laceworksdk.api.v2.queries
Lacework Queries API wrapper.
Module Contents
Classes
A class used to represent the Queries API endpoint |
- class laceworksdk.api.v2.queries.QueriesAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Queries API endpoint
Queries are the mechanism used to interactively request information from a specific curated datasource. Queries have a defined structure for authoring detections.
- property session
Get the
HttpSession
instance the object is using.
- create(query_id, query_text, evaluator_id=None, **request_params)[source]
A method to create a new Queries object.
- Parameters:
query_id (str) – Name of the new query.
query_text (str) – The object query text.
evaluator_id (str, optional) – A string representing the evaluator in which the query is to be run.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The newly created query
- Return type:
dict
- get(query_id=None)[source]
A method to get registered queries. Using no args will get all registered queries.
- Parameters:
query_id (str, optional) – The query ID to get.
- Returns:
The requested querie(s)
- Return type:
dict
- get_by_id(query_id)[source]
A method to get a Queries object by query ID.
- Parameters:
query_id (str) – The query ID to get.
- Returns:
The requested querie(s)
- Return type:
dict
- execute(evaluator_id=None, query_id=None, query_text=None, arguments={})[source]
A method to execute a Queries object.
- Parameters:
evaluator_id (str, optional) – The evaluator in which the query object is to be run.
query_id (str, optional) – The query ID.
query_text (str) – The query text.
str (arguments (dict of) – str): A dictionary of key/value pairs to be used as arguments in the query object.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The query results
- Return type:
dict
- execute_by_id(query_id, arguments={})[source]
A method to execute a Queries object by query ID.
- Parameters:
query_id (str) – The query ID to execute
str (arguments (dict of) – str): A dictionary of key/value pairs to be used as arguments in the query object.
- Returns:
The query results
- Return type:
dict
- validate(query_text, evaluator_id=None, **request_params)[source]
A method to validate a Queries object.
- Parameters:
query_text (str) – The query text to validate
evaluator_id (str, optional) – The evaluator in which the query is to be run.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
Validation Results
- Return type:
dict
- update(query_id, query_text, **request_params)[source]
A method to update a Queries object.
- Parameters:
query_id (str) – Name of the new query.
query_text (str, optional) – The object query text.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The updated created query
- Return type:
dict
- delete(query_id)[source]
A method to delete a query.
- Parameters:
query_id (str) – The ID of the query to delete
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict