SiemplifyDataModel module

class SiemplifyDataModel.ActionLogRecord

classSiemplifyDataModel.ActionLogRecord(record_type,message,original_source_file_name=None,case_id=None,alert_id=None,workflow_id=None,environment=None,source_system_name=None,exception_message=None,integration=None,action_definition_name=None,timestamp=None)

Bases: object

class SiemplifyDataModel.Alert

classSiemplifyDataModel.Alert(identifier,alert_group_identifier,creation_time,modification_time,case_identifier,reporting_vendor,reporting_product,environment,name,description,external_id,severity,rule_generator,tags,detected_time,security_events,domain_relations,domain_entities,additional_properties,additional_data)

Bases: AlertInfo

get_alert_start_time(creation_time, security_events)

static get_prop_if_exists(dictionary, prop_name, default_value)

class SiemplifyDataModel.AlertInfo

classSiemplifyDataModel.AlertInfo(identifier,alert_group_identifier,creation_time,modification_time,case_identifier,reporting_vendor,reporting_product,environment,name,description,external_id,severity,rule_generator,tags,detected_time,additional_properties,additional_data)

Bases: Base

class SiemplifyDataModel.ApiPeriodTypeEnum

classSiemplifyDataModel.ApiPeriodTypeEnum

Bases: object
This object represents the time units of an SLA period.

DAYS= 'Days'

HOURS= 'Hours'

MINUTES= 'Minutes'

classmethod validate(value)

classmethod values()

class SiemplifyDataModel.ApiSyncAlertCloseReasonEnum

classSiemplifyDataModel.ApiSyncAlertCloseReasonEnum

Bases: object

INCONCLUSIVE= 3

MAINTENANCE= 2

MALICIOUS= 0

NOT_MALICIOUS= 1

UNKNOWN= 4

class SiemplifyDataModel.ApiSyncAlertPriorityEnum

classSiemplifyDataModel.ApiSyncAlertPriorityEnum

Bases: object

CRITICAL= 5

HIGH= 4

INFORMATIVE= 0

LOW= 2

MEDIUM= 3

UNCHANGED= 1

class SiemplifyDataModel.ApiSyncAlertStatusEnum

classSiemplifyDataModel.ApiSyncAlertStatusEnum

Bases: object

CLOSED= 1

OPENED= 0

class SiemplifyDataModel.ApiSyncAlertUsefulnessEnum

classSiemplifyDataModel.ApiSyncAlertUsefulnessEnum

Bases: object

NONE= 0

NOT_USEFUL= 1

USEFUL= 2

class SiemplifyDataModel.ApiSyncCasePriorityEnum

classSiemplifyDataModel.ApiSyncCasePriorityEnum

Bases: object

CRITICAL= 5

HIGH= 4

INFORMATIVE= 0

LOW= 2

MEDIUM= 3

UNCHANGED= 1

class SiemplifyDataModel.ApiSyncCaseStatusEnum

classSiemplifyDataModel.ApiSyncCaseStatusEnum

Bases: object

ALL= 2

CLOSED= 1

CREATION_PENDING= 4

MERGED= 3

OPENED= 0

class SiemplifyDataModel.Attachment

classSiemplifyDataModel.Attachment(case_identifier,alert_identifier,base64_blob,attachment_type,name,description,is_favorite,orig_size,size)

Bases: Base

static fromfile(path, case_id=None, alert_identifier=None, description=None, is_favorite=False)

property is_identifier_mandatory

class SiemplifyDataModel.Base

classSiemplifyDataModel.Base(identifier,creation_time=None,modification_time=None,additional_properties=None)

Bases: object

property is_identifier_mandatory

class SiemplifyDataModel.CaseFilterOperatorEnum

classSiemplifyDataModel.CaseFilterOperatorEnum

Bases: object

AND= 'AND'

OR= 'OR'

class SiemplifyDataModel.CaseFilterSortByEnum

classSiemplifyDataModel.CaseFilterSortByEnum

Bases: object

CLOSE_TIME= 'CLOSE_TIME'

START_TIME= 'START_TIME'

UPDATE_TIME= 'UPDATE_TIME'

class SiemplifyDataModel.CaseFilterSortOrderEnum

classSiemplifyDataModel.CaseFilterSortOrderEnum

Bases: object

ASC= 'ASC'

DESC= 'DESC'

class SiemplifyDataModel.CaseFilterStatusEnum

classSiemplifyDataModel.CaseFilterStatusEnum

Bases: object

BOTH= 'BOTH'

CLOSE= 'CLOSE'

OPEN= 'OPEN'

class SiemplifyDataModel.CaseFilterValue

classSiemplifyDataModel.CaseFilterValue(value,title)

Bases: object

class SiemplifyDataModel.CaseStatus

classSiemplifyDataModel.CaseStatus

Bases: object

CLOSE= 'CLOSE'

OPEN= 'OPEN'

class SiemplifyDataModel.CasesFilter

classSiemplifyDataModel.CasesFilter(environments=None,analysts=None,statuses=None,case_names=None,tags=None,priorities=None,stages=None,case_types=None,products=None,networks=None,ticked_ids_free_search='',case_ids_free_search='',wall_data_free_search='',entities_free_search='',start_time_unix_time_in_ms=-1,end_time_unix_time_in_ms=-1)

Bases: object

class SiemplifyDataModel.ConnectorLogRecord

classSiemplifyDataModel.ConnectorLogRecord(record_type,message,connector_identifier,result_data_type,original_source_file_name=None,result_package_items_count=None,environment=None,source_system_name=None,exception_message=None,integration=None,connector_definition_name=None,timestamp=None)

Bases: object

class SiemplifyDataModel.CustomList

classSiemplifyDataModel.CustomList(identifier,category,environment)

Bases: Base

property is_identifier_mandatory

class SiemplifyDataModel.CyberCase

classSiemplifyDataModel.CyberCase(identifier,creation_time,modification_time,alert_count,priority,is_touched,is_merged,is_important,environment,assigned_user,title,description,status,is_incident,stage,has_suspicious_entity,high_risk_products,is_locked,has_workflow,sla_expiration_unix_time,cyber_alerts,additional_properties)

Bases: CyberCaseInfo

class SiemplifyDataModel.CyberCaseInfo

classSiemplifyDataModel.CyberCaseInfo(identifier,creation_time,modification_time,alert_count,priority,is_touched,is_merged,is_important,assigned_user,title,description,status,environment,is_incident,stage,has_suspicious_entity,high_risk_products,is_locked,has_workflow,sla_expiration_unix_time,additional_properties)

Bases: Base

class SiemplifyDataModel.DomainEntityInfo

classSiemplifyDataModel.DomainEntityInfo(identifier,creation_time,modification_time,case_identifier,alert_identifier,entity_type,is_internal,is_suspicious,is_artifact,is_enriched,is_vulnerable,is_pivot,additional_properties)

Bases: Base

to_dict()

class SiemplifyDataModel.DomainRelationInfo

classSiemplifyDataModel.DomainRelationInfo(identifier,creation_time,modification_time,case_identifier,alert_identifier,security_event_identifier,relation_type,event_id,from_identifier,to_identifier,device_product,device_vendor,event_class_id,severity,start_time,end_time,destination_port,category_outcome,additional_properties,to_type=None,from_type=None)

Bases: Base

class SiemplifyDataModel.EntityTypes

classSiemplifyDataModel.EntityTypes

Bases: object

ADDRESS= 'ADDRESS'

ALERT= 'ALERT'

APPLICATION= 'APPLICATION'

CHILDHASH= 'CHILDHASH'

CHILDPROCESS= 'CHILDPROCESS'

CLUSTER= 'CLUSTER'

CONTAINER= 'CONTAINER'

CREDITCARD= 'CREDITCARD'

CVE= 'CVE'

CVEID= 'CVEID'

DATABASE= 'DATABASE'

DEPLOYMENT= 'DEPLOYMENT'

DESTINATIONDOMAIN= 'DESTINATIONDOMAIN'

DOMAIN= 'DOMAIN'

EMAILMESSAGE= 'EMAILSUBJECT'

EVENT= 'EVENT'

FILEHASH= 'FILEHASH'

FILENAME= 'FILENAME'

GENERIC= 'GENERICENTITY'

HOSTNAME= 'HOSTNAME'

IPSET= 'IPSET'

MACADDRESS= 'MacAddress'

PARENTHASH= 'PARENTHASH'

PARENTPROCESS= 'PARENTPROCESS'

PHONENUMBER= 'PHONENUMBER'

POD= 'POD'

PROCESS= 'PROCESS'

SERVICE= 'SERVICE'

SOURCEDOMAIN= 'SOURCEDOMAIN'

THREATACTOR= 'THREATACTOR'

THREATCAMPAIGN= 'THREATCAMPAIGN'

THREATSIGNATURE= 'THREATSIGNATURE'

URL= 'DestinationURL'

USB= 'USB'

USER= 'USERUNIQNAME'

class SiemplifyDataModel.InsightSeverity

classSiemplifyDataModel.InsightSeverity

Bases: object

ERROR= 2

INFO= 0

WARN= 1

class SiemplifyDataModel.InsightType

classSiemplifyDataModel.InsightType

Bases: object

Entity= 1

General= 0

class SiemplifyDataModel.LogRecordTypeEnum

classSiemplifyDataModel.LogRecordTypeEnum

Bases: object

ERROR= 1

INFO= 0

KEEP_ALIVE= 2

class SiemplifyDataModel.LogRow

classSiemplifyDataModel.LogRow(message,log_level,timestamp)

Bases: object

class SiemplifyDataModel.SecurityEventInfo

classSiemplifyDataModel.SecurityEventInfo(identifier=None,creation_time=None,modification_time=None,case_identifier=None,alert_identifier=None,name=None,description=None,event_id=None,device_severity=None,device_product=None,device_vendor=None,device_version=None,event_class_id=None,severity=None,start_time=None,end_time=None,event_type=None,rule_generator=None,is_correlation=None,device_host_name=None,device_address=None,source_dns_domain=None,source_nt_domain=None,source_host_name=None,source_address=None,source_user_name=None,source_user_id=None,source_process_name=None,destination_dns_domain=None,destination_nt_domain=None,destination_host_name=None,destination_address=None,destination_user_name=None,destination_url=None,destination_port=None,destination_process_name=None,file_name=None,file_hash=None,file_type=None,email_subject=None,usb=None,application_protocol=None,transport_protocol=None,category_outcome=None,signature=None,deployment=None,additional_properties=None,threat_actor=None,source_mac_address=None,destination_mac_address=None,credit_card=None,phone_number=None,cve=None,threat_campaign=None,generic_entity=None,process=None,parent_process=None,parent_hash=None,child_process=None,child_hash=None,source_domain=None,destination_domain=None,ipset=None,cluster=None,application=None,database=None,pod=None,container=None,service=None)

Bases: Base

property is_identifier_mandatory

class SiemplifyDataModel.SyncAlert

classSiemplifyDataModel.SyncAlert(alert_group_id,alert_id,case_id,environment,priority,status,ticket_id,creation_time,close_comment,close_reason,close_root_cause,close_usefulness)

Bases: object

class SiemplifyDataModel.SyncAlertMetadata

classSiemplifyDataModel.SyncAlertMetadata(alert_group_id,tracking_time)

Bases: object

class SiemplifyDataModel.SyncCase

classSiemplifyDataModel.SyncCase(case_id,environment,priority,stage,status,external_case_id,title)

Bases: object

class SiemplifyDataModel.SyncCaseIdMatch

classSiemplifyDataModel.SyncCaseIdMatch(case_id,external_case_id)

Bases: object
This object represents a matching between a Siemplify internal case ID and anexternal case ID in an external system.

class SiemplifyDataModel.SyncCaseMetadata

classSiemplifyDataModel.SyncCaseMetadata(case_id,tracking_time)

Bases: object

class SiemplifyDataModel.Task

classSiemplifyDataModel.Task(case_id,content,creator_user_id,due_date_unix_time_ms=None,is_important=False,is_favorite=False,owner_comment=None,priority=0,owner=None,status=0,completion_comment=None,completion_date_time_unix_time_in_ms=None,alert_identifier=None,id=0,title=None,creator_full_name=None,owner_full_name=None,creation_time_unix_time_in_ms=0,modification_time_unix_time_in_ms=0,last_modifier=None,last_modifier_full_name=None,completor=None,completor_full_name=None)

Bases: Base

property is_identifier_mandatory

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-18 UTC.