} } Raises: requests.exceptions.HTTPError: HTTP request resulted in an error (response.status_code >= 400). """ url = f"{CHRONICLE_API_BASE_URL}/v1/ioc/listiocs" s = datetime_converter.strftime(start_time) params = {"start_time": s, "page_size": page_size} response = http_session.request("GET", url, params=params) if response.status_code >= 400: print(response.text) response.raise_for_status() return response.json() if __name__ == "__main__": cli = initialize_command_line_args() if not cli: sys.exit(1) # A sanity check failed. start, size = cli.start_time, cli.page_size if cli.local_time: start = start.replace(tzinfo=None) CHRONICLE_API_BASE_URL = regions.url(CHRONICLE_API_BASE_URL, cli.region) session = chronicle_auth.initialize_http_session(cli.credentials_file) print(json.dumps(list_iocs(session, start, size), indent=2))
# "ruleExecution": { # "ruleId": "ru_<UUID>", # "versionId": "ru_<UUID>@v_<seconds>_<nanoseconds>", # "windowEndTime": "yyyy-mm-ddThh:mm:ssZ", # "windowStartTime": "yyyy-mm-ddThh:mm:ssZ" # }, # "text": "<error message>" # } if response.status_code >= 400: print(response.text) response.raise_for_status() return response.json() if __name__ == "__main__": parser = argparse.ArgumentParser() chronicle_auth.add_argument_credentials_file(parser) regions.add_argument_region(parser) parser.add_argument("-ei", "--error_id", type=str, required=True, help="error ID (for Detect errors: 'ed_<UUID>')") args = parser.parse_args() CHRONICLE_API_BASE_URL = regions.url(CHRONICLE_API_BASE_URL, args.region) session = chronicle_auth.initialize_http_session(args.credentials_file) error = get_error(session, args.error_id) print(json.dumps(error, indent=2))
"entries": entries, } response = http_session.request("POST", url, json=body) response.raise_for_status() if __name__ == "__main__": parser = argparse.ArgumentParser() chronicle_auth.add_argument_credentials_file(parser) regions.add_argument_region(parser) parser.add_argument("--log_type", type=str, required=True, help="log type") parser.add_argument("--customer_id", type=str, required=True, help="the customer UUID") parser.add_argument( "--logs_file", type=argparse.FileType("r"), required=True, help="path to a file (or \"-\" for STDIN) containing logs, one log per " "line, whose format varies by log type, and whose total size must not " "exceed 1MB events") args = parser.parse_args() INGESTION_API_BASE_URL = regions.url(INGESTION_API_BASE_URL, args.region) session = chronicle_auth.initialize_http_session( args.credentials_file, scopes=AUTHORIZATION_SCOPES) create_logs(session, args.log_type, args.customer_id, args.logs_file.read())