4.4.5. Saved queries¶
Warning
This API is deprecated.
Axonius API v2 is now available, we recommend you move to API v2.
New features will no longer be added to this API. Axonius will only provide bug fixes.
API for working with saved queries for assets.
- class axonius_api_client.api.assets.saved_query.SavedQuery(parent)[source]¶
Bases:
ChildMixinsAPI object for working with saved queries for the parent asset type.
Examples
Create a
clientusingaxonius_api_client.connect.Connectand assumeapiobjis eitherclient.devicesorclient.users>>> import axonius_api_client as axonapi >>> connect_args: dict = axonapi.get_env_connect() >>> client: axonapi.Connect = axonapi.Connect(**connect_args) >>> apiobj: axonapi.api.assets.AssetMixin = client.devices >>> # or client.users or client.vulnerabilities
Get a saved query by name:
get_by_name()Get a saved query by UUID:
get_by_uuid()Get a saved query by tags:
get_by_tags()Get all saved query tags:
get_tags()Get all saved queries:
get()Add a saved query:
add()Delete a saved query by name:
delete_by_name()Delete a saved query by UUID or SQ object:
delete()
See also
Device assets
axonius_api_client.api.assets.devices.DevicesUser assets
axonius_api_client.api.assets.users.Users
- Parameters:
parent (
axonius_api_client.api.mixins.Model) –
- property folders: FoldersQueries¶
Get the folders api for this object type.
- update_folder(sq, folder, as_dataclass=False, create=True, echo=True)[source]¶
Update the name of a Saved Query.
- Parameters:
sq (
typing.Union[str,dict,axonius_api_client.api.json_api.saved_queries.SavedQuery]) – str with name or uuid, or saved query dict or dataclassfolder (
typing.Union[str,axonius_api_client.api.json_api.folders.queries.FolderModel]) – new nameas_dataclass (
bool) – Return saved query dataclass instead of dictcreate (
bool) – create folder if it does not existecho (
bool) – echo status to stdout
- Returns:
saved query dataclass or dict
- Return type:
t.Union[dict, models.SavedQuery]
- update_description(sq, value, append=False, as_dataclass=False)[source]¶
Update the description of a Saved Query.
- Parameters:
- Returns:
saved query dataclass or dict
- Return type:
t.Union[dict, models.SavedQuery]
- update_sort(sq, field=None, descending=True, as_dataclass=False)[source]¶
Update the sort field of a Saved Query.
- Parameters:
- Returns:
saved query dataclass or dict
- Return type:
t.Union[dict, models.SavedQuery]
- update_tags(sq, value, remove=False, append=False, as_dataclass=False)[source]¶
Update the tags of a Saved Query.
- Parameters:
- Returns:
saved query dataclass or dict
- Return type:
t.Union[dict, models.SavedQuery]
- update_always_cached(sq, value, as_dataclass=False)[source]¶
Update the always_cached flag of a Saved Query.
- Parameters:
- Returns:
saved query dataclass or dict
- Return type:
t.Union[dict, models.SavedQuery]
- update_fields(sq, fields=None, fields_manual=None, fields_regex=None, fields_regex_root_only=True, fields_fuzzy=None, fields_default=False, fields_root=None, remove=False, append=False, as_dataclass=False)[source]¶
Update the tags of a Saved Query.
- Parameters:
sq (MULTI) – str with name or uuid, or saved query dict or dataclass
fields (t.Optional[t.Union[t.List[str], str]], optional) – fields
fields_manual (t.Optional[t.Union[t.List[str], str]], optional) – fields fully qualified
fields_regex (t.Optional[t.Union[t.List[str], str]], optional) – fields via regex
fields_fuzzy (t.Optional[t.Union[t.List[str], str]], optional) – fields via fuzzy
fields_default (bool, optional) – Include default fields
fields_root (t.Optional[str], optional) – fields via root
fields_regex_root_only (bool, optional) – only match root fields in fields_regex
remove (bool, optional) – remove supplied fields from saved query fields
append (bool, optional) – append supplied fields in value to pre-existing saved query fields
as_dataclass (bool, optional) – Return saved query dataclass instead of dict
- Returns:
saved query dataclass or dict
- Return type:
t.Union[dict, models.SavedQuery]
- update_query(sq, query=None, expressions=None, wiz_entries=None, append=False, append_and_flag=False, append_not_flag=False, as_dataclass=False, **kwargs)[source]¶
Update the query of a Saved Query.
- Parameters:
sq (MULTI) – str with name or uuid, or saved query dict or dataclass
query (t.Optional[str]], optional) – previously generated query
expressions (t.Optional[t.List[str]], optional) – Expressions for GUI Query Wizard
wiz_entries (t.Optional[t.Union[str, t.List[dict]]]) – API query wizard entries to parse into query and GUI query wizard expressions
append (bool, optional) – append query to pre-existing query
append_and_flag (bool, optional) – use and instead of or for appending query
append_not_flag (bool, optional) – use ‘and not’/’or not’ for appending query
as_dataclass (bool, optional) – Return saved query dataclass instead of dict
- Returns:
saved query dataclass or dict
- Return type:
t.Union[dict, models.SavedQuery]
- copy(sq, name, private=False, asset_scope=False, as_dataclass=False, always_cached=False, folder=None, create=True, echo=False)[source]¶
Create a copy of a Saved Query.
- Parameters:
sq (MULTI) – str with name or uuid, or saved query dict or dataclass
name (str) – name to use for new sq
private (bool, optional) – Set new sq as private
asset_scope (bool, optional) – Set new sq as asset scope query
as_dataclass (bool, optional) – Return saved query dataclass instead of dict
always_cached (bool, optional) – Set new sq as always cached
folder (t.Optional[t.Union[str, FolderModel]], optional) – Folder to create new sq in
create (bool, optional) – Create folder if it doesn’t exist
echo (bool, optional) – Echo API response
- Returns:
saved query dataclass or dict
- Return type:
t.Union[dict, models.SavedQuery]
- get_by_multi(sq, as_dataclass=False, asset_scopes=False, cache=False, **kwargs)[source]¶
Get a saved query by name or uuid.
- get_by_name(value, as_dataclass=False, **kwargs)[source]¶
Get a saved query by name.
Examples
Get a saved query by name
>>> import axonius_api_client as axonapi >>> connect_args: dict = axonapi.get_env_connect() >>> client: axonapi.Connect = axonapi.Connect(**connect_args) >>> apiobj: axonapi.api.assets.AssetMixin = client.devices >>> # or client.users or client.vulnerabilities >>> data = apiobj.saved_query.get_by_name(name="test") >>> data['tags'] ['Unmanaged Devices'] >>> data['description'][:80] 'Devices that have been seen by at least one agent or at least one endpoint manag' >>> data['view']['fields'] [ 'adapters', 'specific_data.data.name', 'specific_data.data.hostname', 'specific_data.data.last_seen', 'specific_data.data.network_interfaces.manufacturer', 'specific_data.data.network_interfaces.mac', 'specific_data.data.network_interfaces.ips', 'specific_data.data.os.type', 'labels' ] >>> data['view']['query']['filter'][:80] '(specific_data.data.adapter_properties == "Agent") or (specific_data.data.adapte'
- Parameters:
- Raises:
SavedQueryNotFoundError – if no saved query found with name of value
- Returns:
saved query dataclass or dict
- Return type:
t.Union[dict, models.SavedQuery]
- get_by_uuid(value, as_dataclass=False, **kwargs)[source]¶
Get a saved query by uuid.
Examples
Get a saved query by uuid
>>> import axonius_api_client as axonapi >>> connect_args: dict = axonapi.get_env_connect() >>> client: axonapi.Connect = axonapi.Connect(**connect_args) >>> apiobj: axonapi.api.assets.AssetMixin = client.devices >>> # or client.users or client.vulnerabilities >>> data = apiobj.saved_query.get_by_uuid(value="5f76721ce4557d5cba93f59e")
- Parameters:
- Raises:
SavedQueryNotFoundError – if no saved query found with uuid of value
- Returns:
saved query dataclass or dict
- Return type:
t.Union[dict, models.SavedQuery]
- get_by_tags(value, as_dataclass=False, **kwargs)[source]¶
Get saved queries by tags.
Examples
Get all saved queries with tagged with ‘AD’ >>> import axonius_api_client as axonapi >>> connect_args: dict = axonapi.get_env_connect() >>> client: axonapi.Connect = axonapi.Connect(**connect_args) >>> apiobj: axonapi.api.assets.AssetMixin = client.devices >>> # or client.users or client.vulnerabilities >>> data = apiobj.saved_query.get_by_tags(‘AD’) >>> len(data) 2
Get all saved queries with tagged with ‘AD’ or ‘AWS’ >>> data = apiobj.saved_query.get_by_tags([‘AD’, ‘AWS’]) >>> len(data) 5
- Parameters:
- Raises:
SavedQueryTagsNotFoundError – if no saved queries found with supplied tags
- Returns:
- list of saved query dataclass or dict
containing any tags in value
- Return type:
t.List[t.Union[dict, models.SavedQuery]]
- get_tags_slow()[source]¶
Get all tags for saved queries.
Examples
Get all known tags for all saved queries
>>> import axonius_api_client as axonapi >>> connect_args: dict = axonapi.get_env_connect() >>> client: axonapi.Connect = axonapi.Connect(**connect_args) >>> apiobj: axonapi.api.assets.AssetMixin = client.devices >>> # or client.users or client.vulnerabilities >>> data = apiobj.saved_query.get_tags() >>> len(data) 19
- Returns:
list of all tags in use
- Return type:
t.List[str]
- get_query_history_run_by()[source]¶
Get the valid values for the run_by attribute for getting query history.
- Return type:
- get_query_history_run_from()[source]¶
Get the valid values for the run_from attribute for getting query history.
- Return type:
- get_query_history(generator=False, **kwargs)[source]¶
Get query history.
- Parameters:
generator (bool, optional) – Return a generator or a list
**kwargs – passed to
get_fetch_history_generator()
- Returns:
- t.Generator or
list of query event models
- Return type:
t.Union[t.Generator[QueryHistory, None, None], t.List[QueryHistory]]
- get_query_history_generator(run_by=None, run_from=None, tags=None, modules=None, name_term=None, date_start=None, date_end=None, sort_attribute=None, sort_descending=False, search=None, filter=None, page_sleep=0, page_size=2000, row_start=0, row_stop=None, log_level='debug', run_by_values=None, run_from_values=None, request_obj=None)[source]¶
Get query history.
- Parameters:
run_by (t.Optional[PatternLikeListy], optional) – Filter records run by users
run_from (t.Optional[PatternLikeListy], optional) – Filter records run from api/gui
tags (t.Optional[PatternLikeListy], optional) – Filter records by SQ tags
modules (t.Optional[PatternLikeListy], optional) – Filter records by asset type (defaults to parent asset type)
name_term (t.Optional[str], optional) – Filter records by SQ name pattern
date_start (t.Optional[datetime.datetime], optional) – Filter records after this date
date_end (t.Optional[datetime.datetime], optional) – Filter records before this date (will default to now if date_start supplied and no date_end)
sort_attribute (t.Optional[str], optional) – Sort records based on this attribute
sort_descending (bool, optional) – Sort records descending or ascending
search (t.Optional[str], optional) – AQL search value to filter records
filter (t.Optional[str], optional) – AQL to filter records
page_sleep (int, optional) – Sleep N seconds between pages
page_size (int, optional) – Get N records per page
row_start (int, optional) – Start at row N
row_stop (t.Optional[int], optional) – Stop at row N
log_level (t.Union[int, str], optional) – log level to use for paging
run_by_values (t.Optional[t.List[str]], optional) – Output from
get_query_history_run_by()(will be fetched if not supplied)run_from_values (t.Optional[t.List[str]], optional) – Output from
get_query_history_run_from()(will be fetched if not supplied)request_obj (t.Optional[QueryHistoryRequest], optional) – Request object to use for options
- Return type:
typing.List[axonius_api_client.api.json_api.saved_queries.QueryHistory]
- get(generator=False, **kwargs)[source]¶
Get all saved queries.
Examples
Get all saved queries
>>> import axonius_api_client as axonapi >>> connect_args: dict = axonapi.get_env_connect() >>> client: axonapi.Connect = axonapi.Connect(**connect_args) >>> apiobj: axonapi.api.assets.AssetMixin = client.devices >>> # or client.users or client.vulnerabilities >>> data = apiobj.saved_query.get() >>> len(data) 39
- get_cached(**kwargs)[source]¶
Get all saved queries.
Examples
Get all saved queries
>>> import axonius_api_client as axonapi >>> connect_args: dict = axonapi.get_env_connect() >>> client: axonapi.Connect = axonapi.Connect(**connect_args) >>> apiobj: axonapi.api.assets.AssetMixin = client.devices >>> # or client.users or client.vulnerabilities >>> data = apiobj.saved_query.get() >>> len(data) 39
- Yields:
t.Generator[QueryHistory, None, None] –
- if generator = True, saved query
dataclass or dict
- Returns:
- if generator = False, list of saved query
dataclass or dict
- Return type:
t.List[t.Union[dict, models.SavedQuery]]
- build_filter_query(query=None, add_query_by_asset_type=True)[source]¶
Pass.
- Parameters:
query (
typing.Optional[str]) –add_query_by_asset_type (
bool) –
- Return type:
- get_generator(folder_id='all', include_usage=True, get_view_data=True, as_dataclass=False, page_sleep=0, page_size=2000, row_start=0, row_stop=None, add_query_by_asset_type=True, log_level='debug', query=None, request_obj=None)[source]¶
Get Saved Queries using a generator.
- Parameters:
as_dataclass (bool, optional) – Return saved query dataclass instead of dict
folder_id (str, optional) – folder id, will return all if “all”, otherwise will return only saved queries directly in or under the folder
include_usage (bool, optional) – include usage data
get_view_data (bool, optional) – include view data
page_sleep (int, optional) – sleep in seconds between pages
page_size (int, optional) – page size
row_start (int, optional) – row start
row_stop (int, optional) – row stop
add_query_by_asset_type (bool, optional) – add query by asset type to query string
log_level (int, optional) – log level
query (str, optional) – query to filter saved queries
request_obj (t.Optional[models.SavedQueryGet], optional) – request object
- Yields:
t.Generator[QueryHistory, None, None] – saved query dataclass or dict
- Return type:
typing.Generator[axonius_api_client.api.json_api.saved_queries.SavedQuery,None,None]
- add(as_dataclass=False, **kwargs)[source]¶
Create a saved query.
Examples
Create a saved query using a
axonius_api_client.api.wizards.wizard.Wizard>>> import axonius_api_client as axonapi >>> connect_args: dict = axonapi.get_env_connect() >>> client: axonapi.Connect = axonapi.Connect(**connect_args) >>> apiobj: axonapi.api.assets.AssetMixin = client.devices >>> # or client.users or client.vulnerabilities >>> parsed = apiobj.wizard_text.parse(content="simple hostname contains blah") >>> query = parsed["query"] >>> expressions = parsed["expressions"] >>> sq = apiobj.saved_query.add( ... name="test", ... query=query, ... expressions=expressions, ... description="meep meep", ... tags=["tag1", "tag2", "tag3"], ... )
Notes
Saved Queries created without expressions will not be editable using the query wizard in the GUI. Use
axonius_api_client.api.wizards.wizard.Wizardto produce a query and expressions for the GUI query wizard.- Parameters:
as_dataclass (bool, optional) – return saved query dataclass or dict
**kwargs – passed to
build_add_model()
- Returns:
saved query dataclass or dict
- Return type:
t.Union[dict, models.SavedQuery]
- build_add_model(name, query=None, wiz_entries=None, tags=None, description=None, expressions=None, fields=None, fields_manual=None, fields_regex=None, fields_regex_root_only=True, fields_fuzzy=None, fields_default=True, fields_root=None, fields_parsed=None, sort_field=None, sort_descending=True, sort_field_parsed=None, field_filters=None, excluded_adapters=None, asset_excluded_adapters=None, asset_filters=None, gui_page_size=None, private=False, always_cached=False, asset_scope=False, folder=None, create=True, echo=True, enforcement_filter=None, unique_adapters=False, **kwargs)[source]¶
Create a saved query.
Examples
Create a saved query using a
axonius_api_client.api.wizards.wizard.Wizard>>> import axonius_api_client as axonapi >>> connect_args: dict = axonapi.get_env_connect() >>> client: axonapi.Connect = axonapi.Connect(**connect_args) >>> apiobj: axonapi.api.assets.AssetMixin = client.devices >>> # or client.users or client.vulnerabilities >>> wiz: str = "simple hostname contains blah" >>> parsed: dict = apiobj.wizard_text.parse(content=wiz) >>> sq_name: str = "test" >>> sq_query: str = parsed["query"] >>> sq_expressions: list[dict] = parsed["expressions"] >>> sq_description: str = "meep meep" >>> sq_tags: list[str] = ["nice1", "nice2", "nice3"] >>> sq = apiobj.saved_query.add( ... name=sq_name, ... query=sq_query, ... expressions=sq_expressions, ... description=sq_description, ... tags=sq_tags, ... as_dataclass=True, ... )
Notes
Saved Queries created without expressions will not be editable using the query wizard in the GUI. Use
axonius_api_client.api.wizards.wizard.Wizardto produce a query and it’s accordant expressions for the GUI query wizard.- Parameters:
name (
str) – name of saved querydescription (
typing.Optional[str]) – description of saved queryquery (
typing.Optional[str]) – query built by GUI or API query wizardwiz_entries (t.Optional[t.Union[str, t.List[dict]]]) – API query wizard entries to parse into query and GUI query wizard expressions
tags (t.Optional[t.List[str]], optional) – list of tags
expressions (t.Optional[t.List[str]], optional) – Expressions for GUI Query Wizard
fields (
typing.Union[str,typing.List[str],None]) – fields to return for each asset (will be validated)fields_manual (
typing.Union[str,typing.List[str],None]) – fields to return for each asset (will NOT be validated)fields_regex (
typing.Union[str,typing.List[str],None]) – regex of fields to return for each assetfields_fuzzy (
typing.Union[str,typing.List[str],None]) – string to fuzzy match of fields to return for each assetfields_default (
bool) – include the default fields defined in the parent asset objectfields_regex_root_only (
bool) – only match fields in fields_regex that are not sub-fields of other fieldsfields_root (
typing.Optional[str]) – include all fields of an adapter that are not complex sub-fieldsfields_parsed (
typing.Union[dict,typing.List[str],None]) – previously parsed fieldssort_field (
typing.Optional[str]) – sort the returned assets on a given fieldsort_descending (
bool) – reverse the sort of the returned assetsfield_filters (
typing.Optional[typing.List[dict]]) – field filters to apply to this queryexcluded_adapters (
typing.Optional[typing.List[dict]]) – adapters to exclude from this queryasset_excluded_adapters (
typing.Optional[typing.List[dict]]) – adapters to exclude from this queryasset_filters (
typing.Optional[typing.List[dict]]) – asset filters to apply to this querygui_page_size (
typing.Optional[int]) – show N rows per page in GUIprivate (
bool) – make this saved query private to current useralways_cached (
bool) – always keep this query cachedasset_scope (
bool) – make this query an asset scope queryfolder (
typing.Union[str,axonius_api_client.api.json_api.folders.queries.FolderModel,None]) – folder to create saved query increate (
bool) – create folder if it does not existecho (
bool) – echo folder actions to stdout/stderrsort_field_parsed (
typing.Optional[str]) – previously parsed sort fieldenforcement_filter (
typing.Optional[str]) – unknownunique_adapters (
bool) – unknown
- Returns:
saved query dataclass to create
- Return type:
models.SavedQueryCreate
- delete_by_name(value, as_dataclass=False)[source]¶
Delete a saved query by name.
Examples
Delete the saved query by name
>>> import axonius_api_client as axonapi >>> connect_args: dict = axonapi.get_env_connect() >>> client: axonapi.Connect = axonapi.Connect(**connect_args) >>> apiobj: axonapi.api.assets.AssetMixin = client.devices >>> # or client.users or client.vulnerabilities >>> deleted = apiobj.saved_query.delete_by_name(name="test")
- delete(rows, errors=True, refetch=True, as_dataclass=False, **kwargs)[source]¶
Delete saved queries.
- Parameters:
rows (t.Union[t.List[MULTI], MULTI]) – str or list of str with name, str or list of str with uuid, saved query dict or list of dict, or saved query dataclass or list of dataclass
errors (bool, optional) – Raise errors if SQ not found or other error
refetch (bool, optional) – refetch dataclass objects before deleting SQ
as_dataclass (bool, optional) – Return saved query dataclass instead of dict
- Returns:
- list of saved query dataclass or dict that
were deleted
- Return type:
t.List[t.Union[dict, models.SavedQuery]]
- saved_query_import_path(field_name, path, **kwargs)[source]¶
Pass.
- Parameters:
field_name (
str) –path (
typing.Union[str,pathlib.Path]) –
- _saved_query_import(field_name, file_name, file_content, file_content_type=None, file_headers=None)[source]¶
Pass.
- Parameters:
field_name (
str) –file_name (
str) –file_content_type (
typing.Optional[str]) –file_headers (
typing.Optional[dict]) –
- Return type:
axonius_api_client.api.json_api.generic.ApiBase
- saved_query_export(ids, folder_id='', **kwargs)[source]¶
Exports saved queries given a list of IDs.
- Parameters:
ids (
typing.List[str]) –folder_id (
str) –
- Return type:
- _saved_query_export(ids, folder_id='', **kwargs)[source]¶
Private method to export saved queries given a list of IDs.
- Parameters:
ids (
typing.List[str]) –folder_id (
str) –
- Return type:
- _update_from_dataclass(obj, uuid=None)[source]¶
Direct API method to update a saved query.
- Parameters:
obj (models.SavedQueryMixins) – pre-created dataclass
uuid (
typing.Optional[str]) –
- Returns:
saved query dataclass
- Return type:
models.SavedQuery
- _add_from_dataclass(obj)[source]¶
Direct API method to create a saved query.
- Parameters:
obj (models.SavedQueryCreate) – pre-created dataclass
- Returns:
saved query dataclass
- Return type:
models.SavedQuery
- _delete(uuid)[source]¶
Direct API method to delete saved queries.
- Parameters:
uuid (str) – uuid of SQ to delete
- Returns:
Metadata object containing UUID of deleted SQ
- Return type:
Metadata
- _get_model(request_obj)[source]¶
Direct API method to get all saved queries.
- Parameters:
request_obj (
axonius_api_client.api.json_api.saved_queries.SavedQueryGet) –- Return type:
typing.List[axonius_api_client.api.json_api.saved_queries.SavedQuery]
- _check_name_exists(value)[source]¶
Check if a SQ already exists with a given name.
- Parameters:
value (str) – Name to check
- Raises:
AlreadyExists – if SQ with name of value found
- _get_query_history(request_obj=None)[source]¶
Pass.
- Parameters:
request_obj (
typing.Optional[axonius_api_client.api.json_api.saved_queries.QueryHistoryRequest]) –- Return type:
typing.List[axonius_api_client.api.json_api.saved_queries.QueryHistory]
- _get_query_history_run_by()[source]¶
Get the valid values for the run_by attribute for getting query history.
- Return type:
axonius_api_client.api.json_api.generic.ListValueSchema
- _get_query_history_run_from()[source]¶
Get the valid values for the run_from attribute for getting query history.
- Return type:
axonius_api_client.api.json_api.generic.ListValueSchema
- _get_tags()[source]¶
Get the valid tags.
- Return type:
axonius_api_client.api.json_api.generic.ListValueSchema
-
LOG:
logging.Logger= None¶ Logger for this object.
- __init__(parent)¶
Mixins model for API child objects.
- Parameters:
parent (
axonius_api_client.api.mixins.Model) – parent API model of this child
- _init(parent)¶
Post init method for subclasses to use for extra setup.
- Parameters:
parent (
axonius_api_client.api.mixins.Model) – parent API model of this child
-
auth:
axonius_api_client.auth.model.AuthModel= None¶ Authentication model with bound Http object to use for requests.
-
http:
axonius_api_client.http.Http= None¶ Http object to use for requests.
-
parent:
axonius_api_client.api.mixins.Model= None¶ Parent API model of this child.