def test_search_all_file_events_handles_escaped_quote_chars_in_token( self, connection, preservation_data_service, saved_search_service, storage_service_factory, ): file_event_service = FileEventService(connection) security_client = SecurityDataClient( file_event_service, preservation_data_service, saved_search_service, storage_service_factory, ) escaped_token = r"1234_\"abcde\"" security_client.search_all_file_events(FileEventQuery.all(), escaped_token) expected = { "groupClause": "AND", "groups": [], "srtDir": "asc", "srtKey": "eventId", "pgToken": escaped_token, "pgSize": 10000, } connection.post.assert_called_once_with(FILE_EVENT_URI, json=expected)
def test_search_all_file_events_calls_search_with_expected_params_when_pg_token_is_passed( self, connection, preservation_data_service, saved_search_service, storage_service_factory, ): file_event_service = FileEventService(connection) successful_response = { "totalCount": None, "fileEvents": None, "nextPgToken": "pqr", "problems": None, } connection.post.return_value = successful_response security_client = SecurityDataClient( file_event_service, preservation_data_service, saved_search_service, storage_service_factory, ) query = FileEventQuery.all() response = security_client.search_all_file_events(query, "abc") expected = { "groupClause": "AND", "groups": [], "srtDir": "asc", "srtKey": "eventId", "pgToken": "abc", "pgSize": 10000, } connection.post.assert_called_once_with(FILE_EVENT_URI, json=expected) assert response is successful_response
def test_search_file_events(self, connection): start_date = datetime.utcnow() - timedelta(1) end_date = datetime.utcnow() start_timestamp = convert_datetime_to_epoch(start_date) end_timestamp = convert_datetime_to_epoch(end_date) date_query = EventTimestamp.in_range(start_timestamp, end_timestamp) query = FileEventQuery.all(date_query) response = connection.securitydata.search_file_events(query) assert_successful_response(response)
def test_search_all_file_events_when_token_is_none_succeeds( self, connection, preservation_data_service, saved_search_service, storage_service_factory, ): file_event_service = FileEventService(connection) security_client = SecurityDataClient( file_event_service, preservation_data_service, saved_search_service, storage_service_factory, ) security_client.search_all_file_events(FileEventQuery.all(), page_token=None)
def my_command(state, username): # get user devices user = state.sdk.users.get_by_username(username) devices = state.sdk.devices.get_all(user_uid=user["users"][0]["userUid"]) devices_df = pd.json_normalize( next(devices)["computers"])[["name", "active", "guid", "alertStates"]] # get recent file events query = FileEventQuery.all( DeviceUsername.eq(username), EventTimestamp.within_the_last(EventTimestamp.THREE_DAYS), ) search_results = state.sdk.securitydata.search_file_events(query) events_df = pd.json_normalize(search_results["fileEvents"])[[ "eventType", "eventTimestamp", "fileName", "fileSize", "fileCategory" ]] # print results click.echo_via_pager("Devices:\n{}\n\nEvents:\n{}".format( devices_df.to_string(index=False), events_df.to_string(index=False)))
def _search_by_hash(self, checksum, checksum_type): query = FileEventQuery.all(checksum_type.eq(checksum)) query.sort_key = u"eventTimestamp" query.sort_direction = u"desc" response = self.search_file_events(query) return response
def _search_by_hash(self, hash, type): query = FileEventQuery.all(type.eq(hash)) response = self.search_file_events(query) return response
def to_all_query(self): """Convert list of search criteria to *args""" query = FileEventQuery.all(*self._filters) if self._pg_size: query.page_size = self._pg_size return query