Scanner API client for Python

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ctc-scanner-dev from gravatar.com ctc-scanner-dev Avatar for linjenny from gravatar.com linjenny Avatar for swwu from gravatar.com swwu

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Scanner, Inc.
  • Requires: Python <4.0, >=3.10
Classifiers

Project description

scanner-client

This is the Python SDK for the Scanner API. It is autogenerated from an OpenAPI v3 spec.

You can use the SDK for use cases like these:

  • Execute queries on your log files in S3 that have been indexed by Scanner.
  • Create, read, and update detection rules
  • Manage event sinks, which are destinations for detection alerts.

Documentation

You can view the API documentation for the Scanner API here.

Usage

To install the SDK, run:

pip install scanner-client

Create the client by passing in the API URL and API key, which you can get from Settings > API Keys in the Scanner UI.

import os
from scanner_client import Scanner

scanner = Scanner(
    api_url=os.environ["SCANNER_API_URL"],
    api_key=os.environ["SCANNER_API_KEY"],
)

Synchronously query logs over last 30 days

import os
import time

from datetime import datetime, timezone, timedelta
from scanner_client import Scanner

scanner = Scanner(
    api_url=os.environ["SCANNER_API_URL"],
    api_key=os.environ["SCANNER_API_KEY"],
)

end_time = datetime.now(tz=timezone.utc)
start_time = end_time - timedelta(days=30)

query_text = """
	%ingest.source_type: "aws:cloudtrail"
	eventSource: "s3.amazonaws.com"
	| stats by eventName
"""

# Run blocking query, which runs for up to 60 seconds and returns results.

response = scanner.query.blocking_query(
    query_text=query_text,
    start_time=start_time.isoformat()
    end_time=end_time.isoformat()
)
print(response.results)

# Run non-blocking query, periodically checking for completion. Can run for 15
# minutes.

qr_id = scanner.query.start_query(
    query_text=query_text,
    start_time=start_time.isoformat()
    end_time=end_time.isoformat()
).qr_id

while True:
    print("Checking query progress")
    query_progress = scanner.query.query_progress(qr_id)
    if query_progress.is_completed:
        print(query_progress.results)
        break

    time.sleep(1)

Async Scanner

The AsyncScanner class is also available for use with asyncio. All of the API methods are coroutines and can be awaited.

import asyncio
from scanner_client import AsyncScanner

# ...

scanner = AsyncScanner(
    api_url=os.environ["SCANNER_API_URL"],
    api_key=os.environ["SCANNER_API_KEY"],
)

# ...

response = await scanner.query.blocking_query(
    query_text=query_text,
    start_time=start_time.isoformat()
    end_time=end_time.isoformat()
)
print(response.results)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ctc-scanner-dev from gravatar.com ctc-scanner-dev Avatar for linjenny from gravatar.com linjenny Avatar for swwu from gravatar.com swwu

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Scanner, Inc.
  • Requires: Python <4.0, >=3.10
Classifiers

Release history Release notifications | RSS feed

0.1.0rc5 pre-release

This version

0.1.0rc4 pre-release

0.1.0rc3 pre-release

0.1.0rc2 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

scanner_client-0.1.0rc4-py3-none-any.whl (113.8 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page