Skip to content

Instantly share code, notes, and snippets.

@ag-michael

ag-michael/thehivedump.py

Created March 19, 2019 20:17
Show Gist options
  • Save ag-michael/1e02be834897f7cabb5ed5ba687ff346 to your computer and use it in GitHub Desktop.
Save ag-michael/1e02be834897f7cabb5ed5ba687ff346 to your computer and use it in GitHub Desktop.
Download ZIP
Dump case information from thehive to CSV
Raw
thehivedump.py
import sys
import datetime
from thehive4py.api import TheHiveApi
from thehive4py.query import String
def mkstmp(ts,tfmt='%m/%d/%Y %H:%M CDT'):
if not type(ts) is int:
ts=int(ts)
return datetime.datetime.fromtimestamp(ts/1000).strftime(tfmt)
def dump(server,apikey):
api = TheHiveApi(server,apikey)
r = api.find_cases(query=String('*'), range='all', sort=[])
j=r.json()
columns=[]
print(j)
for k in j[0]:
columns.append(k)
for case in j:
for f in case['customFields']:
columns.append(f)
if 'createdAt' in columns:
columns.remove('createdAt')
columns=list(set(columns))
columns.insert(0,'createdAt')
csv=','.join(columns).strip().strip(",")+"\n"
for case in j:
row=""
case['createdAt']=mkstmp(case['createdAt'])
for c in columns:
if c in case:
cell=str(case[c])
cell=cell.replace("\r\n","|")
cell=cell.replace("\n","|")
cell=cell.replace(",",";")
row+=cell[:512]+","
elif c in case['customFields']:
f=case['customFields'][c]
if 'boolean' in f:
f=f['boolean']
elif 'number' in f:
f=f['number']
elif 'string' in f:
f=f['string']
cell=str(f)
cell=cell.replace("\r\n","|")
cell=cell.replace("\n","|")
cell=cell.replace(",",";")
row+=cell[:512]+","
else:
row+=","
row=row.strip().strip(",")+"\n"
csv+=row
#response['Content-Type']="text/csv"
#response.write(csv)
with open(sys.argv[1],"w+") as f:
f.write(csv+"\n")
dump("http://127.0.0.1:9000","<yourapikey>")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment