msiempy.GroupedEvent

class documentation

class msiempy.GroupedEvent(Event): (source)

View In Hierarchy

Dict-Like object. Represents a row of grouped query results.

Common keys:

  • The requested field
  • COUNT(*): The number of event for the result row
  • SUM(Alert.EventCount): The sum of their EventCount attribute

The following __getitem__ key mapping are added on top of Event's

"Count":"COUNT(*)",
"TotalEventCount":"SUM(Alert.EventCount)"

Meaning that you can use e['TotalEventCount'], it will return e['SUM(Alert.EventCount)'].

Note:
GroupedEvent is NOT suitable for Event's operations like Event.set_note or Event.refresh because there is no ID associated with events records.

Inherited from Event:

Class Variable FIELDS_TABLES List of internal fields table : Rule,`Alert`,etc.
Class Variable DEFAULTS_EVENT_FIELDS No summary
Class Variable REGULAR_EVENT_FIELDS Offer a base list of regular fields that may be useful.
Class Variable SIEM_FIELDS_MAP_INTERNAL_NAME_TO_NICKNAME Fields name mapping.
Class Variable SIEM_FIELDS_MAP_NICKNAME_TO_INTERNAL_NAME Fields name mapping (reversed).
Method __init__ Create a new event representation
Method __getitem__ Use the fields name mapping to offer better dict usage
Method __delitem__ Use the fields name mapping to offer better dict usage
Method __contains__ Use the fields name mapping to offer better dict usage
Method __setitem__ Use the fields name mapping to offer better dict usage
Method get_id Get the event ID.
Method clear_notes Replace the notes by an empty string. Desctructive action.
Method set_note Set the event's note. Desctructive action.
Method data_from_id Load event's data.
Method refresh Re-load event's data.
Method _find_key Use the fields name mapping to resolve internal name based on nickname

Inherited from NitroDict (via Event):

Instance Variable data Underlying dict object
Method __str__ str(obj) -> return text string.
Method __repr__ repr(obj) -> return json string.
Method json JSON representation of a item
Method text Text list of item's values

Inherited from NitroObject (via Event, NitroDict):

Class NitroJSONEncoder Custom JSON encoder that will use the approprtiate propertie depending of the type of NitroObject. TODO support json json dumping of QueryFilers, may be by making them inherits from NitroDict.
Instance Variable nitro msiempy.core.session.NitroSession object. Interface to the SIEM.
API Documentation for msiempy, generated by pydoctor 20.7.1 at 2020-11-18 14:02:21.