Skip to content

Commit d436899

Browse files
mihirvala08mihirvala08
committed
chore: added example and api mapping
1 parent 0750c0d commit d436899

2 files changed

Lines changed: 45 additions & 4 deletions

File tree

api_module_mapping.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -553,6 +553,7 @@ Following shows mapping between SecOps [REST Resource](https://cloud.google.com/
553553
| logTypes.parsers.create | v1alpha | chronicle.parser.create_parser | secops parser create |
554554
| logTypes.parsers.deactivate | v1alpha | chronicle.parser.deactivate_parser | secops parser deactivate |
555555
| logTypes.parsers.delete | v1alpha | chronicle.parser.delete_parser | secops parser delete |
556+
| logTypes.parsers.fetchParserCandidates | v1alpha | chronicle.parser.fetch_parser_candidates | secops parser fetch-candidates |
556557
| logTypes.parsers.get | v1alpha | chronicle.parser.get_parser | secops parser get |
557558
| logTypes.parsers.list | v1alpha | chronicle.parser.list_parsers | secops parser list |
558559
| logTypes.parsers.validationReports.get | v1alpha | | |

examples/example.py

Lines changed: 44 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1413,8 +1413,47 @@ def example_parser_workflow(chronicle):
14131413
print(f"\nUnexpected error: {e}")
14141414

14151415

1416+
def example_fetch_parser_candidates(chronicle):
1417+
"""Example 13: Fetch Parser Candidates for a log type."""
1418+
print("\n=== Example 13: Fetch Parser Candidates ===")
1419+
1420+
log_type = "OKTA"
1421+
parser_action = "PARSER_ACTION_OPT_IN_TO_PREVIEW"
1422+
1423+
try:
1424+
print(
1425+
f"\nFetching parser candidates for log type '{log_type}' "
1426+
f"with action '{parser_action}'..."
1427+
)
1428+
candidates = chronicle.fetch_parser_candidates(
1429+
log_type=log_type,
1430+
parser_action=parser_action,
1431+
)
1432+
1433+
if not candidates:
1434+
print(f"No parser candidates found for log type '{log_type}'.")
1435+
return
1436+
1437+
print(f"Found {len(candidates)} parser candidate(s):")
1438+
for candidate in candidates:
1439+
name = candidate.get("name", "N/A")
1440+
state = candidate.get("state", "N/A")
1441+
parser_id = name.split("/")[-1]
1442+
print(f" - ID: {parser_id}, State: {state}")
1443+
1444+
except APIError as e:
1445+
print(f"\nAPI Error: {e}")
1446+
print("\nTroubleshooting tips:")
1447+
print(
1448+
"- Ensure the log type supports prebuilt parser candidates"
1449+
)
1450+
print("- Check if you have the required permissions")
1451+
except ValueError as e:
1452+
print(f"\nInvalid input: {e}")
1453+
1454+
14161455
def example_rule_test(chronicle):
1417-
"""Example 13: Test a detection rule against historical data."""
1456+
"""Example 14: Test a detection rule against historical data."""
14181457
print("\n=== Example 13: Test a Detection Rule Against Historical Data ===")
14191458

14201459
# Define time range for testing - use a recent time period (last 7 days)
@@ -1491,8 +1530,9 @@ def example_rule_test(chronicle):
14911530
"10": example_udm_ingestion,
14921531
"11": example_gemini,
14931532
"12": example_parser_workflow,
1494-
"13": example_rule_test,
1495-
"14": example_udm_search_view,
1533+
"13": example_fetch_parser_candidates,
1534+
"14": example_rule_test,
1535+
"15": example_udm_search_view,
14961536
}
14971537

14981538

@@ -1507,7 +1547,7 @@ def main():
15071547
parser.add_argument(
15081548
"--example",
15091549
"-e",
1510-
help="Example number to run (1-14). If not specified, runs all examples.",
1550+
help="Example number to run (1-15). If not specified, runs all examples.",
15111551
)
15121552

15131553
args = parser.parse_args()

0 commit comments

Comments
 (0)