Hugging Face's logo

ineso22
/
Mozdef

Model card Files
xet
 Community
Mozdef
File size: 2,085 Bytes
7c89ed7
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
Creating/Updating Documents
---------------------------

Create a new Event
^^^^^^^^^^^^^^^^^^

.. code-block:: python
   :linenos:

   event_dict = {
       "example_key": "example value"
   }
   es_client.save_event(body=event_dict)

Update an existing event
^^^^^^^^^^^^^^^^^^^^^^^^

.. code-block:: python
   :linenos:

   event_dict = {
       "example_key": "example new value"
   }
   # Assuming 12345 is the id of the existing entry
   es_client.save_event(body=event_dict, doc_id="12345")

Create a new alert
^^^^^^^^^^^^^^^^^^

.. code-block:: python
   :linenos:

   alert_dict = {
       "example_key": "example value"
   }
   es_client.save_alert(body=alert_dict)

Update an existing alert
^^^^^^^^^^^^^^^^^^^^^^^^

.. code-block:: python
   :linenos:

   alert_dict = {
       "example_key": "example new value"
   }
   # Assuming 12345 is the id of the existing entry
   es_client.save_alert(body=alert_dict, doc_id="12345")

Create a new generic document
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

.. code-block:: python
   :linenos:

   document_dict = {
       "example_key": "example value"
   }
   es_client.save_object(index='randomindex', body=document_dict)

Update an existing document
^^^^^^^^^^^^^^^^^^^^^^^^^^^

.. code-block:: python
   :linenos:

   document_dict = {
       "example_key": "example new value"
   }
   # Assuming 12345 is the id of the existing entry
   es_client.save_object(index='randomindex', body=document_dict, doc_id="12345")

Bulk Importing
^^^^^^^^^^^^^^

.. code-block:: python
   :linenos:

   from mozdef_util.elasticsearch_client import ElasticsearchClient
   es_client = ElasticsearchClient("http://127.0.0.1:9200", bulk_amount=30, bulk_refresh_time=5)
   es_client.save_event(body={'key': 'value'}, bulk=True)

- Line 2: bulk_amount (defaults to 100), specifies how many messages should sit in the bulk queue before they get written to elasticsearch
- Line 2: bulk_refresh_time (defaults to 30), is the amount of time that a bulk flush is forced
- Line 3: bulk (defaults to False) determines if an event should get added to a bulk queue