Skip to main content

QRadar client for python with API schema fetching

Project description

QRadar API python client for scripting

python3.10 and above supported

Features:

  • Pulls API schema from QRadar and creates client methods dynamically for the API version specified. This makes this client source code as small as possible;
  • All the endpoints of QRadar API is mapped to a client method by name;
  • No dependencies introduced, tested with httpx and requests http protocol libs with dependency injection, but obviously will only work with libs that provide compatible requests-like interface for Session-like object. Of course, wrappers can help with using incompatible libs;
  • Generates stub file for method hinting if needed. It takes ~4MB of disk space.

Intended usage

Made to be used as full-featured copypaste drop-in client for scripts where pip installation way be unwanted, also it is lightweight alternative to qradar4py, where the method lookup table only takes 170 times more memory. Of course, it is not prohibited to import the qradar.py file as a module.

How to use

  1. Copy the qradar.py file contents right after the imports of script
  2. Initialize client as following:
q = QRadar("https://qradar.is.local", KEY, "22.0", requests.Session(), verify=False) 

Having:

  • qradar.is.local is QRadar console hostname or ip
  • KEY is API key created from console
  • "22.0" - replaced with API version you want
  • requests imported (and installed)

Also works with httpx, with minor differences. Refer to examples for details

  1. Use client instance methods, forming the name of desired endpoint

For example, the endpoint 22.0 - GET - /reference_data/map_of_sets is referenced by name q.get_reference_data_map_of_sets. The http method goes first, and the API endpoint path is trailing it, having the slashes replaced with underscores.

For endpoints such as 22.0 - GET - /reference_data/map_of_sets/{name} use the reference_data_map_of_sets_name, with {name} part provided as keyword argument:

q.get_reference_data_map_of_sets(name='refmapofsetsname')

For params such as filter, use keyword arguments:

q.help_endpoint(filter=f"version={version}")

For data posting, use first non-keyword argument. It accepts json-serializable objects (lists, dicts, lists of dicts, etc.):

q.post_reference_data_map_of_sets({"data": ["data"]})

Generating .pyi file for intellisense

This option may be used for setting up more convenient development environment. Final script version should be delivered without API schema.

  1. Clone the repository into project folder
  2. Run python3 schema_prefetch having correct parameters in source code
  3. qradar.pyi file must appear. As far as it is in one folder with qradar.py, the methods will be hinted with the names, arguments and description from QRadar API schema

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

qradar-0.0.1.tar.gz (4.2 kB view details)

Uploaded Source

Built Distribution

qradar-0.0.1-py3-none-any.whl (4.0 kB view details)

Uploaded Python 3

File details

Details for the file qradar-0.0.1.tar.gz.

File metadata

  • Download URL: qradar-0.0.1.tar.gz
  • Upload date:
  • Size: 4.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for qradar-0.0.1.tar.gz
Algorithm Hash digest
SHA256 2b36875ed5d56eaf7b315205017d5a471465832ec902e25f9e897a7ef5492e32
MD5 d1730f85028f27d360c64cfca23d6032
BLAKE2b-256 79f3cb1b67eb4fe8c7208c2177d6b3ef34e68621f689ef0eb43914c0e4699a6f

See more details on using hashes here.

File details

Details for the file qradar-0.0.1-py3-none-any.whl.

File metadata

  • Download URL: qradar-0.0.1-py3-none-any.whl
  • Upload date:
  • Size: 4.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for qradar-0.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 ba7f9345bffc567bc5e8fb44a59f7254f54392bce9b0a5bb88705028fe76b626
MD5 5ebbe792201047815bf765c2b1e99735
BLAKE2b-256 f0ae6acf4bd632a5be25f33e4c703bf0a5c42fbb56bc23cfe266bd376daf37f8

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page