Shared Query Filters
- class py42.sdk.queries.query_filter.FilterGroup(filter_list, filter_clause='AND')
Bases:
object
Class for constructing a logical sub-group of related filters from a list of
QueryFilter
objects. Takes a list ofQueryFilter
objects and combines them logically using the passed in filter clause (AND
orOR
).When
str()
is called on aFilterGroup
instance, the combined filter items are transformed into a JSON string to be used as part of a Forensic Search or Alert query.When
dict()
is called on aFilterGroup
instance, the combined filter items are transformed into the Python dict equivalent of their JSON representation. This can be useful for programmatically manipulating aFilterGroup
after it’s been created.- property filter_clause
The clause joining the filters, such as
AND
orOR
.
- property filter_list
The list of
QueryFilter
objects in this group.
- classmethod from_dict(_dict)
Creates an instance of
FilterGroup
from the values found in_dict
._dict
must contain keysfilters
andfilterClause
.- Parameters
_dict (dict) – A dictionary containing keys
term
,operator
, andvalue
.- Returns
- class py42.sdk.queries.query_filter.QueryFilter(term, operator, value=None)
Bases:
object
Class for constructing a single filter object for use in a search query.
When
str()
is called on aQueryFilter
instance, the (term
,operator
,value
) attribute combination is transformed into a JSON string to be used as part of a Forensic Search or Alert query.When
dict()
is called on aQueryFilter
instance, the (term
,operator
,value
) attribute combination is transformed into the Python dict equivalent of their JSON representation. This can be useful for programmatically manipulating aQueryFilter
after it’s been created.- classmethod from_dict(_dict)
Creates an instance of
QueryFilter
from the values found in_dict
._dict
must contain keysterm
,operator
, andvalue
.- Parameters
_dict (dict) – A dictionary containing keys
term
,operator
, andvalue
.- Returns
- property operator
The operator between
term
andvalue
, such asIS
or IS_NOT.
- property term
The term of the filter, such as
actor
orsharedWith
.
- property value
The value used to filter results.
- class py42.sdk.queries.query_filter.QueryFilterBooleanField
Bases:
object
Helper class for creating filters where the search value is a boolean.
- classmethod is_false()
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is False.- Returns
- classmethod is_true()
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is True.- Returns
- class py42.sdk.queries.query_filter.QueryFilterStringField
Bases:
object
Helper class for creating filters where the search value is a string.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.query_filter.QueryFilterTimestampField
Bases:
object
Helper class for creating filters where the search value is a timestamp.
- classmethod in_range(start_value, end_value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is in range between the providedstart_value
andend_value
.- Parameters
start_value (str or int or float or datetime) – The start value used to filter results.
end_value (str or int or float or datetime) – The end value used to filter results.
- Returns
- classmethod on_or_after(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term` is on or after the provided ``value
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod on_or_before(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is on or before the providedvalue
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod on_same_day(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is within the same calendar day as the providedvalue
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- py42.sdk.queries.query_filter.create_eq_filter_group(term, value)
“Creates a
FilterGroup
for filtering results where the value with keyterm
equals the given value. Useful for creatingIS
filters that are not yet supported in py42 or programmatically crafting filter groups.- Parameters
term – (str): The term of the filter, such as
actor
orsharedWith
.value (str) – The value used to match on.
- Returns
- py42.sdk.queries.query_filter.create_filter_group(query_filter_list, filter_clause)
Creates a
FilterGroup
object. Useful for programmatically crafting query filters, such as filters not yet defined in py42. Alternatively, if you want to create custom filter groups with already defined operators (such as IS or IS_IN), see the other methods in this module, such ascreate_eq_filter_group()
.- Parameters
query_filter_list (list) – a list of
QueryFilter
objects.filter_clause (str) – The clause joining the filters, such as
AND
orOR
.
- Returns
- py42.sdk.queries.query_filter.create_in_range_filter_group(term, start_value, end_value)
“Creates a
FilterGroup
for filtering results where the value with keyterm
is in the given range. Examples include values describing dates. Useful for creating a combination ofON_OR_AFTER
andON_OR_BEFORE
filters that are not yet supported in py42 or programmatically crafting filter groups.- Parameters
term – (str): The term of the filter, such as
eventTimestamp
.start_value (str or int) – The start value used to filter results.
end_value (str or int) – The end value used to filter results.
- Returns
- py42.sdk.queries.query_filter.create_is_in_filter_group(term, value_list)
“Creates a
FilterGroup
for filtering results where the value with keyterm
is one of several values. Useful for creatingIS_IN
filters that are not yet supported in py42 or programmatically crafting filter groups.- Parameters
term – (str): The term of the filter, such as
actor
orsharedWith
.value_list (list) – The list of values to match on.
- Returns
- py42.sdk.queries.query_filter.create_not_eq_filter_group(term, value)
“Creates a
FilterGroup
for filtering results where the value with keyterm
does not equal the given value. Useful for creatingIS_NOT
filters that are not yet supported in py42 or programmatically crafting filter groups.- Parameters
term – (str): The term of the filter, such as
actor
orsharedWith
.value (str) – The value used to exclude on.
- Returns
- py42.sdk.queries.query_filter.create_not_in_filter_group(term, value_list)
“Creates a
FilterGroup
for filtering results where the value with keyterm
is not one of several values. Useful for creatingNOT_IN
filters that are not yet supported in py42 or programmatically crafting filter groups.- Parameters
term – (str): The term of the filter, such as
actor
orsharedWith
.value_list (list) – The list of values to exclude on.
- Returns
- py42.sdk.queries.query_filter.create_on_or_after_filter_group(term, value)
“Creates a
FilterGroup
for filtering results where the value with keyterm
is on or after the given value. Examples include values describing dates. Useful for creatingON_OR_AFTER
filters that are not yet supported in py42 or programmatically crafting filter groups.- Parameters
term – (str): The term of the filter, such as
eventTimestamp
.value (str or int) – The value used to filter results.
- Returns
- py42.sdk.queries.query_filter.create_on_or_before_filter_group(term, value)
“Creates a
FilterGroup
for filtering results where the value with keyterm
is on or before the given value. Examples include values describing dates. Useful for creatingON_OR_BEFORE
filters that are not yet supported in py42 or programmatically crafting filter groups.- Parameters
term – (str): The term of the filter, such as
eventTimestamp
.value (str or int) – The value used to filter results.
- Returns
- py42.sdk.queries.query_filter.create_query_filter(term, operator, value=None)
Creates a
QueryFilter
object. Useful for programmatically crafting query filters, such as filters not yet defined in py42.- Parameters
term (str) – The term of the filter, such as
actor
orsharedWith
.operator (str) – The operator between
term
andvalue
, such asIS
or IS_NOT.value (str) – The value used to filter results.
- Returns
- py42.sdk.queries.query_filter.create_within_the_last_filter_group(term, value)
Returns a
FilterGroup
that is useful for finding results where the keyterm
is anEventTimestamp._term
and the value is one of the EventTimestamp attributes as value.- Parameters
value (str) – EventTimestamp attribute.
- Returns