Resilient Python SDK

The Resilient Python SDK includes two library modules, and several utility commands. The libraries are:

  • resilient, a utility library for accessing the REST API,
  • resilient-circuits, a framework for developing and running custom actions and functions.

Supported Python versions include 2.7.x (where x is 9 or later), or 3.6.x (where x is 4 or later). Make sure the Python installation includes pip.

The resilient-circuits library requires the resilient library. To install both:

pip install resilient-circuits

Configuration Files

It’s very convenient (although optional) to use a configuration file that holds all the Resilient connection information. The API utilities all use a configuration file if one is available, at a path specified by the APP_CONFIG_FILE environment variable, or by default at ~/.resilient/app.config.

Your REST API application code connects to Resilient using HTTPS. This often means that you need to explicitly tell your code how to trust the server’s TLS certificate. Dealing with certificates can be tricky!

To create a new configuration file template for all the required values for your integration:

resilient-circuits config -c

Then edit the configuration file for your own connection details. For example:

[resilient]

host=resilient

port=443

email=api@example.com

password=MySecretPassw0rd

org=Local
cafile=/home/integration/.resilient/serverpubcert.pem
logdir=/tmp

REST API Utilities: gadget and finfo

The gadget utility is a simple wrapper for the Resilient REST API, with commands that can create, read, list, update and search incident data, and access other REST API endpoints. Try gadget --list to see a list of the ID and name of each incident.

The finfo utility uses the /types REST API to list the fields and other data types from your Resilient platform. Try finfo without any arguments to see a list of the defined incident fields.

Resilient Circuits Integration Framework

The Resilient Circuits framework makes it extremely simple to build and deploy custom integration functions and actions using Python.

The Python Circuits Framework is a lightweight event-driven and asynchronous application framework for the Python programming language. Circuits also includes a lightweight, high performance and scalable HTTP/WSGI compliant web server as well as various I/O and networking components. The resilient-circuits library uses the Circuits component architecture for Action Processors.

Components

Each component typically performs one or more activities for a single integration. That might be a single function, such as searching for data and returning results, or a collection of methods that work together. Additionally, special-purpose components include polling timers and web services. Components can use the Circuits framework to send messages to each other. A component is a Python class.

Multiple components are collected together into a package that can be easily distributed and installed. A typical package includes at least one Resilient Circuits component, some configuration settings, and the Python machinery for installing with pip. Additionally, a package can include Resilient customizations such as custom incident fields, data tables, workflows and rules.

When a component is running, the framework takes care of subscribing to message destinations and reading the events as they occur. When an action is triggered in the Resilient platform, from a menu-item or automatic rule or workflow, the action message is delivered to the framework, which runs the corresponding Python method. The Python method also has ready access to the Resilient REST API.

Components are discovered and loaded automatically when Resilient Circuits starts. All the installed packages are loaded from the Python environment. Additionally, any Python file in your local components directory directory are loaded, and connected to the Resilient platform. In your configuration file, app.config, specify the path to a directory where these local components can be found:

[resilient]

# Directory where any custom Python components will be found
componentsdir=/home/integration/components

Resilient Circuits Command Line

To list the Resilient Circuits packages and components that are installed in your Python environment:

resilient-circuits list

To include the path to each package and the full name of each component:

resilient-circuits list -v

Note: packages in your “local components” directory are not included in this list.

To start the integration framework running:

resilient-circuits run

It connects to the Resilient platform, finds and loads your components, and waits. When the Resilient platform calls an integration function, these components are run. (For production usage, ‘resilient-circuits run’ usually starts and stops automatically as a service or daemon).

Optionally you can set the logging level,

resilient-circuits run --loglevel DEBUG

Test Mode

For development, you can run in “test mode”, which allows interactive testing of functions and actions:

resilient-circuits run --test-actions

In a separate terminal, run the test client:

resilient-circuits test

The test client connects to the main resilient-circuits process and allows you to simulate calling functions and action messages.

Creating and Installing Component Packages

The SDK can generate boilerplate code, and package it together with Resilient customizations to easily create an extension that can be distributed as a Python installer or published to App Exchange. This boilerplate is based on an export. Before running codegen, be sure to create an export with your most recent platform customizations, from Administrator Settings > Organization > Export.

To generate a single component (in your “components directory”) that provides boilerplate Python code for a function:

resilient-circuits codegen -f func_name

To generate an entire Python package including components, tests, and customization data:

resilient-circuits codegen -p package_name -f func_name_1 funct_name_2... 

Many additional options control the type of customization data that will be included in your package, including custom fields, data tables, workflows, rules, and scripts. Use resilient-circuits codegen --help to see all these options.

To import all these customizations into the Resilient platform:

resilient-circuits customize

The user is prompted before importing the customizations from each installed package.

More In-Depth Reading