Blockade Analyst Bench

Python client for Blockade.io services. Questions, comments or for support needs, please use the issues page on Github.

Command-line scripts

The following command line scripts are installed with the library:

  • blockade-cfg: utility to set or query API configuration options for the library (email and API key).
  • blockade-aws-deploy: utility to set automatically deploy a Blockade cloud node within Amazon Web Services.
  • blockade: primary client to interface with the blockade back-end services.

See the Usage section for getting started or our wiki for more information.

Code Documentation

Installation

From the downloaded source distribution:

$ python setup.py install

Or from PyPI:

$ pip install blockade-toolkit [--upgrade]

The package depends on several external libraries. If these are not present, they will be installed automatically. A requirements.txt file is included in the repository which outlines these dependencies in detail.

Setup

Users must supply their email and API key in order for this library to function. On the first setup run, validated whitelists will be downloaded and stored within the configuration directory. First-time setup requires configuring your API email and private key for authentication:

$ blockade-cfg setup <EMAIL> <API_KEY>

At any time, the current API configuration parameters can be queried using the same utility:

$ blockade-cfg show

Configuration parameters are stored in $HOME/.config/blockade/api_config.json.

Usage

Every command-line script has several sub-commands that may be passed to it. The commands usage may be described with the -h/--help option.

For example:

$ blockade -h
usage: blockade [-h] {ioc} ...

Blockade Analyst Bench

positional arguments:
  {ioc}
    ioc       Perform actions with IOCs

optional arguments:
  -h, --help  show this help message and exit

Code Documentation

Blockade Analyst Bench Interface

class blockade.api.Client(email, api_key, server='api.blockade.io', http_proxy=None, https_proxy=None, verify=True, headers=None, debug=False)[source]

Base client that all data sources will inherit from.

_endpoint(endpoint, action, *url_args)[source]

Return the URL for the action.

Parameters:
  • endpoint (str) – The controller
  • action (str) – The action provided by the controller
  • url_args – Additional endpoints(for endpoints that take part of the url as option)
Returns:

Full URL for the requested action
_get(endpoint, action, *url_args, **url_params)[source]

Request API Endpoint - for GET methods.

Parameters:
  • endpoint (str) – Endpoint
  • action (str) – Endpoint Action
  • url_args – Additional endpoints(for endpoints that take part of the url as option)
  • url_params – Parameters to pass to url, typically query string
Returns:

response deserialized from JSON
_json(response)[source]

JSON response from server.

Parameters:response – Response from the server
Throws ValueError:
 from requests’ response.json() error
Returns:response deserialized from JSON
_send_data(method, endpoint, action, data, *url_args, **url_params)[source]

Submit to API Endpoint - for DELETE, PUT, POST methods.

Parameters:
  • method (str) – Method to use for the request
  • endpoint (str) – Endpoint
  • action (str) – Endpoint Action
  • url_args – Additional endpoints(for endpoints that take part of the url as option)
  • url_params – Parameters to pass to url, typically query string
Returns:

response deserialized from JSON
classmethod from_config()[source]

Method to return back a loaded instance.

set_debug(status)[source]

Control the logging state.

class blockade.config.Config(**kwargs)[source]

Manage configuration to ease library use.

get(item, default=None)[source]

Get details from the configuration.

Parameters:
  • item (str) – Key used for search
  • default – Default value if search misses
Returns:

Configuration value
load_config(**kwargs)[source]

Load the configuration for the user or seed it with defaults.

Returns:Boolean if successful
options

Return configuration option data.

Returns:Dict of configuration keys
write_config()[source]

Write the configuration to a local file.

Returns:Boolean if successful
class blockade.libs.events.EventsClient(*args, **kwargs)[source]

Client to interface with events for blockade.

flush_events()[source]

Flush events from the cloud node.

get_events()[source]

Get events from the cloud node.

class blockade.libs.indicators.IndicatorClient(*args, **kwargs)[source]

Client to interface with indicators for blockade.

add_indicators(indicators=[], private=False, tags=[])[source]

Add indicators to the remote instance.

get_indicators()[source]

List indicators available on the remote instance.

Exceptions

class blockade.common.exceptions.INVALID_INDICATORS[source]

No indicators were passed.

Changelog

License

Copyright 2018 Brandon Dixon

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Indices and tables