OXIESEC PANEL
- Current Dir:
/
/
opt
/
alt
/
python37
/
lib
/
python3.7
/
site-packages
/
elasticsearch
/
_sync
/
client
Server IP: 2a02:4780:11:1084:0:327f:3464:10
Upload:
Create Dir:
Name
Size
Modified
Perms
π
..
-
03/16/2023 12:55:59 PM
rwxr-xr-x
π
__init__.py
206.77 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
__pycache__
-
03/16/2023 12:55:59 PM
rwxr-xr-x
π
_base.py
13.89 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
async_search.py
26.46 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
autoscaling.py
6.58 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
cat.py
116.04 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
ccr.py
31.72 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
cluster.py
40.32 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
dangling_indices.py
6.31 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
enrich.py
8.09 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
eql.py
11.99 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
features.py
3.2 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
fleet.py
29.73 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
graph.py
3.73 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
ilm.py
21.01 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
indices.py
168.2 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
ingest.py
12.8 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
license.py
10.83 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
logstash.py
5.13 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
migration.py
4.71 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
ml.py
205.98 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
monitoring.py
3.33 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
nodes.py
21.02 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
rollup.py
18.11 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
searchable_snapshots.py
10.64 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
security.py
108.8 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
shutdown.py
10.32 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
slm.py
14.28 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
snapshot.py
32.88 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
sql.py
15.11 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
ssl.py
2.08 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
tasks.py
8.61 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
text_structure.py
8.6 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
transform.py
30.6 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
utils.py
15.49 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
watcher.py
22.92 KB
03/16/2023 12:55:59 PM
rw-r--r--
π
xpack.py
4.17 KB
03/16/2023 12:55:59 PM
rw-r--r--
Editing: eql.py
Close
# Licensed to Elasticsearch B.V. under one or more contributor # license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright # ownership. Elasticsearch B.V. licenses this file to you under # the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. import typing as t from elastic_transport import ObjectApiResponse from ._base import NamespacedClient from .utils import SKIP_IN_PATH, _quote, _rewrite_parameters class EqlClient(NamespacedClient): @_rewrite_parameters() def delete( self, *, id: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[ t.Union[str, t.Union[t.List[str], t.Tuple[str, ...]]] ] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Deletes an async EQL search by ID. If the search is still running, the search request will be cancelled. Otherwise, the saved search results are deleted. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.6/eql-search-api.html>`_ :param id: Identifier for the search to delete. """ if id in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'id'") __path = f"/_eql/search/{_quote(id)}" __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "DELETE", __path, params=__query, headers=__headers ) @_rewrite_parameters() def get( self, *, id: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[ t.Union[str, t.Union[t.List[str], t.Tuple[str, ...]]] ] = None, human: t.Optional[bool] = None, keep_alive: t.Optional[t.Union["t.Literal[-1]", "t.Literal[0]", str]] = None, pretty: t.Optional[bool] = None, wait_for_completion_timeout: t.Optional[ t.Union["t.Literal[-1]", "t.Literal[0]", str] ] = None, ) -> ObjectApiResponse[t.Any]: """ Returns async results from previously executed Event Query Language (EQL) search `<https://www.elastic.co/guide/en/elasticsearch/reference/8.6/eql-search-api.html>`_ :param id: Identifier for the search. :param keep_alive: Period for which the search and its results are stored on the cluster. Defaults to the keep_alive value set by the searchβs EQL search API request. :param wait_for_completion_timeout: Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results. """ if id in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'id'") __path = f"/_eql/search/{_quote(id)}" __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if keep_alive is not None: __query["keep_alive"] = keep_alive if pretty is not None: __query["pretty"] = pretty if wait_for_completion_timeout is not None: __query["wait_for_completion_timeout"] = wait_for_completion_timeout __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers ) @_rewrite_parameters() def get_status( self, *, id: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[ t.Union[str, t.Union[t.List[str], t.Tuple[str, ...]]] ] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Returns the status of a previously submitted async or stored Event Query Language (EQL) search `<https://www.elastic.co/guide/en/elasticsearch/reference/8.6/eql-search-api.html>`_ :param id: Identifier for the search. """ if id in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'id'") __path = f"/_eql/search/status/{_quote(id)}" __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers ) @_rewrite_parameters( body_fields=True, ) def search( self, *, index: t.Union[str, t.Union[t.List[str], t.Tuple[str, ...]]], query: str, allow_no_indices: t.Optional[bool] = None, case_sensitive: t.Optional[bool] = None, error_trace: t.Optional[bool] = None, event_category_field: t.Optional[str] = None, expand_wildcards: t.Optional[ t.Union[ t.Union["t.Literal['all', 'closed', 'hidden', 'none', 'open']", str], t.Union[ t.List[ t.Union[ "t.Literal['all', 'closed', 'hidden', 'none', 'open']", str ] ], t.Tuple[ t.Union[ "t.Literal['all', 'closed', 'hidden', 'none', 'open']", str ], ..., ], ], ] ] = None, fetch_size: t.Optional[int] = None, fields: t.Optional[ t.Union[ t.Mapping[str, t.Any], t.Union[ t.List[t.Mapping[str, t.Any]], t.Tuple[t.Mapping[str, t.Any], ...] ], ] ] = None, filter: t.Optional[ t.Union[ t.Mapping[str, t.Any], t.Union[ t.List[t.Mapping[str, t.Any]], t.Tuple[t.Mapping[str, t.Any], ...] ], ] ] = None, filter_path: t.Optional[ t.Union[str, t.Union[t.List[str], t.Tuple[str, ...]]] ] = None, human: t.Optional[bool] = None, ignore_unavailable: t.Optional[bool] = None, keep_alive: t.Optional[t.Union["t.Literal[-1]", "t.Literal[0]", str]] = None, keep_on_completion: t.Optional[bool] = None, pretty: t.Optional[bool] = None, result_position: t.Optional[t.Union["t.Literal['head', 'tail']", str]] = None, runtime_mappings: t.Optional[t.Mapping[str, t.Mapping[str, t.Any]]] = None, size: t.Optional[int] = None, tiebreaker_field: t.Optional[str] = None, timestamp_field: t.Optional[str] = None, wait_for_completion_timeout: t.Optional[ t.Union["t.Literal[-1]", "t.Literal[0]", str] ] = None, ) -> ObjectApiResponse[t.Any]: """ Returns results matching a query expressed in Event Query Language (EQL) `<https://www.elastic.co/guide/en/elasticsearch/reference/8.6/eql-search-api.html>`_ :param index: The name of the index to scope the operation :param query: EQL query you wish to run. :param allow_no_indices: :param case_sensitive: :param event_category_field: Field containing the event classification, such as process, file, or network. :param expand_wildcards: :param fetch_size: Maximum number of events to search at a time for sequence queries. :param fields: Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit. :param filter: Query, written in Query DSL, used to filter the events on which the EQL query runs. :param ignore_unavailable: If true, missing or closed indices are not included in the response. :param keep_alive: :param keep_on_completion: :param result_position: :param runtime_mappings: :param size: For basic queries, the maximum number of matching events to return. Defaults to 10 :param tiebreaker_field: Field used to sort hits with the same timestamp in ascending order :param timestamp_field: Field containing event timestamp. Default "@timestamp" :param wait_for_completion_timeout: """ if index in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'index'") if query is None: raise ValueError("Empty value passed for parameter 'query'") __path = f"/{_quote(index)}/_eql/search" __body: t.Dict[str, t.Any] = {} __query: t.Dict[str, t.Any] = {} if query is not None: __body["query"] = query if allow_no_indices is not None: __query["allow_no_indices"] = allow_no_indices if case_sensitive is not None: __body["case_sensitive"] = case_sensitive if error_trace is not None: __query["error_trace"] = error_trace if event_category_field is not None: __body["event_category_field"] = event_category_field if expand_wildcards is not None: __query["expand_wildcards"] = expand_wildcards if fetch_size is not None: __body["fetch_size"] = fetch_size if fields is not None: __body["fields"] = fields if filter is not None: __body["filter"] = filter if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if ignore_unavailable is not None: __query["ignore_unavailable"] = ignore_unavailable if keep_alive is not None: __body["keep_alive"] = keep_alive if keep_on_completion is not None: __body["keep_on_completion"] = keep_on_completion if pretty is not None: __query["pretty"] = pretty if result_position is not None: __body["result_position"] = result_position if runtime_mappings is not None: __body["runtime_mappings"] = runtime_mappings if size is not None: __body["size"] = size if tiebreaker_field is not None: __body["tiebreaker_field"] = tiebreaker_field if timestamp_field is not None: __body["timestamp_field"] = timestamp_field if wait_for_completion_timeout is not None: __body["wait_for_completion_timeout"] = wait_for_completion_timeout __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, body=__body )