"""Autogenerated API"""
from argus_cli.plugin import register_command
[docs]@register_command(extending=("alarms","v1","signature"))
def get_signatures(
keywords: list = None,
keywordField: list = None,
keywordMatch: str = "all",
offset: int = None,
limit: int = 25,
json: bool = True,
verify: bool = True,
apiKey: str = None,
authentication: dict = {}
) -> dict:
"""Get all signatures including alarms if mapped (PUBLIC)
:param list keywords: Search by keywords
:param list keywordField: Set field strategy for keyword search
:param str keywordMatch: Set match strategy for keyword search
:param int offset: Skip a number of signatures
:param int limit: Maximum number of returned signatures
:raises AuthenticationFailedException: on 401
:raises ValidationErrorException: on 412
:raises AccessDeniedException: on 403
:returns: {'offset': 261, 'limit': 135, 'responseCode': 200, 'count': 62, 'data': [{'lastUpdatedByUser': {'id': 115, 'customerID': 468, 'userName': 'alucas', 'name': 'Matthew Pierce'}, 'lastUpdatedTimestamp': 995944791, 'comments': [{'timestamp': 922027884, 'comment': 'Interesting trip down plan agent treatment.'}], 'mappedTimestamp': 610023042, 'mappedByUser': {'id': 626, 'customerID': 208, 'userName': 'samanthahunt', 'name': 'Stephanie Ellis'}, 'firstTriggeredTimestamp': 755442308, 'lastTriggeredTimestamp': 1260346932, 'triggerAmount': 698, 'signature': 'Produce perform home have question.', 'flags': ['DEFAULT_BLOCK']}], 'metaData': {'additionalProperties': {}}, 'messages': [{'message': 'Idea since special conference child four toward necessary.', 'messageTemplate': 'Discover guess thousand better general.', 'field': 'Open speech just security popular through.', 'parameter': {}, 'timestamp': 656657579}], 'currentPage': 902, 'size': 653}
"""
from requests import get
from argus_api.exceptions import http
url = "https://portal.mnemonic.no/web/api/alarms/v1/signature".format()
headers = {
'Content-Type': 'application/json',
'User-Agent': 'ArgusToolbelt/'
}
if apiKey:
headers["Argus-API-Key"] = apiKey
elif authentication and isinstance(authentication, dict):
headers.update(authentication)
elif callable(authentication):
headers.update(authentication(url))
body = {
"keywordMatch": keywordMatch,
"offset": offset,
"limit": limit,
"keywords": keywords,
"keywordField": keywordField
}
response = get(url,
json=body if body else None,
verify=verify,
headers=headers
)
if response.status_code == 401:
raise http.AuthenticationFailedException(response)
elif response.status_code == 403:
raise http.AccessDeniedException(response)
elif response.status_code == 412:
raise http.ValidationErrorException(response)
elif response.status_code == 404:
raise http.ObjectNotFoundException(response)
return response.json() if json else response
[docs]@register_command(extending=("alarms","v1","signature"))
def search_signatures(
limit: int = None,
offset: int = None,
includeFlags: int = None,
excludeFlags: int = None,
subCriteria: list = None,
attackCategoryID: list = None,
alarmID: list = None,
signature: list = None,
minTriggerAmount: int = None,
maxTriggerAmount: int = None,
startTimestamp: int = None,
endTimestamp: int = None,
timeFieldStrategy: list = None,
keywords: list = None,
keywordFieldStrategy: list = None,
sortBy: list = None,
timeMatchStrategy: str = "any",
keywordMatchStrategy: str = "all",
includeDeleted: bool = None,
exclude: bool = None,
required: bool = None,
json: bool = True,
verify: bool = True,
apiKey: str = None,
authentication: dict = {}
) -> dict:
"""Get all signatures matching a given search criteria (PUBLIC)
:param int limit: Set this value to set max number of results. By default, no restriction on result set size.
:param int offset: Set this value to skip the first (offset) objects. By default, return result from first object.
:param int includeFlags: Only include objects which have includeFlags set.
:param int excludeFlags: Exclude objects which have excludeFlags set.
:param list subCriteria:
:param list attackCategoryID: A set of IDs for attack categories (alarm category).
:param list alarmID: A set of IDs for alarms.
:param list signature: A set of signatures. It does an exact match.
:param int minTriggerAmount: Minimum trigger amount, default 0 means disabled
:param int maxTriggerAmount: Maximum trigger amount, default 0 means disabled
:param int startTimestamp: Only include mappings based on the set TimeFieldStrategy and TimeMatchStrategy (start timestamp)
:param int endTimestamp: Only include mappings based on the set TimeFieldStrategy and TimeMatchStrategy (end timestamp)
:param list timeFieldStrategy: TimeFieldStrategy to define which timestamp field(s) to match. (default lastTriggeredTimestamp)
:param list keywords: A set of keywords matched against mappings based on the set KeywordFieldStrategy and KeywordMatchStrategy.
:param list keywordFieldStrategy: KeywordFieldStrategy to define which field(s) to match against keywords. (default all)
:param list sortBy: List of properties to sort by (prefix with "-" to sort descending).
:param str timeMatchStrategy: TimeMatchStrategy to define how to match startTimestamp and endTimestamp with fields. (default any)
:param str keywordMatchStrategy: KeywordMatchStrategy to define how to match keywords with fields. (default all)
:param bool includeDeleted: Set to true to include deleted objects. By default, exclude deleted objects.
:param bool exclude: Only relevant for subcriteria. If set to true, objects matching this subcriteria object will be excluded.
:param bool required: Only relevant for subcriteria. If set to true, objects matching this subcriteria are required (AND-ed together with parent criteria).
:raises AuthenticationFailedException: on 401
:raises ValidationErrorException: on 412
:raises AccessDeniedException: on 403
:returns: {'offset': 265, 'limit': 65, 'responseCode': 200, 'count': 529, 'data': [{'lastUpdatedByUser': {'id': 11, 'customerID': 210, 'userName': 'zachary34', 'name': 'Hailey Miller'}, 'lastUpdatedTimestamp': 1201568889, 'comments': [{'timestamp': 1298418708, 'comment': 'Ready stand sign law social.'}], 'mappedTimestamp': 1440450227, 'mappedByUser': {'id': 254, 'customerID': 416, 'userName': 'whitesuzanne', 'name': 'Angela Torres'}, 'firstTriggeredTimestamp': 1302184276, 'lastTriggeredTimestamp': 78862770, 'triggerAmount': 222, 'signature': 'Staff concern degree number certainly lay.', 'flags': ['SNORT']}], 'metaData': {'additionalProperties': {}}, 'messages': [{'message': 'Seek society point money recently use agent send.', 'messageTemplate': 'Before name method chance ever reflect this do.', 'field': 'Someone site trade adult energy including though.', 'parameter': {}, 'timestamp': 1485320377}], 'currentPage': 483, 'size': 516}
"""
from requests import post
from argus_api.exceptions import http
url = "https://portal.mnemonic.no/web/api/alarms/v1/signature/search".format()
headers = {
'Content-Type': 'application/json',
'User-Agent': 'ArgusToolbelt/'
}
if apiKey:
headers["Argus-API-Key"] = apiKey
elif authentication and isinstance(authentication, dict):
headers.update(authentication)
elif callable(authentication):
headers.update(authentication(url))
body = {
"timeMatchStrategy": timeMatchStrategy,
"keywordMatchStrategy": keywordMatchStrategy,
"limit": limit,
"offset": offset,
"includeDeleted": includeDeleted,
"includeFlags": includeFlags,
"excludeFlags": excludeFlags,
"subCriteria": subCriteria,
"exclude": exclude,
"required": required,
"attackCategoryID": attackCategoryID,
"alarmID": alarmID,
"signature": signature,
"minTriggerAmount": minTriggerAmount,
"maxTriggerAmount": maxTriggerAmount,
"startTimestamp": startTimestamp,
"endTimestamp": endTimestamp,
"timeFieldStrategy": timeFieldStrategy,
"keywords": keywords,
"keywordFieldStrategy": keywordFieldStrategy,
"sortBy": sortBy
}
response = post(url,
json=body if body else None,
verify=verify,
headers=headers
)
if response.status_code == 401:
raise http.AuthenticationFailedException(response)
elif response.status_code == 403:
raise http.AccessDeniedException(response)
elif response.status_code == 412:
raise http.ValidationErrorException(response)
elif response.status_code == 404:
raise http.ObjectNotFoundException(response)
return response.json() if json else response