Topic
  • 2 replies
  • Latest Post - ‏2015-10-28T17:02:03Z by therealbre
therealbre
therealbre
6 Posts

Pinned topic /siem/offenses problem with fields filter

‏2015-10-28T13:52:21Z |

I'm trying to pull back data from /siem/offenses for reporting purposes, but I only need a limited set of fields. I have implemented the /siem endpoint using the RestApiClient from github as my base. Unfortunately, when I query with the 'fields' param set, I fail to get back filtered results (I get everything). When I attempt the filters from /api_doc/, it works just fine. I figured I would post my code here and have you take a peek before I determined it as a bug.

Implementation:

def get_offenses(self, fields=None, filter=None, range_start=None, range_end=None):

    endpoint = self.endpoint_start + 'offenses'

    data = {}
    headers = self.headers.copy()

    if fields is not None:
        data['fields'] = fields

    if filter is not None:
        data['filter'] = filter

    if (range_start is not None) and (range_end is not None):
        headers[b'Range'] = ('items=' +
                             str(range_start) + '-' + str(range_end))

    data = urllib.parse.urlencode(data)
    data = data.encode('utf-8')

    # Sends a GET request
    return self.call_api(endpoint, 'GET', headers, data=data)

Execution:

def get_all_offenses(self):
    response = self.client.get_offenses(fields='inactive,status,start_time,close_time,assigned_to')

    try:
        if response.status == 200:
            return json.loads(response.read().decode('UTF-8'))
    except AttributeError:
        return []

    return []

 

(Edit: Fixed formatting of code - hopefully)

  • David Payne (IBM)
    David Payne (IBM)
    16 Posts
    ACCEPTED ANSWER

    Re: /siem/offenses problem with fields filter

    ‏2015-10-28T14:26:00Z  

    Hi,

    You are attempting to pass the fields and filter parameters in the body of the request. The fields and filter parameters are query parameters. When using the RestApiClient, you can provide query parameters with the params argument. Here is an example:

        params = {}
        if filter is not None:
            params['filter'] = filter
        if fields is not None:
            params['fields'] = fields

        if (range_start is not None) and (range_end is not None):
            headers[b'Range'] = ('items=' +
                                 str(range_start) + '-' + str(range_end))

        # Sends a GET request
        return client.call_api(endpoint, 'GET', headers, params=params)

    Regards,

    David

  • David Payne (IBM)
    David Payne (IBM)
    16 Posts

    Re: /siem/offenses problem with fields filter

    ‏2015-10-28T14:26:00Z  

    Hi,

    You are attempting to pass the fields and filter parameters in the body of the request. The fields and filter parameters are query parameters. When using the RestApiClient, you can provide query parameters with the params argument. Here is an example:

        params = {}
        if filter is not None:
            params['filter'] = filter
        if fields is not None:
            params['fields'] = fields

        if (range_start is not None) and (range_end is not None):
            headers[b'Range'] = ('items=' +
                                 str(range_start) + '-' + str(range_end))

        # Sends a GET request
        return client.call_api(endpoint, 'GET', headers, params=params)

    Regards,

    David

  • therealbre
    therealbre
    6 Posts

    Re: /siem/offenses problem with fields filter

    ‏2015-10-28T17:02:03Z  

    Hi,

    You are attempting to pass the fields and filter parameters in the body of the request. The fields and filter parameters are query parameters. When using the RestApiClient, you can provide query parameters with the params argument. Here is an example:

        params = {}
        if filter is not None:
            params['filter'] = filter
        if fields is not None:
            params['fields'] = fields

        if (range_start is not None) and (range_end is not None):
            headers[b'Range'] = ('items=' +
                                 str(range_start) + '-' + str(range_end))

        # Sends a GET request
        return client.call_api(endpoint, 'GET', headers, params=params)

    Regards,

    David

    Awesome, I'll make the adjustment. I was under the assumption that a GET request would pass data as a query param regardless. I should have read the underlying RestApiClient code with a bit more scrutiny.

    Thanks for the response!