if arg is None: return query = ctx.obj.sdk.securitydata.savedsearches.get_query(arg) return query saved_search_option = click.option( "--saved-search", help="Get events from a saved search filter with the given ID.", callback=_get_saved_search_query, cls=incompatible_with("advanced_query"), ) begin_option = opt.begin_option( SECURITY_DATA_KEYWORD, callback=lambda ctx, param, arg: convert_datetime_to_timestamp( limit_date_range(arg, max_days_back=90)), ) end_option = opt.end_option(SECURITY_DATA_KEYWORD) checkpoint_option = opt.checkpoint_option( SECURITY_DATA_KEYWORD, cls=searchopt.AdvancedQueryAndSavedSearchIncompatible) advanced_query_option = searchopt.advanced_query_option(SECURITY_DATA_KEYWORD) def search_options(f): f = checkpoint_option(f) f = advanced_query_option(f) f = end_option(f) f = begin_option(f) return f
AUDIT_LOGS_KEYWORD = "audit-logs" def _get_audit_logs_default_header(): return { "timestamp": "Timestamp", "type$": "Type", "actorName": "ActorName", "actorIpAddress": "ActorIpAddress", "userName": "******", "userId": "AffectedUserUID", } begin_option = opt.begin_option( AUDIT_LOGS_KEYWORD, callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg), ) end_option = opt.end_option( AUDIT_LOGS_KEYWORD, callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg), ) filter_option_usernames = click.option( "--actor-username", required=False, help="Filter results by actor usernames.", multiple=True, ) filter_option_user_ids = click.option( "--actor-user-id", required=False, help="Filter results by actor user IDs.",