Expose search by IP and search by hostname prefix in CLI. (#99)

* Expose search by IP and search by hostname prefix in CLI. * Tweak sensor listing.
refractionPOINT · Apr 30, 2023 · 81921d5 · 81921d5
1 parent f9a6a4e
commit 81921d5
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 5 deletions.
diff --git a/limacharlie/Manager.py b/limacharlie/Manager.py
@@ -369,14 +369,17 @@ def sensor( self, sid, inv_id = None ):
             s.setInvId( self._inv_id )
         return s
 
-    def sensors( self, inv_id = None, selector = None, limit = None ):
+    def sensors( self, inv_id = None, selector = None, limit = None, with_ip = None, with_hostname_prefix = None ):
         '''Gets all Sensors in the Organization.
 
         The sensors may or may not be online.
 
         Args:
             inv_id (str): investigation ID to add to all actions done using these objects.
             selector (str): sensor selector expression to use as filter.
+            limit (int): max number of sensors per page of result.
+            with_ip (str): list sensors with the specific internal or external ip.
+            with_hostname_prefix (str): list sensors with the specific hostname prefix.
 
         Returns:
             a generator of Sensor objects.
@@ -393,6 +396,10 @@ def sensors( self, inv_id = None, selector = None, limit = None ):
                 params[ 'selector' ] = selector
             if limit is not None:
                 params[ 'limit' ] = limit
+            if with_ip is not None:
+                params[ 'with_ip' ] = with_ip
+            if with_hostname_prefix is not None:
+                params[ 'with_hostname_prefix' ] = with_hostname_prefix
 
             resp = self._apiCall( 'sensors/%s' % self._oid, GET, queryParams = params )
             if inv_id is None:

diff --git a/limacharlie/__init__.py b/limacharlie/__init__.py
@@ -1,6 +1,6 @@
 """limacharlie API for limacharlie.io"""
 
-__version__ = "4.4.4"
+__version__ = "4.4.5"
 __author__ = "Maxime Lamothe-Brassard ( Refraction Point, Inc )"
 __author_email__ = "maxime@refractionpoint.com"
 __license__ = "Apache v2"

diff --git a/limacharlie/__main__.py b/limacharlie/__main__.py
@@ -12,6 +12,7 @@ def main():
     import stat
     import os
     import yaml
+    import time
 
     parser = argparse.ArgumentParser( prog = 'limacharlie' )
     parser.add_argument( 'action',
@@ -288,18 +289,56 @@ def main():
         from . import Manager
         import json
         parser = argparse.ArgumentParser( prog = 'limacharlie sensors' )
-        parser.add_argument( 'sensor_selector',
+        parser.add_argument( '--selector',
+                             default = None,
                              type = str,
+                             dest = 'sensor_selector',
                              help = 'sensor selector expression.' )
         parser.add_argument( '--limit',
                              type = int,
                              default = None,
                              dest = 'limit',
                              help = 'limit number of result per underlying query.' )
+        parser.add_argument( '--with-ip',
+                             type = str,
+                             default = None,
+                             dest = 'with_ip',
+                             help = 'list sensors with the given internal or external ip.' )
+        parser.add_argument( '--with-hostname-prefix',
+                             type = str,
+                             default = None,
+                             dest = 'with_hostname_prefix',
+                             help = 'list sensors with the given hostname prefix.' )
         args = parser.parse_args( sys.argv[ 2: ] )
         _man = Manager()
-        for sensor in _man.sensors( selector = args.sensor_selector, limit = args.limit ):
+        for sensor in _man.sensors( selector = args.sensor_selector, limit = args.limit, with_ip = args.with_ip, with_hostname_prefix = args.with_hostname_prefix ):
             print( json.dumps( sensor.getInfo(), indent = 2 ) )
+    elif args.action.lower() == 'sensors_with_ip':
+        from . import Manager
+        import json
+        parser = argparse.ArgumentParser( prog = 'limacharlie sensors_with_ip' )
+        parser.add_argument( 'ip',
+                             type = str,
+                             help = 'IP address to look for.' )
+        parser.add_argument( '--start',
+                             type = int,
+                             default = None,
+                             dest = 'start',
+                             help = 'optional start second epoch.' )
+        parser.add_argument( '--end',
+                             type = int,
+                             default = None,
+                             dest = 'end',
+                             help = 'optional end second epoch.' )
+        args = parser.parse_args( sys.argv[ 2: ] )
+        _man = Manager()
+        if args.start is not None and args.end is not None:
+            start = args.start
+            end = args.end
+        else:
+            start = int(time.time() - (4*60*60))
+            end = int(time.time())
+        print( json.dumps( _man.getSensorsWithIp( args.ip, start, end ), indent = 2 ) )
     else:
         raise Exception( 'invalid action' )
 

diff --git a/setup.py b/setup.py
@@ -1,6 +1,6 @@
 from setuptools import setup
 
-__version__ = "4.4.4"
+__version__ = "4.4.5"
 __author__ = "Maxime Lamothe-Brassard ( Refraction Point, Inc )"
 __author_email__ = "maxime@refractionpoint.com"
 __license__ = "Apache v2"