def server_options(f):
hostname_arg = click.argument("hostname")
protocol_option = click.option(
"-p",
"--protocol",
type=click.Choice(ServerProtocol(), case_sensitive=False),
default=ServerProtocol.UDP,
help="Protocol used to send logs to server. "
"Use TCP-TLS for additional security. Defaults to UDP.",
)
certs_option = click.option(
"--certs",
type=str,
help="A CA certificates-chain file for the TCP-TLS protocol.",
)
ignore_cert_validation = click.option(
"--ignore-cert-validation",
help="Set to skip CA certificate validation. "
"Incompatible with the 'certs' option.",
is_flag=True,
default=None,
cls=incompatible_with(["certs"]),
)
f = hostname_arg(f)
f = protocol_option(f)
f = certs_option(f)
f = ignore_cert_validation(f)
return f
def _get_saved_search_option():
def _get_saved_search_query(ctx, param, arg):
if arg is None:
return
query = ctx.obj.sdk.securitydata.savedsearches.get_query(arg)
return query
return click.option(
"--saved-search",
help="Get events from a saved search filter with the given ID.",
callback=_get_saved_search_query,
cls=incompatible_with("advanced_query"),
)
def _get_device_info(sdk, device_guid):
return sdk.devices.get_by_guid(device_guid, include_backup_usage=True).data
active_option = click.option(
"--active",
is_flag=True,
help="Limits results to only active devices.",
default=None,
)
inactive_option = click.option(
"--inactive",
is_flag=True,
help="Limits results to only deactivated devices.",
cls=incompatible_with("active"),
)
org_uid_option = click.option(
"--org-uid",
required=False,
type=str,
default=None,
help="Limit devices to only those in the organization you specify. "
"Note that child organizations will be included.",
)
include_usernames_option = click.option(
"--include-usernames",
required=False,
type=bool,
default=False,
return callback
def not_contains_filter(filter_cls):
def callback(ctx, param, arg):
if arg:
for item in arg:
ctx.obj.search_filters.append(filter_cls.not_contains(item))
return arg
return callback
AdvancedQueryAndSavedSearchIncompatible = incompatible_with(
["advanced_query", "saved_search"]
)
class BeginOption(AdvancedQueryAndSavedSearchIncompatible):
"""click.Option subclass that enforces correct --begin option usage."""
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
def handle_parse_result(self, ctx, opts, args):
# if ctx.obj is None it means we're in autocomplete mode and don't want to validate
if (
ctx.obj is not None
and "saved_search" not in opts
and "advanced_query" not in opts
"Limits exposure events by process owner, as reported by the device’s operating system. "
"Applies only to `Printed` and `Browser or app read` events.",
)
tab_url_option = click.option(
"--tab-url",
multiple=True,
callback=searchopt.is_in_filter(f.TabURL),
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,
help=
"Limits events to be exposure events with one of the specified destination tab URLs.",
)
include_non_exposure_option = click.option(
"--include-non-exposure",
is_flag=True,
callback=searchopt.exists_filter(f.ExposureType),
cls=incompatible_with(["advanced_query", "type", "saved_search"]),
help="Get all events including non-exposure events.",
)
def _get_saved_search_query(ctx, param, arg):
if arg is None:
return
query = ctx.obj.sdk.securitydata.savedsearches.get_query(arg)
return query
saved_search_option = click.option(
"--saved-search",
help="Get events from a saved search filter with the given ID.",
callback=_get_saved_search_query,