Security Data

class py42.modules.securitydata.SecurityModule(security_client, storage_client_factory, microservices_client_factory)

Bases: object

property alerts

A collection of methods for retrieving and updating data about security alerts.

get_all_plan_security_events(plan_storage_info, cursor=None, include_files=True, event_types=None, min_timestamp=None, max_timestamp=None)

Gets legacy endpoint monitoring events. This does not retrieve cloud events. Support Article

Parameters
  • plan_storage_info (py42.sdk.modules.securitydata.PlanStorageInfo) – Information about storage nodes for a plan to get security events for.

  • cursor (str, optional) – A cursor position for only getting events you did not previously get. Defaults to None.

  • include_files (bool, optional) – Whether to include the files related to the security events. Defaults to None.

  • event_types

    (str, optional): A comma-separated list of event types to filter by.

    Available options are:
    • DEVICE_APPEARED

    • DEVICE_DISAPPEARED

    • DEVICE_FILE_ACTIVITY

    • PERSONAL_CLOUD_FILE_ACTIVITY

    • RESTORE_JOB

    • RESTORE_FILE

    • FILE_OPENED

    • RULE_MATCH

    • DEVICE_SCAN_RESULT

    • PERSONAL_CLOUD_SCAN_RESULT

    Defaults to None.

  • min_timestamp (float, optional) – A POSIX timestamp representing the lower bound of the date range of events to get. Defaults to None.

  • max_timestamp (float, optional) – A POSIX timestamp representing the upper bound of the date range of events to get. Defaults to None.

Returns

An object that iterates over py42.response.Py42Response objects that each contain a page of events.

Return type

generator

get_all_user_security_events(user_uid, cursor=None, include_files=True, event_types=None, min_timestamp=None, max_timestamp=None)

Gets legacy security events for the user with the given UID.

Parameters
  • user_uid (str) – The UID for the user to get security events for.

  • cursor (str, optional) – A cursor position for only getting events you did not previously get. Defaults to None.

  • include_files (bool, optional) – Whether to include the files related to the security events. Defaults to None.

  • event_types

    (str, optional): A comma-separated list of event types to filter by.

    Available options are:
    • DEVICE_APPEARED

    • DEVICE_DISAPPEARED

    • DEVICE_FILE_ACTIVITY

    • PERSONAL_CLOUD_FILE_ACTIVITY

    • RESTORE_JOB

    • RESTORE_FILE

    • FILE_OPENED

    • RULE_MATCH

    • DEVICE_SCAN_RESULT

    • PERSONAL_CLOUD_SCAN_RESULT

    Defaults to None.

  • min_timestamp (float, optional) – A POSIX timestamp representing the lower bound of the date range of events to get. Defaults to None.

  • max_timestamp (float, optional) – A POSIX timestamp representing the upper bound of the date range of events to get. Defaults to None.

Returns

An object that iterates over py42.response.Py42Response objects that each contain a page of events.

Return type

generator

get_security_plan_storage_info_list(user_uid)

Gets IDs (plan UID, node GUID, and destination GUID) for the storage nodes containing the legacy security event data for the user with the given UID. REST Documentation

Parameters

user_uid (str) – A UID for the user to get plan storage information for.

Returns

list[py42.modules.securitydata.PlanStorageInfo]

search_file_events(query)

Searches for file events. REST Documentation

Parameters

query (py42.sdk.queries.fileevents.file_event_query.FileEventQuery) – Also accepts a raw JSON str.

Returns

A response containing the first 10,000 events.

Return type

py42.response.Py42Response

class py42.modules.securitydata.PlanStorageInfo(plan_uid, destination_guid, node_guid)

Bases: object

property destination_guid

A GUID for the destination containing the storage archive.

property node_guid

The GUID for the storage node containing the archive.

property plan_uid

A UID for a storage plan.