def main(): import sys import os sys.path.append(os.path.realpath('../modules')) from arielapiclient import APIClient import json # Creates an instance of APIClient, which contain all API methods. api_client = APIClient() # Calls GET /databases in the Ariel API # Response body contains a JSON object of searchable databases. response = api_client.get_databases() # Each response contains an HTTP response code. # - Response codes in the 200 range indicate that your request succeeded. # - Response codes in the 400 range indicate that your request failed due # to incorrect input. # - Response codes in the 500 range indicate that there was an error on # the server side. print(response.code) # When a JSON object is requested, the Body of the object is decoded into a # JSON object. response_json = (json.loads(response.read().decode('utf-8'))) # Prints the contents of the JSON object. print(response_json)
def main(): import sys, os sys.path.append(os.path.realpath('../modules')) from arielapiclient import APIClient import json # Creates an instance of APIClient, which contain all API methods. api_client = APIClient() # Calls GET /databases in the Ariel API # Response body contains a JSON object of searchable databases. print("Making GET request to /ariel/databases.\n") response = api_client.get_databases() # Each response contains an HTTP response code. # Response codes in the 200 range indicate that your request succeeded. # Response codes in the 400 range indicate that your request failed due to # incorrect input. # Response codes in the 500 range indicate that there was an error on the # server side. print("This is the response code of your request: " + str(response.code)) # When a JSON oject is requested, the Body of the object is decoded into a # JSON object. print("\nThe response body is printed below: \n") response_json = (json.loads(response.read().decode('utf-8'))) # Prints the contents of the JSON object. print(response_json)
def main(): import sys, os sys.path.append(os.path.realpath('../modules')) import json from arielapiclient import APIClient # Creates an instance of APIClient, which contains all the API methods. api_client = APIClient() # The AQL expression that will be sent for the search. # It is faulty. query_expression = "SELECT foobar from events" # If no search_id is provided, one will be generated. # A method is called by using the query parameters above. This will # call POST /searches on the Ariel API. (See the ArielAPIClient for more # detail). # This method returns a response object created by urllib.request library. print("Making POST request to /ariel/searches.") response = api_client.create_search(query_expression, '2') # Each response contains an HTTP response code. # Response codes in the 200 range indicate that your request succeeded. # Response codes in the 400 range indicate that your request failed due to # incorrect input. # Response codes in the 500 range indicate that there was an error on the # server side. print("\nResponse code for this request is: " + str(response.code)) # A response object is returned. It informs if the request is # successful or not successful. A searchID that is # necessary when retrieving the results of the search is returned. # The search is asynchronous. The response will not be the result of # the search. # The two lines below parse the body of the response (a JSON object) # into a dictionary so that you can discern information, such as the # searchID. print("\nThe response body is printed below: \n") response_json = json.loads(response.read().decode('utf-8')) print(json.dumps(response_json, indent=2, separators=(',', ':')))
def main(): import sys import os sys.path.append(os.path.realpath('../modules')) import json from arielapiclient import APIClient # Creates an instance of APIClient, which contains all the API methods. api_client = APIClient() # The AQL expression that will be sent for the search. # It is faulty. query_expression = "SELECT foobar from events" # If no search_id is provided, one will be generated. # A method is called by using the query parameters above. This will # call POST /searches on the Ariel API. (See the ArielAPIClient for more # detail). # This method returns a response object created by urllib.request library. response = api_client.create_search(query_expression, '2') # Each response contains an HTTP response code. # - Response codes in the 200 range indicate that your request succeeded. # - Response codes in the 400 range indicate that your request failed due # to incorrect input. # - Response codes in the 500 range indicate that there was an error on # the server side. print(response.code) # A response object is returned. It informs if the request is # successful or not successful. A searchID that is # necessary when retrieving the results of the search is returned. # The search is asynchronous. The response will not be the result of # the search. # The two lines below parse the body of the response (a JSON object) # into a dictionary so that you can discern information, such as the # searchID. response_json = json.loads(response.read().decode('utf-8')) print(json.dumps(response_json, indent=2, separators=(',', ':')))
def main(): import sys import os sys.path.append(os.path.realpath('../modules')) import json from arielapiclient import APIClient # Creates instance of APIClient. It contains all of the API methods. api_client = APIClient() # This is the AQL expression to send for the search. query_expression = "SELECT sourceIP from events" # Use the query parameters above to call a method. This will call # POST /searches on the Ariel API. (look at arielapiclient for more # detail). A response object is returned. It contains # successful or not successful search information. # The search_id corresponding to this search is contained in # the JSON object. response = api_client.create_search(query_expression, '2') # Each response contains an HTTP response code. # - Response codes in the 200 range indicate that your request succeeded. # - Response codes in the 400 range indicate that your request failed due # to incorrect input. # - Response codes in the 500 range indicate that there was an error on # the server side. print(response.code) # The search is asynchronous, so the response will not be the results of # the search. # The 2 lines below parse the body of the response (a JSON object) # into a dictionary, so we can discern information, such as the search_id. response_json = json.loads(response.read().decode('utf-8')) # Prints the contents of the dictionary. print(response_json) # Retrieves the search_id of the query from the dictionary. search_id = response_json['search_id'] # This block of code calls GET /searches/{search_id} on the Ariel API # to determine if the search is complete. This block of code will repeat # until the status of the search is 'COMPLETE' or there is an error. response = api_client.get_search(search_id) error = False while (response_json['status'] != 'COMPLETED') and not error: if (response_json['status'] == 'EXECUTE') | \ (response_json['status'] == 'SORTING') | \ (response_json['status'] == 'WAIT'): response = api_client.get_search(search_id) response_json = json.loads(response.read().decode('utf-8')) else: print(response_json['status']) error = True # After the search is complete, call the GET /searches/{search_id} to # obtain the result of the search. # Depending on whether the "application/json" or "application/csv" # method is given, return search results will be in JSON form or CSV form. response = api_client.get_search_results(search_id, 'application/json', '1', '11') body = response.read().decode('utf-8') body_json = json.loads(body) # This is for pretty printing the JSON object. print(json.dumps(body_json, indent=2, separators=(',', ':'))) # This is the same call as before, but asks for a CSV object in return. response = api_client.get_search_results(search_id, "application/csv") print("\n" + response.read().decode('utf-8')) # This method calls POST /searches/{search_id}. It saves the result of a # search to a disk. query_params = {"saveResults": "true"} response = api_client.update_search(search_id, query_params)
def main(): import sys import os sys.path.append(os.path.realpath('../modules')) import json from arielapiclient import APIClient # Creates instance of APIClient. It contains all of the API methods. api_client = APIClient() # This is the AQL expression to send for the search. query_expression = "SELECT sourceIP from events" # Use the query parameters above to call a method. This will call # POST /searches on the Ariel API. (look at arielapiclient for more # detail). A response object is returned. It contains # successful or not successful search information. # The search_id corresponding to this search is contained in # the JSON object. response = api_client.create_search(query_expression) # Each response contains an HTTP response code. # - Response codes in the 200 range indicate that your request succeeded. # - Response codes in the 400 range indicate that your request failed due # to incorrect input. # - Response codes in the 500 range indicate that there was an error on # the server side. print(response.code) # The search is asynchronous, so the response will not be the results of # the search. # The 2 lines below parse the body of the response (a JSON object) # into a dictionary, so we can discern information, such as the search_id. response_json = json.loads(response.read().decode('utf-8')) # Prints the contents of the dictionary. print(response_json) # Retrieves the search_id of the query from the dictionary. search_id = response_json['search_id'] # This block of code calls GET /searches/{search_id} on the Ariel API # to determine if the search is complete. This block of code will repeat # until the status of the search is 'COMPLETE' or there is an error. response = api_client.get_search(search_id) error = False while (response_json['status'] != 'COMPLETED') and not error: if (response_json['status'] == 'EXECUTE') | \ (response_json['status'] == 'SORTING') | \ (response_json['status'] == 'WAIT'): response = api_client.get_search(search_id) response_json = json.loads(response.read().decode('utf-8')) else: print(response_json['status']) error = True # After the search is complete, call the GET /searches/{search_id} to # obtain the result of the search. # Depending on whether the "application/json" or "application/csv" # method is given, return search results will be in JSON form or CSV form. response = api_client.get_search_results( search_id, 'application/json', '1', '11') body = response.read().decode('utf-8') body_json = json.loads(body) # This is for pretty printing the JSON object. print(json.dumps(body_json, indent=2, separators=(',', ':'))) # This is the same call as before, but asks for a CSV object in return. response = api_client.get_search_results(search_id, "application/csv") print("\n" + response.read().decode('utf-8')) # This method calls POST /searches/{search_id}. It saves the result of a # search to a disk. query_params = {"saveResults": "true"} response = api_client.update_search(search_id, query_params)
def evento_interesse(): api_client = APIClient() # This is the AQL expression to send for the search. query_expression = """SELECT domainid,LOGSOURCENAME(logsourceid) as "Log Source",\ SUM(eventcount) as "Event Count (SUM)", MIN(magnitude) as "Magnitude (MIN)",\ MIN(severity) as "Severity (MIN)" FROM events WHERE domainid=1 and severity > 6 and magnitude > 5 GROUP BY\ domainid ORDER BY "Event Count (SUM)" DESC LAST 1 DAYS""" # Use the query parameters above to call a method. This will call # POST /searches on the Ariel API. (look at arielapiclient for more # detail). A response object is returned. It contains # successful or not successful search information. # The search_id corresponding to this search is contained in # the JSON object. response = api_client.create_search(query_expression) # Each response contains an HTTP response code. # - Response codes in the 200 range indicate that your request succeeded. # - Response codes in the 400 range indicate that your request failed due # to incorrect input. # - Response codes in the 500 range indicate that there was an error on # the server side. #print(response.code) # The search is asynchronous, so the response will not be the results of # the search. # The 2 lines below parse the body of the response (a JSON object) # into a dictionary, so we can discern information, such as the search_id. response_json = json.loads(response.read().decode('utf-8')) # Prints the contents of the dictionary. #print(response_json) # Retrieves the search_id of the query from the dictionary. search_id = response_json['search_id'] #print("search id: "+search_id) # This block of code calls GET /searches/{search_id} on the Ariel API # to determine if the search is complete. This block of code will repeat # until the status of the search is 'COMPLETE' or there is an error. response = api_client.get_search(search_id) error = False while (response_json['status'] != 'COMPLETED') and not error: if (response_json['status'] == 'EXECUTE') | \ (response_json['status'] == 'SORTING') | \ (response_json['status'] == 'WAIT'): response = api_client.get_search(search_id) response_json = json.loads(response.read().decode('utf-8')) else: print(response_json['status']) error = True # After the search is complete, call the GET /searches/{search_id} to # obtain the result of the search. # Depending on whether the "application/json" or "application/csv" # method is given, return search results will be in JSON form or CSV form. response = api_client.get_search_results(search_id, 'application/json', '1', '11') body = response.read().decode('utf-8') body_json = json.loads(body) # This is for pretty printing the JSON object. #print(json.dumps(body_json, indent=2, separators=(',', ':'))) # This is the same call as before, but asks for a CSV object in return. response = api_client.get_search_results(search_id, "application/csv") evento_interesse_count = response.read().decode('utf-8').split( ',')[2].split(':')[1].replace('"', '') #print(evento_interesse_count) return float(evento_interesse_count)