msticpy.init.pivot_init.pivot_data_queries module
Pivot query functions class.
- class msticpy.init.pivot_init.pivot_data_queries.ParamAttrs(type, query, family, required)
Bases:
tuple
Create new instance of ParamAttrs(type, query, family, required)
- count(value, /)
Return number of occurrences of value.
- family
Alias for field number 2
- index(value, start=0, stop=9223372036854775807, /)
Return first index of value.
Raises ValueError if the value is not present.
- query
Alias for field number 1
- required
Alias for field number 3
- type
Alias for field number 0
- class msticpy.init.pivot_init.pivot_data_queries.PivQuerySettings(short_name, direct_func_entities, assigned_entities)
Bases:
tuple
Create new instance of PivQuerySettings(short_name, direct_func_entities, assigned_entities)
- assigned_entities
Alias for field number 2
- count(value, /)
Return number of occurrences of value.
- direct_func_entities
Alias for field number 1
- index(value, start=0, stop=9223372036854775807, /)
Return first index of value.
Raises ValueError if the value is not present.
- short_name
Alias for field number 0
- class msticpy.init.pivot_init.pivot_data_queries.PivotQueryFunctions(query_provider: QueryProvider, ignore_reqd: List[str] = None)
Bases:
object
Class to retrieve the queries and params from a provider.
Instantiate PivotQueryFunctions class.
- Parameters:
query_provider ([type]) – The query provider to load
ignore_reqd (List[str], optional) – List of parameters to ignore when building the required parameters list (e.g. [‘start’, ‘end’]), by default None
- current = None
- get_param_attrs(param_name: str) List[ParamAttrs]
Get the attributes for a parameter name.
- Parameters:
param_name (str) – Parameter name
- Returns:
List of ParamAttrs named tuples: (type, query, family, required)
- Return type:
List[ParamAttrs]
Notes
Since parameters may be defined for multiple queries, the set of parameter attributes will be returned for each query.
- get_params(query_func_name: str) QueryParams | None
Get the parameters for a query function.
- Parameters:
query_func_name (str) – Query name - the name must be fully-qualified (e.g. ‘WindowsSecurity.list_processes’)
- Returns:
QueryParams named tuple (all, required, full_required, param_attrs, table)
- Return type:
- get_queries_and_types_for_param(param: str) Iterable[Tuple[str, str, str, Callable[[Any], Any]]]
Get queries and parameter data types for param.
- Parameters:
param (str) – The parameter name.
- Returns:
Iterable of tuples listing: query_name, param_type, query_func
- Return type:
Iterable[Tuple[str, str, Callable[[Any], Any]]]
- get_queries_for_param(param: str) Iterable[Tuple[str, str, Callable[[Any], Any]]]
Get the list of queries for a parameter.
- Parameters:
param (str) – Parameter name
- Returns:
Iterable of tuples listing: query_name, query_func
- Return type:
Iterable[Tuple[str, str, Callable[[Any], Any]]]
- get_query_pivot_settings(family: str, query: str) PivQuerySettings
Get Pivot settings metadata for a query.
- Parameters:
family (str) – Data family
query (str) – Query name
- Returns:
Named tuple:
short_name - short name for the query
direct_func_entities - the entities to add a top level function to
assigned_entities - entities to assign the query to (if parameter mapping is not applicable).
- Return type:
- get_query_settings(family: str, query: str) QuerySource
Get the QuerySource for the named family and query.
- Parameters:
family (str) – Data family name
query (str) – Query name
- Returns:
Query settings object
- Return type:
- Raises:
KeyError – If family.`query` could not be found.
- property instance_name: str | None
Return instance name, if any for provider.
- Returns:
The instance name or None for drivers that do not support multiple instances.
- Return type:
Optional[str]
- class msticpy.init.pivot_init.pivot_data_queries.QueryParams(all, required, full_required, param_attrs, table)
Bases:
tuple
Create new instance of QueryParams(all, required, full_required, param_attrs, table)
- all
Alias for field number 0
- count(value, /)
Return number of occurrences of value.
- full_required
Alias for field number 2
- index(value, start=0, stop=9223372036854775807, /)
Return first index of value.
Raises ValueError if the value is not present.
- param_attrs
Alias for field number 3
- required
Alias for field number 1
- table
Alias for field number 4
- msticpy.init.pivot_init.pivot_data_queries.add_data_queries_to_entities(provider: QueryProvider, get_timespan: Callable[[], TimeSpan] | None)
Add data queries from provider to entities.
- Parameters:
provider (QueryProvider) – Query provider
get_timespan (Optional[Callable[[], TimeSpan]]) – Callback to get time span. If None it will use the Pivot built-in time range.
- msticpy.init.pivot_init.pivot_data_queries.add_queries_to_entities(prov_qry_funcs: PivotQueryFunctions, container: str, get_timespan: Callable[[], TimeSpan] | None)
Add data queries to entities.
- Parameters:
prov_qry_funcs (PivotQueryFunctions) – Collection of wrapped query functions
container (str) – The name of the container to add query functions to
get_timespan (Optional[Callable[[], TimeSpan]]) – Function to get the current timespan. If None it will use the Pivot built-in time range.