argus-toolbelt
Contents:
Getting Started
Installation
Install
Update
Basic Configuration
Usage
Examples
Using a custom-made command
Using an auto-generated api endpoint
Creating a simple command
Configuration
Setting up a local config file
Using a different configuration file
Config fields
Argus API
Alternative API URL
Authentication
API Key
Username and password
Timeout
Argus CLI
Logging
Changing logging level
Environments
Includes
Environment variables
Usage Examples
Examples
Running a custom created command
Calling the API
Common Concepts
Arguments, parameters, options and flags
Definitions
Explicitly separating parameters from options
Date arguments
argus-cli Caveats
Multiple-Value options
Multiple-Value options should be passed once with several values
Multiple-value options “swallow” arguments
Boolean/flag options
Argument values starting with
-
argus-cli Guides
Importing customer networks data into Argus with argus-cli
Preparing data for the import
network addresses
subnet masks
zones
locations
Running the import
Specifying the input format
Using the
--format
option
Using CSV headers
Updating and deleting networks
running the import non-interactively
Commands
cases
autocreate-yaml
Usage
Autoreport flow
Configuration
structure
top-level options
search
section
case
section
notifications
section
workflows
section
updates
section
autocreate
Usage
Template Primer
Creating a template
Using enrichments
Available enrichments
Usage in templates
notification-check
Usage
events
search
Usage
parameters
options
Using enrichments
Available enrichments
datastores
dump
Usage
Assets
customer-networks
list
Usage
parameters
update
Usage
parameters
options
list
Usage
parameters
Troubleshooting
SSL Problems
PIP
Toolbelt
Changelog
Version 6
Version 6.23.0
Version 6.22.0
Version 6.21.0
Version 6.20.0
Version 6.19.0
Version 6.18.0
6.18.x patches
Version 6.17
6.17.x patches
Version 6.17
Version 6.16
Version 6.15
Version 6.14
6.14.x patches
Version 6.13
6.13.x patches
6.13.0
Version 6.12
6.12.x patches
Version 6.11
Version 6.10
Version 6.9
6.9.x patches
Version 6.8
6.8.x patches
Version 6.7
Version 6.6
Version 6.5
Version 6.4
Version 6.3
Version 6.2
Version 6.1
6.1.x patches
6.0.x patches
Version 5
Version 5.1
5.1.x patches
Version 5.0
5.0.x patches
Version 4
Version 4.8
4.8.x patches
Version 4.7
Version 4.6
4.6.x patches
Version 4.5
4.5.x patches
Version 4.4
4.4x patches
Version 4.3
4.3x patches
Version 4.2
Version 4.1
4.1x patches
Version 3
Version 3.8
3.8x patches
Version 3.7
3.7x patches
Developer Documentation
Introduction to Argus Toolbelt Development
Creating a new plugin
Function metadata
Guides
Creating a simple plugin
Step 1: Create the script
Step 2: Add a function
Step 3: Register the command to the commandline
Step 4: Adding help text to the plugin command
Creating an API plugin
Logging from a plugin
Examples
Registering a command
Registering a command with extra functionality
Using Argus API in commands
Using Argus API in your scripts
Authentication
Option 0: Do nothing
Option 1: Provide an API key
Option 2: Using a decorator
Option 3: Turn a function into an authenticated function
Argument Parsing
Defining an argument
Using type-checking
Special cases
Date and time
Lists
Dicts
Booleans
Files
Choices
Adding documentation to commands
Advanced Usecases
Registering packages as argus-cli modules
Setup with Poetry
Setup with setuptools
API Reference
argus_cli
utils
formatting
helpers
retry
pagination
argus_plugins
cases
constants
events
constants
Getting started
Example command
argus-toolbelt
Index
Index
Symbols
|
_
|
A
|
C
|
D
|
E
|
F
|
K
|
L
|
O
|
P
|
R
|
S
|
T
Symbols
--[include|exclude]-[source|destination]-ip
argus-cli-events-search command line option
--[include|exclude]-alarm
argus-cli-events-search command line option
--[include|exclude]-attack-category-id
argus-cli-events-search command line option
--[include|exclude]-customer
argus-cli-events-search command line option
--[include|exclude]-flag
argus-cli-events-search command line option
--[include|exclude]-ip
argus-cli-events-search command line option
--[include|exclude]-properties
argus-cli-events-search command line option
--[include|exclude]-signature
argus-cli-events-search command line option
--[source|destination]-ip-min-bits
argus-cli-events-search command line option
--acknowledge-workflow
argus-cli-cases-autocreate command line option
--always-yes
argus-cli-customer-networks-update command line option
--attach-events
argus-cli-cases-autocreate command line option
--base-time
argus-cli-cases-autocreate-yaml command line option
--case-priority
argus-cli-cases-autocreate command line option
--case-service
argus-cli-cases-autocreate command line option
--case-status
argus-cli-cases-autocreate command line option
--case-title
argus-cli-cases-autocreate command line option
--case-title-en
argus-cli-cases-autocreate command line option
--case-title-format
argus-cli-cases-autocreate command line option
--case-title-no
argus-cli-cases-autocreate command line option
--case-type
argus-cli-cases-autocreate command line option
--case-watcher
argus-cli-cases-autocreate command line option
--case-watcher-from-field
argus-cli-cases-autocreate command line option
--close-after-create
argus-cli-cases-autocreate command line option
--closed-case-update
argus-cli-cases-autocreate command line option
--customer
argus-cli-datastores-dump command line option
--delete-missing
argus-cli-customer-networks-update command line option
--delimiter
argus-cli-customer-networks-update command line option
--dry
argus-cli-cases-autocreate command line option
argus-cli-cases-autocreate-yaml command line option
argus-cli-customer-networks-update command line option
--enrich
argus-cli-cases-autocreate command line option
argus-cli-events-search command line option
--exclude-customer
argus-cli-cases-notification-check command line option
--explicit-access
argus-cli-cases-autocreate command line option
--fields
argus-cli-cases-autocreate command line option
--first-line-defines-format
argus-cli-customer-networks-update command line option
--format
argus-cli-cases-notification-check command line option
argus-cli-customer-networks-update command line option
--group-by
argus-cli-cases-autocreate command line option
--ignore-user
argus-cli-cases-notification-check command line option
--initial-internal-comment
argus-cli-cases-autocreate command line option
--interactive
argus-cli-customer-networks-update command line option
--internal-case
argus-cli-cases-autocreate command line option
--key
argus-cli-datastores-dump command line option
--limit
argus-cli-events-search command line option
--min-count
argus-cli-events-search command line option
--min-severity
argus-cli-events-search command line option
--no-exact-match-property
argus-cli-events-search command line option
--no-paginate
argus-cli-events-search command line option
--no-prod-excludes
argus-cli-cases-autocreate-yaml command line option
--output
argus-cli-customer-networks-update command line option
--progress
argus-cli-events-search command line option
--replace
argus-cli-customer-networks-update command line option
--request-soc-analysis
argus-cli-cases-autocreate command line option
--request-workflow
argus-cli-cases-autocreate command line option
--send-to-qa
argus-cli-cases-autocreate command line option
--silent-update
argus-cli-cases-autocreate command line option
--skip-notifications
argus-cli-cases-autocreate command line option
--sort-by
argus-cli-cases-autocreate command line option
--splunk
argus-cli-customer-networks-update command line option
--status-on-update
argus-cli-cases-autocreate command line option
--tags
argus-cli-cases-autocreate command line option
--test-data
argus-cli-cases-autocreate command line option
argus-cli-cases-autocreate-yaml command line option
--test-time-expr
argus-cli-cases-autocreate-yaml command line option
--time-frame
argus-cli-cases-autocreate-yaml command line option
--timeout
argus-cli-cases-autocreate command line option
--use-fields
argus-cli-cases-autocreate command line option
--validate
argus-cli-cases-autocreate-yaml command line option
--workflow-comment
argus-cli-cases-autocreate command line option
-D
argus-cli-customer-networks-update command line option
-F
argus-cli-customer-networks-update command line option
-i
argus-cli-customer-networks-update command line option
-L
argus-cli-customer-networks-update command line option
-R
argus-cli-customer-networks-update command line option
-t
argus-cli-customer-networks-update command line option
-X
argus-cli-customer-networks-update command line option
-y
argus-cli-customer-networks-update command line option
...]
argus-cli-events-search command line option
,
[1]
,
[2]
,
[3]
,
[4]
,
[5]
,
[6]
<...>]
argus-cli-cases-autocreate command line option
argus-cli-events-search command line option
,
[1]
_
__init__() (argus_cli.helpers.pagination.LimitOffsetPaginator method)
A
argus-cli-cases-autocreate command line option
--acknowledge-workflow
--attach-events
--case-priority
--case-service
--case-status
--case-title
--case-title-en
--case-title-format
--case-title-no
--case-type
--case-watcher
--case-watcher-from-field
--close-after-create
--closed-case-update
--dry
--enrich
--explicit-access
--fields
--group-by
--initial-internal-comment
--internal-case
--request-soc-analysis
--request-workflow
--send-to-qa
--silent-update
--skip-notifications
--sort-by
--status-on-update
--tags
--test-data
--timeout
--use-fields
--workflow-comment
<...>]
DATA
KEY
TEMPLATE_FOLDER
argus-cli-cases-autocreate-yaml command line option
--base-time
--dry
--no-prod-excludes
--test-data
--test-time-expr
--time-frame
--validate
CONFIG
argus-cli-cases-notification-check command line option
--exclude-customer
--format
--ignore-user
END
START
argus-cli-customer-networks-list command line option
CUSTOMER
argus-cli-customer-networks-list-locations command line option
CUSTOMER
argus-cli-customer-networks-update command line option
--always-yes
--delete-missing
--delimiter
--dry
--first-line-defines-format
--format
--interactive
--output
--replace
--splunk
-D
-F
-i
-L
-R
-t
-X
-y
CUSTOMER
FILE
argus-cli-datastores-dump command line option
--customer
--key
DATASTORE
argus-cli-events-search command line option
--[include|exclude]-[source|destination]-ip
--[include|exclude]-alarm
--[include|exclude]-attack-category-id
--[include|exclude]-customer
--[include|exclude]-flag
--[include|exclude]-ip
--[include|exclude]-properties
--[include|exclude]-signature
--[source|destination]-ip-min-bits
--enrich
--limit
--min-count
--min-severity
--no-exact-match-property
--no-paginate
--progress
...]
,
[1]
,
[2]
,
[3]
,
[4]
,
[5]
,
[6]
<...>]
,
[1]
END
START
ARGUS_API_TIMEOUT
ARGUS_CLI_SETTINGS
ARGUS_CLI_SETTINGS_INCLUDES
C
CASE_TYPES (in module argus_plugins.cases.utils)
CONFIG
argus-cli-cases-autocreate-yaml command line option
CUSTOMER
argus-cli-customer-networks-list command line option
argus-cli-customer-networks-list-locations command line option
argus-cli-customer-networks-update command line option
D
DATA
argus-cli-cases-autocreate command line option
DATASTORE
argus-cli-datastores-dump command line option
E
END
argus-cli-cases-notification-check command line option
argus-cli-events-search command line option
environment variable
ARGUS_API_TIMEOUT
,
[1]
ARGUS_CLI_SETTINGS
,
[1]
ARGUS_CLI_SETTINGS_INCLUDES
,
[1]
F
FILE
argus-cli-customer-networks-update command line option
FLAGS (in module argus_plugins.events.utils)
FORMATS (in module argus_cli.utils.formatting)
K
KEY
argus-cli-cases-autocreate command line option
L
LimitOffsetPaginator (class in argus_cli.helpers.pagination)
O
offset_paginated() (in module argus_cli.helpers.pagination)
P
PRIORITIES (in module argus_plugins.cases.utils)
R
retry() (in module argus_cli.helpers.retry)
S
SEVERITIES (in module argus_plugins.events.utils)
START
argus-cli-cases-notification-check command line option
argus-cli-events-search command line option
STATUSES (in module argus_plugins.cases.utils)
T
TEMPLATE_FOLDER
argus-cli-cases-autocreate command line option