Alerts¶
-
class
py42.clients.alerts.AlertClient(session, user_context)¶ Bases:
py42.clients.BaseClientA client for interacting with Code42 security alerts.
The AlertClient has the ability to search, resolve, and reopen alerts. Also, it can get the details for the file event query for the event that triggered the alert.
-
get_details(alert_ids, tenant_id=None)¶ Gets the details for the alerts with the given IDs, including the file event query that, when passed into a search, would result in events that could have triggered the alerts.
- Parameters
alert_ids (iter[str]) – The IDs of the alerts for which you want to get details for.
tenant_id (str, optional) – The tenant ID for the tenant that the alerts belong to. When given None, it uses the currently logged in user’s tenant ID. Defaults to None.
- Returns
A response containing the alert details.
- Return type
-
reopen(alert_ids, tenant_id=None, reason=None)¶ Reopens the resolved alerts with the given IDs.
- Parameters
alert_ids (iter[str]) – The IDs for the alerts to reopen.
tenant_id (str, optional) – The ID for the tenant that the alerts belong to. When given None, it uses the currently logged in user’s tenant ID. Defaults to None.
reason (str, optional) – The reason the alerts are reopened. Defaults to None.
- Returns
-
resolve(alert_ids, tenant_id=None, reason=None)¶ Resolves the alerts with the given IDs.
- Parameters
alert_ids (iter[str]) – The IDs for the alerts to resolve.
tenant_id (str, optional) – The ID for the tenant that the alerts belong to. When given None, it uses the currently logged in user’s tenant ID. Defaults to None.
reason (str, optional) – The reason the alerts are now resolved. Defaults to None.
- Returns
-
search(query)¶ Searches alerts using the given
py42.sdk.queries.alerts.alert_query.AlertQuery.- Parameters
query (
py42.sdk.queries.alerts.alert_query.AlertQuery) – An alert query. See userguides.searches to learn more about how to construct a query.- Returns
A response containing the alerts that match the given query.
- Return type
-