Alerts

class py42.modules.alerts.AlertsModule(microservice_client_factory, alert_rules_module=None)

Bases: object

get_details(alert_ids, tenant_id=None)

Gets the details for the alerts with the given IDs, including the file event query that, when passed into a search, would result in events that could have triggered the alerts.

Parameters
  • alert_ids (iter[str]) – The identification numbers of the alerts for which you want to get details for.

  • tenant_id (str, optional) – The unique identifier of the tenant that the alerts belong to. When given None, it uses the currently logged in user’s tenant ID. Defaults to None.

Returns

A response containing the alert details.

Return type

py42.response.Py42Response

reopen(alert_ids, tenant_id=None, reason=None)

Reopens the resolved alerts with the given IDs.

Parameters
  • alert_ids (iter[str]) – The identification numbers for the alerts to reopen.

  • tenant_id (str, optional) – The unique identifier for the tenant that the alerts belong to. When given None, it uses the currently logged in user’s tenant ID. Defaults to None.

  • reason (str, optional) – The reason the alerts are reopened. Defaults to None.

Returns

py42.response.Py42Response

resolve(alert_ids, tenant_id=None, reason=None)

Resolves the alerts with the given IDs.

Parameters
  • alert_ids (iter[str]) – The identification numbers for the alerts to resolve.

  • tenant_id (str, optional) – The unique identifier for the tenant that the alerts belong to. When given None, it uses the currently logged in user’s tenant ID. Defaults to None.

  • reason (str, optional) – The reason the alerts are now resolved. Defaults to None.

Returns

py42.response.Py42Response

property rules

A collection of methods for managing alert rules.

Returns

py42.modules.alertrules.AlertRulesModule

search(query)

Searches alerts using the given py42.sdk.queries.alerts.alert_query.AlertQuery.

Parameters

query (py42.sdk.queries.alerts.alert_query.AlertQuery) – An alert query. See the Executing Searches User Guide to learn more about how to construct a query.

Returns

A response containing the alerts that match the given query.

Return type

py42.response.Py42Response

class py42.sdk.queries.alerts.alert_query.AlertQuery(*args, **kwargs)

Bases: py42.sdk.queries.BaseQuery

Helper class for building Code42 Alert queries.

An AlertQuery instance’s all() and any() take one or more FilterGroup objects to construct a query that can be passed to the AlertClient.search() method. all() returns results that match all of the provided filter criteria, any() will return results that match any of the filters.

For convenience, the AlertQuery constructor does the same as all().

Usage example:

state_filter = AlertState.eq(AlertState.OPEN)
rule_name_filter = RuleName.contains("EmailRule")
query = AlertQuery.all(state_filter, rule_name_filter)

Filter Classes

The following classes construct filters for file event queries. Each filter class corresponds to an alert detail. Call the appropriate classmethod on your desired filter class with the value you want to match and it will return a FilterGroup object that can be passed to AlertQuery’s all() or any() methods to create complex queries that match multiple filter rules.

See Executing Searches for more on building search queries.

class py42.sdk.queries.alerts.filters.alert_filter.DateObserved

Bases: py42.sdk.queries.query_filter.QueryFilterTimestampField

Class that filters alerts based on the timestamp the alert was triggered.

classmethod in_range(start_value, end_value)

Returns a FilterGroup to find events where the filter timestamp is in range between the provided start_value and end_value.

classmethod on_or_after(value)

Returns a FilterGroup to find events where the filter timestamp is on or after the provided value.

classmethod on_or_before(value)

Returns a FilterGroup to find events where the filter timestamp is on or before the provided value.

classmethod on_same_day(value)

Returns a FilterGroup to find events where the filter timestamp is within the same calendar day as the provided value.

class py42.sdk.queries.alerts.filters.alert_filter.Actor

Bases: py42.sdk.queries.alerts.filters.alert_filter.AlertQueryFilterStringField

Class that filters alerts based on the username that originated the event(s) that triggered the alert.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.alerts.filters.alert_filter.RuleName

Bases: py42.sdk.queries.alerts.filters.alert_filter.AlertQueryFilterStringField

Class that filters alerts based on rule name.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.alerts.filters.alert_filter.RuleId

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

Class that filters alerts based on rule identifier.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.alerts.filters.alert_filter.RuleSource

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

Class that filters alerts based on rule source.

Available options are:
  • RuleSource.ALERTING

  • RuleSource.DEPARTING_EMPLOYEE

  • RuleSource.HIGH_RISK_EMPLOYEE

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.alerts.filters.alert_filter.RuleType

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

Class that filters alerts based on rule type.

Available options are:
  • RuleType.ENDPOINT_EXFILTRATION

  • RuleType.CLOUD_SHARE_PERMISSIONS

  • RuleType.FILE_TYPE_MISMATCH

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.alerts.filters.alert_filter.Description

Bases: py42.sdk.queries.alerts.filters.alert_filter.AlertQueryFilterStringField

Class that filters alerts based on rule description text.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.alerts.filters.alert_filter.Severity

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

Class that filters alerts based on severity.

Available options are:
  • Severity.HIGH

  • Severity.MEDIUM

  • Severity.LOW

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.alerts.filters.alert_filter.AlertState

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

Class that filters alerts based on alert state.

Available options are:
  • AlertState.OPEN

  • AlertState.DISMISSED

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.