update to release schema

Signed-off-by: Micah Pegman <[email protected]>

taegis_magic/_version.py

@@ -1,2 +1,3 @@
-"""Version idenitier."""
-__version__ = "2023.9.15"
+"""Version identifier."""
+
+__version__ = "2024.03.29"

taegis_magic/commands/alerts.py

@@ -139,7 +139,41 @@ def query_identifier(self) -> Optional[str]:
         if not self.raw_results:
             return None
 
-        return self.raw_results[0].query_id
+        if self._query_id:
+            return self._query_id
+
+        if self.raw_results[0].query_id:
+            self._query_id = self.raw_results[0].query_id
+            return self._query_id
+
+        if not self.query:
+            raise ValueError("No query found to generate query id")
+
+        query_name = "Taegis Query Magic" if self.is_saved else "alert"
+        data = {
+            "query": None,
+            "name": query_name,
+            "description": self.query,
+            "query_source": "alert",
+            "metadata": [
+                {"id": "start"},
+                {"id": "dateOption", "value": "custom"},
+                {"id": "timeDescription"},
+                {"id": "searchTerms"},
+                {"id": "isSaved", "value": str(self.is_saved).lower()},
+                {"id": "isRedql", "value": "true"},
+                {"id": "isAlerts2", "value": "true"},
+            ],
+        }
+        service = get_service(environment=self.region, tenant_id=self.tenant_id)
+        query_id = create_query(service, data).get("id")
+
+        if not query_id:
+            log.error("No query id returned from Query API")
+
+        self._query_id = query_id
+
+        return self._query_id
 
     @property
     def shareable_url(self) -> str:

taegis_magic/commands/events.py

@@ -146,7 +146,40 @@ def query_identifier(self) -> str:
         if not self.raw_results:
             return None
 
-        return self.raw_results[0].query_id
+        if self._query_id:
+            return self._query_id
+
+        if self.raw_results[0].query_id:
+            self._query_id = self.raw_results[0].query_id
+            return self._query_id
+
+        if not self.query:
+            raise None
+
+        query_name = self.query if self.is_saved else "cql"
+        data = {
+            "query": None,
+            "name": query_name,
+            "description": self.query,
+            "query_source": "cql",
+            "metadata": [
+                {"id": "start"},
+                {"id": "dateOption", "value": "custom"},
+                {"id": "timeDescription"},
+                {"id": "searchTerms"},
+                {"id": "isSaved", "value": str(self.is_saved).lower()},
+                {"id": "isRedql", "value": "true"},
+            ],
+        }
+        service = get_service(environment=self.region, tenant_id=self.tenant_id)
+        query_id = create_query(service, data).get("id")
+
+        if not query_id:
+            raise ValueError("No query id returned from Query API")
+
+        self._query_id = query_id
+
+        return self._query_id
 
     @property
     def shareable_url(self) -> str:

taegis_magic/commands/investigations.py

@@ -51,6 +51,7 @@
     DeleteInvestigationFileInput,
     InitInvestigationFileUploadInput,
 )
+from taegis_sdk_python.services.queries.types import QLQueriesInput
 from taegis_sdk_python.services.sharelinks.types import ShareLinkCreateInput
 from typing_extensions import Annotated
 
@@ -419,7 +420,9 @@ def create(
     # verify and save valid search queries
     if not dry_run:
         if search_queries:
-            queries = service.queries.query.ql_queries(rns=search_queries)
+            queries = service.queries.query.ql_queries(
+                QLQueriesInput(rns=search_queries)
+            )
 
         search_queries = [query.rn for query in queries.queries]