API Reference

argus_cli

Contains the CLI framework.

utils

formatting

argus_cli.utils.formatting.FORMATS = {'csv': <function csv>, 'jira-table': <function jira_table>, 'json': functools.partial(<function dumps>, indent=2)}

supported output formatters

helpers

retry

argus_cli.helpers.retry.retry(func: Callable, args: Optional[Iterable[Any]] = None, kwargs: Optional[Dict[str, Any]] = None, exception_classes: Optional[Iterable[Type[Exception]]] = None, max_retries: int = 0)

Retries calling a function up to a maximum number of attempts.

Parameters

  • func – function to retry

  • args – positional arguments for the function

  • kwargs – keyword arguments for the function

  • exception_classes – iterable of exceptions to retry on.

  • max_retries – maximum number of retries (mot including the initial call)

Returns

the return value of func(*args, **kwargs)

pagination

argus_cli.helpers.pagination.offset_paginated(func: Callable) Callable
class argus_cli.helpers.pagination.LimitOffsetPaginator(page: dict, fetcher: Callable, fetcher_args: Iterable, fetcher_kwargs: dict)

Iterator class for Argus-API methods returning result sets.

Meant for endpoints supporting limit/offset pagination, and to be instantiated via the offset_paginated() decorator.

__init__(page: dict, fetcher: Callable, fetcher_args: Iterable, fetcher_kwargs: dict)

Initialize an instance

Parameters

  • page – initial API response (i.e. the first “page”)

  • fetcher – argus_api method used to fetch data

  • fetcher_args – positional arguments for the fetcher

  • fetcher_kwargs – keyword arguments for the fetcher

argus_plugins

Contains plugins/commands definitions.

cases

constants

argus_plugins.cases.utils.STATUSES = ['pendingCustomer', 'pendingSoc', 'pendingVendor', 'workingSoc', 'workingCustomer', 'pendingClose', 'closed']

Valid Argus case statuses

argus_plugins.cases.utils.PRIORITIES = ['low', 'medium', 'high', 'critical']

Valid Argus case priorities

argus_plugins.cases.utils.CASE_TYPES = ['securityIncident', 'operationalIncident', 'informational', 'change']

Valid Argus case types

events

constants

argus_plugins.events.utils.FLAGS = ['ESTABLISHED', 'BLOCKED', 'SNAPSHOT', 'FINALIZED', 'SOURCE_IS_CUSTOMERNET', 'DESTINATION_IS_CUSTOMERNET', 'SOURCE_IS_PARTIAL_CUSTOMERNET', 'DESTINATION_IS_PARTIAL_CUSTOMERNET', 'INTRUDER_IS_CUSTOMERNET', 'VICTIM_IS_CUSTOMERNET', 'INTRUDER_IS_PARTIAL_CUSTOMERNET', 'VICTIM_IS_PARTIAL_CUSTOMERNET', 'PARTIALLY_BLOCKED', 'FALSE_POSITIVE', 'NOT_A_THREAT', 'TUNING_CANDIDATE', 'NOTIFIED', 'PARTIALLY_NOTIFIED', 'FOLLOWUP', 'IDENTIFIED_THREAT', 'THREAT_CANDIDATE', 'ACKNOWLEDGED', 'PARTIALLY_ACKNOWLEDGED', 'SEVERITY_ADJUSTED', 'COMMENTED', 'FILTERED', 'CHECKED', 'INCOMPLETE_DETAILS', 'AGGREGATED_BASE_EVENT', 'REMOTE_STORAGE', 'CUSTOM_SOURCE_AGGREGATION', 'CUSTOM_DESTINATION_AGGREGATION', 'CUSTOM_INTRUDER_AGGREGATION', 'CUSTOM_VICTIM_AGGREGATION', 'HAS_DETAILS', 'HAS_PAYLOAD', 'HAS_PCAP', 'ASSOCIATED_TO_CASE_BY_FILTER', 'SEVERITY_INCREASED_BY_FILTER', 'SEVERITY_REDUCED_BY_FILTER', 'CREATED_BY_ANALYSIS_FILTER', 'EXTEND_EVENT_TTL', 'INITIAL_TUNING', 'POST_ANALYSIS', 'PARTIAL_SSL_TERMINATED', 'SSL_TERMINATED', 'AUTO_REPORT', 'MISSING_TIMESTAMP', 'CLOCK_OUT_OF_SYNC', 'DROP_ANALYSIS', 'ESCALATED_BY_REPUTATION', 'HAS_SAMPLE', 'STORE_EVENT', 'STORE_AGGREGATED', 'SOURCE_IS_MANAGED_BY_SOC', 'DESTINATION_IS_MANAGED_BY_SOC', 'HANDLED_BY_ANALYST', 'SLA_VIOLATION', 'PAYLOAD_TRUNCATED', 'HAS_STRING_PAYLOAD', 'REASSESSED']

Valid event flags

argus_plugins.events.utils.SEVERITIES = ['low', 'medium', 'high', 'critical']

Valid event severity values