Using the NGSIEM service collection

Table of Contents

UploadLookupV1

Upload a lookup file to NGSIEM.

PEP8 method name

upload_file

Endpoint

Method	Route
	/humio/api/v1/repositories/{repository}/files

Required Scope

Content-Type

• Consumes: multipart/form-data

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
repository			path	string	Name of the repository.

Usage

Service class example (PEP8 syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

response = falcon.upload_file(repository="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

response = falcon.UploadLookupV1(repository="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("UploadLookupV1", repository="string")

print(response)

GetLookupV1

Download lookup file from NGSIEM.

PEP8 method name

get_file

Endpoint

Method	Route
	/humio/api/v1/repositories/{repository}/files/{filename}

Required Scope

Content-Type

• Produces: application/octet-stream

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
repository			path	string	Name of the repository.
filename			path	string	Name of the lookup file.

Usage

Service class example (PEP8 syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

with open("some_file.ext", "wb") as save_file:
    save_file.write(falcon.get_file(repository="string", name="string"))

Service class example (Operation ID syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

with open("some_file.ext", "wb") as save_file:
    save_file.write(falcon.GetLookupV1(repository="string", name="string"))

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

with open("some_file.ext", "wb") as save_file:
    save_file.write(falcon.command("GetLookupV1", repository="string", name="string"))

GetLookupFromPackageWithNamespaceV1

Download lookup file in namespaced package from NGSIEM.

PEP8 method name

get_file_from_package_with_namespace

Endpoint

Method	Route
	/humio/api/v1/repositories/{repository}/files/{namespace}/{package}/{filename}

Required Scope

Content-Type

• Produces: application/octet-stream

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
repository			path	string	Name of the repository.
namespace			path	string	Name of the namespace.
package			path	string	Name of the package.
filename			path	string	Name of the lookup file.

Usage

Service class example (PEP8 syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

with open("some_file.ext", "wb") as save_file:
    response = falcon.get_file_from_package_with_namespace(repository="string",
                                                           namespace="string",
                                                           package="string",
                                                           filename="string"
                                                           )
    save_file.write(response)

Service class example (Operation ID syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

with open("some_file.ext", "wb") as save_file:
    response = falcon.GetLookupFromPackageWithNamespaceV1()
    save_file.write(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

with open("some_file.ext", "wb") as save_file:
    response = falcon.command("GetLookupFromPackageWithNamespaceV1",
                              repository="string",
                              namespace="string",
                              package="string",
                              filename="string"
                              )
    save_file.write(response)

GetLookupFromPackageV1

Download lookup file in package from NGSIEM.

PEP8 method name

get_file_from_package

Endpoint

Method	Route
	/humio/api/v1/repositories/{repository}/files/{package}/{filename}

Required Scope

Content-Type

• Produces: application/octet-stream

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
repository			path	string	Name of the repository.
package			path	string	Name of the package.
filename			path	string	Name of the lookup file.

Usage

Service class example (PEP8 syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

with open("some_file.ext", "wb") as save_file:
    response = falcon.get_file_from_package(repository="string",
                                            package="string",
                                            filename="string"
                                            )
    save_file.write(response)

Service class example (Operation ID syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

with open("some_file.ext", "wb") as save_file:
    response = falcon.GetLookupFromPackageV1(repository="string",
                                             package="string",
                                             filename="string"
                                             )
    save_file.write(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

with open("some_file.ext", "wb") as save_file:
    response = falcon.command("GetLookupFromPackageV1",
                              repository="string",
                              package="string",
                              filename="string"
                              )
    save_file.write(response)

StartSearchV1

Initiate a NGSIEM search.

PEP8 method name

start_search

Endpoint

Method	Route
	/humio/api/v1/repositories/{repository}/queryjobs

Required Scope

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
repository			path	string	Name of the repository.

Usage

Service class example (PEP8 syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

response = falcon.start_search(repository="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

response = falcon.StartSearchV1(repository="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("StartSearchV1", repository="string")

print(response)

GetSearchStatusV1

Get status of a NGSIEM search.

PEP8 method name

get_search_status

Endpoint

Method	Route
	/humio/api/v1/repositories/{repository}/queryjobs/{id}

Required Scope

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
repository			path	string	Name of the repository.
id			path	string	ID of the query.

Usage

Service class example (PEP8 syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

response = falcon.get_search_status(repository="string", id="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

response = falcon.GetSearchStatusV1(repository="string", id="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetSearchStatusV1", repository="string", id="string")

print(response)

StopSearchV1

Stop a NGSIEM search.

PEP8 method name

stop_search

Endpoint

Method	Route
	/humio/api/v1/repositories/{repository}/queryjobs/{id}

Required Scope

Content-Type

• Consumes: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
repository			path	string	Name of the repository.
id			path	string	ID of the query.

Usage

Service class example (PEP8 syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

response = falcon.stop_search(repository="string", id="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import NGSIEM

falcon = NGSIEM(client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET
                )

response = falcon.StopSearchV1(repository="string", id="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("StopSearchV1", repository="string", id="string")

print(response)