def search(
state,
format,
begin,
end,
advanced_query,
use_checkpoint,
saved_search,
or_query,
include_all,
**kwargs,
):
"""Search for file events."""
output_header = ext.try_get_default_header(include_all,
SEARCH_DEFAULT_HEADER, format)
formatter = FileEventsOutputFormatter(format, output_header)
cursor = (_get_file_event_cursor_store(state.profile.name)
if use_checkpoint else None)
handlers = ext.create_handlers(
state.sdk,
FileEventExtractor,
cursor,
use_checkpoint,
formatter=formatter,
force_pager=include_all,
)
_call_extractor(state, handlers, begin, end, or_query, advanced_query,
saved_search, **kwargs)
handle_no_events(not handlers.TOTAL_EVENTS and not errors.ERRORED)
def test_init_sets_format_func_to_cef_function_when_cef_format_option_is_passed(
self, mock_to_cef):
formatter = FileEventsOutputFormatter(FileEventsOutputFormat.CEF)
for _ in formatter.get_formatted_output(["TEST"]):
pass
mock_to_cef.assert_called_once_with("TEST")
def test_init_sets_format_func_to_table_function_when_no_format_option_is_passed(
self, mock_to_table):
formatter = FileEventsOutputFormatter(None)
for _ in formatter.get_formatted_output("TEST"):
pass
mock_to_table.assert_called_once_with("TEST", None)
def test_init_sets_format_func_to_dynamic_csv_function_when_csv_option_is_passed(
self, mock_to_csv):
formatter = FileEventsOutputFormatter(FileEventsOutputFormat.CSV)
for _ in formatter.get_formatted_output("TEST"):
pass
mock_to_csv.assert_called_once_with("TEST")