File Event Queries¶
-
class
py42.sdk.queries.fileevents.file_event_query.
FileEventQuery
(*args, **kwargs)¶ Bases:
py42.sdk.queries.BaseQuery
Helper class for building Code42 Forensic Search queries.
A FileEventQuery instance’s
all()
andany()
take one or moreFilterGroup
objects to construct a query that can be passed to theFileEventService.search()
method.all()
returns results that match all of the provided filter criteria,any()
will return results that match any of the filters.For convenience, the
FileEventQuery
constructor does the same asall()
.Usage example:
email_filter = EmailSender.is_in(["test.user@example.com", "test.sender@example.com"]) exposure_filter = ExposureType.exists() query = FileEventQuery.all(email_filter, exposure_filter)
Saved Searches¶
-
class
py42.services.savedsearch.
SavedSearchService
(connection, file_event_client)¶ Bases:
py42.services.BaseService
A service to interact with saved search APIs.
-
execute
(search_id, page_number=None, page_size=None)¶ Executes a saved search for given search Id, returns up to the first 10,000 events.
Parameters: - search_id (str) – Unique search Id of the saved search.
- page_number (int, optional) – The consecutive group of results of size page_size in the result set to return. Defaults to None.
- page_size (int, optional) – The maximum number of results to be returned. Defaults to None.
Returns:
-
get
()¶ Fetch details of existing saved searches.
Returns: py42.response.Py42Response
-
get_by_id
(search_id)¶ Fetch the details of a saved search by its given search Id.
Parameters: search_id (str) – Unique search Id of the saved search. Returns: py42.response.Py42Response
-
get_query
(search_id, page_number=None, page_size=None)¶ Get the saved search in form of a query(py42.sdk.queries.fileevents.file_event_query).
Parameters: - search_id (str) – Unique search Id of the saved search.
- page_number (int, optional) – The consecutive group of results of size page_size in the result set to return. Defaults to None.
- page_size (int, optional) – The maximum number of results to be returned. Defaults to None.
Returns:
-
search_file_events
(search_id, page_number=None, page_size=None)¶ Alias method for
execute()
. Executes a saved search for given search Id, returns up to the first 10,000 events.- To view more than the first 10,000 events:
- pass the
search_id
toget_query()
- pass the resulting query (
FileEventQuery
) tosearch_all_file_events()
, use that method as normal.
- pass the
Parameters: - search_id (str) – Unique search Id of the saved search.
- page_number (int, optional) – The consecutive group of results of size page_size in the result set to return. Defaults to None.
- page_size (int, optional) – The maximum number of results to be returned. Defaults to None.
Returns:
-
Filter Classes¶
The following classes construct filters for file event queries. Each filter class corresponds to a file event detail.
Call the appropriate classmethod on your desired filter class with the value
you want to match and it will return a
FilterGroup
object that can be passed to FileEventQuery
’s all()
or any()
methods to create complex queries
that match multiple filter rules.
Example:
To search for events observed for certain set of documents, you can use the FileName
and MD5
filter classes to
construct FilterGroup
s that will search for matching filenames or (in case someone renamed the sensitive file) the
known MD5 hashes of the files:
filename_filter = FileName.is_in(['confidential_plans.docx', 'confidential_plan_projections.xlsx'])
md5_filter = MD5.is_in(['133765f4fff5e3038b9352a4d14e1532', 'ea16f0cbfc76f6eba292871f8a8c794b'])
See Executing Searches for more on building search queries.
Event Filters¶
-
file_event_query.
create_exists_filter_group
()¶ Creates a
FilterGroup
to find events where filter data exists. Useful for creatingEXISTS
filters that are not yet supported in py42 or programmatically crafting filter groups.Parameters: term (str) – The term of the filter. Returns: FilterGroup
-
file_event_query.
create_not_exists_filter_group
()¶ Creates a
FilterGroup
to find events where filter data does not exist. Useful for creatingDOES_NOT_EXIST
filters that are not yet supported in py42 or programmatically crafting filter groups.Parameters: term (str) – The term of the filter. Returns: FilterGroup
-
file_event_query.
create_greater_than_filter_group
(value)¶ Creates a
FilterGroup
for matching file events where the value with keyterm
is greater than the given value. Useful for creatingGREATER_THAN
filters that are not yet supported in py42 or programmatically crafting filter groups.Parameters: - term (str) – The term of the filter.
- value (str or int) – The value used to filter file events.
Returns:
-
file_event_query.
create_less_than_filter_group
(value)¶ Creates a
FilterGroup
for matching file events where the value with keyterm
is less than the given value. Useful for creatingLESS_THAN
filters that are not yet supported in py42 or programmatically crafting filter groups.Parameters: - term (str) – The term of the filter.
- value (str or int) – The value used to filter file events.
Returns:
-
class
py42.sdk.queries.fileevents.filters.event_filter.
EventTimestamp
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterTimestampField
,py42.choices.Choices
Class that filters events based on the timestamp of the event that occurred.
Available event timestamp constants are provided as class attributes, These constants should be used only with class method within_the_last:
EventTimestamp.FIFTEEN_MINUTES
EventTimestamp.ONE_HOUR
EventTimestamp.THREE_HOURS
EventTimestamp.TWELVE_HOURS
EventTimestamp.ONE_DAY
EventTimestamp.THREE_DAYS
EventTimestamp.SEVEN_DAYS
EventTimestamp.FOURTEEN_DAYS
EventTimestamp.THIRTY_DAYS
- Example::
- filter = EventTimestamp.within_the_last(EventTimestamp.SEVEN_DAYS)
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
in_range
(start_value, end_value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is in range between the providedstart_value
andend_value
.Parameters: - start_value (str or int or float or datetime) – The start value used to filter results.
- end_value (str or int or float or datetime) – The end value used to filter results.
Returns:
-
classmethod
on_or_after
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term` is on or after the provided ``value
.Parameters: value (str or int or float or datetime) – The value used to filter results. Returns: FilterGroup
-
classmethod
on_or_before
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is on or before the providedvalue
.Parameters: value (str or int or float or datetime) – The value used to filter results. Returns: FilterGroup
-
classmethod
on_same_day
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is within the same calendar day as the providedvalue
.Parameters: value (str or int or float or datetime) – The value used to filter results. Returns: FilterGroup
-
classmethod
within_the_last
(value)¶ Returns a
FilterGroup
that is useful for finding results where the keyself._term
is a timestamp-related term, such asEventTimestamp._term
, andvalue
is one of it’s accepted values, such as one of the values inEventTimestamp.choices()
.Parameters: value (str) – The value used to filter file events. Returns: FilterGroup
-
class
py42.sdk.queries.fileevents.filters.event_filter.
EventType
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
,py42.choices.Choices
Class that filters file events based on event type.
Available event types are provided as class attributes:
EventType.CREATED
EventType.DELETED
EventType.EMAILED
EventType.MODIFIED
EventType.READ_BY_APP
EventType.PRINTED
Example:
filter = EventType.isin([EventType.READ_BY_APP, EventType.EMAILED])
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
class
py42.sdk.queries.fileevents.filters.event_filter.
InsertionTimestamp
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterTimestampField
Class that filters events based on the timestamp of when the event was actually added to the event store (which can be after the event occurred on the device itself).
value must be a POSIX timestamp. (see the Dates section of the Basics user guide for details on timestamp arguments in py42)
-
classmethod
in_range
(start_value, end_value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is in range between the providedstart_value
andend_value
.Parameters: - start_value (str or int or float or datetime) – The start value used to filter results.
- end_value (str or int or float or datetime) – The end value used to filter results.
Returns:
-
classmethod
on_or_after
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term` is on or after the provided ``value
.Parameters: value (str or int or float or datetime) – The value used to filter results. Returns: FilterGroup
-
classmethod
on_or_before
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is on or before the providedvalue
.Parameters: value (str or int or float or datetime) – The value used to filter results. Returns: FilterGroup
-
classmethod
on_same_day
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is within the same calendar day as the providedvalue
.Parameters: value (str or int or float or datetime) – The value used to filter results. Returns: FilterGroup
-
classmethod
within_the_last
(value)¶ Returns a
FilterGroup
that is useful for finding results where the keyself._term
is a timestamp-related term, such asEventTimestamp._term
, andvalue
is one of it’s accepted values, such as one of the values inEventTimestamp.choices()
.Parameters: value (str) – The value used to filter file events. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.event_filter.
Source
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
,py42.choices.Choices
Class that filters events by event source.
- Available source types are provided as class attributes:
Source.ENDPOINT
Source.GOOGLE_DRIVE
Source.ONE_DRIVE
Source.BOX
Source.GMAIL
Source.OFFICE_365
Example:
filter = Source.is_in([Source.ENDPOINT, Source.BOX])
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
class
py42.sdk.queries.fileevents.filters.event_filter.
MimeTypeMismatch
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterBooleanField
Class that filters events by whether or not a file’s mime type matches its extension type.
-
classmethod
is_false
()¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is False.Returns: FilterGroup
-
classmethod
is_true
()¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is True.Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.event_filter.
OutsideActiveHours
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterBooleanField
Class that filters events by whether or not they occurred outside a user’s typical working hours
-
classmethod
is_false
()¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is False.Returns: FilterGroup
-
classmethod
is_true
()¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is True.Returns: FilterGroup
-
classmethod
File Filters¶
-
class
py42.sdk.queries.fileevents.filters.file_filter.
FileCategory
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
,py42.choices.Choices
Class that filters events by category of the file observed.
- Available file categories are provided as class attributes:
FileCategory.AUDIO
FileCategory.DOCUMENT
FileCategory.EXECUTABLE
FileCategory.IMAGE
FileCategory.PDF
FileCategory.PRESENTATION
FileCategory.SCRIPT
FileCategory.SOURCE_CODE
FileCategory.SPREADSHEET
FileCategory.VIDEO
FileCategory.VIRTUAL_DISK_IMAGE
FileCategory.ZIP
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
class
py42.sdk.queries.fileevents.filters.file_filter.
FileName
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by the name of the file observed.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.file_filter.
FileOwner
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by the owner of the file observed.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.file_filter.
FilePath
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by path of the file observed.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.file_filter.
FileSize
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterComparableField
Class that filters events by size of the file observed.
Size
value
must be bytes.-
classmethod
greater_than
(value)¶ Returns a
FilterGroup
to find events where filter data is greater than the provided value.Parameters: value (str or int or float) – The value used to filter file events. Returns: FilterGroup
-
classmethod
less_than
(value)¶ Returns a
FilterGroup
to find events where filter data is less than than the provided value.Parameters: value (str or int or float) – The value used to filter file events. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.file_filter.
MD5
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by the MD5 hash of the file observed.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.file_filter.
SHA256
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by SHA256 hash of the file observed.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
Device Filters¶
-
class
py42.sdk.queries.fileevents.filters.device_filter.
DeviceUsername
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by the Code42 username of the device that observed the event.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.device_filter.
OSHostname
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by hostname of the device that observed the event.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.device_filter.
PrivateIPAddress
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by private (LAN) IP address of the device that observed the event.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.device_filter.
PublicIPAddress
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by public (WAN) IP address of the device that observed the event.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.device_filter.
DeviceSignedInUserName
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by signed in user of the device that observed the event.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
Cloud Filters¶
-
class
py42.sdk.queries.fileevents.filters.cloud_filter.
Actor
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by the cloud service username of the event originator (applies to cloud data source events only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.cloud_filter.
DirectoryID
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by unique identifier of the cloud drive or folder where the event occurred (applies to cloud data source events only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
Bases:
py42.sdk.queries.query_filter.QueryFilterBooleanField
Class that filters events by the shared status of the file at the time the event occurred (applies to cloud data source events only).
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is False.Returns: FilterGroup
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is True.Returns: FilterGroup
Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by the list of users who had been granted access to the file at the time of the event (applies to cloud data source events only).
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
class
py42.sdk.queries.fileevents.filters.cloud_filter.
SharingTypeAdded
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
,py42.choices.Choices
Class that filters results to include events where a file’s sharing permissions were changed to a value that increases exposure (applies to cloud data source events only).
- Available options provided as class attributes:
SharingTypeAdded.SHARED_VIA_LINK
SharingTypeAdded.IS_PUBLIC
SharingTypeAdded.OUTSIDE_TRUSTED_DOMAIN
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
Exposure Filters¶
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
ExposureType
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
,py42.choices.Choices
Class that filters events based on exposure type.
- Available options are provided as class attributes:
ExposureType.SHARED_VIA_LINK
ExposureType.SHARED_TO_DOMAIN
ExposureType.APPLICATION_READ
ExposureType.CLOUD_STORAGE
ExposureType.REMOVABLE_MEDIA
ExposureType.IS_PUBLIC
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
ProcessName
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the process name involved in the exposure (applies to
read by browser or other app
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
ProcessOwner
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the process owner that was involved in the exposure (applies to
read by browser or other app
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
RemovableMediaName
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the name of the removable media involved in the exposure (applies to
removable media
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
RemovableMediaVendor
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the vendor of the removable media device involved in the exposure (applies to
removable media
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
RemovableMediaMediaName
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the name of the removable media (as reported by the vendor/device, usually very similar to RemovableMediaName) involved in the exposure (applies to
removable media
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
RemovableMediaVolumeName
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the name of the formatted volume (as reported by the operating system) of the removable media device involved in the exposure (applies to
removable media
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
RemovableMediaPartitionID
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the unique identifier assigned (by the operating system) to the removable media involved in the exposure (applies to
removable media
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
RemovableMediaSerialNumber
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the serial number of the connected hardware as reported by the operating system (applies to
removable media
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
SyncDestination
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
,py42.choices.Choices
Class that filters events based on the name of the cloud service the file is synced with (applies to
synced to cloud service
events only).- Available options are provided as class attributes:
SyncDestination.ICLOUD
SyncDestination.BOX
SyncDestination.BOX_DRIVE
SyncDestination.GOOGLE_DRIVE
SyncDestination.GOOGLE_BACKUP_AND_SYNC
SyncDestination.DROPBOX
SyncDestination.ONEDRIVE
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
SyncDestinationUsername
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the username associated with the cloud service the file is synced with (applies to
synced to cloud service
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
TabURL
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on all the URLs of the browser tabs at the time the file contents were read by the browser (applies to
read by browser or other app
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.exposure_filter.
WindowTitle
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events based on the name of all the browser tabs or application windows that were open when a browser or other app event occurred (applies to
read by browser or other app
events only).-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
Email Filters¶
-
class
py42.sdk.queries.fileevents.filters.email_filter.
EmailPolicyName
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
Class that filters events based on the email DLP policy that detected this file (applies to emails sent via Microsoft Office 365 only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.email_filter.
EmailSubject
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
Class that filters events based on the email’s subject (applies to email events only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.email_filter.
EmailRecipients
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
Class that filters events based on the email’s recipient list (applies to email events only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.email_filter.
EmailSender
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
Class that filters events based on the email’s sender (applies to email events only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.email_filter.
EmailFrom
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
Class that filters events based on the display name of the email’s sender, as it appears in the “From:” field in the email (applies to email events only).
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
Activity Filters¶
-
class
py42.sdk.queries.fileevents.filters.activity_filter.
TrustedActivity
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterBooleanField
Class that filters events based on whether activity can be trusted.
-
classmethod
is_false
()¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is False.Returns: FilterGroup
-
classmethod
is_true
()¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is True.Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.activity_filter.
RemoteActivity
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterBooleanField
Class that filters events based on whether the activity was remote (took place outside of corporate IP range).
-
classmethod
is_false
()¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is False.Returns: FilterGroup
-
classmethod
is_true
()¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
is True.Returns: FilterGroup
-
classmethod
Printer Filters¶
-
class
py42.sdk.queries.fileevents.filters.print_filter.
Printer
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by printer name.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
-
class
py42.sdk.queries.fileevents.filters.print_filter.
PrintJobName
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by print job name.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
classmethod
Risk Filters¶
-
class
py42.sdk.queries.fileevents.filters.risk_filter.
RiskIndicator
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
Class that filters events by risk indicator.
- Available options are provided as class attributes:
RiskIndicator.CloudDataExposures.PUBLIC_CORPORATE_BOX
RiskIndicator.CloudDataExposures.PUBLIC_CORPORATE_GOOGLE_DRIVE
RiskIndicator.CloudDataExposures.PUBLIC_CORPORATE_ONEDRIVE
RiskIndicator.CloudDataExposures.SENT_CORPORATE_GMAIL
RiskIndicator.CloudDataExposures.SHARED_CORPORATE_BOX
RiskIndicator.CloudDataExposures.SHARED_CORPORATE_GOOGLE_DRIVE
RiskIndicator.CloudDataExposures.SHARED_CORPORATE_ONEDRIVE
RiskIndicator.CloudStorageUploads.AMAZON_DRIVE
RiskIndicator.CloudStorageUploads.BOX
RiskIndicator.CloudStorageUploads.DROPBOX
RiskIndicator.CloudStorageUploads.GOOGLE_DRIVE
RiskIndicator.CloudStorageUploads.ICLOUD
RiskIndicator.CloudStorageUploads.MEGA
RiskIndicator.CloudStorageUploads.ONEDRIVE
RiskIndicator.CloudStorageUploads.ZOHO
RiskIndicator.CodeRepositoryUploads.BITBUCKET
RiskIndicator.CodeRepositoryUploads.GITHUB
RiskIndicator.CodeRepositoryUploads.GITLAB
RiskIndicator.CodeRepositoryUploads.SOURCEFORGE
RiskIndicator.CodeRepositoryUploads.STASH
RiskIndicator.EmailServiceUploads.ONESIXTHREE_DOT_COM
RiskIndicator.EmailServiceUploads.ONETWOSIX_DOT_COM
RiskIndicator.EmailServiceUploads.AOL
RiskIndicator.EmailServiceUploads.COMCAST
RiskIndicator.EmailServiceUploads.GMAIL
RiskIndicator.EmailServiceUploads.ICLOUD
RiskIndicator.EmailServiceUploads.MAIL_DOT_COM
RiskIndicator.EmailServiceUploads.OUTLOOK
RiskIndicator.EmailServiceUploads.PROTONMAIL
RiskIndicator.EmailServiceUploads.QQMAIL
RiskIndicator.EmailServiceUploads.SINA_MAIL
RiskIndicator.EmailServiceUploads.SOHU_MAIL
RiskIndicator.EmailServiceUploads.YAHOO
RiskIndicator.EmailServiceUploads.ZOHO_MAIL
RiskIndicator.ExternalDevices.AIRDROP
RiskIndicator.ExternalDevices.REMOVABLE_MEDIA
RiskIndicator.FileCategories.AUDIO
RiskIndicator.FileCategories.DOCUMENT
RiskIndicator.FileCategories.EXECUTABLE
RiskIndicator.FileCategories.IMAGE
RiskIndicator.FileCategories.PDF
RiskIndicator.FileCategories.PRESENTATION
RiskIndicator.FileCategories.SCRIPT
RiskIndicator.FileCategories.SOURCE_CODE
RiskIndicator.FileCategories.SPREADSHEET
RiskIndicator.FileCategories.VIDEO
RiskIndicator.FileCategories.VIRTUAL_DISK_IMAGE
RiskIndicator.FileCategories.ZIP
RiskIndicator.MessagingServiceUploads.FACEBOOK_MESSENGER
RiskIndicator.MessagingServiceUploads.MICROSOFT_TEAMS
RiskIndicator.MessagingServiceUploads.SLACK
RiskIndicator.MessagingServiceUploads.WHATSAPP
RiskIndicator.Other.OTHER
RiskIndicator.Other.UNKNOWN
RiskIndicator.SocialMediaUploads.FACEBOOK
RiskIndicator.SocialMediaUploads.LINKEDIN
RiskIndicator.SocialMediaUploads.REDDIT
RiskIndicator.SocialMediaUploads.TWITTER
RiskIndicator.UserBehavior.FILE_MISMATCH
RiskIndicator.UserBehavior.OFF_HOURS
RiskIndicator.UserBehavior.REMOTE
RiskIndicator.UserBehavior.FIRST_DESTINATION_USE
RiskIndicator.UserBehavior.RARE_DESTINATION_USE
-
class
CloudDataExposures
¶ Bases:
py42.choices.Choices
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
-
class
CloudStorageUploads
¶ Bases:
py42.choices.Choices
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
-
class
CodeRepositoryUploads
¶ Bases:
py42.choices.Choices
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
-
class
EmailServiceUploads
¶ Bases:
py42.choices.Choices
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
-
class
ExternalDevices
¶ Bases:
py42.choices.Choices
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
-
class
FileCategories
¶ Bases:
py42.choices.Choices
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
-
class
MessagingServiceUploads
¶ Bases:
py42.choices.Choices
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
-
class
Other
¶ Bases:
py42.choices.Choices
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
-
class
SocialMediaUploads
¶ Bases:
py42.choices.Choices
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
-
class
UserBehavior
¶ Bases:
py42.choices.Choices
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup
-
class
py42.sdk.queries.fileevents.filters.risk_filter.
RiskSeverity
¶ Bases:
py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField
,py42.choices.Choices
Class that filters events by risk severity.
- Available options are provided as class attributes:
RiskSeverity.LOW
RiskSeverity.MODERATE
RiskSeverity.HIGH
RiskSeverity.CRITICAL
RiskSeverity.NO_RISK_INDICATED
-
classmethod
choices
()¶ Returns attribute values for the given class.
Returns: A list containing the attribute values of the given class. Return type: (list)
-
classmethod
eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
equals the providedvalue
.Parameters: value (str) – The value to match on. Returns: FilterGroup
-
classmethod
exists
()¶ Returns a
FilterGroup
to find events where filter data exists.Returns: FilterGroup
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is in the providedvalue_list
.Parameters: value_list (list) – The list of values to match on. Returns: FilterGroup
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
that is useful for finding results where the value with keyself._term
does not equal the providedvalue
.Parameters: value (str) – The value to exclude on. Returns: FilterGroup
-
classmethod
not_exists
()¶ Returns a
FilterGroup
to find events where filter data does not exist.Returns: FilterGroup
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
that is useful for finding results where the value with the keyself._term
is not in the providedvalue_list
.Parameters: value_list (list) – The list of values to exclude on. Returns: FilterGroup