Querying the Prelude database

Note: The following examples are in Python, featuring the simplicity of the high-level libpreludeDB API.
For a complete overview of the low-level libpreludeDB API, go to LibpreludedbAPI.

Initializing the database

import preludedb

sql = preludedb.SQL("type=mysql host=localhost name=prelude user=prelude pass=prelude")
db = preludedb.DB(sql)

Querying the database

The database can be queried directly through the sql object:

result = sql.query("SELECT messageid FROM Prelude_Alert LIMIT 10")

However, it is preferable to use the db object, for both simplicity and compatibility reasons:

result = db.getValues(["alert.messageid"], limit=10)
The getValues method takes the following arguments, only the first one being mandatory:
  • a list of requested IDMEF paths with the following optional aggregation functions:
    • group_by
    • order_asc
    • order_desc
  • an IDMEF criterion
  • a boolean distinct option
  • an integer limit
  • an integer offset

For example:

result = db.getValues(["alert.classification.text/group_by"], "alert.assessment.impact.severity == 'high'", limit=10)

Iterating the results

The getValues() function returns a result representing the list of matched rows in the database. This list can be iterated, and each row inside it too. For example:

for row in result:
    for value in row:
        print value