/jupiterone-api-client-python

A Python client for jupiterone.io

Primary LanguagePythonMIT LicenseMIT

JupiterOne Python SDK

Python 3.6 Python 3.7

A Python library for the JupiterOne API.

Installation

Requires Python 3.6+

pip install jupiterone

Usage

Create a new client:
from jupiterone import JupiterOneClient

j1 = JupiterOneClient(
    account='<yourAccountId>',
    token='<yourApiToken>',
    url='https://graphql.us.jupiterone.io',
    sync_url='https://api.us.jupiterone.io'
)

Regional or Custom Tenant Support

For users with J1 accounts in the EU region for example, the 'url' parameter will need to be updated to "https://graphql.eu.jupiterone.io" and the 'sync_url' parameter will need to be updated to "https://api.eu.jupiterone.io".

If no 'url' parameter is passed, the default of "https://graphql.us.jupiterone.io" is used, and if no 'sync_url' parameter is passed, the default of "https://api.us.jupiterone.io" is used.

Method Examples:

*See the examples/examples.py for full usage example documentation

Execute a query:
QUERY = 'FIND Host'
query_result = j1.query_v1(QUERY)

# Including deleted entities
query_result = j1.query_v1(QUERY, include_deleted=True)

# Tree query
QUERY = 'FIND Host RETURN TREE'
query_result = j1.query_v1(QUERY)

# Using cursor graphQL variable to return full set of paginated results
QUERY = "FIND (Device | Person)"
cursor_query_r = j1._cursor_query(QUERY)
Create an entity:

Note that the CreateEntity mutation behaves like an upsert, so a non-existent entity will be created or an existing entity will be updated.

properties = {
    'myProperty': 'myValue',
    'tag.myTagProperty': 'value_will_be_a_tag'
}

entity = j1.create_entity(
   entity_key='my-unique-key',
   entity_type='my_type',
   entity_class='MyClass',
   properties=properties,
   timestamp=int(time.time()) * 1000 # Optional, defaults to current datetime
)
print(entity['entity'])

Update an existing entity:

Only send in properties you want to add or update, other existing properties will not be modified.

properties = {
    'newProperty': 'newPropertyValue'
}

j1.update_entity(
    entity_id='<id-of-entity-to-update>',
    properties=properties
)

Delete an entity:

j1.delete_entity(entity_id='<id-of-entity-to-delete>')
Create a relationship
j1.create_relationship(
    relationship_key='this_entity_relates_to_that_entity',
    relationship_type='my_relationship_type',
    relationship_class='MYRELATIONSHIP',
    from_entity_id='<id-of-source-entity>',
    to_entity_id='<id-of-destination-entity>'
)
Delete a relationship
j1.delete_relationship(relationship_id='<id-of-relationship-to-delete>')
Fetch Graph Entity Properties
j1.fetch_all_entity_properties()
Fetch Graph Entity Tags
j1.fetch_all_entity_tags()
Fetch Entity Raw Data
j1.fetch_entity_raw_data(entity_id='<id-of-entity>')
Create Integration Instance
j1.create_integration_instance(
    instance_name="Integration Name", 
    instance_description="Description Text")
Start Synchronization Job
j1.start_sync_job(instance_id='<id-of-integration-instance>')
Upload Batch of Entities
entities_payload = [
    {
      "_key": "1",
      "_type": "pythonclient",
      "_class": "API",
      "displayName": "pythonclient1",
      "propertyName": "value"
    },
    {
      "_key": "2",
      "_type": "pythonclient",
      "_class": "API",
      "displayName": "pythonclient2",
      "propertyName": "value"
    },
    {
      "_key": "3",
      "_type": "pythonclient",
      "_class": "API",
      "displayName": "pythonclient3",
      "propertyName": "value"
    }
]

j1.upload_entities_batch_json(instance_job_id='<id-of-integration-sync-job>',
                              entities_list=entities_payload)
Upload Batch of Relationships
relationships_payload = [
    {
      "_key": "1:2",
      "_class": "EXTENDS",
      "_type": "pythonclient_extends_pythonclient",
      "_fromEntityKey": "1",
      "_toEntityKey": "2",
      "relationshipProperty": "value"
    },
    {
      "_key": "2:3",
      "_class": "EXTENDS",
      "_type": "pythonclient_extends_pythonclient",
      "_fromEntityKey": "2",
      "_toEntityKey": "3",
      "relationshipProperty": "value"
    }
]

j1.upload_relationships_batch_json(instance_job_id='<id-of-integration-sync-job>',
                                   relationships_list=relationships_payload)
Upload Batch of Entities and Relationships
combined_payload = {
    "entities": [
    {
      "_key": "4",
      "_type": "pythonclient",
      "_class": "API",
      "displayName": "pythonclient4",
      "propertyName": "value"
    },
    {
      "_key": "5",
      "_type": "pythonclient",
      "_class": "API",
      "displayName": "pythonclient5",
      "propertyName": "value"
    },
    {
      "_key": "6",
      "_type": "pythonclient",
      "_class": "API",
      "displayName": "pythonclient6",
      "propertyName": "value"
    }
],
    "relationships": [
    {
      "_key": "4:5",
      "_class": "EXTENDS",
      "_type": "pythonclient_extends_pythonclient",
      "_fromEntityKey": "4",
      "_toEntityKey": "5",
      "relationshipProperty": "value"
    },
    {
      "_key": "5:6",
      "_class": "EXTENDS",
      "_type": "pythonclient_extends_pythonclient",
      "_fromEntityKey": "5",
      "_toEntityKey": "6",
      "relationshipProperty": "value"
    }
]
}

j1.upload_combined_batch_json(instance_job_id='<id-of-integration-sync-job>',
                              combined_payload=combined_payload)
Finalize Synchronization Job
j1.finalize_sync_job(instance_job_id='<id-of-integration-sync-job>')
Fetch Integration Instance Jobs
j1.fetch_integration_jobs(instance_id='<id-of-integration-instance>')
Fetch Integration Instance Job Events
j1.fetch_integration_job_events(instance_id='<id-of-integration-instance>',
                                instance_job_id='<id-of-integration-instance-job>')
Create SmartClass
j1.create_smartclass(smartclass_name='SmartClassName',
                     smartclass_description='SmartClass Description Text')
Create SmartClass Query
j1.create_smartclass_query(smartclass_id='<id-of-smartclass>',
                           query='<J1QL-query-to-be-added>',
                           query_description='Query Description Text')
Run SmartClass Evaluation
j1.evaluate_smartclass(smartclass_id='<id-of-smartclass>')
Get SmartClass Details
j1.get_smartclass_details(smartclass_id='<id-of-smartclass>')
Generate J1QL from Natural Language Prompt
j1.generate_j1ql(natural_language_prompt='<natural-language-input-text>')
List Alert Rules
j1.list_alert_rules()
Get Alert Rule Details
j1.get_alert_rule_details(rule_id='<id-of-alert-rule>')
Create Alert Rule
# polling_interval can be DISABLED, THIRTY_MINUTES, ONE_HOUR, FOUR_HOURS, EIGHT_HOURS, TWELVE_HOURS, ONE_DAY, or ONE_WEEK
# severity can be INFO, LOW, MEDIUM, HIGH, or CRITICAL

j1.create_alert_rule(name="create_alert_rule-name",
                     description="create_alert_rule-description",
                     tags=['tag1', 'tag2'],
                     polling_interval="DISABLED",
                     severity="INFO",
                     j1ql="find jupiterone_user")
Create Alert Rule with Action Config
webhook_action_config = {
            "type": "WEBHOOK",
            "endpoint": "https://webhook.domain.here/endpoint",
            "headers": {
              "Authorization": "Bearer <SECRET>",
            },
            "method": "POST",
            "body": {
              "queryData": "{{queries.query0.data}}"
            }
}

tag_entities_action_config = {
            "type": "TAG_ENTITIES",
            "entities": "{{queries.query0.data}}",
            "tags": [
              {
                "name": "tagKey",
                "value": "tagValue"
              }
            ]
}

j1.create_alert_rule(name="create_alert_rule-name",
                    description="create_alert_rule-description",
                    tags=['tag1', 'tag2'],
                    polling_interval="DISABLED",
                    severity="INFO",
                    j1ql="find jupiterone_user",
                    action_configs=webhook_action_config)
Delete Alert Rule
j1.delete_alert_rule(rule_id='<id-of-alert-rule')
Update Alert Rule
# polling_interval can be DISABLED, THIRTY_MINUTES, ONE_HOUR, FOUR_HOURS, EIGHT_HOURS, TWELVE_HOURS, ONE_DAY, or ONE_WEEK
# tag_op can be OVERWRITE or APPEND
# severity can be INFO, LOW, MEDIUM, HIGH, or CRITICAL
# action_configs_op can be OVERWRITE or APPEND

alert_rule_config_alert = [
    {
        "type": "CREATE_ALERT"
    }
]

alert_rule_config_tag = [
    {
        "type": "TAG_ENTITIES",
        "entities": "{{queries.query0.data}}",
        "tags": [
            {
                "name": "tagName",
                "value": "tagValue"
            }
        ]
    }
]

alert_rule_config_webhook = [
    {
        "type": "WEBHOOK",
        "endpoint": "https://webhook.example",
        "headers": {
            "Authorization": "Bearer <TOKEN>"
        },
        "method": "POST",
        "body": {
            "queryData": "{{queries.query0.data}}"
        }
    }
]

alert_rule_config_multiple = [
    {
        "type": "WEBHOOK",
        "endpoint": "https://webhook.example",
        "headers": {
            "Authorization": "Bearer <TOKEN>"
        },
        "method": "POST",
        "body": {
            "queryData": "{{queries.query0.data}}"
        }
    },
    {
        "type": "TAG_ENTITIES",
        "entities": "{{queries.query0.data}}",
        "tags": [
            {
                "name": "tagName",
                "value": "tagValue"
            }
        ]
    }
]

j1.update_alert_rule(rule_id="<id-of-alert-rule>",
                     name="Updated Alert Rule Name",
                     description="Updated Alert Rule Description",
                     j1ql="find jupiterone_user",
                     polling_interval="ONE_WEEK",
                     tags=['tag1', 'tag2', 'tag3'],
                     tag_op="OVERWRITE",
                     severity="INFO",
                     action_configs=alert_rule_config_tag,
                     action_configs_op="OVERWRITE")

j1.update_alert_rule(rule_id='<id-of-alert-rule>',
                     tags=['newTag1', 'newTag1'],
                     tag_op="OVERWRITE")

j1.update_alert_rule(rule_id='<id-of-alert-rule>',
                     tags=['additionalTag1', 'additionalTag2'],
                     tag_op="APPEND")
Evaluate Alert Rule
j1.evaluate_alert_rule(rule_id='<id-of-alert-rule>')
Get Compliance Framework Item
j1.get_compliance_framework_item_details(item_id="<id-of-item>")
List Alert Rule Evaluation Results
j1.list_alert_rule_evaluation_results(rule_id="<id-of-rule>")
Fetch Evaluation Result Download URL
j1.fetch_evaluation_result_download_url(raw_data_key="RULE_EVALUATION/<id-of-evaluation>/query0.json")
Fetch Evaluation Result Download URL
j1.fetch_evaluation_result_download_url(raw_data_key="RULE_EVALUATION/<id-of-evaluation>/query0.json")
Fetch Downloaded Evaluation Results
j1.fetch_downloaded_evaluation_results(download_url="https://download.us.jupiterone.io/<id-of-rule>/RULE_EVALUATION/<id-of-evaluation>/<epoch>/query0.json?token=<TOKEN>&Expires=<epoch>")
Get Integration Definition Details
# examples: 'aws', 'azure', 'google_cloud'

j1.get_integration_definition_details(integration_type="<integration-type>")
Fetch Integration Instances
j1.fetch_integration_instances(definition_id="<id-of-definition>")
Fetch Integration Instance Details
j1.get_integration_instance_details(instance_id="<id-of-integration-instance>")
Get Account Parameter Details
j1.get_parameter_details(name="ParameterName")
List Account Parameters
j1.list_account_parameters()
Create or Update Acount Parameter
j1.create_update_parameter(name="ParameterName", value="stored_value", secret=False)