"""Autogenerated API"""
import requests
from argus_cli.plugin import register_command
[docs]@register_command(extending=('events','v1','aggregated'))
def list_aggregated_events(customerID: list = None, signature: list = None, ip: list = None, startTimestamp: int = None, endTimestamp: int = None, limit: int = 25, offset: int = 0,json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict:
"""Simple search for aggregated events (PUBLIC)
:param list customerID: Limit to customerID
:param list signature: Limit to signature
:param list ip: Limit to ip/network
:param int startTimestamp: Limit to events after this timestamp (default is last 24 hours)
:param int endTimestamp: Limit to events before this timestamp
:param int limit: Limit results
:param int offset: Offset results
:raises AuthenticationFailedException: on 401
:raises ValidationFailedException: on 412
:raises AccessDeniedException: on 403
:returns: {"offset": 859, "limit": 489, "responseCode": 200, "count": 389, "data": [{"properties": {"additionalProperties": "Address bank family marriage."}, "comments": [{"timestamp": 1224515719, "comment": "List section PM big citizen follow."}], "uri": "Method blue rule young through act.", "count": 729, "protocol": "Try choice over sense style.", "timestamp": 1292809294, "startTimestamp": 1303822960, "endTimestamp": 154205768, "lastUpdatedTimestamp": 829924150, "flags": ["ASSOCIATED_TO_CASE_BY_FILTER"], "severity": "high", "detailedEventIDS": ["Federal because wide join dinner manager."], "id": "Kitchen spring early able."}], "metaData": {"additionalProperties": {}}, "messages": [{"message": "Heavy plant never suddenly quality.", "messageTemplate": "Interview protect night old respond president popular.", "field": "Enjoy see hard personal best several.", "parameter": {}, "timestamp": 428511343}], "currentPage": 580, "size": 537}
"""
from requests import get
from argus_api.exceptions import http
url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/events/v1/aggregated".format()
headers = {
'Content-Type': 'application/json',
'User-Agent': 'ArgusToolbelt/1.0'
}
if apiKey:
headers["Argus-API-Key"] = apiKey
elif authentication and isinstance(authentication, dict):
headers.update(authentication)
elif callable(authentication):
headers.update(authentication(url))
body = {}
if limit:
body.update({"limit": limit})
if offset:
body.update({"offset": offset})
if customerID:
body.update({"customerID": customerID})
if signature:
body.update({"signature": signature})
if ip:
body.update({"ip": ip})
if startTimestamp:
body.update({"startTimestamp": startTimestamp})
if endTimestamp:
body.update({"endTimestamp": endTimestamp})
response = get(url, json=body if body else None, verify=verify, headers=headers)
errors = []
if response.status_code == 401:
raise http.AuthenticationFailedException(response)
elif response.status_code == 403:
raise http.AccessDeniedException(response)
elif response.status_code == 412:
raise http.ValidationErrorException(response)
elif response.status_code == 404:
raise http.ObjectNotFoundException(response)
return response.json() if json else response
[docs]@register_command(extending=('events','v1','aggregated'))
def find_aggregated_events(limit: int = None, offset: int = None, customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, signature: list = None, sortBy: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False',json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict:
"""Search for aggregated events (PUBLIC)
:param int limit: Limit results
:param int offset: Offset results
:param list customerID: Limit result to objects belonging to these customers
:param list eventIdentifier: Search for events specified by full ID (type/timestamp/customerid/eventid)
:param list locationID: Search for events having these locations
:param list alarmID: Search for events having an attack identifier (signature) mapped to any of these alarms
:param list attackCategoryID: Search for events having an attack identifier (signature) mapped to any of these categories
:param list sourceGeoCountry: Search for events where source IP is registered in any of these countries
:param list destinationGeoCountry: Search for events where destination IP is registered in any of these countries
:param list geoCountry: Search for events where source or destination IP is registered in any of these countries
:param dict properties: Search for events having these properties (logical AND)
:param int minCount: Search for events with aggregated count at least this high
:param list associatedCaseID: Search for events associated to one of these cases
:param int sourceIPMinBits: Do not include source CIDR-networks with wider mask than this
:param int destinationIPMinBits: Do not include destination CIDR-networks with wider mask than this
:param list subCriteria:
:param list signature:
:param list sortBy: Order results by these properties (prefix with - to sort descending)
:param int startTimestamp: Search objects from this timestamp
:param int endTimestamp: Search objects until this timestamp
:param list includeFlags: Search objects with these flags set
:param list excludeFlags: Exclude objects with these flags set
:param int lastUpdatedTimestamp: Search for events updated after this timestamp
:param list destinationIP:
:param list sourceIP:
:param list ip:
:param list destinationPort:
:param list sourcePort:
:param list port:
:param str minSeverity:
:param str maxSeverity:
:param bool includeDeleted: Also include deleted objects (where implemented)
:param bool exclude: Exclude these criteria from the parent criteria
:raises AuthenticationFailedException: on 401
:raises ValidationFailedException: on 412
:raises AccessDeniedException: on 403
:returns: {"offset": 960, "limit": 197, "responseCode": 200, "count": 420, "data": [{"properties": {"additionalProperties": "Current company edge trouble success one."}, "comments": [{"timestamp": 160225526, "comment": "Then travel from."}], "uri": "Take admit table little rock.", "count": 368, "protocol": "Field same high research drop respond factor.", "timestamp": 386984967, "startTimestamp": 1126880892, "endTimestamp": 1191244510, "lastUpdatedTimestamp": 847010102, "flags": ["FILTERED"], "severity": "low", "detailedEventIDS": ["Field child until positive society themselves attorney."], "id": "Company already follow order ground."}], "metaData": {"additionalProperties": {}}, "messages": [{"message": "Management writer ok.", "messageTemplate": "Budget computer trade nearly lead tend arm agency.", "field": "Kitchen someone system identify.", "parameter": {}, "timestamp": 1273371173}], "currentPage": 95, "size": 437}
"""
from requests import post
from argus_api.exceptions import http
url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/events/v1/aggregated/search".format()
headers = {
'Content-Type': 'application/json',
'User-Agent': 'ArgusToolbelt/1.0'
}
if apiKey:
headers["Argus-API-Key"] = apiKey
elif authentication and isinstance(authentication, dict):
headers.update(authentication)
elif callable(authentication):
headers.update(authentication(url))
body = {}
if limit:
body.update({"limit": limit})
if offset:
body.update({"offset": offset})
if includeDeleted:
body.update({"includeDeleted": includeDeleted})
if customerID:
body.update({"customerID": customerID})
if exclude:
body.update({"exclude": exclude})
if eventIdentifier:
body.update({"eventIdentifier": eventIdentifier})
if locationID:
body.update({"locationID": locationID})
if alarmID:
body.update({"alarmID": alarmID})
if attackCategoryID:
body.update({"attackCategoryID": attackCategoryID})
if sourceGeoCountry:
body.update({"sourceGeoCountry": sourceGeoCountry})
if destinationGeoCountry:
body.update({"destinationGeoCountry": destinationGeoCountry})
if geoCountry:
body.update({"geoCountry": geoCountry})
if properties:
body.update({"properties": properties})
if minCount:
body.update({"minCount": minCount})
if associatedCaseID:
body.update({"associatedCaseID": associatedCaseID})
if sourceIPMinBits:
body.update({"sourceIPMinBits": sourceIPMinBits})
if destinationIPMinBits:
body.update({"destinationIPMinBits": destinationIPMinBits})
if subCriteria:
body.update({"subCriteria": subCriteria})
if signature:
body.update({"signature": signature})
if sortBy:
body.update({"sortBy": sortBy})
if startTimestamp:
body.update({"startTimestamp": startTimestamp})
if endTimestamp:
body.update({"endTimestamp": endTimestamp})
if includeFlags:
body.update({"includeFlags": includeFlags})
if excludeFlags:
body.update({"excludeFlags": excludeFlags})
if lastUpdatedTimestamp:
body.update({"lastUpdatedTimestamp": lastUpdatedTimestamp})
if destinationIP:
body.update({"destinationIP": destinationIP})
if sourceIP:
body.update({"sourceIP": sourceIP})
if ip:
body.update({"ip": ip})
if destinationPort:
body.update({"destinationPort": destinationPort})
if sourcePort:
body.update({"sourcePort": sourcePort})
if port:
body.update({"port": port})
if minSeverity:
body.update({"minSeverity": minSeverity})
if maxSeverity:
body.update({"maxSeverity": maxSeverity})
response = post(url, json=body if body else None, verify=verify, headers=headers)
errors = []
if response.status_code == 401:
raise http.AuthenticationFailedException(response)
elif response.status_code == 403:
raise http.AccessDeniedException(response)
elif response.status_code == 412:
raise http.ValidationErrorException(response)
elif response.status_code == 404:
raise http.ObjectNotFoundException(response)
return response.json() if json else response
[docs]@register_command(extending=('events','v1','aggregated'))
def find_aggregated_event_stats(customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, resolution: int = None, groupBy: list = None, cutoff: int = None, signature: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', countRawEvents: bool = 'False', includeOthers: bool = 'False',json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict:
"""Fetch aggregated event stats (PUBLIC)
Returns a StatsContainer JSON format.
:param list customerID: Limit result to objects belonging to these customers
:param list eventIdentifier: Search for events specified by full ID (type/timestamp/customerid/eventid)
:param list locationID: Search for events having these locations
:param list alarmID: Search for events having an attack identifier (signature) mapped to any of these alarms
:param list attackCategoryID: Search for events having an attack identifier (signature) mapped to any of these categories
:param list sourceGeoCountry: Search for events where source IP is registered in any of these countries
:param list destinationGeoCountry: Search for events where destination IP is registered in any of these countries
:param list geoCountry: Search for events where source or destination IP is registered in any of these countries
:param dict properties: Search for events having these properties (logical AND)
:param int minCount: Search for events with aggregated count at least this high
:param list associatedCaseID: Search for events associated to one of these cases
:param int sourceIPMinBits: Do not include source CIDR-networks with wider mask than this
:param int destinationIPMinBits: Do not include destination CIDR-networks with wider mask than this
:param list subCriteria:
:param int resolution: Divide results into timeframes with this size (in milliseconds)
:param list groupBy: Group results by these fields
:param int cutoff: If set, keep the <cutoff> biggest records, and cut off the rest.
:param list signature:
:param int startTimestamp: Search objects from this timestamp
:param int endTimestamp: Search objects until this timestamp
:param list includeFlags: Search objects with these flags set
:param list excludeFlags: Exclude objects with these flags set
:param int lastUpdatedTimestamp: Search for events updated after this timestamp
:param list destinationIP:
:param list sourceIP:
:param list ip:
:param list destinationPort:
:param list sourcePort:
:param list port:
:param str minSeverity:
:param str maxSeverity:
:param bool includeDeleted: Also include deleted objects (where implemented)
:param bool exclude: Exclude these criteria from the parent criteria
:param bool countRawEvents: Return the number of raw events (not the number of aggregated events)
:param bool includeOthers: If true (default), records which are cut off are collected into a common "other" record
:raises AuthenticationFailedException: on 401
:raises ValidationFailedException: on 412
:raises AccessDeniedException: on 403
:returns: {}
"""
from requests import post
from argus_api.exceptions import http
url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/events/v1/aggregated/stats".format()
headers = {
'Content-Type': 'application/json',
'User-Agent': 'ArgusToolbelt/1.0'
}
if apiKey:
headers["Argus-API-Key"] = apiKey
elif authentication and isinstance(authentication, dict):
headers.update(authentication)
elif callable(authentication):
headers.update(authentication(url))
body = {}
if includeDeleted:
body.update({"includeDeleted": includeDeleted})
if customerID:
body.update({"customerID": customerID})
if exclude:
body.update({"exclude": exclude})
if eventIdentifier:
body.update({"eventIdentifier": eventIdentifier})
if locationID:
body.update({"locationID": locationID})
if alarmID:
body.update({"alarmID": alarmID})
if attackCategoryID:
body.update({"attackCategoryID": attackCategoryID})
if sourceGeoCountry:
body.update({"sourceGeoCountry": sourceGeoCountry})
if destinationGeoCountry:
body.update({"destinationGeoCountry": destinationGeoCountry})
if geoCountry:
body.update({"geoCountry": geoCountry})
if properties:
body.update({"properties": properties})
if minCount:
body.update({"minCount": minCount})
if associatedCaseID:
body.update({"associatedCaseID": associatedCaseID})
if sourceIPMinBits:
body.update({"sourceIPMinBits": sourceIPMinBits})
if destinationIPMinBits:
body.update({"destinationIPMinBits": destinationIPMinBits})
if subCriteria:
body.update({"subCriteria": subCriteria})
if resolution:
body.update({"resolution": resolution})
if groupBy:
body.update({"groupBy": groupBy})
if countRawEvents:
body.update({"countRawEvents": countRawEvents})
if cutoff:
body.update({"cutoff": cutoff})
if includeOthers:
body.update({"includeOthers": includeOthers})
if signature:
body.update({"signature": signature})
if startTimestamp:
body.update({"startTimestamp": startTimestamp})
if endTimestamp:
body.update({"endTimestamp": endTimestamp})
if includeFlags:
body.update({"includeFlags": includeFlags})
if excludeFlags:
body.update({"excludeFlags": excludeFlags})
if lastUpdatedTimestamp:
body.update({"lastUpdatedTimestamp": lastUpdatedTimestamp})
if destinationIP:
body.update({"destinationIP": destinationIP})
if sourceIP:
body.update({"sourceIP": sourceIP})
if ip:
body.update({"ip": ip})
if destinationPort:
body.update({"destinationPort": destinationPort})
if sourcePort:
body.update({"sourcePort": sourcePort})
if port:
body.update({"port": port})
if minSeverity:
body.update({"minSeverity": minSeverity})
if maxSeverity:
body.update({"maxSeverity": maxSeverity})
response = post(url, json=body if body else None, verify=verify, headers=headers)
errors = []
if response.status_code == 401:
raise http.AuthenticationFailedException(response)
elif response.status_code == 403:
raise http.AccessDeniedException(response)
elif response.status_code == 412:
raise http.ValidationErrorException(response)
elif response.status_code == 404:
raise http.ObjectNotFoundException(response)
return response.json() if json else response