File Event Queries - V2
For details on using the new file event data model, see the V2 File Events User Guide.
- class py42.sdk.queries.fileevents.v2.file_event_query.FileEventQuery(*args, **kwargs)
Bases:
py42.sdk.queries.BaseQuery
Helper class for building V2 Code42 Forensic Search queries.
A FileEventQuery instance’s
all()
andany()
take one or moreFilterGroup
objects to construct a query that can be passed to theFileEventService.search()
method.all()
returns results that match all of the provided filter criteria,any()
will return results that match any of the filters.For convenience, the
FileEventQuery
constructor does the same asall()
.Usage example:
email_filter = EmailSender.is_in(["test.user@example.com", "test.sender@example.com"]) exposure_filter = ExposureType.exists() query = FileEventQuery.all(email_filter, exposure_filter)
Saved Searches
Important
Make sure to set the optional argument use_v2=True on saved search functions to get V2 file event data and queries.
- class py42.services.savedsearch.SavedSearchService(connection, file_event_service)
Bases:
py42.services.BaseService
A service to interact with saved search APIs.
- execute(search_id, page_number=None, page_size=None, use_v2=False)
Executes a saved search for given search Id, returns up to the first 10,000 events.
- Parameters
search_id (str) – Unique search Id of the saved search.
page_number (int, optional) – The consecutive group of results of size page_size in the result set to return. Defaults to None.
page_size (int, optional) – The maximum number of results to be returned. Defaults to None.
use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.
- Returns
- get(use_v2=False)
Fetch details of existing saved searches.
The existing data model for file events and saved searches is deprecated. To use the updated data model for file events, update your settings. Retrieving saved searches with V2 settings enabled will convert existing saved search queries to the V2 data model. Existing V1 queries that cannot be properly converted will be excluded from the response.
- Parameters
use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.
- Returns
- get_by_id(search_id, use_v2=False)
Fetch the details of a saved search by its given search Id.
The existing data model for file events and saved searches is deprecated. To use the updated data model for file events, update your settings. Retrieving saved searches with V2 settings enabled will convert existing saved search queries to the V2 data model. Existing V1 queries that cannot be properly converted will be excluded from the response.
- Parameters
search_id (str) – Unique search Id of the saved search.
use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.
- Returns
- get_query(search_id, page_number=None, page_size=None, use_v2=False)
Get the saved search in form of a query(py42.sdk.queries.fileevents.file_event_query).
- Parameters
search_id (str) – Unique search Id of the saved search.
page_number (int, optional) – The consecutive group of results of size page_size in the result set to return. Defaults to None.
page_size (int, optional) – The maximum number of results to be returned. Defaults to None.
use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.
- Returns
py42.sdk.queries.fileevents.v2.file_event_query.FileEventQuery
- search_file_events(search_id, page_number=None, page_size=None, use_v2=False)
Alias method for
execute()
. Executes a saved search for given search Id, returns up to the first 10,000 events.- To view more than the first 10,000 events:
pass the
search_id
toget_query()
pass the resulting query (
FileEventQuery
) tosearch_all_file_events()
, use that method as normal.
- Parameters
search_id (str) – Unique search Id of the saved search.
page_number (int, optional) – The consecutive group of results of size page_size in the result set to return. Defaults to None.
page_size (int, optional) – The maximum number of results to be returned. Defaults to None.
use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.
- Returns
Filter Classes
The following classes construct filters for file event queries. Each filter class corresponds to a file event detail.
Call the appropriate class method on your desired filter class with the value
you want to match and it will return a
FilterGroup
object that can be passed to FileEventQuery
’s all()
or any()
methods to create complex queries
that match multiple filter rules.
Example:
To search for events observed for certain set of documents, you can use the file.Name
and file.MD5
filter classes to
construct FilterGroup
s that will search for matching filenames or (in case someone renamed the sensitive file) the
known MD5 hashes of the files:
from py42.sdk.queries.fileevents.v2 import *
filename_filter = File.Name.is_in(['confidential_plans.docx', 'confidential_plan_projections.xlsx'])
md5_filter = File.MD5.is_in(['133765f4fff5e3038b9352a4d14e1532', 'ea16f0cbfc76f6eba292871f8a8c794b'])
See Executing Searches for more on building search queries.
Destination Filters
- class py42.sdk.queries.fileevents.v2.filters.destination.Category
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
,py42.choices.Choices
V2 filter class that filters events based on the category of the file event destination.
- Available options are provided as class attributes:
destination.category.CLOUD_STORAGE
destination.category.DEVICE
destination.category.EMAIL
destination.category.MESSAGING
destination.category.MULTIPLE_POSSIBILITIES
destination.category.SOCIAL_MEDIA
destination.category.SOURCE_CODE_REPOSITORY
destination.category.UNCATEGORIZED
destination.category.UNKNOWN
destination.category.BUSINESS_INTELLIGENCE_TOOLS
destination.category.CIVIL_SERVICES
destination.category.CLOUD_COMPUTING
destination.category.CODING_TOOLS
destination.category.CONTRACT_MANAGEMENT
destination.category.CRM_TOOLS
destination.category.DESIGN_TOOLS
destination.category.E_COMMERCE
destination.category.FILE_CONVERSION_TOOLS
destination.category.FINANCIAL_SERVICES
destination.category.HEALTHCARE_AND_INSURANCE
destination.category.HR_TOOLS
destination.category.IMAGE_HOSTING
destination.category.IT_SERVICES
destination.category.JOB_LISTINGS
destination.category.LEARNING_PLATFORMS
destination.category.MARKETING_TOOLS
destination.category.PDF_MANAGER
destination.category.PHOTO_PRINTING
destination.category.PRODUCTIVITY_TOOLS
destination.category.PROFESSIONAL_SERVICES
destination.category.REAL_ESTATE
destination.category.SALES_TOOLS
destination.category.SEARCH_ENGINE
destination.category.SHIPPING
destination.category.SOFTWARE
destination.category.TRAVEL
destination.category.WEB_HOSTING
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.EmailRecipients
Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
V2 filter class that filters events based on the email’s recipient list (applies to email events only).
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.EmailSubject
Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
V2 filter class that filters events based on the email’s subject (applies to email events only).
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.IpAddress
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by public (WAN) IP address of the destination device.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.Name
Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
V2 filter class that filters events based on the destination name.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.OperatingSystem
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the operating system of the destination device.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.PrintJobName
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by print job name.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.PrintedFilesBackupPath
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the printed file backup path.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.PrinterName
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by printer name.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.PrivateIpAddress
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by private (LAN) IP address of the destination device.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.RemovableMediaBusType
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the bus type of the connected hardware as reported by the operating system (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.RemovableMediaCapacity
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the capacity of the connected hardware as reported by the operating system (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.RemovableMediaMediaName
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the name of the removable media (as reported by the vendor/device, usually very similar to RemovableMediaName) involved in the exposure (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.RemovableMediaName
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the name of the removable media involved in the exposure (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.RemovableMediaPartitionID
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the unique identifier assigned (by the operating system) to the removable media involved in the exposure (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.RemovableMediaSerialNumber
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the serial number of the connected hardware as reported by the operating system (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.RemovableMediaVendor
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the vendor of the removable media device involved in the exposure (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.RemovableMediaVolumeName
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the name of the formatted volume (as reported by the operating system) of the removable media device involved in the exposure (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.TabTitleErrors
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on destination tab title errors (for ‘browser or other app’ events).
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.TabTitles
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the name of all the browser tabs or application windows that were open when a browser or other app event occurred (applies to
read by browser or other app
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.TabUrlErrors
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on destination tab URL Errors (for ‘browser or other app’ events).
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.TabUrls
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on all the URLs of the browser tabs at the time the file contents were read by the browser (applies to
read by browser or other app
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.destination.UserEmail
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the signed in user email of the destination device.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
Event Filters
- class py42.sdk.queries.fileevents.v2.filters.event.Action
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
,py42.choices.Choices
V2 filter class that filters events based on event action.
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.event.Id
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by event ID.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.event.Inserted
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterTimestampField
V2 filter class that filters events based on the timestamp of when the event was actually added to the event store (which can be after the event occurred on the device itself).
value must be a POSIX timestamp. (see the Dates section of the Basics user guide for details on timestamp arguments in py42)
- classmethod in_range(start_value, end_value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is in range between the providedstart_value
andend_value
.- Parameters
start_value (str or int or float or datetime) – The start value used to filter results.
end_value (str or int or float or datetime) – The end value used to filter results.
- Returns
- classmethod on_or_after(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term` is on or after the provided ``value
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod on_or_before(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is on or before the providedvalue
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod on_same_day(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is within the same calendar day as the providedvalue
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod within_the_last(value)
Returns a
FilterGroup
that is useful for finding results where the keyself._term
is a timestamp-related term, such asEventTimestamp._term
, andvalue
is one of it’s accepted values, such as one of the values inEventTimestamp.choices()
.- Parameters
value (str) – The value used to filter file events.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.event.Observer
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
,py42.choices.Choices
V2 filter class that filters events by event observer.
- Available event observer types are provided as class attributes:
event.Observer.ENDPOINT
event.Observer.GOOGLE_DRIVE
event.Observer.ONE_DRIVE
event.Observer.BOX
event.Observer.GMAIL
event.Observer.OFFICE_365
- Example::
filter = Event.Observer.is_in([event.Observer.ENDPOINT, event.Observer.BOX])
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by share type.
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
Returns a
FilterGroup
to find events where filter data exists.- Returns
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
File Filters
- class py42.sdk.queries.fileevents.v2.filters.file.Category
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
,py42.choices.Choices
V2 filter class that filters events by category of the observed file.
- Available file categories are provided as class attributes:
file.Category.AUDIO
file.Category.DOCUMENT
file.Category.EXECUTABLE
file.Category.IMAGE
file.Category.PDF
file.Category.PRESENTATION
file.Category.SCRIPT
file.Category.SOURCE_CODE
file.Category.SPREADSHEET
file.Category.VIDEO
file.Category.VIRTUAL_DISK_IMAGE
file.Category.ZIP
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.CategoryByBytes
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters event by the category (by bytes) of the observed file
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.CategoryByExtension
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters event by the category (by bytes) of the observed file
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.Classification
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the classification of the observed file.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.CloudDriveId
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters event by the cloud drive ID of the observed file.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.Created
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterTimestampField
V2 filter class that filters events by the creation timestamp of the observed file.
- classmethod in_range(start_value, end_value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is in range between the providedstart_value
andend_value
.- Parameters
start_value (str or int or float or datetime) – The start value used to filter results.
end_value (str or int or float or datetime) – The end value used to filter results.
- Returns
- classmethod on_or_after(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term` is on or after the provided ``value
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod on_or_before(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is on or before the providedvalue
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod on_same_day(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is within the same calendar day as the providedvalue
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod within_the_last(value)
Returns a
FilterGroup
that is useful for finding results where the keyself._term
is a timestamp-related term, such asEventTimestamp._term
, andvalue
is one of it’s accepted values, such as one of the values inEventTimestamp.choices()
.- Parameters
value (str) – The value used to filter file events.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.Directory
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by directory of the observed file.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.DirectoryId
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the directory ID of the observed file.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.Id
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the ID of the observed file.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.MD5
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the MD5 hash of the observed file.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.MimeTypeByBytes
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters event by the mime type (by bytes) of the observed file
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.MimeTypeByExtension
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters event by the mime type (by extension) of the observed file
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.Modified
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterTimestampField
V2 filter class that filters events by the modification timestamp of the observed file.
- classmethod in_range(start_value, end_value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is in range between the providedstart_value
andend_value
.- Parameters
start_value (str or int or float or datetime) – The start value used to filter results.
end_value (str or int or float or datetime) – The end value used to filter results.
- Returns
- classmethod on_or_after(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term` is on or after the provided ``value
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod on_or_before(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is on or before the providedvalue
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod on_same_day(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is within the same calendar day as the providedvalue
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod within_the_last(value)
Returns a
FilterGroup
that is useful for finding results where the keyself._term
is a timestamp-related term, such asEventTimestamp._term
, andvalue
is one of it’s accepted values, such as one of the values inEventTimestamp.choices()
.- Parameters
value (str) – The value used to filter file events.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.Name
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the name of the observed file.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.Owner
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the owner of the observed file.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.SHA256
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by SHA256 hash of the observed file.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.Size
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterTimestampField
V2 filter class that filters events by size in bytes of the observed file.
Size
value
must be bytes.- classmethod in_range(start_value, end_value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is in range between the providedstart_value
andend_value
.- Parameters
start_value (str or int or float or datetime) – The start value used to filter results.
end_value (str or int or float or datetime) – The end value used to filter results.
- Returns
- classmethod on_or_after(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term` is on or after the provided ``value
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod on_or_before(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is on or before the providedvalue
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod on_same_day(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is within the same calendar day as the providedvalue
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod within_the_last(value)
Returns a
FilterGroup
that is useful for finding results where the keyself._term
is a timestamp-related term, such asEventTimestamp._term
, andvalue
is one of it’s accepted values, such as one of the values inEventTimestamp.choices()
.- Parameters
value (str) – The value used to filter file events.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.file.Url
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the URL of the observed file.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
Process Filters
- class py42.sdk.queries.fileevents.v2.filters.process.Executable
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the process name involved in the exposure (applies to
read by browser or other app
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.process.Owner
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the process owner that was involved in the exposure (applies to
read by browser or other app
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
Report Filters
- class py42.sdk.queries.fileevents.v2.filters.report.Count
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
,py42.sdk.queries.fileevents.util.FileEventFilterComparableField
V2 filter class that filters events by the record count of the report.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod greater_than(value)
Returns a
FilterGroup
to find events where filter data is greater than the provided value.- Parameters
value (str or int or float) – The value used to filter file events.
- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod less_than(value)
Returns a
FilterGroup
to find events where filter data is less than than the provided value.- Parameters
value (str or int or float) – The value used to filter file events.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.report.Description
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the description of the report.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.report.Headers
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the header(s) of the report.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.report.ID
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the ID of the report.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.report.Name
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the name of the report.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.report.Type
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the type of the report.
- Available options are provided as class attributes:
- attr
report.Type.AD_HOC
- attr
report.Type.SAVED
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
Risk Filters
- class py42.sdk.queries.fileevents.v2.filters.risk.Indicators
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the type of risk indicator.
- Available options are provided as class attributes:
risk.Indicators.FileCategories.AUDIO
risk.Indicators.FileCategories.DOCUMENT
risk.Indicators.FileCategories.EXECUTABLE
risk.Indicators.FileCategories.IMAGE
risk.Indicators.FileCategories.PDF
risk.Indicators.FileCategories.PRESENTATION
risk.Indicators.FileCategories.SCRIPT
risk.Indicators.FileCategories.SOURCE_CODE
risk.Indicators.FileCategories.SPREADSHEET
risk.Indicators.FileCategories.VIDEO
risk.Indicators.FileCategories.VIRTUAL_DISK_IMAGE
risk.Indicators.FileCategories.ZIP
risk.Indicators.UserBehavior.FILE_MISMATCH
risk.Indicators.UserBehavior.OFF_HOURS
risk.Indicators.UserBehavior.REMOTE
risk.Indicators.UserBehavior.FIRST_DESTINATION_USE
risk.Indicators.UserBehavior.RARE_DESTINATION_USE
risk.Indicators.UserBehavior.CONTRACT
risk.Indicators.UserBehavior.DEPARTING
risk.Indicators.UserBehavior.ELEVATED_ACCESS
risk.Indicators.UserBehavior.FLIGHT_RISK
risk.Indicators.UserBehavior.HIGH_IMPACT
risk.Indicators.UserBehavior.HIGH_RISK
risk.Indicators.UserBehavior.PERFORMANCE_CONCERNS
risk.Indicators.UserBehavior.POOR_SECURITY_PRACTICES
risk.Indicators.UserBehavior.SUSPICIOUS_SYSTEM_ACTIVITY
risk.Indicators.CloudStorageUploads.AMAZON_DRIVE
risk.Indicators.CloudStorageUploads.BAIDU_NET_DISK_UPLOAD
risk.Indicators.CloudStorageUploads.BOX
risk.Indicators.CloudStorageUploads.CRASHPLAN_UPLOAD
risk.Indicators.CloudStorageUploads.DRAKE_PORTALS_UPLOAD
risk.Indicators.CloudStorageUploads.DROPBOX
risk.Indicators.CloudStorageUploads.FILE_DOT_IO_UPLOAD
risk.Indicators.CloudStorageUploads.FILESTACK_UPLOAD
risk.Indicators.CloudStorageUploads.GOOGLE_DRIVE
risk.Indicators.CloudStorageUploads.OPEN_TEXT_HIGHTAIL_UPLOAD
risk.Indicators.CloudStorageUploads.ICLOUD
risk.Indicators.CloudStorageUploads.MEGA
risk.Indicators.CloudStorageUploads.ONEDRIVE
risk.Indicators.CloudStorageUploads.SECURE_FIRM_PORTAL_UPLOAD
risk.Indicators.CloudStorageUploads.SHAREFILE_UPLOAD
risk.Indicators.CloudStorageUploads.SMART_VAULT_UPLOAD
risk.Indicators.CloudStorageUploads.SUGAR_SYNC_UPLOAD
risk.Indicators.CloudStorageUploads.WE_TRANSFER_UPLOAD
risk.Indicators.CloudStorageUploads.ZOHO
risk.Indicators.EmailServiceUploads.ONESIXTHREE_DOT_COM
risk.Indicators.EmailServiceUploads.ONETWOSIX_DOT_COM
risk.Indicators.EmailServiceUploads.AOL
risk.Indicators.EmailServiceUploads.COMCAST
risk.Indicators.EmailServiceUploads.FASTMAIL_UPLOAD
risk.Indicators.EmailServiceUploads.GMAIL
risk.Indicators.EmailServiceUploads.GMX_UPLOAD
risk.Indicators.EmailServiceUploads.ICLOUD
risk.Indicators.EmailServiceUploads.LYCOS_UPLOAD
risk.Indicators.EmailServiceUploads.MAIL_DOT_COM_UPLOAD
risk.Indicators.EmailServiceUploads.OUTLOOK
risk.Indicators.EmailServiceUploads.PROTONMAIL
risk.Indicators.EmailServiceUploads.QQMAIL
risk.Indicators.EmailServiceUploads.SINA_MAIL
risk.Indicators.EmailServiceUploads.SOHU_MAIL
risk.Indicators.EmailServiceUploads.TUTANOTA_UPLOAD
risk.Indicators.EmailServiceUploads.YAHOO
risk.Indicators.EmailServiceUploads.ZIX_UPLOAD
risk.Indicators.EmailServiceUploads.ZOHO_MAIL
risk.Indicators.ExternalDevices.AIRDROP
risk.Indicators.ExternalDevices.SALESFORCE_DOWNLOAD
risk.Indicators.ExternalDevices.REMOVABLE_MEDIA
Indicators.CloudDataExposures.PUBLIC_CORPORATE_BOX
Indicators.CloudDataExposures.PUBLIC_CORPORATE_GOOGLE_DRIVE
Indicators.CloudDataExposures.PUBLIC_CORPORATE_ONEDRIVE
Indicators.CloudDataExposures.SENT_CORPORATE_GMAIL
Indicators.CloudDataExposures.SENT_CORPORATE_OFFICE365
Indicators.CloudDataExposures.SHARED_CORPORATE_BOX
Indicators.CloudDataExposures.SHARED_CORPORATE_GOOGLE_DRIVE
Indicators.CloudDataExposures.SHARED_CORPORATE_ONEDRIVE
risk.Indicators.FileConversionToolUploads.CLOUD_CONVERT_UPLOAD
risk.Indicators.FileConversionToolUploads.COMPRESS_JPEG_UPLOAD
risk.Indicators.FileConversionToolUploads.FREE_CONVERT_UPLOAD
risk.Indicators.FileConversionToolUploads.HEIC_TO_JPEG_UPLOAD
risk.Indicators.FileConversionToolUploads.TINY_PNG_UPLOAD
risk.Indicators.MessagingServiceUploads.DISCORD_UPLOAD
risk.Indicators.MessagingServiceUploads.FACEBOOK_MESSENGER
risk.Indicators.MessagingServiceUploads.GOOGLE_MESSAGES_UPLOAD
risk.Indicators.MessagingServiceUploads.GOOGLE_CHAT_UPLOAD
risk.Indicators.MessagingServiceUploads.GOOGLE_HANGOUTS_UPLOAD
risk.Indicators.MessagingServiceUploads.MICROSOFT_TEAMS
risk.Indicators.MessagingServiceUploads.SLACK
risk.Indicators.MessagingServiceUploads.TELEGRAM_UPLOAD
risk.Indicators.MessagingServiceUploads.WEBEX_UPLOAD
risk.Indicators.MessagingServiceUploads.WE_CHAT_UPLOAD
risk.Indicators.MessagingServiceUploads.WHATSAPP
risk.Indicators.MessagingServiceUploads.ZOOM_UPLOAD
risk.Indicators.Other.OTHER_DESTINATION
risk.Indicators.Other.UNKNOWN_DESTINATION
risk.Indicators.PdfManagerUploads.ADOBE_ACROBAT_UPLOAD
risk.Indicators.PdfManagerUploads.COMBINE_PDF_UPLOAD
risk.Indicators.PdfManagerUploads.FREE_PDF_CONVERT_UPLOAD
risk.Indicators.PdfManagerUploads.I_LOVE_PDF_UPLOAD
risk.Indicators.PdfManagerUploads.JPG2_PDF_UPLOAD
risk.Indicators.PdfManagerUploads.PDF24_TOOLS_UPLOAD
risk.Indicators.PdfManagerUploads.PDF_ESCAPE_UPLOAD
risk.Indicators.PdfManagerUploads.PDF_FILLER_UPLOAD
risk.Indicators.PdfManagerUploads.PDF_SIMPLI_UPLOAD
risk.Indicators.PdfManagerUploads.SEJDA_UPLOAD
risk.Indicators.PdfManagerUploads.SMALL_PDF_UPLOAD
risk.Indicators.PdfManagerUploads.SODA_PDF_UPLOAD
risk.Indicators.ProductivityToolUploads.ADOBE_UPLOAD
risk.Indicators.ProductivityToolUploads.CANVA_UPLOAD
risk.Indicators.ProductivityToolUploads.EVERNOTE_UPLOAD
risk.Indicators.ProductivityToolUploads.FIGMA_UPLOAD
risk.Indicators.ProductivityToolUploads.GOOGLE_KEEP_UPLOAD
risk.Indicators.ProductivityToolUploads.GOOGLE_JAMBOARD_UPLOAD
risk.Indicators.ProductivityToolUploads.IMAGE_COLOR_PICKER_UPLOAD
risk.Indicators.ProductivityToolUploads.KAPWING_UPLOAD
risk.Indicators.ProductivityToolUploads.MIRO_UPLOAD
risk.Indicators.ProductivityToolUploads.MONDAY_UPLOAD
risk.Indicators.ProductivityToolUploads.MURAL_UPLOAD
risk.Indicators.ProductivityToolUploads.NOTION_UPLOAD
risk.Indicators.ProductivityToolUploads.OVERLEAF_UPLOAD
risk.Indicators.ProductivityToolUploads.PHOTOPEA_UPLOAD
risk.Indicators.ProductivityToolUploads.PIXLR_UPLOAD
risk.Indicators.ProductivityToolUploads.REMOVE_DOT_BG_UPLOAD
risk.Indicators.ProductivityToolUploads.TRELLO_UPLOAD
risk.Indicators.ProductivityToolUploads.VEED_UPLOAD
risk.Indicators.SocialMediaUploads.FOUR_CHAN_UPLOAD
risk.Indicators.SocialMediaUploads.FACEBOOK
risk.Indicators.SocialMediaUploads.IMGUR_UPLOAD
risk.Indicators.SocialMediaUploads.LINKEDIN
risk.Indicators.SocialMediaUploads.ODNOKLASSNIKI_UPLOAD
risk.Indicators.SocialMediaUploads.OK_UPLOAD
risk.Indicators.SocialMediaUploads.QZONE_UPLOAD
risk.Indicators.SocialMediaUploads.REDDIT
risk.Indicators.SocialMediaUploads.STACK_OVERFLOW_UPLOAD
risk.Indicators.SocialMediaUploads.TUMBLR_UPLOAD
risk.Indicators.SocialMediaUploads.TWITCH_UPLOAD
risk.Indicators.SocialMediaUploads.TWITTER
risk.Indicators.SocialMediaUploads.VIMEO_UPLOAD
risk.Indicators.SocialMediaUploads.VK_UPLOAD
risk.Indicators.SocialMediaUploads.WEIBO_UPLOAD
risk.Indicators.SocialMediaUploads.YOU_TUBE_UPLOAD
risk.Indicators.CodeRepositoryUploads.BITBUCKET_UPLOAD
risk.Indicators.CodeRepositoryUploads.COLABORATORY_UPLOAD
risk.Indicators.CodeRepositoryUploads.GITHUB
risk.Indicators.CodeRepositoryUploads.GITLAB
risk.Indicators.CodeRepositoryUploads.GOOGLE_APPS_SCRIPT_UPLOAD
risk.Indicators.CodeRepositoryUploads.GOOGLE_CLOUD_SHELL_UPLOAD
risk.Indicators.CodeRepositoryUploads.SOURCE_FORGE
risk.Indicators.CodeRepositoryUploads.STASH
risk.Indicators.WebHostingUploads.GIT_HUB_PAGES_UPLOAD
risk.Indicators.WebHostingUploads.GOOGLE_SITES_UPLOAD
risk.Indicators.WebHostingUploads.WIX_UPLOAD
risk.Indicators.WebHostingUploads.WORD_PRESS_UPLOAD
- class CloudDataExposures
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- class CloudStorageUploads
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- class CodeRepositoryUploads
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- class EmailServiceUploads
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- class ExternalDevices
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- class FileCategories
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- class FileConversionToolUploads
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- class MessagingServiceUploads
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- class Other
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- class PdfManagerUploads
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- class ProductivityToolUploads
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- class SocialMediaUploads
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- class UserBehavior
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- class WebHostingUploads
Bases:
py42.choices.Choices
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.risk.IndicatorsWeight
Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
,py42.sdk.queries.fileevents.util.FileEventFilterComparableField
V2 filter class that filters events by the risk indicator weight.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod greater_than(value)
Returns a
FilterGroup
to find events where filter data is greater than the provided value.- Parameters
value (str or int or float) – The value used to filter file events.
- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod less_than(value)
Returns a
FilterGroup
to find events where filter data is less than than the provided value.- Parameters
value (str or int or float) – The value used to filter file events.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.risk.Score
Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
,py42.sdk.queries.fileevents.util.FileEventFilterComparableField
V2 filter class that filters events by risk score.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod greater_than(value)
Returns a
FilterGroup
to find events where filter data is greater than the provided value.- Parameters
value (str or int or float) – The value used to filter file events.
- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod less_than(value)
Returns a
FilterGroup
to find events where filter data is less than than the provided value.- Parameters
value (str or int or float) – The value used to filter file events.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.risk.Severity
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
,py42.choices.Choices
V2 filter class that filters events by risk severity.
- Available options are provided as class attributes:
risk.Severity.LOW
risk.Severity.MODERATE
risk.Severity.HIGH
risk.Severity.CRITICAL
risk.Severity.NO_RISK_INDICATED
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.risk.TrustReason
Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
,py42.choices.Choices
V2 filter class that filters events based on the trust reason for the activity.
- Available options are provided as class attributes:
- attr
risk.TrustReason.TRUSTED_DOMAIN_BROWSER_URL
- attr
risk.TrustReason.TRUSTED_BROWSER_URL_PATH
- attr
risk.TrustReason.TRUSTED_DOMAIN_BROWSER_TAB_TITLE
- attr
risk.TrustReason.TRUSTED_BROWSER_TAB_INFOS
- attr
risk.TrustReason.TRUSTED_DOMAIN_EMAIL_RECIPIENT
- attr
risk.TrustReason.TRUSTED_DOMAIN_CLOUD_SYNC_USERNAME
- attr
risk.TrustReason.TRUSTED_SLACK_WORKSPACE
- attr
risk.TrustReason.EVENT_PAIRING_SERVICE_MATCH
- attr
risk.TrustReason.EVENT_PAIRING_SERVICE_ENDPOINT_MATCH
- attr
risk.TrustReason.DOWNLOAD_TO_A_MANAGED_DEVICE
- attr
risk.TrustReason.SHARED_WITH_TRUSTED_USERS
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.risk.Trusted
Bases:
py42.sdk.queries.query_filter.QueryFilterBooleanField
V2 filter class that filters events based on whether activity can be trusted.
- classmethod is_false()
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is False.- Returns
- classmethod is_true()
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is True.- Returns
Source Filters
- class py42.sdk.queries.fileevents.v2.filters.source.Category
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
,py42.choices.Choices
V2 filter class that filters events based on source category.
- Available options are provided as class attributes:
source.Category.BUSINESS_TOOLS
source.Category.CLOUD_STORAGE
source.Category.DEVICE
source.Category.EMAIL
source.Category.MESSAGING
source.Category.MULTIPLE_POSSIBILITIES
source.Category.SOCIAL_MEDIA
source.Category.SOURCE_CODE_REPOSITORY
source.Category.UNCATEGORIZED
source.Category.UNKNOWN
source.category.BUSINESS_INTELLIGENCE_TOOLS
source.category.CIVIL_SERVICES
source.category.CLOUD_COMPUTING
source.category.CODING_TOOLS
source.category.CONTRACT_MANAGEMENT
source.category.CRM_TOOLS
source.category.DESIGN_TOOLS
source.category.E_COMMERCE
source.category.FILE_CONVERSION_TOOLS
source.category.FINANCIAL_SERVICES
source.category.HEALTHCARE_AND_INSURANCE
source.category.HR_TOOLS
source.category.IMAGE_HOSTING
source.category.IT_SERVICES
source.category.JOB_LISTINGS
source.category.LEARNING_PLATFORMS
source.category.MARKETING_TOOLS
source.category.PDF_MANAGER
source.category.PHOTO_PRINTING
source.category.PRODUCTIVITY_TOOLS
source.category.PROFESSIONAL_SERVICES
source.category.REAL_ESTATE
source.category.SALES_TOOLS
source.category.SEARCH_ENGINE
source.category.SHIPPING
source.category.SOFTWARE
source.category.TRAVEL
source.category.WEB_HOSTING
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.Domain
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the domain of the source device.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.EmailFrom
Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
V2 filter class that filters events based on the display name of the email’s sender, as it appears in the “From:” field in the email (applies to email events only).
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.EmailSender
Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
V2 filter class that filters events based on the email’s sender (applies to email events only).
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.IpAddress
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by public (WAN) IP address of the source device.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.Name
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on source name.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.OperatingSystem
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the operating system of the source device.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.PrivateIpAddress
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by private (LAN) IP address of the source device.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaBusType
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the bus type of the connected hardware as reported by the operating system (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaCapacity
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the capacity of the connected hardware as reported by the operating system (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaMediaName
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the name of the removable media (as reported by the vendor/device, usually very similar to RemovableMediaName) involved in the exposure (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaName
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the name of the removable media involved in the exposure (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaPartitionID
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the unique identifier assigned (by the operating system) to the removable media involved in the exposure (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaSerialNumber
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the serial number of the connected hardware as reported by the operating system (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaVendor
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the vendor of the removable media device involved in the exposure (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaVolumeName
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on the name of the formatted volume (as reported by the operating system) of the removable media device involved in the exposure (applies to
removable media
events only).- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.TabTitleErrors
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on source tab title errors (for ‘browser or other app’ events).
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.TabTitles
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on source tab titles (for ‘browser or other app’ events).
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.TabUrlErrors
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on source tab URL Errors (for ‘browser or other app’ events).
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.source.TabUrls
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events based on source tab URLs (for ‘browser or other app’ events).
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
Timestamp Filters
- class py42.sdk.queries.fileevents.v2.filters.timestamp.Timestamp
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterTimestampField
,py42.choices.Choices
V2 filter class that filters events based on the timestamp of the event that occurred.
Available event timestamp constants are provided as class attributes, These constants should be used only with class method within_the_last:
timestamp.Timestamp.FIFTEEN_MINUTES
timestamp.Timestamp.ONE_HOUR
timestamp.Timestamp.THREE_HOURS
timestamp.Timestamp.TWELVE_HOURS
timestamp.Timestamp.ONE_DAY
timestamp.Timestamp.THREE_DAYS
timestamp.Timestamp.SEVEN_DAYS
timestamp.Timestamp.FOURTEEN_DAYS
timestamp.Timestamp.THIRTY_DAYS
- Example::
filter = timestamp.Timestamp.within_the_last(EventTimestamp.SEVEN_DAYS)
- classmethod choices()
Returns attribute values for the given class.
- Returns
A list containing the attribute values of the given class.
- Return type
(list)
- classmethod in_range(start_value, end_value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is in range between the providedstart_value
andend_value
.- Parameters
start_value (str or int or float or datetime) – The start value used to filter results.
end_value (str or int or float or datetime) – The end value used to filter results.
- Returns
- classmethod on_or_after(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term` is on or after the provided ``value
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod on_or_before(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is on or before the providedvalue
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod on_same_day(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is within the same calendar day as the providedvalue
.- Parameters
value (str or int or float or datetime) – The value used to filter results.
- Returns
- classmethod within_the_last(value)
Returns a
FilterGroup
that is useful for finding results where the keyself._term
is a timestamp-related term, such asEventTimestamp._term
, andvalue
is one of it’s accepted values, such as one of the values inEventTimestamp.choices()
.- Parameters
value (str) – The value used to filter file events.
- Returns
User Filters
- class py42.sdk.queries.fileevents.v2.filters.user.DeviceUid
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the device UID of the actor.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.user.Email
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the Code42 user email of the actor.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns
- class py42.sdk.queries.fileevents.v2.filters.user.Id
Bases:
py42.sdk.queries.fileevents.util.FileEventFilterStringField
V2 filter class that filters events by the Code42 user ID of the actor.
- classmethod eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.- Parameters
value (str) – The value to match on.
- Returns
- classmethod exists()
Returns a
FilterGroup
to find events where filter data exists.- Returns
- classmethod is_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match on.
- Returns
- classmethod not_eq(value)
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.- Parameters
value (str) – The value to exclude on.
- Returns
- classmethod not_exists()
Returns a
FilterGroup
to find events where filter data does not exist.- Returns
- classmethod not_in(value_list)
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude on.
- Returns