Taegis Python SDK
Project description
Taegis SDK for Python
The Taegis SDK is a Python library for interfacing with the GraphQL APIs in Taegis.
Prerequisites
- Python 3.8 or higher.
Authentication
- Set
CLIENT_ID
andCLIENT_SECRET
environment variables as described in the Taegis XDR Documenation.
OR
- Login using username/password with mfa upon service creation
OR
- Device Code SSO
Installation
python -m pip install taegis-sdk-python
Using the SDK
To use the SDK, you must first import the GraphQLService
from taegis_sdk_python.services import GraphQLService
from pprint import pprint as pp
service = GraphQLService()
Now that you have the GraphQLService
, you can make requests and process responses for Taegis XDR Services
. The following example uses the Investigations Service
to send a query to get all available investigations
result = service.investigations.query.investigations_search(
page=1,
per_page=3,
query="WHERE deleted_at IS NOT NULL EARLIEST=-90d"
)
pp(result)
result = service.tenants.query.tenants(tenants_query=TenantsQuery(
max_results=10,
page_num=1,
))
pp(result)
results = service.events.subscription.event_query(
query="FROM process EARLIEST=-30d",
options=EventQueryOptions(
max_rows=20,
page_size=10,
skip_cache=True,
),
)
pp(results)
print()
try:
next_page = next(
iter(
{
result.next
for result in results
if result.next
}
)
)
except StopIteration:
next_page = None
if next_page:
results = service.events.subscription.event_page(page_id=next_page)
pp(results)
Custom Examples
Custom Output
The SDK enables users to override the output property of a query to retrieve specific response fields. For example, the following code will ONLY return the ids, description and status of all Closed Investigations. This query runs inside the Service Context
.
from taegis_sdk_python.services import GraphQLService
service = GraphQLService()
# specify the output fields, and start the service context
with service(output="investigations { id description status } totalCount"):
result = service.investigations.query.investigations_search(
page=1,
per_page=3,
query="WHERE deleted_at IS NOT NULL EARLIEST=-90d"
)
pp(result)
Change Tenant Context
from taegis_sdk_python.services import GraphQLService
service = GraphQLService()
# specify the output fields, and start the service context
with service(tenant_id="00000"):
result = service.investigations.query.investigations_search(
page=1,
per_page=3,
query="WHERE deleted_at IS NOT NULL EARLIEST=-90d"
)
pp(result)
Change the Environment
from taegis_sdk_python.services import GraphQLService
service = GraphQLService()
# specify the output fields, and start the service context
with service(environment="delta"):
result = service.investigations.query.investigations_search(
page=1,
per_page=3,
query="WHERE deleted_at IS NOT NULL EARLIEST=-90d"
)
pp(result)
Use a preexisting access token
from taegis_sdk_python.services import GraphQLService
service = GraphQLService()
# specify the output fields, and start the service context
with service(access_token="<your access token>"):
result = service.investigations.query.investigations_search(
page=1,
per_page=3,
query="WHERE deleted_at IS NOT NULL EARLIEST=-90d"
)
pp(result)
Arbitrary Query
results = service.investigations.execute_query(
"alertsServiceSearch",
variables={
"in": {
"limit": 3,
"offset": 0,
"cql_query": "FROM alert EARLIEST=-1d"
}
},
output="""
search_id
alerts {
list {
id
metadata {
title
}
status
}
}
"""
)
print(results)
Arbitrary Mutation
results = service.investigations.execute_mutation(
"createInvestigation",
variables={
"investigation": {
"description": "SDK Test Investigation",
"key_findings": "This is a test.",
"priority": 1
}
},
output="""
id
created_at
created_by_user {
id
given_name
family_name
}
description
key_findings
"""
)
print(results)
Custom Query
Advanced users can leverage the power of the SDK to execute custom queries. If an invalid query is passed the system will respond with GraphQLSyntaxError -> Syntax Error
, otherwise the query will be executed and results will be returned as a dictionary of data.
from taegis_sdk_python.services import GraphQLService
gql_query = """
query investigationsStatusCount {
investigationsStatusCount {
open
closed
active
awaiting_action
suspended
total
}
}
"""
result = service.investigations.execute(gql_query)
Deprecation Warnings
Deprecated input fields, output fields and endpoints are set to log a warning. For more information, see the docs.
Example:
GraphQL Query `allInvestigations` is deprecated: 'replaced by investigationsSearch'
Output field `activity_logs` is deprecated: 'Not Supported - Use audit logs', removing from default output...
Output field `assignee` is deprecated: 'No longer supported', removing from default output...
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for taegis_sdk_python-1.0.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b1562f8a1f6b53bd3d503e17d6bae3b457c2cdd4e89192c71dace38f47a5d5de |
|
MD5 | 12c58671a422e852c872d37be40ca9c0 |
|
BLAKE2b-256 | 131ef72c546f664428d051cb2abb171a4d7a66c42e86644f8b8dd93c5422bc92 |