.. autoclass:: py42.clients.file_event.FileEventClient
:members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.file_event_query.FileEventQuery
:members:
:show-inheritance:
.. autoclass:: py42.clients.savedsearch.SavedSearchClient
:members:
:show-inheritance:
The following classes construct filters for file event queries. Each filter class corresponds to a file event detail.
Call the appropriate classmethod on your desired filter class with the value
you want to match and it will return a
FilterGroup
object that can be passed to FileEventQuery
's all()
or any()
methods to create complex queries
that match multiple filter rules.
Example:
To search for events observed for certain set of documents, you can use the FileName
and MD5
filter classes to
construct FilterGroup
s that will search for matching filenames or (in case someone renamed the sensitive file) the
known MD5 hashes of the files:
filename_filter = FileName.is_in(['confidential_plans.docx', 'confidential_plan_projections.xlsx'])
md5_filter = MD5.is_in(['133765f4fff5e3038b9352a4d14e1532', 'ea16f0cbfc76f6eba292871f8a8c794b'])
See Executing Searches for more on building search queries.
.. autoclass:: py42.sdk.queries.fileevents.filters.event_filter.EventTimestamp
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.event_filter.EventType
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.event_filter.InsertionTimestamp
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.event_filter.Source
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.file_filter.FileCategory
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.file_filter.FileName
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.file_filter.FileOwner
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.file_filter.FilePath
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.file_filter.FileSize
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.file_filter.MD5
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.file_filter.SHA256
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.device_filter.DeviceUsername
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.device_filter.OSHostname
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.device_filter.PrivateIPAddress
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.device_filter.PublicIPAddress
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.cloud_filter.Actor
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.cloud_filter.DirectoryID
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.cloud_filter.Shared
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.cloud_filter.SharedWith
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.cloud_filter.SharingTypeAdded
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.exposure_filter.ExposureType
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.exposure_filter.ProcessName
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.exposure_filter.ProcessOwner
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaName
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaVendor
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaMediaName
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaVolumeName
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaPartitionID
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaSerialNumber
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.exposure_filter.SyncDestination
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.exposure_filter.TabURL
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.exposure_filter.WindowTitle
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.email_filter.EmailPolicyName
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.email_filter.EmailSubject
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.email_filter.EmailRecipients
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.email_filter.EmailSender
:members:
:inherited-members:
:show-inheritance:
.. autoclass:: py42.sdk.queries.fileevents.filters.email_filter.EmailFrom
:members:
:inherited-members:
:show-inheritance: