colander_data_converter.base.types.observable
- class colander_data_converter.base.types.observable.ObservableType[source]
Bases:
CommonEntityTypeObservableType represents metadata for observables in Colander.
Check the list of supported types.
Example
>>> observable_type = ObservableType( ... short_name='IPV4', ... name='IPv4', ... description='An IPv4 address type' ... ) >>> print(observable_type.name) IPv4
- Fields:
- Validators:
is_supported_type»short_name
- model_post_init(_ObservableType__context)[source]
Override this method to perform additional initialization after __init__ and model_construct. This is useful if you want to do some validation that requires the entire model to be initialized.
- match_regex(value)[source]
Check if a value matches the compiled regex pattern for this observable type.
This method validates whether a given string value conforms to the regex pattern defined for this observable type. If no regex pattern is configured, it returns False.
- Parameters:
value (
str) – The string value to test against the regex pattern.- Returns:
True if the value matches the regex pattern, False otherwise. Returns False if no regex pattern is configured for this type.
- Return type:
Example
>>> ipv4_type = ObservableTypes.IPV4.value >>> ipv4_type.match_regex("192.168.1.1") True >>> ipv4_type.match_regex("invalid-ip") False
- class colander_data_converter.base.types.observable.ObservableTypes(*values)[source]
Bases:
EnumObservableTypes provides access to all supported observable types.
This class loads observable type definitions from the observable types JSON file and exposes them as an enum. It also provides a method to look up an observable type by its short name.
Example
>>> observable_type = ObservableTypes.IPV4.value >>> print(observable_type.name) IPv4 >>> default_type = ObservableTypes.by_short_name("nonexistent") >>> print(default_type.name) Generic
- classmethod suggest(observable_value)[source]
Suggest an appropriate observable type based on pattern matching.
This method attempts to find a suitable observable type by testing the given observable name against the regex patterns of all defined observable types. It returns the first matching type found, or the default generic type if no pattern matches.
- Parameters:
observable_value (
str) – The observable value to analyze and match against known patterns (e.g., IP addresses, domains, hashes).- Returns:
The first observable type whose regex pattern matches the input, or the default GENERIC type if no match is found.
- Return type:
Example
>>> ObservableTypes.suggest("192.168.1.1") IPV4 >>> ObservableTypes.suggest("example.com") DOMAIN
- ASN = ASN
Autonomous system number - A unique number assigned to a group of IP networks operated by one or more network operators.
- CIDR = CIDR
CIDR - A Classless Inter-Domain Routing block, representing a range of IP addresses.
- COMMUNITY_ID = COMMUNITY_ID
Community id - A hash value used to uniquely identify network flows across tools.
- CVE = CVE
CVE - A Common Vulnerabilities and Exposures identifier for publicly known security flaws.
- DEXOFUZZY = DEXOFUZZY
Dexofuzzy hash - A fuzzy hash value used to compare Android DEX files for similarity.
- DNS_RECORD = DNS_RECORD
DNS record - A record containing information about a domain name in the DNS system.
- DOMAIN = DOMAIN
Domain name - A human-readable address used to identify resources on the internet.
- DOMAIN_REGISTRANT = DOMAIN_REGISTRANT
Domain registrant - The individual or organization that owns or controls a domain name.
- DOMAIN_REGISTRAR = DOMAIN_REGISTRAR
Domain registrar - The organization or entity responsible for registering domain names.
- EMAIL = EMAIL
Email address - An address used to send and receive electronic mail.
- GENERIC = GENERIC
Generic - A general or unspecified observable type that does not fit other categories.
- HOSTNAME = HOSTNAME
Hostname - A label assigned to a device on a network, used to identify it in various forms.
- IMPHASH = IMPHASH
Import hash - A hash of the import table of a PE file, used to identify similar binaries.
- IPV4 = IPV4
IPv4 - An IPv4 address, a 32-bit numeric address used for identifying devices on a network.
- IPV6 = IPV6
IPv6 - An IPv6 address, a 128-bit alphanumeric address for identifying devices on a network.
- LOCATION = LOCATION
Location - A physical or geographical place, specified by coordinates or address.
- MAC = MAC
MAC address - A unique hardware identifier assigned to a network interface card (NIC).
- MD5 = MD5
MD5 - A 128-bit hash value, commonly used to verify file integrity.
- MUTEX = MUTEX
Mutex - A mutual exclusion object used for process synchronization.
- NAMESPACE = NAMESPACE
Namespace - A container that holds a set of identifiers, such as classes or functions, to avoid naming conflicts.
- OS_QUERY = OS_QUERY
Os query - A query or result from an operating system instrumentation framework.
- PATH = PATH
File path - A string specifying the location of a file or directory in a filesystem.
- PEHASH = PEHASH
PE hash - A hash value calculated from the structure of a Portable Executable (PE) file.
- PHONE = PHONE
Phone number - A numeric identifier used to reach a telephone endpoint.
- PROCESS = PROCESS
Process name - The name of a running process on a computer system.
- SERVICE = SERVICE
Running service - A network or system service that is currently active or listening.
- SHA1 = SHA1
SHA1 - A 160-bit hash value, used for data integrity and file identification.
- SHA256 = SHA256
SHA256 - A 256-bit hash value, widely used for file and data integrity verification.
- SOCIAL_ACCOUNT = SOCIAL_ACCOUNT
Social account identifier - A unique identifier for a user account on a social media platform.
- SSL_CERT_F = SSL_CERT_F
SSL certificate fingerprint - A hash value uniquely identifying an SSL/TLS certificate.
- URI = URI
URI - A Uniform Resource Identifier, a string used to identify a resource.
- URL = URL
URL - A Uniform Resource Locator, specifying the address of a resource on the internet.
- default = GENERIC