Python client for Securonix Spotter gateway queries
Project description
spotter-client
Python library to run Spotter queries through the Securonix shared gateway with an end-to-end flow:
GET /ws/token/generatefor the WS session token.POST /api/v2/oauth/tokenwithwstokenfor the OAuth Bearer (JWT in practice).POST /spotter-api/spotter/api/v1/search/queries.- Poll
GET .../statusuntilCOMPLETED. GET .../resultsand return structured JSON.
The flow matches the working examples in this repository.
Local install
pip install .
Environment variables
SPOTTER_BASE_URL(e.g.https://<tenant>.securonix.net/Snypr)SPOTTER_USERNAMESPOTTER_PASSWORD
A .env file is loaded automatically via python-dotenv (without overwriting variables already set in the shell).
Default gateway URL
The URL most tenants use:
https://us-east1-prod01.securonix.net/shared/snypr-service-gateway
If you omit gateway_url when constructing SpotterClient, that base URL is used by default.
Default time range (when you omit from_time / to_time)
The Spotter gateway rejects fromTime=0 and toTime=0 (error 1005: invalid time range). The client therefore always sends a valid window.
| What you pass | Effective window |
|---|---|
Both omitted or both 0 (default) |
Last 24 hours in UTC: from (now UTC − 24h) to now UTC, as epoch milliseconds. |
from_time only (> 0, to_time ≤ 0) |
From your from_time to now (UTC, ms). |
to_time only (from_time ≤ 0, to_time > 0) |
24 hours before to_time up to to_time (UTC, ms). |
| Both set | Your exact range (must satisfy from_time < to_time). |
So if you call execute(query) with no time arguments, you are querying the past 24 hours, not “all time”.
from_time and to_time are always Unix epoch in milliseconds in UTC.
Quick start
from spotter_client import SpotterClient
client = SpotterClient()
query = "index = violation | stats count by tenantname policyname criticality"
results = client.execute(query)
print(results)
Example: explicit time range (from_time / to_time)
from datetime import datetime, timedelta, timezone
from spotter_client import SpotterClient
client = SpotterClient()
query = "index = violation | stats count by tenantname policyname criticality"
# Last 2 hours
end = datetime.now(timezone.utc)
start = end - timedelta(hours=2)
from_time = int(start.timestamp() * 1000)
to_time = int(end.timestamp() * 1000)
results = client.execute(query, from_time=from_time, to_time=to_time)
print(results)
Example: fixed UTC window
from datetime import datetime, timezone
from spotter_client import SpotterClient
client = SpotterClient()
query = "index = violation | stats count by tenantname policyname criticality"
from_time = int(datetime(2026, 4, 28, 0, 0, 0, tzinfo=timezone.utc).timestamp() * 1000)
to_time = int(datetime(2026, 4, 28, 10, 0, 0, tzinfo=timezone.utc).timestamp() * 1000)
results = client.execute(
query,
from_time=from_time,
to_time=to_time,
poll_interval=3,
timeout=420,
)
print(results)
Example: explicit gateway + error handling
from spotter_client import SpotterAuthError, SpotterClient, SpotterTimeoutError
gateway = "https://us-east1-prod01.securonix.net/shared/snypr-service-gateway"
client = SpotterClient(gateway_url=gateway)
try:
data = client.execute(
"index = violation | stats count by tenantname policyname criticality",
poll_interval=3,
timeout=420,
)
print(data)
except SpotterAuthError as exc:
print(f"Authentication error: {exc}")
except SpotterTimeoutError as exc:
print(f"Polling timeout: {exc}")
Example: step-by-step (run_query → poll → get_results)
from spotter_client import SpotterClient
client = SpotterClient()
query = (
'index = violation and policyname = "possible brute force attack detected - csso" '
"| STATS sourceaddress destinationaddress accountname destinationport"
)
query_id = client.run_query(
query,
limit=5000,
sort_by="sourceaddress",
sort_order="desc",
timeout=600,
)
client.wait_for_results(query_id, poll_interval=2, timeout=600)
results = client.get_results(query_id, offset=0, limit=500)
print(results)
Scripts in examples/
examples/basic_query.pyexamples/advanced_query.py
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file spotter_client-0.1.0.tar.gz.
File metadata
- Download URL: spotter_client-0.1.0.tar.gz
- Upload date:
- Size: 8.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
00288830ea93fb9b11ec881c0740610c837d0bf2a33dea5d49606b2f53ed10e6
|
|
| MD5 |
baf8a89ad451b236664dd9e9a6fcbe64
|
|
| BLAKE2b-256 |
6b90c356be9c992d9c5028fcaead9ebcc97631bb6868f8bc784d7a91a60af2d6
|
File details
Details for the file spotter_client-0.1.0-py3-none-any.whl.
File metadata
- Download URL: spotter_client-0.1.0-py3-none-any.whl
- Upload date:
- Size: 8.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f1d4db77eb79474421a170018979cb8e86d09819b66952e97471054cac08a2d0
|
|
| MD5 |
ae75203c4cab8053164bd78fc6562db4
|
|
| BLAKE2b-256 |
ad1e0f395755d9b5247cb5460f5f086d99f5fe4e95fd655e2806b71d8e6d8c8b
|