Skip to content

Sessions

class _incydr_sdk.sessions.client.SessionsV1(parent)

Client for /v1/sessions endpoints.

Usage example:

>>> import incydr
>>> from incydr.enums.items import SessionStates
>>> client = incydr.Client(**kwargs)
>>> client.items.v1.change_state("<session_id>", SessionStates.CLOSED)
add_note(self, session_id, note_content)

Add a note to a session, specified by ID.

Parameters:

  • session_id: str (required) - The session ID.
  • note_content: str (required) - The note content to add. Max 2000 characters.

Returns: A requests.Response object indicating success.

get_page(self, actor_id=None, start_time=None, end_time=None, has_alerts=True, sort_key=None, risk_indicators=None, sort_dir=None, states=None, severities=None, rule_ids=None, watchlist_ids=None, page_num=0, page_size=50, content_inspection_status=None)

Get a page of items.

Filter results by passing the appropriate parameters.

Parameters:

  • actor_id: str | None - Only include items generated by this actor.
  • start_time: datetime | str | int | None - Only include items beginning on or after this date and time. Can be a date-formatted string, a datetime instance, or a POSIX int timestamp.
  • end_time: datetime | str | int | None - Only include items beginning before this date and time. Can be a date-formatted string, a datetime instance, or a POSIX int timestamp.
  • has_alerts: bool - Only include items that have a matching alert status. Defaults to True.
  • sort_key: [SortKeys][items-sort-keys] - end_time or score. Value on which the results will be sorted. Defaults to end time.
  • risk_indicators: List[str] | None - List of risk indicator IDs that must be present on the items before they are returned.
  • sort_dir: SortDirection - asc for ascending or desc for descending. The direction in which to sort the response based on the corresponding key. Defaults to desc.
  • states: List[[SessionStates][items-session-states]] - Optional list of one or more session states to filter upon. Only include items that include these matching states.
  • severities: List[int] | None - Only include items that have the matching severity value(s). 0 = no risk, 1 = low, 2 = moderate, 3 = high, 4 = critical
  • rule_ids: List[str] | None - Optional list of one or more rule ids to filter upon.
  • watchlist_ids: List[str] | None - Optional list of one or more watchlist ids to filter upon.
  • page_num: int - Page number for results, starting at 0.
  • page_size: int - Max number of results to return per page, between 1 and 50 inclusive. Defaults to 50.
  • content_inspection_status: List[[ContentInspectionStatuses][items-content-inspection-statuses]] | None - The content inspection status(es) to limit the search to.

Returns: A [SessionsPage][sessionspage-model] object.

get_session_details(self, session_id)

Get details of a session.

Parameters:

  • session_id: str (required) - The session ID.

Returns: A [Session][session-model] object representing the session.

get_session_events(self, session_id)

Gets details for the events associated with alerted-on session activity.

Returns the same response object as the file event client search method.

Parameters:

  • session_id: str (required) - The session ID.

Returns: A FileEventsPage object.

iter_all(self, actor_id=None, start_time=None, end_time=None, has_alerts=True, sort_key=None, risk_indicators=None, sort_dir=None, states=None, severities=None, rule_ids=None, watchlist_ids=None, page_size=50, content_inspection_status=None)

Iterate over all items.

Accepts the same parameters as .get_page() excepting page_num.

Returns: A generator yielding individual [Session][session-model] objects.

update_state_by_criteria(self, new_state, actor_id=None, start_time=None, end_time=None, has_alerts=True, risk_indicators=None, states=None, severities=None, rule_ids=None, watchlist_ids=None, content_inspection_status=None)

Change the state of all items matching the filter criteria.

Makes an initial API call to update the desired items to the state. Processes up to 500 session IDs at a time and continues to make subsequent API calls until all items matching the criteria are updated.

Parameters:

  • actor_id: str | None - The ID of the actor to limit the search to.
  • start_time: datetime | str | int | None - Only include items beginning on or after this date and time. Can be a date-formatted string, a datetime instance, or a POSIX int timestamp.
  • end_time: datetime | str | int | None - Only include items beginning before this date and time. Can be a date-formatted string, a datetime instance, or a POSIX int timestamp.
  • has_alerts: bool - Only include items that have a matching alert status. Defaults to True.
  • sort_key: [SortKeys][items-sort-keys] - end_time or score. Value on which the results will be sorted. Defaults to end time.
  • risk_indicators: List[str] | None - List of risk indicator IDs that must be present on the items before they are returned.
  • sort_dir: SortDirection - asc for ascending or desc for descending. The direction in which to sort the response based on the corresponding key. Defaults to desc.
  • states: List[[SessionStates][items-session-states]] - Only include items that have a matching state.
  • severities: List[int | None - Only include items that have a matching severity value. 0 = no risk, 1 = low, 2 = moderate, 3 = high, 4 = critical
  • rule_ids: List[str] | None - Optional list of rule ids to filter upon.
  • watchlist_ids: List[str] | None - Optional list of watchlist ids to filter upon.
  • page_num: int - Page number for results, starting at 1.
  • page_size: int - Max number of results to return per page, between 1 and 50 inclusive. Defaults to 50.
  • content_inspection_status: List[[ContentInspectionStatuses][items-content-inspection-statuses]] | None - The content inspection status(es) to limit the search to.

Returns: An array of all requests.Response objects received during processing.

update_state_by_id(self, session_ids, new_state)

Change the state of a one or more items specified by ID.

Processes up to 100 session IDs at a time and continues to make subsequent API calls until all indicated items are updated.

Parameters:

  • session_id: str | List[str] (required) - One or more session IDs.
  • state: [SessionStates][items-session-states] - The new state for the desired items.

Returns: An array of all requests.Response objects received during processing.