def search(
state,
format,
begin,
end,
advanced_query,
use_checkpoint,
saved_search,
or_query,
include_all,
**kwargs,
):
"""Search for file events."""
output_header = ext.try_get_default_header(include_all,
SEARCH_DEFAULT_HEADER, format)
formatter = FileEventsOutputFormatter(format, output_header)
cursor = (_get_file_event_cursor_store(state.profile.name)
if use_checkpoint else None)
handlers = ext.create_handlers(
state.sdk,
FileEventExtractor,
cursor,
use_checkpoint,
formatter=formatter,
force_pager=include_all,
)
_call_extractor(state, handlers, begin, end, or_query, advanced_query,
saved_search, **kwargs)
handle_no_events(not handlers.TOTAL_EVENTS and not errors.ERRORED)
def search(
cli_state,
format,
begin,
end,
advanced_query,
use_checkpoint,
or_query,
include_all,
**kwargs,
):
"""Search for alerts."""
output_header = ext.try_get_default_header(include_all,
_get_default_output_header(),
format)
formatter = OutputFormatter(format, output_header)
cursor = _get_alert_cursor_store(
cli_state.profile.name) if use_checkpoint else None
handlers = ext.create_handlers(
cli_state.sdk,
AlertExtractor,
cursor,
use_checkpoint,
formatter=formatter,
force_pager=include_all,
)
_call_extractor(cli_state, handlers, begin, end, or_query, advanced_query,
**kwargs)
handle_no_events(not handlers.TOTAL_EVENTS and not errors.ERRORED)
def send_to(state, format, hostname, protocol, begin, end, advanced_query,
use_checkpoint, saved_search, or_query, **kwargs):
"""Send events to the given server address."""
logger = get_logger_for_server(hostname, protocol, format)
cursor = (_get_file_event_cursor_store(state.profile.name)
if use_checkpoint else None)
handlers = ext.create_send_to_handlers(state.sdk, FileEventExtractor,
cursor, use_checkpoint, logger)
_call_extractor(state, handlers, begin, end, or_query, advanced_query,
saved_search, **kwargs)
handle_no_events(not handlers.TOTAL_EVENTS and not errors.ERRORED)
def send_to(cli_state, begin, end, advanced_query, use_checkpoint, or_query,
**kwargs):
"""Send alerts to the given server address.
HOSTNAME format: address:port where port is optional and defaults to 514.
"""
cursor = _get_cursor(cli_state, use_checkpoint)
handlers = ext.create_send_to_handlers(
cli_state.sdk,
AlertExtractor,
cursor,
use_checkpoint,
cli_state.logger,
)
_call_extractor(cli_state, handlers, begin, end, or_query, advanced_query,
**kwargs)
handle_no_events(not handlers.TOTAL_EVENTS and not errors.ERRORED)
def _extract(state, handlers, begin, end, or_query, advanced_query,
saved_search, **kwargs):
_call_extractor(state, handlers, begin, end, or_query, advanced_query,
saved_search, **kwargs)
handle_no_events(not handlers.TOTAL_EVENTS and not errors.ERRORED)