Session

dfir_iris_client.session.API_VERSION = '2.0.0'

client_session Defines a global session, accessible by all classes. client_session is of type ClientSession.

class dfir_iris_client.session.ClientSession(apikey=None, host=None, agent='iris-client', ssl_verify=True, proxy=None, timeout=120)

Represents a client that can interacts with Iris. It is basic wrapper handling authentication and the requests to the server.

Args:

Returns:

pi_get(uri: str, cid: int | None = None, no_wrap: bool = False) ApiResponse | Response

Adds the CID information needed by the server when issuing GET requests and then issue the request itself.

Parameters:
  • uri – URI endpoint to request

  • no_wrap – Do not wrap the response in ApiResponse object

  • cid – Target case ID

Returns:

ApiResponse or Response object

pi_post(uri: str, data: dict | None = None, cid: int | None = None) ApiResponse

Issues a POSt request with the provided data. Simple wrapper around _pi_request

Parameters:
  • uri – URI endpoint to request

  • data – data to be posted. Expect a dict

  • cid – Target case ID

Returns:

ApiResponse object

pi_post_files(uri: str, files: dict | None = None, data: dict | None = None, cid: int | None = None) ApiResponse

Issues a POST request in multipart with the provided data.

Parameters:
  • uri – URI endpoint to request

  • files – data to be posted. Expect a dict

  • data – data to be posted. Expect a dict

  • cid – Target case ID

Returns:

ApiResponse object

preload_base_objects() None

Preload the base objects most commonly used. This simply init the BaseObjects class, which in turns requests and build all the most common objects such as AnalysisStatus, EventCategory, EventType, etc.

For future use only

Args:

Returns:

dfir_iris_client.session.log = <Logger dfir_iris_client.session (WARNING)>

API_VERSION The API version is not directly correlated with Iris version. Server has an endpoint /api/versions which should returns the API compatible versions it can handles.