Scanner API client for Python
Project description
scanner-client
This is the Python SDK for the Scanner API. It is autogenerated from an OpenAPI v3 spec.
You can use the SDK for use cases like these:
- Execute queries on your log files in S3 that have been indexed by Scanner.
- Create, read, and update detection rules
- Manage event sinks, which are destinations for detection alerts.
Documentation
You can view the API documentation for the Scanner API here.
Usage
To install the SDK, run:
pip install scanner-client
Create the client by passing in the API URL and API key, which you can get from Settings > API Keys in the Scanner UI.
import os
from scanner_client import Scanner
scanner = Scanner(
api_url=os.environ["SCANNER_API_URL"],
api_key=os.environ["SCANNER_API_KEY"],
)
Synchronously query logs over last 30 days
import os
import time
from datetime import datetime, timezone, timedelta
from scanner_client import Scanner
scanner = Scanner(
api_url=os.environ["SCANNER_API_URL"],
api_key=os.environ["SCANNER_API_KEY"],
)
end_time = datetime.now(tz=timezone.utc)
start_time = end_time - timedelta(days=30)
query_text = """
%ingest.source_type: "aws:cloudtrail"
eventSource: "s3.amazonaws.com"
| stats by eventName
"""
# Run blocking query, which runs for up to 60 seconds and returns results.
response = scanner.query.blocking_query(
query_text=query_text,
start_time=start_time.isoformat()
end_time=end_time.isoformat()
)
print(response.results)
# Run non-blocking query and periodically checking for completion.
# Can run for 15 minutes.
qr_id = scanner.query.start_query(
query_text=query_text,
start_time=start_time.isoformat()
end_time=end_time.isoformat()
).qr_id
while True:
print("Checking query progress")
query_progress = scanner.query.query_progress(qr_id)
if query_progress.is_completed:
print(query_progress.results)
break
time.sleep(1)
# Run non-blocking query and return results. This handles checking
# query progress and returns the results once the query is complete.
response = scanner.query.start_query_and_return_results(
query_text=query_text,
start_time=start_time.isoformat()
end_time=end_time.isoformat()
)
print(response.results)
Async Scanner
The AsyncScanner class is also available for use with asyncio. All of the
API methods are coroutines and can be awaited.
import asyncio
from scanner_client import AsyncScanner
# ...
scanner = AsyncScanner(
api_url=os.environ["SCANNER_API_URL"],
api_key=os.environ["SCANNER_API_KEY"],
)
# ...
response = await scanner.query.blocking_query(
query_text=query_text,
start_time=start_time.isoformat()
end_time=end_time.isoformat()
)
print(response.results)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file scanner_client-0.1.0rc13-py3-none-any.whl.
File metadata
- Download URL: scanner_client-0.1.0rc13-py3-none-any.whl
- Upload date:
- Size: 144.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.10.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dcfb956115d227422c741f05ce2f2d09299737df0afb6b7ac506c7e3a318a6b7
|
|
| MD5 |
1649e65a7dec65dd52caf0ab156b4929
|
|
| BLAKE2b-256 |
9813d11262e232b315995ac32506e777eadf23afe3da855295a49a1d8960f3ac
|
