当前位置: 首页>>代码示例>>Python>>正文

Python SearchQuery.execute方法代码示例

本文整理汇总了Python中mozdef_util.query_models.SearchQuery.execute方法的典型用法代码示例。如果您正苦于以下问题:Python SearchQuery.execute方法的具体用法?Python SearchQuery.execute怎么用?Python SearchQuery.execute使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在mozdef_util.query_models.SearchQuery的用法示例。


在下文中一共展示了SearchQuery.execute方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: test_aggregation_multiple_layers

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
    def test_aggregation_multiple_layers(self):
        events = [
            {
                "test": "value",
                "details": {"ip": "127.0.0.1"},
            },
            {
                "test": "value",
                "details": {"ip": "127.0.0.1"},
            },
            {
                "test": "value",
                "details": {"ip": "192.168.1.1"},
            },
        ]

        for event in events:
            self.populate_test_object(event)
        self.refresh(self.event_index_name)

        search_query = SearchQuery()
        search_query.add_must(TermMatch('test', 'value'))
        search_query.add_aggregation(Aggregation('details.ip'))
        results = search_query.execute(self.es_client)

        assert results['aggregations'].keys() == ['details.ip']
        assert results['aggregations']['details.ip'].keys() == ['terms']
        assert len(results['aggregations']['details.ip']['terms']) == 2

        assert results['aggregations']['details.ip']['terms'][0]['count'] == 2
        assert results['aggregations']['details.ip']['terms'][0]['key'] == "127.0.0.1"

        assert results['aggregations']['details.ip']['terms'][1]['count'] == 1
        assert results['aggregations']['details.ip']['terms'][1]['key'] == "192.168.1.1"
开发者ID:IFGHou,项目名称:MozDef,代码行数:36,代码来源:test_aggregation.py

示例2: getESAlerts

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
def getESAlerts(es):
    search_query = SearchQuery(minutes=50)
    # We use an ExistsMatch here just to satisfy the
    # requirements of a search query must have some "Matchers"
    search_query.add_must(ExistsMatch('summary'))
    results = search_query.execute(es, indices=['alerts'], size=10000)
    return results
开发者ID:Phrozyn,项目名称:MozDef,代码行数:9,代码来源:syncAlertsToMongo.py

示例3: test_writing_event_defaults

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
    def test_writing_event_defaults(self):
        query = SearchQuery()
        default_event = {}
        self.populate_test_event(default_event)
        self.refresh(self.event_index_name)

        query.add_must(ExistsMatch('summary'))
        results = query.execute(self.es_client)
        assert len(results['hits']) == 1
        assert sorted(results['hits'][0].keys()) == ['_id', '_index', '_score', '_source', '_type']
        saved_event = results['hits'][0]['_source']
        assert 'category' in saved_event
        assert 'details' in saved_event
        assert 'hostname' in saved_event
        assert 'mozdefhostname' in saved_event
        assert 'processid' in saved_event
        assert 'processname' in saved_event
        assert 'receivedtimestamp' in saved_event
        assert 'severity' in saved_event
        assert 'source' in saved_event
        assert 'summary' in saved_event
        assert 'tags' in saved_event
        assert 'timestamp' in saved_event
        assert 'utctimestamp' in saved_event
        assert 'category' in saved_event
开发者ID:gdestuynder,项目名称:MozDef,代码行数:27,代码来源:test_elasticsearch_client.py

示例4: esSearch

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
def esSearch(es, macassignments=None):
    '''
    Search ES for an event that ties a username to a mac address
    This example searches for junos wifi correlations on authentication success
    Expecting an event like: user: [email protected]; mac: 5c:f9:38:b1:de:cf; author reason: roamed session; ssid: ANSSID; AP 46/2\n
    '''
    usermacre=re.compile(r'''user: (?P<username>.*?); mac: (?P<macaddress>.*?); ''',re.IGNORECASE)
    correlations={}

    search_query = SearchQuery(minutes=options.correlationminutes)
    search_query.add_must(TermMatch('details.program', 'AUTHORIZATION-SUCCESS'))
    search_query.add_must_not(PhraseMatch('summary', 'last-resort'))

    try:
        full_results = search_query.execute(es)
        results = full_results['hits']

        for r in results:
            fields = re.search(usermacre,r['_source']['summary'])
            if fields:
                if '{0} {1}'.format(fields.group('username'),fields.group('macaddress')) not in correlations:
                    if fields.group('macaddress')[0:8].lower() in macassignments:
                        entity=macassignments[fields.group('macaddress')[0:8].lower()]
                    else:
                        entity='unknown'
                    correlations['{0} {1}'.format(fields.group('username'),fields.group('macaddress'))]=dict(username=fields.group('username'),
                                                                                                             macaddress=fields.group('macaddress'),
                                                                                                             entity=entity,
                                                                                                             utctimestamp=r['_source']['utctimestamp'])
        return correlations

    except ElasticsearchBadServer:
        logger.error('Elastic Search server could not be reached, check network connectivity')
开发者ID:Phrozyn,项目名称:MozDef,代码行数:35,代码来源:correlateUserMacAddress.py

示例5: test_beginning_time_seconds_received_timestamp

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
    def test_beginning_time_seconds_received_timestamp(self):
        query = SearchQuery(seconds=10)
        query.add_must(ExistsMatch('summary'))
        assert query.date_timedelta == {'seconds': 10}

        default_event = {
            "receivedtimestamp": UnitTestSuite.current_timestamp(),
            "summary": "Test summary",
            "details": {
                "note": "Example note",
            }
        }
        self.populate_test_event(default_event)

        too_old_event = default_event
        too_old_event['receivedtimestamp'] = UnitTestSuite.subtract_from_timestamp({'seconds': 11})
        too_old_event['utctimestamp'] = UnitTestSuite.subtract_from_timestamp({'seconds': 11})
        self.populate_test_event(too_old_event)

        not_old_event = default_event
        not_old_event['receivedtimestamp'] = UnitTestSuite.subtract_from_timestamp({'seconds': 9})
        not_old_event['utctimestamp'] = UnitTestSuite.subtract_from_timestamp({'seconds': 9})
        self.populate_test_event(not_old_event)

        self.refresh(self.event_index_name)

        results = query.execute(self.es_client)
        assert len(results['hits']) == 2
开发者ID:IFGHou,项目名称:MozDef,代码行数:30,代码来源:test_search_query.py

示例6: test_without_time_defined

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
    def test_without_time_defined(self):
        query = SearchQuery()
        query.add_must(ExistsMatch('summary'))
        assert query.date_timedelta == {}

        default_event = {
            "utctimestamp": UnitTestSuite.current_timestamp(),
            "summary": "Test summary",
            "details": {
                "note": "Example note",
            }
        }

        self.populate_test_event(default_event)
        default_event['utctimestamp'] = UnitTestSuite.subtract_from_timestamp({'days': 11})
        default_event['receivedtimestamp'] = UnitTestSuite.subtract_from_timestamp({'days': 11})
        self.populate_test_event(default_event)

        not_old_event = default_event
        not_old_event['utctimestamp'] = UnitTestSuite.subtract_from_timestamp({'days': 9})
        not_old_event['receivedtimestamp'] = UnitTestSuite.subtract_from_timestamp({'days': 9})
        self.populate_test_event(not_old_event)

        self.refresh(self.event_index_name)

        results = query.execute(self.es_client)
        assert len(results['hits']) == 3
开发者ID:IFGHou,项目名称:MozDef,代码行数:29,代码来源:test_search_query.py

示例7: kibanaDashboards

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
def kibanaDashboards():
    resultsList = []
    try:
        es_client = ElasticsearchClient((list('{0}'.format(s) for s in options.esservers)))
        search_query = SearchQuery()
        search_query.add_must(TermMatch('_type', 'dashboard'))
        results = search_query.execute(es_client, indices=['.kibana'])

        for dashboard in results['hits']:
            resultsList.append({
                'name': dashboard['_source']['title'],
                'url': "%s#/%s/%s" % (
                    options.kibanaurl,
                    "dashboard",
                    dashboard['_id']
                )
            })

    except ElasticsearchInvalidIndex as e:
        sys.stderr.write('Kibana dashboard index not found: {0}\n'.format(e))

    except Exception as e:
        sys.stderr.write('Kibana dashboard received error: {0}\n'.format(e))

    return json.dumps(resultsList)
开发者ID:IFGHou,项目名称:MozDef,代码行数:27,代码来源:index.py

示例8: test_simple_query_execute

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
    def test_simple_query_execute(self):
        query = SearchQuery()
        query.add_must(ExistsMatch('note'))
        assert query.date_timedelta == {}

        self.populate_example_event()
        self.refresh(self.event_index_name)

        results = query.execute(self.es_client)

        assert results.keys() == ['hits', 'meta']
        assert results['meta'].keys() == ['timed_out']
        assert results['meta']['timed_out'] is False
        assert len(results['hits']) == 1

        assert results['hits'][0].keys() == ['_score', '_type', '_id', '_source', '_index']
        assert type(results['hits'][0]['_id']) == unicode
        assert results['hits'][0]['_type'] == 'event'

        assert results['hits'][0]['_index'] == datetime.now().strftime("events-%Y%m%d")

        assert results['hits'][0]['_source']['note'] == 'Example note'
        assert results['hits'][0]['_source']['summary'] == 'Test Summary'

        assert results['hits'][0]['_source']['details'].keys() == ['information']
        assert results['hits'][0]['_source']['details']['information'] == 'Example information'

        with pytest.raises(KeyError):
            results['abcdefg']

        with pytest.raises(KeyError):
            results['abcdefg']['test']
开发者ID:IFGHou,项目名称:MozDef,代码行数:34,代码来源:test_search_query.py

示例9: test_simple_aggregation_note_field

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
    def test_simple_aggregation_note_field(self):
        events = [
            {"test": "value", "note": "abvc"},
            {"test": "value", "note": "abvc"},
            {"test": "value", "note": "think"},
            {"test": "value", "summary": "think"},
            {"test": "value", "note": "abvc space line"},
        ]
        for event in events:
            self.populate_test_object(event)
        self.refresh(self.event_index_name)

        search_query = SearchQuery()
        search_query.add_must(TermMatch('test', 'value'))
        search_query.add_aggregation(Aggregation('note'))
        results = search_query.execute(self.es_client)

        assert results['aggregations'].keys() == ['note']

        assert results['aggregations']['note'].keys() == ['terms']
        assert len(results['aggregations']['note']['terms']) == 3
        assert results['aggregations']['note']['terms'][0].keys() == ['count', 'key']

        assert results['aggregations']['note']['terms'][0]['count'] == 2
        assert results['aggregations']['note']['terms'][0]['key'] == 'abvc'

        assert results['aggregations']['note']['terms'][1]['count'] == 1
        assert results['aggregations']['note']['terms'][1]['key'] == 'abvc space line'

        assert results['aggregations']['note']['terms'][2]['count'] == 1
        assert results['aggregations']['note']['terms'][2]['key'] == 'think'
开发者ID:IFGHou,项目名称:MozDef,代码行数:33,代码来源:test_aggregation.py

示例10: test_execute_without_size

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
 def test_execute_without_size(self):
     for num in range(0, 1200):
         self.populate_example_event()
     self.refresh(self.event_index_name)
     query = SearchQuery()
     query.add_must(ExistsMatch('summary'))
     results = query.execute(self.es_client)
     assert len(results['hits']) == 1000
开发者ID:IFGHou,项目名称:MozDef,代码行数:10,代码来源:test_search_query.py

示例11: search_and_verify_event

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
 def search_and_verify_event(self, expected_event):
     self.refresh('events')
     search_query = SearchQuery(minutes=5)
     search_query.add_must(ExistsMatch('tags'))
     results = search_query.execute(self.es_client)
     assert len(results['hits']) == 1
     saved_event = results['hits'][0]['_source']
     self.verify_event(saved_event, expected_event)
开发者ID:Phrozyn,项目名称:MozDef,代码行数:10,代码来源:test_esworker_sns_sqs.py

示例12: get_num_events

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
 def get_num_events(self):
     self.refresh('events')
     search_query = SearchQuery()
     search_query.add_must(TermMatch('_type', 'event'))
     search_query.add_aggregation(Aggregation('_type'))
     results = search_query.execute(self.es_client)
     if len(results['aggregations']['_type']['terms']) != 0:
         return results['aggregations']['_type']['terms'][0]['count']
     else:
         return 0
开发者ID:gdestuynder,项目名称:MozDef,代码行数:12,代码来源:test_elasticsearch_client.py

示例13: getSqsStats

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
def getSqsStats(es):
    search_query = SearchQuery(minutes=15)
    search_query.add_must([
        TermMatch('_type', 'mozdefhealth'),
        TermMatch('category', 'mozdef'),
        TermMatch('tags', 'sqs-latest'),
    ])
    results = search_query.execute(es, indices=['mozdefstate'])

    return results['hits']
开发者ID:IFGHou,项目名称:MozDef,代码行数:12,代码来源:healthToMongo.py

示例14: test_aggregation_with_aggregation_size

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
    def test_aggregation_with_aggregation_size(self):
        for num in range(0, 100):
            event = {'keyname': 'value' + str(num)}
            self.populate_test_object(event)
        self.refresh(self.event_index_name)

        search_query = SearchQuery()
        search_query.add_must(ExistsMatch('keyname'))
        search_query.add_aggregation(Aggregation('keyname', 2))
        results = search_query.execute(self.es_client)
        assert len(results['aggregations']['keyname']['terms']) == 2
开发者ID:IFGHou,项目名称:MozDef,代码行数:13,代码来源:test_aggregation.py

示例15: test_query_class

# 需要导入模块: from mozdef_util.query_models import SearchQuery [as 别名]
# 或者: from mozdef_util.query_models.SearchQuery import execute [as 别名]
    def test_query_class(self):
        for query, events in self.query_tests().iteritems():
            for event in events:
                if pytest.config.option.delete_indexes:
                    self.reset_elasticsearch()
                    self.setup_elasticsearch()

                self.populate_test_object(event)
                self.refresh(self.event_index_name)

                # Testing must
                search_query = SearchQuery()
                search_query.add_must(query)
                query_result = search_query.execute(self.es_client)
                self.verify_test(query_result, self.positive_test)

                # Testing must_not
                search_query = SearchQuery()
                search_query.add_must_not(query)
                query_result = search_query.execute(self.es_client)
                self.verify_test(query_result, self.positive_test is False)
开发者ID:IFGHou,项目名称:MozDef,代码行数:23,代码来源:query_test_suite.py


注:本文中的mozdef_util.query_models.SearchQuery.execute方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。