-2

hi i need to get value of json response in python

{
"data": [{
        "incidentOriginId": "4f94d397a2611de4686778efe1188d90069685f94aab51afeb2b511985133067",
        "incidentClassPrimary": "MALWARE",
        "incidentClassSecondary": null,
        "startTime": "2020-12-23T08:00:51",
        "endTime": "2020-12-23T08:02:59",
        "lastUpdatedTime": "2020-12-24T09:26:45.309",
        "ip": "172.24.102.142",
        "risk": 8,
        "incidentState": null,
        "incidentDetails": "{\"id\":\"4f94d397a2611de4686778efe1188d90069685f94aab51afeb2b511985133067\",\"type\":\"incidents\",\"attributes\":{\"userFeedback\":\"NONE\",\"escalations\":[{\"@type\":\"cluster-label-change\",\"changeTime\":1608716795300,\"clusterLabel\":\"CSAL01\",\"category\":\"malware distribution\",\"riskCategory\":\"HIGH\"}],\"userNote\":null,\"confidence\":100,\"behindProxy\":false,\"flowCount\":7,\"incidentTypes\":[\"ADE\"],\"clusterLabels\":[\"CSAL01\"],\"stateChanges\":[],\"duration\":{\"startTime\":1608710451000,\"endTime\":1608710579000},\"incidentClass\":\"malware|malware distribution\",\"userFeedbackTimestamp\":null,\"eta\":false,\"blockedFlowCount\":0,\"reoccurring\":false,\"categoriesWithRisk\":[{\"category\":\"malware distribution\",\"riskCategory\":\"HIGH\"}],\"osType\":\"\",\"lastUpdatedTime\":1608802005309,\"risk\":8,\"state\":{\"stateType\":\"TRIAGE\"},\"persistent\":false,\"user\":{\"userName\":null,\"ipAddresses\":[{\"ipAddress\":\"172.24.102.142\",\"assignedFrom\":1608710451000,\"assignedTo\":1608710579000}]}},\"relationships\":{\"activities\":{\"links\":{\"self\":\"http://nginx/api/findings/v1/incidents/4f94d397a2611de4686778efe1188d90069685f94aab51afeb2b511985133067/relationships/activities\",\"related\":\"http://nginx/api/findings/v1/incidents/4f94d397a2611de4686778efe1188d90069685f94aab51afeb2b511985133067/activities\"}},\"clusters\":{\"links\":{\"self\":\"http://nginx/api/findings/v1/incidents/4f94d397a2611de4686778efe1188d90069685f94aab51afeb2b511985133067/relationships/clusters\",\"related\":\"http://nginx/api/findings/v1/incidents/4f94d397a2611de4686778efe1188d90069685f94aab51afeb2b511985133067/clusters\"}}},\"links\":{\"self\":\"http://nginx/api/findings/v1/incidents/4f94d397a2611de4686778efe1188d90069685f94aab51afeb2b511985133067\"}}"
    },
    {
        "incidentOriginId": "859a60b000b9beeb3323e58beab23de2091277ca0b661f36445db3a8e0ddd7a9",
        "incidentClassPrimary": "MALWARE",
        "incidentClassSecondary": null,
        "startTime": "2020-12-20T08:34:15",
        "endTime": "2020-12-29T10:18:09",
        "lastUpdatedTime": "2020-12-30T11:32:58.414",
        "ip": "172.24.102.142",
        "risk": 8,
        "incidentState": null,
        "incidentDetails": "{\"id\":\"859a60b000b9beeb3323e58beab23de2091277ca0b661f36445db3a8e0ddd7a9\",\"type\":\"incidents\",\"attributes\":{\"userFeedback\":\"NONE\",\"escalations\":[{\"@type\":\"cluster-label-change\",\"changeTime\":1609242082251,\"clusterLabel\":\"CMCD14\",\"category\":\"malicious content distribution\",\"riskCategory\":\"LOW\"},{\"@type\":\"cluster-label-change\",\"changeTime\":1608463889048,\"clusterLabel\":\"CSAL01\",\"category\":\"malware distribution\",\"riskCategory\":\"HIGH\"}],\"userNote\":null,\"confidence\":100,\"behindProxy\":false,\"flowCount\":216,\"incidentTypes\":[\"ADE\"],\"clusterLabels\":[\"CSAL01\",\"CMCD14\"],\"stateChanges\":[],\"duration\":{\"startTime\":1608453255000,\"endTime\":1609237089000},\"incidentClass\":\"malware|malware distribution\",\"userFeedbackTimestamp\":null,\"eta\":true,\"blockedFlowCount\":0,\"reoccurring\":false,\"categoriesWithRisk\":[{\"category\":\"malware distribution\",\"riskCategory\":\"HIGH\"},{\"category\":\"malicious content distribution\",\"riskCategory\":\"LOW\"}],\"osType\":\"\",\"lastUpdatedTime\":1609327978414,\"risk\":8,\"state\":{\"stateType\":\"TRIAGE\"},\"persistent\":false,\"user\":{\"userName\":\"2C:60:0C:78:A1:3C\",\"ipAddresses\":[{\"ipAddress\":\"172.24.102.142\",\"assignedFrom\":1608453255000,\"assignedTo\":1609237089000}]}},\"relationships\":{\"activities\":{\"links\":{\"self\":\"http://nginx/api/findings/v1/incidents/859a60b000b9beeb3323e58beab23de2091277ca0b661f36445db3a8e0ddd7a9/relationships/activities\",\"related\":\"http://nginx/api/findings/v1/incidents/859a60b000b9beeb3323e58beab23de2091277ca0b661f36445db3a8e0ddd7a9/activities\"}},\"clusters\":{\"links\":{\"self\":\"http://nginx/api/findings/v1/incidents/859a60b000b9beeb3323e58beab23de2091277ca0b661f36445db3a8e0ddd7a9/relationships/clusters\",\"related\":\"http://nginx/api/findings/v1/incidents/859a60b000b9beeb3323e58beab23de2091277ca0b661f36445db3a8e0ddd7a9/clusters\"}}},\"links\":{\"self\":\"http://nginx/api/findings/v1/incidents/859a60b000b9beeb3323e58beab23de2091277ca0b661f36445db3a8e0ddd7a9\"}}"
    }
],
"links": {}
}

and my code is

import requests
import json

try:
    requests.packages.urllib3.disable_warnings()
except:
    pass

# Enter all authentication info
SMC_USER = "xxxxxxxx"
SMC_PASSWORD = "xxxxxxxx"
SMC_HOST = "xxxxxxxx"
MALICIOUS_IP = "xxxxxxxx"

# Set the URL for SMC login
url = "https://" + SMC_HOST + "/token/v2/authenticate"

# Let's create the login request data
login_request_data = {
    "username": SMC_USER,
    "password": SMC_PASSWORD
}

# Initialize the Requests session
api_session = requests.Session()

# Perform the POST request to login
response = api_session.request("POST", url, verify=False, data=login_request_data)

# If the login was successful
if (response.status_code == 200):
    url = 'https://' + SMC_HOST + '/sw-reporting/v2/tenants/0/incidents'
    response = api_session.request("GET", url, verify=False)
    # If successfully able to get list of Cognitive Intelligence incidents
    if (response.status_code == 200):
        # Loop through the list and print Cognitive Intelligence incident
        incidents = json.loads(response.content)["data"]#["incidentDetails"]
        lent = len(incidents)
        print("\t\t\t\\n", lent)
        for i in range(0, lent):

            a = incidents[i]
            b = a["ip"]
            c = a["risk"]
            d = a["incidentClassPrimary"]
            z = json.loads(response.content)
            zz = z.get("data")[0].get("incidentDetails").get("attributes").get("user").get("ipAddresses")  
    else:
        print(
            "An error has ocurred, while fetching Cognitive Intelligence incidents, with the following code {}".format(
                response.status_code))

    uri = 'https://' + SMC_HOST + '/token'
    response = api_session.delete(uri, timeout=30, verify=False)

# If the login was unsuccessful
else:
    print("An error has ocurred, while logging in, with the following code {}".format(response.status_code))

i need to get the following value:

  1. incidentClassPrimary
  2. ip
  3. risk
  4. incidentState
  5. incidentDetails
  6. incidentClass

regarding (incidentClass) is in (incidentDetails )

thanks in advance.

OneCricketeer
  • 179,855
  • 19
  • 132
  • 245
Elbeshti
  • 3
  • 2
  • This is not even valid json - so ... good luck. [getting-values-from-json-using-python](https://stackoverflow.com/questions/12353288/getting-values-from-json-using-python) – Patrick Artner Jan 24 '21 at 14:01
  • 1
    Why are you using `json.loads(response.content)` more than once? Secondly, did you know response.json() exists? – OneCricketeer Jan 24 '21 at 15:12

1 Answers1

0

It seems you at least need

details = json.loads(a["incidentDetails"])
attrs = details["attributes"]

Then you must parse this to get further data

If you want only the first incident data, then get it outside of the loop after you already captured the response

OneCricketeer
  • 179,855
  • 19
  • 132
  • 245
  • yes @OneCricketeer i seaerch and finaly got the answer as below: `zz = json.loads(z) ipadd = zz["attributes"]["user"]["ipAddresses"][0]['ipAddress'] print(ipadd) category = zz["attributes"]['escalations']#['category'] category1 = zz["attributes"]["categoriesWithRisk"]#['category'] if not category1: print("empty") else: catt = category1[0]["category"] catt1 = category1[0]["riskCategory"] print(catt) print(catt1)` – Elbeshti Jan 24 '21 at 16:03