return {
"timestamp": "Timestamp",
"type$": "Type",
"actorName": "ActorName",
"actorIpAddress": "ActorIpAddress",
"userName": "******",
"userId": "AffectedUserUID",
}
begin_option = opt.begin_option(
AUDIT_LOGS_KEYWORD,
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg),
)
end_option = opt.end_option(
AUDIT_LOGS_KEYWORD,
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg),
)
filter_option_usernames = click.option(
"--actor-username",
required=False,
help="Filter results by actor usernames.",
multiple=True,
)
filter_option_user_ids = click.option(
"--actor-user-id",
required=False,
help="Filter results by actor user IDs.",
multiple=True,
)
filter_option_user_ip_addresses = click.option(
"--actor-ip",
return query
saved_search_option = click.option(
"--saved-search",
help="Get events from a saved search filter with the given ID.",
callback=_get_saved_search_query,
cls=incompatible_with("advanced_query"),
)
begin_option = opt.begin_option(
SECURITY_DATA_KEYWORD,
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(
limit_date_range(arg, max_days_back=90)),
)
end_option = opt.end_option(SECURITY_DATA_KEYWORD)
checkpoint_option = opt.checkpoint_option(
SECURITY_DATA_KEYWORD,
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible)
advanced_query_option = searchopt.advanced_query_option(SECURITY_DATA_KEYWORD)
def search_options(f):
f = checkpoint_option(f)
f = advanced_query_option(f)
f = end_option(f)
f = begin_option(f)
return f
def file_event_options(f):
from code42cli.cmds.search.options import server_options
from code42cli.date_helper import convert_datetime_to_timestamp
from code42cli.date_helper import limit_date_range
from code42cli.file_readers import read_csv_arg
from code42cli.options import format_option
from code42cli.output_formats import JsonOutputFormat
from code42cli.output_formats import OutputFormat
from code42cli.output_formats import OutputFormatter
ALERTS_KEYWORD = "alerts"
begin = opt.begin_option(
ALERTS_KEYWORD,
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(
limit_date_range(arg, max_days_back=90)),
)
end = opt.end_option(ALERTS_KEYWORD)
checkpoint = opt.checkpoint_option(ALERTS_KEYWORD)
advanced_query = searchopt.advanced_query_option(ALERTS_KEYWORD)
severity_option = click.option(
"--severity",
multiple=True,
type=click.Choice(Severity.choices()),
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,
callback=searchopt.is_in_filter(f.Severity),
help="Filter alerts by severity. Defaults to returning all severities.",
)
filter_state_option = click.option(
"--state",
multiple=True,
type=click.Choice(AlertState.choices()),
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,