[BUG] Full query not logged for CbC

[rc-csmith]

Describe the bug

When running Surveyor CbC, the full query that includes filtering parameters doesn't get logged properly.

What side of Surveyor is impacted?

• Definition File
• Code/Logic
• Other (please explain)

What product is impacted?

• All Products
• Carbon Black Response
• Carbon Black Threat Hunter
• Defender for Endpoints
• SentinelOne
• Cortex
• Other

Steps to reproduce

What did you do?

Run the command

python surveyor.py --sigmarule /path/to/certutil_rule.yml --hostname workstation1 --days 1

The full query isn't printed out

[2023-07-10 16:53:39,355] [DEBUG   ] [surveyor.cbc                        ] [common.py           :52  ] Authenticating to cbc
[2023-07-10 16:53:39,355] [DEBUG   ] [cbc_sdk.credential_providers.default] [default.py          :40  ] Using FileCredentialProvider
[2023-07-10 16:53:39,355] [WARNING ] [cbc_sdk.credential_providers.file_credential_provider] [file_credential_provider.py:109 ] Security warning: A future version of CBC SDK will disallow access to the following files altogether unless their permissions are updated.
[2023-07-10 16:53:39,356] [WARNING ] [cbc_sdk.credential_providers.file_credential_provider] [file_credential_provider.py:112 ] Security warning: Directory /Users/[REDACTED]/.carbonblack has invalid permissions
[2023-07-10 16:53:39,356] [DEBUG   ] [surveyor.cbc                        ] [common.py           :54  ] Authenticated
[2023-07-10 16:53:39,356] [DEBUG   ] [surveyor                            ] [help.py             :36  ] Output arg takes precendence so prefix arg will be ignored
[2023-07-10 16:53:39,552] [DEBUG   ] [urllib3.connectionpool              ] [connectionpool.py   :1014] Starting new HTTPS connection (1): raw.githubusercontent.com:443
[2023-07-10 16:53:39,830] [DEBUG   ] [urllib3.connectionpool              ] [connectionpool.py   :473 ] https://raw.githubusercontent.com:443 "GET /SigmaHQ/pySigma-plugin-directory/main/pySigma-plugins-v1.json HTTP/1.1" 200 2081
[2023-07-10 16:53:42,081] [DEBUG   ] [surveyor.cbc                        ] [vmware_cb_enterprise_edr.py:102 ] Query Tag(tag='File Decoded From Base64/Hex Via Certutil.EXE - cc9cbe82-7bc0-4ef5-bc23-bbfb83947be7', data='Sigma Rule'): (device_os:WINDOWS ((process_name:*\certutil.exe OR process_original_filename:CertUtil.exe) (process_cmdline:*-decode\ * OR process_cmdline:*/decode\ * OR process_cmdline:*-decodehex\ * OR process_cmdline:*/decodehex\ *)))
[2023-07-10 16:53:42,082] [DEBUG   ] [surveyor.cbc                        ] [vmware_cb_enterprise_edr.py:108 ] Full Query: <method-wrapper '__str__' of QueryBuilder object at 0x108b3aa50>
[2023-07-10 16:53:42,141] [DEBUG   ] [urllib3.connectionpool              ] [connectionpool.py   :1014] Starting new HTTPS connection (1): defense-prod05.conferdeploy.net:443

Expected behavior

On the next to last line of the above log file, you should see the full query but instead are presented with the python object.

Screenshots

N/A

Additional context

N/A