match#

Autogenerated API

argus_api.lib.eventfilters.v2.match.add_match_filter(name: str = None, description: str = None, customer: str = None, eventType: str = None, filters: dict = None, actions: dict = None, labels: str = None, validFrom: str = None, validTo: str = None, index: int = 5, enabled: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Adds a match filter (INTERNAL)

Parameters
  • name (str) – The name of the filter

  • description (str) – A description of the filter

  • customer (str) – The shortname or ID of the customer the filter belongs to. To create a global filter set the value to ‘0’

  • eventType (str) – What type of event the filter should match against. Type raw will create a NIDSEventMatchFilter in v1, aggregated will create a AggregatedIPAttackEventMatchFilter, and all will create a IPAttackEventMatchFilter. Defaults to ‘all’

  • filters (dict) –

  • actions (dict) –

  • labels (list) – A set of labels which can be used to categorize the filter

  • validFrom (str) – When the filter starts being applied. Timestamp can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details (default 0)

  • validTo (str) – When the filter stops being applied. Timestamp can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details (default 0)

  • index (int) – The index of the filter. Filters with lower index will be ran first. (default 5)

  • enabled (bool) – Whether or not the filter is enabled (default false)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.debug_match_filter(id: int, eventIDs: str = None, validFrom: int = None, validTo: int = None, filters: dict = None, actions: dict = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Shows the result of running a match filter against a set of events (INTERNAL)

Parameters
  • id (int) – ID of filter

  • eventIDs (list) – The list of event ids for the events to debug against. Can be given in the form of AGGR/1/123456789/{UUID} or simply UUID.

  • validFrom (int) – When the filter starts being applied. Timestamp can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details. Null values will be ignored. Use 0 to unset

  • validTo (int) – When the filter stops being applied. Timestamp can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details. Null values will be ignored. Use 0 to unset

  • filters (dict) –

  • actions (dict) –

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.debug_unsaved_match_filter(eventIDs: str = None, validFrom: int = None, validTo: int = None, eventType: str = None, filters: dict = None, actions: dict = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Shows the result of running a match filter against a set of events (INTERNAL)

Parameters
  • eventIDs (list) – The list of event ids for the events to debug against. Can be given in the form of AGGR/1/123456789/{UUID} or simply UUID.

  • validFrom (int) – When the filter starts being applied. Timestamp can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details. Null values will be ignored. Use 0 to unset

  • validTo (int) – When the filter stops being applied. Timestamp can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details. Null values will be ignored. Use 0 to unset

  • eventType (str) – What type of event the filter should match against. Type raw will create a NIDSEventMatchFilter in v1, aggregated will create a AggregatedIPAttackEventMatchFilter, and all will create a IPAttackEventMatchFilter. Defaults to ‘all’

  • filters (dict) –

  • actions (dict) –

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.delete_match_filter(id: int, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Deletes a match filter (INTERNAL)

Parameters
  • id (int) – ID of filter to delete

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.disable_match_filter(id: int, comment: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Disables a match filter (INTERNAL)

Parameters
  • id (int) – ID of filter

  • comment (str) – A comment describing why the filter was enabled/disabled

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.disable_match_filter_on_instance(filterID: int, instanceID: int, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Disables a match filter on instance (INTERNAL)

Parameters
  • filterID (int) – ID of the filter

  • instanceID (int) – ID of the instance

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.duplicate_match_filter(id: int, customer: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Duplicates a match filter (INTERNAL)

Parameters
  • id (int) – ID of filter

  • customer (str) – The customer the duplicate should belong to (id or shortname). Use ‘0’ to create a global filter, If this field is not set the default is using the same customer as the original filter.

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.enable_match_filter(id: int, comment: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Enables a match filter (INTERNAL)

Parameters
  • id (int) – ID of filter

  • comment (str) – A comment describing why the filter was enabled/disabled

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.enable_match_filter_on_instance(filterID: int, instanceID: int, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Enables a match filter on instance (INTERNAL)

Parameters
  • filterID (int) – ID of the filter

  • instanceID (int) – ID of the instance

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.get_match_filter(id: int, includeCode: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Gets a match filter (INTERNAL)

Parameters
  • id (int) – ID of filter

  • includeCode (bool) – Whether to include code in MatchFilter

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.get_match_filter_status(id: int, limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Gets the statuses of a match filters instances (INTERNAL)

Parameters
  • id (int) – ID of filter

  • limit (int) – Limit result

  • offset (int) – Offset result

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.list_match_filter(keywords: str = None, keywordFieldStrategy: str = None, timestampFieldStrategy: str = None, sortBy: str = None, keywordMatchStrategy: str = 'all', timestampMatchStrategy: str = 'all', limit: int = 25, startTimestamp: int = None, endTimestamp: int = None, includeCode: bool = None, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Simple search for match filters (INTERNAL)

Parameters
  • keywords (list) – Search by keywords

  • keywordFieldStrategy (list) – Set field strategy for keyword search

  • timestampFieldStrategy (list) – Set field strategy for timestamp filtering

  • sortBy (list) – Field to sort by

  • keywordMatchStrategy (str) – Set match strategy for keyword search

  • timestampMatchStrategy (str) – Set match strategy for timestamp filtering

  • limit (int) – Limit result

  • startTimestamp (int) – Lower bound timestamp filter value

  • endTimestamp (int) – Upper bound timestamp filter value

  • includeCode (bool) – Whether to include code in results

  • offset (int) – Offset result

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.list_match_filter_revisions(id: int, limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Gets a match filters earlier revisions (INTERNAL)

Parameters
  • id (int) – ID of filter to fetch revisions for

  • limit (int) – The max amount of revisions to return

  • offset (int) – The number of revisions to skip before returning

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.revert_match_filter(filterID: int, revisionID: int = None, comment: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Reverts a match filter to a previous revision (INTERNAL)

Parameters
  • filterID (int) – ID of the filter to revert( must be the current version of a filter)

  • revisionID (int) – The ID of the filter to revert to. Must be a revision of the filter to revert

  • comment (str) – A comment describing why the filter was reverted

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.revive_match_filter(id: int, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Revives a deleted a Match filter (INTERNAL)

Parameters
  • id (int) – ID of filter

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.search_match_filter(sortBy: str = None, keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, filterID: int = None, customer: str = None, user: str = None, userFieldStrategy: str = None, userMatchStrategy: str = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, includeFlags: str = None, excludeFlags: str = None, includeEventFlags: str = None, excludeEventFlags: str = None, location: str = None, alarmID: int = None, attackCategory: str = None, associatedCaseID: int = None, subCriteria: dict = None, startTimestamp: int = None, endTimestamp: int = None, includeDeleted: bool = None, includeCode: bool = None, limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Searches for match filters (INTERNAL)

Parameters
  • sortBy (list) –

  • keywords (list) – Search for keywords against fields defined by keywordFieldStrategy

  • keywordFieldStrategy (list) – Defines which fields will be searched by keywords (default all supported fields) (default all)

  • keywordMatchStrategy (str) – Defines how strict different keywords should be matched (default match all keywords) (default all)

  • filterID (list) – Limit search to filters with the given IDs

  • customer (list) – Limit search to filters with the given customers, identified by id or shortname

  • user (list) – Search using users identified by id or shortname. If given a group, we will resolve all members of the group recursively

  • userFieldStrategy (list) – Defines which fields will be searched by user (default all supported fields) (default all)

  • userMatchStrategy (str) – Defines how strict different keywords should be matched (default match all keywords) (default all)

  • timeFieldStrategy (list) – Defines which timestamps will be included in the search (default lastUpdated) (default lastUpdated)

  • timeMatchStrategy (str) – Defines how strict to match against different timestamps (all/any) using start and end timestamp (default any) (default any)

  • includeFlags (list) – Limit to filters which have the following flags set

  • excludeFlags (list) – Exclude filters which have the following flags set

  • includeEventFlags (list) – Limit to filters which include the given event flags

  • excludeEventFlags (list) – Limit to filters which exclude the given event flags

  • location (list) – Limit to filters which target the following locations, identified by id or shortname

  • alarmID (list) – Limit to filters which target the following alarms

  • attackCategory (list) – Limit to filters which target the following attack categories, identified by id or shortname

  • associatedCaseID (list) – Limit to streaming filters for the following cases

  • subCriteria (list) – Subcriteria to add to the search

  • startTimestamp (int) – Restrict to a time frame based on the set timeFieldStrategy (start timestamp) (default 0)

  • endTimestamp (int) – Restrict to a time frame based on the set timeFieldStrategy (end timestamp) (default 0)

  • includeDeleted (bool) – Set to true to include deleted filters (excluded by default). (default false)

  • includeCode (bool) – Whether or not to include code in the result object. The code is only returned if set to true (default false)

  • limit (int) – Limit maximum amount of results (default 25)

  • offset (int) – Skip specified amount of results (default 0)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.set_match_filter_log_level(id: int, logLevel: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Sets the log level of a Match filter (INTERNAL)

Parameters
  • id (int) – ID of filter

  • logLevel (str) – The new log level of the filter

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.eventfilters.v2.match.update_match_filter(id: int, name: str = None, index: int = None, validFrom: str = None, validTo: str = None, description: str = None, filters: dict = None, actions: dict = None, removeLabels: str = None, addLabels: str = None, setLabels: str = None, comment: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Updates a match filter (INTERNAL)

Parameters
  • id (int) – ID of filter

  • name (str) – The name of the filter

  • index (int) – The index of the filter. Filters with lower index will be ran first.

  • validFrom (str) – When the filter starts being applied. Timestamp can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details. Null values will be ignored. Use 0 to unset (default null)

  • validTo (str) – When the filter stops being applied. Timestamp can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details. Null values will be ignored. Use 0 to unset (default null)

  • description (str) – A description of the filter

  • filters (dict) –

  • actions (dict) –

  • removeLabels (list) – A set of labels to remove from the filter. Will be applied before adding labels and ignore filters that are not present. Will throw an exception if used in conjunction with setLabels

  • addLabels (list) – A set of labels to add to the filter. Will be applied after removing labels. Will throw an exception if used in conjunction with setLabels

  • setLabels (list) – Replace the current set of labels with these. Will throw an exception if used in conjunction with addLabels or removeLabels

  • comment (str) – A comment describing why the filter was created

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON