QRadar client for python with API schema fetching
Project description
QRadar API python client for scripting
python3.10 and above supported
Features:
- Pulls API schema from QRadar and creates client methods dynamically for the API version specified. This makes this client source code as small as possible;
- All the endpoints of QRadar API is mapped to a client method by name;
- No dependencies introduced, tested with httpx and requests http protocol libs with dependency injection, but obviously will only work with libs that provide compatible requests-like interface for Session-like object. Of course, wrappers can help with using incompatible libs;
- Generates stub file for method hinting if needed. It takes ~4MB of disk space.
Intended usage
Made to be used as full-featured copypaste drop-in client for scripts where pip installation way be unwanted, also it is lightweight alternative to qradar4py, where the method lookup table only takes 170 times more memory. Of course, it is not prohibited to import the qradar.py
file as a module.
How to use
- Copy the
qradar.py
file contents right after the imports of script - Initialize client as following:
q = QRadar("https://qradar.is.local", KEY, "22.0", requests.Session(), verify=False)
Having:
- qradar.is.local is QRadar console hostname or ip
- KEY is API key created from console
"22.0"
- replaced with API version you wantrequests
imported (and installed)
Also works with httpx, with minor differences. Refer to examples for details
- Use client instance methods, forming the name of desired endpoint
For example, the endpoint 22.0 - GET - /reference_data/map_of_sets
is referenced by name q.get_reference_data_map_of_sets
. The http method goes first, and the API endpoint path is trailing it, having the slashes replaced with underscores.
For endpoints such as 22.0 - GET - /reference_data/map_of_sets/{name}
use the reference_data_map_of_sets_name
, with {name} part provided as keyword argument:
q.get_reference_data_map_of_sets(name='refmapofsetsname')
For params such as filter, use keyword arguments:
q.help_endpoint(filter=f"version={version}")
For data posting, use first non-keyword argument. It accepts json-serializable objects (lists, dicts, lists of dicts, etc.):
q.post_reference_data_map_of_sets({"data": ["data"]})
Generating .pyi file for intellisense
This option may be used for setting up more convenient development environment. Final script version should be delivered without API schema.
- Clone the repository into project folder
- Run
python3 schema_prefetch
having correct parameters in source code qradar.pyi
file must appear. As far as it is in one folder withqradar.py
, the methods will be hinted with the names, arguments and description from QRadar API schema
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file qradar-0.0.1.tar.gz
.
File metadata
- Download URL: qradar-0.0.1.tar.gz
- Upload date:
- Size: 4.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.9.20
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2b36875ed5d56eaf7b315205017d5a471465832ec902e25f9e897a7ef5492e32 |
|
MD5 | d1730f85028f27d360c64cfca23d6032 |
|
BLAKE2b-256 | 79f3cb1b67eb4fe8c7208c2177d6b3ef34e68621f689ef0eb43914c0e4699a6f |
File details
Details for the file qradar-0.0.1-py3-none-any.whl
.
File metadata
- Download URL: qradar-0.0.1-py3-none-any.whl
- Upload date:
- Size: 4.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.9.20
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | ba7f9345bffc567bc5e8fb44a59f7254f54392bce9b0a5bb88705028fe76b626 |
|
MD5 | 5ebbe792201047815bf765c2b1e99735 |
|
BLAKE2b-256 | f0ae6acf4bd632a5be25f33e4c703bf0a5c42fbb56bc23cfe266bd376daf37f8 |