:py:mod:`laceworksdk.api.v2.queries`
====================================

.. py:module:: laceworksdk.api.v2.queries

.. autoapi-nested-parse::

   Lacework Queries API wrapper.



Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   laceworksdk.api.v2.queries.QueriesAPI




.. py:class:: QueriesAPI(session)


   Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint`

   A class used to represent the `Queries API endpoint <https://docs.lacework.net/api/v2/docs/#tag/Queries>`_

   Queries are the mechanism used to interactively request information from a specific curated datasource.     Queries have a defined structure for authoring detections.

   .. py:property:: session

      Get the :class:`HttpSession` instance the object is using.

   .. py:method:: create(query_id, query_text, evaluator_id=None, **request_params)

      A method to create a new Queries object.

      :param query_id: Name of the new query.
      :type query_id: str
      :param query_text: The object query text.
      :type query_text: str
      :param evaluator_id: A string representing the evaluator in which the           query is to be run.
      :type evaluator_id: str, optional
      :param request_params: Use to pass any additional parameters the API
      :type request_params: dict, optional

      :returns: The newly created query
      :rtype: dict


   .. py:method:: get(query_id=None)

      A method to get registered queries. Using no args will get all registered queries.

      :param query_id: The query ID to get.
      :type query_id: str, optional

      :returns: The requested querie(s)
      :rtype: dict


   .. py:method:: get_by_id(query_id)

      A method to get a Queries object by query ID.

      :param query_id: The query ID to get.
      :type query_id: str

      :returns: The requested querie(s)
      :rtype: dict


   .. py:method:: execute(evaluator_id=None, query_id=None, query_text=None, arguments={})

      A method to execute a Queries object.

      :param evaluator_id: The evaluator in which the query object is to be run.
      :type evaluator_id: str, optional
      :param query_id: The query ID.
      :type query_id: str, optional
      :param query_text: The query text.
      :type query_text: str
      :param arguments (dict of str: str): A dictionary of key/value pairs to be used as arguments in the query object.
      :param request_params: Use to pass any additional parameters the API
      :type request_params: dict, optional

      :returns: The query results
      :rtype: dict


   .. py:method:: execute_by_id(query_id, arguments={})

      A method to execute a Queries object by query ID.

      :param query_id: The query ID to execute
      :type query_id: str
      :param arguments (dict of str: str): A dictionary of key/value pairs to be used as arguments in the query object.

      :returns: The query results
      :rtype: dict


   .. py:method:: validate(query_text, evaluator_id=None, **request_params)

      A method to validate a Queries object.

      :param query_text: The query text to validate
      :type query_text: str
      :param evaluator_id: The evaluator in which the query is to be run.
      :type evaluator_id: str, optional
      :param request_params: Use to pass any additional parameters the API
      :type request_params: dict, optional

      :returns: Validation Results
      :rtype: dict


   .. py:method:: update(query_id, query_text, **request_params)

      A method to update a Queries object.

      :param query_id: Name of the new query.
      :type query_id: str
      :param query_text: The object query text.
      :type query_text: str, optional
      :param request_params: Use to pass any additional parameters the API
      :type request_params: dict, optional

      :returns: The updated created query
      :rtype: dict


   .. py:method:: delete(query_id)

      A method to delete a query.

      :param query_id: The ID of the query to delete
      :type query_id: str

      :returns: a Requests response object containing the response code
      :rtype: requests.models.Response


   .. py:method:: search(json=None)

      A method to search objects.

      See the API documentation for this API endpoint for valid fields to search against.

      NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them,
      depending on the operation you are using.

      :param json: The desired search parameters:

                   - timeFilter (dict, optional): A dict containing the time frame for the search:

                       - startTime (str): The start time for the search
                       - endTime (str): The end time for the search

                   - filters (list of dict, optional): Filters based on field contents:

                       - field (str): The name of the data field to which the condition applies

                       - expression (str): The comparison operator for the filter condition. Valid values are:


                       "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge",                 "lt", "le", "between"


                       - value (str, optional):  The value that the condition checks for in the specified field. Use this attribute                 when using an operator that requires a single value.
                       - values (list of str, optional): The values that the condition checks for in the specified field. Use this                 attribute when using an operator that requires multiple values.
                   - returns (list of str, optional): The fields to return
      :type json: dict

      :returns: returns a dict containing the search results
      :rtype: dict