add compliance and alert rule evaluation methods

Author: SeaBlooms

examples/examples.py

@@ -426,6 +426,24 @@
 print("evaluate_alert_rule()")
 print(json.dumps(evaluate_alert_rule_r, indent=1))
 
-
+# get_compliance_framework_item_details
+r = j1.get_compliance_framework_item_details(item_id="<GUID>")
+print("get_compliance_framework_item_details()")
+print(json.dumps(r, indent=1))
+
+# list alert rule evaluation results
+r = j1.list_alert_rule_evaluation_results(rule_id="<GUID>")
+print("list_alert_rule_evaluation_results()")
+print(json.dumps(r, indent=1))
+
+# fetch_evaluation_result_download_url
+r = j1.fetch_evaluation_result_download_url(raw_data_key="RULE_EVALUATION/<GUID>/query0.json")
+print("fetch_evaluation_result_download_url()")
+print(json.dumps(r, indent=1))
+
+# fetch_downloaded_evaluation_results
+r = j1.fetch_downloaded_evaluation_results(download_url="https://download.us.jupiterone.io/<GUID>%2FRULE_EVALUATION%2F<GUID>%2F<epoch>%2Fquery0.json?token=<TOKEN>&Expires=<epoch>")
+print("fetch_downloaded_evaluation_results()")
+print(json.dumps(r, indent=1))
 
 

jupiterone/client.py

@@ -6,6 +6,7 @@
 from warnings import warn
 from typing import Dict, List
 from datetime import datetime
+import time
 
 import re
 import requests
@@ -45,6 +46,9 @@
     UPDATE_RULE_INSTANCE,
     EVALUATE_RULE_INSTANCE,
     QUESTIONS,
+    COMPLIANCE_FRAMEWORK_ITEM,
+    LIST_COLLECTION_RESULTS,
+    GET_RAW_DATA_DOWNLOAD_URL,
 )
 
 
@@ -1010,42 +1014,52 @@ def evaluate_alert_rule(self, rule_id: str = None):
         response = self._execute_query(EVALUATE_RULE_INSTANCE, variables=variables)
         return response
 
-    def fetch_latest_evaluation_results(self):
-        """Fetch latest Alert Rules configured in J1 account
+    def list_alert_rule_evaluation_results(self, rule_id: str = None):
+        """Fetch a list of Evaluation Results for an Alert Rule configured in J1 account
 
         """
-        results = []
-
-        data = {
-            "query": LIST_RULE_INSTANCES,
-            "flags": {
-                "variableResultSize": True
-            }
+        variables = {
+            "collectionType": "RULE_EVALUATION",
+            "collectionOwnerId": rule_id,
+            "beginTimestamp": 0,
+            "endTimestamp": round(time.time() * 1000),
+            "limit": 40
         }
 
-        r = requests.post(url=self.graphql_url, headers=self.headers, json=data, verify=True).json()
-        results.extend(r['data']['listRuleInstances']['questionInstances'])
+        response = self._execute_query(LIST_COLLECTION_RESULTS, variables=variables)
+        return response
 
-        while r['data']['listRuleInstances']['pageInfo']['hasNextPage'] == True:
+    def fetch_evaluation_result_download_url(self, raw_data_key: str = None):
+        """Fetch evaluation result Download URL for Alert Rule configured in J1 account
 
-            cursor = r['data']['listRuleInstances']['pageInfo']['endCursor']
+        """
+        variables = {
+            "rawDataKey": raw_data_key
+        }
 
-            # cursor query until last page fetched
-            data = {
-                "query": LIST_RULE_INSTANCES,
-                "variables": {
-                    "cursor": cursor
-                },
-                "flags":{
-                    "variableResultSize": True
-                }
-            }
+        response = self._execute_query(GET_RAW_DATA_DOWNLOAD_URL, variables=variables)
+        return response
 
-            r = requests.post(url=self.graphql_url, headers=self.headers, json=data, verify=True).json()
-            results.extend(r['data']['listRuleInstances']['questionInstances'])
+    def fetch_downloaded_evaluation_results(self, download_url: str = None):
+        """Return full Alert Rule J1QL results from Download URL
+
+        """
+        # initiate requests session and implement retry logic of 5 request retries with 1 second between
+        s = requests.Session()
+        retries = Retry(total=5, backoff_factor=1, status_forcelist=[502, 503, 504])
+        s.mount('https://', HTTPAdapter(max_retries=retries))
+        
+        try:
+            response = s.get(
+                download_url, timeout=60
+            )
+            
+            return response.json()
+            
+        except Exception as e:
+
+            return e
 
-        return results
-    
     def list_questions(self):
         """List all defined Questions configured in J1 account Questions Library
 
@@ -1080,4 +1094,17 @@ def list_questions(self):
             r = requests.post(url=self.graphql_url, headers=self.headers, json=data, verify=True).json()
             results.extend(r['data']['questions']['questions'])
 
-        return results
+        return results
+
+    def get_compliance_framework_item_details(self, item_id: str = None):
+        """Fetch Details of a Compliance Framework Requirement configured in J1 account
+
+        """
+        variables = {
+          "input": {
+            "id": item_id
+          }
+        }
+
+        response = self._execute_query(COMPLIANCE_FRAMEWORK_ITEM, variables=variables)
+        return response