4.7.3.3. Fields

Constants for field schemas.

axonius_api_client.constants.fields.AGG_ADAPTER_NAME: str = 'agg'

Short name to use for aggregated adapter

axonius_api_client.constants.fields.AGG_ADAPTER_TITLE: str = 'Aggregated'

Title to use for aggregated adapter

class axonius_api_client.constants.fields.AXID[source]

Bases: object

Pass.

name: str = 'internal_axon_id'
title: str = 'Asset Unique ID'
column_title: str = 'Aggregated: Asset Unique ID'
keys_title: typing.List[str] = ['Aggregated: Asset Unique ID', 'Asset Unique ID']
keys: typing.List[str] = ['internal_axon_id', 'Aggregated: Asset Unique ID', 'Asset Unique ID']
keys_str: str = 'internal_axon_id,Aggregated: Asset Unique ID,Asset Unique ID'
chars: str = 'abcdefghijklmnopqrstuvwxyz0123456789'
length: int = 32
examples: typing.List[str] = ['b237ae0c07f9eb3f02ad854a8298f37e', '7592ea0d5acca4981b9cd3f1c37bfb32']
example_csv: str = 'b237ae0c07f9eb3f02ad854a8298f37e,7592ea0d5acca4981b9cd3f1c37bfb32'
rules_short: str = '32 character alphanumeric string'
rules: typing.List[str] = ["internal_axon_id's must be supplied as alphanumeric strings that are 32 characters in length", 'You can provide multiples using a comma separated string:', '  example: b237ae0c07f9eb3f02ad854a8298f37e,7592ea0d5acca4981b9cd3f1c37bfb32']
classmethod strip(value)[source]

Pass.

Parameters:

value (str) –

static is_axid(value)[source]

Pass.

Parameters:

value (typing.Any) –

Return type:

bool

axonius_api_client.constants.fields.ALL_NAME: str = 'all'

alternative name to use for ‘all’ field.

axonius_api_client.constants.fields.AGG_EXPR_FIELD_TYPE: str = 'axonius'

epxr_field_type to use in saved query expressions for aggregated fields

axonius_api_client.constants.fields.AGG_ADAPTER_ALTS: List[str] = ['generic', 'general', 'specific', 'agg', 'aggregated']

list of list of alternatives for ‘generic’ adapter.

axonius_api_client.constants.fields.GET_SCHEMAS_KEYS: List[str] = ['name', 'name_base', 'name_qual', 'title']

field schema keys to check when finding field schemas

axonius_api_client.constants.fields.GET_SCHEMA_KEYS: List[str] = ['name', 'name_base', 'name_qual', 'title']

field schema keys to check when finding a single field schema

axonius_api_client.constants.fields.FUZZY_SCHEMAS_KEYS: List[str] = ['name_base', 'title']

field schema keys to check when fuzzy matching field schemas

axonius_api_client.constants.fields.PRETTY_SCHEMA_TMPL: str = '{adapter_name}:{name_base:{len_max}} -> {column_title}'

template to use when pretty printing schemas.

axonius_api_client.constants.fields.FIELDS_DETAILS: List[str] = ['meta_data.client_used', 'unique_adapter_names_details', 'adapter_asset_entities_info']

Fields that are returned by REST API when include_details=True

axonius_api_client.constants.fields.FIELDS_DETAILS_EXCLUDE: List[str] = ['adapter_list_length_details', 'adapters_details', 'internal_axon_id_details', 'labels_details']

Fields that should be excluded when include_details=True

axonius_api_client.constants.fields.FIELDS_ENTITY_PASSTHRU: List[str] = ['adapter_list_length', 'internal_axon_id', 'labels']

Fields that should be passed thru directly when exploding by asset entities.

axonius_api_client.constants.fields.SCHEMAS_CUSTOM: Dict[str, dict] = {'include_dates': {'current_date': {'adapter_name': 'report', 'column_name': 'report:current_date', 'column_title': 'Report: Current Date', 'format': 'date-time', 'is_complex': False, 'is_custom': True, 'is_list': False, 'is_root': True, 'name': 'current_date', 'name_base': 'current_date', 'name_qual': 'current_date', 'parent': 'root', 'title': 'Current Date', 'type': 'string', 'type_norm': 'string_datetime'}, 'history_date': {'adapter_name': 'report', 'column_name': 'report:history_date', 'column_title': 'Report: History Date', 'format': 'date-time', 'is_complex': False, 'is_custom': True, 'is_list': False, 'is_root': True, 'name': 'history_date', 'name_base': 'history_date', 'name_qual': 'history_date', 'parent': 'root', 'title': 'History Date', 'type': 'string', 'type_norm': 'string_datetime'}}, 'report_adapters_missing': {'adapters_missing': {'adapter_name': 'report', 'column_name': 'report:adapters_missing', 'column_title': 'Report: Adapters Missing', 'is_complex': False, 'is_custom': True, 'is_list': True, 'is_root': True, 'name': 'adapters_missing', 'name_base': 'adapters_missing', 'name_qual': 'adapters_missing', 'parent': 'root', 'title': 'Adapters Missing', 'type': 'string', 'type_norm': 'list_string'}}, 'report_software_whitelist': {'software_extra': {'adapter_name': 'report', 'column_name': 'report:software_extra', 'column_title': 'Report: Extra Software', 'is_complex': False, 'is_custom': True, 'is_list': True, 'is_root': True, 'name': 'software_extra', 'name_base': 'software_extra', 'name_qual': 'software_extra', 'parent': 'root', 'title': 'Extra Software', 'type': 'string', 'type_norm': 'list_string'}, 'software_missing': {'adapter_name': 'report', 'column_name': 'report:software_missing', 'column_title': 'Report: Missing Software', 'is_complex': False, 'is_custom': True, 'is_list': True, 'is_root': True, 'name': 'software_missing', 'name_base': 'software_missing', 'name_qual': 'software_missing', 'parent': 'root', 'title': 'Missing Software', 'type': 'string', 'type_norm': 'list_string'}, 'software_whitelist': {'adapter_name': 'report', 'column_name': 'report:software_whitelist', 'column_title': 'Report: Software Whitelist', 'is_complex': False, 'is_custom': True, 'is_list': True, 'is_root': True, 'name': 'software_whitelist', 'name_base': 'software_whitelist', 'name_qual': 'software_whitelist', 'parent': 'root', 'title': 'Software Whitelist', 'type': 'string', 'type_norm': 'list_string'}}}

custom schemas for reports in asset callbacks

class axonius_api_client.constants.fields.Parsers(value)[source]

Bases: BaseEnum

Names of value parsers.

to_csv_adapters = 'to_csv_adapters'
to_csv_cnx_label = 'to_csv_cnx_label'
to_csv_int = 'to_csv_int'
to_csv_ip = 'to_csv_ip'
to_csv_str = 'to_csv_str'
to_csv_subnet = 'to_csv_subnet'
to_csv_tags = 'to_csv_tags'
to_csv_tags_expirable = 'to_csv_tags_expirable'
to_dt = 'to_dt'
to_in_subnet = 'to_in_subnet'
to_int = 'to_int'
to_ip = 'to_ip'
to_none = 'to_none'
to_raw_version = 'to_raw_version'
to_str = 'to_str'
to_str_adapters = 'to_str_adapters'
to_str_cnx_label = 'to_str_cnx_label'
to_str_escaped_regex = 'to_str_escaped_regex'
to_str_subnet = 'to_str_subnet'
to_str_tags = 'to_str_tags'
to_str_tags_expirable = 'to_str_tags_expirable'
to_str_sq = 'to_str_sq'
to_str_data_scope = 'to_str_data_scope'
class axonius_api_client.constants.fields.Types(value)[source]

Bases: BaseEnum

Types of field schemas.

string = 'string'
boolean = 'bool'
integer = 'integer'
number = 'number'
array = 'array'
class axonius_api_client.constants.fields.Formats(value)[source]

Bases: BaseEnum

Formats of field schemas.

datetime = 'date-time'
image = 'image'
version = 'version'
ip = 'ip'
subnet = 'subnet'
discrete = 'discrete'
table = 'table'
tag = 'tag'
connection_label = 'connection_label'
ip_preferred = 'ip_preferred'
os_distribution = 'os-distribution'
dynamic_field = 'dynamic_field'
date = 'date'
sq = 'sq'
tag_expirable = 'expirable-tag'
data_scope = 'data_scope'
class axonius_api_client.constants.fields.OperatorNameMap(name, op)[source]

Bases: BaseData

Mapping class of an operator name to its GUI expression operator name.

Parameters:
name: str
op: str
__init__(name, op)
Parameters:
static _human_key(key)

Pass.

classmethod get_fields()

Get a list of fields defined for current this dataclass object.

Return type:

typing.List[dataclasses.Field]

replace(**kwargs)

Pass.

Return type:

axonius_api_client.data.BaseData

to_dict()

Get this dataclass object as a dictionary.

Return type:

dict

class axonius_api_client.constants.fields.OperatorNameMaps(contains=OperatorNameMap(name='contains', op='contains'), count_equals=OperatorNameMap(name='count_equals', op='count_equals'), count_less_than=OperatorNameMap(name='count_below', op='count_below'), count_more_than=OperatorNameMap(name='count_above', op='count_above'), endswith=OperatorNameMap(name='endswith', op='ends'), equals=OperatorNameMap(name='equals', op='equals'), equals_empty=OperatorNameMap(name='equals', op=''), exists=OperatorNameMap(name='exists', op='exists'), is_false=OperatorNameMap(name='false', op='false'), is_true=OperatorNameMap(name='true', op='true'), is_in=OperatorNameMap(name='in', op='IN'), is_in_subnet=OperatorNameMap(name='in_subnet', op='subnet'), is_ipv4=OperatorNameMap(name='is_ipv4', op='isIPv4'), is_ipv6=OperatorNameMap(name='is_ipv6', op='isIPv6'), is_not_in_subnet=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), last_days=OperatorNameMap(name='last_days', op='days'), last_hours=OperatorNameMap(name='last_hours', op='hours'), less_than=OperatorNameMap(name='less_than', op='<'), more_than=OperatorNameMap(name='more_than', op='>'), next_days=OperatorNameMap(name='next_days', op='next_days'), next_hours=OperatorNameMap(name='next_hours', op='next_hours'), regex=OperatorNameMap(name='regex', op='regex'), startswith=OperatorNameMap(name='startswith', op='starts'), earlier_than=OperatorNameMap(name='earlier_than', op='earlier than'), later_than=OperatorNameMap(name='later_than', op='later than'))[source]

Bases: BaseData

Maps of operator names to their GUI expression operator names.

Parameters:
contains: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='contains', op='contains')
count_equals: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='count_equals', op='count_equals')
count_less_than: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='count_below', op='count_below')
count_more_than: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='count_above', op='count_above')
endswith: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='endswith', op='ends')
equals: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='equals', op='equals')
equals_empty: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='equals', op='')
exists: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='exists', op='exists')
is_false: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='false', op='false')
is_true: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='true', op='true')
is_in: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='in', op='IN')
is_in_subnet: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='in_subnet', op='subnet')
is_ipv4: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='is_ipv4', op='isIPv4')
is_ipv6: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='is_ipv6', op='isIPv6')
is_not_in_subnet: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='not_in_subnet', op='notInSubnet')
last_days: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='last_days', op='days')
last_hours: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='last_hours', op='hours')
less_than: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='less_than', op='<')
more_than: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='more_than', op='>')
next_days: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='next_days', op='next_days')
next_hours: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='next_hours', op='next_hours')
regex: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='regex', op='regex')
startswith: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='startswith', op='starts')
earlier_than: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='earlier_than', op='earlier than')
later_than: axonius_api_client.constants.fields.OperatorNameMap = OperatorNameMap(name='later_than', op='later than')
__init__(contains=OperatorNameMap(name='contains', op='contains'), count_equals=OperatorNameMap(name='count_equals', op='count_equals'), count_less_than=OperatorNameMap(name='count_below', op='count_below'), count_more_than=OperatorNameMap(name='count_above', op='count_above'), endswith=OperatorNameMap(name='endswith', op='ends'), equals=OperatorNameMap(name='equals', op='equals'), equals_empty=OperatorNameMap(name='equals', op=''), exists=OperatorNameMap(name='exists', op='exists'), is_false=OperatorNameMap(name='false', op='false'), is_true=OperatorNameMap(name='true', op='true'), is_in=OperatorNameMap(name='in', op='IN'), is_in_subnet=OperatorNameMap(name='in_subnet', op='subnet'), is_ipv4=OperatorNameMap(name='is_ipv4', op='isIPv4'), is_ipv6=OperatorNameMap(name='is_ipv6', op='isIPv6'), is_not_in_subnet=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), last_days=OperatorNameMap(name='last_days', op='days'), last_hours=OperatorNameMap(name='last_hours', op='hours'), less_than=OperatorNameMap(name='less_than', op='<'), more_than=OperatorNameMap(name='more_than', op='>'), next_days=OperatorNameMap(name='next_days', op='next_days'), next_hours=OperatorNameMap(name='next_hours', op='next_hours'), regex=OperatorNameMap(name='regex', op='regex'), startswith=OperatorNameMap(name='startswith', op='starts'), earlier_than=OperatorNameMap(name='earlier_than', op='earlier than'), later_than=OperatorNameMap(name='later_than', op='later than'))
Parameters:
static _human_key(key)

Pass.

classmethod get_fields()

Get a list of fields defined for current this dataclass object.

Return type:

typing.List[dataclasses.Field]

replace(**kwargs)

Pass.

Return type:

axonius_api_client.data.BaseData

to_dict()

Get this dataclass object as a dictionary.

Return type:

dict

class axonius_api_client.constants.fields.Operator(template, name_map, parser, field_name_override=None)[source]

Bases: BaseData

Operator mapto its AQL template, operator name map, and its value parser.

Parameters:
template: str
name_map: axonius_api_client.constants.fields.OperatorNameMap
parser: axonius_api_client.constants.fields.Parsers
field_name_override: typing.Optional[str] = None
__init__(template, name_map, parser, field_name_override=None)
Parameters:
static _human_key(key)

Pass.

classmethod get_fields()

Get a list of fields defined for current this dataclass object.

Return type:

typing.List[dataclasses.Field]

replace(**kwargs)

Pass.

Return type:

axonius_api_client.data.BaseData

to_dict()

Get this dataclass object as a dictionary.

Return type:

dict

axonius_api_client.constants.fields.ops_clean(operators, clean)[source]

Get a list of operators without those in clean.

Parameters:
class axonius_api_client.constants.fields.Operators(contains=Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), count_equals=Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), count_less_than=Operator(template='("{field}" < size({aql_value}))', name_map=OperatorNameMap(name='count_below', op='count_below'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), count_more_than=Operator(template='("{field}" > size({aql_value}))', name_map=OperatorNameMap(name='count_above', op='count_above'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), endswith=Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), equals_str=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), equals_str_tag=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags: 'to_str_tags'>, field_name_override=None), equals_str_tag_expirable=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags_expirable: 'to_str_tags_expirable'>, field_name_override=None), equals_str_adapter=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_adapters: 'to_str_adapters'>, field_name_override=None), equals_str_cnx_label=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_cnx_label: 'to_str_cnx_label'>, field_name_override=None), equals_str_sq=Operator(template='({{{{QueryID={aql_value}}}}})', name_map=OperatorNameMap(name='equals', op=''), parser=<Parsers.to_str_sq: 'to_str_sq'>, field_name_override='saved_query'), equals_str_data_scope=Operator(template='({{{{AssetScopeID={aql_value}}}}})', name_map=OperatorNameMap(name='equals', op=''), parser=<Parsers.to_str_data_scope: 'to_str_data_scope'>, field_name_override='data_scope'), equals_ip=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_ip: 'to_ip'>, field_name_override=None), equals_subnet=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_subnet: 'to_str_subnet'>, field_name_override=None), equals_int=Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), exists=Operator(template='(("{field}" == ({{"$exists":true, "$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), exists_array=Operator(template='(("{field}" == ({{"$exists":true, "$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), exists_array_object=Operator(template='(("{field}" == ({{"$exists":true, "$ne":[]}})) and "{field}" != [])', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), ip_in_subnet=Operator(template='("{field}_raw" == match({{"$gte": {aql_value[0]}, "$lte": {aql_value[1]}}}))', name_map=OperatorNameMap(name='in_subnet', op='subnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), ip_not_in_subnet=Operator(template='(("{field}_raw" == match({{"$gte": 0, "$lte": {aql_value[0]}}}) or "{field}_raw" == match({{"$gte": {aql_value[1]}, "$lte": 4294967295}})))', name_map=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), ipv4=Operator(template='("{field}" == regex("\\\\."))', name_map=OperatorNameMap(name='is_ipv4', op='isIPv4'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), ipv6=Operator(template='("{field}" == regex(":"))', name_map=OperatorNameMap(name='is_ipv6', op='isIPv6'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), is_in_str=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None), is_in_str_tag=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags: 'to_csv_tags'>, field_name_override=None), is_in_str_tag_expirable=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags_expirable: 'to_csv_tags_expirable'>, field_name_override=None), is_in_str_adapter=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_adapters: 'to_csv_adapters'>, field_name_override=None), is_in_str_cnx_label=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_cnx_label: 'to_csv_cnx_label'>, field_name_override=None), is_in_int=Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), is_in_ip=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_ip: 'to_csv_ip'>, field_name_override=None), is_in_subnet=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_subnet: 'to_csv_subnet'>, field_name_override=None), is_false=Operator(template='("{field}" == false)', name_map=OperatorNameMap(name='false', op='false'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), is_true=Operator(template='("{field}" == true)', name_map=OperatorNameMap(name='true', op='true'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), last_hours=Operator(template='("{field}" >= date("NOW - {aql_value}h"))', name_map=OperatorNameMap(name='last_hours', op='hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), last_days=Operator(template='("{field}" >= date("NOW - {aql_value}d"))', name_map=OperatorNameMap(name='last_days', op='days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), less_than_date=Operator(template='("{field}" < date("{aql_value}"))', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), less_than_int=Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), earlier_than_version=Operator(template='("{field}_raw" < \\'{aql_value}\\')', name_map=OperatorNameMap(name='earlier_than', op='earlier than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None), more_than_date=Operator(template='("{field}" > date("{aql_value}"))', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), more_than_int=Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), later_than_version=Operator(template='("{field}_raw" > \\'{aql_value}\\')', name_map=OperatorNameMap(name='later_than', op='later than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None), next_hours=Operator(template='("{field}" >= date("NOW + {aql_value}h"))', name_map=OperatorNameMap(name='next_hours', op='next_hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), next_days=Operator(template='("{field}" >= date("NOW + {aql_value}d"))', name_map=OperatorNameMap(name='next_days', op='next_days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), regex=Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), startswith=Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None))[source]

Bases: BaseData

Operator maps to their AQL templates, operator name map, and their value parsers.

Parameters:
contains: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None)
count_equals: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)
count_less_than: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" < size({aql_value}))', name_map=OperatorNameMap(name='count_below', op='count_below'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)
count_more_than: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" > size({aql_value}))', name_map=OperatorNameMap(name='count_above', op='count_above'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)
endswith: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None)
equals_str: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None)
equals_str_tag: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags: 'to_str_tags'>, field_name_override=None)
equals_str_tag_expirable: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags_expirable: 'to_str_tags_expirable'>, field_name_override=None)
equals_str_adapter: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_adapters: 'to_str_adapters'>, field_name_override=None)
equals_str_cnx_label: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_cnx_label: 'to_str_cnx_label'>, field_name_override=None)
equals_str_sq: axonius_api_client.constants.fields.Operator = Operator(template='({{{{QueryID={aql_value}}}}})', name_map=OperatorNameMap(name='equals', op=''), parser=<Parsers.to_str_sq: 'to_str_sq'>, field_name_override='saved_query')
equals_str_data_scope: axonius_api_client.constants.fields.Operator = Operator(template='({{{{AssetScopeID={aql_value}}}}})', name_map=OperatorNameMap(name='equals', op=''), parser=<Parsers.to_str_data_scope: 'to_str_data_scope'>, field_name_override='data_scope')
equals_ip: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_ip: 'to_ip'>, field_name_override=None)
equals_subnet: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_subnet: 'to_str_subnet'>, field_name_override=None)
equals_int: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)
exists: axonius_api_client.constants.fields.Operator = Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)
exists_array: axonius_api_client.constants.fields.Operator = Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)
exists_array_object: axonius_api_client.constants.fields.Operator = Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})) and "{field}" != [])', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)
ip_in_subnet: axonius_api_client.constants.fields.Operator = Operator(template='("{field}_raw" == match({{"$gte": {aql_value[0]}, "$lte": {aql_value[1]}}}))', name_map=OperatorNameMap(name='in_subnet', op='subnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None)
ip_not_in_subnet: axonius_api_client.constants.fields.Operator = Operator(template='(("{field}_raw" == match({{"$gte": 0, "$lte": {aql_value[0]}}}) or "{field}_raw" == match({{"$gte": {aql_value[1]}, "$lte": 4294967295}})))', name_map=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None)
ipv4: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == regex("\\."))', name_map=OperatorNameMap(name='is_ipv4', op='isIPv4'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)
ipv6: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == regex(":"))', name_map=OperatorNameMap(name='is_ipv6', op='isIPv6'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)
is_in_str: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None)
is_in_str_tag: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags: 'to_csv_tags'>, field_name_override=None)
is_in_str_tag_expirable: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags_expirable: 'to_csv_tags_expirable'>, field_name_override=None)
is_in_str_adapter: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_adapters: 'to_csv_adapters'>, field_name_override=None)
is_in_str_cnx_label: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_cnx_label: 'to_csv_cnx_label'>, field_name_override=None)
is_in_int: axonius_api_client.constants.fields.Operator = Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None)
is_in_ip: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_ip: 'to_csv_ip'>, field_name_override=None)
is_in_subnet: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_subnet: 'to_csv_subnet'>, field_name_override=None)
is_false: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == false)', name_map=OperatorNameMap(name='false', op='false'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)
is_true: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == true)', name_map=OperatorNameMap(name='true', op='true'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)
last_hours: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" >= date("NOW - {aql_value}h"))', name_map=OperatorNameMap(name='last_hours', op='hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)
last_days: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" >= date("NOW - {aql_value}d"))', name_map=OperatorNameMap(name='last_days', op='days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)
less_than_date: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" < date("{aql_value}"))', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None)
less_than_int: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)
earlier_than_version: axonius_api_client.constants.fields.Operator = Operator(template='("{field}_raw" < \'{aql_value}\')', name_map=OperatorNameMap(name='earlier_than', op='earlier than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None)
more_than_date: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" > date("{aql_value}"))', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None)
more_than_int: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)
later_than_version: axonius_api_client.constants.fields.Operator = Operator(template='("{field}_raw" > \'{aql_value}\')', name_map=OperatorNameMap(name='later_than', op='later than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None)
next_hours: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" >= date("NOW + {aql_value}h"))', name_map=OperatorNameMap(name='next_hours', op='next_hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)
next_days: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" >= date("NOW + {aql_value}d"))', name_map=OperatorNameMap(name='next_days', op='next_days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)
regex: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None)
startswith: axonius_api_client.constants.fields.Operator = Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None)
__init__(contains=Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), count_equals=Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), count_less_than=Operator(template='("{field}" < size({aql_value}))', name_map=OperatorNameMap(name='count_below', op='count_below'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), count_more_than=Operator(template='("{field}" > size({aql_value}))', name_map=OperatorNameMap(name='count_above', op='count_above'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), endswith=Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), equals_str=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), equals_str_tag=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags: 'to_str_tags'>, field_name_override=None), equals_str_tag_expirable=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags_expirable: 'to_str_tags_expirable'>, field_name_override=None), equals_str_adapter=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_adapters: 'to_str_adapters'>, field_name_override=None), equals_str_cnx_label=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_cnx_label: 'to_str_cnx_label'>, field_name_override=None), equals_str_sq=Operator(template='({{{{QueryID={aql_value}}}}})', name_map=OperatorNameMap(name='equals', op=''), parser=<Parsers.to_str_sq: 'to_str_sq'>, field_name_override='saved_query'), equals_str_data_scope=Operator(template='({{{{AssetScopeID={aql_value}}}}})', name_map=OperatorNameMap(name='equals', op=''), parser=<Parsers.to_str_data_scope: 'to_str_data_scope'>, field_name_override='data_scope'), equals_ip=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_ip: 'to_ip'>, field_name_override=None), equals_subnet=Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_subnet: 'to_str_subnet'>, field_name_override=None), equals_int=Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), exists=Operator(template='(("{field}" == ({{"$exists":true, "$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), exists_array=Operator(template='(("{field}" == ({{"$exists":true, "$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), exists_array_object=Operator(template='(("{field}" == ({{"$exists":true, "$ne":[]}})) and "{field}" != [])', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), ip_in_subnet=Operator(template='("{field}_raw" == match({{"$gte": {aql_value[0]}, "$lte": {aql_value[1]}}}))', name_map=OperatorNameMap(name='in_subnet', op='subnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), ip_not_in_subnet=Operator(template='(("{field}_raw" == match({{"$gte": 0, "$lte": {aql_value[0]}}}) or "{field}_raw" == match({{"$gte": {aql_value[1]}, "$lte": 4294967295}})))', name_map=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), ipv4=Operator(template='("{field}" == regex("\\\\."))', name_map=OperatorNameMap(name='is_ipv4', op='isIPv4'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), ipv6=Operator(template='("{field}" == regex(":"))', name_map=OperatorNameMap(name='is_ipv6', op='isIPv6'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), is_in_str=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None), is_in_str_tag=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags: 'to_csv_tags'>, field_name_override=None), is_in_str_tag_expirable=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags_expirable: 'to_csv_tags_expirable'>, field_name_override=None), is_in_str_adapter=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_adapters: 'to_csv_adapters'>, field_name_override=None), is_in_str_cnx_label=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_cnx_label: 'to_csv_cnx_label'>, field_name_override=None), is_in_int=Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), is_in_ip=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_ip: 'to_csv_ip'>, field_name_override=None), is_in_subnet=Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_subnet: 'to_csv_subnet'>, field_name_override=None), is_false=Operator(template='("{field}" == false)', name_map=OperatorNameMap(name='false', op='false'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), is_true=Operator(template='("{field}" == true)', name_map=OperatorNameMap(name='true', op='true'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), last_hours=Operator(template='("{field}" >= date("NOW - {aql_value}h"))', name_map=OperatorNameMap(name='last_hours', op='hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), last_days=Operator(template='("{field}" >= date("NOW - {aql_value}d"))', name_map=OperatorNameMap(name='last_days', op='days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), less_than_date=Operator(template='("{field}" < date("{aql_value}"))', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), less_than_int=Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), earlier_than_version=Operator(template='("{field}_raw" < \\'{aql_value}\\')', name_map=OperatorNameMap(name='earlier_than', op='earlier than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None), more_than_date=Operator(template='("{field}" > date("{aql_value}"))', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), more_than_int=Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), later_than_version=Operator(template='("{field}_raw" > \\'{aql_value}\\')', name_map=OperatorNameMap(name='later_than', op='later than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None), next_hours=Operator(template='("{field}" >= date("NOW + {aql_value}h"))', name_map=OperatorNameMap(name='next_hours', op='next_hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), next_days=Operator(template='("{field}" >= date("NOW + {aql_value}d"))', name_map=OperatorNameMap(name='next_days', op='next_days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), regex=Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), startswith=Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None))
Parameters:
static _human_key(key)

Pass.

classmethod get_fields()

Get a list of fields defined for current this dataclass object.

Return type:

typing.List[dataclasses.Field]

replace(**kwargs)

Pass.

Return type:

axonius_api_client.data.BaseData

to_dict()

Get this dataclass object as a dictionary.

Return type:

dict

class axonius_api_client.constants.fields.OperatorTypeMap(name, operators, field_type, field_format=None, items_type=None, items_format=None)[source]

Bases: BaseData

Operator type map that maps an operator to a specific field schema.

Parameters:
name: str
operators: typing.List[axonius_api_client.constants.fields.Operator]
field_type: axonius_api_client.constants.fields.Types
field_format: axonius_api_client.constants.fields.Formats = None
items_type: axonius_api_client.constants.fields.Types = None
items_format: axonius_api_client.constants.fields.Formats = None
__init__(name, operators, field_type, field_format=None, items_type=None, items_format=None)
Parameters:
static _human_key(key)

Pass.

classmethod get_fields()

Get a list of fields defined for current this dataclass object.

Return type:

typing.List[dataclasses.Field]

replace(**kwargs)

Pass.

Return type:

axonius_api_client.data.BaseData

to_dict()

Get this dataclass object as a dictionary.

Return type:

dict

class axonius_api_client.constants.fields.OperatorTypeMaps(string_sq=OperatorTypeMap(name='string_sq', operators=[Operator(template='({{{{QueryID={aql_value}}}}})', name_map=OperatorNameMap(name='equals', op=''), parser=<Parsers.to_str_sq: 'to_str_sq'>, field_name_override='saved_query')], field_type=<Types.string: 'string'>, field_format=<Formats.sq: 'sq'>, items_type=None, items_format=None), string_data_scope=OperatorTypeMap(name='string_data_scope', operators=[Operator(template='({{{{AssetScopeID={aql_value}}}}})', name_map=OperatorNameMap(name='equals', op=''), parser=<Parsers.to_str_data_scope: 'to_str_data_scope'>, field_name_override='data_scope')], field_type=<Types.string: 'string'>, field_format=<Formats.data_scope: 'data_scope'>, items_type=None, items_format=None), string_cnx_label=OperatorTypeMap(name='string_cnx_label', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_cnx_label: 'to_str_cnx_label'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_cnx_label: 'to_csv_cnx_label'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.connection_label: 'connection_label'>, items_type=None, items_format=None), string=OperatorTypeMap(name='string', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=None, items_type=None, items_format=None), string_os_distribution=OperatorTypeMap(name='string_os_distribution', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.os_distribution: 'os-distribution'>, items_type=None, items_format=None), string_tag_expirable=OperatorTypeMap(name='string_tag_expirable', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags: 'to_str_tags'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags: 'to_csv_tags'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.tag_expirable: 'expirable-tag'>, items_type=None, items_format=None), string_tag=OperatorTypeMap(name='string_tag', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags: 'to_str_tags'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags: 'to_csv_tags'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.tag: 'tag'>, items_type=None, items_format=None), string_ip=OperatorTypeMap(name='string_ip', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_ip: 'to_csv_ip'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_ip: 'to_ip'>, field_name_override=None), Operator(template='("{field}_raw" == match({{"$gte": {aql_value[0]}, "$lte": {aql_value[1]}}}))', name_map=OperatorNameMap(name='in_subnet', op='subnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='(("{field}_raw" == match({{"$gte": 0, "$lte": {aql_value[0]}}}) or "{field}_raw" == match({{"$gte": {aql_value[1]}, "$lte": 4294967295}})))', name_map=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='("{field}" == regex("\\\\."))', name_map=OperatorNameMap(name='is_ipv4', op='isIPv4'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex(":"))', name_map=OperatorNameMap(name='is_ipv6', op='isIPv6'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.ip: 'ip'>, items_type=None, items_format=None), string_datetime=OperatorTypeMap(name='string_datetime', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" < date("{aql_value}"))', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" > date("{aql_value}"))', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}h"))', name_map=OperatorNameMap(name='last_hours', op='hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}h"))', name_map=OperatorNameMap(name='next_hours', op='next_hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}d"))', name_map=OperatorNameMap(name='last_days', op='days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}d"))', name_map=OperatorNameMap(name='next_days', op='next_days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.datetime: 'date-time'>, items_type=None, items_format=None), string_date=OperatorTypeMap(name='string_date', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" < date("{aql_value}"))', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" > date("{aql_value}"))', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}h"))', name_map=OperatorNameMap(name='last_hours', op='hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}h"))', name_map=OperatorNameMap(name='next_hours', op='next_hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}d"))', name_map=OperatorNameMap(name='last_days', op='days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}d"))', name_map=OperatorNameMap(name='next_days', op='next_days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.date: 'date'>, items_type=None, items_format=None), string_image=OperatorTypeMap(name='string_image', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.image: 'image'>, items_type=None, items_format=None), string_version=OperatorTypeMap(name='string_version', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}_raw" < \\'{aql_value}\\')', name_map=OperatorNameMap(name='earlier_than', op='earlier than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None), Operator(template='("{field}_raw" > \\'{aql_value}\\')', name_map=OperatorNameMap(name='later_than', op='later than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.version: 'version'>, items_type=None, items_format=None), string_subnet=OperatorTypeMap(name='string_subnet', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_subnet: 'to_csv_subnet'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_subnet: 'to_str_subnet'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.subnet: 'subnet'>, items_type=None, items_format=None), boolean=OperatorTypeMap(name='boolean', operators=[Operator(template='("{field}" == true)', name_map=OperatorNameMap(name='true', op='true'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == false)', name_map=OperatorNameMap(name='false', op='false'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.boolean: 'bool'>, field_format=None, items_type=None, items_format=None), integer=OperatorTypeMap(name='integer', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.integer: 'integer'>, field_format=None, items_type=None, items_format=None), number=OperatorTypeMap(name='number', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.number: 'number'>, field_format=None, items_type=None, items_format=None), array_object=OperatorTypeMap(name='array_object', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})) and "{field}" != [])', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.array: 'array'>, items_format=None), array_table_object=OperatorTypeMap(name='array_table_object', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})) and "{field}" != [])', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.table: 'table'>, items_type=<Types.array: 'array'>, items_format=None), array_integer=OperatorTypeMap(name='array_integer', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.integer: 'integer'>, items_format=None), array_number=OperatorTypeMap(name='array_number', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.number: 'number'>, items_format=None), array_string=OperatorTypeMap(name='array_string', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.string: 'string'>, items_format=None), array_string_tag=OperatorTypeMap(name='array_string_tag', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags: 'to_str_tags'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags: 'to_csv_tags'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.string: 'string'>, items_format=<Formats.tag: 'tag'>), array_string_version=OperatorTypeMap(name='array_string_version', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}_raw" < \\'{aql_value}\\')', name_map=OperatorNameMap(name='earlier_than', op='earlier than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None), Operator(template='("{field}_raw" > \\'{aql_value}\\')', name_map=OperatorNameMap(name='later_than', op='later than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.version: 'version'>, items_type=<Types.string: 'string'>, items_format=<Formats.version: 'version'>), array_string_datetime=OperatorTypeMap(name='array_string_datetime', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" < date("{aql_value}"))', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" > date("{aql_value}"))', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}h"))', name_map=OperatorNameMap(name='last_hours', op='hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}h"))', name_map=OperatorNameMap(name='next_hours', op='next_hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}d"))', name_map=OperatorNameMap(name='last_days', op='days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}d"))', name_map=OperatorNameMap(name='next_days', op='next_days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.datetime: 'date-time'>, items_type=<Types.string: 'string'>, items_format=<Formats.datetime: 'date-time'>), array_string_subnet=OperatorTypeMap(name='array_string_subnet', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_subnet: 'to_csv_subnet'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_subnet: 'to_str_subnet'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.subnet: 'subnet'>, items_type=<Types.string: 'string'>, items_format=<Formats.subnet: 'subnet'>), array_discrete_string_logo=OperatorTypeMap(name='array_discrete_string_logo', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_adapters: 'to_str_adapters'>, field_name_override=None), Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < size({aql_value}))', name_map=OperatorNameMap(name='count_below', op='count_below'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" > size({aql_value}))', name_map=OperatorNameMap(name='count_above', op='count_above'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_adapters: 'to_csv_adapters'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.discrete: 'discrete'>, items_type=<Types.string: 'string'>, items_format=<Formats.logo: 'logo'>), array_string_ip=OperatorTypeMap(name='array_string_ip', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_ip: 'to_csv_ip'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_ip: 'to_ip'>, field_name_override=None), Operator(template='("{field}_raw" == match({{"$gte": {aql_value[0]}, "$lte": {aql_value[1]}}}))', name_map=OperatorNameMap(name='in_subnet', op='subnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='(("{field}_raw" == match({{"$gte": 0, "$lte": {aql_value[0]}}}) or "{field}_raw" == match({{"$gte": {aql_value[1]}, "$lte": 4294967295}})))', name_map=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='("{field}" == regex("\\\\."))', name_map=OperatorNameMap(name='is_ipv4', op='isIPv4'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex(":"))', name_map=OperatorNameMap(name='is_ipv6', op='isIPv6'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.ip: 'ip'>, items_type=<Types.string: 'string'>, items_format=<Formats.ip: 'ip'>), array_string_ip_preferred=OperatorTypeMap(name='array_string_ip_preferred', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_ip: 'to_csv_ip'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_ip: 'to_ip'>, field_name_override=None), Operator(template='("{field}_raw" == match({{"$gte": {aql_value[0]}, "$lte": {aql_value[1]}}}))', name_map=OperatorNameMap(name='in_subnet', op='subnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='(("{field}_raw" == match({{"$gte": 0, "$lte": {aql_value[0]}}}) or "{field}_raw" == match({{"$gte": {aql_value[1]}, "$lte": 4294967295}})))', name_map=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='("{field}" == regex("\\\\."))', name_map=OperatorNameMap(name='is_ipv4', op='isIPv4'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex(":"))', name_map=OperatorNameMap(name='is_ipv6', op='isIPv6'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.ip_preferred: 'ip_preferred'>, items_type=<Types.string: 'string'>, items_format=<Formats.ip_preferred: 'ip_preferred'>))[source]

Bases: BaseData

Operator type map that maps operators to a specific field schemas.

Parameters:
string_sq: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='string_sq', operators=[Operator(template='({{{{QueryID={aql_value}}}}})', name_map=OperatorNameMap(name='equals', op=''), parser=<Parsers.to_str_sq: 'to_str_sq'>, field_name_override='saved_query')], field_type=<Types.string: 'string'>, field_format=<Formats.sq: 'sq'>, items_type=None, items_format=None)

simple sq equals Name Of Saved Query simple sq equals UUID_OF_SQ

string_data_scope: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='string_data_scope', operators=[Operator(template='({{{{AssetScopeID={aql_value}}}}})', name_map=OperatorNameMap(name='equals', op=''), parser=<Parsers.to_str_data_scope: 'to_str_data_scope'>, field_name_override='data_scope')], field_type=<Types.string: 'string'>, field_format=<Formats.data_scope: 'data_scope'>, items_type=None, items_format=None)

simple data_scope equals Name Of Data Scope simple data_scope equals UUID_OF_DATA_SCOPE

string_cnx_label: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='string_cnx_label', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_cnx_label: 'to_str_cnx_label'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_cnx_label: 'to_csv_cnx_label'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.connection_label: 'connection_label'>, items_type=None, items_format=None)

simple connection_label exists simple connection_label equals abc simple connection_label in abc,def,ghi

string: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='string', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=None, items_type=None, items_format=None)

name exists simple agg:name regex a.* simple agg:name contains test simple agg:name equals test simple agg:name startswith a simple agg:name endswith a simple agg:name in test,demo

Type:

simple agg

string_os_distribution: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='string_os_distribution', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.os_distribution: 'os-distribution'>, items_type=None, items_format=None)

simple os.distribution exists simple os.distribution equals Server 2012

string_tag_expirable: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='string_tag_expirable', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags: 'to_str_tags'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags: 'to_csv_tags'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.tag_expirable: 'expirable-tag'>, items_type=None, items_format=None)

simple expirable_tags.name exists simple expirable_tags.name equals bravozulu

string_tag: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='string_tag', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags: 'to_str_tags'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags: 'to_csv_tags'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.tag: 'tag'>, items_type=None, items_format=None)
string_ip: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='string_ip', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_ip: 'to_csv_ip'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_ip: 'to_ip'>, field_name_override=None), Operator(template='("{field}_raw" == match({{"$gte": {aql_value[0]}, "$lte": {aql_value[1]}}}))', name_map=OperatorNameMap(name='in_subnet', op='subnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='(("{field}_raw" == match({{"$gte": 0, "$lte": {aql_value[0]}}}) or "{field}_raw" == match({{"$gte": {aql_value[1]}, "$lte": 4294967295}})))', name_map=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='("{field}" == regex("\\."))', name_map=OperatorNameMap(name='is_ipv4', op='isIPv4'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex(":"))', name_map=OperatorNameMap(name='is_ipv6', op='isIPv6'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.ip: 'ip'>, items_type=None, items_format=None)
string_datetime: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='string_datetime', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" < date("{aql_value}"))', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" > date("{aql_value}"))', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}h"))', name_map=OperatorNameMap(name='last_hours', op='hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}h"))', name_map=OperatorNameMap(name='next_hours', op='next_hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}d"))', name_map=OperatorNameMap(name='last_days', op='days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}d"))', name_map=OperatorNameMap(name='next_days', op='next_days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.datetime: 'date-time'>, items_type=None, items_format=None)

simple first_seen exists simple first_seen less_than 2022-06-01 simple first_seen more_than 2022-06-01 simple first_seen last_hours 10 simple first_seen next_hours 10 simple first_seen last_days 1 simple first_seen next_days 1

string_date: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='string_date', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" < date("{aql_value}"))', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" > date("{aql_value}"))', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}h"))', name_map=OperatorNameMap(name='last_hours', op='hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}h"))', name_map=OperatorNameMap(name='next_hours', op='next_hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}d"))', name_map=OperatorNameMap(name='last_days', op='days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}d"))', name_map=OperatorNameMap(name='next_days', op='next_days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.date: 'date'>, items_type=None, items_format=None)
string_image: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='string_image', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.image: 'image'>, items_type=None, items_format=None)
__init__(string_sq=OperatorTypeMap(name='string_sq', operators=[Operator(template='({{{{QueryID={aql_value}}}}})', name_map=OperatorNameMap(name='equals', op=''), parser=<Parsers.to_str_sq: 'to_str_sq'>, field_name_override='saved_query')], field_type=<Types.string: 'string'>, field_format=<Formats.sq: 'sq'>, items_type=None, items_format=None), string_data_scope=OperatorTypeMap(name='string_data_scope', operators=[Operator(template='({{{{AssetScopeID={aql_value}}}}})', name_map=OperatorNameMap(name='equals', op=''), parser=<Parsers.to_str_data_scope: 'to_str_data_scope'>, field_name_override='data_scope')], field_type=<Types.string: 'string'>, field_format=<Formats.data_scope: 'data_scope'>, items_type=None, items_format=None), string_cnx_label=OperatorTypeMap(name='string_cnx_label', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_cnx_label: 'to_str_cnx_label'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_cnx_label: 'to_csv_cnx_label'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.connection_label: 'connection_label'>, items_type=None, items_format=None), string=OperatorTypeMap(name='string', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=None, items_type=None, items_format=None), string_os_distribution=OperatorTypeMap(name='string_os_distribution', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.os_distribution: 'os-distribution'>, items_type=None, items_format=None), string_tag_expirable=OperatorTypeMap(name='string_tag_expirable', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags: 'to_str_tags'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags: 'to_csv_tags'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.tag_expirable: 'expirable-tag'>, items_type=None, items_format=None), string_tag=OperatorTypeMap(name='string_tag', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags: 'to_str_tags'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags: 'to_csv_tags'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.tag: 'tag'>, items_type=None, items_format=None), string_ip=OperatorTypeMap(name='string_ip', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_ip: 'to_csv_ip'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_ip: 'to_ip'>, field_name_override=None), Operator(template='("{field}_raw" == match({{"$gte": {aql_value[0]}, "$lte": {aql_value[1]}}}))', name_map=OperatorNameMap(name='in_subnet', op='subnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='(("{field}_raw" == match({{"$gte": 0, "$lte": {aql_value[0]}}}) or "{field}_raw" == match({{"$gte": {aql_value[1]}, "$lte": 4294967295}})))', name_map=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='("{field}" == regex("\\\\."))', name_map=OperatorNameMap(name='is_ipv4', op='isIPv4'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex(":"))', name_map=OperatorNameMap(name='is_ipv6', op='isIPv6'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.ip: 'ip'>, items_type=None, items_format=None), string_datetime=OperatorTypeMap(name='string_datetime', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" < date("{aql_value}"))', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" > date("{aql_value}"))', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}h"))', name_map=OperatorNameMap(name='last_hours', op='hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}h"))', name_map=OperatorNameMap(name='next_hours', op='next_hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}d"))', name_map=OperatorNameMap(name='last_days', op='days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}d"))', name_map=OperatorNameMap(name='next_days', op='next_days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.datetime: 'date-time'>, items_type=None, items_format=None), string_date=OperatorTypeMap(name='string_date', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" < date("{aql_value}"))', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" > date("{aql_value}"))', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}h"))', name_map=OperatorNameMap(name='last_hours', op='hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}h"))', name_map=OperatorNameMap(name='next_hours', op='next_hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}d"))', name_map=OperatorNameMap(name='last_days', op='days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}d"))', name_map=OperatorNameMap(name='next_days', op='next_days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.date: 'date'>, items_type=None, items_format=None), string_image=OperatorTypeMap(name='string_image', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.image: 'image'>, items_type=None, items_format=None), string_version=OperatorTypeMap(name='string_version', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}_raw" < \\'{aql_value}\\')', name_map=OperatorNameMap(name='earlier_than', op='earlier than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None), Operator(template='("{field}_raw" > \\'{aql_value}\\')', name_map=OperatorNameMap(name='later_than', op='later than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.version: 'version'>, items_type=None, items_format=None), string_subnet=OperatorTypeMap(name='string_subnet', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_subnet: 'to_csv_subnet'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_subnet: 'to_str_subnet'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.subnet: 'subnet'>, items_type=None, items_format=None), boolean=OperatorTypeMap(name='boolean', operators=[Operator(template='("{field}" == true)', name_map=OperatorNameMap(name='true', op='true'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == false)', name_map=OperatorNameMap(name='false', op='false'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.boolean: 'bool'>, field_format=None, items_type=None, items_format=None), integer=OperatorTypeMap(name='integer', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.integer: 'integer'>, field_format=None, items_type=None, items_format=None), number=OperatorTypeMap(name='number', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.number: 'number'>, field_format=None, items_type=None, items_format=None), array_object=OperatorTypeMap(name='array_object', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})) and "{field}" != [])', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.array: 'array'>, items_format=None), array_table_object=OperatorTypeMap(name='array_table_object', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})) and "{field}" != [])', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.table: 'table'>, items_type=<Types.array: 'array'>, items_format=None), array_integer=OperatorTypeMap(name='array_integer', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.integer: 'integer'>, items_format=None), array_number=OperatorTypeMap(name='array_number', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.number: 'number'>, items_format=None), array_string=OperatorTypeMap(name='array_string', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.string: 'string'>, items_format=None), array_string_tag=OperatorTypeMap(name='array_string_tag', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags: 'to_str_tags'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags: 'to_csv_tags'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.string: 'string'>, items_format=<Formats.tag: 'tag'>), array_string_version=OperatorTypeMap(name='array_string_version', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}_raw" < \\'{aql_value}\\')', name_map=OperatorNameMap(name='earlier_than', op='earlier than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None), Operator(template='("{field}_raw" > \\'{aql_value}\\')', name_map=OperatorNameMap(name='later_than', op='later than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.version: 'version'>, items_type=<Types.string: 'string'>, items_format=<Formats.version: 'version'>), array_string_datetime=OperatorTypeMap(name='array_string_datetime', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" < date("{aql_value}"))', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" > date("{aql_value}"))', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}h"))', name_map=OperatorNameMap(name='last_hours', op='hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}h"))', name_map=OperatorNameMap(name='next_hours', op='next_hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}d"))', name_map=OperatorNameMap(name='last_days', op='days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}d"))', name_map=OperatorNameMap(name='next_days', op='next_days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.datetime: 'date-time'>, items_type=<Types.string: 'string'>, items_format=<Formats.datetime: 'date-time'>), array_string_subnet=OperatorTypeMap(name='array_string_subnet', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_subnet: 'to_csv_subnet'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_subnet: 'to_str_subnet'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.subnet: 'subnet'>, items_type=<Types.string: 'string'>, items_format=<Formats.subnet: 'subnet'>), array_discrete_string_logo=OperatorTypeMap(name='array_discrete_string_logo', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_adapters: 'to_str_adapters'>, field_name_override=None), Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < size({aql_value}))', name_map=OperatorNameMap(name='count_below', op='count_below'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" > size({aql_value}))', name_map=OperatorNameMap(name='count_above', op='count_above'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_adapters: 'to_csv_adapters'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.discrete: 'discrete'>, items_type=<Types.string: 'string'>, items_format=<Formats.logo: 'logo'>), array_string_ip=OperatorTypeMap(name='array_string_ip', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_ip: 'to_csv_ip'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_ip: 'to_ip'>, field_name_override=None), Operator(template='("{field}_raw" == match({{"$gte": {aql_value[0]}, "$lte": {aql_value[1]}}}))', name_map=OperatorNameMap(name='in_subnet', op='subnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='(("{field}_raw" == match({{"$gte": 0, "$lte": {aql_value[0]}}}) or "{field}_raw" == match({{"$gte": {aql_value[1]}, "$lte": 4294967295}})))', name_map=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='("{field}" == regex("\\\\."))', name_map=OperatorNameMap(name='is_ipv4', op='isIPv4'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex(":"))', name_map=OperatorNameMap(name='is_ipv6', op='isIPv6'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.ip: 'ip'>, items_type=<Types.string: 'string'>, items_format=<Formats.ip: 'ip'>), array_string_ip_preferred=OperatorTypeMap(name='array_string_ip_preferred', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_ip: 'to_csv_ip'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_ip: 'to_ip'>, field_name_override=None), Operator(template='("{field}_raw" == match({{"$gte": {aql_value[0]}, "$lte": {aql_value[1]}}}))', name_map=OperatorNameMap(name='in_subnet', op='subnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='(("{field}_raw" == match({{"$gte": 0, "$lte": {aql_value[0]}}}) or "{field}_raw" == match({{"$gte": {aql_value[1]}, "$lte": 4294967295}})))', name_map=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='("{field}" == regex("\\\\."))', name_map=OperatorNameMap(name='is_ipv4', op='isIPv4'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex(":"))', name_map=OperatorNameMap(name='is_ipv6', op='isIPv6'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.ip_preferred: 'ip_preferred'>, items_type=<Types.string: 'string'>, items_format=<Formats.ip_preferred: 'ip_preferred'>))
Parameters:
static _human_key(key)

Pass.

classmethod get_fields()

Get a list of fields defined for current this dataclass object.

Return type:

typing.List[dataclasses.Field]

replace(**kwargs)

Pass.

Return type:

axonius_api_client.data.BaseData

to_dict()

Get this dataclass object as a dictionary.

Return type:

dict

string_version: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='string_version', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}_raw" < \'{aql_value}\')', name_map=OperatorNameMap(name='earlier_than', op='earlier than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None), Operator(template='("{field}_raw" > \'{aql_value}\')', name_map=OperatorNameMap(name='later_than', op='later than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.version: 'version'>, items_type=None, items_format=None)

simple installed_software.version exists simple installed_software.version equals 7.0 complex installed_software // name contains a // version equals 7.0 complex installed_software // name equals Google Chrome // version earlier_than 100.0

string_subnet: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='string_subnet', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_subnet: 'to_csv_subnet'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_subnet: 'to_str_subnet'>, field_name_override=None)], field_type=<Types.string: 'string'>, field_format=<Formats.subnet: 'subnet'>, items_type=None, items_format=None)
boolean: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='boolean', operators=[Operator(template='("{field}" == true)', name_map=OperatorNameMap(name='true', op='true'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == false)', name_map=OperatorNameMap(name='false', op='false'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.boolean: 'bool'>, field_format=None, items_type=None, items_format=None)

simple from_last_fetch true simple from_last_fetch false

integer: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='integer', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.integer: 'integer'>, field_format=None, items_type=None, items_format=None)

not_fetched_count exists simple agg:not_fetched_count equals 2 simple agg:not_fetched_count in 2,3,4 simple agg:not_fetched_count more_than 1 simple agg:not_fetched_count less_than 2

Type:

simple agg

number: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='number', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":""}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.number: 'number'>, field_format=None, items_type=None, items_format=None)

software_cves.cvss exists simple agg:software_cves.cvss equals 7.5 simple agg:software_cves.cvss in 7.5,7.0 simple agg:software_cves.cvss more_than 7.0 simple agg:software_cves.cvss less_than 7.0

Type:

simple agg

array_object: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='array_object', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})) and "{field}" != [])', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.array: 'array'>, items_format=None)

simple cpus exists simple cpus count_equals 2

array_table_object: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='array_table_object', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})) and "{field}" != [])', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.table: 'table'>, items_type=<Types.array: 'array'>, items_format=None)

simple open_ports exists simple open_ports count_equals 2

array_integer: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='array_integer', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.integer: 'integer'>, items_format=None)
array_number: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='array_number', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == {aql_value})', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='"{field}" in [{aql_value}]', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_int: 'to_csv_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" < {aql_value})', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.number: 'number'>, items_format=None)
array_string: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='array_string', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.string: 'string'>, items_format=None)

simple last_used_users exists simple last_used_users equals Administrator simple last_used_users in Administrator,test simple last_used_users contains test

array_string_tag: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='array_string_tag', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == size({aql_value}))', name_map=OperatorNameMap(name='count_equals', op='count_equals'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_tags: 'to_str_tags'>, field_name_override=None), Operator(template='("{field}" == regex("^{aql_value}", "i"))', name_map=OperatorNameMap(name='startswith', op='starts'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}$", "i"))', name_map=OperatorNameMap(name='endswith', op='ends'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_tags: 'to_csv_tags'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=None, items_type=<Types.string: 'string'>, items_format=<Formats.tag: 'tag'>)

simple labels exists simple labels count_equals 1 simple labels equals aaaa

array_string_version: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='array_string_version', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_str: 'to_csv_str'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}_raw" < \'{aql_value}\')', name_map=OperatorNameMap(name='earlier_than', op='earlier than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None), Operator(template='("{field}_raw" > \'{aql_value}\')', name_map=OperatorNameMap(name='later_than', op='later than'), parser=<Parsers.to_raw_version: 'to_raw_version'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.version: 'version'>, items_type=<Types.string: 'string'>, items_format=<Formats.version: 'version'>)
array_string_datetime: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='array_string_datetime', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" < date("{aql_value}"))', name_map=OperatorNameMap(name='less_than', op='<'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" > date("{aql_value}"))', name_map=OperatorNameMap(name='more_than', op='>'), parser=<Parsers.to_dt: 'to_dt'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}h"))', name_map=OperatorNameMap(name='last_hours', op='hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}h"))', name_map=OperatorNameMap(name='next_hours', op='next_hours'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW - {aql_value}d"))', name_map=OperatorNameMap(name='last_days', op='days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None), Operator(template='("{field}" >= date("NOW + {aql_value}d"))', name_map=OperatorNameMap(name='next_days', op='next_days'), parser=<Parsers.to_int: 'to_int'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.datetime: 'date-time'>, items_type=<Types.string: 'string'>, items_format=<Formats.datetime: 'date-time'>)
array_string_subnet: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='array_string_subnet', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_subnet: 'to_csv_subnet'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_str_subnet: 'to_str_subnet'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.subnet: 'subnet'>, items_type=<Types.string: 'string'>, items_format=<Formats.subnet: 'subnet'>)

simple network_interfaces.subnets exists simple network_interfaces.subnets equals 10.240.0.0/16 simple network_interfaces.subnets in 10.240.0.0/16,10.0.1.0/24

simple adapters exists simple adapters equals aws simple adapters equals tanium asset simple adapters count_equals 1 simple adapters count_below 2 simple adapters count_above 1 simple adapters in aws, tanium asset

array_string_ip: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='array_string_ip', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_ip: 'to_csv_ip'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_ip: 'to_ip'>, field_name_override=None), Operator(template='("{field}_raw" == match({{"$gte": {aql_value[0]}, "$lte": {aql_value[1]}}}))', name_map=OperatorNameMap(name='in_subnet', op='subnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='(("{field}_raw" == match({{"$gte": 0, "$lte": {aql_value[0]}}}) or "{field}_raw" == match({{"$gte": {aql_value[1]}, "$lte": 4294967295}})))', name_map=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='("{field}" == regex("\\."))', name_map=OperatorNameMap(name='is_ipv4', op='isIPv4'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex(":"))', name_map=OperatorNameMap(name='is_ipv6', op='isIPv6'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.ip: 'ip'>, items_type=<Types.string: 'string'>, items_format=<Formats.ip: 'ip'>)

simple public_ips exists simple public_ips regex ^10.* simple public_ips contains .0 simple public_ips in 10.0.0.1,10.0.0.2 simple public_ips equals 10.0.0.1 simple public_ips in_subnet 1.1.2.0/24 simple public_ips not_in_subnet 1.1.2.0/24 simple public_ips is_ipv4 simple public_ips is_ipv6

array_string_ip_preferred: axonius_api_client.constants.fields.OperatorTypeMap = OperatorTypeMap(name='array_string_ip_preferred', operators=[Operator(template='(("{field}" == ({{"$exists":true,"$ne":[]}})))', name_map=OperatorNameMap(name='exists', op='exists'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='regex', op='regex'), parser=<Parsers.to_str: 'to_str'>, field_name_override=None), Operator(template='("{field}" == regex("{aql_value}", "i"))', name_map=OperatorNameMap(name='contains', op='contains'), parser=<Parsers.to_str_escaped_regex: 'to_str_escaped_regex'>, field_name_override=None), Operator(template='("{field}" in [{aql_value}])', name_map=OperatorNameMap(name='in', op='IN'), parser=<Parsers.to_csv_ip: 'to_csv_ip'>, field_name_override=None), Operator(template='("{field}" == "{aql_value}")', name_map=OperatorNameMap(name='equals', op='equals'), parser=<Parsers.to_ip: 'to_ip'>, field_name_override=None), Operator(template='("{field}_raw" == match({{"$gte": {aql_value[0]}, "$lte": {aql_value[1]}}}))', name_map=OperatorNameMap(name='in_subnet', op='subnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='(("{field}_raw" == match({{"$gte": 0, "$lte": {aql_value[0]}}}) or "{field}_raw" == match({{"$gte": {aql_value[1]}, "$lte": 4294967295}})))', name_map=OperatorNameMap(name='not_in_subnet', op='notInSubnet'), parser=<Parsers.to_in_subnet: 'to_in_subnet'>, field_name_override=None), Operator(template='("{field}" == regex("\\."))', name_map=OperatorNameMap(name='is_ipv4', op='isIPv4'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None), Operator(template='("{field}" == regex(":"))', name_map=OperatorNameMap(name='is_ipv6', op='isIPv6'), parser=<Parsers.to_none: 'to_none'>, field_name_override=None)], field_type=<Types.array: 'array'>, field_format=<Formats.ip_preferred: 'ip_preferred'>, items_type=<Types.string: 'string'>, items_format=<Formats.ip_preferred: 'ip_preferred'>)
classmethod get_type_map(field)[source]

Get the type mapping for a field.

Parameters:

field (dict) –

Return type:

axonius_api_client.constants.fields.OperatorTypeMap

classmethod get_operator(field, operator, err=None)[source]

Get an operator for a specific field.

Parameters:
axonius_api_client.constants.fields.CUSTOM_FIELDS_MAP: Dict[str, List[dict]] = {'agg': [{'adapter_name_raw': 'agg_adapter', 'adapter_name': 'agg', 'adapter_title': 'Aggregated', 'adapter_prefix': 'specific_data', 'column_name': 'agg:connection_label', 'column_title': 'Aggregated: Adapter Connection Label', 'sub_fields': [], 'is_complex': False, 'is_list': True, 'is_root': True, 'parent': 'root', 'name': 'specific_data.connection_label', 'name_base': 'connection_label', 'name_qual': 'specific_data.connection_label', 'title': 'Adapter Connection Label', 'type': 'string', 'format': 'connection_label', 'type_norm': 'string_cnx_label', 'is_agg': True, 'selectable': True, 'expr_field_type': 'axonius', 'is_details': False, 'is_all': False}, {'adapter_name_raw': 'agg_adapter', 'adapter_name': 'agg', 'adapter_title': 'Aggregated', 'adapter_prefix': 'specific_data', 'column_name': 'agg:sq', 'column_title': 'Aggregated: Saved Query Name', 'sub_fields': [], 'is_complex': False, 'is_list': False, 'is_root': True, 'parent': 'root', 'name': 'specific_data.sq', 'name_base': 'sq', 'name_qual': 'specific_data.sq', 'title': 'Saved Query Name', 'type': 'string', 'format': 'sq', 'type_norm': 'string_sq', 'is_agg': True, 'selectable': True, 'expr_field_type': 'axonius', 'is_details': False, 'is_all': False}, {'adapter_name_raw': 'agg_adapter', 'adapter_name': 'agg', 'adapter_title': 'Aggregated', 'adapter_prefix': 'specific_data', 'column_name': 'agg:data_scope', 'column_title': 'Aggregated: Data Scope Name', 'sub_fields': [], 'is_complex': False, 'is_list': False, 'is_root': True, 'parent': 'root', 'name': 'specific_data.data_scope', 'name_base': 'data_scope', 'name_qual': 'specific_data.data_scope', 'title': 'Data Scope Name', 'type': 'string', 'format': 'data_scope', 'type_norm': 'string_data_scope', 'is_agg': True, 'selectable': True, 'expr_field_type': 'axonius', 'is_details': False, 'is_all': False}]}

custom field schemas that are not returned by API but are used by GUI queries.