Usage

Commands are simply chained via .-notation. Arguments can be passed as via Python's *args, while parameters can be passed as Python keyword arguments (**kwargs). The following examples provide an overview of VAST commands and the analogous pyvast commands.

Query for an IP address and return 10 results in JSON

# CLI call
vast export --max-event=10 json ':addr == 192.168.1.104'
# Python wrapper
proc = await vast.export(max_events=10).json("192.167.1.102").exec()
stdout, stderr = await proc.communicate()
print(stdout)

Import a Zeek log file

# CLI call
vast import zeek --read=/path/to/file
# Python wrapper
proc = await vast.import_().zeek(read="/path/to/file").exec()
stdout, stderr = await proc.communicate()
print(stdout)

As you can see, we use vast.import_ instead of vast.import. That is because import is a reserved keyword in python.

Full Example

The following example shows a minimalistic working example with all required import statements.

#!/usr/bin/env python3
import asyncio
from pyvast import VAST
async def example():
vast = VAST(binary="/opt/tenzir/bin/vast")
await vast.test_connection()
proc = await vast.export(max_events=10).json("192.168.1.103").exec()
stdout, stderr = await proc.communicate()
print(stdout)
asyncio.run(example())

See also the example folder in the VAST GitHub repository. In there you can find one example using Apache Arrow (pyarrow) for data export and another example for VAST's continuous query feature.