Source code for api.events.v1.aggregated

"""Autogenerated API"""
import requests
from argus_cli.plugin import register_command


[docs]@register_command(extending=('events','v1','aggregated')) def list_aggregated_events(customerID: list = None, signature: list = None, ip: list = None, startTimestamp: int = None, endTimestamp: int = None, limit: int = 25, offset: int = 0,json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict: """Simple search for aggregated events (PUBLIC) :param list customerID: Limit to customerID :param list signature: Limit to signature :param list ip: Limit to ip/network :param int startTimestamp: Limit to events after this timestamp (default is last 24 hours) :param int endTimestamp: Limit to events before this timestamp :param int limit: Limit results :param int offset: Offset results :raises AuthenticationFailedException: on 401 :raises ValidationFailedException: on 412 :raises AccessDeniedException: on 403 :returns: {"offset": 753, "limit": 778, "responseCode": 200, "count": 329, "data": [{"properties": {"additionalProperties": "Hand property oil least."}, "comments": [{"timestamp": 698100098, "comment": "Certain pretty pass manage writer page mouth."}], "uri": "Past total agreement.", "count": 851, "protocol": "Certainly player expect.", "timestamp": 1095894653, "startTimestamp": 605902104, "endTimestamp": 247510906, "lastUpdatedTimestamp": 1110111877, "flags": ["IDENTIFIED_THREAT"], "severity": "low", "detailedEventIDS": ["There food evidence blue key alone business school."], "id": "Design and above wrong today modern again."}], "metaData": {"additionalProperties": {}}, "messages": [{"message": "Even message plan else physical.", "messageTemplate": "He clearly consider him local.", "field": "Claim no amount catch continue environment political.", "parameter": {}, "timestamp": 896355707}], "currentPage": 978, "size": 127} """ from requests import get from argus_api.exceptions import http url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/events/v1/aggregated".format() headers = { 'Content-Type': 'application/json', 'User-Agent': 'ArgusToolbelt/1.0' } if apiKey: headers["Argus-API-Key"] = apiKey elif authentication and isinstance(authentication, dict): headers.update(authentication) elif callable(authentication): headers.update(authentication(url)) body = {} if limit: body.update({"limit": limit}) if offset: body.update({"offset": offset}) if customerID: body.update({"customerID": customerID}) if signature: body.update({"signature": signature}) if ip: body.update({"ip": ip}) if startTimestamp: body.update({"startTimestamp": startTimestamp}) if endTimestamp: body.update({"endTimestamp": endTimestamp}) response = get(url, json=body if body else None, verify=verify, headers=headers) errors = [] if response.status_code == 401: raise http.AuthenticationFailedException(response) elif response.status_code == 403: raise http.AccessDeniedException(response) elif response.status_code == 412: raise http.ValidationErrorException(response) elif response.status_code == 404: raise http.ObjectNotFoundException(response) return response.json() if json else response
[docs]@register_command(extending=('events','v1','aggregated')) def update_events(eventIdentifiers: list = None,json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict: """Add event assessments (INTERNAL) :param list eventIdentifiers: :raises AuthenticationFailedException: on 401 :raises ValidationFailedException: on 412 :raises AccessDeniedException: on 403 :raises EventsNotFoundException: on 404 :returns: {"offset": 117, "limit": 609, "responseCode": 200, "count": 455, "data": [{"properties": {"additionalProperties": "Already he end under with tax."}, "comments": [{"timestamp": 1085790090, "comment": "Type bit writer cup."}], "uri": "Impact sell town eight.", "count": 832, "protocol": "Understand president smile box see.", "timestamp": 433768799, "startTimestamp": 1130754167, "endTimestamp": 733117107, "lastUpdatedTimestamp": 1133096658, "flags": ["CHECKED"], "severity": "critical", "detailedEventIDS": ["Side quickly send south life."], "id": "Whom home subject star."}], "metaData": {"additionalProperties": {}}, "messages": [{"message": "Dog reflect he southern.", "messageTemplate": "Build fall pull throughout design politics process.", "field": "Seem dark during world difficult question character.", "parameter": {}, "timestamp": 367247462}], "currentPage": 481, "size": 39} """ from requests import put from argus_api.exceptions import http url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/events/v1/aggregated".format() headers = { 'Content-Type': 'application/json', 'User-Agent': 'ArgusToolbelt/1.0' } if apiKey: headers["Argus-API-Key"] = apiKey elif authentication and isinstance(authentication, dict): headers.update(authentication) elif callable(authentication): headers.update(authentication(url)) body = {} if eventIdentifiers: body.update({"eventIdentifiers": eventIdentifiers}) response = put(url, json=body if body else None, verify=verify, headers=headers) errors = [] if response.status_code == 401: raise http.AuthenticationFailedException(response) elif response.status_code == 403: raise http.AccessDeniedException(response) elif response.status_code == 412: raise http.ValidationErrorException(response) elif response.status_code == 404: raise http.ObjectNotFoundException(response) return response.json() if json else response
[docs]@register_command(extending=('events','v1','aggregated')) def update_events_bulk(json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict: """Assess events in bulk mode (INTERNAL) To be used for bulk assessment of very large amount of events. Returns the number of assessed events. :raises AuthenticationFailedException: on 401 :raises ValidationFailedException: on 412 :raises AccessDeniedException: on 403 :raises EventsNotFoundException: on 404 :returns: {} """ from requests import put from argus_api.exceptions import http url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/events/v1/aggregated/bulk".format() headers = { 'Content-Type': 'application/json', 'User-Agent': 'ArgusToolbelt/1.0' } if apiKey: headers["Argus-API-Key"] = apiKey elif authentication and isinstance(authentication, dict): headers.update(authentication) elif callable(authentication): headers.update(authentication(url)) body = {} response = put(url, json=body if body else None, verify=verify, headers=headers) errors = [] if response.status_code == 401: raise http.AuthenticationFailedException(response) elif response.status_code == 403: raise http.AccessDeniedException(response) elif response.status_code == 412: raise http.ValidationErrorException(response) elif response.status_code == 404: raise http.ObjectNotFoundException(response) return response.json() if json else response
[docs]@register_command(extending=('events','v1','aggregated')) def find_aggregated_events(limit: int = None, offset: int = None, customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, signature: list = None, sortBy: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, ip: list = None, destinationIP: list = None, sourceIP: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False',json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict: """Search for aggregated events (PUBLIC) :param int limit: Limit results :param int offset: Offset results :param list customerID: Limit result to objects belonging to these customers :param list eventIdentifier: Search for events specified by full ID (type/timestamp/customerid/eventid) :param list locationID: Search for events having these locations :param list alarmID: Search for events having an attack identifier (signature) mapped to any of these alarms :param list attackCategoryID: Search for events having an attack identifier (signature) mapped to any of these categories :param list sourceGeoCountry: Search for events where source IP is registered in any of these countries :param list destinationGeoCountry: Search for events where destination IP is registered in any of these countries :param list geoCountry: Search for events where source or destination IP is registered in any of these countries :param dict properties: Search for events having these properties (logical AND) :param int minCount: Search for events with aggregated count at least this high :param list associatedCaseID: Search for events associated to one of these cases :param int sourceIPMinBits: Do not include source CIDR-networks with wider mask than this :param int destinationIPMinBits: Do not include destination CIDR-networks with wider mask than this :param list subCriteria: :param list signature: :param list sortBy: Order results by these properties (prefix with - to sort descending) :param int startTimestamp: Search objects from this timestamp :param int endTimestamp: Search objects until this timestamp :param list includeFlags: Search objects with these flags set :param list excludeFlags: Exclude objects with these flags set :param int lastUpdatedTimestamp: Search for events updated after this timestamp :param list ip: :param list destinationIP: :param list sourceIP: :param list destinationPort: :param list sourcePort: :param list port: :param str minSeverity: :param str maxSeverity: :param bool includeDeleted: Also include deleted objects (where implemented) :param bool exclude: Exclude these criteria from the parent criteria :raises AuthenticationFailedException: on 401 :raises ValidationFailedException: on 412 :raises AccessDeniedException: on 403 :returns: {"offset": 385, "limit": 349, "responseCode": 200, "count": 248, "data": [{"properties": {"additionalProperties": "Kitchen past media lot customer many own."}, "comments": [{"timestamp": 303470021, "comment": "Fall order social nothing describe north pressure."}], "uri": "So draw easy issue apply federal cost.", "count": 814, "protocol": "Fish despite past station detail wall.", "timestamp": 893209030, "startTimestamp": 1041506848, "endTimestamp": 985901566, "lastUpdatedTimestamp": 1225256450, "flags": ["HAS_PAYLOAD"], "severity": "critical", "detailedEventIDS": ["Purpose feel trip foot build out."], "id": "Hospital when two author material yourself."}], "metaData": {"additionalProperties": {}}, "messages": [{"message": "Worry station instead there actually body many.", "messageTemplate": "Read firm our cover such share.", "field": "Necessary onto write.", "parameter": {}, "timestamp": 1287093596}], "currentPage": 590, "size": 890} """ from requests import post from argus_api.exceptions import http url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/events/v1/aggregated/search".format() headers = { 'Content-Type': 'application/json', 'User-Agent': 'ArgusToolbelt/1.0' } if apiKey: headers["Argus-API-Key"] = apiKey elif authentication and isinstance(authentication, dict): headers.update(authentication) elif callable(authentication): headers.update(authentication(url)) body = {} if limit: body.update({"limit": limit}) if offset: body.update({"offset": offset}) if includeDeleted: body.update({"includeDeleted": includeDeleted}) if customerID: body.update({"customerID": customerID}) if exclude: body.update({"exclude": exclude}) if eventIdentifier: body.update({"eventIdentifier": eventIdentifier}) if locationID: body.update({"locationID": locationID}) if alarmID: body.update({"alarmID": alarmID}) if attackCategoryID: body.update({"attackCategoryID": attackCategoryID}) if sourceGeoCountry: body.update({"sourceGeoCountry": sourceGeoCountry}) if destinationGeoCountry: body.update({"destinationGeoCountry": destinationGeoCountry}) if geoCountry: body.update({"geoCountry": geoCountry}) if properties: body.update({"properties": properties}) if minCount: body.update({"minCount": minCount}) if associatedCaseID: body.update({"associatedCaseID": associatedCaseID}) if sourceIPMinBits: body.update({"sourceIPMinBits": sourceIPMinBits}) if destinationIPMinBits: body.update({"destinationIPMinBits": destinationIPMinBits}) if subCriteria: body.update({"subCriteria": subCriteria}) if signature: body.update({"signature": signature}) if sortBy: body.update({"sortBy": sortBy}) if startTimestamp: body.update({"startTimestamp": startTimestamp}) if endTimestamp: body.update({"endTimestamp": endTimestamp}) if includeFlags: body.update({"includeFlags": includeFlags}) if excludeFlags: body.update({"excludeFlags": excludeFlags}) if lastUpdatedTimestamp: body.update({"lastUpdatedTimestamp": lastUpdatedTimestamp}) if ip: body.update({"ip": ip}) if destinationIP: body.update({"destinationIP": destinationIP}) if sourceIP: body.update({"sourceIP": sourceIP}) if destinationPort: body.update({"destinationPort": destinationPort}) if sourcePort: body.update({"sourcePort": sourcePort}) if port: body.update({"port": port}) if minSeverity: body.update({"minSeverity": minSeverity}) if maxSeverity: body.update({"maxSeverity": maxSeverity}) response = post(url, json=body if body else None, verify=verify, headers=headers) errors = [] if response.status_code == 401: raise http.AuthenticationFailedException(response) elif response.status_code == 403: raise http.AccessDeniedException(response) elif response.status_code == 412: raise http.ValidationErrorException(response) elif response.status_code == 404: raise http.ObjectNotFoundException(response) return response.json() if json else response
[docs]@register_command(extending=('events','v1','aggregated')) def find_aggregated_event_stats(customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, resolution: int = None, groupBy: list = None, cutoff: int = None, signature: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, ip: list = None, destinationIP: list = None, sourceIP: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', countRawEvents: bool = 'False', includeOthers: bool = 'False',json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict: """Fetch aggregated event stats (PUBLIC) Returns a StatsContainer JSON format. :param list customerID: Limit result to objects belonging to these customers :param list eventIdentifier: Search for events specified by full ID (type/timestamp/customerid/eventid) :param list locationID: Search for events having these locations :param list alarmID: Search for events having an attack identifier (signature) mapped to any of these alarms :param list attackCategoryID: Search for events having an attack identifier (signature) mapped to any of these categories :param list sourceGeoCountry: Search for events where source IP is registered in any of these countries :param list destinationGeoCountry: Search for events where destination IP is registered in any of these countries :param list geoCountry: Search for events where source or destination IP is registered in any of these countries :param dict properties: Search for events having these properties (logical AND) :param int minCount: Search for events with aggregated count at least this high :param list associatedCaseID: Search for events associated to one of these cases :param int sourceIPMinBits: Do not include source CIDR-networks with wider mask than this :param int destinationIPMinBits: Do not include destination CIDR-networks with wider mask than this :param list subCriteria: :param int resolution: Divide results into timeframes with this size (in milliseconds) :param list groupBy: Group results by these fields :param int cutoff: If set, keep the <cutoff> biggest records, and cut off the rest. :param list signature: :param int startTimestamp: Search objects from this timestamp :param int endTimestamp: Search objects until this timestamp :param list includeFlags: Search objects with these flags set :param list excludeFlags: Exclude objects with these flags set :param int lastUpdatedTimestamp: Search for events updated after this timestamp :param list ip: :param list destinationIP: :param list sourceIP: :param list destinationPort: :param list sourcePort: :param list port: :param str minSeverity: :param str maxSeverity: :param bool includeDeleted: Also include deleted objects (where implemented) :param bool exclude: Exclude these criteria from the parent criteria :param bool countRawEvents: Return the number of raw events (not the number of aggregated events) :param bool includeOthers: If true (default), records which are cut off are collected into a common "other" record :raises AuthenticationFailedException: on 401 :raises ValidationFailedException: on 412 :raises AccessDeniedException: on 403 :returns: {} """ from requests import post from argus_api.exceptions import http url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/events/v1/aggregated/stats".format() headers = { 'Content-Type': 'application/json', 'User-Agent': 'ArgusToolbelt/1.0' } if apiKey: headers["Argus-API-Key"] = apiKey elif authentication and isinstance(authentication, dict): headers.update(authentication) elif callable(authentication): headers.update(authentication(url)) body = {} if includeDeleted: body.update({"includeDeleted": includeDeleted}) if customerID: body.update({"customerID": customerID}) if exclude: body.update({"exclude": exclude}) if eventIdentifier: body.update({"eventIdentifier": eventIdentifier}) if locationID: body.update({"locationID": locationID}) if alarmID: body.update({"alarmID": alarmID}) if attackCategoryID: body.update({"attackCategoryID": attackCategoryID}) if sourceGeoCountry: body.update({"sourceGeoCountry": sourceGeoCountry}) if destinationGeoCountry: body.update({"destinationGeoCountry": destinationGeoCountry}) if geoCountry: body.update({"geoCountry": geoCountry}) if properties: body.update({"properties": properties}) if minCount: body.update({"minCount": minCount}) if associatedCaseID: body.update({"associatedCaseID": associatedCaseID}) if sourceIPMinBits: body.update({"sourceIPMinBits": sourceIPMinBits}) if destinationIPMinBits: body.update({"destinationIPMinBits": destinationIPMinBits}) if subCriteria: body.update({"subCriteria": subCriteria}) if resolution: body.update({"resolution": resolution}) if groupBy: body.update({"groupBy": groupBy}) if countRawEvents: body.update({"countRawEvents": countRawEvents}) if cutoff: body.update({"cutoff": cutoff}) if includeOthers: body.update({"includeOthers": includeOthers}) if signature: body.update({"signature": signature}) if startTimestamp: body.update({"startTimestamp": startTimestamp}) if endTimestamp: body.update({"endTimestamp": endTimestamp}) if includeFlags: body.update({"includeFlags": includeFlags}) if excludeFlags: body.update({"excludeFlags": excludeFlags}) if lastUpdatedTimestamp: body.update({"lastUpdatedTimestamp": lastUpdatedTimestamp}) if ip: body.update({"ip": ip}) if destinationIP: body.update({"destinationIP": destinationIP}) if sourceIP: body.update({"sourceIP": sourceIP}) if destinationPort: body.update({"destinationPort": destinationPort}) if sourcePort: body.update({"sourcePort": sourcePort}) if port: body.update({"port": port}) if minSeverity: body.update({"minSeverity": minSeverity}) if maxSeverity: body.update({"maxSeverity": maxSeverity}) response = post(url, json=body if body else None, verify=verify, headers=headers) errors = [] if response.status_code == 401: raise http.AuthenticationFailedException(response) elif response.status_code == 403: raise http.AccessDeniedException(response) elif response.status_code == 412: raise http.ValidationErrorException(response) elif response.status_code == 404: raise http.ObjectNotFoundException(response) return response.json() if json else response