Iris¶
Client¶
-
class
Iris.
Client
¶ A client object representing ‘Iris’ Service:
import almdrlib client = almdrlib.client('iris')
Available methods:
-
add_feedback
(**kwargs)¶ Add feedback to incident
Request Syntax
response = client.add_feedback( account_id='string' customer_feedback='string' customer_feedback_reason='further_action'|'acceptable_risk'|'compensating_control'|'threat_not_valid'|'not_concluded'|'other' incident_id='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
customer_feedback (string) –
[REQUIRED]
Feedback to add to incident
customer_feedback_reason (string) –
[REQUIRED]
Reason for feedback
Valid values:
further_action
,acceptable_risk
,compensating_control
,threat_not_valid
,not_concluded
,other
incident_id (string) –
[REQUIRED]
IRIS incident ID can either be a length 16 alpha-numeric string e.g. e11111ee11111111 or a UUID e.g. XXXX0000-0000-0000-0000-0XXX00000000
- Return type
dict
- Returns
Response Syntax
{ 'feedback': 'string', 'feedback_datetime': 'string', 'feedback_reason': 'string', 'feedback_uid': 'string', 'feedback_user': 'string' }
Response Definitions
feedback (string) –
feedback_datetime (string) –
feedback_reason (string) –
feedback_uid (string) –
feedback_user (string) –
-
complete_incident
(**kwargs)¶ Complete/Close an incident
Request Syntax
response = client.complete_incident( account_id='string' incident_id='string' notes='string' reason_code='further_action'|'acceptable_risk'|'compensating_control'|'threat_not_valid'|'not_concluded'|'other' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
incident_id (string) –
[REQUIRED]
IRIS incident ID can either be a length 16 alpha-numeric string e.g. e11111ee11111111 or a UUID e.g. XXXX0000-0000-0000-0000-0XXX00000000
notes (string) –
[REQUIRED]
Notes about completion
reason_code (string) –
[REQUIRED]
Reason for completion
Valid values:
further_action
,acceptable_risk
,compensating_control
,threat_not_valid
,not_concluded
,other
- Return type
dict
- Returns
Response Syntax
{ 'new': { 'notes': 'string', 'reason_code': 'string', 'status': 'string', 'status_change_time': 'string' }, 'old': { 'status': 'string', 'status_change_time': 'string' } }
Response Definitions
new (dict) – [REQUIRED]
notes (string) –
reason_code (string) –
status (string) –
status_change_time (string) –
old (dict) – [REQUIRED]
status (string) –
status_change_time (string) –
-
get_associated_elaborations
(**kwargs)¶ Get associated logs/events for incident
Request Syntax
response = client.get_associated_elaborations( account_id='string' incident_id='string' limit='number' offset='number' returnSource='string' return_value='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
incident_id (string) –
[REQUIRED]
IRIS incident ID can either be a length 16 alpha-numeric string e.g. e11111ee11111111 or a UUID e.g. XXXX0000-0000-0000-0000-0XXX00000000
limit (number) – Maximum number of items in the result set
offset (number) – The (zero-based) offset of the first item in the result set to return
returnSource (string) – To filter by source type. Allowed values - log, event
return_value (string) – Comma delimited list of ‘dot-notation’ string names of desired properties in the result set. Use if you want only a subset of attributes from results
- Return type
dict
- Returns
Response Syntax
{ 'filter': {}, 'metadata': {}, 'returnVals': [ {} ], 'stats': {} }
Response Definitions
filter (dict) –
metadata (dict) –
returnVals (list) –
(dict) –
Values returned by the query
stats (dict) –
-
get_incident
(**kwargs)¶ Get incident
Request Syntax
response = client.get_incident( account_id='string' incident_id='string' return_value='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
incident_id (string) –
[REQUIRED]
IRIS incident ID can either be a length 16 alpha-numeric string e.g. e11111ee11111111 or a UUID e.g. XXXX0000-0000-0000-0000-0XXX00000000
return_value (string) – Comma delimited list of dot-notation string names of desired properties in the result set. Use if you want a subset of attributes from the incident
- Return type
dict
- Returns
Response Syntax
{ 'accountId': 'string', 'all_assets': [ {} ], 'assets': { '__asset': {}, '__source': 'string', 'al__deployment': 'string' }, 'createTime': 'number', 'createtime_str': 'string', 'customer': 'string', 'customer_status': { 'status': 'string', 'status_change_time': 'string' }, 'desc': 'string', 'humanFriendlyId': 'string', 'incident': { 'description': 'string', 'summary': 'string', 'threatRating': 'string' }, 'incidentId': 'string', 'incident_attack_class': 'string', 'incident_class': 'string', 'incident_type': 'string', 'snooze_status': { 'period_ms': 'number', 'reason_code': 'string', 'snoozed': 'False|True' }, 'summary': 'string', 'updateTime': 'number', 'updatetime_str': 'string' }
Response Definitions
accountId (string) –
AIMS Account Id
all_assets (list) –
(dict) –
assets (dict) –
__asset (dict) –
__source (string) –
al__deployment (string) –
createTime (number) –
Incident creation time
createtime_str (string) –
Incident creation time in ISO format
customer (string) –
Customer name
customer_status (dict) –
status (string) –
status_change_time (string) –
desc (string) –
humanFriendlyId (string) –
incident (dict) –
description (string) –
summary (string) –
threatRating (string) –
incidentId (string) –
Incident ID
incident_attack_class (string) –
incident_class (string) –
incident_type (string) –
snooze_status (dict) –
period_ms (number) –
reason_code (string) –
snoozed (boolean) –
summary (string) –
updateTime (number) –
updatetime_str (string) –
-
get_incident_filters
(**kwargs)¶ Fetch the fields and values used to filter incidents
Request Syntax
response = client.get_incident_filters( )
- Return type
dict
- Returns
Response Syntax
{ 'class': [ 'string' ], 'detection_source': [ 'string' ], 'escalated': [ 'False|True' ], 'threat_level': [ 'string' ] }
Response Definitions
class (list) –
(string) –
detection_source (list) –
(string) –
escalated (list) –
(boolean) –
threat_level (list) –
(string) –
-
get_incident_id_by_friendly
(**kwargs)¶ Get incident ID by friendly ID
Request Syntax
response = client.get_incident_id_by_friendly( account_id='string' friendly_id='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
friendly_id (string) –
[REQUIRED]
Human friendly ID. A length 6 alpha-numeric ID shorter than IncidentID
- Return type
list
- Returns
Response Syntax
[ { 'accountId': 'string', 'humanFriendlyId': 'string', 'incidentId': 'string' } ]
Response Definitions
(dict) –
Incident key object
accountId (string) –
humanFriendlyId (string) –
incidentId (string) –
-
incidents_by_time
(**kwargs)¶ Get incidents in a timespan for an account
Request Syntax
response = client.incidents_by_time( account_id='string' end_time='string' limit='integer' offset='integer' pagination='False|True' return_value='string' start_time='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
end_time (string) –
[REQUIRED]
Time to end span, either epoch timestamp or an ISO string
limit (integer) – Maximum number of items in the result set
offset (integer) – The (zero-based) offset of the first item in the result set
pagination (boolean) – Enable pagination of the result set
return_value (string) – Comma delimited list of dot-notation string names of desired properties in the result set. Use if you only want a subset of attributes from each incident
start_time (string) –
[REQUIRED]
Time to begin span, either epoch timestamp or an ISO string
- Return type
dict
- Returns
Response Syntax
'dict|list'
Response Definitions
-
partner_account_incidents
(**kwargs)¶ Get incidents over a timerange for account and all accounts managed by it.
Request Syntax
response = client.partner_account_incidents( account_id='string' aid='string' end_time='string' limit='integer' offset='integer' pagination='False|True' return_value='string' start_time='string' time_stamp='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
aid (string) – A comma delimited list of accounts managed by account_id to return. E.g aid=10,11,12,13
end_time (string) –
[REQUIRED]
Time to end span, either epoch timestamp or an ISO string
limit (integer) – Maximum number of items in the result set
offset (integer) – The (zero-based) offset of the first item in the result set
pagination (boolean) – Enable pagination of the result set
return_value (string) – Comma delimited list of dot-notation string names of desired properties in the result set. Use if you only want a subset of attributes from each incident
start_time (string) –
[REQUIRED]
Time to begin span, either epoch timestamp or an ISO string
time_stamp (string) – The timestamp to search for incidents with, either ‘createTime’ or ‘updateTime’
- Return type
dict
- Returns
Response Syntax
'dict|list'
Response Definitions
-
partner_incidents
(**kwargs)¶ Get incidents over a timerange for caller account and all accounts managed by it.
Request Syntax
response = client.partner_incidents( aid='string' end_time='string' limit='integer' offset='integer' pagination='False|True' return_value='string' start_time='string' time_stamp='string' )
- Parameters
aid (string) – A comma delimited list of accounts managed by account_id to return. E.g aid=10,11,12,13
end_time (string) –
[REQUIRED]
Time to end span, either epoch timestamp or an ISO string
limit (integer) – Maximum number of items in the result set
offset (integer) – The (zero-based) offset of the first item in the result set
pagination (boolean) – Enable pagination of the result set
return_value (string) – Comma delimited list of dot-notation string names of desired properties in the result set. Use if you only want a subset of attributes from each incident
start_time (string) –
[REQUIRED]
Time to begin span, either epoch timestamp or an ISO string
time_stamp (string) – The timestamp to search for incidents with, either ‘createTime’ or ‘updateTime’
- Return type
dict
- Returns
Response Syntax
'dict|list'
Response Definitions
-
reopen_incident
(**kwargs)¶ reopen an incident
Request Syntax
response = client.reopen_incident( account_id='string' incident_id='string' notes='string' )
- Parameters
account_id (string) –
[REQUIRED]
AIMS Account ID
incident_id (string) –
[REQUIRED]
IRIS incident ID can either be a length 16 alpha-numeric string e.g. e11111ee11111111 or a UUID e.g. XXXX0000-0000-0000-0000-0XXX00000000
notes (string) –
[REQUIRED]
Notes about completion
- Return type
dict
- Returns
Response Syntax
{ 'new': { 'notes': 'string', 'reason_code': 'string', 'status': 'string', 'status_change_time': 'string' }, 'old': { 'notes': 'string', 'reason_code': 'string', 'status': 'string', 'status_change_time': 'string' } }
Response Definitions
new (dict) – [REQUIRED]
notes (string) –
reason_code (string) –
status (string) –
status_change_time (string) –
old (dict) – [REQUIRED]
notes (string) –
reason_code (string) –
status (string) –
status_change_time (string) –