if arg is None:
return
query = ctx.obj.sdk.securitydata.savedsearches.get_query(arg)
return query
saved_search_option = click.option(
"--saved-search",
help="Get events from a saved search filter with the given ID.",
callback=_get_saved_search_query,
cls=incompatible_with("advanced_query"),
)
begin_option = opt.begin_option(
SECURITY_DATA_KEYWORD,
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(
limit_date_range(arg, max_days_back=90)),
)
end_option = opt.end_option(SECURITY_DATA_KEYWORD)
checkpoint_option = opt.checkpoint_option(
SECURITY_DATA_KEYWORD,
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible)
advanced_query_option = searchopt.advanced_query_option(SECURITY_DATA_KEYWORD)
def search_options(f):
f = checkpoint_option(f)
f = advanced_query_option(f)
f = end_option(f)
f = begin_option(f)
return f
AUDIT_LOGS_KEYWORD = "audit-logs"
def _get_audit_logs_default_header():
return {
"timestamp": "Timestamp",
"type$": "Type",
"actorName": "ActorName",
"actorIpAddress": "ActorIpAddress",
"userName": "******",
"userId": "AffectedUserUID",
}
begin_option = opt.begin_option(
AUDIT_LOGS_KEYWORD,
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg),
)
end_option = opt.end_option(
AUDIT_LOGS_KEYWORD,
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg),
)
filter_option_usernames = click.option(
"--actor-username",
required=False,
help="Filter results by actor usernames.",
multiple=True,
)
filter_option_user_ids = click.option(
"--actor-user-id",
required=False,
help="Filter results by actor user IDs.",
