Playbooks (`risksense_api.subject.playbooks.__playbooks`)¶

Playbooks module defined for different playbooks related api endpoints.

class risksense_api.__subject.__playbooks.__playbooks.Playbooks(profile)[source]¶

Bases: Subject

Playbooks class

Parameters:: profile (object) –

__init__(profile)[source]¶

Initialization of Playbooks object.

Parameters:: profile (object) – Profile Object

get_supported_inputs(csvdump=False, client_id=None)[source]¶

Get a list of supported playbook inputs.

Parameters:

client_id (typing.Optional[int]) – Client ID
csvdump (bool) – dumps the data in csv

Return type:

list

Returns:

Supported inputs

Example

To get supported inputs

>>> self.{risksenseobject}.playbooks.get_supported_inputs()

Note

You can also dump the data in csv using csvdump=True

>>> self.{risksenseobject}.playbooks.get_supported_inputs(csvdump=True)

get_supported_actions(csvdump=False, client_id=None)[source]¶

Get a list of supported playbook actions.

Parameters:

client_id (typing.Optional[int]) – Client ID
csvdump (bool) – Dumps the data in csv

Return type:

list

Returns:

Supported actions

Example

To get supported actions

>>> self.{risksenseobject}.playbooks.get_supported_actions()

Note

You can also dump the data in a csv using csvdump=True

>>> self.{risksenseobject}.playbooks.get_supported_actions(csvdump=True)

get_supported_frequencies(client_id=None)[source]¶

Get a list of supported playbook frequencies.

Parameters:

client_id (typing.Optional[int]) – Client ID
csvdump – Dumps the data in csv

Return type:

list

Returns:

Supported frequencies

Example

To get supported frequencies

>>> self.{risksenseobject}.playbooks.get_supported_frequencies()

Note

You can also dump the data in a csv using csvdump=True

>>> self.{risksenseobject}.playbooks.get_supported_frequencies(csvdump=True)

get_supported_outputs(csvdump=False, client_id=None)[source]¶

Get a list of supported playbook outputs.

Parameters:

client_id (typing.Optional[int]) – Client ID
csvdump (bool) – Dumps the data in csv

Return type:

list

Returns:

Supported outputs

Example

To get supported outputs

>>> self.{risksenseobject}.playbooks.get_supported_outputs()

Note

You can also dump the data in a csv using csvdump=True

>>> self.{risksenseobject}.playbooks.get_supported_outputs(csvdump=True)

get_subject_supported_actions(csvdump=False, client_id=None)[source]¶

Get a list of subject-supported playbook actions.

Parameters:

client_id (typing.Optional[int]) – Client ID
csvdump (bool) – Dumps the data in csv

Return type:

dict

Returns:

Subject Supported actions

Example

To get Subject Supported actions

>>> self.{risksenseobject}.playbooks.get_subject_supported_actions()

Note

You can also dump the data in a csv using csvdump=True

>>> self.{risksenseobject}.playbooks.get_subject_supported_actions(csvdump=True)

get_playbooks_single_page(page_size=1000, page_num=0, sort_dir='ASC', client_id=None)[source]¶

Fetch a single page of playbooks from client

Parameters:

page_size (int) – Page Size
page_num (int) – Page Number
sort_dir (str) – Sort Direction
client_id (typing.Optional[int]) – Client ID

Return type:

dict

Returns:

The paginated JSON response from the platform is returned.

Example

An example to get single search page of playbooks data

>>> self.{risksenseobject}.playbooks.get_single_search_page([])

You can also try changing the other arguments to your liking to reflect the data as you suffice such as change page_size or page_num etc.

>>> self.{risksenseobject}.playbooks.get_single_search_page([],page_num=2,page_size=10)

get_all_playbooks(csvdump=False, client_id=None)[source]¶

Get all playbooks for a client.

Parameters:

client_id (typing.Optional[int]) – Client ID
csvdump (bool) – dumps the data in csv

Return type:

list

Returns:

All Playbooks for a client

Example

To get all playbooks

>>>  self.{risksenseobject}.playbooks.get_all_playbooks()

Note

You can also dump the data using csvdump=True argument

>>>  self.{risksenseobject}.playbooks.get_all_playbooks(csvdump=True)

get_specific_playbook(playbook_uuid, csvdump=False, client_id=None)[source]¶

Fetch a specific playbook by UUID.

Parameters:

playbook_uuid (str) – Playbook UUID
csvdump (bool) – dumps the data in csv
client_id (typing.Optional[int]) – Client ID

Return type:

dict

Returns:

The Playbook information

Example

To get specific playbook 1234str

>>>  self.{risksenseobject}.playbooks.get_specific_playbook('1234str')

Note

You can also dump the data using csvdump=True argument

>>>  self.{risksenseobject}.playbooks.get_specific_playbook('1234str',csvdump=True)

get_single_page_playbook_rules(playbook_uuid, page_num=0, page_size=1000, sort_dir='ASC', client_id=None)[source]¶

Get a single page of rules for a specific playbook

Parameters:

playbook_uuid (str) – Playbook UUID
page_num (int) – Page number to retrieve
page_size (int) – Number of items per page to return
sort_dir (int) – Sort Direction
client_id (typing.Optional[int]) – Client ID

Return type:

dict

Returns:

Playbook rules

Example

To get single page playbook rule from playbook 123str

>>>  self.{risksenseobject}.playbooks.get_single_page_playbook_rules('123str')

get_all_rules_for_playbook(playbook_uuid, sort_dir='ASC', csvdump=False, client_id=None)[source]¶

Get all rules for a specific playbook

Parameters:

playbook_uuid (str) – Playbook UUID
sort_dir (str) – Sort Direction
csvdump (bool) – dumps the data in csv
client_id (typing.Optional[int]) – Client ID

Return type:

list

Returns:

All playbook rules

Example

To get all rules for playbook 123str

>>>  self.{risksenseobject}.playbooks.get_all_rules_for_playbook('123str')

Note

You can also dump the data using csvdump=True argument

>>>  self.{risksenseobject}.playbooks.get_all_rules_for_playbook('123str',csvdump=True)

add_rule(playbook_uuid, rule_name, rule_desc, rule_input, rule_action_type, rule_action, rule_output_type, rule_output, csvdump=False, client_id=None)[source]¶

Add a rule to a playbook.

Parameters:

playbook_uuid (str) – Playbook UUID
rule_name (str) – Rule Name
rule_desc (str) – Rule Description
rule_input (str) – Rule Input
rule_action_type (str) – Rule Action Type
rule_action (dict) – Rule action to take
rule_output_type (str) – Rule output type
rule_output (dict) – Rule output
csvdump (bool) – dumps the data in csv
client_id (typing.Optional[int]) – Client ID

Return type:

list

Returns:

List containing dict of rule details.

Example

To add a rule to a playbook

>>>  self.{risksenseobject}.playbooks.add_rule('11ec58c8-123-123-a0b0-06933745a4d6','newtest',"testingsomethinghere","HOST_FINDING","ASSIGNMENT",{"userIds":[123],"filterRequest":{"filters":[{"field":"group_names","exclusive":False,"operator":"EXACT","value":"AdamM","orWithPrevious":False,"enabled":True,"implicitFilters":[],"altQueryConstruction":False},{"field":"lastFoundOn","exclusive":False,"operator":"BEFORE","value":"2021-01-28","orWithPrevious":False,"enabled":True,"implicitFilters":[],"altQueryConstruction":False}]}},"NO_OUTPUT",{})

Note

You can also dump the data using csvdump=True argument

>>>  self.{risksenseobject}.playbooks.add_rule('11ec58c8-123-123-a0b0-06933745a4d6','newtest',"testingsomethinghere","HOST_FINDING","ASSIGNMENT",{"userIds":[123],"filterRequest":{"filters":[{"field":"group_names","exclusive":False,"operator":"EXACT","value":"AdamM","orWithPrevious":False,"enabled":True,"implicitFilters":[],"altQueryConstruction":False},{"field":"lastFoundOn","exclusive":False,"operator":"BEFORE","value":"2021-01-28","orWithPrevious":False,"enabled":True,"implicitFilters":[],"altQueryConstruction":False}]}},"NO_OUTPUT",{},csvdump=True)

add_multiple_rules(playbook_uuid, rules, csvdump=False, client_id=None)[source]¶

Add multiple rules to a playbook.

Parameters:

playbook_uuid (str) – Playbook UUID
rules (list) – List of Rules the user want to create
csvdump (bool) – dumps the data in csv
client_id (typing.Optional[int]) – Client ID

Return type:

list

Returns:

List containing dict of rule details.

Example

To add multiple rules for a playbook

>>>  self.{risksenseobject}.playbooks.add_multiple_rules('11ec8a6e-1234-123-9fb0-02a87de7e1ee',[
{"name": "testnew2", "description": "test", "input": "HOST", "actionType": "TAG_APPLY", "action": {"tagIds": [], "isRemove": False, "filterRequest": {"filters": [{"field": "criticality", "exclusive": False, "operator": "IN", "value": "4", "orWithPrevious": False, "implicitFilters": [], "enabled": True}]}}, "outputType": "NO_OUTPUT", "output": {}},{"name": "testnew3", "description": "testing2", "input": "HOST", "actionType": "TAG_APPLY", "action": {"tagIds": [], "isRemove": False, "filterRequest": {"filters": [{"field": "criticality", "exclusive": False, "operator": "IN", "value": "4", "orWithPrevious": False, "implicitFilters": [], "enabled": True}]}}, "outputType": "NO_OUTPUT", "output": {}}])

Note

You can also dump the data using csvdump=True argument

>>>  self.{risksenseobject}.playbooks.add_multiple_rules('11ec8a6e-1234-123-9fb0-02a87de7e1ee',[
{"name": "testnew2", "description": "test", "input": "HOST", "actionType": "TAG_APPLY", "action": {"tagIds": [], "isRemove": False, "filterRequest": {"filters": [{"field": "criticality", "exclusive": False, "operator": "IN", "value": "4", "orWithPrevious": False, "implicitFilters": [], "enabled": True}]}}, "outputType": "NO_OUTPUT", "output": {}},{"name": "testnew3", "description": "testing2", "input": "HOST", "actionType": "TAG_APPLY", "action": {"tagIds": [], "isRemove": False, "filterRequest": {"filters": [{"field": "criticality", "exclusive": False, "operator": "IN", "value": "4", "orWithPrevious": False, "implicitFilters": [], "enabled": True}]}}, "outputType": "NO_OUTPUT", "output": {}}],csvdump=True)

create(name, description, schedule_freq, hour_of_day, client_id=None, csvdump=False, **kwargs)[source]¶

Create a new playbook

Parameters:

name (str) – Name
description (str) – Description
schedule_freq (str) – Schedule Frequency (ScheduleFreq.DAILY, ScheduleFreq.WEEKLY, ScheduleFreq.MONTHLY, ‘DISABLED’)
hour_of_day (str) – Hour of the day
client_id (typing.Optional[int]) – Client ID
csvdump (bool) – dumps the data in csv

Keyword Arguments:

day_of_week (str) – Day of the week
day_of_month (str) – Day of the month

Return type:

str

Returns:

Playbook UUID

Example

To create a playbook

>>> self.{risksenseobject}.playbooks.create("teamtest1","test",self.rs.schedulefreq.DAILY,"5")

Note

You can also dump the data in csv using csvdump=True

>>> self.{risksenseobject}.playbooks.create("teamtest1","test",self.rs.schedulefreq.DAILY,"5",csvdump=True)

update(playbook_uuid, name, description, schedule_freq, hour_of_day, csvdump=False, client_id=None, **kwargs)[source]¶

Update a playbook

Parameters:

playbook_uuid (str) – Playbook UUID
name (str) – Name
description (str) – Description
schedule_freq (str) – Schedule Frequency (ScheduleFreq.DAILY, ScheduleFreq.WEEKLY, ScheduleFreq.MONTHLY, ‘DISABLED’)
csvdump (bool) – dumps the data in csv
client_id (typing.Optional[int]) – Client ID
hour_of_day (str) – Hour of the day

Keyword Arguments:

day_of_week (str) – Day of the week
day_of_month (str) – Day of the month

Return type:

dict

Returns:

Playbook and its details

Example

To update a playbook

>>> self.{risksenseobject}.playbooks.update('123456-3f1c-3b81-b7ab-06933745a4d6','testing2','somethingtotestrighthere',"DAILY",hour_of_day=5)

Note

You can also dump the data in csv using csvdump=True

>>> self.{risksenseobject}.playbooks.update('123456-3f1c-3b81-b7ab-06933745a4d6','testing2','somethingtotestrighthere',"DAILY",hour_of_day=5,csvdump=True)

delete(playbook_uuid, csvdump=False, client_id=None)[source]¶

Delete a playbook.

Parameters:

playbook_uuid (str) – playbook UUID
csvdump (bool) – dumps the data in csv
client_id (typing.Optional[int]) – client ID

Return type:

bool

Returns:

true/false indicating successful deletion

Example

To delete a playbook

>>> self.{risksenseobject}.playbooks.delete('123-123')

Note

You can also dump the data in csv using csvdump=True

>>> self.{risksenseobject}.playbooks.delete('123-123',csvdump=True)

get_playbook_details(playbook_uuid, csvdump=False, client_id=None)[source]¶

Get the details for a specific playbook

Parameters:

playbook_uuid (str) – playbook UUID
client_id (typing.Optional[int]) – client ID
csvdump (bool) – Dump the data in a csv

Return type:

dict

Returns:

Playbook details

Example

To get playbook details

>>> self.{risksenseobject}.get_playbook_details('123-123')

Note

You can also dump the data in csv using csvdump=True

>>> self.{risksenseobject}.get_playbook_details('123-123',csvdump=True)

rule_reorder(playbook_uuid, rule_uuids, csvdump=False, client_id=None)[source]¶

Reorder playbook rules for an already existing playbook

Parameters:

playbook_uuid (str) – UUID for playbook to be reordered
rule_uuids (list) – A list of rule UUIDs (strings), in the order desired
csvdump (bool) – dumps the data in csv
client_id (typing.Optional[int]) – Client ID

Return type:

list

Returns:

List of reordered rule definitions

Example

To reorder the rules

>>> self.{risksenseobject}.playbooks.rule_reorder('1234-87dc-353b-a0b0-06933745a4d6',["4321-10bc-3f1f-a0b0-06933745a4d6",'1234-1151-3d17-b7ab-06933745a4d6',"111-55bc-421a-b7ab-06933745a4d6","111-28fa-b4eb-b7ab-06933745a4d6","111-fa9b-e4ad-b7ab-06933745a4d6"])

Note

You can also dump the reodered data in a csv using

>>>  self.{risksenseobject}.playbooks.rule_reorder('1234-87dc-353b-a0b0-06933745a4d6',["4321-10bc-3f1f-a0b0-06933745a4d6",'1234-1151-3d17-b7ab-06933745a4d6',"111-55bc-421a-b7ab-06933745a4d6","111-28fa-b4eb-b7ab-06933745a4d6","111-fa9b-e4ad-b7ab-06933745a4d6"],csvdump=True)

update_rule(rule_uuid, playbook_name, playbook_desc, playbook_input, playbook_action_type, playbook_action, playbook_output_type, playbook_output, csvdump=False, client_id=None)[source]¶

Update an existing playbook rule

Parameters:

rule_uuid (str) – UUID for rule to be updated
playbook_name (str) – Playbook name
playbook_desc (str) – Playbook description
playbook_input (str) – Playbook Input
playbook_action_type (str) – Playbook action type
playbook_action (dict) – Playbook action
playbook_output_type (str) – Playbook output type
playbook_output (dict) – Playbook output
csvdump (bool) – dumps the data in csv
client_id (typing.Optional[int]) – Client ID

Return type:

bool

Returns:

Indication of success

Example

To update a playbook rule

>>> self.{risksenseobject}.playbooks.update_rule('11ec8ae5-73dd-c48c-9fb0-02a87de7e1ee',"namingconventionchanged","testnew2",  "HOST", "TAG_APPLY", {"tagIds": [], "isRemove": False, "filterRequest": {"filters": [{"field": "criticality", "exclusive": False, "operator": "IN", "value": "4", "orWithPrevious": False, "implicitFilters": [], "enabled": True}]}},"NO_OUTPUT", {})

Note

You can also dump the data in csv using csvdump=True

>>> self.{risksenseobject}.playbooks.update_rule('11ec8ae5-73dd-c48c-9fb0-02a87de7e1ee',"namingconventionchanged","testnew2",  "HOST", "TAG_APPLY", {"tagIds": [], "isRemove": False, "filterRequest": {"filters": [{"field": "criticality", "exclusive": False, "operator": "IN", "value": "4", "orWithPrevious": False, "implicitFilters": [], "enabled": True}]}},"NO_OUTPUT", {},csvdump=True)

delete_playbook_rule(rule_uuid, csvdump=False, client_id=None)[source]¶

Delete an existing playbook rule.

Parameters:

rule_uuid (str) – Rule UUID
csvdump (bool) – dumps the data in csv
client_id (typing.Optional[int]) – Client ID

Return type:

bool

Returns:

Indication of success

Example

To delete a playbook rule

>>> self.{risksenseobject}.playbooks.delete_playbook_rule('1234-6fb3-206e-9fb0-02a87de7e1ee')

Note

You can also dump the data in csv using csvdump=True

>>> self.{risksenseobject}.playbooks.delete_playbook_rule('1234-6fb3-206e-9fb0-02a87de7e1ee',csvdump=True)

get_specific_playbook_rule(rule_uuid, csvdump=False, client_id=None)[source]¶

Get details for a specific playbook rule.

Parameters:

rule_uuid (str) – Playbook rule UUID
client_id (typing.Optional[int]) – Client ID
csvdump (bool) – dumps the data in csv

Return type:

dict

Returns:

Playbook rule details

Example

To get specific playbook rule

>>> self.{risksenseobject}.playbooks.get_specific_playbook_rule('123456-73dd-c48c-9fb0-02a87de7e1ee')

Note

You can also dump the data in csv using csvdump=True

>>> self.{risksenseobject}.playbooks.get_specific_playbook_rule('123456-73dd-c48c-9fb0-02a87de7e1ee',csvdump=True)

toggle_enabled(playbook_uuids, enabled=False, client_id=None)[source]¶

Enable/Disable playbooks.

Parameters:

playbook_uuids (list) – A list of Playbook UUIDs to enable/disable
enabled (bool) – Enable/Disable playbooks,please provide true for enabled and false for disabled
client_id (typing.Optional[int]) – Client ID

Returns:

True

Example

To enable a playbook

>>> self.{risksenseobject}.playbooks.toggle_enabled(['11ed13b4-52c3-a3c1-9fb0-02a87de7e1ee'],enabled=True)

To disable a playbook

>>> self.{risksenseobject}.playbooks.toggle_enabled(['11ed13b4-52c3-a3c1-9fb0-02a87de7e1ee'],enabled=False)

run_playbook(playbook_uuid, csvdump=False, client_id=None)[source]¶

Run a playbook.

Parameters:

playbook_uuid (str) – Playbook UUID
client_id (typing.Optional[int]) – Client ID
csvdump (bool) – dumps the data in csv

Return type:

dict

Returns:

JSON response from platform

Example

>>> self.{risksenseobject}.playbooks.run_playbook('12345-1234-123')

Note

You can also dump the data in csv using csvdump=True

>>> self.{risksenseobject}.playbooks.run_playbook('12345-1234-123',csvdump=True)

_get_playbook_page_info(url, page_size)[source]¶

Get number of available pages for fetch.

Parameters:

url (str) – URL of endpoint
page_size (int) – page size

Return type:

int

Returns:

Total number of available pages

IGNORE function as it is an Internal Function*

_fetch_in_bulk(func_name, page_range, **func_args)[source]¶

Threaded fetch of playbook info, supporting multiple threads. Combines all results in a single list and returns.

Parameters:

func_name (str) – Search function name
page_range (int) – Page range

IGNORE - INTERNAL FUNCTION

Keyword Arguments:: func_args (dict) – args to be passed to search function
Return type:: list
Returns:: List of all results returned by search function

Playbooks (risksense_api.__subject.__playbooks.__playbooks)¶

Playbooks (`risksense_api.subject.playbooks.__playbooks`)¶