"""Autogenerated API"""
import requests
from argus_cli.plugin import register_command
[docs]@register_command(extending=('alarms','v1','alarm'))
def get_alarms(keywords: list = None, keywordField: list = None, keywordMatch: str = 'all', offset: int = 0, limit: int = 25,json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict:
"""Get all alarms (PUBLIC)
:param list keywords: Search by keywords
:param list keywordField: Set field strategy for keyword search
:param str keywordMatch: Set match strategy for keyword search
:param int offset: Skip a number of alarms
:param int limit: Maximum number of returned alarms
:raises AuthenticationFailedException: on 401
:raises ValidationErrorException: on 412
:raises AccessDeniedException: on 403
:returns: {"offset": 535, "limit": 497, "responseCode": 200, "count": 53, "data": [{"id": 494, "mappings": [{"lastUpdatedTimestamp": 1480017764, "comments": [{"timestamp": 1250745557, "comment": "Bar miss since contain lay."}], "mappedTimestamp": 441270359, "firstTriggeredTimestamp": 275166127, "lastTriggeredTimestamp": 274249159, "triggerAmount": 136, "signature": "Trial law social next administration involve.", "flags": ["SNORT"]}], "comments": [{"timestamp": 763430192, "comment": "City line now best."}], "references": ["Along everyone nothing stay."], "labels": ["People magazine difficult identify go follow."], "info": "Yourself admit station sea turn like century center.", "description": "Financial play form visit him woman.", "links": ["Any beyond soon owner PM skin better catch."], "createdByUser": {"id": 949, "customerID": 733, "userName": "christophercaldwell", "name": "David Johnson"}, "createdTimestamp": 494391908, "lastUpdatedByUser": {"id": 745, "customerID": 51, "userName": "thompsongary", "name": "Kathleen Lara"}, "lastUpdatedTimestamp": 332900523, "lastCheckedByUser": {"id": 770, "customerID": 597, "userName": "fletcherdiane", "name": "Wendy Washington"}, "lastCheckTimestamp": 446025716, "nextCheckTimestamp": 1227562837, "flags": ["DISABLED"]}], "metaData": {"additionalProperties": {}}, "messages": [{"message": "Million wide here begin arrive environment drop.", "messageTemplate": "Way each miss example about.", "field": "National source among her.", "parameter": {}, "timestamp": 496977744}], "currentPage": 630, "size": 829}
"""
from requests import get
from argus_api.exceptions import http
url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/alarms/v1/alarm".format()
headers = {
'Content-Type': 'application/json',
'User-Agent': 'ArgusToolbelt/1.0'
}
if apiKey:
headers["Argus-API-Key"] = apiKey
elif authentication and isinstance(authentication, dict):
headers.update(authentication)
elif callable(authentication):
headers.update(authentication(url))
body = {}
if keywordMatch:
body.update({"keywordMatch": keywordMatch})
if offset:
body.update({"offset": offset})
if limit:
body.update({"limit": limit})
if keywords:
body.update({"keywords": keywords})
if keywordField:
body.update({"keywordField": keywordField})
response = get(url, json=body if body else None, verify=verify, headers=headers)
errors = []
if response.status_code == 401:
raise http.AuthenticationFailedException(response)
elif response.status_code == 403:
raise http.AccessDeniedException(response)
elif response.status_code == 412:
raise http.ValidationErrorException(response)
elif response.status_code == 404:
raise http.ObjectNotFoundException(response)
return response.json() if json else response
[docs]@register_command(extending=('alarms','v1','alarm'))
def add_alarm(description: str = None, info: str = None, references: list = None, links: list = None, labels: list = None, signatures: list = None, attackCategoryID: int = 0,json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict:
"""Add new alarm (INTERNAL)
:param str description: Alarm description => [\s\w\{\}\$\-\(\)\.\[\]"\'_/\\,\*\+\#:@!?;]*
:param str info: Alarm verbose information => format:html
:param list references: Alarm vulnerability references (CVE-numbers, BID-numbers, etc) => [\s\w\{\}\$\-\(\)\.\[\]"\'_/\\,\*\+\#:@!?;]*
:param list links: Links to external descriptions of this alarm => ((https?|ftp|gopher|telnet|file):((/)|(\\))+[\w\d:\#@%/;$()~_?\\+-=\\\.&]*)
:param list labels: Tag an alarm with labels => [\s\w\{\}\$\-\(\)\.\[\]"\'_/\\,\*\+\#:@!?;]*
:param list signatures: List of signatures to map to this alarm => Sanitize by regex [a-zA-Z0-9_/:@~!\+\-\.\?]*
:param int attackCategoryID: Alarm attack category ID (default 0)
:raises AuthenticationFailedException: on 401
:raises ValidationErrorException: on 412
:raises AccessDeniedException: on 403
:returns: {"offset": 299, "limit": 240, "responseCode": 200, "count": 528, "metaData": {"additionalProperties": {}}, "messages": [{"message": "Term where clearly religious history.", "messageTemplate": "Effort accept staff go budget student.", "field": "Happy between along animal.", "parameter": {}, "timestamp": 748536622}], "currentPage": 302, "size": 72}
"""
from requests import post
from argus_api.exceptions import http
url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/alarms/v1/alarm".format()
headers = {
'Content-Type': 'application/json',
'User-Agent': 'ArgusToolbelt/1.0'
}
if apiKey:
headers["Argus-API-Key"] = apiKey
elif authentication and isinstance(authentication, dict):
headers.update(authentication)
elif callable(authentication):
headers.update(authentication(url))
body = {}
if description:
body.update({"description": description})
if attackCategoryID:
body.update({"attackCategoryID": attackCategoryID})
if info:
body.update({"info": info})
if references:
body.update({"references": references})
if links:
body.update({"links": links})
if labels:
body.update({"labels": labels})
if signatures:
body.update({"signatures": signatures})
response = post(url, json=body if body else None, verify=verify, headers=headers)
errors = []
if response.status_code == 401:
raise http.AuthenticationFailedException(response)
elif response.status_code == 403:
raise http.AccessDeniedException(response)
elif response.status_code == 412:
raise http.ValidationErrorException(response)
elif response.status_code == 404:
raise http.ObjectNotFoundException(response)
return response.json() if json else response
[docs]@register_command(extending=('alarms','v1','alarm'))
def search_alarms(limit: int = None, offset: int = None, subCriteria: list = None, attackCategoryID: list = None, alarmID: list = None, alarmReferences: list = None, labels: list = None, startTimestamp: int = None, endTimestamp: int = None, timeFieldStrategy: list = None, keywords: list = None, keywordFieldStrategy: list = None, signature: list = None, sortBy: list = None, includeFlags: list = None, excludeFlags: list = None, timeMatchStrategy: str = 'any', keywordMatchStrategy: str = 'all', includeDeleted: bool = 'False', exclude: bool = 'False', required: bool = 'False', includeMappings: bool = 'False', includeComments: bool = 'False',json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict:
"""Get all alarms matching a given search criteria (PUBLIC)
:param int limit: Set this value to set max number of results. By default, no restriction on result set size.
:param int offset: Set this value to skip the first (offset) objects. By default, return result from first object.
:param list subCriteria:
:param list attackCategoryID: A set of IDs for attack categories (alarm category).
:param list alarmID: A set of IDs for alarms.
:param list alarmReferences: A set of references. It does an exact match.
:param list labels: A set of labels. It does an exact match.
:param int startTimestamp: Only include alarms based on the set TimeFieldStrategy and TimeMatchStrategy (start timestamp)
:param int endTimestamp: Only include alarms based on the set TimeFieldStrategy and TimeMatchStrategy (end timestamp)
:param list timeFieldStrategy: TimeFieldStrategy to define which timestamp field(s) to match. (default lastUpdatedTimestamp)
:param list keywords: A set of keywords matched against alarms based on the set KeywordFieldStrategy and KeywordMatchStrategy.
:param list keywordFieldStrategy: KeywordFieldStrategy to define which field(s) to match against keywords. (default all)
:param list signature: A set of signatures. It does an exact match.
:param list sortBy: List of properties to sort by (prefix with "-" to sort descending).
:param list includeFlags: Only include objects which have includeFlags set.
:param list excludeFlags: Exclude objects which have excludeFlags set.
:param str timeMatchStrategy: TimeMatchStrategy to define how to match startTimestamp and endTimestamp with fields. (default any)
:param str keywordMatchStrategy: KeywordMatchStrategy to define how to match keywords with fields. (default all)
:param bool includeDeleted: Set to true to include deleted objects. By default, exclude deleted objects.
:param bool exclude: Only relevant for subcriteria. If set to true, objects matching this subcriteria object will be excluded.
:param bool required: Only relevant for subcriteria. If set to true, objects matching this subcriteria are required (AND-ed together with parent criteria).
:param bool includeMappings: Set to include mappings in the search result. (default false)
:param bool includeComments: Set to include comments in the search result. (default false)
:raises AuthenticationFailedException: on 401
:raises ValidationErrorException: on 412
:raises AccessDeniedException: on 403
:returns: {"offset": 470, "limit": 474, "responseCode": 200, "count": 973, "data": [{"id": 273, "mappings": [{"lastUpdatedTimestamp": 264658383, "comments": [{"timestamp": 516778437, "comment": "Allow everybody modern rich dark quality."}], "mappedTimestamp": 243881412, "firstTriggeredTimestamp": 269928407, "lastTriggeredTimestamp": 139777612, "triggerAmount": 517, "signature": "Difference benefit fact fund.", "flags": ["DELETED"]}], "comments": [{"timestamp": 465276867, "comment": "In significant speech."}], "references": ["Front employee south memory story how."], "labels": ["Your bank letter these require author idea."], "info": "Challenge agent discuss floor another.", "description": "Man girl paper thus way herself.", "links": ["Similar vote travel respond only management."], "createdByUser": {"id": 708, "customerID": 184, "userName": "brandonmartinez", "name": "Kathryn Barnes"}, "createdTimestamp": 1041631103, "lastUpdatedByUser": {"id": 896, "customerID": 617, "userName": "ujuarez", "name": "Dustin Mathis"}, "lastUpdatedTimestamp": 109694593, "lastCheckedByUser": {"id": 439, "customerID": 996, "userName": "ewalton", "name": "Matthew Ford"}, "lastCheckTimestamp": 696920975, "nextCheckTimestamp": 1347869794, "flags": ["DISABLED"]}], "metaData": {"additionalProperties": {}}, "messages": [{"message": "Discuss art treatment term order young.", "messageTemplate": "Only really likely strong morning.", "field": "Prevent yet child smile media would.", "parameter": {}, "timestamp": 799519902}], "currentPage": 948, "size": 763}
"""
from requests import post
from argus_api.exceptions import http
url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/alarms/v1/alarm/search".format()
headers = {
'Content-Type': 'application/json',
'User-Agent': 'ArgusToolbelt/1.0'
}
if apiKey:
headers["Argus-API-Key"] = apiKey
elif authentication and isinstance(authentication, dict):
headers.update(authentication)
elif callable(authentication):
headers.update(authentication(url))
body = {}
if timeMatchStrategy:
body.update({"timeMatchStrategy": timeMatchStrategy})
if keywordMatchStrategy:
body.update({"keywordMatchStrategy": keywordMatchStrategy})
if limit:
body.update({"limit": limit})
if offset:
body.update({"offset": offset})
if includeDeleted:
body.update({"includeDeleted": includeDeleted})
if subCriteria:
body.update({"subCriteria": subCriteria})
if exclude:
body.update({"exclude": exclude})
if required:
body.update({"required": required})
if attackCategoryID:
body.update({"attackCategoryID": attackCategoryID})
if alarmID:
body.update({"alarmID": alarmID})
if alarmReferences:
body.update({"alarmReferences": alarmReferences})
if labels:
body.update({"labels": labels})
if includeMappings:
body.update({"includeMappings": includeMappings})
if includeComments:
body.update({"includeComments": includeComments})
if startTimestamp:
body.update({"startTimestamp": startTimestamp})
if endTimestamp:
body.update({"endTimestamp": endTimestamp})
if timeFieldStrategy:
body.update({"timeFieldStrategy": timeFieldStrategy})
if keywords:
body.update({"keywords": keywords})
if keywordFieldStrategy:
body.update({"keywordFieldStrategy": keywordFieldStrategy})
if signature:
body.update({"signature": signature})
if sortBy:
body.update({"sortBy": sortBy})
if includeFlags:
body.update({"includeFlags": includeFlags})
if excludeFlags:
body.update({"excludeFlags": excludeFlags})
response = post(url, json=body if body else None, verify=verify, headers=headers)
errors = []
if response.status_code == 401:
raise http.AuthenticationFailedException(response)
elif response.status_code == 403:
raise http.AccessDeniedException(response)
elif response.status_code == 412:
raise http.ValidationErrorException(response)
elif response.status_code == 404:
raise http.ObjectNotFoundException(response)
return response.json() if json else response
[docs]@register_command(extending=('alarms','v1','alarm'))
def get_alarm_by_id(id: int,json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict:
"""Get alarm by Id (PUBLIC)
:param int id: ID of alarm
:raises AuthenticationFailedException: on 401
:raises ValidationErrorException: on 412
:raises AccessDeniedException: on 403
:raises ObjectNotFoundException: on 404
:returns: {"offset": 759, "limit": 958, "responseCode": 200, "count": 709, "metaData": {"additionalProperties": {}}, "messages": [{"message": "Hair himself authority hand.", "messageTemplate": "Event car a effort amount thousand security second.", "field": "Across six region fish yard fast pick.", "parameter": {}, "timestamp": 935450225}], "currentPage": 649, "size": 767}
"""
from requests import get
from argus_api.exceptions import http
url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/alarms/v1/alarm/{id}".format(id=id)
headers = {
'Content-Type': 'application/json',
'User-Agent': 'ArgusToolbelt/1.0'
}
if apiKey:
headers["Argus-API-Key"] = apiKey
elif authentication and isinstance(authentication, dict):
headers.update(authentication)
elif callable(authentication):
headers.update(authentication(url))
body = {}
response = get(url, json=body if body else None, verify=verify, headers=headers)
errors = []
if response.status_code == 401:
raise http.AuthenticationFailedException(response)
elif response.status_code == 403:
raise http.AccessDeniedException(response)
elif response.status_code == 412:
raise http.ValidationErrorException(response)
elif response.status_code == 404:
raise http.ObjectNotFoundException(response)
return response.json() if json else response
[docs]@register_command(extending=('alarms','v1','alarm'))
def update_alarm(id: int, description: str = None, info: str = None, addReferences: list = None, deleteReferences: list = None, addLinks: list = None, deleteLinks: list = None, addLabels: list = None, deleteLabels: list = None, attackCategoryID: int = 0, disabled: bool = 'False',json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict:
"""Update existing alarm (INTERNAL)
:param int id: ID of Alarm
:param str description: Update description of alarm => [\s\w\{\}\$\-\(\)\.\[\]"\'_/\\,\*\+\#:@!?;]*
:param str info: Update verbose information of alarm => format:html
:param list addReferences: Add vulnerability references (CVE-numbers, BID-numbers, etc) => [\s\w\{\}\$\-\(\)\.\[\]"\'_/\\,\*\+\#:@!?;]*
:param list deleteReferences: Remove vulnerability references
:param list addLinks: Add external links => ((https?|ftp|gopher|telnet|file):((/)|(\\))+[\w\d:\#@%/;$()~_?\\+-=\\\.&]*)
:param list deleteLinks: Remove external links
:param list addLabels: Add labels => [\s\w\{\}\$\-\(\)\.\[\]"\'_/\\,\*\+\#:@!?;]*
:param list deleteLabels: Remove labels => [\s\w\{\}\$\-\(\)\.\[\]"\'_/\\,\*\+\#:@!?;]*
:param int attackCategoryID: Update category of alarm (unchanged if set to 0) (default 0)
:param bool disabled: Disable or enable alarm (unchanged if not set)
:raises AuthenticationFailedException: on 401
:raises ValidationErrorException: on 412
:raises AccessDeniedException: on 403
:raises ObjectNotFoundException: on 404
:returns: {"offset": 578, "limit": 909, "responseCode": 200, "count": 41, "metaData": {"additionalProperties": {}}, "messages": [{"message": "Budget human free pay put act.", "messageTemplate": "Unit people research production role feel.", "field": "Environmental cover bed would team machine.", "parameter": {}, "timestamp": 280741964}], "currentPage": 735, "size": 489}
"""
from requests import put
from argus_api.exceptions import http
url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/alarms/v1/alarm/{id}".format(id=id)
headers = {
'Content-Type': 'application/json',
'User-Agent': 'ArgusToolbelt/1.0'
}
if apiKey:
headers["Argus-API-Key"] = apiKey
elif authentication and isinstance(authentication, dict):
headers.update(authentication)
elif callable(authentication):
headers.update(authentication(url))
body = {}
if description:
body.update({"description": description})
if attackCategoryID:
body.update({"attackCategoryID": attackCategoryID})
if info:
body.update({"info": info})
if disabled:
body.update({"disabled": disabled})
if addReferences:
body.update({"addReferences": addReferences})
if deleteReferences:
body.update({"deleteReferences": deleteReferences})
if addLinks:
body.update({"addLinks": addLinks})
if deleteLinks:
body.update({"deleteLinks": deleteLinks})
if addLabels:
body.update({"addLabels": addLabels})
if deleteLabels:
body.update({"deleteLabels": deleteLabels})
response = put(url, json=body if body else None, verify=verify, headers=headers)
errors = []
if response.status_code == 401:
raise http.AuthenticationFailedException(response)
elif response.status_code == 403:
raise http.AccessDeniedException(response)
elif response.status_code == 412:
raise http.ValidationErrorException(response)
elif response.status_code == 404:
raise http.ObjectNotFoundException(response)
return response.json() if json else response
[docs]@register_command(extending=('alarms','v1','alarm'))
def delete_alarm(id: int,json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict:
"""Delete existing alarm (INTERNAL)
:param int id: ID of Alarm
:raises AuthenticationFailedException: on 401
:raises ValidationErrorException: on 412
:raises AccessDeniedException: on 403
:raises ObjectNotFoundException: on 404
:returns: {"offset": 958, "limit": 444, "responseCode": 200, "count": 106, "metaData": {"additionalProperties": {}}, "messages": [{"message": "Eye realize where college contain professor forget.", "messageTemplate": "Try inside find skill science picture do.", "field": "Term security million head organization style produce firm.", "parameter": {}, "timestamp": 1431124237}], "currentPage": 620, "size": 35}
"""
from requests import delete
from argus_api.exceptions import http
url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/alarms/v1/alarm/{id}".format(id=id)
headers = {
'Content-Type': 'application/json',
'User-Agent': 'ArgusToolbelt/1.0'
}
if apiKey:
headers["Argus-API-Key"] = apiKey
elif authentication and isinstance(authentication, dict):
headers.update(authentication)
elif callable(authentication):
headers.update(authentication(url))
body = {}
response = delete(url, json=body if body else None, verify=verify, headers=headers)
errors = []
if response.status_code == 401:
raise http.AuthenticationFailedException(response)
elif response.status_code == 403:
raise http.AccessDeniedException(response)
elif response.status_code == 412:
raise http.ValidationErrorException(response)
elif response.status_code == 404:
raise http.ObjectNotFoundException(response)
return response.json() if json else response
[docs]@register_command(extending=('alarms','v1','alarm'))
def map_to_alarm(id: int, signatures: list = None,json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict:
"""Map signatures to alarm (INTERNAL)
:param int id: ID of Alarm
:param list signatures: Signatures (exist/new) to be mapped to the alarm => Sanitize by regex [a-zA-Z0-9_/:@~!\+\-\.\?]*
:raises AuthenticationFailedException: on 401
:raises ValidationErrorException: on 412
:raises AccessDeniedException: on 403
:returns: {"offset": 208, "limit": 664, "responseCode": 200, "count": 490, "metaData": {"additionalProperties": {}}, "messages": [{"message": "Ever bring add much senior.", "messageTemplate": "Wait cost doctor deep watch analysis hair.", "field": "Unit task concern happy.", "parameter": {}, "timestamp": 175609667}], "currentPage": 791, "size": 891}
"""
from requests import post
from argus_api.exceptions import http
url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/alarms/v1/alarm/{id}/map".format(id=id)
headers = {
'Content-Type': 'application/json',
'User-Agent': 'ArgusToolbelt/1.0'
}
if apiKey:
headers["Argus-API-Key"] = apiKey
elif authentication and isinstance(authentication, dict):
headers.update(authentication)
elif callable(authentication):
headers.update(authentication(url))
body = {}
if signatures:
body.update({"signatures": signatures})
response = post(url, json=body if body else None, verify=verify, headers=headers)
errors = []
if response.status_code == 401:
raise http.AuthenticationFailedException(response)
elif response.status_code == 403:
raise http.AccessDeniedException(response)
elif response.status_code == 412:
raise http.ValidationErrorException(response)
elif response.status_code == 404:
raise http.ObjectNotFoundException(response)
return response.json() if json else response
[docs]@register_command(extending=('alarms','v1','alarm'))
def unmap(id: int, signature: list = None,json: bool = True, verify: bool = True, apiKey: str = "", authentication: dict = {}) -> dict:
"""Unmap signatures from alarm (INTERNAL)
:param int id: ID of Alarm
:param list signature: Signatures to unmap
:raises AuthenticationFailedException: on 401
:raises ValidationErrorException: on 412
:raises AccessDeniedException: on 403
:returns: {"offset": 695, "limit": 177, "responseCode": 200, "count": 745, "metaData": {"additionalProperties": {}}, "messages": [{"message": "Water factor audience someone shoulder interesting article.", "messageTemplate": "Single unit body close reason.", "field": "History policy cut ground grow.", "parameter": {}, "timestamp": 885686476}], "currentPage": 679, "size": 337}
"""
from requests import delete
from argus_api.exceptions import http
url = "https://osl-argus-trunk-web1.mnemonic.no/web/api/alarms/v1/alarm/{id}/unmap".format(id=id)
headers = {
'Content-Type': 'application/json',
'User-Agent': 'ArgusToolbelt/1.0'
}
if apiKey:
headers["Argus-API-Key"] = apiKey
elif authentication and isinstance(authentication, dict):
headers.update(authentication)
elif callable(authentication):
headers.update(authentication(url))
body = {}
if signature:
body.update({"signature": signature})
response = delete(url, json=body if body else None, verify=verify, headers=headers)
errors = []
if response.status_code == 401:
raise http.AuthenticationFailedException(response)
elif response.status_code == 403:
raise http.AccessDeniedException(response)
elif response.status_code == 412:
raise http.ValidationErrorException(response)
elif response.status_code == 404:
raise http.ObjectNotFoundException(response)
return response.json() if json else response