Using callbacks example

def override_filters(handler, obj, kwargs):
    """Callback function for overriding filters with params from kwargs."""
    # manual_filters should be in kwargs as a list of dict
    print("IN MANUAL FILTERS")
    print(obj)
    print(kwargs)
    manual_filters = kwargs.get("manual_filters", [])
    if manual_filters:
        print("adding manual_filters {} to supplied filters: {}".format(obj, manual_filters))
        obj += manual_filters
    return obj


manual_filters = [
    {
        'filter': {
            'operator': 'Equal',
            # operator must be one of:
            # HashMatch, RegexMatch, Less, Greater, LessEqual, GreaterEqual, Equal
            'not_flag': 0,
            # 1 = clients should NOT operator against value
            # 0 = clients should operator against value
            'value': '00:0C:29:F9:87:70'
        },
        'params': {
            # can override the parameters manually here
        },
        'name': 'MAC Address',
        # sensor name
    },
]

callbacks = {}
# use override_filters for deploy_action
callbacks["ActionFilterDefinitions"] = override_filters
# use override_filters for ask_manual
callbacks["QuestionFilterDefinitions"] = override_filters


# ask a question using the override_filters callback:
qresults = handler.ask_manual(
    sensors=["Computer Name"],
    question_filters=["Computer Name, that re:.*"],
    callbacks=callbacks,
    manual_filters=manual_filters,
)

print(qresults['question_object'].query_text)
# shows:
# Get Computer Name from all machines with ( Computer Name matches .* and MAC Address equals "00:0C:29:F9:87:70" )


# deploy an action using the override_filters callback:
aresults = handler.deploy_action(
    package="Distribute Tanium Standard Utilities",
    callbacks=callbacks,
    manual_filters=manual_filters,
    get_results=False,
    run=True,
)

atarget = handler.get("group", id=aresults["action_object"].target_group.id)[0]
print(atarget.text)
# shows:
# ' MAC Address equals "00:0C:29:F9:87:70"'