SiemplifyDataModel module
class SiemplifyDataModel.ActionLogRecord
classSiemplifyDataModel.ActionLogRecord(record_type,message,original_source_file_name=None,case_id=None,alert_id=None,workflow_id=None,environment=None,source_system_name=None,exception_message=None,integration=None,action_definition_name=None,timestamp=None)Bases: object
class SiemplifyDataModel.Alert
classSiemplifyDataModel.Alert(identifier,alert_group_identifier,creation_time,modification_time,case_identifier,reporting_vendor,reporting_product,environment,name,description,external_id,severity,rule_generator,tags,detected_time,security_events,domain_relations,domain_entities,additional_properties,additional_data)Bases: AlertInfo
get_alert_start_time(creation_time, security_events)
static get_prop_if_exists(dictionary, prop_name, default_value)
class SiemplifyDataModel.AlertInfo
classSiemplifyDataModel.AlertInfo(identifier,alert_group_identifier,creation_time,modification_time,case_identifier,reporting_vendor,reporting_product,environment,name,description,external_id,severity,rule_generator,tags,detected_time,additional_properties,additional_data)Bases: Base
class SiemplifyDataModel.ApiPeriodTypeEnum
classSiemplifyDataModel.ApiPeriodTypeEnumBases: object
This object represents the time units of an SLA period.
DAYS= 'Days'
HOURS= 'Hours'
MINUTES= 'Minutes'
classmethod validate(value)
classmethod values()
class SiemplifyDataModel.ApiSyncAlertCloseReasonEnum
classSiemplifyDataModel.ApiSyncAlertCloseReasonEnumBases: object
INCONCLUSIVE= 3
MAINTENANCE= 2
MALICIOUS= 0
NOT_MALICIOUS= 1
UNKNOWN= 4
class SiemplifyDataModel.ApiSyncAlertPriorityEnum
classSiemplifyDataModel.ApiSyncAlertPriorityEnumBases: object
CRITICAL= 5
HIGH= 4
INFORMATIVE= 0
LOW= 2
MEDIUM= 3
UNCHANGED= 1
class SiemplifyDataModel.ApiSyncAlertStatusEnum
classSiemplifyDataModel.ApiSyncAlertStatusEnumBases: object
CLOSED= 1
OPENED= 0
class SiemplifyDataModel.ApiSyncAlertUsefulnessEnum
classSiemplifyDataModel.ApiSyncAlertUsefulnessEnumBases: object
NONE= 0
NOT_USEFUL= 1
USEFUL= 2
class SiemplifyDataModel.ApiSyncCasePriorityEnum
classSiemplifyDataModel.ApiSyncCasePriorityEnumBases: object
CRITICAL= 5
HIGH= 4
INFORMATIVE= 0
LOW= 2
MEDIUM= 3
UNCHANGED= 1
class SiemplifyDataModel.ApiSyncCaseStatusEnum
classSiemplifyDataModel.ApiSyncCaseStatusEnumBases: object
ALL= 2
CLOSED= 1
CREATION_PENDING= 4
MERGED= 3
OPENED= 0
class SiemplifyDataModel.Attachment
classSiemplifyDataModel.Attachment(case_identifier,alert_identifier,base64_blob,attachment_type,name,description,is_favorite,orig_size,size)Bases: Base
static fromfile(path, case_id=None, alert_identifier=None, description=None, is_favorite=False)
property is_identifier_mandatory
class SiemplifyDataModel.Base
classSiemplifyDataModel.Base(identifier,creation_time=None,modification_time=None,additional_properties=None)Bases: object
property is_identifier_mandatory
class SiemplifyDataModel.CaseFilterOperatorEnum
classSiemplifyDataModel.CaseFilterOperatorEnumBases: object
AND= 'AND'
OR= 'OR'
class SiemplifyDataModel.CaseFilterSortByEnum
classSiemplifyDataModel.CaseFilterSortByEnumBases: object
CLOSE_TIME= 'CLOSE_TIME'
START_TIME= 'START_TIME'
UPDATE_TIME= 'UPDATE_TIME'
class SiemplifyDataModel.CaseFilterSortOrderEnum
classSiemplifyDataModel.CaseFilterSortOrderEnumBases: object
ASC= 'ASC'
DESC= 'DESC'
class SiemplifyDataModel.CaseFilterStatusEnum
classSiemplifyDataModel.CaseFilterStatusEnumBases: object
BOTH= 'BOTH'
CLOSE= 'CLOSE'
OPEN= 'OPEN'
class SiemplifyDataModel.CaseFilterValue
classSiemplifyDataModel.CaseFilterValue(value,title)Bases: object
class SiemplifyDataModel.CaseStatus
classSiemplifyDataModel.CaseStatusBases: object
CLOSE= 'CLOSE'
OPEN= 'OPEN'
class SiemplifyDataModel.CasesFilter
classSiemplifyDataModel.CasesFilter(environments=None,analysts=None,statuses=None,case_names=None,tags=None,priorities=None,stages=None,case_types=None,products=None,networks=None,ticked_ids_free_search='',case_ids_free_search='',wall_data_free_search='',entities_free_search='',start_time_unix_time_in_ms=-1,end_time_unix_time_in_ms=-1)Bases: object
class SiemplifyDataModel.ConnectorLogRecord
classSiemplifyDataModel.ConnectorLogRecord(record_type,message,connector_identifier,result_data_type,original_source_file_name=None,result_package_items_count=None,environment=None,source_system_name=None,exception_message=None,integration=None,connector_definition_name=None,timestamp=None)Bases: object
class SiemplifyDataModel.CustomList
classSiemplifyDataModel.CustomList(identifier,category,environment)Bases: Base
property is_identifier_mandatory
class SiemplifyDataModel.CyberCase
classSiemplifyDataModel.CyberCase(identifier,creation_time,modification_time,alert_count,priority,is_touched,is_merged,is_important,environment,assigned_user,title,description,status,is_incident,stage,has_suspicious_entity,high_risk_products,is_locked,has_workflow,sla_expiration_unix_time,cyber_alerts,additional_properties)Bases: CyberCaseInfo
class SiemplifyDataModel.CyberCaseInfo
classSiemplifyDataModel.CyberCaseInfo(identifier,creation_time,modification_time,alert_count,priority,is_touched,is_merged,is_important,assigned_user,title,description,status,environment,is_incident,stage,has_suspicious_entity,high_risk_products,is_locked,has_workflow,sla_expiration_unix_time,additional_properties)Bases: Base
class SiemplifyDataModel.DomainEntityInfo
classSiemplifyDataModel.DomainEntityInfo(identifier,creation_time,modification_time,case_identifier,alert_identifier,entity_type,is_internal,is_suspicious,is_artifact,is_enriched,is_vulnerable,is_pivot,additional_properties)Bases: Base
to_dict()
class SiemplifyDataModel.DomainRelationInfo
classSiemplifyDataModel.DomainRelationInfo(identifier,creation_time,modification_time,case_identifier,alert_identifier,security_event_identifier,relation_type,event_id,from_identifier,to_identifier,device_product,device_vendor,event_class_id,severity,start_time,end_time,destination_port,category_outcome,additional_properties,to_type=None,from_type=None)Bases: Base
class SiemplifyDataModel.EntityTypes
classSiemplifyDataModel.EntityTypesBases: object
ADDRESS= 'ADDRESS'
ALERT= 'ALERT'
APPLICATION= 'APPLICATION'
CHILDHASH= 'CHILDHASH'
CHILDPROCESS= 'CHILDPROCESS'
CLUSTER= 'CLUSTER'
CONTAINER= 'CONTAINER'
CREDITCARD= 'CREDITCARD'
CVE= 'CVE'
CVEID= 'CVEID'
DATABASE= 'DATABASE'
DEPLOYMENT= 'DEPLOYMENT'
DESTINATIONDOMAIN= 'DESTINATIONDOMAIN'
DOMAIN= 'DOMAIN'
EMAILMESSAGE= 'EMAILSUBJECT'
EVENT= 'EVENT'
FILEHASH= 'FILEHASH'
FILENAME= 'FILENAME'
GENERIC= 'GENERICENTITY'
HOSTNAME= 'HOSTNAME'
IPSET= 'IPSET'
MACADDRESS= 'MacAddress'
PARENTHASH= 'PARENTHASH'
PARENTPROCESS= 'PARENTPROCESS'
PHONENUMBER= 'PHONENUMBER'
POD= 'POD'
PROCESS= 'PROCESS'
SERVICE= 'SERVICE'
SOURCEDOMAIN= 'SOURCEDOMAIN'
THREATACTOR= 'THREATACTOR'
THREATCAMPAIGN= 'THREATCAMPAIGN'
THREATSIGNATURE= 'THREATSIGNATURE'
URL= 'DestinationURL'
USB= 'USB'
USER= 'USERUNIQNAME'
class SiemplifyDataModel.InsightSeverity
classSiemplifyDataModel.InsightSeverityBases: object
ERROR= 2
INFO= 0
WARN= 1
class SiemplifyDataModel.InsightType
classSiemplifyDataModel.InsightTypeBases: object
Entity= 1
General= 0
class SiemplifyDataModel.LogRecordTypeEnum
classSiemplifyDataModel.LogRecordTypeEnumBases: object
ERROR= 1
INFO= 0
KEEP_ALIVE= 2
class SiemplifyDataModel.LogRow
classSiemplifyDataModel.LogRow(message,log_level,timestamp)Bases: object
class SiemplifyDataModel.SecurityEventInfo
classSiemplifyDataModel.SecurityEventInfo(identifier=None,creation_time=None,modification_time=None,case_identifier=None,alert_identifier=None,name=None,description=None,event_id=None,device_severity=None,device_product=None,device_vendor=None,device_version=None,event_class_id=None,severity=None,start_time=None,end_time=None,event_type=None,rule_generator=None,is_correlation=None,device_host_name=None,device_address=None,source_dns_domain=None,source_nt_domain=None,source_host_name=None,source_address=None,source_user_name=None,source_user_id=None,source_process_name=None,destination_dns_domain=None,destination_nt_domain=None,destination_host_name=None,destination_address=None,destination_user_name=None,destination_url=None,destination_port=None,destination_process_name=None,file_name=None,file_hash=None,file_type=None,email_subject=None,usb=None,application_protocol=None,transport_protocol=None,category_outcome=None,signature=None,deployment=None,additional_properties=None,threat_actor=None,source_mac_address=None,destination_mac_address=None,credit_card=None,phone_number=None,cve=None,threat_campaign=None,generic_entity=None,process=None,parent_process=None,parent_hash=None,child_process=None,child_hash=None,source_domain=None,destination_domain=None,ipset=None,cluster=None,application=None,database=None,pod=None,container=None,service=None)Bases: Base
property is_identifier_mandatory
class SiemplifyDataModel.SyncAlert
classSiemplifyDataModel.SyncAlert(alert_group_id,alert_id,case_id,environment,priority,status,ticket_id,creation_time,close_comment,close_reason,close_root_cause,close_usefulness)Bases: object
class SiemplifyDataModel.SyncAlertMetadata
classSiemplifyDataModel.SyncAlertMetadata(alert_group_id,tracking_time)Bases: object
class SiemplifyDataModel.SyncCase
classSiemplifyDataModel.SyncCase(case_id,environment,priority,stage,status,external_case_id,title)Bases: object
class SiemplifyDataModel.SyncCaseIdMatch
classSiemplifyDataModel.SyncCaseIdMatch(case_id,external_case_id)Bases: object
This object represents a matching between a Siemplify internal case ID and anexternal case ID in an external system.
class SiemplifyDataModel.SyncCaseMetadata
classSiemplifyDataModel.SyncCaseMetadata(case_id,tracking_time)Bases: object
class SiemplifyDataModel.Task
classSiemplifyDataModel.Task(case_id,content,creator_user_id,due_date_unix_time_ms=None,is_important=False,is_favorite=False,owner_comment=None,priority=0,owner=None,status=0,completion_comment=None,completion_date_time_unix_time_in_ms=None,alert_identifier=None,id=0,title=None,creator_full_name=None,owner_full_name=None,creation_time_unix_time_in_ms=0,modification_time_unix_time_in_ms=0,last_modifier=None,last_modifier_full_name=None,completor=None,completor_full_name=None)Bases: Base
property is_identifier_mandatory
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-18 UTC.