"--saved-search", help="Get events from a saved search filter with the given ID.", callback=_get_saved_search_query, cls=incompatible_with("advanced_query"), ) begin_option = opt.begin_option( SECURITY_DATA_KEYWORD, callback=lambda ctx, param, arg: convert_datetime_to_timestamp( limit_date_range(arg, max_days_back=90)), ) end_option = opt.end_option(SECURITY_DATA_KEYWORD) checkpoint_option = opt.checkpoint_option( SECURITY_DATA_KEYWORD, cls=searchopt.AdvancedQueryAndSavedSearchIncompatible) advanced_query_option = searchopt.advanced_query_option(SECURITY_DATA_KEYWORD) def search_options(f): f = checkpoint_option(f) f = advanced_query_option(f) f = end_option(f) f = begin_option(f) return f def file_event_options(f): f = exposure_type_option(f) f = username_option(f) f = actor_option(f) f = md5_option(f)
from code42cli.date_helper import limit_date_range from code42cli.file_readers import read_csv_arg from code42cli.options import format_option from code42cli.output_formats import JsonOutputFormat from code42cli.output_formats import OutputFormat from code42cli.output_formats import OutputFormatter ALERTS_KEYWORD = "alerts" begin = opt.begin_option( ALERTS_KEYWORD, callback=lambda ctx, param, arg: convert_datetime_to_timestamp( limit_date_range(arg, max_days_back=90)), ) end = opt.end_option(ALERTS_KEYWORD) checkpoint = opt.checkpoint_option(ALERTS_KEYWORD) advanced_query = searchopt.advanced_query_option(ALERTS_KEYWORD) severity_option = click.option( "--severity", multiple=True, type=click.Choice(Severity.choices()), cls=searchopt.AdvancedQueryAndSavedSearchIncompatible, callback=searchopt.is_in_filter(f.Severity), help="Filter alerts by severity. Defaults to returning all severities.", ) filter_state_option = click.option( "--state", multiple=True, type=click.Choice(AlertState.choices()), cls=searchopt.AdvancedQueryAndSavedSearchIncompatible, callback=searchopt.is_in_filter(f.AlertState), help="Filter alerts by status. Defaults to returning all statuses.",