riskScore file event filter (#393)

* add riskScore file event filter

* style

* space

CHANGELOG.md

@@ -10,6 +10,10 @@ how a consumer would use the library (e.g. adding unit tests, updating documenta
 
 ## Unreleased
 
+### Added
+
+- New file event filter query `sdk.queries.fileevents.filers.risk_filter.RiskScore` to search for file events based on riskScore values.
+
 ### Changed
 
 - Updated `sdk.queries.alerts.filters.alerts_filter.Severity` enum to use updated `riskSeverity` search propert instead of deprecated `severity`.

docs/methoddocs/filleeventqueries.md

@@ -394,3 +394,10 @@ See [Executing Searches](../userguides/searches.md) for more on building search
     :inherited-members:
     :show-inheritance:
 ```
+
+```eval_rst
+.. autoclass:: py42.sdk.queries.fileevents.filters.risk_filter.RiskScore
+    :members:
+    :inherited-members:
+    :show-inheritance:
+```

src/py42/sdk/queries/fileevents/filters/risk_filter.py

@@ -1,5 +1,7 @@
 from py42.choices import Choices
+from py42.sdk.queries.fileevents.file_event_query import FileEventFilterComparableField
 from py42.sdk.queries.fileevents.file_event_query import FileEventFilterStringField
+from py42.sdk.queries.query_filter import QueryFilterStringField
 
 
 class RiskIndicator(FileEventFilterStringField):
@@ -190,3 +192,9 @@ class RiskSeverity(FileEventFilterStringField, Choices):
     MODERATE = "MODERATE"
     LOW = "LOW"
     NO_RISK_INDICATED = "NO_RISK_INDICATED"
+
+
+class RiskScore(QueryFilterStringField, FileEventFilterComparableField):
+    """Class that filters events by risk score."""
+
+    _term = "riskScore"

tests/sdk/queries/fileevents/filters/test_risk_filter.py

@@ -1,9 +1,12 @@
+from tests.sdk.queries.conftest import GREATER_THAN
 from tests.sdk.queries.conftest import IS
 from tests.sdk.queries.conftest import IS_IN
 from tests.sdk.queries.conftest import IS_NOT
+from tests.sdk.queries.conftest import LESS_THAN
 from tests.sdk.queries.conftest import NOT_IN
 
 from py42.sdk.queries.fileevents.filters.risk_filter import RiskIndicator
+from py42.sdk.queries.fileevents.filters.risk_filter import RiskScore
 from py42.sdk.queries.fileevents.filters.risk_filter import RiskSeverity
 
 
@@ -65,3 +68,41 @@ def test_risk_severity_not_in_str_gives_correct_json_representation():
     _filter = RiskSeverity.not_in(items)
     expected = NOT_IN.format("riskSeverity", *items)
     assert str(_filter) == expected
+
+
+def test_risk_score_eq_str_gives_correct_json_representation():
+    _filter = RiskScore.eq(5)
+    expected = IS.format("riskScore", "5")
+    assert str(_filter) == expected
+
+
+def test_risk_score_not_eq_str_gives_correct_json_representation():
+    _filter = RiskScore.not_eq(5)
+    expected = IS_NOT.format("riskScore", "5")
+    assert str(_filter) == expected
+
+
+def test_risk_score_is_in_str_gives_correct_json_representation():
+    items = [3, 4, 5]
+    _filter = RiskScore.is_in(items)
+    expected = IS_IN.format("riskScore", *items)
+    assert str(_filter) == expected
+
+
+def test_risk_score_not_in_str_gives_correct_json_representation():
+    items = [3, 4, 5]
+    _filter = RiskScore.not_in(items)
+    expected = NOT_IN.format("riskScore", *items)
+    assert str(_filter) == expected
+
+
+def test_risk_score_greater_than_str_gives_correct_json_representation():
+    _filter = RiskScore.greater_than(5)
+    expected = GREATER_THAN.format("riskScore", "5")
+    assert str(_filter) == expected
+
+
+def test_risk_score_less_than_str_gives_correct_json_representation():
+    _filter = RiskScore.less_than(5)
+    expected = LESS_THAN.format("riskScore", "5")
+    assert str(_filter) == expected