Metadata-Version: 2.1
Name: scanner-client
Version: 0.1.0rc3
Summary: Scanner API client for Python
Home-page: UNKNOWN
Author: Scanner, Inc.
Author-email: support@scanner.dev
License: Apache License 2.0
Project-URL: Documentation, https://docs.scanner.dev
Project-URL: Source, https://github.com/scanner-inc/scanner-client-python
Platform: UNKNOWN
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: attrs
Requires-Dist: httpx
Requires-Dist: python-dateutil

# scanner-client

This is the Python SDK for the Scanner API. It is autogenerated from an OpenAPI
v3 spec.

You can use the SDK for use cases like these:
- Execute queries on your log files in S3 that have been indexed by Scanner.
- Create, read, and update detection rules
- Manage event sinks, which are destinations for detection alerts.

## Documentation

You can view the API documentation for the Scanner API [here](https://docs.scanner.dev/scanner/using-scanner/beta-features/api).


## Usage

To install the SDK, run:
```
pip install scanner-client
```

Create the client by passing in the API URL and API key, which you can get from
*Settings* > *API Keys* in the Scanner UI.

```python
import os
from scanner_client import Scanner

scanner = Scanner(
    api_url=os.environ["SCANNER_API_URL"],
    api_key=os.environ["SCANNER_API_KEY"],
)
```

### Synchronously query logs over last 30 days

```python
import os
import time

from datetime import datetime, timezone, timedelta
from scanner_client import Scanner

scanner = Scanner(
    api_url=os.environ["SCANNER_API_URL"],
    api_key=os.environ["SCANNER_API_KEY"],
)

end_time = datetime.now(tz=timezone.utc)
start_time = end_time - timedelta(days=30)

query_text = """
	%ingest.source_type: "aws:cloudtrail"
	eventSource: "s3.amazonaws.com"
	| stats by eventName
"""

# Run blocking query, which runs for up to 60 seconds and returns results.

response = scanner.query.blocking_query(
    query_text=query_text,
    start_time=start_time.isoformat()
    end_time=end_time.isoformat()
)
print(response.results)

# Run non-blocking query, periodically checking for completion. Can run for 15
# minutes.

qr_id = scanner.query.start_query(
    query_text=query_text,
    start_time=start_time.isoformat()
    end_time=end_time.isoformat()
).qr_id

while True:
    print("Checking query progress")
    query_progress = scanner.query.query_progress(qr_id)
    if query_progress.is_completed:
        print(query_progress.results)
        break

    time.sleep(1)

```

## Async Scanner

The `AsyncScanner` class is also available for use with `asyncio`. All of the
API methods are coroutines and can be awaited.

```python
import asyncio
from scanner_client import AsyncScanner

# ...

scanner = AsyncScanner(
    api_url=os.environ["SCANNER_API_URL"],
    api_key=os.environ["SCANNER_API_KEY"],
)

# ...

response = await scanner.query.blocking_query(
    query_text=query_text,
    start_time=start_time.isoformat()
    end_time=end_time.isoformat()
)
print(response.results)
```


