Python client for the Securonix Spotter API (shared gateway search workflow)
Project description
Securonix Spotter API client
Python client for Securonix Spotter search via the shared snypr-service-gateway: authenticate, submit async queries, poll status, and fetch results as JSON.
Official Spotter API documentation: Securonix Documentation — Spotter API.
End-to-end flow implemented by this library:
GET /ws/token/generatefor the WS session token.POST /api/v2/oauth/tokenwithwstokenfor the OAuth Bearer (JWT in practice).POST /spotter-api/spotter/api/v1/search/queries.- Poll
GET .../statusuntilCOMPLETED. GET .../resultsand return structured JSON.
The sequence matches the working examples in this repository.
Install
From PyPI (distribution name securonix-spotter-client):
pip install securonix-spotter-client
From a clone of this repo:
pip install .
Import the securonix_spotter package in Python:
from securonix_spotter import SpotterClient
Environment variables
TENANT_BASE_URL(e.g.https://<tenant>.securonix.net/Snypr)TENANT_USERNAMETENANT_PASSWORD
A .env file is loaded automatically via python-dotenv (without overwriting variables already set in the shell).
If you used older names (SPOTTER_BASE_URL, SPOTTER_USERNAME, SPOTTER_PASSWORD), rename those keys in .env to the TENANT_* names above.
Default gateway URL
The URL most tenants use:
https://us-east1-prod01.securonix.net/shared/snypr-service-gateway
If you omit gateway_url when constructing SpotterClient, that base URL is used by default.
Default time range (when you omit from_time / to_time)
The Spotter gateway rejects fromTime=0 and toTime=0 (error 1005: invalid time range). The client therefore always sends a valid window.
| What you pass | Effective window |
|---|---|
Both omitted or both 0 (default) |
Last 24 hours in UTC: from (now UTC − 24h) to now UTC, as epoch milliseconds. |
from_time only (> 0, to_time ≤ 0) |
From your from_time to now (UTC, ms). |
to_time only (from_time ≤ 0, to_time > 0) |
24 hours before to_time up to to_time (UTC, ms). |
| Both set | Your exact range (must satisfy from_time < to_time). |
So if you call execute(query) with no time arguments, you are querying the past 24 hours, not “all time”.
from_time and to_time are always Unix epoch in milliseconds in UTC.
Quick start
from securonix_spotter import SpotterClient
client = SpotterClient()
query = "index = violation | stats count by tenantname policyname criticality"
results = client.execute(query)
print(results)
Example: explicit time range (from_time / to_time)
from datetime import datetime, timedelta, timezone
from securonix_spotter import SpotterClient
client = SpotterClient()
query = "index = violation | stats count by tenantname policyname criticality"
# Last 2 hours
end = datetime.now(timezone.utc)
start = end - timedelta(hours=2)
from_time = int(start.timestamp() * 1000)
to_time = int(end.timestamp() * 1000)
results = client.execute(query, from_time=from_time, to_time=to_time)
print(results)
Example: fixed UTC window
from datetime import datetime, timezone
from securonix_spotter import SpotterClient
client = SpotterClient()
query = "index = violation | stats count by tenantname policyname criticality"
from_time = int(datetime(2026, 4, 28, 0, 0, 0, tzinfo=timezone.utc).timestamp() * 1000)
to_time = int(datetime(2026, 4, 28, 10, 0, 0, tzinfo=timezone.utc).timestamp() * 1000)
results = client.execute(
query,
from_time=from_time,
to_time=to_time,
poll_interval=3,
timeout=420,
)
print(results)
Example: explicit gateway + error handling
from securonix_spotter import SpotterAuthError, SpotterClient, SpotterTimeoutError
gateway = "https://us-east1-prod01.securonix.net/shared/snypr-service-gateway"
client = SpotterClient(gateway_url=gateway)
try:
data = client.execute(
"index = violation | stats count by tenantname policyname criticality",
poll_interval=3,
timeout=420,
)
print(data)
except SpotterAuthError as exc:
print(f"Authentication error: {exc}")
except SpotterTimeoutError as exc:
print(f"Polling timeout: {exc}")
Example: step-by-step (run_query → poll → get_results)
from securonix_spotter import SpotterClient
client = SpotterClient()
query = (
'index = violation and policyname = "possible brute force attack detected - csso" '
"| STATS sourceaddress destinationaddress accountname destinationport"
)
query_id = client.run_query(
query,
limit=5000,
sort_by="sourceaddress",
sort_order="desc",
timeout=600,
)
client.wait_for_results(query_id, poll_interval=2, timeout=600)
results = client.get_results(query_id, offset=0, limit=500)
print(results)
Scripts in examples/
examples/basic_query.pyexamples/advanced_query.py
Publishing to PyPI
See README_PYPI.md for build and upload commands.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file securonix_spotter_client-1.2.0.tar.gz.
File metadata
- Download URL: securonix_spotter_client-1.2.0.tar.gz
- Upload date:
- Size: 9.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7cc5e044ba10e2d11c95166582747901e29b844702bb6fd5a7954d672f9e0a80
|
|
| MD5 |
613cd8e5221f1b89ed1b9d9bac43a143
|
|
| BLAKE2b-256 |
dddf9250c6c7d32518499f230cba2403017617d64206a7190efc3c3af0b448f4
|
File details
Details for the file securonix_spotter_client-1.2.0-py3-none-any.whl.
File metadata
- Download URL: securonix_spotter_client-1.2.0-py3-none-any.whl
- Upload date:
- Size: 9.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d535f64c4cc294684a5885a304effbb73bc2aea939af12d592965dd01e8b9f36
|
|
| MD5 |
7bdd0ebe79162c5f73ea3ed690bab8fc
|
|
| BLAKE2b-256 |
68fd9723867ed209bd9efa2f59272d13335e7b40a606b09fc457facb9008f005
|
