Querying the Prelude database¶

Note: The following examples are in Python, featuring the simplicity of the high-level libpreludeDB API.
For a complete overview of the low-level libpreludeDB API, go to LibpreludedbAPI.

Initializing the database¶

import preludedb

sql = preludedb.SQL("type=mysql host=localhost name=prelude user=prelude pass=prelude")
db = preludedb.DB(sql)

Querying the database¶

The database can be queried directly through the sql object:

result = sql.query("SELECT messageid FROM Prelude_Alert LIMIT 10")

However, it is preferable to use the db object, for both simplicity and compatibility reasons:

result = db.getValues(["alert.messageid"], limit=10)

The getValues method takes the following arguments, only the first one being mandatory:

a list of requested IDMEF paths with the following optional aggregation functions:
- group_by
- order_asc
- order_desc
an IDMEF criterion
a boolean distinct option
an integer limit
an integer offset

For example:

result = db.getValues(["alert.classification.text/group_by"], "alert.assessment.impact.severity == 'high'", limit=10)

Iterating the results¶

The getValues() function returns a result representing the list of matched rows in the database. This list can be iterated, and each row inside it too. For example:

for row in result:
    for value in row:
        print value

Project

General

Profile

Wiki

Querying the Prelude database¶

Initializing the database¶

Querying the database¶

Iterating the results¶