remove nc/powershell examples and replace with send-to in docs/readme (#151)

Author: timabrmsn

README.md

@@ -132,37 +132,19 @@ To write events to a file, just redirect your output:
 code42 security-data search -b 2020-02-02 > filename.txt
 ```
 
-To send events to an external server using `netcat` on Linux/Mac:
+To send events to an external server, use the `send-to` command, which behaves exactly the same as `search` but sends
+results to an external server instead of to stdout:
 
-UDP:
-```bash
-code42 security-data search -b 10d | nc -u syslog.company.com 514
-```
+The default port (if none is specified on the address) is the standard syslog port 514, and default protocol is UDP:
 
-TCP:
 ```bash
-code42 security-data search -b 10d | nc server.company.com 8080
+code42 security-data send-to 10.10.10.42 -b 1d
 ```
 
-Using `powershell` on Windows:
+Results can also be sent over TCP to any port by using the `-p/--protocol` flag and adding a port to the address argument:
 
-UDP:
-```powershell
-# set up connection
-$Connection = New-Object System.Net.Sockets.UDPClient("syslog.company.com",514)
-
-# pipe code42 output through connection
-code42 security-data search -b 10d | foreach {$Message = [Text.Encoding]::UTF8.GetBytes($_); $Connection.Send($Message, $Message.Length)}
-```
-
-TCP:
-```powershell
-# set up connection
-$Connection = New-Object System.Net.Sockets.TcpClient("127.0.0.1","65432")
-$Writer = New-Object System.IO.StreamWriter($Connection.GetStream())
-
-# pipe code42 output through connection
-code42 security-data search -b 10d | foreach { $Writer.WriteLine($_); $Writer.Flush() }
+```bash
+code42 security-data send-to 10.10.10.42:8080 -p TCP -b 1d
 ```
 
 Note: For more complex requirements when sending to an external server (SSL, special formatting, etc.), use a dedicated

docs/userguides/siemexample.md

@@ -20,14 +20,14 @@ scheduled job or run ad-hoc queries. Learn more about [searching](../commands/se
 ### Run a query as a scheduled job
 
 Use your favorite scheduling tool, such as cron or Windows Task Scheduler, to run a query on a regular basis. Specify
-the profile to use by including `--profile`. An example using `netcat` to forward only the new file event data since the previous request to an external syslog server:
+the profile to use by including `--profile`. An example using the `send-to` command to forward only the new file event data since the previous request to an external syslog server:
 ```bash
-code42 security-data search --profile profile1 -c syslog_sender | nc syslog.example.com 514
+code42 security-data send-to syslog.example.com:514 -p UDP --profile profile1 -c syslog_sender
 ```
 
 An example to send to the syslog server only the new alerts that meet the filter criteria since the previous request:
 ```bash
-code42 alerts send-to "https://syslog.example.com:514" -p UDP --profile profile1 --rule-name “Source code exfiltration” --state OPEN -i
+code42 alerts send-to syslog.example.com:514 -p UDP --profile profile1 --rule-name “Source code exfiltration” --state OPEN -i
 ```
 
 As a best practice, use a separate profile when executing a scheduled task. Using separate profiles can help prevent accidental updates to your stored checkpoints, for example, by adding `--use-checkpoint` to adhoc queries.

src/code42cli/options.py

@@ -163,7 +163,7 @@ def server_options(f):
         "--protocol",
         type=click.Choice(ServerProtocol(), case_sensitive=False),
         default=ServerProtocol.UDP,
-        help="Protocol used to send logs to server.",
+        help="Protocol used to send logs to server. Defaults to UDP",
     )
     f = hostname_arg(f)
     f = protocol_option(f)