Add more options to search params

[tomchop]

This pull request introduces enhancements to the Yeti API and its test suite, focusing on expanding search capabilities, improving functionality, and refining test coverage. Key updates include adding new parameters to search methods, introducing support for additional IOC types, and implementing a new test for linking objects.

Enhancements to search functionality:

• yeti/api.py: Expanded search methods (search_indicators, search_entities, search_observables, search_dfiq, and search_graph) to accept additional parameters like description, tags, count, and page for more granular and paginated results. Updated error handling to ensure at least one search criterion is provided. [1] [2] [3] [4] [5]
• yeti/api.py: Added SUPPORTED_IOC_TYPES to define a comprehensive list of supported IOC types for observables.

Test suite improvements:

• tests/api.py: Updated existing test cases (test_search_indicators, test_search_entities, test_search_observables, test_search_dfiq, and test_search_graph) to validate the new parameters and ensure API calls are correctly structured. [1] [2] [3] [4] [5]
• tests/e2e.py: Added a new test case test_link_objects to verify linking objects functionality and graph traversal.

API method refinements:

• yeti/api.py: Updated match_observables to provide advanced matching capabilities, including fetching neighbors and handling unknown observables.
• yeti/api.py: Refined search_graph to set default values for graph, count, and page, and clarified documentation for parameters. [1] [2]

These changes improve the flexibility and usability of the Yeti API while ensuring robust testing to support the new features.

[Copilot]

Pull Request Overview

This PR enhances the suite of search_* methods by adding description-based filtering, pagination controls, and tag support, plus a new filter_aliases field for DFIQ searches. It also reorders the search_graph signature to inject a default graph and updates corresponding tests.

• Added description, count, and page parameters (with defaults) to indicator, entity, observable, and DFIQ searches
• Introduced filter_aliases in the DFIQ search query
• Changed search_graph signature to make graph optional with a default, and updated tests

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File	Description
yeti/api.py	Extended search methods with description, pagination, tags, and DFIQ filter_aliases; updated search_graph API
tests/e2e.py	Adjusted end-to-end indicator search test to exercise description and tags filters
tests/api.py	Updated unit tests to assert new count, page, description, tags, and filter_aliases in the JSON payload

Comments suppressed due to low confidence (2)

yeti/api.py:195

• Docstring for search_indicators is missing the newly added count and page parameters. Please add entries under Args to describe their purpose and defaults.

tags: The tags of the indicator to search for.

tests/api.py:32

• The new pagination (page) behavior isn't covered by existing tests. Consider adding a test that passes a non-zero page value to verify pagination works as intended.

result = self.api.search_indicators(

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[udgover]

just a suggestion for future version. Otherwise LGTM!

[udgover]

Do you think we should add a dedicated api endpoint in yeti observables definitions to provide supported types? Otherwise, how would you handle custom observables?

[tomchop]

Yes, that's a great point. Opened yeti-platform/yeti#1254 to track this.