Add more cortex queries

[Anko59]

No description provided.

[Kamforka]

I'll take a closer look but on the high level it seems fine!
Maybe one thing that is not ideal is the simple return types.
Probably we can define some more advanced type hints for those?

[Anko59]

Thanks for the review,

I applied the changes that you suggested. I added cortex types for the objects returned by the API and added the range parameter to the list_analyzers function. I did not find any other missing parameter.

I used python 3.9+ typing (dict and list instead of Dict and List). It was already like this in the cortex.py, though I noticed most of the repo still uses pre 3.9 typing.

To better match the documentation, "responder action" and "analyzer job" could be renamed "cortex action" and "cortex job", but I think the first ones are easier to understand.

[codecov]

Codecov Report

Attention: Patch coverage is 85.71429% with 2 lines in your changes missing coverage. Please review.

Project coverage is 92.94%. Comparing base (da08ad3) to head (514fd55).

Files with missing lines	Patch %	Lines
thehive4py/endpoints/cortex.py	85.71%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #371      +/-   ##
==========================================
- Coverage   93.08%   92.94%   -0.15%     
==========================================
  Files          27       27              
  Lines         738      751      +13     
==========================================
+ Hits          687      698      +11     
- Misses         51       53       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Kamforka]

I applied the changes that you suggested. I added cortex types for the objects returned by the API and added the range parameter to the list_analyzers function. I did not find any other missing parameter.

Nice, great job so far!

I used python 3.9+ typing (dict and list instead of Dict and List). It was already like this in the cortex.py, though I noticed most of the repo still uses pre 3.9 typing.

Unfortunately we still support 3.8, so can you please fall back to typing.List and typing.Dict where necessary? I plan to drop support 2025Q1.

To better match the documentation, "responder action" and "analyzer job" could be renamed "cortex action" and "cortex job", but I think the first ones are easier to understand.

I agree with the naming convention, more to the point than cortex action and job!

My last point to this PR would be the missing integration tests. Unfortunately we don't have a Cortex instance configured yet, so we cannot test all the endpoints, but probably we can add some dummy test for the list_analyzers and list_responders methods, would you like to give it a try?

[Anko59]

I implemented the changes you suggested.
The tests are really dummy, as there are no responders or analyzers on the test instance, some of the test code is never reached. I don't know how to add responders or analyzers using the API. I will try to document myself.

[Kamforka]

I implemented the changes you suggested. The tests are really dummy, as there are no responders or analyzers on the test instance, some of the test code is never reached. I don't know how to add responders or analyzers using the API. I will try to document myself.

First of all thank you very much for the changes, great job just as before!!!

To reply to your dummy test concern, unfortunately this is the best we can do at the moment as we don't yet have a live Cortex instance behind the integrator instance of TheHive, so we will always get back empty responder and analyzer lists, but that's okay for now. TheHive cannot create/define analyzers nor responders.

Additionally I added some simplification ideas to your tests, if you implement those I think we are done with this PR.

[Kamforka]

Thank you for your coop, nice one!