def running_search_query_cancel_command(client: DataExplorerClient, args: Dict[str, Any]) -> \
CommandResults:
"""
Cancel currently running search query command.
Args:
client (DataExplorerClient): Azure Data Explorer API client.
args (Dict[str, Any]): Command arguments from XSOAR.
Returns:
CommandResults: Command results with raw response, outputs and readable outputs.
"""
client_activity_id = str(args['client_activity_id'])
database_name = str(args['database_name'])
reason = str(args.get('reason'))
response = client.running_search_query_delete_request(
database_name, client_activity_id, reason)
response_kusto_dataset = KustoResponseDataSetV1(response)
outputs = convert_kusto_response_to_dict(response_kusto_dataset)
readable_output = tableToMarkdown(
f'Canceled Search Query {client_activity_id}',
outputs,
headers=['ClientRequestId', 'ReasonPhrase', 'RunningQueryCanceled'],
headerTransform=pascalToSpace)
command_results = CommandResults(
outputs_prefix='AzureDataExplorer.CanceledSearchQuery',
outputs_key_field='ClientRequestId',
outputs=outputs,
raw_response=response,
readable_output=readable_output)
return command_results
def search_query_execute_command(client: DataExplorerClient,
args: Dict[str, Any]) -> CommandResults:
"""
Execute search query command.
Args:
client (DataExplorerClient): Azure Data Explorer API client.
args (Dict[str, Any]): Command arguments from XSOAR.
Returns:
CommandResults: Command results with raw response, outputs and readable outputs.
"""
query = str(args['query'])
database_name = str(args['database_name'])
timeout = Decimal(args.get('timeout', '5'))
if timeout < 0 or timeout > 60:
raise ValueError(
"Timeout argument should be a float number between 0 to 60.")
client_activity_id = f"{client.client_activity_prefix};{uuid.uuid4()}"
response = client.search_query_execute_request(database_name, query,
timeout, client_activity_id)
response_kusto_dataset = KustoResponseDataSetV1(response)
primary_results = convert_kusto_response_to_dict(response_kusto_dataset)
outputs = {
'Database': database_name,
'Query': query,
'ClientActivityID': client_activity_id,
'PrimaryResults': primary_results
}
readable_output = tableToMarkdown(
f'Results of executing search query with client activity ID: {client_activity_id}',
primary_results,
headerTransform=pascalToSpace)
command_results = CommandResults(
outputs_prefix='AzureDataExplorer.SearchQueryResults',
outputs_key_field='ClientActivityID',
outputs=outputs,
raw_response=response,
readable_output=readable_output)
return command_results
def retrieve_command_results_of_list_commands(
response: Dict[str, Any], base_header: str, page: int, page_size: int,
limit: int, outputs_prefix: str) -> CommandResults:
"""
Retrieves the command results of list commands.
Args:
response (Dict[str,Any]): API response from Azure.
base_header: (str) Header prefix in the readable output.
page (int): Page number.
page_size (int): Page size.
limit (int): Page size.
outputs_prefix (str): Command context outputs prefix.
Returns:
CommandResults: List Command results.
"""
response_kusto_dataset = KustoResponseDataSetV1(response)
total_rows = response_kusto_dataset.primary_results[0].rows_count
outputs = convert_kusto_response_to_dict(response_kusto_dataset, page,
page_size, limit)
readable_header = format_header_for_list_commands(base_header, total_rows,
page, page_size, limit)
readable_output = tableToMarkdown(readable_header,
outputs,
headers=[
'ClientActivityId', 'User', 'Text',
'Database', 'StartedOn',
'LastUpdatedOn', 'State'
],
headerTransform=pascalToSpace)
command_results = CommandResults(outputs_prefix=outputs_prefix,
outputs_key_field='ClientActivityId',
outputs=outputs,
raw_response=response,
readable_output=readable_output)
return command_results
def test_convert_kusto_response_to_dict():
"""
Scenario: Convert kusto Response Dataset to dict object.
Given:
- User has provided valid credentials.
- Database name provided.
- A response returned from the API.
When:
- Following a successful API call to Azure Data Explorer API.
Then:
- Ensure number of items is correct.
- Ensure that time attributes in str format
"""
from AzureDataExplorer import convert_kusto_response_to_dict
from azure.kusto.data.response import KustoResponseDataSetV1
mock_response = json.loads(load_mock_response('execute_query.json'))
kusto_format_response = KustoResponseDataSetV1(mock_response)
dict_kusto = convert_kusto_response_to_dict(kusto_format_response,
page=1,
limit=1)
assert len(dict_kusto) == 1
assert type(dict_kusto[0]['StartTime']) == str
assert type(dict_kusto[0]['EndTime']) == str