""" url = f"{INGESTION_API_BASE_URL}/v2/entities:batchCreate" body = { "customer_id": customer_id, "log_type": log_type, "entities": json.loads(json_entities), } response = http_session.request("POST", url, json=body) response.raise_for_status() if __name__ == "__main__": parser = argparse.ArgumentParser() chronicle_auth.add_argument_credentials_file(parser) regions.add_argument_region(parser) parser.add_argument("--customer_id", type=str, required=True, help="the customer UUID") parser.add_argument("--log_type", type=str, required=True, help="the log type") parser.add_argument( "--json_entities_file", type=argparse.FileType("r"), required=True, help="path to a file (or \"-\" for STDIN) containing a list of Entity " "events in JSON format")
def initialize_command_line_args( args: Optional[Sequence[str]] = None) -> Optional[argparse.Namespace]: """Initializes and checks all the command-line arguments.""" parser = argparse.ArgumentParser() chronicle_auth.add_argument_credentials_file(parser) regions.add_argument_region(parser) parser.add_argument("-n", "--hostname", type=str, required=False, help="asset hostname") parser.add_argument("-i", "--ip_address", type=str, required=False, help="asset IP address") parser.add_argument("-m", "--mac_address", type=str, required=False, help="asset MAC address") parser.add_argument( "-p", "--product_id", type=str, required=False, help="event ID from the product that generated the event") parser.add_argument( "-ts", "--start_time", type=datetime_converter.iso8601_datetime_utc, required=True, help=("beginning of time range, as an ISO 8601 string " + "('yyyy-mm-ddThh:mm:ss')")) parser.add_argument("-te", "--end_time", type=datetime_converter.iso8601_datetime_utc, required=True, help="end of time range, also as an ISO 8601 string") parser.add_argument( "-tr", "--ref_time", type=datetime_converter.iso8601_datetime_utc, required=True, help="reference time to disambiguate assets, also as an ISO 8601 string" ) parser.add_argument( "-tl", "--local_time", action="store_true", help=( "time is specified in the system's local timezone (default = UTC)" )) parser.add_argument( "-s", "--page_size", type=int, required=False, help="maximum number of events to return (1-10,000, default = maximum)" ) # Sanity checks for the command-line arguments. parsed_args = parser.parse_args(args) asset_indicators = (parsed_args.hostname, parsed_args.ip_address, parsed_args.mac_address, parsed_args.product_id) if sum([1 for i in asset_indicators if i is not None]) != 1: print("Error: specify exactly one asset indicator") return None s, e, r = parsed_args.start_time, parsed_args.end_time, parsed_args.ref_time if parsed_args.local_time: s = s.replace(tzinfo=None).astimezone(datetime.timezone.utc) e = e.replace(tzinfo=None).astimezone(datetime.timezone.utc) r = r.replace(tzinfo=None).astimezone(datetime.timezone.utc) if s > datetime.datetime.utcnow().astimezone(datetime.timezone.utc): print("Error: start time should not be in the future") return None if r > datetime.datetime.utcnow().astimezone(datetime.timezone.utc): print("Error: reference time should not be in the future") return None if s >= e: print( "Error: start time should not be same as or later than the end time" ) return None ps = parsed_args.page_size or 0 if ps < 0 or ps > 10000: print( "Error: page size valid range is 0-10,000 (0 = default = maximum)") return None return parsed_args