Detection Lists

class py42.modules.detectionlists.DetectionListsModule(microservice_client_factory, user_client)

Bases: object

add_user_cloud_aliases(user_id, aliases)

Add one or more cloud alias.

Parameters
  • user_id (str or int) – The user_id whose alias(es) need to be updated.

  • aliases (str or list of str) – A single alias or multiple aliases in a list to be added. e.g u”x” or [“email@id”, “y”], for python version 2.X, pass u”str” instead of “str”

Returns

py42.response.Py42Response

add_user_risk_tags(user_id, tags)

Add one or more tags.

Parameters
  • user_id (str or int) – The user_id whose tag(s) needs to be updated.

  • tags (str or list of str) – A single tag or multiple tags in a list to be added. e.g u”tag1” or [“tag1”, “tag2”], for python version 2.X, pass u”str” instead of “str”

Returns

py42.response.Py42Response

create_user(username)

Create a detection list profile for a user.

Parameters

username (str) – Username of the user.

Returns

py42.response.Py42Response

get_user(username)

Get user details by username.

Parameters

username (str) – Username of the user.

Returns

py42.response.Py42Response

get_user_by_id(user_id)

Get user details by user_id.

Parameters

user_id (str or int) – Id of the user.

Returns

py42.response.Py42Response

remove_user_cloud_aliases(user_id, aliases)

Remove one or more cloud alias.

Parameters
  • user_id (str or int) – The user_id whose alias(es) need to be removed.

  • aliases (str or list of str) – A single alias or multiple aliases in a list to be removed. e.g u”x” or [“email@id”, “y”], for python version 2.X, pass u”str” instead of “str”

Returns

py42.response.Py42Response

remove_user_risk_tags(user_id, tags)

Remove one or more tags.

Parameters
  • user_id (str or int) – The user_id whose tag(s) needs to be removed.

  • tags (str or list of str) – A single tag or multiple tags in a list to be removed. e.g u”tag1” or [“tag1”, “tag2”], for python version 2.X, pass u”str” instead of “str”

Returns

py42.response.Py42Response

update_user_notes(user_id, notes)

Add or update notes related to the user.

Parameters
  • user_id (str or int) – The user_id whose notes need to be updated.

  • notes (str) – User profile notes.

Returns

py42.response.Py42Response

Departing Employee

class py42.clients.detectionlists.departing_employee.DepartingEmployeeClient(session, user_context)

Bases: py42.clients.BaseClient

A client for interacting with Code42 Departing Employee APIs.

create(username, tenant_id=None, notes=None, departure_epoch=None, cloud_usernames=None)

Adds a user to Departing Employees. REST Documentation

Parameters
  • username (str) – The username of the departing employee.

  • tenant_id (str, optional) – The identifier of the Customer tenant the user is in. Defaults to None (the tenant_id of SDK authorization user will be used).

  • notes (str, optional) – Optional descriptive information. Defaults to None.

  • departure_epoch (int, optional) – Employee departure date as POSIX timestamp. Defaults to None.

  • cloud_usernames (list, optional) – List of alternate usernames for this user from external data sources being searched by Forensic File Search (Google Drive, Box, OneDrive, Gmail, Office 365). Defaults to None.

Returns

py42.response.Py42Response

get_all(tenant_id=None, departing_on_or_after_epoch=None, sort_key='CREATED_AT', sort_direction='DESC')

Gets all Departing Employees.

Parameters
  • tenant_id (str, optional) – The identifier of the Customer tenant. Defaults to None (the tenant_id of SDK authorization user will be used).

  • departing_on_or_after_epoch (int, optional) – Filter results by the departure date of employee, requires a POSIX timestamp. Defaults to None.

  • sort_key (str, optional) – Key to sort results on. Options: (CREATED_AT, DEPARTURE_DATE, DISPLAY_NAME, NUM_EVENTS, TOTAL_BYTES). Defaults to CREATED_AT.

  • sort_direction (str, optional) – Sort direction. Options: (ASC, DESC). Defaults to DESC.

Returns

An object that iterates over py42.response.Py42Response objects that each contain a page of departing employees.

Return type

generator

get_by_id(case_id, tenant_id=None)

Gets details about a Departing Employee case. REST Documentation

Parameters
  • case_id (str) – Identifier of the Departing Employee case.

  • tenant_id (str, optional) – The identifier of the Customer tenant the case is in. Defaults to None (the tenant_id of SDK authorization user will be used).

Returns

A response containing the Departing Employee case.

Return type

py42.response.Py42Response

get_by_username(username, tenant_id=None)

Gets Departing Employee case detail for a given user.

Parameters
  • username (str) – Username of the Departing Employee to retrieve case info on.

  • tenant_id (str, optional) – The identifier of the Customer tenant the case is in. Defaults to None (the tenant_id of SDK authorization user will be used).

Returns

A response containing the Departing Employee case.

Return type

py42.response.Py42Response

resolve(case_id, tenant_id=None)

Removes a user from Departing Employees. REST Documentation

Parameters
  • case_id (str) – The identifier of the Departing Employee.

  • tenant_id (str, optional) – The identifier of the Customer tenant the case is in. Defaults to None (the tenant_id of SDK authorization user will be used).

Returns

py42.response.Py42Response

toggle_alerts(tenant_id=None, alerts_enabled=True)

Enable or disable email alerting on Departing Employee exposure events. REST Documentation

Parameters
  • tenant_id (str, optional) – The identifier of the Customer tenant. Defaults to None (the tenant_id of SDK authorization user will be used).

  • alerts_enabled (bool) – Set alerting to on (True) or off (False). Defaults to True.

Returns

py42.response.Py42Response

update(case_id, tenant_id=None, display_name=None, notes=None, departure_epoch=None, cloud_usernames=None)

Add or modify details of an existing Departing Employee case. REST Documentation

Parameters
  • case_id (str) – Identifier of the Departing Employee case.

  • tenant_id (str, optional) – The identifier of the Customer tenant the case is in. Defaults to None (the tenant_id of SDK authorization user will be used).

  • display_name (str, optional) – The display name for the Departing Employee case. This defaults to username when adding a new Departing Employee, so it can be used to make the UI more user-friendly if your Organization has usernames that don’t correspond to real names. Defaults to None.

  • notes (str, optional) – Optional descriptive information. Defaults to None.

  • departure_epoch (int, optional) – Employee departure date as POSIX timestamp. Defaults to None.

  • cloud_usernames (list, optional) – List of alternate usernames for this user from external data sources being searched by Forensic File Search (Google Drive, Box, OneDrive, Gmail, Office 365). Defaults to None.

Returns

py42.response.Py42Response

High Risk Employee

class py42.clients.detectionlists.high_risk_employee.HighRiskEmployeeClient(session, user_context, detection_list_user_client, user_client)

Bases: py42.clients.BaseClient

Administrator utility to manage High Risk employees.

Support Documentation

add(user_id)

Adds a user to high risk employee detection list.

A user profile in detection list will be created before adding to High Risk Employee list if it doesn’t exist.

Returns failure when a user already exists in the high risk employee detection list.

Parameters

user_id (str or int) – The Code42 userUid of the user who needs to be added to HRE detection list.

Returns

py42.response.Py42Response

get(user_id)

Get user information.

Parameters

user_id (str or int) – The Code42 userUid of the user has been added to the High Risk Employee detection list.

Returns

py42.response.Py42Response

get_all(filter_type='OPEN', sort_key=None, sort_direction=None)

Search High Risk employee list. Filter results by filter_type.

Parameters
  • filter_type (str) – Valid filter types.

  • sort_key (str) – Sort results based by field.

  • sort_direction (str) – “ASC” or “DESC”

Returns

An object that iterates over py42.response.Py42Response objects that each contain a page of users.

Return type

generator

remove(user_id)

Remove a user from high risk employee detection list.

Parameters

user_id (str or int) – The Code42 userUid of the user who needs to be added to HRE detection lists.

Returns

py42.response.Py42Response

set_alerts_enabled(enabled=True)

Enable alerts.

Parameters

enabled (bool) – Whether to enable alerts for all users

Returns

py42.response.Py42Response