-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* init commit * add v2 query filters * v2 apis * Add saved search v2 compatibility
- Loading branch information
1 parent
fb04788
commit e0ab099
Showing
56 changed files
with
1,645 additions
and
441 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
# File Event Queries - V2 | ||
|
||
For details on using the new file event data model, see the [V2 File Events User Guide](../userguides/v2apis.md). | ||
|
||
```{eval-rst} | ||
.. autoclass:: py42.sdk.queries.fileevents.v2.file_event_query.FileEventQuery | ||
:members: | ||
:show-inheritance: | ||
:noindex: | ||
``` | ||
|
||
## Saved Searches | ||
|
||
```{eval-rst} | ||
.. important:: | ||
Make sure to set the optional argument `use_v2=True` on saved search functions to get V2 file event data and queries. | ||
``` | ||
|
||
```{eval-rst} | ||
.. autoclass:: py42.services.savedsearch.SavedSearchService | ||
:members: | ||
:show-inheritance: | ||
:noindex: | ||
``` | ||
|
||
|
||
## Filter Classes | ||
|
||
The following classes construct filters for file event queries. Each filter class corresponds to a file event detail. | ||
Call the appropriate class method on your desired filter class with the `value` you want to match and it will return a | ||
`FilterGroup` object that can be passed to `FileEventQuery`'s `all()` or `any()` methods to create complex queries | ||
that match multiple filter rules. | ||
|
||
Example: | ||
|
||
To search for events observed for certain set of documents, you can use the `file.Name` and `file.MD5` filter classes to | ||
construct `FilterGroup`s that will search for matching filenames or (in case someone renamed the sensitive file) the | ||
known MD5 hashes of the files: | ||
|
||
from py42.sdk.queries.fileevents.v2 import * | ||
filename_filter = File.Name.is_in(['confidential_plans.docx', 'confidential_plan_projections.xlsx']) | ||
md5_filter = File.MD5.is_in(['133765f4fff5e3038b9352a4d14e1532', 'ea16f0cbfc76f6eba292871f8a8c794b']) | ||
|
||
See [Executing Searches](../userguides/searches.md) for more on building search queries. | ||
|
||
### Destination Filters | ||
|
||
```{eval-rst} | ||
.. automodule:: py42.sdk.queries.fileevents.v2.filters.destination | ||
:members: | ||
:inherited-members: | ||
:show-inheritance: | ||
``` | ||
|
||
### Event Filters | ||
|
||
```{eval-rst} | ||
.. automodule:: py42.sdk.queries.fileevents.v2.filters.event | ||
:members: | ||
:inherited-members: | ||
:show-inheritance: | ||
``` | ||
|
||
### File Filters | ||
|
||
```{eval-rst} | ||
.. automodule:: py42.sdk.queries.fileevents.v2.filters.file | ||
:members: | ||
:inherited-members: | ||
:show-inheritance: | ||
``` | ||
|
||
### Process Filters | ||
|
||
```{eval-rst} | ||
.. automodule:: py42.sdk.queries.fileevents.v2.filters.process | ||
:members: | ||
:inherited-members: | ||
:show-inheritance: | ||
``` | ||
|
||
### Risk Filters | ||
|
||
```{eval-rst} | ||
.. automodule:: py42.sdk.queries.fileevents.v2.filters.risk | ||
:members: | ||
:inherited-members: | ||
:show-inheritance: | ||
``` | ||
|
||
### Source Filters | ||
|
||
```{eval-rst} | ||
.. automodule:: py42.sdk.queries.fileevents.v2.filters.source | ||
:members: | ||
:inherited-members: | ||
:show-inheritance: | ||
``` | ||
|
||
### Timestamp Filters | ||
|
||
```{eval-rst} | ||
.. automodule:: py42.sdk.queries.fileevents.v2.filters.timestamp | ||
:members: | ||
:inherited-members: | ||
:show-inheritance: | ||
``` | ||
|
||
### User Filters | ||
|
||
```{eval-rst} | ||
.. automodule:: py42.sdk.queries.fileevents.v2.filters.user | ||
:members: | ||
:inherited-members: | ||
:show-inheritance: | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# V2 File Events | ||
|
||
```{eval-rst} | ||
.. warning:: V1 file events, saved searches, and queries are **deprecated**. | ||
``` | ||
|
||
For details on the updated File Event Model, see the V2 File Events API documentation on the [Developer Portal](https://developer.code42.com/api/#tag/File-Events). | ||
|
||
## Querying file events | ||
|
||
To query for V2 file events, import the V2 filter modules and `FileEventQuery` class with: | ||
```python | ||
from py42.sdk.queries.fileevents.v2 import * | ||
``` | ||
|
||
Using the `FileEventQuery` and filter classes, construct a query and search for file events as detailed in the [Executing Searches Guide](searches.md). | ||
|
||
## Saved Searches | ||
|
||
All saved search methods functions have an additional optional `use_v2=False` argument. If set to `True`, the saved search module will ingest from the V2 saved search APIs. The `use_v2` argument defaults to `False` and the V1 saved searches are still available. | ||
|
||
For example, use the following to view all saved searches with the new V2 apis: | ||
|
||
```python | ||
import py42.sdk | ||
|
||
sdk = py42.sdk.from_local_account("https://console.us.code42.com", "my_username", "my_password") | ||
sdk.securitydata.savedsearches.get(use_v2=True) | ||
``` | ||
|
||
Retrieving saved searches with V2 settings enabled will retrieve existing V1 saved search queries translated to the V2 model. Existing V1 queries that cannot be properly converted to V2 will be omitted from the response. |
Oops, something went wrong.