagle.web.api.views.pipelines()

Returns a list of all available datasources, their parameters, names, ids, and supported transformers.

A single entry in the array is formatted as follows:

>>> {
    "id": str,
    "name": str,
    "params": [
        {
            "name": str,
            "required": bool,
        }
        ...
    ],
    "transformers": [
        {
            "id": str,
            "name": str
        }
    ]
    "type": "files" OR "external
}

If the ‘type’ field is set to ‘files’, it means that the parameters represent required files, if it is set to ‘external’ this means that the parameters represent string inputs.

The main purpose of this endpoint is to allow users to query beagle in order to easily identify what datasource and transformer combinations are possible, as well as what parameters are required.

Returns:An array of datasource specifications. Return type:List[dict]

Module contents