コード例 #1
0
  """
    url = f"{INGESTION_API_BASE_URL}/v2/entities:batchCreate"
    body = {
        "customer_id": customer_id,
        "log_type": log_type,
        "entities": json.loads(json_entities),
    }

    response = http_session.request("POST", url, json=body)
    response.raise_for_status()


if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    chronicle_auth.add_argument_credentials_file(parser)
    regions.add_argument_region(parser)
    parser.add_argument("--customer_id",
                        type=str,
                        required=True,
                        help="the customer UUID")
    parser.add_argument("--log_type",
                        type=str,
                        required=True,
                        help="the log type")
    parser.add_argument(
        "--json_entities_file",
        type=argparse.FileType("r"),
        required=True,
        help="path to a file (or \"-\" for STDIN) containing a list of Entity "
        "events in JSON format")
コード例 #2
0
def initialize_command_line_args(
        args: Optional[Sequence[str]] = None) -> Optional[argparse.Namespace]:
    """Initializes and checks all the command-line arguments."""
    parser = argparse.ArgumentParser()
    chronicle_auth.add_argument_credentials_file(parser)
    regions.add_argument_region(parser)

    parser.add_argument("-n",
                        "--hostname",
                        type=str,
                        required=False,
                        help="asset hostname")
    parser.add_argument("-i",
                        "--ip_address",
                        type=str,
                        required=False,
                        help="asset IP address")
    parser.add_argument("-m",
                        "--mac_address",
                        type=str,
                        required=False,
                        help="asset MAC address")
    parser.add_argument(
        "-p",
        "--product_id",
        type=str,
        required=False,
        help="event ID from the product that generated the event")

    parser.add_argument(
        "-ts",
        "--start_time",
        type=datetime_converter.iso8601_datetime_utc,
        required=True,
        help=("beginning of time range, as an ISO 8601 string " +
              "('yyyy-mm-ddThh:mm:ss')"))
    parser.add_argument("-te",
                        "--end_time",
                        type=datetime_converter.iso8601_datetime_utc,
                        required=True,
                        help="end of time range, also as an ISO 8601 string")
    parser.add_argument(
        "-tr",
        "--ref_time",
        type=datetime_converter.iso8601_datetime_utc,
        required=True,
        help="reference time to disambiguate assets, also as an ISO 8601 string"
    )
    parser.add_argument(
        "-tl",
        "--local_time",
        action="store_true",
        help=(
            "time is specified in the system's local timezone (default = UTC)"
        ))

    parser.add_argument(
        "-s",
        "--page_size",
        type=int,
        required=False,
        help="maximum number of events to return (1-10,000, default = maximum)"
    )

    # Sanity checks for the command-line arguments.
    parsed_args = parser.parse_args(args)

    asset_indicators = (parsed_args.hostname, parsed_args.ip_address,
                        parsed_args.mac_address, parsed_args.product_id)
    if sum([1 for i in asset_indicators if i is not None]) != 1:
        print("Error: specify exactly one asset indicator")
        return None

    s, e, r = parsed_args.start_time, parsed_args.end_time, parsed_args.ref_time
    if parsed_args.local_time:
        s = s.replace(tzinfo=None).astimezone(datetime.timezone.utc)
        e = e.replace(tzinfo=None).astimezone(datetime.timezone.utc)
        r = r.replace(tzinfo=None).astimezone(datetime.timezone.utc)
    if s > datetime.datetime.utcnow().astimezone(datetime.timezone.utc):
        print("Error: start time should not be in the future")
        return None
    if r > datetime.datetime.utcnow().astimezone(datetime.timezone.utc):
        print("Error: reference time should not be in the future")
        return None
    if s >= e:
        print(
            "Error: start time should not be same as or later than the end time"
        )
        return None

    ps = parsed_args.page_size or 0
    if ps < 0 or ps > 10000:
        print(
            "Error: page size valid range is 0-10,000 (0 = default = maximum)")
        return None

    return parsed_args