Administration
- class dfir_iris_client.admin.AdminHelper(session)
Handles administrative tasks
- add_asset_type(name: str, description: str) ApiResponse
Add a new Asset Type.
!!! tip “Requires admin rights”
- Parameters:
name – Name of the Asset type
description – Description of the Asset type
- Returns:
ApiResponse
- add_case_classification(name: str, name_expanded: str, description: str) ApiResponse
Add a new Case Classification.
!!! tip “Requires admin rights”
- Parameters:
name – Name of the Case Classification
name_expanded – Expanded name of the Case Classification
description – Description of the Case Classification
- Returns:
ApiResponse
- add_customer(customer_name: str)
Creates a new customer. A new customer can be added if:
customer_name is unique
!!! tip “Requires admin rights” :param customer_name: Name of the customer to add.
- Returns:
ApiResponse object
- add_group(group_name: str, group_description: str, group_permissions: List[Permissions]) ApiResponse
Add a new group with permissions. Cases access and members can be set later on with set_group_access and set_group_members methods. Permissions must be a list of known permissions from the Permission enum.
- Parameters:
group_name – Name of the group
group_description – Description of the group
group_permissions – List of permission from Permission enum
- Returns:
ApiResponse object
- add_ioc_type(name: str, description: str, taxonomy: str | None = None) ApiResponse
Add a new IOC Type.
!!! tip “Requires admin rights”
- Parameters:
name – Name of the IOC type
description – Description of the IOC type
taxonomy – Taxonomy of the IOC Type
- Returns:
ApiResponse
- add_report_template(template_name: str, template_description: str, template_type: ReportTemplateType, template_name_format: str, template_language: ReportTemplateLanguage, template_stream: BinaryIO) ApiResponse
Add a new report template. template_type must be a ReportTemplateType enum.
- Parameters:
template_name – Name of the template
template_description – Description of the template
template_type – ReportTemplateType enum
template_language – ReportTemplateLanguage enum
template_name_format – Name format of the template
template_stream – Template data
cid – Case ID
- Returns:
ApiResponse object
- add_user(login: str, name: str, password: str, email: str, **kwargs) ApiResponse
Adds a new user. A new user can be successfully added if
login is unique
email is unique
password meets the requirements of IRIS
!!! tip “Requires server administrator rights”
- Parameters:
login – Username (login name) of the user to add
name – Full name of the user
password – Password of the user
email – Email of the user
- Returns:
ApiResponse
- deactivate_user(user: [<class 'int'>, <class 'str'>] = None) ApiResponse
Deactivate a user from its user ID or login. Disabled users can’t log in interactively nor user their API keys. They do not appear in proposed user lists.
!!! tip “Requires admin rights”
- Parameters:
user – User ID or login to deactivate
- Returns:
ApiResponse object
- delete_asset_type(asset_type_id: int) ApiResponse
Delete an existing asset type by its ID.
!!! tip “Requires admin rights”
- Parameters:
asset_type_id – Asset type to delete
- Returns:
ApiResponse
- delete_case_classification(case_classification_id: int) ApiResponse
Delete an existing Case Classification by its ID.
!!! tip “Requires admin rights”
- Parameters:
case_classification_id – Case Classification to delete
- Returns:
ApiResponse
- delete_customer(customer: str | int) ApiResponse
Deletes a customer from its ID or name.
!!! tip “Requires admin rights”
- Parameters:
customer – Customer name or customer ID
- Returns:
ApiResponse object
- delete_group(group: str | int) ApiResponse
Delete a group by its ID or name.
- Parameters:
group – Group ID or group name
- Returns:
ApiResponse object
- delete_ioc_type(ioc_type_id: int) ApiResponse
Delete an existing IOC Type by its ID.
!!! tip “Requires admin rights”
- Parameters:
ioc_type_id – IOC type to delete
- Returns:
ApiResponse
- delete_report_template(template_id: int) ApiResponse
Delete a report template by its ID.
- Parameters:
template_id – Template ID
- Returns:
ApiResponse object
- delete_user(user: [<class 'int'>, <class 'str'>], **kwargs) ApiResponse
Deletes a user based on its login. A user can only be deleted if it does not have any activities in IRIS. This is to maintain coherence in the database. The user needs to be deactivated first.
!!! tip “Requires administrative rights”
- Parameters:
user – Username or user ID of the user to delete
- Returns:
ApiResponse
- delete_user_by_id(user_id: int) ApiResponse
Delete a user based on its ID. A user can only be deleted if it does not have any activities in IRIS. This is to maintain coherence in the database.
!!! tip “Requires admin rights”
- Parameters:
user_id – UserID of the user to delete
- Returns:
ApiResponse
- get_group(group: str | int) ApiResponse
Get a group by its ID or name.
- Parameters:
group – Group ID or group name
- Returns:
ApiResponse object
- get_user(user: int | str, **kwargs) ApiResponse
Return a user data
- Parameters:
user – User ID or login of the user to get
- Returns:
ApiResponse object
- get_user_cases_access_trace(user: int | str) ApiResponse
Get the trace of the cases access of a user.
- Parameters:
user – User ID or login to update
- Returns:
ApiResponse
- has_permission(permission: Permissions) ApiResponse
Returns true if the user has the given permissions
- Parameters:
permission – Permission to check
- Returns:
ApiResponse
- is_user_admin() bool
Deprecated in IRIS v1.5.0. Use the new has_permission(<permission>) method. Returns True if the calling user is administrator
Args:
- Returns:
Bool - true if the calling is administrator
- list_groups() ApiResponse
List all groups.
- Returns:
ApiResponse object
- lookup_group(group_name: str) ApiResponse
Lookup a group by its name.
- Parameters:
group_name – Group name
- Returns:
ApiResponse object
- recompute_all_users_cases_access() ApiResponse
Recompute the cases access of all users.
- Returns:
ApiResponse object
- recompute_user_cases_access(user: int | str) ApiResponse
Recompute the cases access of a user.
- Parameters:
user – User ID or login to update
- Returns:
ApiResponse
- update_asset_type(asset_type_id: int, name: str | None = None, description: str | None = None) ApiResponse
Updates an Asset type. asset_type_id needs to be a valid existing AssetType ID.
!!! tip “Requires admin rights”
- Parameters:
asset_type_id – Asset type to update
name – Name of the IOC type
description – Description of the IOC type
- Returns:
ApiResponse
- update_case_classification(classification_id: int, name: str | None = None, name_expanded: str | None = None, description: str | None = None) ApiResponse
Updates a Case Classification. case_classification_id needs to be a valid existing CaseClassification ID.
!!! tip “Requires admin rights”
- Parameters:
classification_id – Case Classification to update
name – Name of the Case Classification
name_expanded – Expanded name of the Case Classification
description – Description of the Case Classification
- Returns:
ApiResponse
- update_customer(customer_id: int, customer_name: str)
Updates an existing customer. A customer can be updated if :
customer_id is a know customer ID in IRIS
customer_name is unique
!!! tip “Requires admin rights”
- Parameters:
customer_id – ID of the customer to update
customer_name – Customer name
- Returns:
ApiResponse object
- update_group(group: str | int, group_name: str | None = None, group_description: str | None = None, group_permissions: List[Permissions] | None = None) ApiResponse
Update a group. Cases access and members can be with set_group_access and set_group_members methods. Permissions must be a list of known permissions from the Permission enum.
- Parameters:
group – Group ID or group name
group_name – Name of the group
group_description – Description of the group
group_permissions – List of permission from Permission enum
- Returns:
ApiResponse object
- update_group_cases_access(group: str | int, cases_list: List[int], access_level: CaseAccessLevel, auto_follow: bool = False) ApiResponse
Update the cases access of a group. Cases access must be a list of case IDs. access_level must be a CaseAccessLevel enum. If auto_follow is True, the cases will be automatically added to the group when they are created.
- Parameters:
group – Group ID or group name
cases_list – List of case IDs
access_level – CaseAccessLevel enum
auto_follow – Set to true to auto follow cases new cases
- Returns:
ApiResponse object
- update_group_members(group: str | int, members: List[int]) ApiResponse
Update the members of a group. Members must be a list of user IDs.
- Parameters:
group – Group ID or group name
members – List of user IDs
- Returns:
ApiResponse object
- update_ioc_type(ioc_type_id: int, name: str | None = None, description: str | None = None, taxonomy: str | None = None) ApiResponse
Updates an IOC type. ioc_type_id needs to be a valid existing IocType ID.
!!! tip “Requires admin rights”
- Parameters:
ioc_type_id – IOC type to update
name – Name of the IOC type
description – Description of the IOC type
taxonomy – Taxonomy of the IOC Type
- Returns:
ApiResponse
- update_user(user: int | str, login: str | None = None, name: str | None = None, password: str | None = None, email: str | None = None, **kwargs) ApiResponse
Updates a user. The user can be updated if :
login is unique
email is unique
password meets the requirements of IRIS
Only set the parameters that needs to be updated.
!!! tip “Requires admin rights”
- Parameters:
user – User ID or login to update
login – Login of the user
name – Full name of the user
password – Password of the user
email – Email of the user
- Returns:
ApiResponse
- update_user_cases_access(user: int | str, cases_list: List[int], access_level: CaseAccessLevel) ApiResponse
Updates the cases that a user can access.
!!! tip “Requires admin rights”
- Parameters:
user – User ID or login to update
cases_list – List of case IDs
access_level – Access level to set for the user
- Returns:
ApiResponse