class APIClient:
def __init__(self, connection, configuration):
self.endpoint = (PROTOCOL + URL +
ENDPOINT) % (connection.get("region"))
self.auth = configuration.get('auth')
self.client = SumoLogic(self.auth.get("access_id"),
self.auth.get("access_key"),
endpoint=self.endpoint)
def ping_data_source(self):
# Pings the data source
self.client.collectors()
return SumoLogicResponse(200, True)
def create_search(self, query_expression):
# Queries the data source
query_expression = json.loads(query_expression)
search_job = self.client.search_job(query_expression['query'],
query_expression['fromTime'],
query_expression['toTime'])
return SumoLogicResponse(200, search_job['id'])
def get_search_status(self, search_id):
# Check the current status of the search
search_id = {"id": search_id}
status = self.client.search_job_status(search_id)
return SumoLogicResponse(200, status['state'])
def get_search_results(self, search_id, offset, limit):
# Return the search results. Results must be in JSON format before being translated into STIX
search_id = {"id": search_id}
result = self.client.search_job_messages(search_id, limit, offset)
response = (self.client.get("/users"))
user_details = response.json()["data"][0]
results = [r['map'] for r in result['messages']]
for r in results:
r.update(user_details)
r["displayName"] = user_details["firstName"] + " " + user_details[
"lastName"]
return SumoLogicResponse(200, results)
def delete_search(self, search_id):
# Optional since this may not be supported by the data source API
# Delete the search
search_id = {"id": search_id}
x = self.client.delete_search_job(search_id)
return SumoLogicResponse(200, x.json())
