Querying the Prelude database¶
Note: The following examples are in Python, featuring the simplicity of the high-level libpreludeDB API.
For a complete overview of the low-level libpreludeDB API, go to LibpreludedbAPI.
Initializing the database¶
import preludedb
sql = preludedb.SQL("type=mysql host=localhost name=prelude user=prelude pass=prelude")
db = preludedb.DB(sql)
Querying the database¶
The database can be queried directly through the sql object:
result = sql.query("SELECT messageid FROM Prelude_Alert LIMIT 10")
However, it is preferable to use the db object, for both simplicity and compatibility reasons:
result = db.getValues(["alert.messageid"], limit=10)
The getValues method takes the following arguments, only the first one being mandatory:
- a list of requested IDMEF paths with the following optional aggregation functions:
- group_by
- order_asc
- order_desc
- an IDMEF criterion
- a boolean distinct option
- an integer limit
- an integer offset
For example:
result = db.getValues(["alert.classification.text/group_by"], "alert.assessment.impact.severity == 'high'", limit=10)
Iterating the results¶
The getValues() function returns a result representing the list of matched rows in the database. This list can be iterated, and each row inside it too. For example:
for row in result:
for value in row:
print value