PyPI - binalyze-air-sdk - Versions diffs - 1.0.1__py3-none-any.whl → 1.0.3__py3-none-any.whl - Mend

binalyze-air-sdk 1.0.1py3-none-any.whl → 1.0.3py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (142) hide show

binalyze_air/__init__.py +77 -77
binalyze_air/apis/__init__.py +67 -27
binalyze_air/apis/acquisitions.py +107 -0
binalyze_air/apis/api_tokens.py +49 -0
binalyze_air/apis/assets.py +161 -0
binalyze_air/apis/audit_logs.py +26 -0
binalyze_air/apis/{authentication.py → auth.py} +29 -27
binalyze_air/apis/auto_asset_tags.py +79 -75
binalyze_air/apis/backup.py +177 -0
binalyze_air/apis/baseline.py +46 -0
binalyze_air/apis/cases.py +225 -0
binalyze_air/apis/cloud_forensics.py +116 -0
binalyze_air/apis/event_subscription.py +96 -96
binalyze_air/apis/evidence.py +249 -53
binalyze_air/apis/interact.py +153 -36
binalyze_air/apis/investigation_hub.py +234 -0
binalyze_air/apis/license.py +104 -0
binalyze_air/apis/logger.py +83 -0
binalyze_air/apis/multipart_upload.py +201 -0
binalyze_air/apis/notifications.py +115 -0
binalyze_air/apis/organizations.py +267 -0
binalyze_air/apis/params.py +44 -39
binalyze_air/apis/policies.py +186 -0
binalyze_air/apis/preset_filters.py +79 -0
binalyze_air/apis/recent_activities.py +71 -0
binalyze_air/apis/relay_server.py +104 -0
binalyze_air/apis/settings.py +395 -27
binalyze_air/apis/tasks.py +80 -0
binalyze_air/apis/triage.py +197 -0
binalyze_air/apis/user_management.py +183 -74
binalyze_air/apis/webhook_executions.py +50 -0
binalyze_air/apis/webhooks.py +322 -230
binalyze_air/base.py +207 -133
binalyze_air/client.py +217 -1337
binalyze_air/commands/__init__.py +175 -145
binalyze_air/commands/acquisitions.py +661 -387
binalyze_air/commands/api_tokens.py +55 -0
binalyze_air/commands/assets.py +324 -362
binalyze_air/commands/{authentication.py → auth.py} +36 -36
binalyze_air/commands/auto_asset_tags.py +230 -230
binalyze_air/commands/backup.py +47 -0
binalyze_air/commands/baseline.py +32 -396
binalyze_air/commands/cases.py +609 -602
binalyze_air/commands/cloud_forensics.py +88 -0
binalyze_air/commands/event_subscription.py +101 -101
binalyze_air/commands/evidences.py +918 -988
binalyze_air/commands/interact.py +172 -58
binalyze_air/commands/investigation_hub.py +315 -0
binalyze_air/commands/license.py +183 -0
binalyze_air/commands/logger.py +126 -0
binalyze_air/commands/multipart_upload.py +363 -0
binalyze_air/commands/notifications.py +45 -0
binalyze_air/commands/organizations.py +200 -221
binalyze_air/commands/policies.py +175 -203
binalyze_air/commands/preset_filters.py +55 -0
binalyze_air/commands/recent_activities.py +32 -0
binalyze_air/commands/relay_server.py +144 -0
binalyze_air/commands/settings.py +431 -29
binalyze_air/commands/tasks.py +95 -56
binalyze_air/commands/triage.py +224 -360
binalyze_air/commands/user_management.py +351 -126
binalyze_air/commands/webhook_executions.py +77 -0
binalyze_air/config.py +244 -244
binalyze_air/exceptions.py +49 -49
binalyze_air/http_client.py +426 -305
binalyze_air/models/__init__.py +287 -285
binalyze_air/models/acquisitions.py +365 -250
binalyze_air/models/api_tokens.py +73 -0
binalyze_air/models/assets.py +438 -438
binalyze_air/models/audit.py +247 -272
binalyze_air/models/audit_logs.py +14 -0
binalyze_air/models/{authentication.py → auth.py} +69 -69
binalyze_air/models/auto_asset_tags.py +227 -116
binalyze_air/models/backup.py +138 -0
binalyze_air/models/baseline.py +231 -231
binalyze_air/models/cases.py +275 -275
binalyze_air/models/cloud_forensics.py +145 -0
binalyze_air/models/event_subscription.py +170 -171
binalyze_air/models/evidence.py +65 -65
binalyze_air/models/evidences.py +367 -348
binalyze_air/models/interact.py +266 -135
binalyze_air/models/investigation_hub.py +265 -0
binalyze_air/models/license.py +150 -0
binalyze_air/models/logger.py +83 -0
binalyze_air/models/multipart_upload.py +352 -0
binalyze_air/models/notifications.py +138 -0
binalyze_air/models/organizations.py +293 -293
binalyze_air/models/params.py +153 -127
binalyze_air/models/policies.py +260 -249
binalyze_air/models/preset_filters.py +79 -0
binalyze_air/models/recent_activities.py +70 -0
binalyze_air/models/relay_server.py +121 -0
binalyze_air/models/settings.py +538 -84
binalyze_air/models/tasks.py +215 -149
binalyze_air/models/triage.py +141 -142
binalyze_air/models/user_management.py +200 -97
binalyze_air/models/webhook_executions.py +33 -0
binalyze_air/queries/__init__.py +121 -133
binalyze_air/queries/acquisitions.py +155 -155
binalyze_air/queries/api_tokens.py +46 -0
binalyze_air/queries/assets.py +186 -105
binalyze_air/queries/audit.py +400 -416
binalyze_air/queries/{authentication.py → auth.py} +55 -55
binalyze_air/queries/auto_asset_tags.py +59 -59
binalyze_air/queries/backup.py +66 -0
binalyze_air/queries/baseline.py +21 -185
binalyze_air/queries/cases.py +292 -292
binalyze_air/queries/cloud_forensics.py +137 -0
binalyze_air/queries/event_subscription.py +54 -54
binalyze_air/queries/evidence.py +139 -139
binalyze_air/queries/evidences.py +279 -279
binalyze_air/queries/interact.py +140 -28
binalyze_air/queries/investigation_hub.py +329 -0
binalyze_air/queries/license.py +85 -0
binalyze_air/queries/logger.py +58 -0
binalyze_air/queries/multipart_upload.py +180 -0
binalyze_air/queries/notifications.py +71 -0
binalyze_air/queries/organizations.py +222 -222
binalyze_air/queries/params.py +154 -115
binalyze_air/queries/policies.py +149 -149
binalyze_air/queries/preset_filters.py +60 -0
binalyze_air/queries/recent_activities.py +44 -0
binalyze_air/queries/relay_server.py +42 -0
binalyze_air/queries/settings.py +533 -20
binalyze_air/queries/tasks.py +125 -81
binalyze_air/queries/triage.py +230 -230
binalyze_air/queries/user_management.py +193 -83
binalyze_air/queries/webhook_executions.py +39 -0
binalyze_air_sdk-1.0.3.dist-info/METADATA +752 -0
binalyze_air_sdk-1.0.3.dist-info/RECORD +132 -0
{binalyze_air_sdk-1.0.1.dist-info → binalyze_air_sdk-1.0.3.dist-info}/WHEEL +1 -1
binalyze_air/apis/endpoints.py +0 -22
binalyze_air/apis/evidences.py +0 -216
binalyze_air/apis/users.py +0 -68
binalyze_air/commands/users.py +0 -101
binalyze_air/models/endpoints.py +0 -76
binalyze_air/models/users.py +0 -82
binalyze_air/queries/endpoints.py +0 -25
binalyze_air/queries/users.py +0 -69
binalyze_air_sdk-1.0.1.dist-info/METADATA +0 -635
binalyze_air_sdk-1.0.1.dist-info/RECORD +0 -82
{binalyze_air_sdk-1.0.1.dist-info → binalyze_air_sdk-1.0.3.dist-info}/top_level.txt +0 -0

binalyze_air/queries/audit.py CHANGED Viewed

@@ -1,417 +1,401 @@
-"""
-Audit-related queries for the Binalyze AIR SDK.
-"""
-from typing import List, Optional, Dict, Any
-from datetime import datetime
-from ..base import Query
-from ..models.audit import (
-    AuditLog, AuditSummary, AuditUserActivity, AuditSystemEvent,
-    AuditRetentionPolicy, AuditFilter, AuditLogsFilter, AuditLevel, AuditCategory, AuditAction
-)
-from ..http_client import HTTPClient
-class ListAuditLogsQuery(Query[List[AuditLog]]):
-    """Query to list audit logs with optional filtering - UPDATED for new POST-based API."""
-    def __init__(self, http_client: HTTPClient, filter_params: Optional[AuditLogsFilter] = None, organization_ids: Optional[int] = None):
-        self.http_client = http_client
-        # Initialize filter with default organization IDs if not provided
-        if filter_params is None:
-            filter_params = AuditLogsFilter()
-        # Set organization parameters if not already set in filter
-        # Changed from List[int] to int to match new API spec
-        if filter_params.organization_ids is None and organization_ids is not None:
-            filter_params.organization_ids = organization_ids
-        elif filter_params.organization_ids is None:
-            filter_params.organization_ids = 0  # Default to organization 0
-        self.filter_params = filter_params
-    def execute(self) -> List[AuditLog]:
-        """Execute the query to list audit logs using NEW POST-based API."""
-        # Use new JSON body format for POST request
-        json_body = self.filter_params.to_json_body()
-        # If no explicit filter provided, ensure we have minimum required structure
-        if not json_body:
-            json_body = {
-                "pageNumber": 1,
-                "filter": {
-                    "organizationIds": self.filter_params.organization_ids or 0
-                }
-            }
-        print(f"[INFO] Using POST /audit-logs with body: {json_body}")
-        try:
-            # NEW: Use POST method with JSON body instead of GET with query params
-            response = self.http_client.post("audit-logs", data=json_body)
-            # Handle response structure - may be different from old GET endpoint
-            if isinstance(response, dict):
-                # Try different response structures
-                entities = (
-                    response.get("result", {}).get("entities", []) or  # Standard structure
-                    response.get("entities", []) or  # Direct entities
-                    response.get("data", []) or  # Alternative structure
-                    response.get("logs", []) or  # Logs structure
-                    []
-                )
-            else:
-                entities = []
-            print(f"[INFO] POST /audit-logs returned {len(entities)} audit logs")
-        except Exception as e:
-            print(f"[WARN] POST /audit-logs failed, trying fallback to GET method: {e}")
-            # FALLBACK: Try old GET method for backward compatibility
-            try:
-                params = self.filter_params.to_params()  # This will show deprecation warning
-                response = self.http_client.get("audit-logs", params=params)
-                entities = response.get("result", {}).get("entities", [])
-                print(f"[INFO] Fallback GET /audit-logs returned {len(entities)} audit logs")
-            except Exception as fallback_e:
-                print(f"[WARN] Both POST and GET methods failed: POST={e}, GET={fallback_e}")
-                return []
-        logs = []
-        for entity_data in entities:
-            mapped_data = {
-                "id": entity_data.get("_id") or entity_data.get("id"),
-                "timestamp": entity_data.get("createdAt") or entity_data.get("timestamp"),
-                "user_id": entity_data.get("userId"),
-                "username": entity_data.get("performedBy") or entity_data.get("username"),
-                "organization_id": entity_data.get("organizationId", 0),
-                "category": entity_data.get("type") or entity_data.get("category"),
-                "action": entity_data.get("action"),
-                "resource_type": entity_data.get("resourceType"),
-                "resource_id": entity_data.get("resourceId"),
-                "resource_name": entity_data.get("resourceName"),
-                "level": entity_data.get("level", "info"),
-                "message": entity_data.get("description") or entity_data.get("message"),
-                "details": entity_data.get("details", {}),
-                "ip_address": entity_data.get("ipAddress"),
-                "user_agent": entity_data.get("userAgent"),
-                "session_id": entity_data.get("sessionId"),
-                "correlation_id": entity_data.get("correlationId"),
-                "success": entity_data.get("success", True),
-                "error_code": entity_data.get("errorCode"),
-                "duration": entity_data.get("duration"),
-                "tags": entity_data.get("tags", []),
-            }
-            # Remove None values
-            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
-            logs.append(AuditLog(**mapped_data))
-        return logs
-class GetAuditLogQuery(Query[AuditLog]):
-    """Query to get a specific audit log by ID."""
-    def __init__(self, http_client: HTTPClient, log_id: str):
-        self.http_client = http_client
-        self.log_id = log_id
-    def execute(self) -> AuditLog:
-        """Execute the query to get audit log details."""
-        response = self.http_client.get(f"audit-logs/{self.log_id}")
-        entity_data = response.get("result", {})
-        mapped_data = {
-            "id": entity_data.get("_id"),
-            "timestamp": entity_data.get("createdAt"),
-            "user_id": entity_data.get("userId"),
-            "username": entity_data.get("performedBy"),
-            "organization_id": entity_data.get("organizationId", 0),
-            "category": entity_data.get("type"),
-            "action": entity_data.get("action"),
-            "resource_type": entity_data.get("resourceType"),
-            "resource_id": entity_data.get("resourceId"),
-            "resource_name": entity_data.get("resourceName"),
-            "level": entity_data.get("level", "info"),
-            "message": entity_data.get("description"),
-            "details": entity_data.get("details", {}),
-            "ip_address": entity_data.get("ipAddress"),
-            "user_agent": entity_data.get("userAgent"),
-            "session_id": entity_data.get("sessionId"),
-            "correlation_id": entity_data.get("correlationId"),
-            "success": entity_data.get("success", True),
-            "error_code": entity_data.get("errorCode"),
-            "duration": entity_data.get("duration"),
-            "tags": entity_data.get("tags", []),
-        }
-        # Remove None values
-        mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
-        return AuditLog(**mapped_data)
-class GetAuditSummaryQuery(Query[AuditSummary]):
-    """Query to get audit summary for a date range."""
-    def __init__(self, http_client: HTTPClient, organization_id: int, start_date: datetime, end_date: datetime):
-        self.http_client = http_client
-        self.organization_id = organization_id
-        self.start_date = start_date
-        self.end_date = end_date
-    def execute(self) -> AuditSummary:
-        """Execute the query to get audit summary."""
-        params = {
-            "organizationId": str(self.organization_id),
-            "startDate": self.start_date.isoformat(),
-            "endDate": self.end_date.isoformat()
-        }
-        response = self.http_client.get("audit/summary", params=params)
-        entity_data = response.get("result", {})
-        mapped_data = {
-            "organization_id": entity_data.get("organizationId", self.organization_id),
-            "date": entity_data.get("date", self.start_date),
-            "total_events": entity_data.get("totalEvents", 0),
-            "successful_events": entity_data.get("successfulEvents", 0),
-            "failed_events": entity_data.get("failedEvents", 0),
-            "authentication_events": entity_data.get("authenticationEvents", 0),
-            "authorization_events": entity_data.get("authorizationEvents", 0),
-            "data_access_events": entity_data.get("dataAccessEvents", 0),
-            "system_change_events": entity_data.get("systemChangeEvents", 0),
-            "user_action_events": entity_data.get("userActionEvents", 0),
-            "api_call_events": entity_data.get("apiCallEvents", 0),
-            "unique_users": entity_data.get("uniqueUsers", 0),
-            "unique_ips": entity_data.get("uniqueIps", 0),
-            "top_users": entity_data.get("topUsers", []),
-            "top_actions": entity_data.get("topActions", []),
-            "error_summary": entity_data.get("errorSummary", []),
-        }
-        # Remove None values
-        mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
-        return AuditSummary(**mapped_data)
-class GetUserActivityQuery(Query[List[AuditUserActivity]]):
-    """Query to get user activity audit logs."""
-    def __init__(self, http_client: HTTPClient, organization_id: int, start_date: datetime, end_date: datetime, user_id: Optional[str] = None):
-        self.http_client = http_client
-        self.organization_id = organization_id
-        self.start_date = start_date
-        self.end_date = end_date
-        self.user_id = user_id
-    def execute(self) -> List[AuditUserActivity]:
-        """Execute the query to get user activity."""
-        params = {
-            "organizationId": str(self.organization_id),
-            "startDate": self.start_date.isoformat(),
-            "endDate": self.end_date.isoformat()
-        }
-        if self.user_id:
-            params["userId"] = self.user_id
-        response = self.http_client.get("audit/user-activity", params=params)
-        entities = response.get("result", {}).get("entities", [])
-        activities = []
-        for entity_data in entities:
-            mapped_data = {
-                "user_id": entity_data.get("userId"),
-                "username": entity_data.get("username"),
-                "organization_id": entity_data.get("organizationId", self.organization_id),
-                "date": entity_data.get("date"),
-                "login_count": entity_data.get("loginCount", 0),
-                "action_count": entity_data.get("actionCount", 0),
-                "failed_login_count": entity_data.get("failedLoginCount", 0),
-                "last_login": entity_data.get("lastLogin"),
-                "last_action": entity_data.get("lastAction"),
-                "unique_ips": entity_data.get("uniqueIps", []),
-                "actions_by_category": entity_data.get("actionsByCategory", {}),
-                "risk_score": entity_data.get("riskScore", 0.0),
-            }
-            # Remove None values
-            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
-            activities.append(AuditUserActivity(**mapped_data))
-        return activities
-class GetSystemEventsQuery(Query[List[AuditSystemEvent]]):
-    """Query to get system events audit logs."""
-    def __init__(self, http_client: HTTPClient, organization_id: int, start_date: datetime, end_date: datetime, severity: Optional[AuditLevel] = None):
-        self.http_client = http_client
-        self.organization_id = organization_id
-        self.start_date = start_date
-        self.end_date = end_date
-        self.severity = severity
-    def execute(self) -> List[AuditSystemEvent]:
-        """Execute the query to get system events."""
-        params = {
-            "organizationId": str(self.organization_id),
-            "startDate": self.start_date.isoformat(),
-            "endDate": self.end_date.isoformat()
-        }
-        if self.severity:
-            params["severity"] = self.severity.value
-        response = self.http_client.get("audit/system-events", params=params)
-        entities = response.get("result", {}).get("entities", [])
-        events = []
-        for entity_data in entities:
-            mapped_data = {
-                "id": entity_data.get("_id"),
-                "timestamp": entity_data.get("timestamp"),
-                "event_type": entity_data.get("eventType"),
-                "severity": entity_data.get("severity", "info"),
-                "component": entity_data.get("component"),
-                "message": entity_data.get("message"),
-                "details": entity_data.get("details", {}),
-                "organization_id": entity_data.get("organizationId", self.organization_id),
-                "resolved": entity_data.get("resolved", False),
-                "resolved_by": entity_data.get("resolvedBy"),
-                "resolved_at": entity_data.get("resolvedAt"),
-            }
-            # Remove None values
-            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
-            events.append(AuditSystemEvent(**mapped_data))
-        return events
-class GetAuditRetentionPolicyQuery(Query[AuditRetentionPolicy]):
-    """Query to get audit retention policy."""
-    def __init__(self, http_client: HTTPClient, organization_id: int):
-        self.http_client = http_client
-        self.organization_id = organization_id
-    def execute(self) -> AuditRetentionPolicy:
-        """Execute the query to get audit retention policy."""
-        response = self.http_client.get(f"audit/retention-policy/{self.organization_id}")
-        entity_data = response.get("result", {})
-        mapped_data = {
-            "organization_id": entity_data.get("organizationId", self.organization_id),
-            "retention_days": entity_data.get("retentionDays", 365),
-            "auto_archive": entity_data.get("autoArchive", True),
-            "archive_location": entity_data.get("archiveLocation"),
-            "compress_archives": entity_data.get("compressArchives", True),
-            "delete_after_archive": entity_data.get("deleteAfterArchive", False),
-            "created_at": entity_data.get("createdAt"),
-            "updated_at": entity_data.get("updatedAt"),
-            "created_by": entity_data.get("createdBy"),
-        }
-        # Remove None values
-        mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
-        return AuditRetentionPolicy(**mapped_data)
-class ExportAuditLogsQuery(Query[Dict[str, Any]]):
-    """Query to export audit logs with filtering - UPDATED for new API."""
-    def __init__(self, http_client: HTTPClient, filter_params: Optional[AuditLogsFilter] = None, format: str = "json", organization_ids: Optional[int] = None):
-        self.http_client = http_client
-        # Initialize filter with default organization IDs if not provided
-        if filter_params is None:
-            filter_params = AuditLogsFilter()
-        # Set organization parameters if not already set in filter
-        # Changed from List[int] to int to match new API spec
-        if filter_params.organization_ids is None and organization_ids is not None:
-            filter_params.organization_ids = organization_ids
-        elif filter_params.organization_ids is None:
-            filter_params.organization_ids = 0  # Default to organization 0
-        self.filter_params = filter_params
-        self.format = format
-    def execute(self) -> Dict[str, Any]:
-        """Execute the query to export audit logs."""
-        # Use filter's parameter generation
-        params = self.filter_params.to_params()
-        # Export endpoint returns binary data, not JSON - handle appropriately
-        try:
-            # Use raw HTTP request for binary data
-            import requests
-            url = f"{self.http_client.config.host}/api/public/audit-logs/export"
-            headers = {
-                "Authorization": f"Bearer {self.http_client.config.api_token}",
-                "User-Agent": "binalyze-air-sdk/1.0.0"
-            }
-            raw_response = requests.get(
-                url,
-                headers=headers,
-                params=params,
-                verify=self.http_client.config.verify_ssl,
-                timeout=self.http_client.config.timeout
-            )
-            if raw_response.status_code == 200:
-                # For binary/compressed data, return metadata about the export
-                content_type = raw_response.headers.get("content-type", "application/octet-stream")
-                content_length = len(raw_response.content) if raw_response.content else 0
-                return {
-                    "success": True,
-                    "statusCode": 200,
-                    "errors": [],
-                    "result": {
-                        "exported": True,
-                        "format": "binary",
-                        "content_type": content_type,
-                        "content_length": content_length,
-                        "data_preview": raw_response.content[:100].decode('utf-8', errors='ignore') if raw_response.content else ""
-                    }
-                }
-            else:
-                try:
-                    error_data = raw_response.json()
-                    return {
-                        "success": False,
-                        "statusCode": raw_response.status_code,
-                        "errors": error_data.get("errors", [f"Export failed with status {raw_response.status_code}"]),
-                        "result": None
-                    }
-                except:
-                    return {
-                        "success": False,
-                        "statusCode": raw_response.status_code,
-                        "errors": [f"Export failed with status {raw_response.status_code}: {raw_response.text}"],
-                        "result": None
-                    }
-        except Exception as e:
-            return {
-                "success": False,
-                "statusCode": 500,
-                "errors": [f"Export request failed: {str(e)}"],
-                "result": None
+"""
+Audit-related queries for the Binalyze AIR SDK.
+"""
+from typing import List, Optional, Dict, Any
+from datetime import datetime
+from ..base import Query
+from ..models.audit import (
+    AuditLog, AuditSummary, AuditUserActivity, AuditSystemEvent,
+    AuditRetentionPolicy, AuditFilter, AuditLogsFilter, AuditLevel, AuditCategory, AuditAction
+)
+from ..http_client import HTTPClient
+class ListAuditLogsQuery(Query[List[AuditLog]]):
+    """Query to list audit logs with optional filtering - UPDATED for new POST-based API."""
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[AuditLogsFilter] = None, organization_ids: Optional[int] = None):
+        self.http_client = http_client
+        # Initialize filter with default organization IDs if not provided
+        if filter_params is None:
+            filter_params = AuditLogsFilter()
+        # Set organization parameters if not already set in filter
+        # Changed from List[int] to int to match new API spec
+        if filter_params.organization_ids is None and organization_ids is not None:
+            filter_params.organization_ids = organization_ids
+        elif filter_params.organization_ids is None:
+            filter_params.organization_ids = 0  # Default to organization 0
+        self.filter_params = filter_params
+    def execute(self) -> List[AuditLog]:
+        """Execute the query to list audit logs using GET method with query parameters."""
+        # Use GET method with query parameters as per API specification
+        params = self.filter_params.to_params()
+        print(f"[INFO] Using GET /audit-logs with params: {params}")
+        try:
+            response = self.http_client.get("audit-logs", params=params)
+            # Handle response structure
+            if isinstance(response, dict):
+                entities = (
+                    response.get("result", {}).get("entities", []) or  # Standard structure
+                    response.get("entities", []) or  # Direct entities
+                    response.get("data", []) or  # Alternative structure
+                    response.get("logs", []) or  # Logs structure
+                    []
+                )
+            else:
+                entities = []
+            print(f"[INFO] GET /audit-logs returned {len(entities)} audit logs")
+        except Exception as e:
+            print(f"[WARN] GET /audit-logs failed: {e}")
+            return []
+        logs = []
+        for entity_data in entities:
+            mapped_data = {
+                "id": entity_data.get("_id") or entity_data.get("id"),
+                "timestamp": entity_data.get("createdAt") or entity_data.get("timestamp"),
+                "user_id": entity_data.get("userId"),
+                "username": entity_data.get("performedBy") or entity_data.get("username"),
+                "organization_id": entity_data.get("organizationId", 0),
+                "category": entity_data.get("type") or entity_data.get("category"),
+                "action": entity_data.get("action"),
+                "resource_type": entity_data.get("resourceType"),
+                "resource_id": entity_data.get("resourceId"),
+                "resource_name": entity_data.get("resourceName"),
+                "level": entity_data.get("level", "info"),
+                "message": entity_data.get("description") or entity_data.get("message"),
+                "details": entity_data.get("details", {}),
+                "ip_address": entity_data.get("ipAddress"),
+                "user_agent": entity_data.get("userAgent"),
+                "session_id": entity_data.get("sessionId"),
+                "correlation_id": entity_data.get("correlationId"),
+                "success": entity_data.get("success", True),
+                "error_code": entity_data.get("errorCode"),
+                "duration": entity_data.get("duration"),
+                "tags": entity_data.get("tags", []),
+            }
+            # Remove None values
+            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+            logs.append(AuditLog(**mapped_data))
+        return logs
+class GetAuditLogQuery(Query[AuditLog]):
+    """Query to get a specific audit log by ID."""
+    def __init__(self, http_client: HTTPClient, log_id: str):
+        self.http_client = http_client
+        self.log_id = log_id
+    def execute(self) -> AuditLog:
+        """Execute the query to get audit log details."""
+        response = self.http_client.get(f"audit-logs/{self.log_id}")
+        entity_data = response.get("result", {})
+        mapped_data = {
+            "id": entity_data.get("_id"),
+            "timestamp": entity_data.get("createdAt"),
+            "user_id": entity_data.get("userId"),
+            "username": entity_data.get("performedBy"),
+            "organization_id": entity_data.get("organizationId", 0),
+            "category": entity_data.get("type"),
+            "action": entity_data.get("action"),
+            "resource_type": entity_data.get("resourceType"),
+            "resource_id": entity_data.get("resourceId"),
+            "resource_name": entity_data.get("resourceName"),
+            "level": entity_data.get("level", "info"),
+            "message": entity_data.get("description"),
+            "details": entity_data.get("details", {}),
+            "ip_address": entity_data.get("ipAddress"),
+            "user_agent": entity_data.get("userAgent"),
+            "session_id": entity_data.get("sessionId"),
+            "correlation_id": entity_data.get("correlationId"),
+            "success": entity_data.get("success", True),
+            "error_code": entity_data.get("errorCode"),
+            "duration": entity_data.get("duration"),
+            "tags": entity_data.get("tags", []),
+        }
+        # Remove None values
+        mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+        return AuditLog(**mapped_data)
+class GetAuditSummaryQuery(Query[AuditSummary]):
+    """Query to get audit summary for a date range."""
+    def __init__(self, http_client: HTTPClient, organization_id: int, start_date: datetime, end_date: datetime):
+        self.http_client = http_client
+        self.organization_id = organization_id
+        self.start_date = start_date
+        self.end_date = end_date
+    def execute(self) -> AuditSummary:
+        """Execute the query to get audit summary."""
+        params = {
+            "organizationId": str(self.organization_id),
+            "startDate": self.start_date.isoformat(),
+            "endDate": self.end_date.isoformat()
+        }
+        response = self.http_client.get("audit/summary", params=params)
+        entity_data = response.get("result", {})
+        mapped_data = {
+            "organization_id": entity_data.get("organizationId", self.organization_id),
+            "date": entity_data.get("date", self.start_date),
+            "total_events": entity_data.get("totalEvents", 0),
+            "successful_events": entity_data.get("successfulEvents", 0),
+            "failed_events": entity_data.get("failedEvents", 0),
+            "authentication_events": entity_data.get("authenticationEvents", 0),
+            "authorization_events": entity_data.get("authorizationEvents", 0),
+            "data_access_events": entity_data.get("dataAccessEvents", 0),
+            "system_change_events": entity_data.get("systemChangeEvents", 0),
+            "user_action_events": entity_data.get("userActionEvents", 0),
+            "api_call_events": entity_data.get("apiCallEvents", 0),
+            "unique_users": entity_data.get("uniqueUsers", 0),
+            "unique_ips": entity_data.get("uniqueIps", 0),
+            "top_users": entity_data.get("topUsers", []),
+            "top_actions": entity_data.get("topActions", []),
+            "error_summary": entity_data.get("errorSummary", []),
+        }
+        # Remove None values
+        mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+        return AuditSummary(**mapped_data)
+class GetUserActivityQuery(Query[List[AuditUserActivity]]):
+    """Query to get user activity audit logs."""
+    def __init__(self, http_client: HTTPClient, organization_id: int, start_date: datetime, end_date: datetime, user_id: Optional[str] = None):
+        self.http_client = http_client
+        self.organization_id = organization_id
+        self.start_date = start_date
+        self.end_date = end_date
+        self.user_id = user_id
+    def execute(self) -> List[AuditUserActivity]:
+        """Execute the query to get user activity."""
+        params = {
+            "organizationId": str(self.organization_id),
+            "startDate": self.start_date.isoformat(),
+            "endDate": self.end_date.isoformat()
+        }
+        if self.user_id:
+            params["userId"] = self.user_id
+        response = self.http_client.get("audit/user-activity", params=params)
+        entities = response.get("result", {}).get("entities", [])
+        activities = []
+        for entity_data in entities:
+            mapped_data = {
+                "user_id": entity_data.get("userId"),
+                "username": entity_data.get("username"),
+                "organization_id": entity_data.get("organizationId", self.organization_id),
+                "date": entity_data.get("date"),
+                "login_count": entity_data.get("loginCount", 0),
+                "action_count": entity_data.get("actionCount", 0),
+                "failed_login_count": entity_data.get("failedLoginCount", 0),
+                "last_login": entity_data.get("lastLogin"),
+                "last_action": entity_data.get("lastAction"),
+                "unique_ips": entity_data.get("uniqueIps", []),
+                "actions_by_category": entity_data.get("actionsByCategory", {}),
+                "risk_score": entity_data.get("riskScore", 0.0),
+            }
+            # Remove None values
+            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+            activities.append(AuditUserActivity(**mapped_data))
+        return activities
+class GetSystemEventsQuery(Query[List[AuditSystemEvent]]):
+    """Query to get system events audit logs."""
+    def __init__(self, http_client: HTTPClient, organization_id: int, start_date: datetime, end_date: datetime, severity: Optional[AuditLevel] = None):
+        self.http_client = http_client
+        self.organization_id = organization_id
+        self.start_date = start_date
+        self.end_date = end_date
+        self.severity = severity
+    def execute(self) -> List[AuditSystemEvent]:
+        """Execute the query to get system events."""
+        params = {
+            "organizationId": str(self.organization_id),
+            "startDate": self.start_date.isoformat(),
+            "endDate": self.end_date.isoformat()
+        }
+        if self.severity:
+            # Handle both enum and string values - FIXED
+            if hasattr(self.severity, 'value'):
+                params["severity"] = self.severity.value
+            else:
+                params["severity"] = self.severity
+        response = self.http_client.get("audit/system-events", params=params)
+        entities = response.get("result", {}).get("entities", [])
+        events = []
+        for entity_data in entities:
+            mapped_data = {
+                "id": entity_data.get("_id"),
+                "timestamp": entity_data.get("timestamp"),
+                "event_type": entity_data.get("eventType"),
+                "severity": entity_data.get("severity", "info"),
+                "component": entity_data.get("component"),
+                "message": entity_data.get("message"),
+                "details": entity_data.get("details", {}),
+                "organization_id": entity_data.get("organizationId", self.organization_id),
+                "resolved": entity_data.get("resolved", False),
+                "resolved_by": entity_data.get("resolvedBy"),
+                "resolved_at": entity_data.get("resolvedAt"),
+            }
+            # Remove None values
+            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+            events.append(AuditSystemEvent(**mapped_data))
+        return events
+class GetAuditRetentionPolicyQuery(Query[AuditRetentionPolicy]):
+    """Query to get audit retention policy."""
+    def __init__(self, http_client: HTTPClient, organization_id: int):
+        self.http_client = http_client
+        self.organization_id = organization_id
+    def execute(self) -> AuditRetentionPolicy:
+        """Execute the query to get audit retention policy."""
+        response = self.http_client.get(f"audit/retention-policy/{self.organization_id}")
+        entity_data = response.get("result", {})
+        mapped_data = {
+            "organization_id": entity_data.get("organizationId", self.organization_id),
+            "retention_days": entity_data.get("retentionDays", 365),
+            "auto_archive": entity_data.get("autoArchive", True),
+            "archive_location": entity_data.get("archiveLocation"),
+            "compress_archives": entity_data.get("compressArchives", True),
+            "delete_after_archive": entity_data.get("deleteAfterArchive", False),
+            "created_at": entity_data.get("createdAt"),
+            "updated_at": entity_data.get("updatedAt"),
+            "created_by": entity_data.get("createdBy"),
+        }
+        # Remove None values
+        mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+        return AuditRetentionPolicy(**mapped_data)
+class ExportAuditLogsQuery(Query[Dict[str, Any]]):
+    """Query to export audit logs with filtering - UPDATED for new API."""
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[AuditLogsFilter] = None, format: str = "json", organization_ids: Optional[int] = None):
+        self.http_client = http_client
+        # Initialize filter with default organization IDs if not provided
+        if filter_params is None:
+            filter_params = AuditLogsFilter()
+        # Set organization parameters if not already set in filter
+        # Changed from List[int] to int to match new API spec
+        if filter_params.organization_ids is None and organization_ids is not None:
+            filter_params.organization_ids = organization_ids
+        elif filter_params.organization_ids is None:
+            filter_params.organization_ids = 0  # Default to organization 0
+        self.filter_params = filter_params
+        self.format = format
+    def execute(self) -> Dict[str, Any]:
+        """Execute the query to export audit logs."""
+        # Use filter's parameter generation
+        params = self.filter_params.to_params()
+        # Export endpoint returns binary data, not JSON - handle appropriately
+        try:
+            # Use raw HTTP request for binary data
+            import requests
+            url = f"{self.http_client.config.host}/api/public/audit-logs/export"
+            headers = {
+                "Authorization": f"Bearer {self.http_client.config.api_token}",
+                "User-Agent": "binalyze-air-sdk/1.0.0"
+            }
+            raw_response = requests.get(
+                url,
+                headers=headers,
+                params=params,
+                verify=self.http_client.config.verify_ssl,
+                timeout=self.http_client.config.timeout
+            )
+            if raw_response.status_code == 200:
+                # For binary/compressed data, return metadata about the export
+                content_type = raw_response.headers.get("content-type", "application/octet-stream")
+                content_length = len(raw_response.content) if raw_response.content else 0
+                return {
+                    "success": True,
+                    "statusCode": 200,
+                    "errors": [],
+                    "result": {
+                        "exported": True,
+                        "format": "binary",
+                        "content_type": content_type,
+                        "content_length": content_length,
+                        "data_preview": raw_response.content[:100].decode('utf-8', errors='ignore') if raw_response.content else ""
+                    }
+                }
+            else:
+                try:
+                    error_data = raw_response.json()
+                    return {
+                        "success": False,
+                        "statusCode": raw_response.status_code,
+                        "errors": error_data.get("errors", [f"Export failed with status {raw_response.status_code}"]),
+                        "result": None
+                    }
+                except:
+                    return {
+                        "success": False,
+                        "statusCode": raw_response.status_code,
+                        "errors": [f"Export failed with status {raw_response.status_code}: {raw_response.text}"],
+                        "result": None
+                    }
+        except Exception as e:
+            return {
+                "success": False,
+                "statusCode": 500,
+                "errors": [f"Export request failed: {str(e)}"],
+                "result": None
             }

binalyze-air-sdk 1.0.1__py3-none-any.whl → 1.0.3__py3-none-any.whl

binalyze-air-sdk 1.0.1py3-none-any.whl → 1.0.3py3-none-any.whl