def _buildRequest(self, offset, limit, sort, event_filter, exclusion_filter): req = EventSummaryRequest() if event_filter is not None: req.event_filter.MergeFrom(event_filter) if exclusion_filter is not None: req.exclusion_filter.MergeFrom(exclusion_filter) for eventSort in filter(None, listify(sort)): sort = req.sort.add() sort.MergeFrom(eventSort) req.offset = offset req.limit = limit return req
def createEventFilter(self, severity=(), status=(), event_class=(), first_seen=None, last_seen=None, status_change=None, update_time=None, count_range=None, element_identifier=(), element_title=(), element_sub_identifier=(), element_sub_title=(), uuid=(), event_summary=None, tags=(), fingerprint=(), agent=(), monitor=(), event_key=(), current_user_name=(), subfilter=(), operator=None, details=None, event_class_key=(), event_group=(), message=()): """Creates a filter based on passed arguments. Caller is responsible for handling the include-zero-items case. For example, passing an empty uuid tuple won't filter by uuid so includes everything. """ filter = {} if uuid: filter['uuid'] = uuid if event_summary: filter['event_summary'] = self._createFullTextSearch(event_summary) if event_class: filter['event_class'] = event_class if status: filter['status'] = status if severity: filter['severity'] = severity if first_seen: filter['first_seen'] = self._timeRange(first_seen) if last_seen: filter['last_seen'] = self._timeRange(last_seen) if status_change: filter['status_change'] = self._timeRange(status_change) if update_time: filter['update_time'] = self._timeRange(update_time) # These tags come from params, which means for some reason someone is filtering manually on a tag. if tags: filter['tag_filter'] = {'tag_uuids': tags} if count_range: if not isinstance(count_range, (tuple, list)): try: count = int(count_range) count_range = (count, count) except ValueError: match = ZepService.COUNT_REGEX.match(count_range) if not match: raise ValueError('Invalid range: %s' % (count_range)) count_range = (match.group('from'), match.group('to')) filter['count_range'] = {} count_from, count_to = count_range if count_from is not None: filter['count_range']['from'] = int(count_from) if count_to is not None: filter['count_range']['to'] = int(count_to) if element_identifier: filter['element_identifier'] = self._create_identifier_filter(element_identifier) if element_title: filter['element_title'] = self._create_identifier_filter(element_title) if element_sub_identifier: filter['element_sub_identifier'] = self._create_identifier_filter(element_sub_identifier) if element_sub_title: filter['element_sub_title'] = self._create_identifier_filter(element_sub_title) if fingerprint: filter['fingerprint'] = fingerprint if agent: filter['agent'] = agent if monitor: filter['monitor'] = monitor if event_key: filter['event_key'] = event_key if current_user_name: filter['current_user_name'] = current_user_name if subfilter: filter['subfilter'] = subfilter if details: filter['details'] = self._createEventDetailFilter(details) if event_class_key: filter['event_class_key'] = event_class_key if event_group: filter['event_group'] = event_group if message: filter['message'] = self._createFullTextSearch(message) # Everything's repeated on the protobuf, so listify result = dict((k, listify(v)) for k, v in filter.iteritems()) if operator: result['operator'] = operator return result
def createEventFilter(self, severity=(), status=(), event_class=(), first_seen=None, last_seen=None, status_change=None, update_time=None, count_range=None, element_identifier=(), element_title=(), element_sub_identifier=(), element_sub_title=(), uuid=(), event_summary=None, tags=(), fingerprint=(), agent=(), monitor=(), event_key=(), current_user_name=(), subfilter=(), operator=None, details=None, event_class_key=(), event_group=(), message=()): """ Creates a filter based on passed arguments. Caller is responsible for handling the include-zero-items case. For example, passing an empty uuid tuple won't filter by uuid so includes everything. """ filter = {} if uuid: filter['uuid'] = uuid if event_summary: filter['event_summary'] = self._createFullTextSearch(event_summary) if event_class: filter['event_class'] = event_class if status: filter['status'] = status if severity: filter['severity'] = severity if first_seen: filter['first_seen'] = self._timeRange(first_seen) if last_seen: filter['last_seen'] = self._timeRange(last_seen) if status_change: filter['status_change'] = self._timeRange(status_change) if update_time: filter['update_time'] = self._timeRange(update_time) # These tags come from params, which means for some reason someone is filtering manually on a tag. if tags: filter['tag_filter'] = {'tag_uuids': tags} if count_range: if not isinstance(count_range, (tuple, list)): try: count = int(count_range) count_range = (count, count) except ValueError: match = ZepFacade.COUNT_REGEX.match(count_range) if not match: raise ValueError('Invalid range: %s' % (count_range)) count_range = (match.group('from'), match.group('to')) filter['count_range'] = {} count_from, count_to = count_range if count_from is not None: filter['count_range']['from'] = int(count_from) if count_to is not None: filter['count_range']['to'] = int(count_to) if element_identifier: filter['element_identifier'] = self._create_identifier_filter(element_identifier) if element_title: filter['element_title'] = self._create_identifier_filter(element_title) if element_sub_identifier: filter['element_sub_identifier'] = self._create_identifier_filter(element_sub_identifier) if element_sub_title: filter['element_sub_title'] = self._create_identifier_filter(element_sub_title) if fingerprint: filter['fingerprint'] = fingerprint if agent: filter['agent'] = agent if monitor: filter['monitor'] = monitor if event_key: filter['event_key'] = event_key if current_user_name: filter['current_user_name'] = current_user_name if subfilter: filter['subfilter'] = subfilter if details: filter['details'] = self._createEventDetailFilter(details) if event_class_key: filter['event_class_key'] = event_class_key if event_group: filter['event_group'] = event_group if message: filter['message'] = self._createFullTextSearch(message) # Everything's repeated on the protobuf, so listify result = dict((k, listify(v)) for k,v in filter.iteritems()) if operator: result['operator'] = operator return result