Comments (15)
nadouani
commented on July 28, 2024
Hello,
You can find samples using the query builder utilities, at samples/test-case-search.py
If you need to have a search criteria on dates, you need to use thehive4py.query.Between method. This operator will be fixed in 1.4.4 release.
_from and _to should be timestamps.
from thehive4py.
sebastianfon94
commented on July 28, 2024
Hello,
I want to create a query with date criteria, i used this one, but it only show me the last 10 created cases:
search("Case of title containing 'From TheHive4Py'", And(In('tags', ['TAG1'])), Between('startDate',1539406800,1541998800), [])
i tried to use the timestamps as string and as a number. Am i doing something wrong in the query?
@nadouani @nalibrahim
from thehive4py.
nadouani
commented on July 28, 2024
The search() function is just wrapper used in the sample files.
By default it returns 10 items, so you need to call it by specifying the range 'all'
search("Case of title containing 'From TheHive4Py'", And(In('tags', ['TAG1'])), Between('startDate',1539406800,1541998800), 'all', [])
from thehive4py.
sebastianfon94
commented on July 28, 2024
But the 'all' range it's an extra argument?, Because the query only accepts 4.
from thehive4py.
nadouani
commented on July 28, 2024
# Get a client
api = TheHiveApi('http://127.0.0.1:9000', '**YOUR_API_KEY**')
# Build your query
query = And(...)
# Call the API
response = api.find_cases(query=query, range='all')
from thehive4py.
sebastianfon94
commented on July 28, 2024
Something like this?
query = And(In('tags', ['TAG1']), Between('startDate', 1539406800, 1541998800))
response = api.find_cases(query=query, range='all', sort=sort)
in that way it give me 0 cases.
from thehive4py.
sebastianfon94
commented on July 28, 2024
Any suggestion? @nadouani
from thehive4py.
nadouani
commented on July 28, 2024
For me, this should work. Are you sure about your date interval?
from thehive4py.
sebastianfon94
commented on July 28, 2024
i used this for convert date to timestamp,
time.mktime(datetime.datetime.strptime("13/10/2018", "%d/%m/%Y").timetuple()
time.mktime(datetime.datetime.strptime("12/11/2018", "%d/%m/%Y").timetuple()
and gave this timestamp's: 1539406800, 1541998800
i used a online timestamp-date converter to verify, and it's correct.
from thehive4py.
nadouani
commented on July 28, 2024
What about
query = In('tags', ['TAG1'])
response = api.find_cases(query=query, range='all', sort=sort)
from thehive4py.
sebastianfon94
commented on July 28, 2024
With that query, the script show me all cases with that tag, but I need with that tag, and all created cases in that date interval, that's why i'm trying to use the Between function.
from thehive4py.
nadouani
commented on July 28, 2024
I think that the timestamps must be multiplied by 1000
from thehive4py.
sebastianfon94
commented on July 28, 2024
Yep, that was the problem, thanks for your help, it was very helpfull!, why should i do that multiplication?
from thehive4py.
nadouani
commented on July 28, 2024
TheHive use timestamps in milliseconds and python using time returns seconds
from thehive4py.
sebastianfon94
commented on July 28, 2024
I understand, thanks again for your help!
from thehive4py.
Related Issues (20)
- Export (Reports, Notifications Integration (API) Incidents HOT 1
- Docstring for the endpoints scripts
- find_cases() with ContainsStrings() not compatible with TH5 HOT 3
- Enhance readme HOT 1
- TheHive4py integration tests - No persistence for licensing HOT 4
- Getting rid of develop branch HOT 2
- Enhance cortex endpoint
- Add automatic build and pypi deployment workflow HOT 2
- Create more thorough documentation
- Revisit 5.x endpoints
- Develop a query builder for the query endpoint
- Change licensing to MIT
- [Tests] kamforka/thehive4py-integrator:thehive-5.2.4 doesn't exist HOT 1
- Get rid of setup.cfg in favor of pyproject.toml
- Unable to create Observables during Alert creation or after HOT 8
- Review type hints for Input/Output objects
- Attachement to an alert HOT 1
- Add the possibility to download files and keep them in a variable HOT 2
- Rework integration test container
- Need ability to change task group from detault HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from thehive4py.