File Event Queries - V2

For details on using the new file event data model, see the V2 File Events User Guide.

class py42.sdk.queries.fileevents.v2.file_event_query.FileEventQuery(*args, **kwargs)

Bases: py42.sdk.queries.BaseQuery

Helper class for building V2 Code42 Forensic Search queries.

A FileEventQuery instance’s all() and any() take one or more FilterGroup objects to construct a query that can be passed to the FileEventService.search() method. all() returns results that match all of the provided filter criteria, any() will return results that match any of the filters.

For convenience, the FileEventQuery constructor does the same as all().

Usage example:

email_filter = EmailSender.is_in(["test.user@example.com", "test.sender@example.com"])
exposure_filter = ExposureType.exists()
query = FileEventQuery.all(email_filter, exposure_filter)

Saved Searches

Important

Make sure to set the optional argument use_v2=True on saved search functions to get V2 file event data and queries.

class py42.services.savedsearch.SavedSearchService(connection, file_event_service)

Bases: py42.services.BaseService

A service to interact with saved search APIs.

execute(search_id, page_number=None, page_size=None, use_v2=False)

Executes a saved search for given search Id, returns up to the first 10,000 events.

Parameters
  • search_id (str) – Unique search Id of the saved search.

  • page_number (int, optional) – The consecutive group of results of size page_size in the result set to return. Defaults to None.

  • page_size (int, optional) – The maximum number of results to be returned. Defaults to None.

  • use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.

Returns

py42.response.Py42Response

get(use_v2=False)

Fetch details of existing saved searches.

The existing data model for file events and saved searches is deprecated. To use the updated data model for file events, update your settings. Retrieving saved searches with V2 settings enabled will convert existing saved search queries to the V2 data model. Existing V1 queries that cannot be properly converted will be excluded from the response.

Parameters

use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.

Returns

py42.response.Py42Response

get_by_id(search_id, use_v2=False)

Fetch the details of a saved search by its given search Id.

The existing data model for file events and saved searches is deprecated. To use the updated data model for file events, update your settings. Retrieving saved searches with V2 settings enabled will convert existing saved search queries to the V2 data model. Existing V1 queries that cannot be properly converted will be excluded from the response.

Parameters
  • search_id (str) – Unique search Id of the saved search.

  • use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.

Returns

py42.response.Py42Response

get_query(search_id, page_number=None, page_size=None, use_v2=False)

Get the saved search in form of a query(py42.sdk.queries.fileevents.file_event_query).

Parameters
  • search_id (str) – Unique search Id of the saved search.

  • page_number (int, optional) – The consecutive group of results of size page_size in the result set to return. Defaults to None.

  • page_size (int, optional) – The maximum number of results to be returned. Defaults to None.

  • use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.

Returns

py42.sdk.queries.fileevents.v2.file_event_query.FileEventQuery

search_file_events(search_id, page_number=None, page_size=None, use_v2=False)

Alias method for execute(). Executes a saved search for given search Id, returns up to the first 10,000 events.

To view more than the first 10,000 events:
Parameters
  • search_id (str) – Unique search Id of the saved search.

  • page_number (int, optional) – The consecutive group of results of size page_size in the result set to return. Defaults to None.

  • page_size (int, optional) – The maximum number of results to be returned. Defaults to None.

  • use_v2 (bool) – Flag to use v2 file events and saved searches. Defaults to False.

Returns

py42.response.Py42Response

Filter Classes

The following classes construct filters for file event queries. Each filter class corresponds to a file event detail. Call the appropriate class method on your desired filter class with the value you want to match and it will return a FilterGroup object that can be passed to FileEventQuery’s all() or any() methods to create complex queries that match multiple filter rules.

Example:

To search for events observed for certain set of documents, you can use the file.Name and file.MD5 filter classes to construct FilterGroups that will search for matching filenames or (in case someone renamed the sensitive file) the known MD5 hashes of the files:

from py42.sdk.queries.fileevents.v2 import *
filename_filter = File.Name.is_in(['confidential_plans.docx', 'confidential_plan_projections.xlsx'])
md5_filter = File.MD5.is_in(['133765f4fff5e3038b9352a4d14e1532', 'ea16f0cbfc76f6eba292871f8a8c794b'])

See Executing Searches for more on building search queries.

Destination Filters

class py42.sdk.queries.fileevents.v2.filters.destination.Category

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField, py42.choices.Choices

V2 filter class that filters events based on the category of the file event destination.

Available options are provided as class attributes:
  • destination.category.CLOUD_STORAGE

  • destination.category.DEVICE

  • destination.category.EMAIL

  • destination.category.MESSAGING

  • destination.category.MULTIPLE_POSSIBILITIES

  • destination.category.SOCIAL_MEDIA

  • destination.category.SOURCE_CODE_REPOSITORY

  • destination.category.UNCATEGORIZED

  • destination.category.UNKNOWN

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.destination.EmailRecipients

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

V2 filter class that filters events based on the email’s recipient list (applies to email events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.destination.EmailSubject

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

V2 filter class that filters events based on the email’s subject (applies to email events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.destination.IpAddress

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by public (WAN) IP address of the destination device.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.destination.Name

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

V2 filter class that filters events based on the destination name.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.destination.OperatingSystem

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by the operating system of the destination device.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.destination.PrintJobName

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by print job name.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.destination.PrinterName

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by printer name.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.destination.PrivateIpAddress

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by private (LAN) IP address of the destination device.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.destination.TabTitles

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events based on the name of all the browser tabs or application windows that were open when a browser or other app event occurred (applies to read by browser or other app events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.destination.TabUrls

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events based on all the URLs of the browser tabs at the time the file contents were read by the browser (applies to read by browser or other app events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.destination.UserEmail

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by the signed in user email of the destination device.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

Event Filters

class py42.sdk.queries.fileevents.v2.filters.event.Action

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField, py42.choices.Choices

V2 filter class that filters events based on event action.

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.event.Id

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by event ID.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.event.Inserted

Bases: py42.sdk.queries.fileevents.util.FileEventFilterTimestampField

V2 filter class that filters events based on the timestamp of when the event was actually added to the event store (which can be after the event occurred on the device itself).

value must be a POSIX timestamp. (see the Dates section of the Basics user guide for details on timestamp arguments in py42)

classmethod in_range(start_value, end_value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is in range between the provided start_value and end_value.

Parameters
  • start_value (str or int or float or datetime) – The start value used to filter results.

  • end_value (str or int or float or datetime) – The end value used to filter results.

Returns

FilterGroup

classmethod on_or_after(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term` is on or after the provided ``value.

Parameters

value (str or int or float or datetime) – The value used to filter results.

Returns

FilterGroup

classmethod on_or_before(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is on or before the provided value.

Parameters

value (str or int or float or datetime) – The value used to filter results.

Returns

FilterGroup

classmethod on_same_day(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is within the same calendar day as the provided value.

Parameters

value (str or int or float or datetime) – The value used to filter results.

Returns

FilterGroup

classmethod within_the_last(value)

Returns a FilterGroup that is useful for finding results where the key self._term is a timestamp-related term, such as EventTimestamp._term, and value is one of it’s accepted values, such as one of the values in EventTimestamp.choices().

Parameters

value (str) – The value used to filter file events.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.event.Observer

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField, py42.choices.Choices

V2 filter class that filters events by event observer.

Available event observer types are provided as class attributes:
  • event.Observer.ENDPOINT

  • event.Observer.GOOGLE_DRIVE

  • event.Observer.ONE_DRIVE

  • event.Observer.BOX

  • event.Observer.GMAIL

  • event.Observer.OFFICE_365

Example::

filter = Event.Observer.is_in([event.Observer.ENDPOINT, event.Observer.BOX])

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.event.ShareType

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by share type.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

File Filters

class py42.sdk.queries.fileevents.v2.filters.file.Category

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField, py42.choices.Choices

V2 filter class that filters events by category of the file observed.

Available file categories are provided as class attributes:
  • file.Category.AUDIO

  • file.Category.DOCUMENT

  • file.Category.EXECUTABLE

  • file.Category.IMAGE

  • file.Category.PDF

  • file.Category.PRESENTATION

  • file.Category.SCRIPT

  • file.Category.SOURCE_CODE

  • file.Category.SPREADSHEET

  • file.Category.VIDEO

  • file.Category.VIRTUAL_DISK_IMAGE

  • file.Category.ZIP

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.file.CloudDriveId

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters event by the cloud drive ID of the file observed.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.file.Directory

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by directory of the file observed.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.file.DirectoryId

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by the directory ID of the file observed.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.file.MD5

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by the MD5 hash of the file observed.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.file.Name

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by the name of the file observed.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.file.Owner

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by the owner of the file observed.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.file.SHA256

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by SHA256 hash of the file observed.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.file.Size

Bases: py42.sdk.queries.fileevents.util.FileEventFilterTimestampField

V2 filter class that filters events by size in bytes of the file observed.

Size value must be bytes.

classmethod in_range(start_value, end_value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is in range between the provided start_value and end_value.

Parameters
  • start_value (str or int or float or datetime) – The start value used to filter results.

  • end_value (str or int or float or datetime) – The end value used to filter results.

Returns

FilterGroup

classmethod on_or_after(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term` is on or after the provided ``value.

Parameters

value (str or int or float or datetime) – The value used to filter results.

Returns

FilterGroup

classmethod on_or_before(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is on or before the provided value.

Parameters

value (str or int or float or datetime) – The value used to filter results.

Returns

FilterGroup

classmethod on_same_day(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is within the same calendar day as the provided value.

Parameters

value (str or int or float or datetime) – The value used to filter results.

Returns

FilterGroup

classmethod within_the_last(value)

Returns a FilterGroup that is useful for finding results where the key self._term is a timestamp-related term, such as EventTimestamp._term, and value is one of it’s accepted values, such as one of the values in EventTimestamp.choices().

Parameters

value (str) – The value used to filter file events.

Returns

FilterGroup

Process Filters

class py42.sdk.queries.fileevents.v2.filters.process.Executable

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events based on the process name involved in the exposure (applies to read by browser or other app events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.process.Owner

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events based on the process owner that was involved in the exposure (applies to read by browser or other app events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

Risk Filters

class py42.sdk.queries.fileevents.v2.filters.risk.Indicators

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by the type of risk indicator.

Available options are provided as class attributes:
  • risk.Indicators.CloudDataExposures.PUBLIC_CORPORATE_BOX

  • risk.Indicators.CloudDataExposures.PUBLIC_CORPORATE_GOOGLE_DRIVE

  • risk.Indicators.CloudDataExposures.PUBLIC_CORPORATE_ONEDRIVE

  • risk.Indicators.CloudDataExposures.SENT_CORPORATE_GMAIL

  • risk.Indicators.CloudDataExposures.SHARED_CORPORATE_BOX

  • risk.Indicators.CloudDataExposures.SHARED_CORPORATE_GOOGLE_DRIVE

  • risk.Indicators.CloudDataExposures.SHARED_CORPORATE_ONEDRIVE

  • risk.Indicators.CloudStorageUploads.AMAZON_DRIVE

  • risk.Indicators.CloudStorageUploads.BOX

  • risk.Indicators.CloudStorageUploads.DROPBOX

  • risk.Indicators.CloudStorageUploads.GOOGLE_DRIVE

  • risk.Indicators.CloudStorageUploads.ICLOUD

  • risk.Indicators.CloudStorageUploads.MEGA

  • risk.Indicators.CloudStorageUploads.ONEDRIVE

  • risk.Indicators.CloudStorageUploads.ZOHO

  • risk.Indicators.CodeRepositoryUploads.BITBUCKET

  • risk.Indicators.CodeRepositoryUploads.GITHUB

  • risk.Indicators.CodeRepositoryUploads.GITLAB

  • risk.Indicators.CodeRepositoryUploads.SOURCEFORGE

  • risk.Indicators.CodeRepositoryUploads.STASH

  • risk.Indicators.EmailServiceUploads.ONESIXTHREE_DOT_COM

  • risk.Indicators.EmailServiceUploads.ONETWOSIX_DOT_COM

  • risk.Indicators.EmailServiceUploads.AOL

  • risk.Indicators.EmailServiceUploads.COMCAST

  • risk.Indicators.EmailServiceUploads.GMAIL

  • risk.Indicators.EmailServiceUploads.ICLOUD

  • risk.Indicators.EmailServiceUploads.MAIL_DOT_COM

  • risk.Indicators.EmailServiceUploads.OUTLOOK

  • risk.Indicators.EmailServiceUploads.PROTONMAIL

  • risk.Indicators.EmailServiceUploads.QQMAIL

  • risk.Indicators.EmailServiceUploads.SINA_MAIL

  • risk.Indicators.EmailServiceUploads.SOHU_MAIL

  • risk.Indicators.EmailServiceUploads.YAHOO

  • risk.Indicators.EmailServiceUploads.ZOHO_MAIL

  • risk.Indicators.ExternalDevices.AIRDROP

  • risk.Indicators.ExternalDevices.REMOVABLE_MEDIA

  • risk.Indicators.FileCategories.AUDIO

  • risk.Indicators.FileCategories.DOCUMENT

  • risk.Indicators.FileCategories.EXECUTABLE

  • risk.Indicators.FileCategories.IMAGE

  • risk.Indicators.FileCategories.PDF

  • risk.Indicators.FileCategories.PRESENTATION

  • risk.Indicators.FileCategories.SCRIPT

  • risk.Indicators.FileCategories.SOURCE_CODE

  • risk.Indicators.FileCategories.SPREADSHEET

  • risk.Indicators.FileCategories.VIDEO

  • risk.Indicators.FileCategories.VIRTUAL_DISK_IMAGE

  • risk.Indicators.FileCategories.ZIP

  • risk.Indicators.MessagingServiceUploads.FACEBOOK_MESSENGER

  • risk.Indicators.MessagingServiceUploads.MICROSOFT_TEAMS

  • risk.Indicators.MessagingServiceUploads.SLACK

  • risk.Indicators.MessagingServiceUploads.WHATSAPP

  • risk.Indicators.Other.OTHER

  • risk.Indicators.Other.UNKNOWN

  • risk.Indicators.SocialMediaUploads.FACEBOOK

  • risk.Indicators.SocialMediaUploads.LINKEDIN

  • risk.Indicators.SocialMediaUploads.REDDIT

  • risk.Indicators.SocialMediaUploads.TWITTER

  • risk.Indicators.UserBehavior.FILE_MISMATCH

  • risk.Indicators.UserBehavior.OFF_HOURS

  • risk.Indicators.UserBehavior.REMOTE

  • risk.Indicators.UserBehavior.FIRST_DESTINATION_USE

  • risk.Indicators.UserBehavior.RARE_DESTINATION_USE

class CloudDataExposures

Bases: py42.choices.Choices

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

class CloudStorageUploads

Bases: py42.choices.Choices

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

class CodeRepositoryUploads

Bases: py42.choices.Choices

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

class EmailServiceUploads

Bases: py42.choices.Choices

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

class ExternalDevices

Bases: py42.choices.Choices

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

class FileCategories

Bases: py42.choices.Choices

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

class MessagingServiceUploads

Bases: py42.choices.Choices

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

class Other

Bases: py42.choices.Choices

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

class SocialMediaUploads

Bases: py42.choices.Choices

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

class UserBehavior

Bases: py42.choices.Choices

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.risk.Score

Bases: py42.sdk.queries.query_filter.QueryFilterStringField, py42.sdk.queries.fileevents.util.FileEventFilterComparableField

V2 filter class that filters events by risk score.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod greater_than(value)

Returns a FilterGroup to find events where filter data is greater than the provided value.

Parameters

value (str or int or float) – The value used to filter file events.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod less_than(value)

Returns a FilterGroup to find events where filter data is less than than the provided value.

Parameters

value (str or int or float) – The value used to filter file events.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.risk.Severity

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField, py42.choices.Choices

V2 filter class that filters events by risk severity.

Available options are provided as class attributes:
  • risk.Severity.LOW

  • risk.Severity.MODERATE

  • risk.Severity.HIGH

  • risk.Severity.CRITICAL

  • risk.Severity.NO_RISK_INDICATED

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.risk.TrustReason

Bases: py42.sdk.queries.query_filter.QueryFilterStringField, py42.choices.Choices

V2 filter class that filters events based on the trust reason for the activity.

Available options are provided as class attributes:
  • attr

    risk.TrustReason.TRUSTED_DOMAIN_BROWSER_URL

  • attr

    risk.TrustReason.TRUSTED_BROWSER_URL_PATH

  • attr

    risk.TrustReason.TRUSTED_DOMAIN_BROWSER_TAB_TITLE

  • attr

    risk.TrustReason.TRUSTED_BROWSER_TAB_INFOS

  • attr

    risk.TrustReason.TRUSTED_DOMAIN_EMAIL_RECIPIENT

  • attr

    risk.TrustReason.TRUSTED_DOMAIN_CLOUD_SYNC_USERNAME

  • attr

    risk.TrustReason.TRUSTED_SLACK_WORKSPACE

  • attr

    risk.TrustReason.EVENT_PAIRING_SERVICE_MATCH

  • attr

    risk.TrustReason.EVENT_PAIRING_SERVICE_ENDPOINT_MATCH

  • attr

    risk.TrustReason.DOWNLOAD_TO_A_MANAGED_DEVICE

  • attr

    risk.TrustReason.SHARED_WITH_TRUSTED_USERS

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.risk.Trusted

Bases: py42.sdk.queries.query_filter.QueryFilterBooleanField

V2 filter class that filters events based on whether activity can be trusted.

classmethod is_false()

Returns a FilterGroup that is useful for finding results where the value with key self._term is False.

Returns

FilterGroup

classmethod is_true()

Returns a FilterGroup that is useful for finding results where the value with key self._term is True.

Returns

FilterGroup

Source Filters

class py42.sdk.queries.fileevents.v2.filters.source.Category

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField, py42.choices.Choices

V2 filter class that filters events based on source category.

Available options are provided as class attributes:
  • source.Category.BUSINESS_TOOLS

  • source.Category.CLOUD_STORAGE

  • source.Category.DEVICE

  • source.Category.EMAIL

  • source.Category.MESSAGING

  • source.Category.MULTIPLE_POSSIBILITIES

  • source.Category.SOCIAL_MEDIA

  • source.Category.SOURCE_CODE_REPOSITORY

  • source.Category.UNCATEGORIZED

  • source.Category.UNKNOWN

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.EmailFrom

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

V2 filter class that filters events based on the display name of the email’s sender, as it appears in the “From:” field in the email (applies to email events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.EmailSender

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

V2 filter class that filters events based on the email’s sender (applies to email events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.IpAddress

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by public (WAN) IP address of the source device.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.Name

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events based on source name.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.OperatingSystem

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by the operating system of the source device.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.PrivateIpAddress

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by private (LAN) IP address of the source device.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaMediaName

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events based on the name of the removable media (as reported by the vendor/device, usually very similar to RemovableMediaName) involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaName

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events based on the name of the removable media involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaPartitionID

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events based on the unique identifier assigned (by the operating system) to the removable media involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaSerialNumber

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events based on the serial number of the connected hardware as reported by the operating system (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaVendor

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events based on the vendor of the removable media device involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.RemovableMediaVolumeName

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events based on the name of the formatted volume (as reported by the operating system) of the removable media device involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.TabTitles

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events based on source tab titles (for ‘browser or other app’ events).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.source.TabUrls

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events based on source tab URLs (for ‘browser or other app’ events).

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

Timestamp Filters

class py42.sdk.queries.fileevents.v2.filters.timestamp.Timestamp

Bases: py42.sdk.queries.fileevents.util.FileEventFilterTimestampField, py42.choices.Choices

V2 filter class that filters events based on the timestamp of the event that occurred.

Available event timestamp constants are provided as class attributes, These constants should be used only with class method within_the_last:

  • timestamp.Timestamp.FIFTEEN_MINUTES

  • timestamp.Timestamp.ONE_HOUR

  • timestamp.Timestamp.THREE_HOURS

  • timestamp.Timestamp.TWELVE_HOURS

  • timestamp.Timestamp.ONE_DAY

  • timestamp.Timestamp.THREE_DAYS

  • timestamp.Timestamp.SEVEN_DAYS

  • timestamp.Timestamp.FOURTEEN_DAYS

  • timestamp.Timestamp.THIRTY_DAYS

Example::

filter = timestamp.Timestamp.within_the_last(EventTimestamp.SEVEN_DAYS)

classmethod choices()

Returns attribute values for the given class.

Returns

A list containing the attribute values of the given class.

Return type

(list)

classmethod in_range(start_value, end_value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is in range between the provided start_value and end_value.

Parameters
  • start_value (str or int or float or datetime) – The start value used to filter results.

  • end_value (str or int or float or datetime) – The end value used to filter results.

Returns

FilterGroup

classmethod on_or_after(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term` is on or after the provided ``value.

Parameters

value (str or int or float or datetime) – The value used to filter results.

Returns

FilterGroup

classmethod on_or_before(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is on or before the provided value.

Parameters

value (str or int or float or datetime) – The value used to filter results.

Returns

FilterGroup

classmethod on_same_day(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term is within the same calendar day as the provided value.

Parameters

value (str or int or float or datetime) – The value used to filter results.

Returns

FilterGroup

classmethod within_the_last(value)

Returns a FilterGroup that is useful for finding results where the key self._term is a timestamp-related term, such as EventTimestamp._term, and value is one of it’s accepted values, such as one of the values in EventTimestamp.choices().

Parameters

value (str) – The value used to filter file events.

Returns

FilterGroup

User Filters

class py42.sdk.queries.fileevents.v2.filters.user.DeviceUid

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by the device UID of the actor.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.user.Email

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by the Code42 user email of the actor.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup

class py42.sdk.queries.fileevents.v2.filters.user.Id

Bases: py42.sdk.queries.fileevents.util.FileEventFilterStringField

V2 filter class that filters events by the Code42 user ID of the actor.

classmethod eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term equals the provided value.

Parameters

value (str) – The value to match on.

Returns

FilterGroup

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

Returns

FilterGroup

classmethod is_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is in the provided value_list.

Parameters

value_list (list) – The list of values to match on.

Returns

FilterGroup

classmethod not_eq(value)

Returns a FilterGroup that is useful for finding results where the value with key self._term does not equal the provided value.

Parameters

value (str) – The value to exclude on.

Returns

FilterGroup

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

Returns

FilterGroup

classmethod not_in(value_list)

Returns a FilterGroup that is useful for finding results where the value with the key self._term is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude on.

Returns

FilterGroup