def get_query(self, search_id):
"""Get the saved search in form of a query(`py42.sdk.queries.fileevents.file_event_query`).
Args:
search_id (str): Unique search Id of the saved search.
Returns:
:class:`py42.sdk.queries.fileevents.file_event_query.FileEventQuery`
"""
response = self.get_by_id(search_id)
search = response[u"searches"][0]
return FileEventQuery.from_dict(search)
def test_file_event_query_from_dict_gives_correct_json_representation():
group = {
"filterClause": "AND",
"filters": [{"operator": "IS", "term": "testterm", "value": "testval"}],
}
group_str = '{"filterClause":"AND", "filters":[{"operator":"IS", "term":"testterm", "value":"testval"}]}'
file_event_query_dict = {"groupClause": "AND", "groups": [group]}
file_event_query = FileEventQuery.from_dict(file_event_query_dict)
json_query_str = JSON_QUERY_BASE.format(
"AND", group_str, 1, 10000, "asc", "eventId"
)
assert str(file_event_query) == json_query_str
def get_query(self, search_id, page_number=None, page_size=None):
"""Get the saved search in form of a query(`py42.sdk.queries.fileevents.file_event_query`).
Args:
search_id (str): Unique search Id of the saved search.
page_number (int, optional): The consecutive group of results of size page_size in the result set to return. Defaults to None.
page_size (int, optional): The maximum number of results to be returned. Defaults to None.
Returns:
:class:`py42.sdk.queries.fileevents.file_event_query.FileEventQuery`
"""
response = self.get_by_id(search_id)
search = response[u"searches"][0]
return FileEventQuery.from_dict(
search, page_number=page_number, page_size=page_size
)
def test_saved_search_calls_extractor_extract_and_saved_search_execute(
runner, cli_state, file_event_extractor):
search_query = {
"groupClause":
"AND",
"groups": [
{
"filterClause":
"AND",
"filters": [{
"operator": "ON_OR_AFTER",
"term": "eventTimestamp",
"value": "2020-05-01T00:00:00.000Z",
}],
},
{
"filterClause":
"OR",
"filters": [
{
"operator": "IS",
"term": "eventType",
"value": "DELETED"
},
{
"operator": "IS",
"term": "eventType",
"value": "EMAILED"
},
{
"operator": "IS",
"term": "eventType",
"value": "MODIFIED"
},
{
"operator": "IS",
"term": "eventType",
"value": "READ_BY_AP"
},
{
"operator": "IS",
"term": "eventType",
"value": "CREATED"
},
],
},
],
"pgNum":
1,
"pgSize":
10000,
"srtDir":
"asc",
"srtKey":
"eventId",
}
query = FileEventQuery.from_dict(search_query)
cli_state.sdk.securitydata.savedsearches.get_query.return_value = query
runner.invoke(cli,
["security-data", "search", "--saved-search", "test_id"],
obj=cli_state)
assert file_event_extractor.extract.call_count == 1
assert str(file_event_extractor.extract.call_args[0][0]) in str(query)
assert str(file_event_extractor.extract.call_args[0][1]) in str(query)