Aemanual¶
Client¶
-
class
Aemanual.Client¶ A client object representing ‘Aemanual’ Service:
import almdrlib client = almdrlib.client('aemanual')
Available methods:
-
create_observation(**kwargs)¶ POSTS an observable to AEPUBLISH to have it create a manual incident for the SoC
Request Syntax
response = client.create_observation( account_id='string' classification='string' customer_id='integer' datacenter='string' description='string' facts=[ { 'message': [ { 'id': 'string', 'type': 'string' } ] } ] gen_type='string' keyedon_value='string' sources=[ 'MANL'|'MANI' ] summary='string' threat_rating='Low'|'Medium'|'Hihg'|'Critical' time_frame='integer' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
classification (string) –
[REQUIRED]
The Incident Classification
customer_id (integer) –
[REQUIRED]
The Account (customer) Id
datacenter (string) –
[REQUIRED]
the datacenter that facts are coming from (Ashburn, Denver, Integration, Newport, etc)
description (string) –
[REQUIRED]
The Incident Description
facts (list) –
[REQUIRED]
A list of message_id and type (associated events or logs)
(dict) –
message (list) –
(dict) –
id (string) –
type (string) –
gen_type (string) – The generator type (analytic, guardduty, log_correlation, etc)
keyedon_value (string) – The base_incident_keyedon_value
sources (list) –
The Incident Source (MANL for log, MANI for IDS)
(string) –
Valid values:
MANL,MANI
summary (string) –
[REQUIRED]
The Incident Summary
threat_rating (string) –
The threat rating for the incident (Low, Medium, High, Critical)
Valid values:
Low,Medium,Hihg,Criticaltime_frame (integer) –
[REQUIRED]
The duration (in minutes)
- Return type
dict
- Returns
Response Syntax
{ 'message': 'string', 'status': 'string' }
Response Definitions
message (string) –
status (string) –
-
get_healthcheck(**kwargs)¶ Check health status of the service.
Request Syntax
response = client.get_healthcheck( )
- Returns
None
-