"--saved-search",
help="Get events from a saved search filter with the given ID.",
callback=_get_saved_search_query,
cls=incompatible_with("advanced_query"),
)
begin_option = opt.begin_option(
SECURITY_DATA_KEYWORD,
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(
limit_date_range(arg, max_days_back=90)),
)
end_option = opt.end_option(SECURITY_DATA_KEYWORD)
checkpoint_option = opt.checkpoint_option(
SECURITY_DATA_KEYWORD,
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible)
advanced_query_option = searchopt.advanced_query_option(SECURITY_DATA_KEYWORD)
def search_options(f):
f = checkpoint_option(f)
f = advanced_query_option(f)
f = end_option(f)
f = begin_option(f)
return f
def file_event_options(f):
f = exposure_type_option(f)
f = username_option(f)
f = actor_option(f)
f = md5_option(f)
from code42cli.date_helper import limit_date_range
from code42cli.file_readers import read_csv_arg
from code42cli.options import format_option
from code42cli.output_formats import JsonOutputFormat
from code42cli.output_formats import OutputFormat
from code42cli.output_formats import OutputFormatter
ALERTS_KEYWORD = "alerts"
begin = opt.begin_option(
ALERTS_KEYWORD,
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(
limit_date_range(arg, max_days_back=90)),
)
end = opt.end_option(ALERTS_KEYWORD)
checkpoint = opt.checkpoint_option(ALERTS_KEYWORD)
advanced_query = searchopt.advanced_query_option(ALERTS_KEYWORD)
severity_option = click.option(
"--severity",
multiple=True,
type=click.Choice(Severity.choices()),
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,
callback=searchopt.is_in_filter(f.Severity),
help="Filter alerts by severity. Defaults to returning all severities.",
)
filter_state_option = click.option(
"--state",
multiple=True,
type=click.Choice(AlertState.choices()),
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,
callback=searchopt.is_in_filter(f.AlertState),
help="Filter alerts by status. Defaults to returning all statuses.",