"""
url = f"{INGESTION_API_BASE_URL}/v2/entities:batchCreate"
body = {
"customer_id": customer_id,
"log_type": log_type,
"entities": json.loads(json_entities),
}
response = http_session.request("POST", url, json=body)
response.raise_for_status()
if __name__ == "__main__":
parser = argparse.ArgumentParser()
chronicle_auth.add_argument_credentials_file(parser)
regions.add_argument_region(parser)
parser.add_argument("--customer_id",
type=str,
required=True,
help="the customer UUID")
parser.add_argument("--log_type",
type=str,
required=True,
help="the log type")
parser.add_argument(
"--json_entities_file",
type=argparse.FileType("r"),
required=True,
help="path to a file (or \"-\" for STDIN) containing a list of Entity "
"events in JSON format")
def initialize_command_line_args(
args: Optional[Sequence[str]] = None) -> Optional[argparse.Namespace]:
"""Initializes and checks all the command-line arguments."""
parser = argparse.ArgumentParser()
chronicle_auth.add_argument_credentials_file(parser)
regions.add_argument_region(parser)
parser.add_argument("-n",
"--hostname",
type=str,
required=False,
help="asset hostname")
parser.add_argument("-i",
"--ip_address",
type=str,
required=False,
help="asset IP address")
parser.add_argument("-m",
"--mac_address",
type=str,
required=False,
help="asset MAC address")
parser.add_argument(
"-p",
"--product_id",
type=str,
required=False,
help="event ID from the product that generated the event")
parser.add_argument(
"-ts",
"--start_time",
type=datetime_converter.iso8601_datetime_utc,
required=True,
help=("beginning of time range, as an ISO 8601 string " +
"('yyyy-mm-ddThh:mm:ss')"))
parser.add_argument("-te",
"--end_time",
type=datetime_converter.iso8601_datetime_utc,
required=True,
help="end of time range, also as an ISO 8601 string")
parser.add_argument(
"-tr",
"--ref_time",
type=datetime_converter.iso8601_datetime_utc,
required=True,
help="reference time to disambiguate assets, also as an ISO 8601 string"
)
parser.add_argument(
"-tl",
"--local_time",
action="store_true",
help=(
"time is specified in the system's local timezone (default = UTC)"
))
parser.add_argument(
"-s",
"--page_size",
type=int,
required=False,
help="maximum number of events to return (1-10,000, default = maximum)"
)
# Sanity checks for the command-line arguments.
parsed_args = parser.parse_args(args)
asset_indicators = (parsed_args.hostname, parsed_args.ip_address,
parsed_args.mac_address, parsed_args.product_id)
if sum([1 for i in asset_indicators if i is not None]) != 1:
print("Error: specify exactly one asset indicator")
return None
s, e, r = parsed_args.start_time, parsed_args.end_time, parsed_args.ref_time
if parsed_args.local_time:
s = s.replace(tzinfo=None).astimezone(datetime.timezone.utc)
e = e.replace(tzinfo=None).astimezone(datetime.timezone.utc)
r = r.replace(tzinfo=None).astimezone(datetime.timezone.utc)
if s > datetime.datetime.utcnow().astimezone(datetime.timezone.utc):
print("Error: start time should not be in the future")
return None
if r > datetime.datetime.utcnow().astimezone(datetime.timezone.utc):
print("Error: reference time should not be in the future")
return None
if s >= e:
print(
"Error: start time should not be same as or later than the end time"
)
return None
ps = parsed_args.page_size or 0
if ps < 0 or ps > 10000:
print(
"Error: page size valid range is 0-10,000 (0 = default = maximum)")
return None
return parsed_args