Hugging Face's logo

ineso22
/
Mozdef

Model card Files
xet
 Community
Mozdef / docs /source /mozdef_util /create.rst
ineso22's picture
ineso22
Upload folder using huggingface_hub
7c89ed7 verified
raw
history blame contribute delete
2.09 kB
Creating/Updating Documents
---------------------------
Create a new Event
^^^^^^^^^^^^^^^^^^
.. code-block:: python
 :linenos:
event_dict = {
 "example_key": "example value"
 }
 es_client.save_event(body=event_dict)
Update an existing event
^^^^^^^^^^^^^^^^^^^^^^^^
.. code-block:: python
 :linenos:
event_dict = {
 "example_key": "example new value"
 }
 # Assuming 12345 is the id of the existing entry
 es_client.save_event(body=event_dict, doc_id="12345")
Create a new alert
^^^^^^^^^^^^^^^^^^
.. code-block:: python
 :linenos:
alert_dict = {
 "example_key": "example value"
 }
 es_client.save_alert(body=alert_dict)
Update an existing alert
^^^^^^^^^^^^^^^^^^^^^^^^
.. code-block:: python
 :linenos:
alert_dict = {
 "example_key": "example new value"
 }
 # Assuming 12345 is the id of the existing entry
 es_client.save_alert(body=alert_dict, doc_id="12345")
Create a new generic document
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. code-block:: python
 :linenos:
document_dict = {
 "example_key": "example value"
 }
 es_client.save_object(index='randomindex', body=document_dict)
Update an existing document
^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. code-block:: python
 :linenos:
document_dict = {
 "example_key": "example new value"
 }
 # Assuming 12345 is the id of the existing entry
 es_client.save_object(index='randomindex', body=document_dict, doc_id="12345")
Bulk Importing
^^^^^^^^^^^^^^
.. code-block:: python
 :linenos:
from mozdef_util.elasticsearch_client import ElasticsearchClient
 es_client = ElasticsearchClient("http://127.0.0.1:9200", bulk_amount=30, bulk_refresh_time=5)
 es_client.save_event(body={'key': 'value'}, bulk=True)
- Line 2: bulk_amount (defaults to 100), specifies how many messages should sit in the bulk queue before they get written to elasticsearch
- Line 2: bulk_refresh_time (defaults to 30), is the amount of time that a bulk flush is forced
- Line 3: bulk (defaults to False) determines if an event should get added to a bulk queue