Security Data¶
-
class
py42.clients.securitydata.
SecurityDataClient
(security_service, file_event_service, preservation_data_service, saved_search_service, storage_service_factory)¶ Bases:
object
-
get_all_plan_security_events
(plan_storage_info, cursor=None, include_files=True, event_types=None, min_timestamp=None, max_timestamp=None)¶ Gets events for legacy Endpoint Monitoring file activity on removable media, in cloud sync folders, and browser uploads. Support Article
Parameters: - plan_storage_info (
py42.clients.securitydata.PlanStorageInfo
) – Information about storage nodes for a plan to get file event activity for. - cursor (str, optional) – A cursor position for only getting file events you did not previously get. Defaults to None.
- include_files (bool, optional) – Whether to include the files related to the file events.
- to None. (Defaults) –
- event_types –
(str, optional): A comma-separated list of event types to filter by.
- Available options are:
DEVICE_APPEARED
DEVICE_DISAPPEARED
DEVICE_FILE_ACTIVITY
PERSONAL_CLOUD_FILE_ACTIVITY
RESTORE_JOB
RESTORE_FILE
FILE_OPENED
RULE_MATCH
DEVICE_SCAN_RESULT
PERSONAL_CLOUD_SCAN_RESULT
Defaults to None.
- min_timestamp (int or float or str or datetime, optional) – Timestamp in milliseconds or str format “yyyy-MM-DD HH:MM:SS” or a datetime instance. Defaults to None.
- max_timestamp (int or float or str or datetime, optional) – Timestamp in milliseconds or str format “yyyy-MM-DD HH:MM:SS” or a datetime instance. Defaults to None.
Returns: An object that iterates over tuples whose first element is a
py42.response.Py42Response
object containing a page of events, and whose second element is a string cursor.Return type: generator
- plan_storage_info (
-
get_all_user_security_events
(user_uid, cursor=None, include_files=True, event_types=None, min_timestamp=None, max_timestamp=None)¶ Gets legacy Endpoint Monitoring file activity events for the user with the given UID.
Parameters: - user_uid (str) – The UID of the user to get security events for.
- cursor (str, optional) – A cursor position for only getting events you did not previously get. Defaults to None.
- include_files (bool, optional) – Whether to include the files related to the file activity events. Defaults to None.
- event_types –
(str, optional): A comma-separated list of event types to filter by.
- Available options are:
DEVICE_APPEARED
DEVICE_DISAPPEARED
DEVICE_FILE_ACTIVITY
PERSONAL_CLOUD_FILE_ACTIVITY
RESTORE_JOB
RESTORE_FILE
FILE_OPENED
RULE_MATCH
DEVICE_SCAN_RESULT
PERSONAL_CLOUD_SCAN_RESULT
Defaults to None.
- min_timestamp (int or float or str or datetime, optional) – Timestamp in milliseconds or str format “yyyy-MM-DD HH:MM:SS” or a datetime instance. Defaults to None.
- max_timestamp (int or float or str or datetime, optional) – Timestamp in milliseconds or str format “yyyy-MM-DD HH:MM:SS” or a datetime instance. Defaults to None.
Returns: An object that iterates over tuples whose first element is a
py42.response.Py42Response
object containing a page of events, and whose second element is a string cursor.Return type: generator
-
get_security_plan_storage_info_list
(user_uid)¶ Gets IDs (plan UID, node GUID, and destination GUID) for the storage nodes containing the file activity event data for the user with the given UID. REST Documentation
Parameters: user_uid (str) – The UID of the user to get plan storage information for. Returns: list[ py42.clients.securitydata.PlanStorageInfo
]
-
savedsearches
¶ A collection of methods related to retrieving forensic search data.
Returns: class: py42._internal.services.securitydata.SavedSearchService
-
search_all_file_events
(query, page_token='')¶ Searches for all file events, returning a page of events with a token in the response to retrieve next page. REST Documentation
Parameters: - query (str or
py42.sdk.queries.fileevents.file_event_query.FileEventQuery
) – The file event query to filter search results. - page_token (str, optional) – A token used to indicate the starting point for
additional page results. For the first page, do not pass
page_token
. For all consecutive pages, pass the token from the previous response from fieldnextPgToken
. When usingpage_token
, any sorting parameters from the FileEventQuery will be ignored. Defaults to empty string.
Returns: A response containing page of events.
Return type: - query (str or
-
search_file_events
(query)¶ Searches for file events, returns up to the first 10,000 events. REST Documentation
Parameters: query (str or py42.sdk.queries.fileevents.file_event_query.FileEventQuery
) – The file event query to filter search results.Returns: A response containing the first 10,000 events. Return type: py42.response.Py42Response
-
stream_file_by_md5
(checksum)¶ Stream file based on MD5 checksum.
Parameters: checksum (str) – MD5 hash of the file. Returns: Returns a stream of the requested file.
-
stream_file_by_sha256
(checksum)¶ Stream file based on SHA256 checksum.
Parameters: checksum (str) – SHA256 hash of the file. Returns: Returns a stream of the requested file.
-