JupiterOne · SeaBlooms · Oct 23, 2024 · Oct 23, 2024 · Oct 23, 2024 · Oct 23, 2024
@@ -2,6 +2,7 @@
 import random
 import time
 import os
+from datetime import datetime
 
 account = os.environ.get("JUPITERONE_ACCOUNT")
 token = os.environ.get("JUPITERONE_TOKEN")
@@ -118,11 +119,20 @@
 integration_instance_id = "<GUID>"
 
 # start_sync_job
-start_sync_job_r = j1.start_sync_job(instance_id=integration_instance_id)
+# sync_mode can be "DIFF", "CREATE_OR_UPDATE", or "PATCH"
+start_sync_job_r = j1.start_sync_job(instance_id=integration_instance_id,
+                                     sync_mode='CREATE_OR_UPDATE',
+                                     source='integration-external')
 print("start_sync_job()")
 print(start_sync_job_r)
 
 # upload_entities_batch_json
+rand_val_range = [x / 10.0 for x in range(0, 100)]
+rand_val = random.choice(rand_val_range)
+
+now_dt = datetime.now()
+epoch_now = round(datetime.strptime(str(now_dt), "%Y-%m-%d %H:%M:%S.%f").timestamp())
+
 entity_payload = [
     {
       "_key": "1",
@@ -131,20 +141,18 @@
       "displayName": "pythonclient1",
       "propertyName": "value",
       "relationshipProperty": "source",
+      "value": rand_val,
+      "bulkUploadedOn": epoch_now
     },
     {
       "_key": "2",
       "_type": "pythonclient",
       "_class": "API",
       "displayName": "pythonclient2",
-      "propertyName": "value"
-    },
-    {
-      "_key": "3",
-      "_type": "pythonclient",
-      "_class": "API",
-      "displayName": "pythonclient3",
-      "propertyName": "value"
+      "propertyName": "value",
+      "relationshipProperty": "source",
+      "value": rand_val,
+      "bulkUploadedOn": epoch_now
     }
 ]
 
@@ -188,22 +196,21 @@
       "_type": "pythonclient",
       "_class": "API",
       "displayName": "pythonclient4",
-      "propertyName": "value",
-      "relationshipProperty": "source",
+      "enrichProp": "value1"
     },
     {
       "_key": "5",
       "_type": "pythonclient",
       "_class": "API",
       "displayName": "pythonclient5",
-      "propertyName": "value"
+      "enrichProp": "value2"
     },
     {
       "_key": "6",
       "_type": "pythonclient",
       "_class": "API",
       "displayName": "pythonclient6",
-      "propertyName": "value"
+      "enrichProp": "value3"
     }
 ],
     "relationships": [
@@ -278,12 +285,57 @@
 print("get_smartclass_details()")
 print(get_smartclass_details_r)
 
-# list_configured_alert_rules
-list_configured_alert_rules_r = j1.list_configured_alert_rules()
-print("list_configured_alert_rules()")
-print(list_configured_alert_rules_r)
-
 # generate_j1ql
 generate_j1ql_r = j1.generate_j1ql(natural_language_prompt="show me all Users containing 'jupiterone' in their email address")
 print("generate_j1ql()")
 print(generate_j1ql_r)
+
+# list_alert_rules
+list_alert_rules_r = j1.list_alert_rules()
+print("list_configured_alert_rules()")
+print(list_alert_rules_r)
+print(len(list_alert_rules_r))
+
+# get_alert_rule_details
+get_alert_rule_details_r = j1.get_alert_rule_details(alert_rule_id="<GUID>")
+print("get_alert_rule_details()")
+print(get_alert_rule_details_r)
+
+# create_alert_rule
+webhook_token = "<SECRET>"
+
+webhook_action_config = {
+            "type": "WEBHOOK",
+            "endpoint": "https://webhook.domain.here/endpoint",
+            "headers": {
+              "Authorization": "Bearer {}".format(webhook_token),
+            },
+            "method": "POST",
+            "body": {
+              "queryData": "{{queries.query0.data}}"
+            }
+}
+
+tag_entities_action_config = {
+            "type": "TAG_ENTITIES",
+            "entities": "{{queries.query0.data}}",
+            "tags": [
+              {
+                "name": "tagKey",
+                "value": "tagValue"
+              }
+            ]
+}
+
+create_alert_rule_r = j1.create_alert_rule(name="create_alert_rule",
+                                           description="create_alert_rule-description",
+                                           tags=['tag1', 'tag2'],
+                                           polling_interval="DISABLED",
+                                           severity="INFO",
+                                           j1ql="find jupiterone_user")
+print("create_alert_rule()")
+print(create_alert_rule_r)
+
+delete_alert_rule_r = j1.delete_alert_rule(rule_id="<GUID>")
+print("delete_alert_rule()")
+print(delete_alert_rule_r)
@@ -48,7 +48,6 @@
     """Used to trigger retry on rate limit"""
     return isinstance(exc, JupiterOneApiRetryError)
 
-
 class JupiterOneClient:
     """Python client class for the JupiterOne GraphQL API"""
 
@@ -712,12 +711,82 @@
         return response['data']['j1qlFromNaturalLanguage']
 
     def list_alert_rules(self):
-        """List defined Alert Rules configured in J1 account
+        """List all defined Alert Rules configured in J1 account
+
+        """
+        results = []
+
+        data = {
+            "query": LIST_RULE_INSTANCES,
+            "flags": {
+                "variableResultSize": True
+            }
+        }
+
+        r = requests.post(url=self.graphql_url, headers=self.headers, json=data, verify=True).json()
+        results.extend(r['data']['listRuleInstances']['questionInstances'])
+
+        while r['data']['listRuleInstances']['pageInfo']['hasNextPage'] == True:
+
+            cursor = r['data']['listRuleInstances']['pageInfo']['endCursor']
+
+            # cursor query until last page fetched
+            data = {
+                "query": LIST_RULE_INSTANCES,
+                "variables": {
+                    "cursor": cursor
+                },
+                "flags":{
+                    "variableResultSize": True
+                }
+            }
+
+            r = requests.post(url=self.graphql_url, headers=self.headers, json=data, verify=True).json()
+            results.extend(r['data']['listRuleInstances']['questionInstances'])
+
+        return results
+
+    def get_alert_rule_details(self, alert_rule_id: str = None):
+        """Get details of a single defined Alert Rule configured in J1 account
 
         """
-        response = self._execute_query(LIST_RULE_INSTANCES)
+        results = []
+
+        data = {
+            "query": LIST_RULE_INSTANCES,
+            "flags": {
+                "variableResultSize": True
+            }
+        }
+
+        r = requests.post(url=self.graphql_url, headers=self.headers, json=data, verify=True).json()
+        results.extend(r['data']['listRuleInstances']['questionInstances'])
+
+        while r['data']['listRuleInstances']['pageInfo']['hasNextPage'] == True:
+
+            cursor = r['data']['listRuleInstances']['pageInfo']['endCursor']
+
+            # cursor query until last page fetched
+            data = {
+                "query": LIST_RULE_INSTANCES,
+                "variables": {
+                    "cursor": cursor
+                },
+                "flags":{
+                    "variableResultSize": True
+                }
+            }
+
+            r = requests.post(url=self.graphql_url, headers=self.headers, json=data, verify=True).json()
+            results.extend(r['data']['listRuleInstances']['questionInstances'])
+
+        # pick result out of list of results by 'id' key
+        for item in results:
+            if item["id"] == alert_rule_id:
+                result = item
+                break
 
-        return response['data']['listRuleInstances']
+        return result
 
     def create_alert_rule(self, name: str = None, description: str = None, tags: List[str] = None, polling_interval: str = None, severity: str = None, j1ql: str = None, action_configs: Dict = None):
         """Create Alert Rule Configuration in J1 account
@@ -795,4 +864,5 @@
 
         response = self._execute_query(DELETE_RULE_INSTANCE, variables=variables)
 
-        return response['data']['deleteRuleInstance']
+        return response['data']['deleteRuleInstance']
+