class msiempy.core.query.FilteredQueryList(NitroList): (source)
Known subclasses: msiempy.AlarmManager, msiempy.event._QueryExecuteManager
Abstract base class that provide time range handling and define the query filters.
Base class for query based managers : AlarmManager, EventManager and GroupedEventManager
| Method | __init__ | Create a query list |
| Instance Variable | not_completed | Boolean signals the query is not completed |
| Instance Variable | filters | Query filters |
| Instance Variable | start_time | Start time of the query in the right SIEM format. |
| Instance Variable | end_time | End time of the query in the right SIEM format. |
| Instance Variable | time_range | Query time range. Defaults to "CURRENT_DAY". |
| Class Variable | DEFAULT_TIME_RANGE | Default time range : "CURRENT_DAY" |
| Class Variable | POSSIBLE_TIME_RANGE | No summary |
| Method | add_filter | Add a filter to the query. Abstract declaration. |
| Method | clear_filters | Remove all filters to the query. Abstract declaration. |
| Method | load_data | Load the data from the SIEM into the list. Abstract declaration. |
| Instance Variable | _time_range | Undocumented |
| Instance Variable | _start_time | Undocumented |
| Instance Variable | _end_time | Undocumented |
| Method | _get_time_range | Undocumented |
| Method | _set_time_range | Undocumented |
| Method | _get_start_time | Undocumented |
| Method | _set_start_time | Undocumented |
| Method | _get_end_time | Undocumented |
| Method | _set_end_time | Undocumented |
| Method | _get_filters | Returns the filters in the right format. Abstract declaration. |
| Method | _set_filters | Undocumented |
| Method | _qry_load_data | Method to load the data from the SIEM. Rturns a tuple ((items, completed)). Abstract declaration. |
Inherited from NitroList:
| Instance Variable | data | Underlying list object |
| Method | __str__ | str(obj) -> return text string. |
| Method | keys | List items keys. Every items should have the same set of keys. |
| Method | get_text | Return a csv or table string representation of the list |
| Method | text | Defaut table string, a shorcut to get_text() with no arguments. |
| Method | json | JSON list of dicts representing the list. |
| Method | search | Search elements in the list with a regex pattern |
| Method | refresh | Execute refresh function on all items. |
| Method | perform | Wrapper to execute a function on the list of elements |
| Static Method | _confirm_func | Ask user inut to confirm the calling of func on elements. |
Inherited from NitroObject (via NitroList):
| Class | NitroJSONEncoder | Custom JSON encoder that will use the approprtiate propertie depending of the type of NitroObject. TODO support json json dumping of QueryFilers, may be by making them inherits from NitroDict. |
| Instance Variable | nitro | msiempy.core.session.NitroSession object. Interface to the SIEM. |
Create a query list
time_range (str): Query time range. String representation of a time range.msiempy.core.query.FilteredQueryList.POSSIBLE_TIME_RANGE.start_time (str or a datetime): Query start time.end_time (str or a datetime): Query end time.filters: List of filters applied to the query.Query filters
None value will call clear_filtersAttributeError if type not supported.Abstract declaration.
Start time of the query in the right SIEM format.
Use _start_time to get the datetime object.
If None, equivalent CURRENT_DAY.
ValueError if not the right type.End time of the query in the right SIEM format.
Use _end_time property to get the datetime object.
If None, equivalent to CURRENT_DAY.
ValueError if not the right type.Query time range. Defaults to "CURRENT_DAY".
VallueError if unrecognized time range is set or AttributeError if not the right type.List[str])
tuple ((items, completed)).
Abstract declaration.