File Event Queries - V1 (DEPRECATED)

Warning

Incydr functionality is deprecated. Use the resources at https://developer.code42.com/ instead.

class py42.sdk.queries.fileevents.file_event_query.FileEventQuery(*args, **kwargs)

Bases: BaseQuery

Helper class for building V1 Code42 Forensic Search queries.

A FileEventQuery instance’s all() and any() take one or more FilterGroup objects to construct a query that can be passed to the FileEventService.search() method. all() returns results that match all of the provided filter criteria, any() will return results that match any of the filters.

For convenience, the FileEventQuery constructor does the same as all().

Usage example:

email_filter = EmailSender.is_in(["test.user@example.com", "test.sender@example.com"])
exposure_filter = ExposureType.exists()
query = FileEventQuery.all(email_filter, exposure_filter)

Saved Searches

class py42.services.savedsearch.SavedSearchService(connection, file_event_service)

Bases: BaseService

A service to interact with saved search APIs.

execute(search_id, page_number=None, page_size=None, use_v2=False)

Executes a saved search for given search Id, returns up to the first 10,000 events.

Parameters:

• search_id (str) – Unique search Id of the saved search.

• page_number (int, optional) – The consecutive group of results of size page_size in the result set to return. Defaults to None.

• page_size (int, optional) – The maximum number of results to be returned. Defaults to None.

• use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.

Returns:

py42.response.Py42Response

get(use_v2=False)

Fetch details of existing saved searches.

The existing data model for file events and saved searches is deprecated. To use the updated data model for file events, update your settings. Retrieving saved searches with V2 settings enabled will convert existing saved search queries to the V2 data model. Existing V1 queries that cannot be properly converted will be excluded from the response.

Parameters:

use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.

Returns:

py42.response.Py42Response

get_by_id(search_id, use_v2=False)

Fetch the details of a saved search by its given search Id.

The existing data model for file events and saved searches is deprecated. To use the updated data model for file events, update your settings. Retrieving saved searches with V2 settings enabled will convert existing saved search queries to the V2 data model. Existing V1 queries that cannot be properly converted will be excluded from the response.

Parameters:

• search_id (str) – Unique search Id of the saved search.

• use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.

Returns:

py42.response.Py42Response

get_query(search_id, page_number=None, page_size=None, use_v2=False)

Get the saved search in form of a query(py42.sdk.queries.fileevents.file_event_query).

Parameters:

• search_id (str) – Unique search Id of the saved search.

• page_number (int, optional) – The consecutive group of results of size page_size in the result set to return. Defaults to None.

• page_size (int, optional) – The maximum number of results to be returned. Defaults to None.

• use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.

Returns:

py42.sdk.queries.fileevents.v2.file_event_query.FileEventQuery

search_file_events(search_id, page_number=None, page_size=None, use_v2=False)

Alias method for execute(). Executes a saved search for given search Id, returns up to the first 10,000 events.

To view more than the first 10,000 events:

• pass the search_id to get_query()

• pass the resulting query (FileEventQuery) to search_all_file_events(), use that method as normal.

Parameters:

• search_id (str) – Unique search Id of the saved search.

• page_number (int, optional) – The consecutive group of results of size page_size in the result set to return. Defaults to None.

• page_size (int, optional) – The maximum number of results to be returned. Defaults to None.

• use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.

Returns:

py42.response.Py42Response

Filter Classes

The following classes construct filters for file event queries. Each filter class corresponds to a file event detail. Call the appropriate classmethod on your desired filter class with the value you want to match and it will return a FilterGroup object that can be passed to FileEventQuery’s all() or any() methods to create complex queries that match multiple filter rules.

Example:

To search for events observed for certain set of documents, you can use the FileName and MD5 filter classes to construct FilterGroups that will search for matching filenames or (in case someone renamed the sensitive file) the known MD5 hashes of the files:

filename_filter = FileName.is_in(['confidential_plans.docx', 'confidential_plan_projections.xlsx'])
md5_filter = MD5.is_in(['133765f4fff5e3038b9352a4d14e1532', 'ea16f0cbfc76f6eba292871f8a8c794b'])

Event Filters

util.create_exists_filter_group()

Creates a FilterGroup to find events where filter data exists. Useful for creating EXISTS filters that are not yet supported in py42 or programmatically crafting filter groups.

Parameters:

term (str) – The term of the filter.

Returns:

FilterGroup

util.create_not_exists_filter_group()

Creates a FilterGroup to find events where filter data does not exist. Useful for creating DOES_NOT_EXIST filters that are not yet supported in py42 or programmatically crafting filter groups.

Parameters:

term (str) – The term of the filter.

Returns:

FilterGroup

util.create_greater_than_filter_group(value)

Creates a FilterGroup for matching file events where the value with key term is greater than the given value. Useful for creating GREATER_THAN filters that are not yet supported in py42 or programmatically crafting filter groups.

Parameters:

• term (str) – The term of the filter.

• value (str or int) – The value used to filter file events.

Returns:

FilterGroup

util.create_less_than_filter_group(value)

Creates a FilterGroup for matching file events where the value with key term is less than the given value. Useful for creating LESS_THAN filters that are not yet supported in py42 or programmatically crafting filter groups.

Parameters:

• term (str) – The term of the filter.

• value (str or int) – The value used to filter file events.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.event_filter.EventTimestamp

Bases: FileEventFilterTimestampField, Choices

V1 filter class that filters events based on the timestamp of the event that occurred.

Available event timestamp constants are provided as class attributes, These constants should be used only with class method within_the_last:

• EventTimestamp.FIFTEEN_MINUTES

• EventTimestamp.ONE_HOUR

• EventTimestamp.THREE_HOURS

• EventTimestamp.TWELVE_HOURS

• EventTimestamp.ONE_DAY

• EventTimestamp.THREE_DAYS

• EventTimestamp.SEVEN_DAYS

• EventTimestamp.FOURTEEN_DAYS

• EventTimestamp.THIRTY_DAYS

Example::

filter = EventTimestamp.within_the_last(EventTimestamp.SEVEN_DAYS)

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

classmethod in_range(start_value, end_value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is in range between the provided start_value and end_value.

Parameters:

• start_value (str or int or float or datetime) – The start value used to filter results.

• end_value (str or int or float or datetime) – The end value used to filter results.

Returns:

FilterGroup

classmethod on_or_after(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term` is on or after the provided ``value.

Parameters:

value (str or int or float or datetime) – The value used to filter results.

Returns:

FilterGroup

classmethod on_or_before(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is on or before the provided value.

Parameters:

value (str or int or float or datetime) – The value used to filter results.

Returns:

FilterGroup

classmethod on_same_day(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is within the same calendar day as the provided value.

Parameters:

value (str or int or float or datetime) – The value used to filter results.

Returns:

FilterGroup

classmethod within_the_last(value)

Returns a FilterGroup that is useful for finding results where the key self._term is a timestamp-related term, such as EventTimestamp._term, and value is one of it’s accepted values, such as one of the values in EventTimestamp.choices().

Parameters:

value (str) – The value used to filter file events.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.event_filter.EventType

Bases: FileEventFilterStringField, Choices

V1 filter class that filters file events based on event type.

Available event types are provided as class attributes:

• EventType.CREATED

• EventType.DELETED

• EventType.EMAILED

• EventType.MODIFIED

• EventType.READ_BY_APP

• EventType.PRINTED

Example:

filter = EventType.isin([EventType.READ_BY_APP, EventType.EMAILED])

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.event_filter.InsertionTimestamp

Bases: FileEventFilterTimestampField

V1 filter class that filters events based on the timestamp of when the event was actually added to the event store (which can be after the event occurred on the device itself).

value must be a POSIX timestamp. (see the Dates section of the Basics user guide for details on timestamp arguments in py42)

classmethod in_range(start_value, end_value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is in range between the provided start_value and end_value.

Parameters:

• start_value (str or int or float or datetime) – The start value used to filter results.

• end_value (str or int or float or datetime) – The end value used to filter results.

Returns:

FilterGroup

classmethod on_or_after(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term` is on or after the provided ``value.

Parameters:

value (str or int or float or datetime) – The value used to filter results.

Returns:

FilterGroup

classmethod on_or_before(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is on or before the provided value.

Parameters:

value (str or int or float or datetime) – The value used to filter results.

Returns:

FilterGroup

classmethod on_same_day(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is within the same calendar day as the provided value.

Parameters:

value (str or int or float or datetime) – The value used to filter results.

Returns:

FilterGroup

classmethod within_the_last(value)

Returns a FilterGroup that is useful for finding results where the key self._term is a timestamp-related term, such as EventTimestamp._term, and value is one of it’s accepted values, such as one of the values in EventTimestamp.choices().

Parameters:

value (str) – The value used to filter file events.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.event_filter.Source

Bases: FileEventFilterStringField, Choices

V1 filter class that filters events by event source.

Available source types are provided as class attributes:

• Source.ENDPOINT

• Source.GOOGLE_DRIVE

• Source.ONE_DRIVE

• Source.BOX

• Source.GMAIL

• Source.OFFICE_365

Example:

filter = Source.is_in([Source.ENDPOINT, Source.BOX])

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.event_filter.MimeTypeMismatch

Bases: QueryFilterBooleanField

V1 filter class that filters events by whether or not a file’s mime type matches its extension type.

classmethod is_false()

Returns a FilterGroup that is useful for finding results where the value with key self._term is False.

Returns:

FilterGroup

classmethod is_true()

Returns a FilterGroup that is useful for finding results where the value with key self._term is True.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.event_filter.OutsideActiveHours

Bases: QueryFilterBooleanField

V1 filter class that filters events by whether or not they occurred outside a user’s typical working hours

classmethod is_false()

Returns a FilterGroup that is useful for finding results where the value with key self._term is False.

Returns:

FilterGroup

classmethod is_true()

Returns a FilterGroup that is useful for finding results where the value with key self._term is True.

Returns:

FilterGroup

File Filters

class py42.sdk.queries.fileevents.filters.file_filter.FileCategory

Bases: FileEventFilterStringField, Choices

V1 filter class that filters events by category of the file observed.

Available file categories are provided as class attributes:

• FileCategory.AUDIO

• FileCategory.DOCUMENT

• FileCategory.EXECUTABLE

• FileCategory.IMAGE

• FileCategory.PDF

• FileCategory.PRESENTATION

• FileCategory.SCRIPT

• FileCategory.SOURCE_CODE

• FileCategory.SPREADSHEET

• FileCategory.VIDEO

• FileCategory.VIRTUAL_DISK_IMAGE

• FileCategory.ZIP

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.file_filter.FileName

Bases: FileEventFilterStringField

V1 filter class that filters events by the name of the file observed.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.file_filter.FileOwner

Bases: FileEventFilterStringField

V1 filter class that filters events by the owner of the file observed.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.file_filter.FilePath

Bases: FileEventFilterStringField

V1 filter class that filters events by path of the file observed.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.file_filter.FileSize

Bases: FileEventFilterComparableField

V1 filter class that filters events by size of the file observed.

Size value must be bytes.

classmethod greater_than(value)

Returns a FilterGroup to find events where filter data is greater than the provided value.

Parameters:

value (str or int or float) – The value used to filter file events.

Returns:

FilterGroup

classmethod less_than(value)

Returns a FilterGroup to find events where filter data is less than than the provided value.

Parameters:

value (str or int or float) – The value used to filter file events.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.file_filter.MD5

Bases: FileEventFilterStringField

V1 filter class that filters events by the MD5 hash of the file observed.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.file_filter.SHA256

Bases: FileEventFilterStringField

V1 filter class that filters events by SHA256 hash of the file observed.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

Device Filters

class py42.sdk.queries.fileevents.filters.device_filter.DeviceUsername

Bases: FileEventFilterStringField

V1 filter class that filters events by the Code42 username of the device that observed the event.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.device_filter.OSHostname

Bases: FileEventFilterStringField

V1 filter class that filters events by hostname of the device that observed the event.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.device_filter.PrivateIPAddress

Bases: FileEventFilterStringField

V1 filter class that filters events by private (LAN) IP address of the device that observed the event.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.device_filter.PublicIPAddress

Bases: FileEventFilterStringField

V1 filter class that filters events by public (WAN) IP address of the device that observed the event.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.device_filter.DeviceSignedInUserName

Bases: FileEventFilterStringField

V1 filter class that filters events by signed in user of the device that observed the event.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

Cloud Filters

class py42.sdk.queries.fileevents.filters.cloud_filter.Actor

Bases: FileEventFilterStringField

V1 filter class that filters events by the cloud service username of the event originator (applies to cloud data source events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.cloud_filter.DirectoryID

Bases: FileEventFilterStringField

V1 filter class that filters events by unique identifier of the cloud drive or folder where the event occurred (applies to cloud data source events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.cloud_filter.Shared

Bases: QueryFilterBooleanField

V1 filter class that filters events by the shared status of the file at the time the event occurred (applies to cloud data source events only).

classmethod is_false()

Returns a FilterGroup that is useful for finding results where the value with key self._term is False.

Returns:

FilterGroup

classmethod is_true()

Returns a FilterGroup that is useful for finding results where the value with key self._term is True.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.cloud_filter.SharedWith

Bases: FileEventFilterStringField

V1 filter class that filters events by the list of users who had been granted access to the file at the time of the event (applies to cloud data source events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.cloud_filter.SharingTypeAdded

Bases: FileEventFilterStringField, Choices

V1 filter class that filters results to include events where a file’s sharing permissions were changed to a value that increases exposure (applies to cloud data source events only).

Available options provided as class attributes:

• SharingTypeAdded.SHARED_VIA_LINK

• SharingTypeAdded.IS_PUBLIC

• SharingTypeAdded.OUTSIDE_TRUSTED_DOMAIN

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

Exposure Filters

class py42.sdk.queries.fileevents.filters.exposure_filter.ExposureType

Bases: FileEventFilterStringField, Choices

V1 filter class that filters events based on exposure type.

Available options are provided as class attributes:

• ExposureType.SHARED_VIA_LINK

• ExposureType.SHARED_TO_DOMAIN

• ExposureType.APPLICATION_READ

• ExposureType.CLOUD_STORAGE

• ExposureType.REMOVABLE_MEDIA

• ExposureType.IS_PUBLIC

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.exposure_filter.ProcessName

Bases: FileEventFilterStringField

V1 filter class that filters events based on the process name involved in the exposure (applies to read by browser or other app events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.exposure_filter.ProcessOwner

Bases: FileEventFilterStringField

V1 filter class that filters events based on the process owner that was involved in the exposure (applies to read by browser or other app events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaName

Bases: FileEventFilterStringField

V1 filter class that filters events based on the name of the removable media involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaVendor

Bases: FileEventFilterStringField

V1 filter class that filters events based on the vendor of the removable media device involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaMediaName

Bases: FileEventFilterStringField

V1 filter class that filters events based on the name of the removable media (as reported by the vendor/device, usually very similar to RemovableMediaName) involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaVolumeName

Bases: FileEventFilterStringField

V1 filter class that filters events based on the name of the formatted volume (as reported by the operating system) of the removable media device involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaPartitionID

Bases: FileEventFilterStringField

V1 filter class that filters events based on the unique identifier assigned (by the operating system) to the removable media involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaSerialNumber

Bases: FileEventFilterStringField

V1 filter class that filters events based on the serial number of the connected hardware as reported by the operating system (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.exposure_filter.SyncDestination

Bases: FileEventFilterStringField, Choices

V1 filter class that filters events based on the name of the cloud service the file is synced with (applies to synced to cloud service events only).

Available options are provided as class attributes:

• SyncDestination.ICLOUD

• SyncDestination.BOX

• SyncDestination.BOX_DRIVE

• SyncDestination.GOOGLE_DRIVE

• SyncDestination.GOOGLE_BACKUP_AND_SYNC

• SyncDestination.DROPBOX

• SyncDestination.ONEDRIVE

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.exposure_filter.SyncDestinationUsername

Bases: FileEventFilterStringField

V1 filter class that filters events based on the username associated with the cloud service the file is synced with (applies to synced to cloud service events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.exposure_filter.TabURL

Bases: FileEventFilterStringField

V1 filter class that filters events based on all the URLs of the browser tabs at the time the file contents were read by the browser (applies to read by browser or other app events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.exposure_filter.WindowTitle

Bases: FileEventFilterStringField

V1 filter class that filters events based on the name of all the browser tabs or application windows that were open when a browser or other app event occurred (applies to read by browser or other app events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

Email Filters

class py42.sdk.queries.fileevents.filters.email_filter.EmailPolicyName

Bases: QueryFilterStringField

V1 filter class that filters events based on the email DLP policy that detected this file (applies to emails sent via Microsoft Office 365 only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.email_filter.EmailSubject

Bases: QueryFilterStringField

V1 filter class that filters events based on the email’s subject (applies to email events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.email_filter.EmailRecipients

Bases: QueryFilterStringField

V1 filter class that filters events based on the email’s recipient list (applies to email events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.email_filter.EmailSender

Bases: QueryFilterStringField

V1 filter class that filters events based on the email’s sender (applies to email events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.email_filter.EmailFrom

Bases: QueryFilterStringField

V1 filter class that filters events based on the display name of the email’s sender, as it appears in the “From:” field in the email (applies to email events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

Activity Filters

class py42.sdk.queries.fileevents.filters.activity_filter.TrustedActivity

Bases: QueryFilterBooleanField

V1 filter class that filters events based on whether activity can be trusted.

classmethod is_false()

Returns a FilterGroup that is useful for finding results where the value with key self._term is False.

Returns:

FilterGroup

classmethod is_true()

Returns a FilterGroup that is useful for finding results where the value with key self._term is True.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.activity_filter.RemoteActivity

Bases: QueryFilterBooleanField

V1 filter class that filters events based on whether the activity was remote (took place outside of corporate IP range).

classmethod is_false()

Returns a FilterGroup that is useful for finding results where the value with key self._term is False.

Returns:

FilterGroup

classmethod is_true()

Returns a FilterGroup that is useful for finding results where the value with key self._term is True.

Returns:

FilterGroup

Printer Filters

class py42.sdk.queries.fileevents.filters.print_filter.Printer

Bases: FileEventFilterStringField

V1 filter class that filters events by printer name.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.print_filter.PrintJobName

Bases: FileEventFilterStringField

V1 filter class that filters events by print job name.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

Risk Filters

class py42.sdk.queries.fileevents.filters.risk_filter.RiskIndicator

Bases: FileEventFilterStringField

V1 filter class that filters events by risk indicator.

Available options are provided as class attributes:

• RiskIndicator.CloudDataExposures.PUBLIC_CORPORATE_BOX

• RiskIndicator.CloudDataExposures.PUBLIC_CORPORATE_GOOGLE_DRIVE

• RiskIndicator.CloudDataExposures.PUBLIC_CORPORATE_ONEDRIVE

• RiskIndicator.CloudDataExposures.SENT_CORPORATE_GMAIL

• RiskIndicator.CloudDataExposures.SHARED_CORPORATE_BOX

• RiskIndicator.CloudDataExposures.SHARED_CORPORATE_GOOGLE_DRIVE

• RiskIndicator.CloudDataExposures.SHARED_CORPORATE_ONEDRIVE

• RiskIndicator.CloudStorageUploads.AMAZON_DRIVE

• RiskIndicator.CloudStorageUploads.BOX

• RiskIndicator.CloudStorageUploads.DROPBOX

• RiskIndicator.CloudStorageUploads.GOOGLE_DRIVE

• RiskIndicator.CloudStorageUploads.ICLOUD

• RiskIndicator.CloudStorageUploads.MEGA

• RiskIndicator.CloudStorageUploads.ONEDRIVE

• RiskIndicator.CloudStorageUploads.ZOHO

• RiskIndicator.CodeRepositoryUploads.BITBUCKET

• RiskIndicator.CodeRepositoryUploads.GITHUB

• RiskIndicator.CodeRepositoryUploads.GITLAB

• RiskIndicator.CodeRepositoryUploads.SOURCEFORGE

• RiskIndicator.CodeRepositoryUploads.STASH

• RiskIndicator.EmailServiceUploads.ONESIXTHREE_DOT_COM

• RiskIndicator.EmailServiceUploads.ONETWOSIX_DOT_COM

• RiskIndicator.EmailServiceUploads.AOL

• RiskIndicator.EmailServiceUploads.COMCAST

• RiskIndicator.EmailServiceUploads.GMAIL

• RiskIndicator.EmailServiceUploads.ICLOUD

• RiskIndicator.EmailServiceUploads.MAIL_DOT_COM

• RiskIndicator.EmailServiceUploads.OUTLOOK

• RiskIndicator.EmailServiceUploads.PROTONMAIL

• RiskIndicator.EmailServiceUploads.QQMAIL

• RiskIndicator.EmailServiceUploads.SINA_MAIL

• RiskIndicator.EmailServiceUploads.SOHU_MAIL

• RiskIndicator.EmailServiceUploads.YAHOO

• RiskIndicator.EmailServiceUploads.ZOHO_MAIL

• RiskIndicator.ExternalDevices.AIRDROP

• RiskIndicator.ExternalDevices.REMOVABLE_MEDIA

• RiskIndicator.FileCategories.AUDIO

• RiskIndicator.FileCategories.DOCUMENT

• RiskIndicator.FileCategories.EXECUTABLE

• RiskIndicator.FileCategories.IMAGE

• RiskIndicator.FileCategories.PDF

• RiskIndicator.FileCategories.PRESENTATION

• RiskIndicator.FileCategories.SCRIPT

• RiskIndicator.FileCategories.SOURCE_CODE

• RiskIndicator.FileCategories.SPREADSHEET

• RiskIndicator.FileCategories.VIDEO

• RiskIndicator.FileCategories.VIRTUAL_DISK_IMAGE

• RiskIndicator.FileCategories.ZIP

• RiskIndicator.MessagingServiceUploads.FACEBOOK_MESSENGER

• RiskIndicator.MessagingServiceUploads.MICROSOFT_TEAMS

• RiskIndicator.MessagingServiceUploads.SLACK

• RiskIndicator.MessagingServiceUploads.WHATSAPP

• RiskIndicator.Other.OTHER

• RiskIndicator.Other.UNKNOWN

• RiskIndicator.SocialMediaUploads.FACEBOOK

• RiskIndicator.SocialMediaUploads.LINKEDIN

• RiskIndicator.SocialMediaUploads.REDDIT

• RiskIndicator.SocialMediaUploads.TWITTER

• RiskIndicator.UserBehavior.FILE_MISMATCH

• RiskIndicator.UserBehavior.OFF_HOURS

• RiskIndicator.UserBehavior.REMOTE

• RiskIndicator.UserBehavior.FIRST_DESTINATION_USE

• RiskIndicator.UserBehavior.RARE_DESTINATION_USE

class CloudDataExposures

Bases: Choices

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

class CloudStorageUploads

Bases: Choices

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

class CodeRepositoryUploads

Bases: Choices

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

class EmailServiceUploads

Bases: Choices

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

class ExternalDevices

Bases: Choices

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

class FileCategories

Bases: Choices

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

class MessagingServiceUploads

Bases: Choices

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

class Other

Bases: Choices

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

class SocialMediaUploads

Bases: Choices

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

class UserBehavior

Bases: Choices

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.risk_filter.RiskSeverity

Bases: FileEventFilterStringField, Choices

V1 filter class that filters events by risk severity.

Available options are provided as class attributes:

• RiskSeverity.LOW

• RiskSeverity.MODERATE

• RiskSeverity.HIGH

• RiskSeverity.CRITICAL

• RiskSeverity.NO_RISK_INDICATED

classmethod choices()

Returns attribute values for the given class.

Returns:

A list containing the attribute values of the given class.

Return type:

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup

class py42.sdk.queries.fileevents.filters.risk_filter.RiskScore

Bases: QueryFilterStringField, FileEventFilterComparableField

V1 filter class that filters events by risk score.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters:

value (str) – The value to match on.

Returns:

FilterGroup

classmethod greater_than(value)

Returns a FilterGroup to find events where filter data is greater than the provided value.

Parameters:

value (str or int or float) – The value used to filter file events.

Returns:

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters:

value_list (list) – The list of values to match on.

Returns:

FilterGroup

classmethod less_than(value)

Returns a FilterGroup to find events where filter data is less than than the provided value.

Parameters:

value (str or int or float) – The value used to filter file events.

Returns:

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters:

value (str) – The value to exclude on.

Returns:

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters:

value_list (list) – The list of values to exclude on.

Returns:

FilterGroup