From b53bb57da42c052e5d77db03b95275a8c3a134dc Mon Sep 17 00:00:00 2001 From: Micah Pegman Date: Fri, 15 Mar 2024 17:37:19 +0000 Subject: [PATCH 1/2] update to queries v2 Signed-off-by: Micah Pegman --- taegis_magic/commands/alerts.py | 36 ++++--------------------- taegis_magic/commands/events.py | 32 ++-------------------- taegis_magic/commands/investigations.py | 30 ++++----------------- 3 files changed, 12 insertions(+), 86 deletions(-) diff --git a/taegis_magic/commands/alerts.py b/taegis_magic/commands/alerts.py index e2b534f..eb8710b 100644 --- a/taegis_magic/commands/alerts.py +++ b/taegis_magic/commands/alerts.py @@ -1,4 +1,5 @@ """Taegis Magic alerts commands.""" + import logging from dataclasses import asdict, dataclass, field from pprint import pprint @@ -138,37 +139,7 @@ def query_identifier(self) -> Optional[str]: if not self.raw_results: return None - if self._query_id: - return self._query_id - - if not self.query: - raise ValueError("No query found to generate query id") - - query_name = "Taegis Query Magic" if self.is_saved else "alert" - data = { - "query": None, - "name": query_name, - "description": self.query, - "query_source": "alert", - "metadata": [ - {"id": "start"}, - {"id": "dateOption", "value": "custom"}, - {"id": "timeDescription"}, - {"id": "searchTerms"}, - {"id": "isSaved", "value": str(self.is_saved).lower()}, - {"id": "isRedql", "value": "true"}, - {"id": "isAlerts2", "value": "true"}, - ], - } - service = get_service(environment=self.region, tenant_id=self.tenant_id) - query_id = create_query(service, data).get("id") - - if not query_id: - log.error("No query id returned from Query API") - - self._query_id = query_id - - return self._query_id + return self.raw_results[0].query_id @property def shareable_url(self) -> str: @@ -313,6 +284,9 @@ def search( cql_query=cell, offset=0, limit=limit, + metadata={ + "callerName": "Taegis Magic", + }, ), ) diff --git a/taegis_magic/commands/events.py b/taegis_magic/commands/events.py index 833b5b3..e43da4e 100644 --- a/taegis_magic/commands/events.py +++ b/taegis_magic/commands/events.py @@ -1,4 +1,5 @@ """Taegis Magic events commands.""" + import inspect import logging from dataclasses import asdict, dataclass, field @@ -145,36 +146,7 @@ def query_identifier(self) -> str: if not self.raw_results: return None - if self._query_id: - return self._query_id - - if not self.query: - raise ValueError("No query found to generate query id") - - query_name = query if self.is_saved else "cql" - data = { - "query": None, - "name": query_name, - "description": self.query, - "query_source": "cql", - "metadata": [ - {"id": "start"}, - {"id": "dateOption", "value": "custom"}, - {"id": "timeDescription"}, - {"id": "searchTerms"}, - {"id": "isSaved", "value": str(self.is_saved).lower()}, - {"id": "isRedql", "value": "true"}, - ], - } - service = get_service(environment=self.region, tenant_id=self.tenant_id) - query_id = create_query(service, data).get("id") - - if not query_id: - raise ValueError("No query id returned from Query API") - - self._query_id = query_id - - return self._query_id + return self.raw_results[0].query_id @property def shareable_url(self) -> str: diff --git a/taegis_magic/commands/investigations.py b/taegis_magic/commands/investigations.py index c939e57..d15db7f 100644 --- a/taegis_magic/commands/investigations.py +++ b/taegis_magic/commands/investigations.py @@ -1,4 +1,5 @@ """Taegis Magic investigations commands.""" + import inspect import logging import re @@ -417,31 +418,10 @@ def create( # verify and save valid search queries if not dry_run: - valid_search_queries = [] - for search_query in search_queries or []: - query = get_query(service, search_query) - if query.get("error"): - log.error(f"Error finding search query: {search_query}") - continue - - if query.get("id"): - query_update = { - "name": query.get("description", f"{title} Query"), - "metadata": query.get("metadata", {}), - } - for metadata in query_update.get("metadata", []): - if metadata.get("id", "") == "isSaved": - metadata["value"] == "true" - - query = update_query(service, search_query, query_update) - if query.get("error"): - log.error( - f"Error saving search query::{search_query}::{query.get('error')}" - ) - continue - - valid_search_queries.append(search_query) - search_queries = valid_search_queries or None + if search_queries: + queries = service.queries.query.ql_queries(rns=search_queries) + + search_queries = [query.rn for query in queries.queries] create_investigation_input = CreateInvestigationInput( alerts=alerts, From fbe5ebf776aaca86b94b6ca7355055aa69772007 Mon Sep 17 00:00:00 2001 From: Micah Pegman Date: Fri, 29 Mar 2024 15:40:22 +0000 Subject: [PATCH 2/2] update to release schema Signed-off-by: Micah Pegman --- taegis_magic/_version.py | 5 ++-- taegis_magic/commands/alerts.py | 36 ++++++++++++++++++++++++- taegis_magic/commands/events.py | 35 +++++++++++++++++++++++- taegis_magic/commands/investigations.py | 5 +++- 4 files changed, 76 insertions(+), 5 deletions(-) diff --git a/taegis_magic/_version.py b/taegis_magic/_version.py index 42224cf..85525e5 100644 --- a/taegis_magic/_version.py +++ b/taegis_magic/_version.py @@ -1,2 +1,3 @@ -"""Version idenitier.""" -__version__ = "2023.9.15" +"""Version identifier.""" + +__version__ = "2024.03.29" diff --git a/taegis_magic/commands/alerts.py b/taegis_magic/commands/alerts.py index eb8710b..e0741ee 100644 --- a/taegis_magic/commands/alerts.py +++ b/taegis_magic/commands/alerts.py @@ -139,7 +139,41 @@ def query_identifier(self) -> Optional[str]: if not self.raw_results: return None - return self.raw_results[0].query_id + if self._query_id: + return self._query_id + + if self.raw_results[0].query_id: + self._query_id = self.raw_results[0].query_id + return self._query_id + + if not self.query: + raise ValueError("No query found to generate query id") + + query_name = "Taegis Query Magic" if self.is_saved else "alert" + data = { + "query": None, + "name": query_name, + "description": self.query, + "query_source": "alert", + "metadata": [ + {"id": "start"}, + {"id": "dateOption", "value": "custom"}, + {"id": "timeDescription"}, + {"id": "searchTerms"}, + {"id": "isSaved", "value": str(self.is_saved).lower()}, + {"id": "isRedql", "value": "true"}, + {"id": "isAlerts2", "value": "true"}, + ], + } + service = get_service(environment=self.region, tenant_id=self.tenant_id) + query_id = create_query(service, data).get("id") + + if not query_id: + log.error("No query id returned from Query API") + + self._query_id = query_id + + return self._query_id @property def shareable_url(self) -> str: diff --git a/taegis_magic/commands/events.py b/taegis_magic/commands/events.py index e43da4e..e458c9e 100644 --- a/taegis_magic/commands/events.py +++ b/taegis_magic/commands/events.py @@ -146,7 +146,40 @@ def query_identifier(self) -> str: if not self.raw_results: return None - return self.raw_results[0].query_id + if self._query_id: + return self._query_id + + if self.raw_results[0].query_id: + self._query_id = self.raw_results[0].query_id + return self._query_id + + if not self.query: + raise None + + query_name = self.query if self.is_saved else "cql" + data = { + "query": None, + "name": query_name, + "description": self.query, + "query_source": "cql", + "metadata": [ + {"id": "start"}, + {"id": "dateOption", "value": "custom"}, + {"id": "timeDescription"}, + {"id": "searchTerms"}, + {"id": "isSaved", "value": str(self.is_saved).lower()}, + {"id": "isRedql", "value": "true"}, + ], + } + service = get_service(environment=self.region, tenant_id=self.tenant_id) + query_id = create_query(service, data).get("id") + + if not query_id: + raise ValueError("No query id returned from Query API") + + self._query_id = query_id + + return self._query_id @property def shareable_url(self) -> str: diff --git a/taegis_magic/commands/investigations.py b/taegis_magic/commands/investigations.py index d15db7f..cc6450f 100644 --- a/taegis_magic/commands/investigations.py +++ b/taegis_magic/commands/investigations.py @@ -51,6 +51,7 @@ DeleteInvestigationFileInput, InitInvestigationFileUploadInput, ) +from taegis_sdk_python.services.queries.types import QLQueriesInput from taegis_sdk_python.services.sharelinks.types import ShareLinkCreateInput from typing_extensions import Annotated @@ -419,7 +420,9 @@ def create( # verify and save valid search queries if not dry_run: if search_queries: - queries = service.queries.query.ql_queries(rns=search_queries) + queries = service.queries.query.ql_queries( + QLQueriesInput(rns=search_queries) + ) search_queries = [query.rn for query in queries.queries]