From e86ebf99d7a11a9fd7ab4c4b1caad0d5b2ef9b6c Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Fri, 4 Aug 2023 21:53:48 -0400 Subject: [PATCH] feat(sdk): swagger updates for 2023-08-03 release (#24) --- README.md | 224 ++++---- docs/ApiSensorDetailsResponseSwagger.md | 22 + docs/ClassificationCriteria.md | 20 + docs/ClassificationLabel.md | 28 + docs/CommonEntitiesResponse.md | 22 + ...tsApi.md => ConfigurationAssessmentApi.md} | 14 +- ...nfigurationAssessmentEvaluationLogicApi.md | 77 +++ docs/CspmRegistrationApi.md | 6 +- docs/CustomIoaApi.md | 48 +- docs/DetectsAlert.md | 2 - docs/DeviceControlExceptionReqV1.md | 2 + docs/DiscoverApi.md | 336 +----------- docs/DiscoverIotApi.md | 4 +- docs/DomainAPIEntityMatchedV1.md | 22 + ...ainAPIEvaluationLogicEntitiesResponseV1.md | 22 + docs/DomainAPIEvaluationLogicHostInfoV1.md | 18 + docs/DomainAPIEvaluationLogicV1.md | 18 +- docs/DomainAPIFindingFacetV1.md | 2 + docs/DomainAPIFindingWithRuleV1.md | 2 + docs/DomainAPIRemediationIDs.md | 2 +- docs/DomainAPIRemediationV2.md | 12 +- docs/DomainAPIVulnerabilityCVECISAInfo.md | 4 +- ...DomainAPIVulnerabilityCVEDetailsFacetV2.md | 30 +- docs/DomainAPIVulnerabilityDataProviderV1.md | 26 + docs/DomainAPIVulnerabilityExtendedAppV2.md | 2 +- docs/DomainAPIVulnerabilityHostFacetV2.md | 46 +- ...omainAPIVulnerabilityRemediationFacetV2.md | 4 +- ...DomainAPIVulnerabilitySuppressionInfoV2.md | 4 +- docs/DomainAPIVulnerabilityV2.md | 26 +- docs/DomainAWSAccountV2.md | 6 + docs/DomainActorDocument.md | 50 +- docs/DomainActorsResponse.md | 2 +- docs/DomainAssessmentPaging.md | 24 - docs/DomainBaseAPIVulnerabilityV2.md | 26 +- docs/DomainBehavior.md | 2 + docs/DomainCIDGroup.md | 6 +- docs/DomainCIDPolicyAssignments.md | 4 + docs/DomainCloudAccounts.md | 20 + docs/DomainCloudScope.md | 36 ++ docs/DomainDiscoverAPIHost.md | 34 +- docs/DomainDiscoverAPIIoTHost.md | 2 + docs/DomainDiscoverParams.md | 4 + docs/DomainECrimeKillChain.md | 40 +- docs/DomainEntity.md | 8 +- docs/DomainGCPAccountV1.md | 4 + docs/DomainKillChain.md | 32 +- docs/DomainMatchedBreachSummaryV1.md | 4 + docs/DomainMetaInfo.md | 12 +- docs/DomainMsaMetaInfo.md | 20 + docs/DomainNewsDocument.md | 36 +- docs/DomainNewsResponse.md | 2 +- docs/DomainNotificationV1.md | 2 + docs/DomainPolicyInfo.md | 4 + docs/DomainQueryMitreAttacksResponse.md | 22 + docs/DomainQueryResponse.md | 4 +- docs/DomainRule.md | 28 +- docs/DomainUpdateNotificationRequestV1.md | 4 + docs/DomainUserAction.md | 2 +- docs/DomainVulnerability.md | 28 +- docs/DomainVulnerabilityActor.md | 4 +- docs/DomainVulnerabilityAffectedProduct.md | 4 +- docs/DomainVulnerabilityRelatedThreat.md | 4 +- docs/DomainVulnerabilityReport.md | 4 +- docs/DomainVulnerabilityResponse.md | 4 +- docs/FalconContainerImageApi.md | 78 +++ docs/FalconxAMSICall.md | 4 + docs/FalconxCertificate.md | 30 ++ docs/FalconxFileDataDirectory.md | 24 + docs/FalconxFileResource.md | 26 + docs/FalconxFileSection.md | 30 ++ docs/FalconxModule.md | 20 + docs/FalconxProcess.md | 2 + docs/FalconxSandboxParametersV1.md | 2 + docs/FalconxSandboxReportV1.md | 38 ++ docs/FilevantageApi.md | 4 +- docs/FwmgrFirewallMatchEventResponse.md | 2 + docs/IdentityEntitiesApi.md | 225 ++++++++ docs/ImagesExtCombinedImagesResponse.md | 22 + docs/IncidentsApi.md | 2 +- docs/IntelApi.md | 39 +- docs/InternalSensorStatus.md | 36 ++ docs/InventoriesApi.md | 77 +++ docs/ModelsCredentials.md | 18 + docs/ModelsExtAPIImageCombined.md | 54 ++ docs/ModelsJobMetaData.md | 32 ++ docs/ModelsRegistryCredentialsResponse.md | 22 + docs/ModelsScanResults.md | 20 + docs/ModelsSnapshotInventoryApplication.md | 34 ++ docs/ModelsSnapshotInventoryPayload.md | 20 + docs/MsspApi.md | 82 ++- docs/ProvisionApi.md | 74 +++ docs/PublicACL.md | 2 +- docs/PublicACLChange.md | 20 + docs/ReconApi.md | 2 +- docs/RegistrationAzureAccountV1Ext.md | 6 + docs/RegistrationIOAEvent.md | 8 +- docs/RegistrationIOMEventV2.md | 4 + docs/SadomainNotificationLog.md | 36 ++ docs/ThreatgraphCrawlEdgesRequest.md | 28 - docs/UserManagementApi.md | 2 +- ...rabilitiesApi.md => VulnerabilitiesApi.md} | 46 +- ...d => VulnerabilitiesEvaluationLogicApi.md} | 26 +- lib/crimson-falcon.rb | 40 +- ...api.rb => configuration_assessment_api.rb} | 18 +- ...uration_assessment_evaluation_logic_api.rb | 101 ++++ .../api/cspm_registration_api.rb | 7 +- lib/crimson-falcon/api/custom_ioa_api.rb | 38 +- lib/crimson-falcon/api/discover_api.rb | 344 +----------- lib/crimson-falcon/api/discover_iot_api.rb | 4 +- .../api/falcon_container_image_api.rb | 67 +++ lib/crimson-falcon/api/filevantage_api.rb | 4 +- .../api/identity_entities_api.rb | 238 +++++++++ lib/crimson-falcon/api/incidents_api.rb | 2 +- lib/crimson-falcon/api/intel_api.rb | 39 +- lib/crimson-falcon/api/inventories_api.rb | 105 ++++ lib/crimson-falcon/api/mssp_api.rb | 70 ++- lib/crimson-falcon/api/provision_api.rb | 94 ++++ ...bilities_api.rb => vulnerabilities_api.rb} | 54 +- ...> vulnerabilities_evaluation_logic_api.rb} | 26 +- .../api_sensor_details_response_swagger.rb | 271 ++++++++++ .../models/classification_criteria.rb | 247 +++++++++ .../models/classification_label.rb | 281 ++++++++++ ..._paging.rb => common_entities_response.rb} | 72 ++- lib/crimson-falcon/models/detects_alert.rb | 13 +- .../models/device_control_exception_req_v1.rb | 12 +- .../models/domain_actor_document.rb | 36 +- .../models/domain_actors_response.rb | 1 + .../models/domain_api_entity_matched_v1.rb | 252 +++++++++ ...i_evaluation_logic_entities_response_v1.rb | 266 ++++++++++ ...omain_api_evaluation_logic_host_info_v1.rb | 242 +++++++++ .../models/domain_api_evaluation_logic_v1.rb | 28 +- .../models/domain_api_finding_facet_v1.rb | 13 +- .../models/domain_api_finding_with_rule_v1.rb | 12 +- .../models/domain_api_remediation_ids.rb | 1 + .../models/domain_api_remediation_v2.rb | 6 + ..._api_vulnerability_cve_details_facet_v2.rb | 15 + .../domain_api_vulnerability_cvecisa_info.rb | 2 + ...main_api_vulnerability_data_provider_v1.rb | 277 ++++++++++ ...omain_api_vulnerability_extended_app_v2.rb | 1 + .../domain_api_vulnerability_host_facet_v2.rb | 59 ++- ..._api_vulnerability_remediation_facet_v2.rb | 2 + ...n_api_vulnerability_suppression_info_v2.rb | 2 + .../models/domain_api_vulnerability_v2.rb | 60 ++- .../models/domain_aws_account_v2.rb | 32 +- .../domain_base_api_vulnerability_v2.rb | 60 ++- lib/crimson-falcon/models/domain_behavior.rb | 13 +- lib/crimson-falcon/models/domain_cid_group.rb | 17 +- .../models/domain_cid_policy_assignments.rb | 24 +- .../models/domain_cloud_accounts.rb | 245 +++++++++ .../models/domain_cloud_scope.rb | 319 ++++++++++++ .../models/domain_discover_api_host.rb | 126 ++++- .../models/domain_discover_apiio_t_host.rb | 14 +- .../models/domain_discover_params.rb | 30 +- .../models/domain_e_crime_kill_chain.rb | 20 + lib/crimson-falcon/models/domain_entity.rb | 4 + .../models/domain_gcp_account_v1.rb | 22 +- .../models/domain_kill_chain.rb | 16 + .../domain_matched_breach_summary_v1.rb | 20 +- lib/crimson-falcon/models/domain_meta_info.rb | 55 +- .../models/domain_msa_meta_info.rb | 248 +++++++++ .../models/domain_news_document.rb | 18 + .../models/domain_news_response.rb | 1 + .../models/domain_notification_v1.rb | 13 +- .../models/domain_policy_info.rb | 24 +- .../domain_query_mitre_attacks_response.rb | 273 ++++++++++ .../models/domain_query_response.rb | 9 +- lib/crimson-falcon/models/domain_rule.rb | 132 ++--- .../domain_update_notification_request_v1.rb | 30 +- .../models/domain_user_action.rb | 5 + .../models/domain_user_action_request.rb | 2 +- .../models/domain_vulnerability.rb | 14 + .../models/domain_vulnerability_actor.rb | 2 + .../domain_vulnerability_affected_product.rb | 2 + .../domain_vulnerability_related_threat.rb | 2 + .../models/domain_vulnerability_report.rb | 2 + .../models/domain_vulnerability_response.rb | 2 + .../models/falconx_amsi_call.rb | 20 +- .../models/falconx_certificate.rb | 288 ++++++++++ .../models/falconx_file_data_directory.rb | 261 ++++++++++ .../models/falconx_file_resource.rb | 270 ++++++++++ ...ges_request.rb => falconx_file_section.rb} | 113 ++-- lib/crimson-falcon/models/falconx_module.rb | 243 +++++++++ lib/crimson-falcon/models/falconx_process.rb | 13 +- .../models/falconx_sandbox_parameters_v1.rb | 16 +- .../models/falconx_sandbox_report_v1.rb | 192 ++++++- .../fwmgr_firewall_match_event_response.rb | 16 +- .../images_ext_combined_images_response.rb | 266 ++++++++++ .../models/internal_sensor_status.rb | 325 ++++++++++++ .../models/models_credentials.rb | 239 +++++++++ .../models/models_ext_api_image_combined.rb | 491 ++++++++++++++++++ .../models/models_job_meta_data.rb | 337 ++++++++++++ .../models_registry_credentials_response.rb | 271 ++++++++++ .../models/models_scan_results.rb | 255 +++++++++ .../models_snapshot_inventory_application.rb | 351 +++++++++++++ .../models_snapshot_inventory_payload.rb | 253 +++++++++ lib/crimson-falcon/models/public_acl.rb | 2 +- .../models/public_acl_change.rb | 243 +++++++++ .../registration_azure_account_v1_ext.rb | 32 +- .../models/registration_ioa_event.rb | 12 +- .../models/registration_iom_event_v2.rb | 24 +- .../models/sadomain_notification_log.rb | 365 +++++++++++++ lib/crimson-falcon/version.rb | 2 +- ...b => configuration_assessment_api_spec.rb} | 14 +- ...on_assessment_evaluation_logic_api_spec.rb | 63 +++ spec/api/cspm_registration_api_spec.rb | 3 +- spec/api/custom_ioa_api_spec.rb | 14 +- spec/api/discover_api_spec.rb | 68 +-- spec/api/discover_iot_api_spec.rb | 2 +- spec/api/falcon_container_image_api_spec.rb | 14 + spec/api/filevantage_api_spec.rb | 2 +- spec/api/identity_entities_api_spec.rb | 88 ++++ spec/api/intel_api_spec.rb | 11 +- spec/api/inventories_api_spec.rb | 63 +++ spec/api/mssp_api_spec.rb | 13 +- spec/api/provision_api_spec.rb | 62 +++ ...pi_spec.rb => vulnerabilities_api_spec.rb} | 18 +- ...nerabilities_evaluation_logic_api_spec.rb} | 12 +- ...pi_sensor_details_response_swagger_spec.rb | 63 +++ spec/models/classification_criteria_spec.rb | 57 ++ ...t_spec.rb => classification_label_spec.rb} | 24 +- spec/models/common_entities_response_spec.rb | 63 +++ spec/models/detects_alert_spec.rb | 6 - .../device_control_exception_req_v1_spec.rb | 6 + .../domain_api_entity_matched_v1_spec.rb | 63 +++ ...luation_logic_entities_response_v1_spec.rb | 63 +++ ..._api_evaluation_logic_host_info_v1_spec.rb | 51 ++ .../domain_api_evaluation_logic_v1_spec.rb | 12 + .../domain_api_finding_facet_v1_spec.rb | 6 + .../domain_api_finding_with_rule_v1_spec.rb | 6 + ...api_vulnerability_data_provider_v1_spec.rb | 75 +++ ...in_api_vulnerability_host_facet_v2_spec.rb | 18 + .../domain_api_vulnerability_v2_spec.rb | 24 + spec/models/domain_aws_account_v2_spec.rb | 18 + .../domain_base_api_vulnerability_v2_spec.rb | 24 + spec/models/domain_behavior_spec.rb | 6 + spec/models/domain_cid_group_spec.rb | 6 - .../domain_cid_policy_assignments_spec.rb | 12 + spec/models/domain_cloud_accounts_spec.rb | 57 ++ spec/models/domain_cloud_scope_spec.rb | 105 ++++ spec/models/domain_discover_api_host_spec.rb | 66 +++ .../domain_discover_apiio_t_host_spec.rb | 6 + spec/models/domain_discover_params_spec.rb | 12 + spec/models/domain_gcp_account_v1_spec.rb | 12 + .../domain_matched_breach_summary_v1_spec.rb | 12 + spec/models/domain_meta_info_spec.rb | 16 +- spec/models/domain_msa_meta_info_spec.rb | 57 ++ spec/models/domain_notification_v1_spec.rb | 6 + spec/models/domain_policy_info_spec.rb | 12 + ...omain_query_mitre_attacks_response_spec.rb | 63 +++ spec/models/domain_rule_spec.rb | 20 +- ...ain_update_notification_request_v1_spec.rb | 12 + spec/models/falconx_amsi_call_spec.rb | 12 + spec/models/falconx_certificate_spec.rb | 87 ++++ ...rb => falconx_file_data_directory_spec.rb} | 20 +- spec/models/falconx_file_resource_spec.rb | 75 +++ spec/models/falconx_file_section_spec.rb | 87 ++++ spec/models/falconx_module_spec.rb | 57 ++ spec/models/falconx_process_spec.rb | 6 + .../falconx_sandbox_parameters_v1_spec.rb | 6 + spec/models/falconx_sandbox_report_v1_spec.rb | 114 ++++ ...wmgr_firewall_match_event_response_spec.rb | 6 + ...mages_ext_combined_images_response_spec.rb | 63 +++ spec/models/internal_sensor_status_spec.rb | 105 ++++ spec/models/models_credentials_spec.rb | 51 ++ .../models_ext_api_image_combined_spec.rb | 159 ++++++ spec/models/models_job_meta_data_spec.rb | 93 ++++ ...dels_registry_credentials_response_spec.rb | 63 +++ spec/models/models_scan_results_spec.rb | 57 ++ ...els_snapshot_inventory_application_spec.rb | 99 ++++ .../models_snapshot_inventory_payload_spec.rb | 57 ++ spec/models/public_acl_change_spec.rb | 57 ++ .../registration_azure_account_v1_ext_spec.rb | 18 + spec/models/registration_iom_event_v2_spec.rb | 12 + spec/models/sadomain_notification_log_spec.rb | 105 ++++ 274 files changed, 14078 insertions(+), 1685 deletions(-) create mode 100644 docs/ApiSensorDetailsResponseSwagger.md create mode 100644 docs/ClassificationCriteria.md create mode 100644 docs/ClassificationLabel.md create mode 100644 docs/CommonEntitiesResponse.md rename docs/{PublicAssessmentsApi.md => ConfigurationAssessmentApi.md} (84%) create mode 100644 docs/ConfigurationAssessmentEvaluationLogicApi.md create mode 100644 docs/DomainAPIEntityMatchedV1.md create mode 100644 docs/DomainAPIEvaluationLogicEntitiesResponseV1.md create mode 100644 docs/DomainAPIEvaluationLogicHostInfoV1.md create mode 100644 docs/DomainAPIVulnerabilityDataProviderV1.md delete mode 100644 docs/DomainAssessmentPaging.md create mode 100644 docs/DomainCloudAccounts.md create mode 100644 docs/DomainCloudScope.md create mode 100644 docs/DomainMsaMetaInfo.md create mode 100644 docs/DomainQueryMitreAttacksResponse.md create mode 100644 docs/FalconxCertificate.md create mode 100644 docs/FalconxFileDataDirectory.md create mode 100644 docs/FalconxFileResource.md create mode 100644 docs/FalconxFileSection.md create mode 100644 docs/FalconxModule.md create mode 100644 docs/IdentityEntitiesApi.md create mode 100644 docs/ImagesExtCombinedImagesResponse.md create mode 100644 docs/InternalSensorStatus.md create mode 100644 docs/InventoriesApi.md create mode 100644 docs/ModelsCredentials.md create mode 100644 docs/ModelsExtAPIImageCombined.md create mode 100644 docs/ModelsJobMetaData.md create mode 100644 docs/ModelsRegistryCredentialsResponse.md create mode 100644 docs/ModelsScanResults.md create mode 100644 docs/ModelsSnapshotInventoryApplication.md create mode 100644 docs/ModelsSnapshotInventoryPayload.md create mode 100644 docs/ProvisionApi.md create mode 100644 docs/PublicACLChange.md create mode 100644 docs/SadomainNotificationLog.md delete mode 100644 docs/ThreatgraphCrawlEdgesRequest.md rename docs/{SpotlightVulnerabilitiesApi.md => VulnerabilitiesApi.md} (65%) rename docs/{SpotlightEvaluationLogicApi.md => VulnerabilitiesEvaluationLogicApi.md} (82%) rename lib/crimson-falcon/api/{public_assessments_api.rb => configuration_assessment_api.rb} (88%) create mode 100644 lib/crimson-falcon/api/configuration_assessment_evaluation_logic_api.rb create mode 100644 lib/crimson-falcon/api/identity_entities_api.rb create mode 100644 lib/crimson-falcon/api/inventories_api.rb create mode 100644 lib/crimson-falcon/api/provision_api.rb rename lib/crimson-falcon/api/{spotlight_vulnerabilities_api.rb => vulnerabilities_api.rb} (72%) rename lib/crimson-falcon/api/{spotlight_evaluation_logic_api.rb => vulnerabilities_evaluation_logic_api.rb} (88%) create mode 100644 lib/crimson-falcon/models/api_sensor_details_response_swagger.rb create mode 100644 lib/crimson-falcon/models/classification_criteria.rb create mode 100644 lib/crimson-falcon/models/classification_label.rb rename lib/crimson-falcon/models/{domain_assessment_paging.rb => common_entities_response.rb} (84%) create mode 100644 lib/crimson-falcon/models/domain_api_entity_matched_v1.rb create mode 100644 lib/crimson-falcon/models/domain_api_evaluation_logic_entities_response_v1.rb create mode 100644 lib/crimson-falcon/models/domain_api_evaluation_logic_host_info_v1.rb create mode 100644 lib/crimson-falcon/models/domain_api_vulnerability_data_provider_v1.rb create mode 100644 lib/crimson-falcon/models/domain_cloud_accounts.rb create mode 100644 lib/crimson-falcon/models/domain_cloud_scope.rb create mode 100644 lib/crimson-falcon/models/domain_msa_meta_info.rb create mode 100644 lib/crimson-falcon/models/domain_query_mitre_attacks_response.rb create mode 100644 lib/crimson-falcon/models/falconx_certificate.rb create mode 100644 lib/crimson-falcon/models/falconx_file_data_directory.rb create mode 100644 lib/crimson-falcon/models/falconx_file_resource.rb rename lib/crimson-falcon/models/{threatgraph_crawl_edges_request.rb => falconx_file_section.rb} (73%) create mode 100644 lib/crimson-falcon/models/falconx_module.rb create mode 100644 lib/crimson-falcon/models/images_ext_combined_images_response.rb create mode 100644 lib/crimson-falcon/models/internal_sensor_status.rb create mode 100644 lib/crimson-falcon/models/models_credentials.rb create mode 100644 lib/crimson-falcon/models/models_ext_api_image_combined.rb create mode 100644 lib/crimson-falcon/models/models_job_meta_data.rb create mode 100644 lib/crimson-falcon/models/models_registry_credentials_response.rb create mode 100644 lib/crimson-falcon/models/models_scan_results.rb create mode 100644 lib/crimson-falcon/models/models_snapshot_inventory_application.rb create mode 100644 lib/crimson-falcon/models/models_snapshot_inventory_payload.rb create mode 100644 lib/crimson-falcon/models/public_acl_change.rb create mode 100644 lib/crimson-falcon/models/sadomain_notification_log.rb rename spec/api/{public_assessments_api_spec.rb => configuration_assessment_api_spec.rb} (88%) create mode 100644 spec/api/configuration_assessment_evaluation_logic_api_spec.rb create mode 100644 spec/api/identity_entities_api_spec.rb create mode 100644 spec/api/inventories_api_spec.rb create mode 100644 spec/api/provision_api_spec.rb rename spec/api/{spotlight_vulnerabilities_api_spec.rb => vulnerabilities_api_spec.rb} (69%) rename spec/api/{spotlight_evaluation_logic_api_spec.rb => vulnerabilities_evaluation_logic_api_spec.rb} (90%) create mode 100644 spec/models/api_sensor_details_response_swagger_spec.rb create mode 100644 spec/models/classification_criteria_spec.rb rename spec/models/{threatgraph_crawl_edges_request_spec.rb => classification_label_spec.rb} (77%) create mode 100644 spec/models/common_entities_response_spec.rb create mode 100644 spec/models/domain_api_entity_matched_v1_spec.rb create mode 100644 spec/models/domain_api_evaluation_logic_entities_response_v1_spec.rb create mode 100644 spec/models/domain_api_evaluation_logic_host_info_v1_spec.rb create mode 100644 spec/models/domain_api_vulnerability_data_provider_v1_spec.rb create mode 100644 spec/models/domain_cloud_accounts_spec.rb create mode 100644 spec/models/domain_cloud_scope_spec.rb create mode 100644 spec/models/domain_msa_meta_info_spec.rb create mode 100644 spec/models/domain_query_mitre_attacks_response_spec.rb create mode 100644 spec/models/falconx_certificate_spec.rb rename spec/models/{domain_assessment_paging_spec.rb => falconx_file_data_directory_spec.rb} (78%) create mode 100644 spec/models/falconx_file_resource_spec.rb create mode 100644 spec/models/falconx_file_section_spec.rb create mode 100644 spec/models/falconx_module_spec.rb create mode 100644 spec/models/images_ext_combined_images_response_spec.rb create mode 100644 spec/models/internal_sensor_status_spec.rb create mode 100644 spec/models/models_credentials_spec.rb create mode 100644 spec/models/models_ext_api_image_combined_spec.rb create mode 100644 spec/models/models_job_meta_data_spec.rb create mode 100644 spec/models/models_registry_credentials_response_spec.rb create mode 100644 spec/models/models_scan_results_spec.rb create mode 100644 spec/models/models_snapshot_inventory_application_spec.rb create mode 100644 spec/models/models_snapshot_inventory_payload_spec.rb create mode 100644 spec/models/public_acl_change_spec.rb create mode 100644 spec/models/sadomain_notification_log_spec.rb diff --git a/README.md b/README.md index 6bbd6ee9..6fb512a6 100644 --- a/README.md +++ b/README.md @@ -227,6 +227,22 @@ We appreciate your interest in our project and look forward to collaborating wit --- +**Class**: `Falcon::ConfigurationAssessmentApi` + +- **Operation**: [**get_combined_assessments_query**](docs/ConfigurationAssessmentApi.md#get_combined_assessments_query) +- **GET**: /configuration-assessment/combined/assessments/v1 +- **Description**: Search for assessments in your environment by providing an FQL filter and paging details. Returns a set of HostFinding entities which match the filter criteria + +--- + +**Class**: `Falcon::ConfigurationAssessmentEvaluationLogicApi` + +- **Operation**: [**get_evaluation_logic_mixin0**](docs/ConfigurationAssessmentEvaluationLogicApi.md#get_evaluation_logic_mixin0) +- **GET**: /configuration-assessment/entities/evaluation-logic/v1 +- **Description**: Get details on evaluation logic items by providing one or more finding IDs. + +--- + **Class**: `Falcon::CspmRegistrationApi` - **Operation**: [**azure_download_certificate**](docs/CspmRegistrationApi.md#azure_download_certificate) @@ -485,7 +501,7 @@ We appreciate your interest in our project and look forward to collaborating wit **Class**: `Falcon::CustomIoaApi` -- **Operation**: [**get_rules_mixin0_mixin65**](docs/CustomIoaApi.md#get_rules_mixin0_mixin65) +- **Operation**: [**get_rules_mixin0**](docs/CustomIoaApi.md#get_rules_mixin0) - **GET**: /ioarules/entities/rules/v1 - **Description**: Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size. @@ -533,7 +549,7 @@ We appreciate your interest in our project and look forward to collaborating wit **Class**: `Falcon::CustomIoaApi` -- **Operation**: [**query_rules_mixin0_mixin65**](docs/CustomIoaApi.md#query_rules_mixin0_mixin65) +- **Operation**: [**query_rules_mixin0**](docs/CustomIoaApi.md#query_rules_mixin0) - **GET**: /ioarules/queries/rules/v1 - **Description**: Finds all rule IDs matching the query with optional filter. @@ -861,38 +877,6 @@ We appreciate your interest in our project and look forward to collaborating wit **Class**: `Falcon::DiscoverApi` -- **Operation**: [**query_active_discovery_networks**](docs/DiscoverApi.md#query_active_discovery_networks) -- **GET**: /discover/queries/active-discovery-networks/v1 -- **Description**: Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria. - ---- - -**Class**: `Falcon::DiscoverApi` - -- **Operation**: [**query_active_discovery_rules**](docs/DiscoverApi.md#query_active_discovery_rules) -- **GET**: /discover/queries/active-discovery-rules/v1 -- **Description**: Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria. - ---- - -**Class**: `Falcon::DiscoverApi` - -- **Operation**: [**query_active_discovery_scanners**](docs/DiscoverApi.md#query_active_discovery_scanners) -- **GET**: /discover/queries/active-discovery-scanners/v1 -- **Description**: Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria. - ---- - -**Class**: `Falcon::DiscoverApi` - -- **Operation**: [**query_active_discovery_scans**](docs/DiscoverApi.md#query_active_discovery_scans) -- **GET**: /discover/queries/active-discovery-scans/v1 -- **Description**: Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria. - ---- - -**Class**: `Falcon::DiscoverApi` - - **Operation**: [**query_applications**](docs/DiscoverApi.md#query_applications) - **GET**: /discover/queries/applications/v1 - **Description**: Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria. @@ -1117,6 +1101,14 @@ We appreciate your interest in our project and look forward to collaborating wit **Class**: `Falcon::FalconContainerImageApi` +- **Operation**: [**get_combined_images**](docs/FalconContainerImageApi.md#get_combined_images) +- **GET**: /container-security/combined/image-assessment/images/v1 +- **Description**: Get image assessment results by providing an FQL filter and paging details + +--- + +**Class**: `Falcon::FalconContainerImageApi` + - **Operation**: [**read_registry_entities**](docs/FalconContainerImageApi.md#read_registry_entities) - **GET**: /container-security/queries/registries/v1 - **Description**: Retrieve registry entities identified by the customer id @@ -1803,6 +1795,30 @@ We appreciate your interest in our project and look forward to collaborating wit --- +**Class**: `Falcon::IdentityEntitiesApi` + +- **Operation**: [**get_sensor_aggregates**](docs/IdentityEntitiesApi.md#get_sensor_aggregates) +- **POST**: /identity-protection/aggregates/devices/GET/v1 +- **Description**: Get sensor aggregates as specified via json in request body. + +--- + +**Class**: `Falcon::IdentityEntitiesApi` + +- **Operation**: [**get_sensor_details**](docs/IdentityEntitiesApi.md#get_sensor_details) +- **POST**: /identity-protection/entities/devices/GET/v1 +- **Description**: Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs. + +--- + +**Class**: `Falcon::IdentityEntitiesApi` + +- **Operation**: [**query_sensors_by_filter**](docs/IdentityEntitiesApi.md#query_sensors_by_filter) +- **GET**: /identity-protection/queries/devices/v1 +- **Description**: Search for sensors in your environment by hostname, IP, and other criteria. + +--- + **Class**: `Falcon::IdentityProtectionApi` - **Operation**: [**api_preempt_proxy_post_graphql**](docs/IdentityProtectionApi.md#api_preempt_proxy_post_graphql) @@ -2071,7 +2087,7 @@ We appreciate your interest in our project and look forward to collaborating wit - **Operation**: [**query_mitre_attacks**](docs/IntelApi.md#query_mitre_attacks) - **GET**: /intel/queries/mitre/v1 -- **Description**: Gets MITRE tactics and techniques for the given actor +- **Description**: Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071 --- @@ -2083,6 +2099,14 @@ We appreciate your interest in our project and look forward to collaborating wit --- +**Class**: `Falcon::InventoriesApi` + +- **Operation**: [**create_inventory**](docs/InventoriesApi.md#create_inventory) +- **POST**: /snapshots/entities/inventories/v1 +- **Description**: Create inventory from data received from snapshot + +--- + **Class**: `Falcon::IoaExclusionsApi` - **Operation**: [**create_ioa_exclusions_v1**](docs/IoaExclusionsApi.md#create_ioa_exclusions_v1) @@ -2647,7 +2671,15 @@ We appreciate your interest in our project and look forward to collaborating wit - **Operation**: [**delete_cid_group_members**](docs/MsspApi.md#delete_cid_group_members) - **DELETE**: /mssp/entities/cid-group-members/v1 -- **Description**: Delete CID group members. +- **Description**: Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members. + +--- + +**Class**: `Falcon::MsspApi` + +- **Operation**: [**delete_cid_group_members_v2**](docs/MsspApi.md#delete_cid_group_members_v2) +- **DELETE**: /mssp/entities/cid-group-members/v2 +- **Description**: Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group. --- @@ -3091,11 +3123,11 @@ We appreciate your interest in our project and look forward to collaborating wit --- -**Class**: `Falcon::PublicAssessmentsApi` +**Class**: `Falcon::ProvisionApi` -- **Operation**: [**get_combined_assessments_query**](docs/PublicAssessmentsApi.md#get_combined_assessments_query) -- **GET**: /configuration-assessment/combined/assessments/v1 -- **Description**: Search for assessments in your environment by providing an FQL filter and paging details. Returns a set of HostFinding entities which match the filter criteria +- **Operation**: [**get_credentials_mixin0**](docs/ProvisionApi.md#get_credentials_mixin0) +- **GET**: /snapshots/entities/image-registry-credentials/v1 +- **Description**: Gets the registry credentials --- @@ -4131,62 +4163,6 @@ We appreciate your interest in our project and look forward to collaborating wit --- -**Class**: `Falcon::SpotlightEvaluationLogicApi` - -- **Operation**: [**combined_query_evaluation_logic**](docs/SpotlightEvaluationLogicApi.md#combined_query_evaluation_logic) -- **GET**: /spotlight/combined/evaluation-logic/v1 -- **Description**: Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria. - ---- - -**Class**: `Falcon::SpotlightEvaluationLogicApi` - -- **Operation**: [**get_evaluation_logic**](docs/SpotlightEvaluationLogicApi.md#get_evaluation_logic) -- **GET**: /spotlight/entities/evaluation-logic/v1 -- **Description**: Get details on evaluation logic items by providing one or more IDs. - ---- - -**Class**: `Falcon::SpotlightEvaluationLogicApi` - -- **Operation**: [**query_evaluation_logic**](docs/SpotlightEvaluationLogicApi.md#query_evaluation_logic) -- **GET**: /spotlight/queries/evaluation-logic/v1 -- **Description**: Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria. - ---- - -**Class**: `Falcon::SpotlightVulnerabilitiesApi` - -- **Operation**: [**combined_query_vulnerabilities**](docs/SpotlightVulnerabilitiesApi.md#combined_query_vulnerabilities) -- **GET**: /spotlight/combined/vulnerabilities/v1 -- **Description**: Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria - ---- - -**Class**: `Falcon::SpotlightVulnerabilitiesApi` - -- **Operation**: [**get_remediations_v2**](docs/SpotlightVulnerabilitiesApi.md#get_remediations_v2) -- **GET**: /spotlight/entities/remediations/v2 -- **Description**: Get details on remediation by providing one or more IDs - ---- - -**Class**: `Falcon::SpotlightVulnerabilitiesApi` - -- **Operation**: [**get_vulnerabilities**](docs/SpotlightVulnerabilitiesApi.md#get_vulnerabilities) -- **GET**: /spotlight/entities/vulnerabilities/v2 -- **Description**: Get details on vulnerabilities by providing one or more IDs - ---- - -**Class**: `Falcon::SpotlightVulnerabilitiesApi` - -- **Operation**: [**query_vulnerabilities**](docs/SpotlightVulnerabilitiesApi.md#query_vulnerabilities) -- **GET**: /spotlight/queries/vulnerabilities/v1 -- **Description**: Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria - ---- - **Class**: `Falcon::TailoredIntelligenceApi` - **Operation**: [**get_events_body**](docs/TailoredIntelligenceApi.md#get_events_body) @@ -4403,6 +4379,62 @@ We appreciate your interest in our project and look forward to collaborating wit --- +**Class**: `Falcon::VulnerabilitiesApi` + +- **Operation**: [**combined_query_vulnerabilities**](docs/VulnerabilitiesApi.md#combined_query_vulnerabilities) +- **GET**: /spotlight/combined/vulnerabilities/v1 +- **Description**: Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria + +--- + +**Class**: `Falcon::VulnerabilitiesApi` + +- **Operation**: [**get_remediations_v2**](docs/VulnerabilitiesApi.md#get_remediations_v2) +- **GET**: /spotlight/entities/remediations/v2 +- **Description**: Get details on remediation by providing one or more IDs + +--- + +**Class**: `Falcon::VulnerabilitiesApi` + +- **Operation**: [**get_vulnerabilities**](docs/VulnerabilitiesApi.md#get_vulnerabilities) +- **GET**: /spotlight/entities/vulnerabilities/v2 +- **Description**: Get details on vulnerabilities by providing one or more IDs + +--- + +**Class**: `Falcon::VulnerabilitiesApi` + +- **Operation**: [**query_vulnerabilities**](docs/VulnerabilitiesApi.md#query_vulnerabilities) +- **GET**: /spotlight/queries/vulnerabilities/v1 +- **Description**: Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria + +--- + +**Class**: `Falcon::VulnerabilitiesEvaluationLogicApi` + +- **Operation**: [**combined_query_evaluation_logic**](docs/VulnerabilitiesEvaluationLogicApi.md#combined_query_evaluation_logic) +- **GET**: /spotlight/combined/evaluation-logic/v1 +- **Description**: Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria. + +--- + +**Class**: `Falcon::VulnerabilitiesEvaluationLogicApi` + +- **Operation**: [**get_evaluation_logic**](docs/VulnerabilitiesEvaluationLogicApi.md#get_evaluation_logic) +- **GET**: /spotlight/entities/evaluation-logic/v1 +- **Description**: Get details on evaluation logic items by providing one or more IDs. + +--- + +**Class**: `Falcon::VulnerabilitiesEvaluationLogicApi` + +- **Operation**: [**query_evaluation_logic**](docs/VulnerabilitiesEvaluationLogicApi.md#query_evaluation_logic) +- **GET**: /spotlight/queries/evaluation-logic/v1 +- **Description**: Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria. + +--- + **Class**: `Falcon::ZeroTrustAssessmentApi` - **Operation**: [**get_assessment_v1**](docs/ZeroTrustAssessmentApi.md#get_assessment_v1) diff --git a/docs/ApiSensorDetailsResponseSwagger.md b/docs/ApiSensorDetailsResponseSwagger.md new file mode 100644 index 00000000..cd3c725e --- /dev/null +++ b/docs/ApiSensorDetailsResponseSwagger.md @@ -0,0 +1,22 @@ +# Falcon::ApiSensorDetailsResponseSwagger + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | | +| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | | +| **resources** | [**Array<InternalSensorStatus>**](InternalSensorStatus.md) | | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::ApiSensorDetailsResponseSwagger.new( + errors: null, + meta: null, + resources: null +) +``` + diff --git a/docs/ClassificationCriteria.md b/docs/ClassificationCriteria.md new file mode 100644 index 00000000..77a04150 --- /dev/null +++ b/docs/ClassificationCriteria.md @@ -0,0 +1,20 @@ +# Falcon::ClassificationCriteria + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **accounts** | **Array<String>** | | [optional] | +| **resources** | **Array<String>** | | [optional] | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::ClassificationCriteria.new( + accounts: null, + resources: null +) +``` + diff --git a/docs/ClassificationLabel.md b/docs/ClassificationLabel.md new file mode 100644 index 00000000..b47e0f82 --- /dev/null +++ b/docs/ClassificationLabel.md @@ -0,0 +1,28 @@ +# Falcon::ClassificationLabel + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **criteria** | [**Array<ClassificationCriteria>**](ClassificationCriteria.md) | | [optional] | +| **dynamic** | **Boolean** | | [optional] | +| **global** | **Boolean** | | [optional] | +| **group** | **String** | | [optional] | +| **id** | **Integer** | | [optional] | +| **name** | **String** | | [optional] | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::ClassificationLabel.new( + criteria: null, + dynamic: null, + global: null, + group: null, + id: null, + name: null +) +``` + diff --git a/docs/CommonEntitiesResponse.md b/docs/CommonEntitiesResponse.md new file mode 100644 index 00000000..da5ca47a --- /dev/null +++ b/docs/CommonEntitiesResponse.md @@ -0,0 +1,22 @@ +# Falcon::CommonEntitiesResponse + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | | +| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | | +| **resources** | **Object** | | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::CommonEntitiesResponse.new( + errors: null, + meta: null, + resources: null +) +``` + diff --git a/docs/PublicAssessmentsApi.md b/docs/ConfigurationAssessmentApi.md similarity index 84% rename from docs/PublicAssessmentsApi.md rename to docs/ConfigurationAssessmentApi.md index deb9c153..c0af1f14 100644 --- a/docs/PublicAssessmentsApi.md +++ b/docs/ConfigurationAssessmentApi.md @@ -1,10 +1,10 @@ -# Falcon::PublicAssessmentsApi +# Falcon::ConfigurationAssessmentApi All URIs are relative to *https://api.crowdstrike.com* | Method | HTTP request | Description | | ------ | ------------ | ----------- | -| [**get_combined_assessments_query**](PublicAssessmentsApi.md#get_combined_assessments_query) | **GET** /configuration-assessment/combined/assessments/v1 | Search for assessments in your environment by providing an FQL filter and paging details. Returns a set of HostFinding entities which match the filter criteria | +| [**get_combined_assessments_query**](ConfigurationAssessmentApi.md#get_combined_assessments_query) | **GET** /configuration-assessment/combined/assessments/v1 | Search for assessments in your environment by providing an FQL filter and paging details. Returns a set of HostFinding entities which match the filter criteria | ## get_combined_assessments_query @@ -26,13 +26,13 @@ Falcon.configure do |config| config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end -api_instance = Falcon::PublicAssessmentsApi.new +api_instance = Falcon::ConfigurationAssessmentApi.new filter = 'filter_example' # String | Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: opts = { after: 'after_example', # String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. limit: 56, # Integer | The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results. sort: 'sort_example', # String | Sort assessment by their properties. Common sort options include: - facet: ['inner_example'] # Array | Select various details blocks to be returned for each assessment entity. Supported values: + facet: ['inner_example'] # Array | Select various details blocks to be returned for each assessment entity. Supported values:
  • host
  • finding.rule
  • finding.evaluation_logic
} begin @@ -40,7 +40,7 @@ begin result = api_instance.get_combined_assessments_query(filter, opts) p result rescue Falcon::ApiError => e - puts "Error when calling PublicAssessmentsApi->get_combined_assessments_query: #{e}" + puts "Error when calling ConfigurationAssessmentApi->get_combined_assessments_query: #{e}" end ``` @@ -58,7 +58,7 @@ begin p headers # => { ... } p data # => rescue Falcon::ApiError => e - puts "Error when calling PublicAssessmentsApi->get_combined_assessments_query_with_http_info: #{e}" + puts "Error when calling ConfigurationAssessmentApi->get_combined_assessments_query_with_http_info: #{e}" end ``` @@ -70,7 +70,7 @@ end | **after** | **String** | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. | [optional] | | **limit** | **Integer** | The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results. | [optional] | | **sort** | **String** | Sort assessment by their properties. Common sort options include: <ul><li>created_timestamp|desc</li><li>updated_timestamp|asc</li></ul> | [optional] | -| **facet** | [**Array<String>**](String.md) | Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li></ul> | [optional] | +| **facet** | [**Array<String>**](String.md) | Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li><li>finding.evaluation_logic</li></ul> | [optional] | ### Return type diff --git a/docs/ConfigurationAssessmentEvaluationLogicApi.md b/docs/ConfigurationAssessmentEvaluationLogicApi.md new file mode 100644 index 00000000..86bc74bb --- /dev/null +++ b/docs/ConfigurationAssessmentEvaluationLogicApi.md @@ -0,0 +1,77 @@ +# Falcon::ConfigurationAssessmentEvaluationLogicApi + +All URIs are relative to *https://api.crowdstrike.com* + +| Method | HTTP request | Description | +| ------ | ------------ | ----------- | +| [**get_evaluation_logic_mixin0**](ConfigurationAssessmentEvaluationLogicApi.md#get_evaluation_logic_mixin0) | **GET** /configuration-assessment/entities/evaluation-logic/v1 | Get details on evaluation logic items by providing one or more finding IDs. | + + +## get_evaluation_logic_mixin0 + +> get_evaluation_logic_mixin0(ids) + +Get details on evaluation logic items by providing one or more finding IDs. + +### Examples + +```ruby +require 'time' +require 'crimson-falcon' + +# Setup authorization +Falcon.configure do |config| + config.client_id = "Your_Client_ID" + config.client_secret = "Your_Client_Secret" + config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" +end + +api_instance = Falcon::ConfigurationAssessmentEvaluationLogicApi.new +ids = ['inner_example'] # Array | One or more evaluation logic finding IDs. + +begin + # Get details on evaluation logic items by providing one or more finding IDs. + result = api_instance.get_evaluation_logic_mixin0(ids) + p result +rescue Falcon::ApiError => e + puts "Error when calling ConfigurationAssessmentEvaluationLogicApi->get_evaluation_logic_mixin0: #{e}" +end +``` + +#### Using the get_evaluation_logic_mixin0_with_http_info variant + +This returns an Array which contains the response data, status code and headers. + +> , Integer, Hash)> get_evaluation_logic_mixin0_with_http_info(ids) + +```ruby +begin + # Get details on evaluation logic items by providing one or more finding IDs. + data, status_code, headers = api_instance.get_evaluation_logic_mixin0_with_http_info(ids) + p status_code # => 2xx + p headers # => { ... } + p data # => +rescue Falcon::ApiError => e + puts "Error when calling ConfigurationAssessmentEvaluationLogicApi->get_evaluation_logic_mixin0_with_http_info: #{e}" +end +``` + +### Parameters + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **ids** | [**Array<String>**](String.md) | One or more evaluation logic finding IDs. | | + +### Return type + +[**DomainAPIEvaluationLogicEntitiesResponseV1**](DomainAPIEvaluationLogicEntitiesResponseV1.md) + +### Authorization + +**oauth2** + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/json + diff --git a/docs/CspmRegistrationApi.md b/docs/CspmRegistrationApi.md index 58eae877..0f1c5d02 100644 --- a/docs/CspmRegistrationApi.md +++ b/docs/CspmRegistrationApi.md @@ -580,7 +580,8 @@ opts = { filter: 'filter_example', # String | use_current_scan_ids - *use this to get records for latest scans* account_name account_id agent_id attack_types azure_subscription_id cloud_provider cloud_service_keyword custom_policy_id is_managed policy_id policy_type resource_id region status scan_time severity severity_string sort: 'sort_example', # String | account_name account_id attack_types azure_subscription_id cloud_provider cloud_service_keyword status is_managed policy_id policy_type resource_id region scan_time severity severity_string timestamp limit: 56, # Integer | The max number of detections to return - offset: 56 # Integer | Offset returned detections + offset: 56, # Integer | Offset returned detections. Cannot be combined with next_token filter + next_token: 'next_token_example' # String | String to get next page of results. Cannot be combined with any filter except limit. } begin @@ -617,7 +618,8 @@ end | **filter** | **String** | use_current_scan_ids - *use this to get records for latest scans* account_name account_id agent_id attack_types azure_subscription_id cloud_provider cloud_service_keyword custom_policy_id is_managed policy_id policy_type resource_id region status scan_time severity severity_string | [optional] | | **sort** | **String** | account_name account_id attack_types azure_subscription_id cloud_provider cloud_service_keyword status is_managed policy_id policy_type resource_id region scan_time severity severity_string timestamp | [optional][default to 'timestamp|desc'] | | **limit** | **Integer** | The max number of detections to return | [optional][default to 500] | -| **offset** | **Integer** | Offset returned detections | [optional] | +| **offset** | **Integer** | Offset returned detections. Cannot be combined with next_token filter | [optional] | +| **next_token** | **String** | String to get next page of results. Cannot be combined with any filter except limit. | [optional] | ### Return type diff --git a/docs/CustomIoaApi.md b/docs/CustomIoaApi.md index dad531ff..5bb614a1 100644 --- a/docs/CustomIoaApi.md +++ b/docs/CustomIoaApi.md @@ -13,13 +13,13 @@ All URIs are relative to *https://api.crowdstrike.com* | [**get_rule_groups_mixin0**](CustomIoaApi.md#get_rule_groups_mixin0) | **GET** /ioarules/entities/rule-groups/v1 | Get rule groups by ID. | | [**get_rule_types**](CustomIoaApi.md#get_rule_types) | **GET** /ioarules/entities/rule-types/v1 | Get rule types by ID. | | [**get_rules_get**](CustomIoaApi.md#get_rules_get) | **POST** /ioarules/entities/rules/GET/v1 | Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. | -| [**get_rules_mixin0_mixin65**](CustomIoaApi.md#get_rules_mixin0_mixin65) | **GET** /ioarules/entities/rules/v1 | Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size. | +| [**get_rules_mixin0**](CustomIoaApi.md#get_rules_mixin0) | **GET** /ioarules/entities/rules/v1 | Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size. | | [**query_patterns**](CustomIoaApi.md#query_patterns) | **GET** /ioarules/queries/pattern-severities/v1 | Get all pattern severity IDs. | | [**query_platforms_mixin0**](CustomIoaApi.md#query_platforms_mixin0) | **GET** /ioarules/queries/platforms/v1 | Get all platform IDs. | | [**query_rule_groups_full**](CustomIoaApi.md#query_rule_groups_full) | **GET** /ioarules/queries/rule-groups-full/v1 | Find all rule groups matching the query with optional filter. | | [**query_rule_groups_mixin0**](CustomIoaApi.md#query_rule_groups_mixin0) | **GET** /ioarules/queries/rule-groups/v1 | Finds all rule group IDs matching the query with optional filter. | | [**query_rule_types**](CustomIoaApi.md#query_rule_types) | **GET** /ioarules/queries/rule-types/v1 | Get all rule type IDs. | -| [**query_rules_mixin0_mixin65**](CustomIoaApi.md#query_rules_mixin0_mixin65) | **GET** /ioarules/queries/rules/v1 | Finds all rule IDs matching the query with optional filter. | +| [**query_rules_mixin0**](CustomIoaApi.md#query_rules_mixin0) | **GET** /ioarules/queries/rules/v1 | Finds all rule IDs matching the query with optional filter. | | [**update_rule_group_mixin0**](CustomIoaApi.md#update_rule_group_mixin0) | **PATCH** /ioarules/entities/rule-groups/v1 | Update a rule group. The following properties can be modified: name, description, enabled. | | [**update_rules**](CustomIoaApi.md#update_rules) | **PATCH** /ioarules/entities/rules/v1 | Update rules within a rule group. Return the updated rules. | | [**validate**](CustomIoaApi.md#validate) | **POST** /ioarules/entities/rules/validate/v1 | Validates field values and checks for matches if a test string is provided. | @@ -656,9 +656,9 @@ end - **Accept**: application/json -## get_rules_mixin0_mixin65 +## get_rules_mixin0 -> get_rules_mixin0_mixin65(ids) +> get_rules_mixin0(ids) Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size. @@ -680,28 +680,28 @@ ids = ['inner_example'] # Array | The IDs of the entities begin # Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size. - result = api_instance.get_rules_mixin0_mixin65(ids) + result = api_instance.get_rules_mixin0(ids) p result rescue Falcon::ApiError => e - puts "Error when calling CustomIoaApi->get_rules_mixin0_mixin65: #{e}" + puts "Error when calling CustomIoaApi->get_rules_mixin0: #{e}" end ``` -#### Using the get_rules_mixin0_mixin65_with_http_info variant +#### Using the get_rules_mixin0_with_http_info variant This returns an Array which contains the response data, status code and headers. -> , Integer, Hash)> get_rules_mixin0_mixin65_with_http_info(ids) +> , Integer, Hash)> get_rules_mixin0_with_http_info(ids) ```ruby begin # Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size. - data, status_code, headers = api_instance.get_rules_mixin0_mixin65_with_http_info(ids) + data, status_code, headers = api_instance.get_rules_mixin0_with_http_info(ids) p status_code # => 2xx p headers # => { ... } p data # => rescue Falcon::ApiError => e - puts "Error when calling CustomIoaApi->get_rules_mixin0_mixin65_with_http_info: #{e}" + puts "Error when calling CustomIoaApi->get_rules_mixin0_with_http_info: #{e}" end ``` @@ -892,7 +892,7 @@ end api_instance = Falcon::CustomIoaApi.new opts = { - sort: 'created_by', # String | Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled} + sort: 'created_by', # String | Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on} filter: 'filter_example', # String | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. q: 'q_example', # String | Match query criteria, which includes all the filter string fields offset: 'offset_example', # String | Starting index of overall result set from which to return IDs @@ -930,7 +930,7 @@ end | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **sort** | **String** | Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled} | [optional] | +| **sort** | **String** | Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on} | [optional] | | **filter** | **String** | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | [optional] | | **q** | **String** | Match query criteria, which includes all the filter string fields | [optional] | | **offset** | **String** | Starting index of overall result set from which to return IDs | [optional] | @@ -971,7 +971,7 @@ end api_instance = Falcon::CustomIoaApi.new opts = { - sort: 'created_by', # String | Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled} + sort: 'created_by', # String | Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on} filter: 'filter_example', # String | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. q: 'q_example', # String | Match query criteria, which includes all the filter string fields offset: 'offset_example', # String | Starting index of overall result set from which to return IDs @@ -1009,7 +1009,7 @@ end | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **sort** | **String** | Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled} | [optional] | +| **sort** | **String** | Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on} | [optional] | | **filter** | **String** | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | [optional] | | **q** | **String** | Match query criteria, which includes all the filter string fields | [optional] | | **offset** | **String** | Starting index of overall result set from which to return IDs | [optional] | @@ -1102,9 +1102,9 @@ end - **Accept**: application/json -## query_rules_mixin0_mixin65 +## query_rules_mixin0 -> query_rules_mixin0_mixin65(opts) +> query_rules_mixin0(opts) Finds all rule IDs matching the query with optional filter. @@ -1123,7 +1123,7 @@ end api_instance = Falcon::CustomIoaApi.new opts = { - sort: 'rules.created_by', # String | Possible order by fields: {rules.enabled, rules.created_by, rules.current_version.modified_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.ruletype_name, rules.created_on, rules.current_version.name} + sort: 'rules.created_by', # String | Possible order by fields: {rules.created_on, rules.current_version.name, rules.current_version.modified_by, rules.ruletype_name, rules.created_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.enabled} filter: 'filter_example', # String | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. q: 'q_example', # String | Match query criteria, which includes all the filter string fields offset: 'offset_example', # String | Starting index of overall result set from which to return IDs @@ -1132,28 +1132,28 @@ opts = { begin # Finds all rule IDs matching the query with optional filter. - result = api_instance.query_rules_mixin0_mixin65(opts) + result = api_instance.query_rules_mixin0(opts) p result rescue Falcon::ApiError => e - puts "Error when calling CustomIoaApi->query_rules_mixin0_mixin65: #{e}" + puts "Error when calling CustomIoaApi->query_rules_mixin0: #{e}" end ``` -#### Using the query_rules_mixin0_mixin65_with_http_info variant +#### Using the query_rules_mixin0_with_http_info variant This returns an Array which contains the response data, status code and headers. -> , Integer, Hash)> query_rules_mixin0_mixin65_with_http_info(opts) +> , Integer, Hash)> query_rules_mixin0_with_http_info(opts) ```ruby begin # Finds all rule IDs matching the query with optional filter. - data, status_code, headers = api_instance.query_rules_mixin0_mixin65_with_http_info(opts) + data, status_code, headers = api_instance.query_rules_mixin0_with_http_info(opts) p status_code # => 2xx p headers # => { ... } p data # => rescue Falcon::ApiError => e - puts "Error when calling CustomIoaApi->query_rules_mixin0_mixin65_with_http_info: #{e}" + puts "Error when calling CustomIoaApi->query_rules_mixin0_with_http_info: #{e}" end ``` @@ -1161,7 +1161,7 @@ end | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **sort** | **String** | Possible order by fields: {rules.enabled, rules.created_by, rules.current_version.modified_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.ruletype_name, rules.created_on, rules.current_version.name} | [optional] | +| **sort** | **String** | Possible order by fields: {rules.created_on, rules.current_version.name, rules.current_version.modified_by, rules.ruletype_name, rules.created_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.enabled} | [optional] | | **filter** | **String** | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | [optional] | | **q** | **String** | Match query criteria, which includes all the filter string fields | [optional] | | **offset** | **String** | Starting index of overall result set from which to return IDs | [optional] | diff --git a/docs/DetectsAlert.md b/docs/DetectsAlert.md index b85cbe61..c2e1d755 100644 --- a/docs/DetectsAlert.md +++ b/docs/DetectsAlert.md @@ -13,7 +13,6 @@ | **composite_id** | **String** | | [optional] | | **confidence** | **Integer** | | [optional] | | **crawl_edge_ids** | **Hash<String, Array<String>>** | | [optional] | -| **crawl_traversal** | [**Array<ThreatgraphCrawlEdgesRequest>**](ThreatgraphCrawlEdgesRequest.md) | | [optional] | | **crawl_vertex_ids** | **Hash<String, Array<String>>** | | [optional] | | **crawled_timestamp** | **Time** | | [optional] | | **created_timestamp** | **Time** | | [optional] | @@ -55,7 +54,6 @@ instance = Falcon::DetectsAlert.new( composite_id: null, confidence: null, crawl_edge_ids: null, - crawl_traversal: null, crawl_vertex_ids: null, crawled_timestamp: null, created_timestamp: null, diff --git a/docs/DeviceControlExceptionReqV1.md b/docs/DeviceControlExceptionReqV1.md index c74c92c5..a28f79f5 100644 --- a/docs/DeviceControlExceptionReqV1.md +++ b/docs/DeviceControlExceptionReqV1.md @@ -13,6 +13,7 @@ | **product_id_decimal** | **String** | | [optional] | | **product_name** | **String** | | [optional] | | **serial_number** | **String** | | [optional] | +| **use_wildcard** | **Boolean** | true indicates using blob syntax USB serial numbers | [optional] | | **vendor_id** | **String** | Hexadecimal VendorID used to apply the exception | [optional] | | **vendor_id_decimal** | **String** | Hexadecimal VendorID used to apply the exception | [optional] | | **vendor_name** | **String** | Vendor Name, optional | [optional] | @@ -32,6 +33,7 @@ instance = Falcon::DeviceControlExceptionReqV1.new( product_id_decimal: null, product_name: null, serial_number: null, + use_wildcard: null, vendor_id: null, vendor_id_decimal: null, vendor_name: null diff --git a/docs/DiscoverApi.md b/docs/DiscoverApi.md index 37e812a2..693b0c7b 100644 --- a/docs/DiscoverApi.md +++ b/docs/DiscoverApi.md @@ -9,10 +9,6 @@ All URIs are relative to *https://api.crowdstrike.com* | [**get_hosts**](DiscoverApi.md#get_hosts) | **GET** /discover/entities/hosts/v1 | Get details on assets by providing one or more IDs. | | [**get_logins**](DiscoverApi.md#get_logins) | **GET** /discover/entities/logins/v1 | Get details on logins by providing one or more IDs. | | [**query_accounts**](DiscoverApi.md#query_accounts) | **GET** /discover/queries/accounts/v1 | Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of account IDs which match the filter criteria. | -| [**query_active_discovery_networks**](DiscoverApi.md#query_active_discovery_networks) | **GET** /discover/queries/active-discovery-networks/v1 | Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria. | -| [**query_active_discovery_rules**](DiscoverApi.md#query_active_discovery_rules) | **GET** /discover/queries/active-discovery-rules/v1 | Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria. | -| [**query_active_discovery_scanners**](DiscoverApi.md#query_active_discovery_scanners) | **GET** /discover/queries/active-discovery-scanners/v1 | Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria. | -| [**query_active_discovery_scans**](DiscoverApi.md#query_active_discovery_scans) | **GET** /discover/queries/active-discovery-scans/v1 | Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria. | | [**query_applications**](DiscoverApi.md#query_applications) | **GET** /discover/queries/applications/v1 | Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria. | | [**query_hosts**](DiscoverApi.md#query_hosts) | **GET** /discover/queries/hosts/v1 | Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria. | | [**query_logins**](DiscoverApi.md#query_logins) | **GET** /discover/queries/logins/v1 | Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of login IDs which match the filter criteria. | @@ -318,7 +314,7 @@ opts = { offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. limit: 56, # Integer | The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. sort: 'sort_example', # String | Sort accounts by their properties. A single sort field is allowed. Common sort options include:
  • username|asc
  • last_failed_login_timestamp|desc
- filter: 'filter_example' # String | Filter accounts using an FQL query. Common filter options include:
  • account_type:'Local'
  • admin_privileges:'Yes'
  • first_seen_timestamp:<'now-7d'
  • last_successful_login_type:'Terminal server'
+ filter: 'filter_example' # String | Filter accounts using an FQL query. Common filter options include:
  • account_type:'Local'
  • admin_privileges:'Yes'
  • first_seen_timestamp:<'now-7d'
  • last_successful_login_type:'Terminal server'
Available filter fields that support exact match: id, cid, user_sid, account_name, username, account_type, admin_privileges, first_seen_timestamp, last_successful_login_type, last_successful_login_timestamp, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_timestamp, last_failed_login_hostname, password_last_set_timestamp, local_admin_privileges Available filter fields that supports wildcard (*): id, cid, user_sid, account_name, username, account_type, admin_privileges, last_successful_login_type, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_hostname, local_admin_privileges Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_successful_login_timestamp,last_failed_login_timestamp, password_last_set_timestamp All filter fields and operations supports negation (!). } begin @@ -355,7 +351,7 @@ end | **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] | | **limit** | **Integer** | The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. | [optional] | | **sort** | **String** | Sort accounts by their properties. A single sort field is allowed. Common sort options include: <ul><li>username|asc</li><li>last_failed_login_timestamp|desc</li></ul> | [optional] | -| **filter** | **String** | Filter accounts using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul> | [optional] | +| **filter** | **String** | Filter accounts using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul> Available filter fields that support exact match: id, cid, user_sid, account_name, username, account_type, admin_privileges, first_seen_timestamp, last_successful_login_type, last_successful_login_timestamp, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_timestamp, last_failed_login_hostname, password_last_set_timestamp, local_admin_privileges Available filter fields that supports wildcard (*): id, cid, user_sid, account_name, username, account_type, admin_privileges, last_successful_login_type, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_hostname, local_admin_privileges Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_successful_login_timestamp,last_failed_login_timestamp, password_last_set_timestamp All filter fields and operations supports negation (!). | [optional] | ### Return type @@ -371,322 +367,6 @@ end - **Accept**: application/json -## query_active_discovery_networks - -> query_active_discovery_networks(opts) - -Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria. - -### Examples - -```ruby -require 'time' -require 'crimson-falcon' - -# Setup authorization -Falcon.configure do |config| - config.client_id = "Your_Client_ID" - config.client_secret = "Your_Client_Secret" - config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" -end - -api_instance = Falcon::DiscoverApi.new -opts = { - x_cs_useruuid: 'x_cs_useruuid_example', # String | User UUID - offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. - limit: 56, # Integer | The number of active discovery network ids to return in this response (Min: 1, Max: 100, Default: 100). - sort: 'sort_example', # String | Sort active discovery networks by their properties. A single sort field is allowed. - filter: 'filter_example' # String | Search for active discovery networks in your environment by providing an FQL filter. -} - -begin - # Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria. - result = api_instance.query_active_discovery_networks(opts) - p result -rescue Falcon::ApiError => e - puts "Error when calling DiscoverApi->query_active_discovery_networks: #{e}" -end -``` - -#### Using the query_active_discovery_networks_with_http_info variant - -This returns an Array which contains the response data, status code and headers. - -> , Integer, Hash)> query_active_discovery_networks_with_http_info(opts) - -```ruby -begin - # Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria. - data, status_code, headers = api_instance.query_active_discovery_networks_with_http_info(opts) - p status_code # => 2xx - p headers # => { ... } - p data # => -rescue Falcon::ApiError => e - puts "Error when calling DiscoverApi->query_active_discovery_networks_with_http_info: #{e}" -end -``` - -### Parameters - -| Name | Type | Description | Notes | -| ---- | ---- | ----------- | ----- | -| **x_cs_useruuid** | **String** | User UUID | [optional] | -| **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] | -| **limit** | **Integer** | The number of active discovery network ids to return in this response (Min: 1, Max: 100, Default: 100). | [optional] | -| **sort** | **String** | Sort active discovery networks by their properties. A single sort field is allowed. | [optional] | -| **filter** | **String** | Search for active discovery networks in your environment by providing an FQL filter. | [optional] | - -### Return type - -[**MsaspecQueryResponse**](MsaspecQueryResponse.md) - -### Authorization - -**oauth2** - -### HTTP request headers - -- **Content-Type**: Not defined -- **Accept**: application/json - - -## query_active_discovery_rules - -> query_active_discovery_rules(opts) - -Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria. - -### Examples - -```ruby -require 'time' -require 'crimson-falcon' - -# Setup authorization -Falcon.configure do |config| - config.client_id = "Your_Client_ID" - config.client_secret = "Your_Client_Secret" - config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" -end - -api_instance = Falcon::DiscoverApi.new -opts = { - x_cs_useruuid: 'x_cs_useruuid_example', # String | User UUID - offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. - limit: 56, # Integer | The number of active discovery rule ids to return in this response (Min: 1, Max: 100, Default: 100). - sort: 'sort_example', # String | Sort active discovery rules by their properties. A single sort field is allowed. - filter: 'filter_example' # String | Search for active discovery rules in your environment by providing an FQL filter. -} - -begin - # Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria. - result = api_instance.query_active_discovery_rules(opts) - p result -rescue Falcon::ApiError => e - puts "Error when calling DiscoverApi->query_active_discovery_rules: #{e}" -end -``` - -#### Using the query_active_discovery_rules_with_http_info variant - -This returns an Array which contains the response data, status code and headers. - -> , Integer, Hash)> query_active_discovery_rules_with_http_info(opts) - -```ruby -begin - # Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria. - data, status_code, headers = api_instance.query_active_discovery_rules_with_http_info(opts) - p status_code # => 2xx - p headers # => { ... } - p data # => -rescue Falcon::ApiError => e - puts "Error when calling DiscoverApi->query_active_discovery_rules_with_http_info: #{e}" -end -``` - -### Parameters - -| Name | Type | Description | Notes | -| ---- | ---- | ----------- | ----- | -| **x_cs_useruuid** | **String** | User UUID | [optional] | -| **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] | -| **limit** | **Integer** | The number of active discovery rule ids to return in this response (Min: 1, Max: 100, Default: 100). | [optional] | -| **sort** | **String** | Sort active discovery rules by their properties. A single sort field is allowed. | [optional] | -| **filter** | **String** | Search for active discovery rules in your environment by providing an FQL filter. | [optional] | - -### Return type - -[**MsaspecQueryResponse**](MsaspecQueryResponse.md) - -### Authorization - -**oauth2** - -### HTTP request headers - -- **Content-Type**: Not defined -- **Accept**: application/json - - -## query_active_discovery_scanners - -> query_active_discovery_scanners(opts) - -Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria. - -### Examples - -```ruby -require 'time' -require 'crimson-falcon' - -# Setup authorization -Falcon.configure do |config| - config.client_id = "Your_Client_ID" - config.client_secret = "Your_Client_Secret" - config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" -end - -api_instance = Falcon::DiscoverApi.new -opts = { - x_cs_useruuid: 'x_cs_useruuid_example', # String | User UUID - offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. - limit: 56, # Integer | The number of active discovery scanner ids to return in this response (Min: 1, Max: 100, Default: 100). - sort: 'sort_example', # String | Sort active discovery scanners by their properties. A single sort field is allowed. - filter: 'filter_example' # String | Search for active discovery scanners in your environment by providing an FQL filter. -} - -begin - # Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria. - result = api_instance.query_active_discovery_scanners(opts) - p result -rescue Falcon::ApiError => e - puts "Error when calling DiscoverApi->query_active_discovery_scanners: #{e}" -end -``` - -#### Using the query_active_discovery_scanners_with_http_info variant - -This returns an Array which contains the response data, status code and headers. - -> , Integer, Hash)> query_active_discovery_scanners_with_http_info(opts) - -```ruby -begin - # Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria. - data, status_code, headers = api_instance.query_active_discovery_scanners_with_http_info(opts) - p status_code # => 2xx - p headers # => { ... } - p data # => -rescue Falcon::ApiError => e - puts "Error when calling DiscoverApi->query_active_discovery_scanners_with_http_info: #{e}" -end -``` - -### Parameters - -| Name | Type | Description | Notes | -| ---- | ---- | ----------- | ----- | -| **x_cs_useruuid** | **String** | User UUID | [optional] | -| **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] | -| **limit** | **Integer** | The number of active discovery scanner ids to return in this response (Min: 1, Max: 100, Default: 100). | [optional] | -| **sort** | **String** | Sort active discovery scanners by their properties. A single sort field is allowed. | [optional] | -| **filter** | **String** | Search for active discovery scanners in your environment by providing an FQL filter. | [optional] | - -### Return type - -[**MsaspecQueryResponse**](MsaspecQueryResponse.md) - -### Authorization - -**oauth2** - -### HTTP request headers - -- **Content-Type**: Not defined -- **Accept**: application/json - - -## query_active_discovery_scans - -> query_active_discovery_scans(opts) - -Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria. - -### Examples - -```ruby -require 'time' -require 'crimson-falcon' - -# Setup authorization -Falcon.configure do |config| - config.client_id = "Your_Client_ID" - config.client_secret = "Your_Client_Secret" - config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" -end - -api_instance = Falcon::DiscoverApi.new -opts = { - x_cs_useruuid: 'x_cs_useruuid_example', # String | User UUID - offset: 56, # Integer | The index of the starting resource. - limit: 56, # Integer | The number of active discovery scan ids to return in this response (Min: 1, Max: 100, Default: 100). - sort: 'sort_example', # String | Sort active discovery scans by their properties. A single sort field is allowed. - filter: 'filter_example' # String | Search for active discovery scans in your environment by providing an FQL filter. -} - -begin - # Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria. - result = api_instance.query_active_discovery_scans(opts) - p result -rescue Falcon::ApiError => e - puts "Error when calling DiscoverApi->query_active_discovery_scans: #{e}" -end -``` - -#### Using the query_active_discovery_scans_with_http_info variant - -This returns an Array which contains the response data, status code and headers. - -> , Integer, Hash)> query_active_discovery_scans_with_http_info(opts) - -```ruby -begin - # Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria. - data, status_code, headers = api_instance.query_active_discovery_scans_with_http_info(opts) - p status_code # => 2xx - p headers # => { ... } - p data # => -rescue Falcon::ApiError => e - puts "Error when calling DiscoverApi->query_active_discovery_scans_with_http_info: #{e}" -end -``` - -### Parameters - -| Name | Type | Description | Notes | -| ---- | ---- | ----------- | ----- | -| **x_cs_useruuid** | **String** | User UUID | [optional] | -| **offset** | **Integer** | The index of the starting resource. | [optional] | -| **limit** | **Integer** | The number of active discovery scan ids to return in this response (Min: 1, Max: 100, Default: 100). | [optional] | -| **sort** | **String** | Sort active discovery scans by their properties. A single sort field is allowed. | [optional] | -| **filter** | **String** | Search for active discovery scans in your environment by providing an FQL filter. | [optional] | - -### Return type - -[**MsaspecQueryResponse**](MsaspecQueryResponse.md) - -### Authorization - -**oauth2** - -### HTTP request headers - -- **Content-Type**: Not defined -- **Accept**: application/json - - ## query_applications > query_applications(opts) @@ -711,7 +391,7 @@ opts = { offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. limit: 56, # Integer | The number of application ids to return in this response (Min: 1, Max: 100, Default: 100). sort: 'sort_example', # String | Sort applications by their properties. A single sort field is allowed. - filter: 'filter_example' # String | Search for applications in your environment by providing an FQL filter. + filter: 'filter_example' # String | Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!). } begin @@ -748,7 +428,7 @@ end | **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] | | **limit** | **Integer** | The number of application ids to return in this response (Min: 1, Max: 100, Default: 100). | [optional] | | **sort** | **String** | Sort applications by their properties. A single sort field is allowed. | [optional] | -| **filter** | **String** | Search for applications in your environment by providing an FQL filter. | [optional] | +| **filter** | **String** | Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!). | [optional] | ### Return type @@ -788,7 +468,7 @@ opts = { offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. limit: 56, # Integer | The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. sort: 'sort_example', # String | Sort assets by their properties. A single sort field is allowed. Common sort options include:
  • hostname|asc
  • product_type_desc|desc
- filter: 'filter_example' # String | Filter assets using an FQL query. Common filter options include:
  • entity_type:'managed'
  • product_type_desc:'Workstation'
  • platform_name:'Windows'
  • last_seen_timestamp:>'now-7d'
+ filter: 'filter_example' # String | Filter assets using an FQL query. Common filter options include:
  • entity_type:'managed'
  • product_type_desc:'Workstation'
  • platform_name:'Windows'
  • last_seen_timestamp:>'now-7d'
Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp All filter fields and operations supports negation (!). } begin @@ -825,7 +505,7 @@ end | **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] | | **limit** | **Integer** | The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. | [optional] | | **sort** | **String** | Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul> | [optional] | -| **filter** | **String** | Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> | [optional] | +| **filter** | **String** | Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp All filter fields and operations supports negation (!). | [optional] | ### Return type @@ -865,7 +545,7 @@ opts = { offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. limit: 56, # Integer | The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. sort: 'sort_example', # String | Sort logins by their properties. A single sort field is allowed. Common sort options include:
  • account_name|asc
  • login_timestamp|desc
- filter: 'filter_example' # String | Filter logins using an FQL query. Common filter options include:
  • account_type:'Local'
  • login_type:'Interactive'
  • first_seen_timestamp:<'now-7d'
  • admin_privileges:'No'
+ filter: 'filter_example' # String | Filter logins using an FQL query. Common filter options include:
  • account_type:'Local'
  • login_type:'Interactive'
  • first_seen_timestamp:<'now-7d'
  • admin_privileges:'No'
Available filter fields that support exact match: id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_timestamp, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, is_suspicious, failure_description, login_event_count, aggregation_time_interval Available filter fields that supports wildcard (*): id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, failure_description, aggregation_time_interval Available filter fields that supports range comparisons (>, <, >=, <=): login_timestamp, login_event_count All filter fields and operations supports negation (!). } begin @@ -902,7 +582,7 @@ end | **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] | | **limit** | **Integer** | The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. | [optional] | | **sort** | **String** | Sort logins by their properties. A single sort field is allowed. Common sort options include: <ul><li>account_name|asc</li><li>login_timestamp|desc</li></ul> | [optional] | -| **filter** | **String** | Filter logins using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul> | [optional] | +| **filter** | **String** | Filter logins using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul> Available filter fields that support exact match: id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_timestamp, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, is_suspicious, failure_description, login_event_count, aggregation_time_interval Available filter fields that supports wildcard (*): id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, failure_description, aggregation_time_interval Available filter fields that supports range comparisons (>, <, >=, <=): login_timestamp, login_event_count All filter fields and operations supports negation (!). | [optional] | ### Return type diff --git a/docs/DiscoverIotApi.md b/docs/DiscoverIotApi.md index 909779f2..5caff4fc 100644 --- a/docs/DiscoverIotApi.md +++ b/docs/DiscoverIotApi.md @@ -101,7 +101,7 @@ opts = { offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. limit: 56, # Integer | The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. sort: 'sort_example', # String | Sort assets by their properties. A single sort field is allowed. Common sort options include:
  • hostname|asc
  • product_type_desc|desc
- filter: 'filter_example' # String | Filter assets using an FQL query. Common filter options include:
  • entity_type:'managed'
  • product_type_desc:'Workstation'
  • platform_name:'Windows'
  • last_seen_timestamp:>'now-7d'
+ filter: 'filter_example' # String | Filter assets using an FQL query. Common filter options include:
  • entity_type:'managed'
  • product_type_desc:'Workstation'
  • platform_name:'Windows'
  • last_seen_timestamp:>'now-7d'
Available filter fields that support exact match: device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, physical_connections_count, data_providers Available filter fields that supports wildcard (*): device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, data_providers Available filter fields that supports range comparisons (>, <, >=, <=): physical_connections_count All filter fields and operations supports negation (!). } begin @@ -138,7 +138,7 @@ end | **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] | | **limit** | **Integer** | The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. | [optional] | | **sort** | **String** | Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul> | [optional] | -| **filter** | **String** | Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> | [optional] | +| **filter** | **String** | Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, physical_connections_count, data_providers Available filter fields that supports wildcard (*): device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, data_providers Available filter fields that supports range comparisons (>, <, >=, <=): physical_connections_count All filter fields and operations supports negation (!). | [optional] | ### Return type diff --git a/docs/DomainAPIEntityMatchedV1.md b/docs/DomainAPIEntityMatchedV1.md new file mode 100644 index 00000000..57ad84aa --- /dev/null +++ b/docs/DomainAPIEntityMatchedV1.md @@ -0,0 +1,22 @@ +# Falcon::DomainAPIEntityMatchedV1 + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **asset_id** | **String** | | [optional] | +| **data_provider** | **String** | | [optional] | +| **provider_asset_id** | **String** | | [optional] | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::DomainAPIEntityMatchedV1.new( + asset_id: null, + data_provider: null, + provider_asset_id: null +) +``` + diff --git a/docs/DomainAPIEvaluationLogicEntitiesResponseV1.md b/docs/DomainAPIEvaluationLogicEntitiesResponseV1.md new file mode 100644 index 00000000..35f02bf3 --- /dev/null +++ b/docs/DomainAPIEvaluationLogicEntitiesResponseV1.md @@ -0,0 +1,22 @@ +# Falcon::DomainAPIEvaluationLogicEntitiesResponseV1 + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | [optional] | +| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | | +| **resources** | [**Array<DomainAPIEvaluationLogicV1>**](DomainAPIEvaluationLogicV1.md) | | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::DomainAPIEvaluationLogicEntitiesResponseV1.new( + errors: null, + meta: null, + resources: null +) +``` + diff --git a/docs/DomainAPIEvaluationLogicHostInfoV1.md b/docs/DomainAPIEvaluationLogicHostInfoV1.md new file mode 100644 index 00000000..7b1e1fbe --- /dev/null +++ b/docs/DomainAPIEvaluationLogicHostInfoV1.md @@ -0,0 +1,18 @@ +# Falcon::DomainAPIEvaluationLogicHostInfoV1 + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **entities_matched** | [**Array<DomainAPIEntityMatchedV1>**](DomainAPIEntityMatchedV1.md) | Refers to all the entities that were matched together during entity resolution process | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::DomainAPIEvaluationLogicHostInfoV1.new( + entities_matched: null +) +``` + diff --git a/docs/DomainAPIEvaluationLogicV1.md b/docs/DomainAPIEvaluationLogicV1.md index 04e20e8b..f98a5dc8 100644 --- a/docs/DomainAPIEvaluationLogicV1.md +++ b/docs/DomainAPIEvaluationLogicV1.md @@ -4,13 +4,15 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **aid** | **String** | | [optional] | -| **cid** | **String** | | [optional] | -| **created_timestamp** | **String** | | [optional] | -| **data_provider** | **String** | | [optional] | -| **id** | **String** | | | -| **logic** | [**Array<DomainAPIEvaluationLogicItemV1>**](DomainAPIEvaluationLogicItemV1.md) | | [optional] | -| **updated_timestamp** | **String** | | [optional] | +| **aid** | **String** | Refers to an asset identifier | [optional] | +| **cid** | **String** | Refers to a customer identifier | [optional] | +| **created_timestamp** | **String** | Refers to a point in time when evaluation logic data was created in the system | [optional] | +| **data_provider** | **String** | Refers to a label given to the entity that provided this data | [optional] | +| **host_info** | [**DomainAPIEvaluationLogicHostInfoV1**](DomainAPIEvaluationLogicHostInfoV1.md) | | [optional] | +| **id** | **String** | Contains a unique identifier for the evaluation logic | | +| **logic** | [**Array<DomainAPIEvaluationLogicItemV1>**](DomainAPIEvaluationLogicItemV1.md) | Refers to the actual evaluation logic data | [optional] | +| **scanner_id** | **String** | Refers to the identifier of the scanner that generated the evaluation logic | [optional] | +| **updated_timestamp** | **String** | Refers to a point in time when evaluation logic data was updated in the system | [optional] | ## Example @@ -22,8 +24,10 @@ instance = Falcon::DomainAPIEvaluationLogicV1.new( cid: null, created_timestamp: null, data_provider: null, + host_info: null, id: null, logic: null, + scanner_id: null, updated_timestamp: null ) ``` diff --git a/docs/DomainAPIFindingFacetV1.md b/docs/DomainAPIFindingFacetV1.md index 18318667..0feab7ee 100644 --- a/docs/DomainAPIFindingFacetV1.md +++ b/docs/DomainAPIFindingFacetV1.md @@ -10,6 +10,7 @@ | **finding** | [**DomainAPIFindingWithRuleV1**](DomainAPIFindingWithRuleV1.md) | | | | **host** | [**DomainAPIHostInfoFacetV1**](DomainAPIHostInfoFacetV1.md) | | [optional] | | **id** | **String** | | | +| **logic** | [**Array<DomainAPIEvaluationLogicItemV1>**](DomainAPIEvaluationLogicItemV1.md) | | [optional] | | **updated_timestamp** | **String** | | | ## Example @@ -24,6 +25,7 @@ instance = Falcon::DomainAPIFindingFacetV1.new( finding: null, host: null, id: null, + logic: null, updated_timestamp: null ) ``` diff --git a/docs/DomainAPIFindingWithRuleV1.md b/docs/DomainAPIFindingWithRuleV1.md index 09c236f0..005b8617 100644 --- a/docs/DomainAPIFindingWithRuleV1.md +++ b/docs/DomainAPIFindingWithRuleV1.md @@ -4,6 +4,7 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | +| **evaluation_logic_type** | **String** | Example values: NOT_AVAILABLE, AVAILABLE, DISABLE_RULE, UNSUPPORTED_RULE, OVERRIDE_STATUS | [optional] | | **evaluation_reason** | **String** | | [optional] | | **host_id** | **String** | | [optional] | | **rule** | [**DomainAPIFindingRuleV1**](DomainAPIFindingRuleV1.md) | | [optional] | @@ -16,6 +17,7 @@ require 'crimson-falcon' instance = Falcon::DomainAPIFindingWithRuleV1.new( + evaluation_logic_type: null, evaluation_reason: null, host_id: null, rule: null, diff --git a/docs/DomainAPIRemediationIDs.md b/docs/DomainAPIRemediationIDs.md index 618c0dbf..b7b94da1 100644 --- a/docs/DomainAPIRemediationIDs.md +++ b/docs/DomainAPIRemediationIDs.md @@ -4,7 +4,7 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **ids** | **Array<String>** | | [optional] | +| **ids** | **Array<String>** | Refers to a remediation unique identifier that points to remediation details addressing this vulnerability | [optional] | ## Example diff --git a/docs/DomainAPIRemediationV2.md b/docs/DomainAPIRemediationV2.md index 386b5e91..0f16b8f6 100644 --- a/docs/DomainAPIRemediationV2.md +++ b/docs/DomainAPIRemediationV2.md @@ -4,12 +4,12 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **action** | **String** | | | -| **id** | **String** | | | -| **link** | **String** | | | -| **reference** | **String** | | | -| **title** | **String** | | | -| **vendor_url** | **String** | | | +| **action** | **String** | Expanded description of the remediation | | +| **id** | **String** | Refers to an unique identifier for a given remediation | | +| **link** | **String** | Link to the remediation page for the vendor | | +| **reference** | **String** | Relevant reference for the remediation that can be used to get additional details for the remediation. For example, a KB number that needs to be installed for a KB_SECURITY_UPDATE | | +| **title** | **String** | Short description of the remediation | | +| **vendor_url** | **String** | Link to the vendor advisory - Note: This field is populated if there are extra steps that are required to complete the remediation | | ## Example diff --git a/docs/DomainAPIVulnerabilityCVECISAInfo.md b/docs/DomainAPIVulnerabilityCVECISAInfo.md index b7c2afa8..12601e17 100644 --- a/docs/DomainAPIVulnerabilityCVECISAInfo.md +++ b/docs/DomainAPIVulnerabilityCVECISAInfo.md @@ -4,8 +4,8 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **due_date** | **String** | | [optional] | -| **is_cisa_kev** | **Boolean** | | | +| **due_date** | **String** | Refers to the deadline or target date set by the Cybersecurity and Infrastructure Security Agency (CISA) for addressing or mitigating a Critical Infrastructure Security Advisory Key (CISAK) vulnerability | [optional] | +| **is_cisa_kev** | **Boolean** | Refers to the designation of a vulnerability as a Critical Infrastructure Security Advisory Key (CISAK) by the Cybersecurity and Infrastructure Security Agency (CISA), indicating its significance and potential impact on critical infrastructure systems and operations | | ## Example diff --git a/docs/DomainAPIVulnerabilityCVEDetailsFacetV2.md b/docs/DomainAPIVulnerabilityCVEDetailsFacetV2.md index 0b22f54f..30bd675e 100644 --- a/docs/DomainAPIVulnerabilityCVEDetailsFacetV2.md +++ b/docs/DomainAPIVulnerabilityCVEDetailsFacetV2.md @@ -4,23 +4,23 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **actors** | **Array<String>** | | [optional] | -| **base_score** | **Float** | | [optional] | +| **actors** | **Array<String>** | Contains a list of actors that are known for exploiting this vulnerability ot in the wild | [optional] | +| **base_score** | **Float** | The base score for a Common Vulnerability Enumeration (CVE) is a numerical value that represents the intrinsic severity and impact of a security vulnerability. | [optional] | | **cisa_info** | [**DomainAPIVulnerabilityCVECISAInfo**](DomainAPIVulnerabilityCVECISAInfo.md) | | [optional] | -| **description** | **String** | | [optional] | -| **exploit_status** | **Integer** | | [optional] | -| **exploitability_score** | **Float** | | [optional] | -| **exprt_rating** | **String** | | [optional] | +| **description** | **String** | Refers to description of the vulnerability | [optional] | +| **exploit_status** | **Integer** | Exploit status refers to the current state or availability of known exploits for a specific vulnerability, indicating whether there are known techniques or tools to leverage the vulnerability in an attack. | [optional] | +| **exploitability_score** | **Float** | Represents a numerical value that indicates the relative ease or difficulty for an attacker to exploit a vulnerability | [optional] | +| **exprt_rating** | **String** | Expert.AI score on the vulnerability | [optional] | | **id** | **String** | | | -| **impact_score** | **Float** | | [optional] | -| **name** | **String** | | [optional] | -| **published_date** | **String** | | [optional] | -| **references** | **Array<String>** | | [optional] | -| **remediation_level** | **String** | | [optional] | -| **severity** | **String** | | [optional] | -| **spotlight_published_date** | **String** | | [optional] | -| **vector** | **String** | | [optional] | -| **vendor_advisory** | **Array<String>** | | [optional] | +| **impact_score** | **Float** | Refers to a numerical value that represents the potential impact or severity of a vulnerability when it is successfully exploited | [optional] | +| **name** | **String** | Vulnerability name | [optional] | +| **published_date** | **String** | Refers to a point in time when the vulnerability has been disclosed | [optional] | +| **references** | **Array<String>** | Refers to one or more references with more details about the vulnerability | [optional] | +| **remediation_level** | **String** | Remediation level indicates the required effort to mitigate a security vulnerability, ranging from official fixes to unavailable remedies | [optional] | +| **severity** | **String** | Severity refers to the level of impact or potential harm caused by a security vulnerability. It is often assessed using metrics such as the CVSS base score, which takes into account factors such as exploitability, impact on confidentiality, integrity, and availability, and other relevant parameters to determine the severity level of a vulnerability. | [optional] | +| **spotlight_published_date** | **String** | Corresponds to a point in time when Spotlight offered support for detecting a specific vulnerability | [optional] | +| **vector** | **String** | Refers to the vector of attack or the specific method or path through which an attacker can exploit a vulnerability | [optional] | +| **vendor_advisory** | **Array<String>** | Refers to one or more URLs that points to vendor advisories | [optional] | ## Example diff --git a/docs/DomainAPIVulnerabilityDataProviderV1.md b/docs/DomainAPIVulnerabilityDataProviderV1.md new file mode 100644 index 00000000..3b1b6fe3 --- /dev/null +++ b/docs/DomainAPIVulnerabilityDataProviderV1.md @@ -0,0 +1,26 @@ +# Falcon::DomainAPIVulnerabilityDataProviderV1 + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **ports** | **Array<Integer>** | Ports that the vulnerability affects | [optional] | +| **provider** | **String** | Label for the provider | [optional] | +| **rating** | **String** | Rating provided by the vulnerability provider | [optional] | +| **scan_time** | **String** | Time when the detection occurred | [optional] | +| **scanner_id** | **String** | Scanner ID of the vulnerability provider | [optional] | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::DomainAPIVulnerabilityDataProviderV1.new( + ports: null, + provider: null, + rating: null, + scan_time: null, + scanner_id: null +) +``` + diff --git a/docs/DomainAPIVulnerabilityExtendedAppV2.md b/docs/DomainAPIVulnerabilityExtendedAppV2.md index 1eb88db5..d9faf2e3 100644 --- a/docs/DomainAPIVulnerabilityExtendedAppV2.md +++ b/docs/DomainAPIVulnerabilityExtendedAppV2.md @@ -7,7 +7,7 @@ | **evaluation_logic** | [**DomainAPIEvaluationLogicV1**](DomainAPIEvaluationLogicV1.md) | | [optional] | | **product_name_version** | **String** | | | | **remediation** | [**DomainAPIRemediationIDs**](DomainAPIRemediationIDs.md) | | [optional] | -| **sub_status** | **String** | | [optional] | +| **sub_status** | **String** | Contains vulnerability status for a particular product - can differentiate in cases where a vulnerability is detected for multiple products | [optional] | ## Example diff --git a/docs/DomainAPIVulnerabilityHostFacetV2.md b/docs/DomainAPIVulnerabilityHostFacetV2.md index ef43776f..e86e1cc8 100644 --- a/docs/DomainAPIVulnerabilityHostFacetV2.md +++ b/docs/DomainAPIVulnerabilityHostFacetV2.md @@ -4,25 +4,28 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **asset_criticality** | **String** | | [optional] | -| **asset_roles** | **Array<String>** | | [optional] | -| **groups** | [**Array<DomainAPIHostGroup>**](DomainAPIHostGroup.md) | | [optional] | -| **host_last_seen_timestamp** | **String** | | [optional] | -| **hostname** | **String** | | | -| **instance_id** | **String** | | [optional] | -| **internet_exposure** | **String** | | [optional] | -| **local_ip** | **String** | | | -| **machine_domain** | **String** | | | -| **os_build** | **String** | | [optional] | -| **os_version** | **String** | | | -| **ou** | **String** | | | -| **platform** | **String** | | [optional] | -| **product_type_desc** | **String** | | [optional] | -| **service_provider** | **String** | | [optional] | -| **service_provider_account_id** | **String** | | [optional] | -| **site_name** | **String** | | | -| **system_manufacturer** | **String** | | | -| **tags** | **Array<String>** | | [optional] | +| **asset_criticality** | **String** | Refers to how critical an asset has been evaluated to be | [optional] | +| **asset_roles** | **Array<String>** | Refers to one or more roles that have been assigned to the assets | [optional] | +| **entity_graph_id** | **String** | A unique identifier assigned by entity graph | [optional] | +| **groups** | [**Array<DomainAPIHostGroup>**](DomainAPIHostGroup.md) | Refers to a logic grouping of assets | [optional] | +| **host_last_seen_timestamp** | **String** | A timestamp corresponding to the last day when we detected activity coming from an asset | [optional] | +| **hostname** | **String** | Refers to the hostname used by the asset on which the vulnerability was detected | | +| **instance_id** | **String** | Refers to a unique identifier assigned to an asset | [optional] | +| **internet_exposure** | **String** | Refers to the level of exposure an asset has to the internet | [optional] | +| **local_ip** | **String** | Refers to the local IP used by the asset on which the vulnerability was detected | | +| **machine_domain** | **String** | The machine domain of an asset is the network identity within a network infrastructure | | +| **managed_by** | **String** | Name of the entity that is managing the asset | [optional] | +| **os_build** | **String** | Refers to the specific build or version number of an operating system, indicating a particular release or revision of the operating system | [optional] | +| **os_version** | **String** | Refers to the operating system version used by the asset on which the vulnerability was detected | | +| **ou** | **String** | Refers to the specific organizational grouping or container within an Active Directory (AD) or directory service where the host is located or categorized. | | +| **platform** | **String** | Refers to the name or designation of the specific software platform or operating system on which the asset is running | [optional] | +| **product_type_desc** | **String** | Refers to the descriptive label or category that identifies the type or edition of the operating system product installed on the asset | [optional] | +| **service_provider** | **String** | Refers to a company, organization, or entity that offers or provided this specific asset | [optional] | +| **service_provider_account_id** | **String** | Refers to the unique identifier associated with a service provider account, typically used in cloud computing or managed service environments | [optional] | +| **site_name** | **String** | Refers to the name or label assigned to the physical or logical location within a network infrastructure where the host is situated | | +| **system_manufacturer** | **String** | Refers to the company or organization that designed and produced the hardware system or device | | +| **tags** | **Array<String>** | Refers to a logical grouping of assets via tags | [optional] | +| **third_party_asset_ids** | **Array<String>** | zero or more unique identifiers assigned by third party entities which provided data for the asset | [optional] | ## Example @@ -32,6 +35,7 @@ require 'crimson-falcon' instance = Falcon::DomainAPIVulnerabilityHostFacetV2.new( asset_criticality: null, asset_roles: null, + entity_graph_id: null, groups: null, host_last_seen_timestamp: null, hostname: null, @@ -39,6 +43,7 @@ instance = Falcon::DomainAPIVulnerabilityHostFacetV2.new( internet_exposure: null, local_ip: null, machine_domain: null, + managed_by: null, os_build: null, os_version: null, ou: null, @@ -48,7 +53,8 @@ instance = Falcon::DomainAPIVulnerabilityHostFacetV2.new( service_provider_account_id: null, site_name: null, system_manufacturer: null, - tags: null + tags: null, + third_party_asset_ids: null ) ``` diff --git a/docs/DomainAPIVulnerabilityRemediationFacetV2.md b/docs/DomainAPIVulnerabilityRemediationFacetV2.md index 24b48be0..f7a55460 100644 --- a/docs/DomainAPIVulnerabilityRemediationFacetV2.md +++ b/docs/DomainAPIVulnerabilityRemediationFacetV2.md @@ -4,8 +4,8 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **entities** | [**Array<DomainAPIRemediationV2>**](DomainAPIRemediationV2.md) | | [optional] | -| **ids** | **Array<String>** | | [optional] | +| **entities** | [**Array<DomainAPIRemediationV2>**](DomainAPIRemediationV2.md) | Contains the actual remediation data | [optional] | +| **ids** | **Array<String>** | Refers to a remediation unique identifier that points to remediation details addressing this vulnerability | [optional] | ## Example diff --git a/docs/DomainAPIVulnerabilitySuppressionInfoV2.md b/docs/DomainAPIVulnerabilitySuppressionInfoV2.md index ca4a7afc..3b0cdc5b 100644 --- a/docs/DomainAPIVulnerabilitySuppressionInfoV2.md +++ b/docs/DomainAPIVulnerabilitySuppressionInfoV2.md @@ -4,8 +4,8 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **is_suppressed** | **Boolean** | | | -| **reason** | **String** | | [optional] | +| **is_suppressed** | **Boolean** | Indicates if a vulnerability has been suppressed or not | | +| **reason** | **String** | Indicates what is the rule ID for which a vulnerability has been suppressed | [optional] | ## Example diff --git a/docs/DomainAPIVulnerabilityV2.md b/docs/DomainAPIVulnerabilityV2.md index f47fcdd1..57668fbe 100644 --- a/docs/DomainAPIVulnerabilityV2.md +++ b/docs/DomainAPIVulnerabilityV2.md @@ -4,19 +4,23 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **aid** | **String** | | | +| **aid** | **String** | Asset ID for which the vulnerability has been detected. For managed assets it can correspond to the sensor ID, for unmanaged assets can be a stand alone ID | | | **app** | [**DomainAPIVulnerabilityAppV2**](DomainAPIVulnerabilityAppV2.md) | | [optional] | -| **apps** | [**Array<DomainAPIVulnerabilityExtendedAppV2>**](DomainAPIVulnerabilityExtendedAppV2.md) | | [optional] | -| **cid** | **String** | | | -| **closed_timestamp** | **String** | | [optional] | -| **created_timestamp** | **String** | | | +| **apps** | [**Array<DomainAPIVulnerabilityExtendedAppV2>**](DomainAPIVulnerabilityExtendedAppV2.md) | Provide details related to the products for which a the vulnerability has been detected | [optional] | +| **cid** | **String** | Contains the customer identifier associated with the asset for which the vulnerability has been detected | | +| **closed_timestamp** | **String** | A timestamp corresponding to the point in time when the vulnerability has no longer been detected (eg: it got fixed) | [optional] | +| **created_timestamp** | **String** | A timestamp corresponding to the point in time when the vulnerability has been created (detected) in our system | | | **cve** | [**DomainAPIVulnerabilityCVEDetailsFacetV2**](DomainAPIVulnerabilityCVEDetailsFacetV2.md) | | [optional] | +| **data_providers** | [**Array<DomainAPIVulnerabilityDataProviderV1>**](DomainAPIVulnerabilityDataProviderV1.md) | Contains information about the vulnerability data providers of this entity | [optional] | | **host_info** | [**DomainAPIVulnerabilityHostFacetV2**](DomainAPIVulnerabilityHostFacetV2.md) | | [optional] | -| **id** | **String** | | | +| **id** | **String** | Vulnerability unique ID | | +| **ports** | **Array<Integer>** | Contains ports that the vulnerability affects | [optional] | | **remediation** | [**DomainAPIVulnerabilityRemediationFacetV2**](DomainAPIVulnerabilityRemediationFacetV2.md) | | [optional] | -| **status** | **String** | | | +| **status** | **String** | Current status of a vulnerability (open, closed, reopen) | | | **suppression_info** | [**DomainAPIVulnerabilitySuppressionInfoV2**](DomainAPIVulnerabilitySuppressionInfoV2.md) | | [optional] | -| **updated_timestamp** | **String** | | | +| **updated_timestamp** | **String** | A timestamp corresponding to the point in time when a vulnerability's information or status have been updated | | +| **vulnerability_id** | **String** | Dynamic label that contains the CVE ID if applicable, otherwise the vulnerability metadata ID or label from the provider | [optional] | +| **vulnerability_metadata_id** | **String** | Unique identifier for the vulnerability metadata | [optional] | ## Example @@ -31,12 +35,16 @@ instance = Falcon::DomainAPIVulnerabilityV2.new( closed_timestamp: null, created_timestamp: null, cve: null, + data_providers: null, host_info: null, id: null, + ports: null, remediation: null, status: null, suppression_info: null, - updated_timestamp: null + updated_timestamp: null, + vulnerability_id: null, + vulnerability_metadata_id: null ) ``` diff --git a/docs/DomainAWSAccountV2.md b/docs/DomainAWSAccountV2.md index 1d235cb8..b543637f 100644 --- a/docs/DomainAWSAccountV2.md +++ b/docs/DomainAWSAccountV2.md @@ -9,6 +9,7 @@ | **id** | **Integer** | | | | **updated_at** | **Time** | | | | **account_id** | **String** | 12 digit AWS provided unique identifier for the account. | [optional] | +| **account_name** | **String** | AWS account name | [optional] | | **account_type** | **String** | | [optional] | | **active_regions** | **Array<String>** | | [optional] | | **aws_cloudtrail_bucket_name** | **String** | AWS CloudTrail bucket name to store logs. | [optional] | @@ -17,11 +18,13 @@ | **aws_permissions_status** | [**Array<DomainPermission>**](DomainPermission.md) | Permissions status returned via API. | | | **behavior_assessment_enabled** | **Boolean** | | [optional] | | **cid** | **String** | | [optional] | +| **cloud_scopes** | [**Array<DomainCloudScope>**](DomainCloudScope.md) | | [optional] | | **cloudformation_url** | **String** | | [optional] | | **conditions** | [**Array<DomainCondition>**](DomainCondition.md) | | [optional] | | **cspm_enabled** | **Boolean** | | [optional] | | **d4c** | [**DomainAWSD4CAccountV1**](DomainAWSD4CAccountV1.md) | | [optional] | | **d4c_migrated** | **Boolean** | | [optional] | +| **environment** | **String** | | [optional] | | **eventbus_name** | **String** | | [optional] | | **external_id** | **String** | ID assigned for use with cross account IAM role access. | [optional] | | **iam_role_arn** | **String** | The full arn of the IAM role created in this account to control access. | [optional] | @@ -52,6 +55,7 @@ instance = Falcon::DomainAWSAccountV2.new( id: null, updated_at: null, account_id: null, + account_name: null, account_type: null, active_regions: null, aws_cloudtrail_bucket_name: null, @@ -60,11 +64,13 @@ instance = Falcon::DomainAWSAccountV2.new( aws_permissions_status: null, behavior_assessment_enabled: null, cid: null, + cloud_scopes: null, cloudformation_url: null, conditions: null, cspm_enabled: null, d4c: null, d4c_migrated: null, + environment: null, eventbus_name: null, external_id: null, iam_role_arn: null, diff --git a/docs/DomainActorDocument.md b/docs/DomainActorDocument.md index e8e35445..4090a13c 100644 --- a/docs/DomainActorDocument.md +++ b/docs/DomainActorDocument.md @@ -4,38 +4,38 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **active** | **Boolean** | | | -| **actor_type** | **String** | | [optional] | -| **capabilities** | [**Array<DomainEntity>**](DomainEntity.md) | | | +| **active** | **Boolean** | Boolean field marking if actor is active | | +| **actor_type** | **String** | Actor type, one of: targeted, ecrime | [optional] | +| **capabilities** | [**Array<DomainEntity>**](DomainEntity.md) | actor's capabilities, some examples: RAT,Ransomware,Spearphishing,Downloader,Backdoor,InformationStealer,exploit,CredentialHarvesting,dropper,DenialOfService,Loader,Phishing | | | **capability** | [**DomainEntity**](DomainEntity.md) | | [optional] | -| **created_date** | **Integer** | | | -| **description** | **String** | | [optional] | +| **created_date** | **Integer** | Actor's document creation date when it was added to the Falcon portal in unix timestamp format | | +| **description** | **String** | Actor's text description, partially containing structured data from other fields | [optional] | | **ecrime_kill_chain** | [**DomainECrimeKillChain**](DomainECrimeKillChain.md) | | [optional] | -| **entitlements** | [**Array<DomainEntity>**](DomainEntity.md) | | [optional] | -| **first_activity_date** | **Integer** | | | +| **entitlements** | [**Array<DomainEntity>**](DomainEntity.md) | Field used to filter user's access to actor documents | [optional] | +| **first_activity_date** | **Integer** | Actor's first activity observed date in unix timestamp format | | | **group** | [**DomainEntity**](DomainEntity.md) | | [optional] | -| **id** | **Integer** | | | +| **id** | **Integer** | Numerical ID for the Actor | | | **image** | [**DomainImage**](DomainImage.md) | | [optional] | | **kill_chain** | [**DomainKillChain**](DomainKillChain.md) | | [optional] | -| **known_as** | **String** | | | -| **last_activity_date** | **Integer** | | | -| **last_modified_date** | **Integer** | | | -| **motivations** | [**Array<DomainEntity>**](DomainEntity.md) | | | -| **name** | **String** | | | -| **notify_users** | **Boolean** | | | -| **objectives** | [**Array<DomainEntity>**](DomainEntity.md) | | | -| **origins** | [**Array<DomainEntity>**](DomainEntity.md) | | | -| **recent_alerting** | **Integer** | | [optional] | +| **known_as** | **String** | Alternative names and community identifiers of an actor | | +| **last_activity_date** | **Integer** | Actor's last (most recent) activity observed date in unix timestamp format | | +| **last_modified_date** | **Integer** | Actor's document last modified date in unix timestamp format | | +| **motivations** | [**Array<DomainEntity>**](DomainEntity.md) | Actor's activity motivation, one of: State-Sponsored, Criminal, Hacktivism | | +| **name** | **String** | Actor's name, composed of 2 words | [optional] | +| **notify_users** | **Boolean** | internal field | | +| **objectives** | [**Array<DomainEntity>**](DomainEntity.md) | Actor's activity objectives, one of: IntelligenceGathering, FinancialGain, IntellectualPropertyTheft, defacement, Destruction, DenialOfService | | +| **origins** | [**Array<DomainEntity>**](DomainEntity.md) | represents origin of actor's activity and/or members, some examples: China,Russian Federation,Eastern Europe,Iran,East Asia, South Asia | | +| **recent_alerting** | **Integer** | Recent CrowdStrike's finished intelligence alerting date in unix timestamp format | [optional] | | **region** | [**DomainEntity**](DomainEntity.md) | | [optional] | -| **rich_text_description** | **String** | | [optional] | -| **short_description** | **String** | | | -| **slug** | **String** | | | -| **status** | **String** | | | -| **target_countries** | [**Array<DomainEntity>**](DomainEntity.md) | | | -| **target_industries** | [**Array<DomainEntity>**](DomainEntity.md) | | | -| **target_regions** | [**Array<DomainEntity>**](DomainEntity.md) | | | +| **rich_text_description** | **String** | Rich text version of the description field | [optional] | +| **short_description** | **String** | Short version of the description field | | +| **slug** | **String** | Name in url friendly format, lowercased and spaces replaced with dash | [optional] | +| **status** | **String** | Status of an actor, one of: Active, Inactive, Retired | | +| **target_countries** | [**Array<DomainEntity>**](DomainEntity.md) | Target countries of actor's activity and attacks, slug value is a 2 characters code for the country value, some examples: United States,United Kingdom,Germany,India,Japan,France,Australia,Canada,China | | +| **target_industries** | [**Array<DomainEntity>**](DomainEntity.md) | Target economical industries of actor's activity and attacks. List of available values: Government, Financial Services, Technology, Telecommunications, Healthcare, Energy, Academic, Media, Aerospace, NGO, Manufacturing, Industrials and Engineering, Retail, Hospitality, Consulting and Professional Services, Opportunistic, Aviation, Defense, Transportation, Oil and Gas, Legal, Pharmaceutical, Logistics, Military, Automotive, Food and Beverage, Consumer Goods, Real Estate, Insurance, Agriculture, Chemicals, Utilities, Maritime, Extractive, Travel, Dissident, Cryptocurrency, Entertainment, National Government, Law Enforcement, Think Tanks, Local Government, Sports Organizations, Computer Gaming, Biomedical, Nonprofit, Financial Management & Hedge Funds, Political Parties, Architectural and Engineering, Emergency Services, Social Media, International Government, Nuclear, Research Entities, Vocational and Higher-Level Education, eCommerce | | +| **target_regions** | [**Array<DomainEntity>**](DomainEntity.md) | Target geographic regions of actor's activity and attacks. List of available values: North America, Western Europe, Southeast Asia, Middle East, Eastern Europe, South Asia, South America, Oceania, East Asia, Central Africa, Northern Europe, Southern Europe, North Africa, Southern Africa, Central America, Central Asia, East Africa, West Africa, Caribbean | | | **thumbnail** | [**DomainImage**](DomainImage.md) | | [optional] | -| **url** | **String** | | [optional] | +| **url** | **String** | URL at which actor profile can be accessed | [optional] | ## Example diff --git a/docs/DomainActorsResponse.md b/docs/DomainActorsResponse.md index d1954033..8afb6e31 100644 --- a/docs/DomainActorsResponse.md +++ b/docs/DomainActorsResponse.md @@ -4,7 +4,7 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | | +| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | Array of API Errors | | | **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | | | **resources** | [**Array<DomainActorDocument>**](DomainActorDocument.md) | | | diff --git a/docs/DomainAssessmentPaging.md b/docs/DomainAssessmentPaging.md deleted file mode 100644 index 54733151..00000000 --- a/docs/DomainAssessmentPaging.md +++ /dev/null @@ -1,24 +0,0 @@ -# Falcon::DomainAssessmentPaging - -## Properties - -| Name | Type | Description | Notes | -| ---- | ---- | ----------- | ----- | -| **expires_at** | **Integer** | | [optional] | -| **limit** | **Integer** | | [optional] | -| **offset** | **String** | | | -| **total** | **Integer** | | | - -## Example - -```ruby -require 'crimson-falcon' - -instance = Falcon::DomainAssessmentPaging.new( - expires_at: null, - limit: null, - offset: null, - total: null -) -``` - diff --git a/docs/DomainBaseAPIVulnerabilityV2.md b/docs/DomainBaseAPIVulnerabilityV2.md index 7cc23b0a..78bae4af 100644 --- a/docs/DomainBaseAPIVulnerabilityV2.md +++ b/docs/DomainBaseAPIVulnerabilityV2.md @@ -4,19 +4,23 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **aid** | **String** | | | +| **aid** | **String** | Asset ID for which the vulnerability has been detected. For managed assets it can correspond to the sensor ID, for unmanaged assets can be a stand alone ID | | | **app** | [**DomainAPIVulnerabilityAppV2**](DomainAPIVulnerabilityAppV2.md) | | [optional] | -| **apps** | [**Array<DomainAPIVulnerabilityExtendedAppV2>**](DomainAPIVulnerabilityExtendedAppV2.md) | | [optional] | -| **cid** | **String** | | | -| **closed_timestamp** | **String** | | [optional] | -| **created_timestamp** | **String** | | | +| **apps** | [**Array<DomainAPIVulnerabilityExtendedAppV2>**](DomainAPIVulnerabilityExtendedAppV2.md) | Provide details related to the products for which a the vulnerability has been detected | [optional] | +| **cid** | **String** | Contains the customer identifier associated with the asset for which the vulnerability has been detected | | +| **closed_timestamp** | **String** | A timestamp corresponding to the point in time when the vulnerability has no longer been detected (eg: it got fixed) | [optional] | +| **created_timestamp** | **String** | A timestamp corresponding to the point in time when the vulnerability has been created (detected) in our system | | | **cve** | [**DomainAPIVulnerabilityCVEDetailsFacetV2**](DomainAPIVulnerabilityCVEDetailsFacetV2.md) | | [optional] | +| **data_providers** | [**Array<DomainAPIVulnerabilityDataProviderV1>**](DomainAPIVulnerabilityDataProviderV1.md) | Contains information about the vulnerability data providers of this entity | [optional] | | **host_info** | [**DomainAPIVulnerabilityHostFacetV2**](DomainAPIVulnerabilityHostFacetV2.md) | | [optional] | -| **id** | **String** | | | +| **id** | **String** | Vulnerability unique ID | | +| **ports** | **Array<Integer>** | Contains ports that the vulnerability affects | [optional] | | **remediation** | [**DomainAPIVulnerabilityRemediationFacetV2**](DomainAPIVulnerabilityRemediationFacetV2.md) | | [optional] | -| **status** | **String** | | | +| **status** | **String** | Current status of a vulnerability (open, closed, reopen) | | | **suppression_info** | [**DomainAPIVulnerabilitySuppressionInfoV2**](DomainAPIVulnerabilitySuppressionInfoV2.md) | | [optional] | -| **updated_timestamp** | **String** | | | +| **updated_timestamp** | **String** | A timestamp corresponding to the point in time when a vulnerability's information or status have been updated | | +| **vulnerability_id** | **String** | Dynamic label that contains the CVE ID if applicable, otherwise the vulnerability metadata ID or label from the provider | [optional] | +| **vulnerability_metadata_id** | **String** | Unique identifier for the vulnerability metadata | [optional] | ## Example @@ -31,12 +35,16 @@ instance = Falcon::DomainBaseAPIVulnerabilityV2.new( closed_timestamp: null, created_timestamp: null, cve: null, + data_providers: null, host_info: null, id: null, + ports: null, remediation: null, status: null, suppression_info: null, - updated_timestamp: null + updated_timestamp: null, + vulnerability_id: null, + vulnerability_metadata_id: null ) ``` diff --git a/docs/DomainBehavior.md b/docs/DomainBehavior.md index e84d925c..d6b40143 100644 --- a/docs/DomainBehavior.md +++ b/docs/DomainBehavior.md @@ -5,6 +5,7 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | | **aid** | **String** | | [optional] | +| **alert_ids** | **Array<String>** | | [optional] | | **behavior_id** | **String** | | [optional] | | **cid** | **String** | | [optional] | | **cmdline** | **String** | | [optional] | @@ -39,6 +40,7 @@ require 'crimson-falcon' instance = Falcon::DomainBehavior.new( aid: null, + alert_ids: null, behavior_id: null, cid: null, cmdline: null, diff --git a/docs/DomainCIDGroup.md b/docs/DomainCIDGroup.md index 02b598f9..e6e253b0 100644 --- a/docs/DomainCIDGroup.md +++ b/docs/DomainCIDGroup.md @@ -4,9 +4,8 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **cid** | **String** | | [optional] | -| **cid_group_id** | **String** | | [optional] | -| **description** | **String** | | | +| **cid_group_id** | **String** | | | +| **description** | **String** | | [optional] | | **name** | **String** | | | ## Example @@ -15,7 +14,6 @@ require 'crimson-falcon' instance = Falcon::DomainCIDGroup.new( - cid: null, cid_group_id: null, description: null, name: null diff --git a/docs/DomainCIDPolicyAssignments.md b/docs/DomainCIDPolicyAssignments.md index ddae6d75..ce05ff85 100644 --- a/docs/DomainCIDPolicyAssignments.md +++ b/docs/DomainCIDPolicyAssignments.md @@ -8,6 +8,7 @@ | **attack_types** | **Array<String>** | | [optional] | | **cid** | **String** | | [optional] | | **cis_benchmark** | [**Array<DomainBenchmark>**](DomainBenchmark.md) | | [optional] | +| **cisa_benchmark** | [**Array<DomainBenchmark>**](DomainBenchmark.md) | | [optional] | | **cloud_asset_type** | **String** | | [optional] | | **cloud_asset_type_id** | **Integer** | | [optional] | | **cloud_provider** | **String** | | [optional] | @@ -18,6 +19,7 @@ | **default_severity** | **String** | | [optional] | | **fql_policy** | **String** | | [optional] | | **is_remediable** | **Boolean** | | | +| **iso_benchmark** | [**Array<DomainBenchmark>**](DomainBenchmark.md) | | [optional] | | **name** | **String** | | [optional] | | **nist_benchmark** | [**Array<DomainBenchmark>**](DomainBenchmark.md) | | [optional] | | **pci_benchmark** | [**Array<DomainBenchmark>**](DomainBenchmark.md) | | [optional] | @@ -39,6 +41,7 @@ instance = Falcon::DomainCIDPolicyAssignments.new( attack_types: null, cid: null, cis_benchmark: null, + cisa_benchmark: null, cloud_asset_type: null, cloud_asset_type_id: null, cloud_provider: null, @@ -49,6 +52,7 @@ instance = Falcon::DomainCIDPolicyAssignments.new( default_severity: null, fql_policy: null, is_remediable: null, + iso_benchmark: null, name: null, nist_benchmark: null, pci_benchmark: null, diff --git a/docs/DomainCloudAccounts.md b/docs/DomainCloudAccounts.md new file mode 100644 index 00000000..00a24f24 --- /dev/null +++ b/docs/DomainCloudAccounts.md @@ -0,0 +1,20 @@ +# Falcon::DomainCloudAccounts + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **ids** | **Array<String>** | | [optional] | +| **provider** | **String** | | [optional] | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::DomainCloudAccounts.new( + ids: null, + provider: null +) +``` + diff --git a/docs/DomainCloudScope.md b/docs/DomainCloudScope.md new file mode 100644 index 00000000..923c9752 --- /dev/null +++ b/docs/DomainCloudScope.md @@ -0,0 +1,36 @@ +# Falcon::DomainCloudScope + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **accounts** | [**Array<DomainCloudAccounts>**](DomainCloudAccounts.md) | | [optional] | +| **business_impact** | **String** | | [optional] | +| **business_unit** | **String** | | [optional] | +| **cid** | **String** | | [optional] | +| **created_at** | **Time** | | [optional] | +| **description** | **String** | | [optional] | +| **id** | **Integer** | | [optional] | +| **name** | **String** | | [optional] | +| **owners** | **Array<String>** | | [optional] | +| **total_accounts** | **Integer** | | [optional] | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::DomainCloudScope.new( + accounts: null, + business_impact: null, + business_unit: null, + cid: null, + created_at: null, + description: null, + id: null, + name: null, + owners: null, + total_accounts: null +) +``` + diff --git a/docs/DomainDiscoverAPIHost.md b/docs/DomainDiscoverAPIHost.md index 8b316ef9..8e60cfea 100644 --- a/docs/DomainDiscoverAPIHost.md +++ b/docs/DomainDiscoverAPIHost.md @@ -9,7 +9,7 @@ | **ad_user_account_control** | **Integer** | The user account control properties in Active Directory. | [optional] | | **agent_version** | **String** | The version of the Falcon sensor that's installed on the asset. | [optional] | | **aid** | **String** | The agent ID of the Falcon sensor installed on the asset. | [optional] | -| **asset_roles** | **Array<String>** | List of asset roles (computed or given by the user) | [optional] | +| **asset_roles** | **Array<String>** | The asset role or roles currently assigned to the asset either automatically or by a user (Jump host, Highly connected, Highly active, Server by behavior, DHCP server, DNS server, FTP server, SSH server, or Web server). | [optional] | | **assigned_to** | **String** | The first and last name of the person who is assigned to this asset. | [optional] | | **available_disk_space** | **Integer** | The available disk space in the last 15 minutes on the host | [optional] | | **available_disk_space_pct** | **Integer** | The available disk space percent in the last 15 minutes on the host | [optional] | @@ -24,18 +24,23 @@ | **city** | **String** | The name of the city where the asset is located. | [optional] | | **classification** | **String** | How the server is classified, such as production, development, disaster recovery, or user acceptance testing. | [optional] | | **cloud_account_id** | **String** | The cloud provider assigned identifier of the cloud account the instance is located in. | [optional] | +| **cloud_instance_id** | **String** | The id of the cloud instance. | [optional] | | **cloud_provider** | **String** | The cloud provider environment the instance is located in (AWS/Azure/GCP). | [optional] | | **cloud_region** | **String** | The cloud provider assigned identifier of the cloud region the instance is located in (e.g. “us-west-1”, “westeurope”, “asia-northeast1) | [optional] | | **cloud_registered** | **Boolean** | Whether or not the instance is located in a cloud account registered with cloud security posture. | [optional] | | **cloud_resource_id** | **String** | The cloud provider assigned identifier of the instance. | [optional] | -| **computed_asset_roles** | **Array<String>** | List of computed asset roles | [optional] | +| **computed_asset_roles** | **Array<String>** | The asset role or roles assigned to the asset automatically (Jump host, Highly connected, Highly active, Server by behavior, DHCP server, DNS server, FTP server, SSH server, or Web server). | [optional] | +| **computed_internet_exposure** | **String** | Whether the asset is exposed to the internet as determined automatically (Yes, No, or Unknown). | [optional] | | **confidence** | **Integer** | The level of confidence that the asset is a corporate asset (25 = low confidence, 50 = medium confidence, 75 = high confidence). | [optional] | | **country** | **String** | The name of the country where the asset is located. | [optional] | | **cpu_manufacturer** | **String** | The manufacturer of the asset's CPU. | [optional] | | **cpu_processor_name** | **String** | The name of the processor on the system | [optional] | | **creation_timestamp** | **String** | The time the asset was created in Active Directory, according to LDAP info. | [optional] | -| **criticality** | **String** | Asset criticality | [optional] | -| **criticality_rule_id** | **String** | The ID of the criticality rule that last matched on this host | [optional] | +| **criticality** | **String** | The criticality level of the asset (Critical, High, Noncritical, or Unassigned) | [optional] | +| **criticality_description** | **String** | The description the user entered when manually assigning a criticality level | [optional] | +| **criticality_rule_id** | **String** | The ID of the criticality rule that has most recently applied to the asset. | [optional] | +| **criticality_timestamp** | **String** | The date and time the criticality level was manually assigned | [optional] | +| **criticality_username** | **String** | The username of the account that manually assigned the criticality level | [optional] | | **current_local_ip** | **String** | The last seen local IPv4 address of the asset. | [optional] | | **data_providers** | **Array<String>** | Where the data about the asset came from (such as CrowdStrike, ServiceNow, or Active Directory). | [optional] | | **data_providers_count** | **Integer** | How many services provided data about the asset. | [optional] | @@ -43,6 +48,7 @@ | **descriptions** | **Array<String>** | The descriptions of the asset in Active Directory (Cannot be used for filtering, sorting, or querying). | [optional] | | **discoverer_aids** | **Array<String>** | The agent IDs of the Falcon sensors installed on the sources that discovered the asset. | [optional] | | **discoverer_count** | **Integer** | The number of sources that discovered the asset. | [optional] | +| **discoverer_hostnames** | **Array<String>** | The hostnames of the sources that discovered the asset. | [optional] | | **discoverer_platform_names** | **Array<String>** | The platform names of the sources that discovered the asset. | [optional] | | **discoverer_product_type_descs** | **Array<String>** | The product type descriptions of the sources that discovered the asset. | [optional] | | **discoverer_tags** | **Array<String>** | The tags of the sources that discovered the asset. | [optional] | @@ -63,8 +69,12 @@ | **hostname** | **String** | The asset's hostname. | [optional] | | **id** | **String** | The unique ID of the asset. | | | **internet_exposure** | **String** | Whether the asset is exposed to the internet (Yes or Unknown). | [optional] | +| **internet_exposure_description** | **String** | The description the user entered when manually assigning a internet exposure level | [optional] | +| **internet_exposure_timestamp** | **String** | The date and time the internet exposure level was manually assigned | [optional] | +| **internet_exposure_username** | **String** | The username of the account that manually assigned the internet exposure level | [optional] | | **kernel_version** | **String** | For Linux and Mac hosts: the major version, minor version, and patch version of the kernel for the asset. For Windows hosts: the build number of the asset. | [optional] | | **last_discoverer_aid** | **String** | The agent ID of the Falcon sensor installed on the source that most recently discovered the asset. | [optional] | +| **last_discoverer_hostname** | **String** | The hostname of the last source that discovered the asset. | [optional] | | **last_seen_timestamp** | **String** | The most recent time the asset was seen in your environment. | [optional] | | **local_ip_addresses** | **Array<String>** | Historical local IPv4 addresses associated with the asset. | [optional] | | **local_ips_count** | **Integer** | The number of historical local IPv4 addresses the asset has had. | [optional] | @@ -86,8 +96,9 @@ | **os_service_pack** | **String** | The OS service pack on the asset. | [optional] | | **os_version** | **String** | The OS version of the asset. | [optional] | | **ou** | **String** | The organizational unit of the asset. | [optional] | -| **override_asset_roles** | **Boolean** | True if the user has override asset roles computed automatically | [optional] | -| **override_criticality_rules** | **Boolean** | True if the host should not be evaluated against the criticality rules | [optional] | +| **override_asset_roles** | **Boolean** | Whether a user overrode automatically assigned asset roles to manually assign a role to the asset (true or false). | [optional] | +| **override_criticality_rules** | **Boolean** | Whether a user overrode a criticality rule to manually assign a criticality level on the asset (true or false). | [optional] | +| **override_internet_exposure** | **Boolean** | Whether a user overrode the automatically assigned internet exposure (True or False). | [optional] | | **owned_by** | **String** | The first and last name of the person who owns this asset. | [optional] | | **physical_core_count** | **Integer** | The number of physical CPU cores available on the system. | [optional] | | **platform_name** | **String** | The platform name of the asset (Windows, Mac, Linux). | [optional] | @@ -139,18 +150,23 @@ instance = Falcon::DomainDiscoverAPIHost.new( city: null, classification: null, cloud_account_id: null, + cloud_instance_id: null, cloud_provider: null, cloud_region: null, cloud_registered: null, cloud_resource_id: null, computed_asset_roles: null, + computed_internet_exposure: null, confidence: null, country: null, cpu_manufacturer: null, cpu_processor_name: null, creation_timestamp: null, criticality: null, + criticality_description: null, criticality_rule_id: null, + criticality_timestamp: null, + criticality_username: null, current_local_ip: null, data_providers: null, data_providers_count: null, @@ -158,6 +174,7 @@ instance = Falcon::DomainDiscoverAPIHost.new( descriptions: null, discoverer_aids: null, discoverer_count: null, + discoverer_hostnames: null, discoverer_platform_names: null, discoverer_product_type_descs: null, discoverer_tags: null, @@ -178,8 +195,12 @@ instance = Falcon::DomainDiscoverAPIHost.new( hostname: null, id: null, internet_exposure: null, + internet_exposure_description: null, + internet_exposure_timestamp: null, + internet_exposure_username: null, kernel_version: null, last_discoverer_aid: null, + last_discoverer_hostname: null, last_seen_timestamp: null, local_ip_addresses: null, local_ips_count: null, @@ -203,6 +224,7 @@ instance = Falcon::DomainDiscoverAPIHost.new( ou: null, override_asset_roles: null, override_criticality_rules: null, + override_internet_exposure: null, owned_by: null, physical_core_count: null, platform_name: null, diff --git a/docs/DomainDiscoverAPIIoTHost.md b/docs/DomainDiscoverAPIIoTHost.md index c36436f0..e81eaffc 100644 --- a/docs/DomainDiscoverAPIIoTHost.md +++ b/docs/DomainDiscoverAPIIoTHost.md @@ -29,6 +29,7 @@ | **device_slots** | [**Array<DomainDiscoverAPIDeviceSlot>**](DomainDiscoverAPIDeviceSlot.md) | The slots of IoT Asset | [optional] | | **device_type** | **String** | The Device Type of IoT Asset | [optional] | | **discoverer_count** | **Integer** | The number of sources that discovered the asset. | [optional] | +| **discoverer_ics_collector_ids** | **Array<String>** | A list of agent IDs of the Falcon sensors installed on the source hosts that discovered the asset via ICS Asset discovery mechanism | [optional] | | **discoverer_product_type_descs** | **Array<String>** | The product type descriptions of the sources that discovered the asset. | [optional] | | **disk_sizes** | [**Array<DomainDiscoverAPIDiskSize>**](DomainDiscoverAPIDiskSize.md) | The names and sizes of the disks on the asset | [optional] | | **encrypted_drives** | **Array<String>** | The list of encrypted drives on the asset | [optional] | @@ -123,6 +124,7 @@ instance = Falcon::DomainDiscoverAPIIoTHost.new( device_slots: null, device_type: null, discoverer_count: null, + discoverer_ics_collector_ids: null, discoverer_product_type_descs: null, disk_sizes: null, encrypted_drives: null, diff --git a/docs/DomainDiscoverParams.md b/docs/DomainDiscoverParams.md index 282c2643..d9302fe7 100644 --- a/docs/DomainDiscoverParams.md +++ b/docs/DomainDiscoverParams.md @@ -4,7 +4,9 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | +| **application_filters** | **String** | | | | **application_group_id** | **String** | | | +| **application_vendors** | **String** | | | | **requirement_criteria** | **String** | | | ## Example @@ -13,7 +15,9 @@ require 'crimson-falcon' instance = Falcon::DomainDiscoverParams.new( + application_filters: null, application_group_id: null, + application_vendors: null, requirement_criteria: null ) ``` diff --git a/docs/DomainECrimeKillChain.md b/docs/DomainECrimeKillChain.md index 314dfb7c..521d2dfb 100644 --- a/docs/DomainECrimeKillChain.md +++ b/docs/DomainECrimeKillChain.md @@ -4,26 +4,26 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **attribution** | **String** | | [optional] | -| **crimes** | **String** | | [optional] | -| **customers** | **String** | | [optional] | -| **exploitation** | **String** | | [optional] | -| **marketing** | **String** | | [optional] | -| **monetization** | **String** | | [optional] | -| **rich_text_attribution** | **String** | | [optional] | -| **rich_text_crimes** | **String** | | [optional] | -| **rich_text_customers** | **String** | | [optional] | -| **rich_text_exploitation** | **String** | | [optional] | -| **rich_text_marketing** | **String** | | [optional] | -| **rich_text_monetization** | **String** | | [optional] | -| **rich_text_services_offered** | **String** | | [optional] | -| **rich_text_services_used** | **String** | | [optional] | -| **rich_text_technical_tradecraft** | **String** | | [optional] | -| **rich_text_victims** | **String** | | [optional] | -| **services_offered** | **String** | | [optional] | -| **services_used** | **String** | | [optional] | -| **technical_tradecraft** | **String** | | [optional] | -| **victims** | **String** | | [optional] | +| **attribution** | **String** | Free form text describing attribution of the ecrime actor | [optional] | +| **crimes** | **String** | Free form text describing actor's crimes | [optional] | +| **customers** | **String** | Free form text describing ecrime actor's customers and affiliates | [optional] | +| **exploitation** | **String** | Comma separated values of vulnerabilities by CVE codes that are exploited by actor | [optional] | +| **marketing** | **String** | Free form text describing ecrime actor's marketing campaigns and advertisement | [optional] | +| **monetization** | **String** | Legacy field, not used and empty | [optional] | +| **rich_text_attribution** | **String** | Rich text version of the attribution field | [optional] | +| **rich_text_crimes** | **String** | Rich text version of the crimes field | [optional] | +| **rich_text_customers** | **String** | Rich text version of the customers field | [optional] | +| **rich_text_exploitation** | **String** | Rich text version of the exploitation field | [optional] | +| **rich_text_marketing** | **String** | Rich text version of the marketing field | [optional] | +| **rich_text_monetization** | **String** | Legacy field, not used and empty | [optional] | +| **rich_text_services_offered** | **String** | Rich text version of the services_offered field | [optional] | +| **rich_text_services_used** | **String** | Rich text version of the services_used field | [optional] | +| **rich_text_technical_tradecraft** | **String** | Rich text version of the technical_tradecraft field | [optional] | +| **rich_text_victims** | **String** | Rich text version of the victims field | [optional] | +| **services_offered** | **String** | Free form text describing ecrime actor's services offered and monetized | [optional] | +| **services_used** | **String** | Free form text describing ecrime actor's used services provided by other actors or groups | [optional] | +| **technical_tradecraft** | **String** | Free form text describing methods and descriptions of techniques used by actor | [optional] | +| **victims** | **String** | Free form text describing victims or their characteristics of the ecrime actor | [optional] | ## Example diff --git a/docs/DomainEntity.md b/docs/DomainEntity.md index d4eec535..4fc14aa2 100644 --- a/docs/DomainEntity.md +++ b/docs/DomainEntity.md @@ -4,10 +4,10 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **id** | **Integer** | | | -| **name** | **String** | | [optional] | -| **slug** | **String** | | [optional] | -| **value** | **String** | | [optional] | +| **id** | **Integer** | numerical id ensuring data integrity | | +| **name** | **String** | name of the entity | [optional] | +| **slug** | **String** | search and url friendly value, usually lowercase representation of value with spaces replaced with dashes, except for countries where 2 letters codes are used | [optional] | +| **value** | **String** | string value of the generic entity which is searchable and filterable | [optional] | ## Example diff --git a/docs/DomainGCPAccountV1.md b/docs/DomainGCPAccountV1.md index 382468c7..99382393 100644 --- a/docs/DomainGCPAccountV1.md +++ b/docs/DomainGCPAccountV1.md @@ -9,8 +9,10 @@ | **id** | **Integer** | | | | **updated_at** | **Time** | | | | **cid** | **String** | | | +| **cloud_scopes** | [**Array<DomainCloudScope>**](DomainCloudScope.md) | | [optional] | | **cspm_enabled** | **Boolean** | | | | **display_name** | **String** | GCP Display Name | [optional] | +| **environment** | **String** | | [optional] | | **folder_id** | **String** | GCP folder ID | [optional] | | **folder_name** | **String** | GCP folder Name | [optional] | | **gcp_permissions_status** | [**Array<DomainPermission>**](DomainPermission.md) | Permissions status returned via API. | | @@ -36,8 +38,10 @@ instance = Falcon::DomainGCPAccountV1.new( id: null, updated_at: null, cid: null, + cloud_scopes: null, cspm_enabled: null, display_name: null, + environment: null, folder_id: null, folder_name: null, gcp_permissions_status: null, diff --git a/docs/DomainKillChain.md b/docs/DomainKillChain.md index 71c84d21..d0e38c6b 100644 --- a/docs/DomainKillChain.md +++ b/docs/DomainKillChain.md @@ -4,22 +4,22 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **actions_and_objectives** | **String** | | [optional] | -| **command_and_control** | **String** | | [optional] | -| **delivery** | **String** | | [optional] | -| **exploitation** | **String** | | [optional] | -| **installation** | **String** | | [optional] | -| **objectives** | **String** | | [optional] | -| **reconnaissance** | **String** | | [optional] | -| **rich_text_actions_and_objectives** | **String** | | [optional] | -| **rich_text_command_and_control** | **String** | | [optional] | -| **rich_text_delivery** | **String** | | [optional] | -| **rich_text_exploitation** | **String** | | [optional] | -| **rich_text_installation** | **String** | | [optional] | -| **rich_text_objectives** | **String** | | [optional] | -| **rich_text_reconnaissance** | **String** | | [optional] | -| **rich_text_weaponization** | **String** | | [optional] | -| **weaponization** | **String** | | [optional] | +| **actions_and_objectives** | **String** | Free form text describing actions and objectives of the actor | [optional] | +| **command_and_control** | **String** | Free form text describing methods and tools used to communicate with and control an infected machine or network | [optional] | +| **delivery** | **String** | Free form text describing malware delivery by actor | [optional] | +| **exploitation** | **String** | Comma separated values of vulnerabilities by CVE codes that are exploited by actor | [optional] | +| **installation** | **String** | Free form text describing actor's malware installation on the asset | [optional] | +| **objectives** | **String** | Legacy field, not used and empty | [optional] | +| **reconnaissance** | **String** | Free form text describing how targets are researched, identified and selected | [optional] | +| **rich_text_actions_and_objectives** | **String** | Rich free form text describing actions and objectives of the actor | [optional] | +| **rich_text_command_and_control** | **String** | Rich free form text describing methods and tools used to communicate with and control an infected machine or network | [optional] | +| **rich_text_delivery** | **String** | Rich free form text describing malware delivery by actor | [optional] | +| **rich_text_exploitation** | **String** | Rich text comma separated values of vulnerabilities by CVE codes that are exploited by actor | [optional] | +| **rich_text_installation** | **String** | Rich free form text describing actor's malware installation on the asset | [optional] | +| **rich_text_objectives** | **String** | Legacy field, not used and empty | [optional] | +| **rich_text_reconnaissance** | **String** | Rich free form text describing how targets are researched, identified and selected | [optional] | +| **rich_text_weaponization** | **String** | Rich free form text describing weaponization of the threat/malware (couples exploit with backdoor into deliverable payload) | [optional] | +| **weaponization** | **String** | Free form text describing weaponization of the threat/malware (couples exploit with backdoor into deliverable payload) | [optional] | ## Example diff --git a/docs/DomainMatchedBreachSummaryV1.md b/docs/DomainMatchedBreachSummaryV1.md index abc3018d..10f6bb00 100644 --- a/docs/DomainMatchedBreachSummaryV1.md +++ b/docs/DomainMatchedBreachSummaryV1.md @@ -14,6 +14,8 @@ | **exposure_date** | **Time** | The date when the data was leaked online | [optional] | | **fields** | **Array<String>** | The set of fields which were breached: 'email', 'password', 'login_id', 'phone', etc. | | | **files** | [**Array<DomainFileDetailsV1>**](DomainFileDetailsV1.md) | Metadata regarding the file(s) where exposed data records where found. | [optional] | +| **idp_send_date** | **Time** | | [optional] | +| **idp_send_status** | **String** | | [optional] | | **name** | **String** | The name of the breach | | | **obtained_by** | **String** | Exposed Data Event Threat Actor/Group: Moniker(s) or real name(s) of the individual/group who unveiled confidential data. | [optional] | | **url** | **String** | Where the leak was found. | [optional] | @@ -34,6 +36,8 @@ instance = Falcon::DomainMatchedBreachSummaryV1.new( exposure_date: null, fields: null, files: null, + idp_send_date: null, + idp_send_status: null, name: null, obtained_by: null, url: null diff --git a/docs/DomainMetaInfo.md b/docs/DomainMetaInfo.md index 3c436889..291916a4 100644 --- a/docs/DomainMetaInfo.md +++ b/docs/DomainMetaInfo.md @@ -4,10 +4,8 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **pagination** | [**DomainAssessmentPaging**](DomainAssessmentPaging.md) | | [optional] | -| **powered_by** | **String** | | [optional] | -| **query_time** | **Float** | | | -| **trace_id** | **String** | | | +| **msa_meta_info** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | | +| **quota** | [**DomainQuota**](DomainQuota.md) | | [optional] | ## Example @@ -15,10 +13,8 @@ require 'crimson-falcon' instance = Falcon::DomainMetaInfo.new( - pagination: null, - powered_by: null, - query_time: null, - trace_id: null + msa_meta_info: null, + quota: null ) ``` diff --git a/docs/DomainMsaMetaInfo.md b/docs/DomainMsaMetaInfo.md new file mode 100644 index 00000000..fe57f7c6 --- /dev/null +++ b/docs/DomainMsaMetaInfo.md @@ -0,0 +1,20 @@ +# Falcon::DomainMsaMetaInfo + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **pagination** | [**MsaspecPaging**](MsaspecPaging.md) | | [optional] | +| **query_time** | **Float** | | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::DomainMsaMetaInfo.new( + pagination: null, + query_time: null +) +``` + diff --git a/docs/DomainNewsDocument.md b/docs/DomainNewsDocument.md index 0b000316..a4d1fdff 100644 --- a/docs/DomainNewsDocument.md +++ b/docs/DomainNewsDocument.md @@ -4,29 +4,29 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **active** | **Boolean** | | [optional] | -| **actors** | [**Array<DomainSimpleActor>**](DomainSimpleActor.md) | | | -| **attachments** | [**Array<DomainFile>**](DomainFile.md) | | [optional] | -| **created_date** | **Integer** | | | -| **description** | **String** | | [optional] | -| **entitlements** | [**Array<DomainEntity>**](DomainEntity.md) | | [optional] | -| **id** | **Integer** | | | +| **active** | **Boolean** | legacy field, not used | [optional] | +| **actors** | [**Array<DomainSimpleActor>**](DomainSimpleActor.md) | Actors mentioned, related or referenced in the news/report | | +| **attachments** | [**Array<DomainFile>**](DomainFile.md) | News attachment, containing either pdf url or feeds zip and/or gzip archive | [optional] | +| **created_date** | **Integer** | Date of the news document creation, unix timestampt | | +| **description** | **String** | Full report description, extracted from the document | [optional] | +| **entitlements** | [**Array<DomainEntity>**](DomainEntity.md) | internal property used for permissions check of access, not returned or explicitly filterable | [optional] | +| **id** | **Integer** | Integer ID of the News document | | | **image** | [**DomainImage**](DomainImage.md) | | [optional] | -| **last_modified_date** | **Integer** | | | -| **motivations** | [**Array<DomainEntity>**](DomainEntity.md) | | | -| **name** | **String** | | | -| **notify_users** | **Boolean** | | [optional] | -| **rich_text_description** | **String** | | [optional] | -| **short_description** | **String** | | [optional] | -| **slug** | **String** | | | +| **last_modified_date** | **Integer** | Date of the news document last modification, unix timestampt | | +| **motivations** | [**Array<DomainEntity>**](DomainEntity.md) | News mentioned motivation or motivation of related actors and malware families | | +| **name** | **String** | News title | | +| **notify_users** | **Boolean** | internal field, not used | [optional] | +| **rich_text_description** | **String** | Rich text description with markup | [optional] | +| **short_description** | **String** | Short description of the report content | [optional] | +| **slug** | **String** | News title in a url friendly way, which is title in lowercase and special characters including space replaced with dash | | | **sub_type** | [**DomainEntity**](DomainEntity.md) | | [optional] | -| **tags** | [**Array<DomainEntity>**](DomainEntity.md) | | | -| **target_countries** | [**Array<DomainEntity>**](DomainEntity.md) | | | -| **target_industries** | [**Array<DomainEntity>**](DomainEntity.md) | | | +| **tags** | [**Array<DomainEntity>**](DomainEntity.md) | News tags, which contains MITRE, Vulnerability community identifiers, capabilities, malware family name, customer target, activity cluster, notable event, geopolitical issue | | +| **target_countries** | [**Array<DomainEntity>**](DomainEntity.md) | News mentioned target countries or related actor's target countries | | +| **target_industries** | [**Array<DomainEntity>**](DomainEntity.md) | News mentioned target industries or related actor's target industries | | | **thumbnail** | [**DomainImage**](DomainImage.md) | | | | **topic** | [**DomainEntity**](DomainEntity.md) | | [optional] | | **type** | [**DomainEntity**](DomainEntity.md) | | [optional] | -| **url** | **String** | | [optional] | +| **url** | **String** | URL of the news document where it can be accessed in the Falcon Portal | [optional] | ## Example diff --git a/docs/DomainNewsResponse.md b/docs/DomainNewsResponse.md index 7beb1954..ed6296a4 100644 --- a/docs/DomainNewsResponse.md +++ b/docs/DomainNewsResponse.md @@ -4,7 +4,7 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | | +| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | Array of API Errors | | | **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | | | **resources** | [**Array<DomainNewsDocument>**](DomainNewsDocument.md) | | | diff --git a/docs/DomainNotificationV1.md b/docs/DomainNotificationV1.md index d1ea07b4..07891061 100644 --- a/docs/DomainNotificationV1.md +++ b/docs/DomainNotificationV1.md @@ -19,6 +19,7 @@ | **item_site** | **String** | The site where the intelligence item was found | [optional] | | **item_site_id** | **String** | The ID of the site where the intelligence item was found | [optional] | | **item_type** | **String** | Type of the item which matched the rule: `post`, `reply`, `botnet_config`, `breach`, etc. | | +| **logs** | [**Array<SadomainNotificationLog>**](SadomainNotificationLog.md) | | [optional] | | **raw_intel_id** | **String** | ID of the raw intel item that matched the rule | | | **rule_id** | **String** | The ID of the rule that generated this notification | | | **rule_name** | **String** | The name of the rule that generated this notification | | @@ -50,6 +51,7 @@ instance = Falcon::DomainNotificationV1.new( item_site: null, item_site_id: null, item_type: null, + logs: null, raw_intel_id: null, rule_id: null, rule_name: null, diff --git a/docs/DomainPolicyInfo.md b/docs/DomainPolicyInfo.md index ef6562ec..da9c717b 100644 --- a/docs/DomainPolicyInfo.md +++ b/docs/DomainPolicyInfo.md @@ -16,6 +16,7 @@ | **attack_tool_command** | **String** | | [optional] | | **attack_types** | **Array<String>** | | [optional] | | **cis_benchmark_ids** | **Array<Integer>** | | [optional] | +| **cisa_benchmark_ids** | **Array<Integer>** | | [optional] | | **cli_command** | **String** | | [optional] | | **cloud_asset_type** | **String** | | [optional] | | **cloud_document** | **String** | | [optional] | @@ -33,6 +34,7 @@ | **internal_only** | **Boolean** | | [optional] | | **is_enabled** | **Boolean** | | | | **is_remediable** | **Boolean** | | | +| **iso_benchmark_ids** | **Array<Integer>** | | [optional] | | **mitre_attack_cloud_matrix** | **String** | | [optional] | | **mitre_attack_cloud_subtype** | **String** | | [optional] | | **nist_benchmark_ids** | **Array<Integer>** | | [optional] | @@ -72,6 +74,7 @@ instance = Falcon::DomainPolicyInfo.new( attack_tool_command: null, attack_types: null, cis_benchmark_ids: null, + cisa_benchmark_ids: null, cli_command: null, cloud_asset_type: null, cloud_document: null, @@ -89,6 +92,7 @@ instance = Falcon::DomainPolicyInfo.new( internal_only: null, is_enabled: null, is_remediable: null, + iso_benchmark_ids: null, mitre_attack_cloud_matrix: null, mitre_attack_cloud_subtype: null, nist_benchmark_ids: null, diff --git a/docs/DomainQueryMitreAttacksResponse.md b/docs/DomainQueryMitreAttacksResponse.md new file mode 100644 index 00000000..293847b6 --- /dev/null +++ b/docs/DomainQueryMitreAttacksResponse.md @@ -0,0 +1,22 @@ +# Falcon::DomainQueryMitreAttacksResponse + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | Array of API Errors | | +| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | | +| **resources** | **Array<String>** | Actor's MITRE attack (Tactic and Technique) ids, represents a concatenation of actors slug, tactic id and technique id (optional) concatenated by underscore, example: fancy-bear_TA0011_T1071' | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::DomainQueryMitreAttacksResponse.new( + errors: null, + meta: null, + resources: null +) +``` + diff --git a/docs/DomainQueryResponse.md b/docs/DomainQueryResponse.md index f2587360..a1269488 100644 --- a/docs/DomainQueryResponse.md +++ b/docs/DomainQueryResponse.md @@ -4,8 +4,8 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **errors** | [**Array<DomainReconAPIError>**](DomainReconAPIError.md) | | | -| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | | +| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | [optional] | +| **meta** | [**DomainMsaMetaInfo**](DomainMsaMetaInfo.md) | | | | **resources** | **Array<String>** | | | ## Example diff --git a/docs/DomainRule.md b/docs/DomainRule.md index e02c5acb..22827b49 100644 --- a/docs/DomainRule.md +++ b/docs/DomainRule.md @@ -4,14 +4,15 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **categories** | **Array<String>** | The categories associated with the rule | | -| **created_date** | **String** | UTC timestamp when rule was created | | -| **customer_id** | **String** | The ID of the customer | | -| **id** | **String** | The ID of the rule | | -| **name** | **String** | The name of the rule | | -| **rule_type** | **String** | The type of the rule | | -| **updated_date** | **String** | UTC timestamp when rule was last updated | | -| **value** | **String** | The value of the rule | | +| **created_date** | **Integer** | | | +| **description** | **String** | | | +| **id** | **Integer** | | | +| **last_modified_date** | **Integer** | | | +| **name** | **String** | | | +| **rich_text_description** | **String** | | | +| **short_description** | **String** | | | +| **tags** | **Array<String>** | | | +| **type** | **String** | | | ## Example @@ -19,14 +20,15 @@ require 'crimson-falcon' instance = Falcon::DomainRule.new( - categories: null, created_date: null, - customer_id: null, + description: null, id: null, + last_modified_date: null, name: null, - rule_type: null, - updated_date: null, - value: null + rich_text_description: null, + short_description: null, + tags: null, + type: null ) ``` diff --git a/docs/DomainUpdateNotificationRequestV1.md b/docs/DomainUpdateNotificationRequestV1.md index dca89d5d..df31b6c8 100644 --- a/docs/DomainUpdateNotificationRequestV1.md +++ b/docs/DomainUpdateNotificationRequestV1.md @@ -6,6 +6,8 @@ | ---- | ---- | ----------- | ----- | | **assigned_to_uuid** | **String** | The unique ID of the user who is assigned to this notification. The value `unassigned` can be used to unassign a notification. | | | **id** | **String** | The ID of the notifications | | +| **idp_send_status** | **String** | | | +| **message** | **String** | | | | **status** | **String** | The notification status. This can be one of: `new`, `in-progress`, `closed-false-positive`, `closed-true-positive`. | | ## Example @@ -16,6 +18,8 @@ require 'crimson-falcon' instance = Falcon::DomainUpdateNotificationRequestV1.new( assigned_to_uuid: null, id: null, + idp_send_status: null, + message: null, status: null ) ``` diff --git a/docs/DomainUserAction.md b/docs/DomainUserAction.md index 2c05b3ff..d560c3c4 100644 --- a/docs/DomainUserAction.md +++ b/docs/DomainUserAction.md @@ -4,7 +4,7 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **action_name** | **String** | Action name | [optional] | +| **action_name** | **String** | Action name | | | **action_value** | **String** | Value for action, if any | [optional] | ## Example diff --git a/docs/DomainVulnerability.md b/docs/DomainVulnerability.md index f7caa7a9..4f6f9e68 100644 --- a/docs/DomainVulnerability.md +++ b/docs/DomainVulnerability.md @@ -4,20 +4,20 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **affected_products** | [**Array<DomainVulnerabilityAffectedProduct>**](DomainVulnerabilityAffectedProduct.md) | | [optional] | -| **community_identifiers** | **Array<String>** | | [optional] | -| **cve** | **String** | | | -| **cvss_v2_base** | **String** | | [optional] | -| **cvss_v3_base** | **String** | | [optional] | -| **description** | **String** | | [optional] | -| **exploit_status** | **String** | | [optional] | -| **name** | **String** | | [optional] | -| **publish_date** | **String** | | [optional] | -| **related_actors** | [**Array<DomainVulnerabilityActor>**](DomainVulnerabilityActor.md) | | [optional] | -| **related_reports** | [**Array<DomainVulnerabilityReport>**](DomainVulnerabilityReport.md) | | [optional] | -| **related_threats** | [**Array<DomainVulnerabilityRelatedThreat>**](DomainVulnerabilityRelatedThreat.md) | | [optional] | -| **severity** | **String** | | [optional] | -| **updated_timestamp** | **String** | | [optional] | +| **affected_products** | [**Array<DomainVulnerabilityAffectedProduct>**](DomainVulnerabilityAffectedProduct.md) | List of products affected by vulnerability, specifying product and vendor | [optional] | +| **community_identifiers** | **Array<String>** | Vulnerability community identifiers, which is usually populated for the most popular vulnerabilities | [optional] | +| **cve** | **String** | CVE ID number with four or more digits in the sequence number portion of the ID, examples: CVE-1999-0067, CVE-2014-12345, CVE-2016-7654321 | | +| **cvss_v2_base** | **String** | Vulnerability severity score, according to Common Vulnerability Scoring System V2 | [optional] | +| **cvss_v3_base** | **String** | Vulnerability severity score, according to Common Vulnerability Scoring System V3 | [optional] | +| **description** | **String** | Text description of the vulnerability | [optional] | +| **exploit_status** | **String** | Exploit status of vulnerability, one of: unproven, available, easilyaccessible, activelyused | [optional] | +| **name** | **String** | legacy field, not populated | [optional] | +| **publish_date** | **String** | Date when the vulnerability was published | [optional] | +| **related_actors** | [**Array<DomainVulnerabilityActor>**](DomainVulnerabilityActor.md) | Threat actors that exploits vulnerability | [optional] | +| **related_reports** | [**Array<DomainVulnerabilityReport>**](DomainVulnerabilityReport.md) | Related finished Intelligence Reports to vulnerability, which usually describes the exploitation or attacks using those | [optional] | +| **related_threats** | [**Array<DomainVulnerabilityRelatedThreat>**](DomainVulnerabilityRelatedThreat.md) | Malware Families (threats) that are known to be related to the vulnerability | [optional] | +| **severity** | **String** | Severity of the vulnerability, can be empty or one of: LOW, MEDIUM, HIGH, CRITICAL | [optional] | +| **updated_timestamp** | **String** | Date when the vulnerability was last time updated in the CrowdStrike's database | [optional] | ## Example diff --git a/docs/DomainVulnerabilityActor.md b/docs/DomainVulnerabilityActor.md index 685e78b9..12e84054 100644 --- a/docs/DomainVulnerabilityActor.md +++ b/docs/DomainVulnerabilityActor.md @@ -4,8 +4,8 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **id** | **String** | | [optional] | -| **name** | **String** | | [optional] | +| **id** | **String** | Actor internal ID, consisting of it's name with spaces removed | [optional] | +| **name** | **String** | Actor name, composed of 2 uppercase words | [optional] | ## Example diff --git a/docs/DomainVulnerabilityAffectedProduct.md b/docs/DomainVulnerabilityAffectedProduct.md index 87681c58..47476e87 100644 --- a/docs/DomainVulnerabilityAffectedProduct.md +++ b/docs/DomainVulnerabilityAffectedProduct.md @@ -4,8 +4,8 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **product** | **String** | | [optional] | -| **vendor** | **String** | | [optional] | +| **product** | **String** | Lowercase product name that vulnerability affects | [optional] | +| **vendor** | **String** | Lowercase vendor name that develops or provides the affected product | [optional] | ## Example diff --git a/docs/DomainVulnerabilityRelatedThreat.md b/docs/DomainVulnerabilityRelatedThreat.md index f90b45f3..8089dd6e 100644 --- a/docs/DomainVulnerabilityRelatedThreat.md +++ b/docs/DomainVulnerabilityRelatedThreat.md @@ -4,8 +4,8 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **capabilities** | **Array<String>** | | [optional] | -| **name** | **String** | | [optional] | +| **capabilities** | **Array<String>** | List of malware family or threat capabilities | [optional] | +| **name** | **String** | Malware Family or Threat Name | [optional] | ## Example diff --git a/docs/DomainVulnerabilityReport.md b/docs/DomainVulnerabilityReport.md index c725a4f9..4dc3d015 100644 --- a/docs/DomainVulnerabilityReport.md +++ b/docs/DomainVulnerabilityReport.md @@ -4,8 +4,8 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **serial_id** | **String** | | [optional] | -| **title** | **String** | | [optional] | +| **serial_id** | **String** | Report serial ID, composed of 2 parts separated with dash, example: CSA-20000, CSIT-220000 | [optional] | +| **title** | **String** | legacy, not populated field | [optional] | ## Example diff --git a/docs/DomainVulnerabilityResponse.md b/docs/DomainVulnerabilityResponse.md index 800d2168..10006faa 100644 --- a/docs/DomainVulnerabilityResponse.md +++ b/docs/DomainVulnerabilityResponse.md @@ -4,9 +4,9 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | | +| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | Array of API Errors | | | **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | | -| **resources** | [**Array<DomainVulnerability>**](DomainVulnerability.md) | | | +| **resources** | [**Array<DomainVulnerability>**](DomainVulnerability.md) | Array of Vulnerability documents that were requested | | ## Example diff --git a/docs/FalconContainerImageApi.md b/docs/FalconContainerImageApi.md index 0289d9df..e7fdeee5 100644 --- a/docs/FalconContainerImageApi.md +++ b/docs/FalconContainerImageApi.md @@ -6,6 +6,7 @@ All URIs are relative to *https://api.crowdstrike.com* | ------ | ------------ | ----------- | | [**create_registry_entities**](FalconContainerImageApi.md#create_registry_entities) | **POST** /container-security/entities/registries/v1 | Create a registry entity using the provided details | | [**delete_registry_entities**](FalconContainerImageApi.md#delete_registry_entities) | **DELETE** /container-security/entities/registries/v1 | Delete the registry entity identified by the entity UUID | +| [**get_combined_images**](FalconContainerImageApi.md#get_combined_images) | **GET** /container-security/combined/image-assessment/images/v1 | Get image assessment results by providing an FQL filter and paging details | | [**read_registry_entities**](FalconContainerImageApi.md#read_registry_entities) | **GET** /container-security/queries/registries/v1 | Retrieve registry entities identified by the customer id | | [**read_registry_entities_by_uuid**](FalconContainerImageApi.md#read_registry_entities_by_uuid) | **GET** /container-security/entities/registries/v1 | Retrieve the registry entity identified by the entity UUID | | [**update_registry_entities**](FalconContainerImageApi.md#update_registry_entities) | **PATCH** /container-security/entities/registries/v1 | Update the registry entity, as identified by the entity UUID, using the provided details | @@ -149,6 +150,83 @@ end - **Accept**: application/json +## get_combined_images + +> get_combined_images(opts) + +Get image assessment results by providing an FQL filter and paging details + +### Examples + +```ruby +require 'time' +require 'crimson-falcon' + +# Setup authorization +Falcon.configure do |config| + config.client_id = "Your_Client_ID" + config.client_secret = "Your_Client_Secret" + config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" +end + +api_instance = Falcon::FalconContainerImageApi.new +opts = { + filter: 'filter_example', # String | Filter images using a query in Falcon Query Language (FQL). Supported filters: container_running_status, cve_id, first_seen, registry, repository, tag, vulnerability_severity + limit: 56, # Integer | The upper-bound on the number of records to retrieve [1-100] + offset: 56, # Integer | The offset from where to begin. + sort: 'sort_example' # String | The fields to sort the records on. Supported columns: [first_seen registry repository tag vulnerability_severity] +} + +begin + # Get image assessment results by providing an FQL filter and paging details + result = api_instance.get_combined_images(opts) + p result +rescue Falcon::ApiError => e + puts "Error when calling FalconContainerImageApi->get_combined_images: #{e}" +end +``` + +#### Using the get_combined_images_with_http_info variant + +This returns an Array which contains the response data, status code and headers. + +> , Integer, Hash)> get_combined_images_with_http_info(opts) + +```ruby +begin + # Get image assessment results by providing an FQL filter and paging details + data, status_code, headers = api_instance.get_combined_images_with_http_info(opts) + p status_code # => 2xx + p headers # => { ... } + p data # => +rescue Falcon::ApiError => e + puts "Error when calling FalconContainerImageApi->get_combined_images_with_http_info: #{e}" +end +``` + +### Parameters + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **filter** | **String** | Filter images using a query in Falcon Query Language (FQL). Supported filters: container_running_status, cve_id, first_seen, registry, repository, tag, vulnerability_severity | [optional] | +| **limit** | **Integer** | The upper-bound on the number of records to retrieve [1-100] | [optional] | +| **offset** | **Integer** | The offset from where to begin. | [optional] | +| **sort** | **String** | The fields to sort the records on. Supported columns: [first_seen registry repository tag vulnerability_severity] | [optional] | + +### Return type + +[**ImagesExtCombinedImagesResponse**](ImagesExtCombinedImagesResponse.md) + +### Authorization + +**oauth2** + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/json + + ## read_registry_entities > read_registry_entities(opts) diff --git a/docs/FalconxAMSICall.md b/docs/FalconxAMSICall.md index 29c234a6..d3605484 100644 --- a/docs/FalconxAMSICall.md +++ b/docs/FalconxAMSICall.md @@ -4,6 +4,8 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | +| **app_name** | **String** | | [optional] | +| **filename** | **String** | | [optional] | | **raw_script_content** | **String** | | [optional] | ## Example @@ -12,6 +14,8 @@ require 'crimson-falcon' instance = Falcon::FalconxAMSICall.new( + app_name: null, + filename: null, raw_script_content: null ) ``` diff --git a/docs/FalconxCertificate.md b/docs/FalconxCertificate.md new file mode 100644 index 00000000..e30c95c6 --- /dev/null +++ b/docs/FalconxCertificate.md @@ -0,0 +1,30 @@ +# Falcon::FalconxCertificate + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **issuer** | **String** | | [optional] | +| **md5** | **String** | | [optional] | +| **owner** | **String** | | [optional] | +| **serial_number** | **String** | | [optional] | +| **sha1** | **String** | | [optional] | +| **valid_from** | **Time** | | [optional] | +| **valid_until** | **Time** | | [optional] | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::FalconxCertificate.new( + issuer: null, + md5: null, + owner: null, + serial_number: null, + sha1: null, + valid_from: null, + valid_until: null +) +``` + diff --git a/docs/FalconxFileDataDirectory.md b/docs/FalconxFileDataDirectory.md new file mode 100644 index 00000000..2c630b00 --- /dev/null +++ b/docs/FalconxFileDataDirectory.md @@ -0,0 +1,24 @@ +# Falcon::FalconxFileDataDirectory + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **is_in_section** | **String** | | [optional] | +| **name** | **String** | | [optional] | +| **virtual_address** | **String** | | [optional] | +| **virtual_size** | **String** | | [optional] | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::FalconxFileDataDirectory.new( + is_in_section: null, + name: null, + virtual_address: null, + virtual_size: null +) +``` + diff --git a/docs/FalconxFileResource.md b/docs/FalconxFileResource.md new file mode 100644 index 00000000..d7100a16 --- /dev/null +++ b/docs/FalconxFileResource.md @@ -0,0 +1,26 @@ +# Falcon::FalconxFileResource + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **language** | **String** | | [optional] | +| **name** | **String** | | [optional] | +| **rva** | **String** | | [optional] | +| **size** | **String** | | [optional] | +| **type** | **String** | | [optional] | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::FalconxFileResource.new( + language: null, + name: null, + rva: null, + size: null, + type: null +) +``` + diff --git a/docs/FalconxFileSection.md b/docs/FalconxFileSection.md new file mode 100644 index 00000000..8fcc4b13 --- /dev/null +++ b/docs/FalconxFileSection.md @@ -0,0 +1,30 @@ +# Falcon::FalconxFileSection + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **characteristics** | **Array<String>** | | [optional] | +| **entropy** | **Float** | | [optional] | +| **md5** | **String** | | [optional] | +| **name** | **String** | | [optional] | +| **raw_size** | **String** | | [optional] | +| **virtual_address** | **String** | | [optional] | +| **virtual_size** | **String** | | [optional] | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::FalconxFileSection.new( + characteristics: null, + entropy: null, + md5: null, + name: null, + raw_size: null, + virtual_address: null, + virtual_size: null +) +``` + diff --git a/docs/FalconxModule.md b/docs/FalconxModule.md new file mode 100644 index 00000000..b2e13c2f --- /dev/null +++ b/docs/FalconxModule.md @@ -0,0 +1,20 @@ +# Falcon::FalconxModule + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **base** | **String** | | [optional] | +| **path** | **String** | | [optional] | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::FalconxModule.new( + base: null, + path: null +) +``` + diff --git a/docs/FalconxProcess.md b/docs/FalconxProcess.md index 38c31e3b..64461166 100644 --- a/docs/FalconxProcess.md +++ b/docs/FalconxProcess.md @@ -9,6 +9,7 @@ | **file_accesses** | [**Array<FalconxFileAccess>**](FalconxFileAccess.md) | | [optional] | | **handles** | [**Array<FalconxHandle>**](FalconxHandle.md) | | [optional] | | **icon_artifact_id** | **String** | | [optional] | +| **modules** | [**Array<FalconxModule>**](FalconxModule.md) | | [optional] | | **mutants** | **Array<String>** | | [optional] | | **name** | **String** | | [optional] | | **normalized_path** | **String** | | [optional] | @@ -32,6 +33,7 @@ instance = Falcon::FalconxProcess.new( file_accesses: null, handles: null, icon_artifact_id: null, + modules: null, mutants: null, name: null, normalized_path: null, diff --git a/docs/FalconxSandboxParametersV1.md b/docs/FalconxSandboxParametersV1.md index d2fa79ab..82856132 100644 --- a/docs/FalconxSandboxParametersV1.md +++ b/docs/FalconxSandboxParametersV1.md @@ -4,6 +4,7 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | +| **interactivity** | **Boolean** | | | | **action_script** | **String** | | [optional] | | **command_line** | **String** | | [optional] | | **document_password** | **String** | | [optional] | @@ -22,6 +23,7 @@ require 'crimson-falcon' instance = Falcon::FalconxSandboxParametersV1.new( + interactivity: null, action_script: null, command_line: null, document_password: null, diff --git a/docs/FalconxSandboxReportV1.md b/docs/FalconxSandboxReportV1.md index b42a022c..397564c9 100644 --- a/docs/FalconxSandboxReportV1.md +++ b/docs/FalconxSandboxReportV1.md @@ -5,10 +5,17 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | | **architecture** | **String** | | [optional] | +| **certificates** | [**Array<FalconxCertificate>**](FalconxCertificate.md) | | [optional] | +| **certificates_validation_message** | **String** | | [optional] | | **classification** | **Array<String>** | | [optional] | | **classification_tags** | **Array<String>** | | [optional] | | **contacted_hosts** | [**Array<FalconxContactedHost>**](FalconxContactedHost.md) | | [optional] | +| **dll_characteristics** | **Array<String>** | | [optional] | | **dns_requests** | [**Array<FalconxDNSRequest>**](FalconxDNSRequest.md) | | [optional] | +| **entrypoint** | **String** | | [optional] | +| **entrypoint_preview_count** | **Integer** | | [optional] | +| **entrypoint_preview_instructions** | **Array<String>** | | [optional] | +| **entrypoint_section** | **String** | | [optional] | | **environment_description** | **String** | | [optional] | | **environment_id** | **Integer** | | [optional] | | **error_message** | **String** | | [optional] | @@ -17,20 +24,30 @@ | **exact_deep_hash** | **String** | | [optional] | | **extracted_files** | [**Array<FalconxExtractedFile>**](FalconxExtractedFile.md) | | [optional] | | **extracted_interesting_strings** | [**Array<FalconxExtractedInterestingString>**](FalconxExtractedInterestingString.md) | | [optional] | +| **file_data_directories** | [**Array<FalconxFileDataDirectory>**](FalconxFileDataDirectory.md) | | [optional] | | **file_imports** | [**Array<FalconxFileImport>**](FalconxFileImport.md) | | [optional] | | **file_metadata** | [**FalconxFileMetadata**](FalconxFileMetadata.md) | | [optional] | +| **file_resources** | [**Array<FalconxFileResource>**](FalconxFileResource.md) | | [optional] | +| **file_sections** | [**Array<FalconxFileSection>**](FalconxFileSection.md) | | [optional] | | **file_size** | **Integer** | | [optional] | | **file_type** | **String** | | [optional] | | **file_type_short** | **Array<String>** | | [optional] | | **http_requests** | [**Array<FalconxHTTPRequest>**](FalconxHTTPRequest.md) | | [optional] | +| **icon** | **String** | | [optional] | +| **image_base** | **String** | | [optional] | +| **image_file_characteristics** | **Array<String>** | | [optional] | | **incidents** | [**Array<FalconxIncident>**](FalconxIncident.md) | | [optional] | | **intelligence_mitre_attacks** | [**Array<FalconxMITREAttack>**](FalconxMITREAttack.md) | | [optional] | | **ioc_report_broad_artifact_id** | **String** | | [optional] | | **ioc_report_strict_artifact_id** | **String** | | [optional] | +| **is_certificates_valid** | **Boolean** | | | +| **language** | **String** | | [optional] | +| **major_os_version** | **Integer** | | [optional] | | **memory_dumps** | [**Array<FalconxMemoryDumpData>**](FalconxMemoryDumpData.md) | | [optional] | | **memory_dumps_artifact_id** | **String** | | [optional] | | **memory_forensics** | [**Array<FalconxMemoryForensic>**](FalconxMemoryForensic.md) | | [optional] | | **memory_strings_artifact_id** | **String** | | [optional] | +| **minor_os_version** | **Integer** | | [optional] | | **mitre_attacks** | [**Array<FalconxMITREAttack>**](FalconxMITREAttack.md) | | [optional] | | **network_settings** | **String** | | [optional] | | **packer** | **String** | | [optional] | @@ -43,12 +60,14 @@ | **submission_type** | **String** | | [optional] | | **submit_name** | **String** | | [optional] | | **submit_url** | **String** | | [optional] | +| **subsystem** | **String** | | [optional] | | **suricata_alerts** | [**Array<FalconxSuricataAlert>**](FalconxSuricataAlert.md) | | [optional] | | **target_url** | **String** | | [optional] | | **threat_score** | **Integer** | | [optional] | | **urls** | [**Array<FalconxUrlData>**](FalconxUrlData.md) | | [optional] | | **verdict** | **String** | | [optional] | | **version_info** | [**Array<FalconxVersionInfo>**](FalconxVersionInfo.md) | | [optional] | +| **visualization** | **String** | | [optional] | | **windows_version_bitness** | **Integer** | | [optional] | | **windows_version_edition** | **String** | | [optional] | | **windows_version_name** | **String** | | [optional] | @@ -62,10 +81,17 @@ require 'crimson-falcon' instance = Falcon::FalconxSandboxReportV1.new( architecture: null, + certificates: null, + certificates_validation_message: null, classification: null, classification_tags: null, contacted_hosts: null, + dll_characteristics: null, dns_requests: null, + entrypoint: null, + entrypoint_preview_count: null, + entrypoint_preview_instructions: null, + entrypoint_section: null, environment_description: null, environment_id: null, error_message: null, @@ -74,20 +100,30 @@ instance = Falcon::FalconxSandboxReportV1.new( exact_deep_hash: null, extracted_files: null, extracted_interesting_strings: null, + file_data_directories: null, file_imports: null, file_metadata: null, + file_resources: null, + file_sections: null, file_size: null, file_type: null, file_type_short: null, http_requests: null, + icon: null, + image_base: null, + image_file_characteristics: null, incidents: null, intelligence_mitre_attacks: null, ioc_report_broad_artifact_id: null, ioc_report_strict_artifact_id: null, + is_certificates_valid: null, + language: null, + major_os_version: null, memory_dumps: null, memory_dumps_artifact_id: null, memory_forensics: null, memory_strings_artifact_id: null, + minor_os_version: null, mitre_attacks: null, network_settings: null, packer: null, @@ -100,12 +136,14 @@ instance = Falcon::FalconxSandboxReportV1.new( submission_type: null, submit_name: null, submit_url: null, + subsystem: null, suricata_alerts: null, target_url: null, threat_score: null, urls: null, verdict: null, version_info: null, + visualization: null, windows_version_bitness: null, windows_version_edition: null, windows_version_name: null, diff --git a/docs/FilevantageApi.md b/docs/FilevantageApi.md index 48c3cfa9..86b15e41 100644 --- a/docs/FilevantageApi.md +++ b/docs/FilevantageApi.md @@ -30,7 +30,7 @@ Falcon.configure do |config| end api_instance = Falcon::FilevantageApi.new -ids = ['inner_example'] # Array | Comma separated values of change ids +ids = ['inner_example'] # Array | One or more change ids in the form of ids=ID1&ids=ID2 begin # Retrieve information on changes @@ -63,7 +63,7 @@ end | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **ids** | [**Array<String>**](String.md) | Comma separated values of change ids | | +| **ids** | [**Array<String>**](String.md) | One or more change ids in the form of ids=ID1&ids=ID2 | | ### Return type diff --git a/docs/FwmgrFirewallMatchEventResponse.md b/docs/FwmgrFirewallMatchEventResponse.md index eb315505..2e73dbee 100644 --- a/docs/FwmgrFirewallMatchEventResponse.md +++ b/docs/FwmgrFirewallMatchEventResponse.md @@ -8,6 +8,7 @@ | **cid** | **String** | | | | **command_line** | **String** | | | | **connection_direction** | **String** | | | +| **domain_name_list** | **String** | | | | **event_type** | **String** | | | | **flags** | [**FwmgrFirewallFlags**](FwmgrFirewallFlags.md) | | | | **hidden** | **Boolean** | | | @@ -49,6 +50,7 @@ instance = Falcon::FwmgrFirewallMatchEventResponse.new( cid: null, command_line: null, connection_direction: null, + domain_name_list: null, event_type: null, flags: null, hidden: null, diff --git a/docs/IdentityEntitiesApi.md b/docs/IdentityEntitiesApi.md new file mode 100644 index 00000000..e64640db --- /dev/null +++ b/docs/IdentityEntitiesApi.md @@ -0,0 +1,225 @@ +# Falcon::IdentityEntitiesApi + +All URIs are relative to *https://api.crowdstrike.com* + +| Method | HTTP request | Description | +| ------ | ------------ | ----------- | +| [**get_sensor_aggregates**](IdentityEntitiesApi.md#get_sensor_aggregates) | **POST** /identity-protection/aggregates/devices/GET/v1 | Get sensor aggregates as specified via json in request body. | +| [**get_sensor_details**](IdentityEntitiesApi.md#get_sensor_details) | **POST** /identity-protection/entities/devices/GET/v1 | Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs. | +| [**query_sensors_by_filter**](IdentityEntitiesApi.md#query_sensors_by_filter) | **GET** /identity-protection/queries/devices/v1 | Search for sensors in your environment by hostname, IP, and other criteria. | + + +## get_sensor_aggregates + +> get_sensor_aggregates(body) + +Get sensor aggregates as specified via json in request body. + +### Examples + +```ruby +require 'time' +require 'crimson-falcon' + +# Setup authorization +Falcon.configure do |config| + config.client_id = "Your_Client_ID" + config.client_secret = "Your_Client_Secret" + config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" +end + +api_instance = Falcon::IdentityEntitiesApi.new +body = Falcon::MsaAggregateQueryRequest.new({date_ranges: [Falcon::MsaDateRangeSpec.new({from: 'from_example', to: 'to_example'})], exclude: 'exclude_example', field: 'field_example', filter: 'filter_example', from: 37, include: 'include_example', interval: 'interval_example', missing: 'missing_example', name: 'name_example', q: 'q_example', ranges: [Falcon::MsaRangeSpec.new({from: 3.56, to: 3.56})], size: 37, sort: 'sort_example', sub_aggregates: [Falcon::MsaAggregateQueryRequest.new({date_ranges: [Falcon::MsaDateRangeSpec.new({from: 'from_example', to: 'to_example'})], exclude: 'exclude_example', field: 'field_example', filter: 'filter_example', from: 37, include: 'include_example', interval: 'interval_example', missing: 'missing_example', name: 'name_example', q: 'q_example', ranges: [Falcon::MsaRangeSpec.new({from: 3.56, to: 3.56})], size: 37, sort: 'sort_example', sub_aggregates: [], time_zone: 'time_zone_example', type: 'type_example'})], time_zone: 'time_zone_example', type: 'type_example'}) # MsaAggregateQueryRequest | + +begin + # Get sensor aggregates as specified via json in request body. + result = api_instance.get_sensor_aggregates(body) + p result +rescue Falcon::ApiError => e + puts "Error when calling IdentityEntitiesApi->get_sensor_aggregates: #{e}" +end +``` + +#### Using the get_sensor_aggregates_with_http_info variant + +This returns an Array which contains the response data, status code and headers. + +> , Integer, Hash)> get_sensor_aggregates_with_http_info(body) + +```ruby +begin + # Get sensor aggregates as specified via json in request body. + data, status_code, headers = api_instance.get_sensor_aggregates_with_http_info(body) + p status_code # => 2xx + p headers # => { ... } + p data # => +rescue Falcon::ApiError => e + puts "Error when calling IdentityEntitiesApi->get_sensor_aggregates_with_http_info: #{e}" +end +``` + +### Parameters + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **body** | [**MsaAggregateQueryRequest**](MsaAggregateQueryRequest.md) | | | + +### Return type + +[**MsaAggregatesResponse**](MsaAggregatesResponse.md) + +### Authorization + +**oauth2** + +### HTTP request headers + +- **Content-Type**: application/json +- **Accept**: application/json + + +## get_sensor_details + +> get_sensor_details(body) + +Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs. + +### Examples + +```ruby +require 'time' +require 'crimson-falcon' + +# Setup authorization +Falcon.configure do |config| + config.client_id = "Your_Client_ID" + config.client_secret = "Your_Client_Secret" + config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" +end + +api_instance = Falcon::IdentityEntitiesApi.new +body = Falcon::MsaIdsRequest.new({ids: ['ids_example']}) # MsaIdsRequest | + +begin + # Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs. + result = api_instance.get_sensor_details(body) + p result +rescue Falcon::ApiError => e + puts "Error when calling IdentityEntitiesApi->get_sensor_details: #{e}" +end +``` + +#### Using the get_sensor_details_with_http_info variant + +This returns an Array which contains the response data, status code and headers. + +> , Integer, Hash)> get_sensor_details_with_http_info(body) + +```ruby +begin + # Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs. + data, status_code, headers = api_instance.get_sensor_details_with_http_info(body) + p status_code # => 2xx + p headers # => { ... } + p data # => +rescue Falcon::ApiError => e + puts "Error when calling IdentityEntitiesApi->get_sensor_details_with_http_info: #{e}" +end +``` + +### Parameters + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **body** | [**MsaIdsRequest**](MsaIdsRequest.md) | | | + +### Return type + +[**ApiSensorDetailsResponseSwagger**](ApiSensorDetailsResponseSwagger.md) + +### Authorization + +**oauth2** + +### HTTP request headers + +- **Content-Type**: application/json +- **Accept**: application/json + + +## query_sensors_by_filter + +> query_sensors_by_filter(opts) + +Search for sensors in your environment by hostname, IP, and other criteria. + +### Examples + +```ruby +require 'time' +require 'crimson-falcon' + +# Setup authorization +Falcon.configure do |config| + config.client_id = "Your_Client_ID" + config.client_secret = "Your_Client_Secret" + config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" +end + +api_instance = Falcon::IdentityEntitiesApi.new +opts = { + offset: 56, # Integer | The offset to start retrieving records from + limit: 56, # Integer | The maximum records to return. [1-200] + sort: 'sort_example', # String | The property to sort by (e.g. status.desc or hostname.asc) + filter: 'filter_example' # String | The filter expression that should be used to limit the results +} + +begin + # Search for sensors in your environment by hostname, IP, and other criteria. + result = api_instance.query_sensors_by_filter(opts) + p result +rescue Falcon::ApiError => e + puts "Error when calling IdentityEntitiesApi->query_sensors_by_filter: #{e}" +end +``` + +#### Using the query_sensors_by_filter_with_http_info variant + +This returns an Array which contains the response data, status code and headers. + +> , Integer, Hash)> query_sensors_by_filter_with_http_info(opts) + +```ruby +begin + # Search for sensors in your environment by hostname, IP, and other criteria. + data, status_code, headers = api_instance.query_sensors_by_filter_with_http_info(opts) + p status_code # => 2xx + p headers # => { ... } + p data # => +rescue Falcon::ApiError => e + puts "Error when calling IdentityEntitiesApi->query_sensors_by_filter_with_http_info: #{e}" +end +``` + +### Parameters + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **offset** | **Integer** | The offset to start retrieving records from | [optional] | +| **limit** | **Integer** | The maximum records to return. [1-200] | [optional] | +| **sort** | **String** | The property to sort by (e.g. status.desc or hostname.asc) | [optional] | +| **filter** | **String** | The filter expression that should be used to limit the results | [optional] | + +### Return type + +[**MsaspecQueryResponse**](MsaspecQueryResponse.md) + +### Authorization + +**oauth2** + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/json + diff --git a/docs/ImagesExtCombinedImagesResponse.md b/docs/ImagesExtCombinedImagesResponse.md new file mode 100644 index 00000000..535f682b --- /dev/null +++ b/docs/ImagesExtCombinedImagesResponse.md @@ -0,0 +1,22 @@ +# Falcon::ImagesExtCombinedImagesResponse + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | [optional] | +| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | | +| **resources** | [**Array<ModelsExtAPIImageCombined>**](ModelsExtAPIImageCombined.md) | | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::ImagesExtCombinedImagesResponse.new( + errors: null, + meta: null, + resources: null +) +``` + diff --git a/docs/IncidentsApi.md b/docs/IncidentsApi.md index fece2f39..cb09851c 100644 --- a/docs/IncidentsApi.md +++ b/docs/IncidentsApi.md @@ -326,7 +326,7 @@ opts = { filter: 'filter_example', # String | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). offset: 56, # Integer | Starting index of overall result set from which to return ids. limit: 56, # Integer | The maximum records to return. [1-500] - sort: 'cmdline.asc' # String | The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\". + sort: 'alert_ids.asc' # String | The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\". } begin diff --git a/docs/IntelApi.md b/docs/IntelApi.md index 2a07b89b..ec3f0f33 100644 --- a/docs/IntelApi.md +++ b/docs/IntelApi.md @@ -21,7 +21,7 @@ All URIs are relative to *https://api.crowdstrike.com* | [**query_intel_report_entities**](IntelApi.md#query_intel_report_entities) | **GET** /intel/combined/reports/v1 | Get info about reports that match provided FQL filters. | | [**query_intel_report_ids**](IntelApi.md#query_intel_report_ids) | **GET** /intel/queries/reports/v1 | Get report IDs that match provided FQL filters. | | [**query_intel_rule_ids**](IntelApi.md#query_intel_rule_ids) | **GET** /intel/queries/rules/v1 | Search for rule IDs that match provided filter criteria. | -| [**query_mitre_attacks**](IntelApi.md#query_mitre_attacks) | **GET** /intel/queries/mitre/v1 | Gets MITRE tactics and techniques for the given actor | +| [**query_mitre_attacks**](IntelApi.md#query_mitre_attacks) | **GET** /intel/queries/mitre/v1 | Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071 | | [**query_vulnerabilities**](IntelApi.md#query_vulnerabilities) | **GET** /intel/queries/vulnerabilities/v1 | Get vulnerabilities IDs | @@ -764,7 +764,7 @@ opts = { offset: 56, # Integer | Set the starting row number to return actors from. Defaults to 0. limit: 56, # Integer | Set the number of actors to return. The value must be between 1 and 5000. sort: 'sort_example', # String | Order fields in ascending or descending order. Ex: created_date|asc. - filter: 'filter_example', # String | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions. + filter: 'filter_example', # String | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value. q: 'q_example', # String | Perform a generic substring search across all fields. fields: ['inner_example'] # Array | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: \\_\\_\\\\_\\_. Ex: slug \\_\\_full\\_\\_. Defaults to \\_\\_basic\\_\\_. } @@ -803,7 +803,7 @@ end | **offset** | **Integer** | Set the starting row number to return actors from. Defaults to 0. | [optional] | | **limit** | **Integer** | Set the number of actors to return. The value must be between 1 and 5000. | [optional] | | **sort** | **String** | Order fields in ascending or descending order. Ex: created_date|asc. | [optional] | -| **filter** | **String** | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions. | [optional] | +| **filter** | **String** | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value. | [optional] | | **q** | **String** | Perform a generic substring search across all fields. | [optional] | | **fields** | [**Array<String>**](String.md) | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: \\_\\_\\<collection\\>\\_\\_. Ex: slug \\_\\_full\\_\\_. Defaults to \\_\\_basic\\_\\_. | [optional] | @@ -845,7 +845,7 @@ opts = { offset: 56, # Integer | Set the starting row number to return actors IDs from. Defaults to 0. limit: 56, # Integer | Set the number of actor IDs to return. The value must be between 1 and 5000. sort: 'sort_example', # String | Order fields in ascending or descending order. Ex: created_date|asc. - filter: 'filter_example', # String | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions. + filter: 'filter_example', # String | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value. q: 'q_example' # String | Perform a generic substring search across all fields. } @@ -883,7 +883,7 @@ end | **offset** | **Integer** | Set the starting row number to return actors IDs from. Defaults to 0. | [optional] | | **limit** | **Integer** | Set the number of actor IDs to return. The value must be between 1 and 5000. | [optional] | | **sort** | **String** | Order fields in ascending or descending order. Ex: created_date|asc. | [optional] | -| **filter** | **String** | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions. | [optional] | +| **filter** | **String** | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value. | [optional] | | **q** | **String** | Perform a generic substring search across all fields. | [optional] | ### Return type @@ -1317,9 +1317,9 @@ end ## query_mitre_attacks -> query_mitre_attacks(id) +> query_mitre_attacks(opts) -Gets MITRE tactics and techniques for the given actor +Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071 ### Examples @@ -1335,11 +1335,15 @@ Falcon.configure do |config| end api_instance = Falcon::IntelApi.new -id = 'id_example' # String | The actor ID(derived from the actor's name) for which to retrieve a list of attacks. +opts = { + id: 'id_example', # String | The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed + ids: ['inner_example'] # Array | The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed +} begin - # Gets MITRE tactics and techniques for the given actor - api_instance.query_mitre_attacks(id) + # Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071 + result = api_instance.query_mitre_attacks(opts) + p result rescue Falcon::ApiError => e puts "Error when calling IntelApi->query_mitre_attacks: #{e}" end @@ -1347,17 +1351,17 @@ end #### Using the query_mitre_attacks_with_http_info variant -This returns an Array which contains the response data (`nil` in this case), status code and headers. +This returns an Array which contains the response data, status code and headers. -> query_mitre_attacks_with_http_info(id) +> , Integer, Hash)> query_mitre_attacks_with_http_info(opts) ```ruby begin - # Gets MITRE tactics and techniques for the given actor - data, status_code, headers = api_instance.query_mitre_attacks_with_http_info(id) + # Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071 + data, status_code, headers = api_instance.query_mitre_attacks_with_http_info(opts) p status_code # => 2xx p headers # => { ... } - p data # => nil + p data # => rescue Falcon::ApiError => e puts "Error when calling IntelApi->query_mitre_attacks_with_http_info: #{e}" end @@ -1367,11 +1371,12 @@ end | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **id** | **String** | The actor ID(derived from the actor's name) for which to retrieve a list of attacks. | | +| **id** | **String** | The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed | [optional] | +| **ids** | [**Array<String>**](String.md) | The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed | [optional] | ### Return type -nil (empty response body) +[**DomainQueryMitreAttacksResponse**](DomainQueryMitreAttacksResponse.md) ### Authorization diff --git a/docs/InternalSensorStatus.md b/docs/InternalSensorStatus.md new file mode 100644 index 00000000..314de0a5 --- /dev/null +++ b/docs/InternalSensorStatus.md @@ -0,0 +1,36 @@ +# Falcon::InternalSensorStatus + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **agent_version** | **String** | | [optional] | +| **cid** | **String** | | | +| **device_id** | **String** | | | +| **hostname** | **String** | | [optional] | +| **idp_policy_id** | **String** | | [optional] | +| **idp_policy_name** | **String** | | [optional] | +| **local_ip** | **String** | | [optional] | +| **machine_domain** | **String** | | [optional] | +| **os_version** | **String** | | [optional] | +| **ti_enabled** | **String** | | [optional] | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::InternalSensorStatus.new( + agent_version: null, + cid: null, + device_id: null, + hostname: null, + idp_policy_id: null, + idp_policy_name: null, + local_ip: null, + machine_domain: null, + os_version: null, + ti_enabled: null +) +``` + diff --git a/docs/InventoriesApi.md b/docs/InventoriesApi.md new file mode 100644 index 00000000..a4db4bc0 --- /dev/null +++ b/docs/InventoriesApi.md @@ -0,0 +1,77 @@ +# Falcon::InventoriesApi + +All URIs are relative to *https://api.crowdstrike.com* + +| Method | HTTP request | Description | +| ------ | ------------ | ----------- | +| [**create_inventory**](InventoriesApi.md#create_inventory) | **POST** /snapshots/entities/inventories/v1 | Create inventory from data received from snapshot | + + +## create_inventory + +> create_inventory(body) + +Create inventory from data received from snapshot + +### Examples + +```ruby +require 'time' +require 'crimson-falcon' + +# Setup authorization +Falcon.configure do |config| + config.client_id = "Your_Client_ID" + config.client_secret = "Your_Client_Secret" + config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" +end + +api_instance = Falcon::InventoriesApi.new +body = Falcon::ModelsSnapshotInventoryPayload.new({job_metadata: Falcon::ModelsJobMetaData.new({cloud_provider: 'cloud_provider_example', instance_id: 'instance_id_example', job_end_time: Time.now, job_id: 'job_id_example', job_start_time: Time.now, message: 'message_example', scanner_version: 'scanner_version_example', status: 'status_example'}), results: Falcon::ModelsScanResults.new({applications: [Falcon::ModelsSnapshotInventoryApplication.new({major_version: 'major_version_example', package_hash: 'package_hash_example', package_provider: 'package_provider_example', package_source: 'package_source_example', path: 'path_example', product: 'product_example', software_architecture: 'software_architecture_example', type: 'type_example', vendor: 'vendor_example'})], os_version: 'os_version_example'})}) # ModelsSnapshotInventoryPayload | + +begin + # Create inventory from data received from snapshot + result = api_instance.create_inventory(body) + p result +rescue Falcon::ApiError => e + puts "Error when calling InventoriesApi->create_inventory: #{e}" +end +``` + +#### Using the create_inventory_with_http_info variant + +This returns an Array which contains the response data, status code and headers. + +> , Integer, Hash)> create_inventory_with_http_info(body) + +```ruby +begin + # Create inventory from data received from snapshot + data, status_code, headers = api_instance.create_inventory_with_http_info(body) + p status_code # => 2xx + p headers # => { ... } + p data # => +rescue Falcon::ApiError => e + puts "Error when calling InventoriesApi->create_inventory_with_http_info: #{e}" +end +``` + +### Parameters + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **body** | [**ModelsSnapshotInventoryPayload**](ModelsSnapshotInventoryPayload.md) | | | + +### Return type + +[**CommonEntitiesResponse**](CommonEntitiesResponse.md) + +### Authorization + +**oauth2** + +### HTTP request headers + +- **Content-Type**: application/json +- **Accept**: application/json + diff --git a/docs/ModelsCredentials.md b/docs/ModelsCredentials.md new file mode 100644 index 00000000..70214f3e --- /dev/null +++ b/docs/ModelsCredentials.md @@ -0,0 +1,18 @@ +# Falcon::ModelsCredentials + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **token** | **String** | | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::ModelsCredentials.new( + token: null +) +``` + diff --git a/docs/ModelsExtAPIImageCombined.md b/docs/ModelsExtAPIImageCombined.md new file mode 100644 index 00000000..e6b9e916 --- /dev/null +++ b/docs/ModelsExtAPIImageCombined.md @@ -0,0 +1,54 @@ +# Falcon::ModelsExtAPIImageCombined + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **base_os** | **String** | | | +| **cid** | **String** | | | +| **containers** | **Integer** | | | +| **detections** | **Integer** | | | +| **first_seen** | **String** | | | +| **highest_detection_severity** | **String** | | | +| **highest_vulnerability_severity** | **String** | | | +| **image_digest** | **String** | | | +| **image_id** | **String** | | | +| **last_seen** | **String** | | | +| **layers_with_vulnerabilities** | **Integer** | | | +| **packages** | **Integer** | | | +| **registry** | **String** | | | +| **report_url_by_id_and_digest** | **String** | | | +| **report_url_by_repo_and_tag** | **String** | | | +| **repository** | **String** | | | +| **tag** | **String** | | | +| **vulnerabilities** | **Integer** | | | +| **warning** | **Integer** | | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::ModelsExtAPIImageCombined.new( + base_os: null, + cid: null, + containers: null, + detections: null, + first_seen: null, + highest_detection_severity: null, + highest_vulnerability_severity: null, + image_digest: null, + image_id: null, + last_seen: null, + layers_with_vulnerabilities: null, + packages: null, + registry: null, + report_url_by_id_and_digest: null, + report_url_by_repo_and_tag: null, + repository: null, + tag: null, + vulnerabilities: null, + warning: null +) +``` + diff --git a/docs/ModelsJobMetaData.md b/docs/ModelsJobMetaData.md new file mode 100644 index 00000000..14c01906 --- /dev/null +++ b/docs/ModelsJobMetaData.md @@ -0,0 +1,32 @@ +# Falcon::ModelsJobMetaData + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **cloud_provider** | **String** | | | +| **instance_id** | **String** | | | +| **job_end_time** | **Time** | | | +| **job_id** | **String** | | | +| **job_start_time** | **Time** | | | +| **message** | **String** | | | +| **scanner_version** | **String** | | | +| **status** | **String** | | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::ModelsJobMetaData.new( + cloud_provider: null, + instance_id: null, + job_end_time: null, + job_id: null, + job_start_time: null, + message: null, + scanner_version: null, + status: null +) +``` + diff --git a/docs/ModelsRegistryCredentialsResponse.md b/docs/ModelsRegistryCredentialsResponse.md new file mode 100644 index 00000000..74db838a --- /dev/null +++ b/docs/ModelsRegistryCredentialsResponse.md @@ -0,0 +1,22 @@ +# Falcon::ModelsRegistryCredentialsResponse + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | | +| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | | +| **resources** | [**Array<ModelsCredentials>**](ModelsCredentials.md) | | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::ModelsRegistryCredentialsResponse.new( + errors: null, + meta: null, + resources: null +) +``` + diff --git a/docs/ModelsScanResults.md b/docs/ModelsScanResults.md new file mode 100644 index 00000000..2cca7443 --- /dev/null +++ b/docs/ModelsScanResults.md @@ -0,0 +1,20 @@ +# Falcon::ModelsScanResults + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **applications** | [**Array<ModelsSnapshotInventoryApplication>**](ModelsSnapshotInventoryApplication.md) | | | +| **os_version** | **String** | | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::ModelsScanResults.new( + applications: null, + os_version: null +) +``` + diff --git a/docs/ModelsSnapshotInventoryApplication.md b/docs/ModelsSnapshotInventoryApplication.md new file mode 100644 index 00000000..f838e3e9 --- /dev/null +++ b/docs/ModelsSnapshotInventoryApplication.md @@ -0,0 +1,34 @@ +# Falcon::ModelsSnapshotInventoryApplication + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **major_version** | **String** | | | +| **package_hash** | **String** | | | +| **package_provider** | **String** | | | +| **package_source** | **String** | | | +| **path** | **String** | | | +| **product** | **String** | | | +| **software_architecture** | **String** | | | +| **type** | **String** | | | +| **vendor** | **String** | | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::ModelsSnapshotInventoryApplication.new( + major_version: null, + package_hash: null, + package_provider: null, + package_source: null, + path: null, + product: null, + software_architecture: null, + type: null, + vendor: null +) +``` + diff --git a/docs/ModelsSnapshotInventoryPayload.md b/docs/ModelsSnapshotInventoryPayload.md new file mode 100644 index 00000000..17bd6418 --- /dev/null +++ b/docs/ModelsSnapshotInventoryPayload.md @@ -0,0 +1,20 @@ +# Falcon::ModelsSnapshotInventoryPayload + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **job_metadata** | [**ModelsJobMetaData**](ModelsJobMetaData.md) | | | +| **results** | [**ModelsScanResults**](ModelsScanResults.md) | | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::ModelsSnapshotInventoryPayload.new( + job_metadata: null, + results: null +) +``` + diff --git a/docs/MsspApi.md b/docs/MsspApi.md index eb3ee625..f1be55f9 100644 --- a/docs/MsspApi.md +++ b/docs/MsspApi.md @@ -9,7 +9,8 @@ All URIs are relative to *https://api.crowdstrike.com* | [**add_user_group_members**](MsspApi.md#add_user_group_members) | **POST** /mssp/entities/user-group-members/v1 | Add new user group member. Maximum 500 members allowed per user group. | | [**create_cid_groups**](MsspApi.md#create_cid_groups) | **POST** /mssp/entities/cid-groups/v1 | Create new CID groups. Name is a required field but description is an optional field. Maximum 500 CID groups allowed. | | [**create_user_groups**](MsspApi.md#create_user_groups) | **POST** /mssp/entities/user-groups/v1 | Create new user groups. Name is a required field but description is an optional field. Maximum 500 user groups allowed per customer. | -| [**delete_cid_group_members**](MsspApi.md#delete_cid_group_members) | **DELETE** /mssp/entities/cid-group-members/v1 | Delete CID group members. | +| [**delete_cid_group_members**](MsspApi.md#delete_cid_group_members) | **DELETE** /mssp/entities/cid-group-members/v1 | Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members. | +| [**delete_cid_group_members_v2**](MsspApi.md#delete_cid_group_members_v2) | **DELETE** /mssp/entities/cid-group-members/v2 | Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group. | | [**delete_cid_groups**](MsspApi.md#delete_cid_groups) | **DELETE** /mssp/entities/cid-groups/v1 | Delete CID groups by ID. | | [**delete_user_group_members**](MsspApi.md#delete_user_group_members) | **DELETE** /mssp/entities/user-group-members/v1 | Delete user group members entry. | | [**delete_user_groups**](MsspApi.md#delete_user_groups) | **DELETE** /mssp/entities/user-groups/v1 | Delete user groups by ID. | @@ -262,7 +263,7 @@ Falcon.configure do |config| end api_instance = Falcon::MsspApi.new -body = Falcon::DomainCIDGroupsRequestV1.new({resources: [Falcon::DomainCIDGroup.new({description: 'description_example', name: 'name_example'})]}) # DomainCIDGroupsRequestV1 | Only 'name' and/or 'description' fields are required. Remaining are assigned by the system. +body = Falcon::DomainCIDGroupsRequestV1.new({resources: [Falcon::DomainCIDGroup.new({cid_group_id: 'cid_group_id_example', name: 'name_example'})]}) # DomainCIDGroupsRequestV1 | Only 'name' and/or 'description' fields are required. Remaining are assigned by the system. begin # Create new CID groups. Name is a required field but description is an optional field. Maximum 500 CID groups allowed. @@ -384,7 +385,7 @@ end > delete_cid_group_members(body) -Delete CID group members. +Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members. ### Examples @@ -403,7 +404,7 @@ api_instance = Falcon::MsspApi.new body = Falcon::DomainCIDGroupMembersRequestV1.new({resources: [Falcon::DomainCIDGroupMembers.new({cid_group_id: 'cid_group_id_example', cids: ['cids_example']})]}) # DomainCIDGroupMembersRequestV1 | Both 'cid_group_id' and 'cids' fields are required. begin - # Delete CID group members. + # Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members. result = api_instance.delete_cid_group_members(body) p result rescue Falcon::ApiError => e @@ -419,7 +420,7 @@ This returns an Array which contains the response data, status code and headers. ```ruby begin - # Delete CID group members. + # Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members. data, status_code, headers = api_instance.delete_cid_group_members_with_http_info(body) p status_code # => 2xx p headers # => { ... } @@ -449,6 +450,75 @@ end - **Accept**: application/json +## delete_cid_group_members_v2 + +> delete_cid_group_members_v2(body) + +Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group. + +### Examples + +```ruby +require 'time' +require 'crimson-falcon' + +# Setup authorization +Falcon.configure do |config| + config.client_id = "Your_Client_ID" + config.client_secret = "Your_Client_Secret" + config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" +end + +api_instance = Falcon::MsspApi.new +body = Falcon::DomainCIDGroupMembersRequestV1.new({resources: [Falcon::DomainCIDGroupMembers.new({cid_group_id: 'cid_group_id_example', cids: ['cids_example']})]}) # DomainCIDGroupMembersRequestV1 | Both 'cid_group_id' and 'cids' fields are required. + +begin + # Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group. + result = api_instance.delete_cid_group_members_v2(body) + p result +rescue Falcon::ApiError => e + puts "Error when calling MsspApi->delete_cid_group_members_v2: #{e}" +end +``` + +#### Using the delete_cid_group_members_v2_with_http_info variant + +This returns an Array which contains the response data, status code and headers. + +> , Integer, Hash)> delete_cid_group_members_v2_with_http_info(body) + +```ruby +begin + # Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group. + data, status_code, headers = api_instance.delete_cid_group_members_v2_with_http_info(body) + p status_code # => 2xx + p headers # => { ... } + p data # => +rescue Falcon::ApiError => e + puts "Error when calling MsspApi->delete_cid_group_members_v2_with_http_info: #{e}" +end +``` + +### Parameters + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **body** | [**DomainCIDGroupMembersRequestV1**](DomainCIDGroupMembersRequestV1.md) | Both 'cid_group_id' and 'cids' fields are required. | | + +### Return type + +[**DomainCIDGroupMembersResponseV1**](DomainCIDGroupMembersResponseV1.md) + +### Authorization + +**oauth2** + +### HTTP request headers + +- **Content-Type**: application/json +- **Accept**: application/json + + ## delete_cid_groups > delete_cid_groups(cid_group_ids) @@ -1970,7 +2040,7 @@ Falcon.configure do |config| end api_instance = Falcon::MsspApi.new -body = Falcon::DomainCIDGroupsRequestV1.new({resources: [Falcon::DomainCIDGroup.new({description: 'description_example', name: 'name_example'})]}) # DomainCIDGroupsRequestV1 | 'cid_group_id' field is required to identify the CID group to update along with 'name' and/or 'description' fields to be updated. +body = Falcon::DomainCIDGroupsRequestV1.new({resources: [Falcon::DomainCIDGroup.new({cid_group_id: 'cid_group_id_example', name: 'name_example'})]}) # DomainCIDGroupsRequestV1 | 'cid_group_id' field is required to identify the CID group to update along with 'name' and/or 'description' fields to be updated. begin # Update existing CID groups. CID group ID is expected for each CID group definition provided in request body. Name is a required field but description is an optional field. Empty description will override existing value. CID group member(s) remain unaffected. diff --git a/docs/ProvisionApi.md b/docs/ProvisionApi.md new file mode 100644 index 00000000..b76a6b0a --- /dev/null +++ b/docs/ProvisionApi.md @@ -0,0 +1,74 @@ +# Falcon::ProvisionApi + +All URIs are relative to *https://api.crowdstrike.com* + +| Method | HTTP request | Description | +| ------ | ------------ | ----------- | +| [**get_credentials_mixin0**](ProvisionApi.md#get_credentials_mixin0) | **GET** /snapshots/entities/image-registry-credentials/v1 | Gets the registry credentials | + + +## get_credentials_mixin0 + +> get_credentials_mixin0 + +Gets the registry credentials + +### Examples + +```ruby +require 'time' +require 'crimson-falcon' + +# Setup authorization +Falcon.configure do |config| + config.client_id = "Your_Client_ID" + config.client_secret = "Your_Client_Secret" + config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" +end + +api_instance = Falcon::ProvisionApi.new + +begin + # Gets the registry credentials + result = api_instance.get_credentials_mixin0 + p result +rescue Falcon::ApiError => e + puts "Error when calling ProvisionApi->get_credentials_mixin0: #{e}" +end +``` + +#### Using the get_credentials_mixin0_with_http_info variant + +This returns an Array which contains the response data, status code and headers. + +> , Integer, Hash)> get_credentials_mixin0_with_http_info + +```ruby +begin + # Gets the registry credentials + data, status_code, headers = api_instance.get_credentials_mixin0_with_http_info + p status_code # => 2xx + p headers # => { ... } + p data # => +rescue Falcon::ApiError => e + puts "Error when calling ProvisionApi->get_credentials_mixin0_with_http_info: #{e}" +end +``` + +### Parameters + +This endpoint does not need any parameter. + +### Return type + +[**ModelsRegistryCredentialsResponse**](ModelsRegistryCredentialsResponse.md) + +### Authorization + +**oauth2** + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/json + diff --git a/docs/PublicACL.md b/docs/PublicACL.md index 5ad40381..5c48722a 100644 --- a/docs/PublicACL.md +++ b/docs/PublicACL.md @@ -4,7 +4,7 @@ | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **acl_permission_change** | [**Array<PublicBasic>**](PublicBasic.md) | | [optional] | +| **acl_permission_change** | [**Array<PublicACLChange>**](PublicACLChange.md) | | [optional] | | **entity** | **String** | | [optional] | | **entity_id** | **String** | | [optional] | | **entity_name** | **String** | | [optional] | diff --git a/docs/PublicACLChange.md b/docs/PublicACLChange.md new file mode 100644 index 00000000..2a6d2ea2 --- /dev/null +++ b/docs/PublicACLChange.md @@ -0,0 +1,20 @@ +# Falcon::PublicACLChange + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **operation** | **String** | | [optional] | +| **permissions** | **String** | | [optional] | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::PublicACLChange.new( + operation: null, + permissions: null +) +``` + diff --git a/docs/ReconApi.md b/docs/ReconApi.md index 522fe664..18d14d34 100644 --- a/docs/ReconApi.md +++ b/docs/ReconApi.md @@ -1752,7 +1752,7 @@ Falcon.configure do |config| end api_instance = Falcon::ReconApi.new -body = [Falcon::DomainUpdateNotificationRequestV1.new({assigned_to_uuid: 'assigned_to_uuid_example', id: 'id_example', status: 'status_example'})] # Array | +body = [Falcon::DomainUpdateNotificationRequestV1.new({assigned_to_uuid: 'assigned_to_uuid_example', id: 'id_example', idp_send_status: 'idp_send_status_example', message: 'message_example', status: 'status_example'})] # Array | begin # Update notification status or assignee. Accepts bulk requests diff --git a/docs/RegistrationAzureAccountV1Ext.md b/docs/RegistrationAzureAccountV1Ext.md index ba91af8a..196d02ce 100644 --- a/docs/RegistrationAzureAccountV1Ext.md +++ b/docs/RegistrationAzureAccountV1Ext.md @@ -12,10 +12,12 @@ | **azure_permissions_status** | [**Array<DomainPermission>**](DomainPermission.md) | Permissions status returned via API. | | | **cid** | **String** | | | | **client_id** | **String** | | [optional] | +| **cloud_scopes** | [**Array<DomainCloudScope>**](DomainCloudScope.md) | | [optional] | | **conditions** | [**Array<DomainCondition>**](DomainCondition.md) | | [optional] | | **credentials_end_date** | **Time** | | [optional] | | **credentials_type** | **String** | | [optional] | | **default_subscription_id** | **String** | Default Azure Subscription ID to provision shared IOA infrastructure. | [optional] | +| **environment** | **String** | | [optional] | | **object_id** | **String** | | [optional] | | **public_certificate** | **String** | | [optional] | | **public_certificate_raw** | **String** | | [optional] | @@ -23,6 +25,7 @@ | **show_modal** | **Boolean** | Whether to show modal on the UI instructing existing D4C Azure customer to reregister subscriptions for CSPM. | | | **status** | **String** | Account registration status. | [optional] | | **subscription_id** | **String** | Azure Subscription ID. | [optional] | +| **subscription_name** | **String** | Azure Subscription Name. | [optional] | | **tenant_id** | **String** | Azure Tenant ID to use. | [optional] | | **years_valid** | **Integer** | | [optional] | @@ -40,10 +43,12 @@ instance = Falcon::RegistrationAzureAccountV1Ext.new( azure_permissions_status: null, cid: null, client_id: null, + cloud_scopes: null, conditions: null, credentials_end_date: null, credentials_type: null, default_subscription_id: null, + environment: null, object_id: null, public_certificate: null, public_certificate_raw: null, @@ -51,6 +56,7 @@ instance = Falcon::RegistrationAzureAccountV1Ext.new( show_modal: null, status: null, subscription_id: null, + subscription_name: null, tenant_id: null, years_valid: null ) diff --git a/docs/RegistrationIOAEvent.md b/docs/RegistrationIOAEvent.md index 3e4e3e24..a622b817 100644 --- a/docs/RegistrationIOAEvent.md +++ b/docs/RegistrationIOAEvent.md @@ -27,9 +27,9 @@ | **read_only** | **Boolean** | | [optional] | | **recipient_account_id** | **String** | | [optional] | | **request_id** | **String** | | [optional] | -| **request_parameters** | **String** | | [optional] | -| **resources** | **String** | | [optional] | -| **response_elements** | **String** | | [optional] | +| **request_parameters** | **Object** | | [optional] | +| **resources** | **Array<Object>** | | [optional] | +| **response_elements** | **Object** | | [optional] | | **service** | **String** | | | | **service_event_details** | **String** | | [optional] | | **severity** | **String** | | | @@ -38,7 +38,7 @@ | **state** | **String** | | | | **user_agent** | **String** | | [optional] | | **user_id** | **String** | | [optional] | -| **user_identity** | **String** | | [optional] | +| **user_identity** | **Object** | | [optional] | | **vertex_id** | **String** | | | | **vertex_type** | **String** | | | | **vpc_endpoint_id** | **String** | | [optional] | diff --git a/docs/RegistrationIOMEventV2.md b/docs/RegistrationIOMEventV2.md index 5ae4e6f1..31f48038 100644 --- a/docs/RegistrationIOMEventV2.md +++ b/docs/RegistrationIOMEventV2.md @@ -9,7 +9,9 @@ | **agent_id** | **String** | | [optional] | | **azure_tenant_id** | **String** | | [optional] | | **cid** | **String** | | | +| **cloud_labels** | [**Array<ClassificationLabel>**](ClassificationLabel.md) | | [optional] | | **cloud_provider** | **String** | | | +| **cloud_scopes** | [**Array<DomainCloudScope>**](DomainCloudScope.md) | | [optional] | | **custom_policy_id** | **Integer** | | [optional] | | **finding** | **Object** | | | | **id** | **String** | | | @@ -44,7 +46,9 @@ instance = Falcon::RegistrationIOMEventV2.new( agent_id: null, azure_tenant_id: null, cid: null, + cloud_labels: null, cloud_provider: null, + cloud_scopes: null, custom_policy_id: null, finding: null, id: null, diff --git a/docs/SadomainNotificationLog.md b/docs/SadomainNotificationLog.md new file mode 100644 index 00000000..cfc9bf62 --- /dev/null +++ b/docs/SadomainNotificationLog.md @@ -0,0 +1,36 @@ +# Falcon::SadomainNotificationLog + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | +| **action** | **String** | | | +| **cid** | **String** | | | +| **created_date** | **Time** | | | +| **details** | **String** | | | +| **id** | **String** | | | +| **message** | **String** | | | +| **notification_id** | **String** | | | +| **user_email** | **String** | | | +| **user_uuid** | **String** | | | +| **username** | **String** | | | + +## Example + +```ruby +require 'crimson-falcon' + +instance = Falcon::SadomainNotificationLog.new( + action: null, + cid: null, + created_date: null, + details: null, + id: null, + message: null, + notification_id: null, + user_email: null, + user_uuid: null, + username: null +) +``` + diff --git a/docs/ThreatgraphCrawlEdgesRequest.md b/docs/ThreatgraphCrawlEdgesRequest.md deleted file mode 100644 index 3ed859bc..00000000 --- a/docs/ThreatgraphCrawlEdgesRequest.md +++ /dev/null @@ -1,28 +0,0 @@ -# Falcon::ThreatgraphCrawlEdgesRequest - -## Properties - -| Name | Type | Description | Notes | -| ---- | ---- | ----------- | ----- | -| **edge_direction** | **String** | | | -| **edge_type** | **String** | | | -| **limit** | **Integer** | | | -| **next_requests** | [**Array<ThreatgraphCrawlEdgesRequest>**](ThreatgraphCrawlEdgesRequest.md) | | [optional] | -| **scope** | **String** | | | -| **sort_descending** | **Boolean** | | [optional] | - -## Example - -```ruby -require 'crimson-falcon' - -instance = Falcon::ThreatgraphCrawlEdgesRequest.new( - edge_direction: null, - edge_type: null, - limit: null, - next_requests: null, - scope: null, - sort_descending: null -) -``` - diff --git a/docs/UserManagementApi.md b/docs/UserManagementApi.md index 3904236b..93a05962 100644 --- a/docs/UserManagementApi.md +++ b/docs/UserManagementApi.md @@ -1463,7 +1463,7 @@ Falcon.configure do |config| end api_instance = Falcon::UserManagementApi.new -body = Falcon::DomainUserActionRequest.new({action: Falcon::DomainUserAction.new, ids: ['ids_example']}) # DomainUserActionRequest | User UUIDs and Action Name params are required. Allowed values for Action Name param includes 'reset_2fa' and 'reset_password' +body = Falcon::DomainUserActionRequest.new({action: Falcon::DomainUserAction.new({action_name: 'reset_password'}), ids: ['ids_example']}) # DomainUserActionRequest | User UUIDs and Action Name params are required. Allowed values for Action Name param includes 'reset_2fa' and 'reset_password' begin # Apply actions to one or more User. Available action names: reset_2fa, reset_password. User UUIDs can be provided in `ids` param as part of request payload. diff --git a/docs/SpotlightVulnerabilitiesApi.md b/docs/VulnerabilitiesApi.md similarity index 65% rename from docs/SpotlightVulnerabilitiesApi.md rename to docs/VulnerabilitiesApi.md index 6e6b7c5e..6fcb0ad3 100644 --- a/docs/SpotlightVulnerabilitiesApi.md +++ b/docs/VulnerabilitiesApi.md @@ -1,13 +1,13 @@ -# Falcon::SpotlightVulnerabilitiesApi +# Falcon::VulnerabilitiesApi All URIs are relative to *https://api.crowdstrike.com* | Method | HTTP request | Description | | ------ | ------------ | ----------- | -| [**combined_query_vulnerabilities**](SpotlightVulnerabilitiesApi.md#combined_query_vulnerabilities) | **GET** /spotlight/combined/vulnerabilities/v1 | Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria | -| [**get_remediations_v2**](SpotlightVulnerabilitiesApi.md#get_remediations_v2) | **GET** /spotlight/entities/remediations/v2 | Get details on remediation by providing one or more IDs | -| [**get_vulnerabilities**](SpotlightVulnerabilitiesApi.md#get_vulnerabilities) | **GET** /spotlight/entities/vulnerabilities/v2 | Get details on vulnerabilities by providing one or more IDs | -| [**query_vulnerabilities**](SpotlightVulnerabilitiesApi.md#query_vulnerabilities) | **GET** /spotlight/queries/vulnerabilities/v1 | Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria | +| [**combined_query_vulnerabilities**](VulnerabilitiesApi.md#combined_query_vulnerabilities) | **GET** /spotlight/combined/vulnerabilities/v1 | Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria | +| [**get_remediations_v2**](VulnerabilitiesApi.md#get_remediations_v2) | **GET** /spotlight/entities/remediations/v2 | Get details on remediation by providing one or more IDs | +| [**get_vulnerabilities**](VulnerabilitiesApi.md#get_vulnerabilities) | **GET** /spotlight/entities/vulnerabilities/v2 | Get details on vulnerabilities by providing one or more IDs | +| [**query_vulnerabilities**](VulnerabilitiesApi.md#query_vulnerabilities) | **GET** /spotlight/queries/vulnerabilities/v1 | Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria | ## combined_query_vulnerabilities @@ -29,8 +29,8 @@ Falcon.configure do |config| config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end -api_instance = Falcon::SpotlightVulnerabilitiesApi.new -filter = 'filter_example' # String | Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include:
  • created_timestamp:>'2019-11-25T22:36:12Z'
  • closed_timestamp:>'2019-11-25T22:36:12Z'
  • aid:'8e7656b27d8c49a34a1af416424d6231'
+api_instance = Falcon::VulnerabilitiesApi.new +filter = 'filter_example' # String | Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp opts = { after: 'after_example', # String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. limit: 56, # Integer | The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results. @@ -43,7 +43,7 @@ begin result = api_instance.combined_query_vulnerabilities(filter, opts) p result rescue Falcon::ApiError => e - puts "Error when calling SpotlightVulnerabilitiesApi->combined_query_vulnerabilities: #{e}" + puts "Error when calling VulnerabilitiesApi->combined_query_vulnerabilities: #{e}" end ``` @@ -61,7 +61,7 @@ begin p headers # => { ... } p data # => rescue Falcon::ApiError => e - puts "Error when calling SpotlightVulnerabilitiesApi->combined_query_vulnerabilities_with_http_info: #{e}" + puts "Error when calling VulnerabilitiesApi->combined_query_vulnerabilities_with_http_info: #{e}" end ``` @@ -69,7 +69,7 @@ end | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **filter** | **String** | Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul> | | +| **filter** | **String** | Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp | | | **after** | **String** | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. | [optional] | | **limit** | **Integer** | The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results. | [optional] | | **sort** | **String** | Sort vulnerabilities by their properties. Common sort options include: <ul><li>updated_timestamp|asc</li><li>closed_timestamp|asc</li></ul> | [optional] | @@ -108,7 +108,7 @@ Falcon.configure do |config| config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end -api_instance = Falcon::SpotlightVulnerabilitiesApi.new +api_instance = Falcon::VulnerabilitiesApi.new ids = ['inner_example'] # Array | One or more remediation IDs begin @@ -116,7 +116,7 @@ begin result = api_instance.get_remediations_v2(ids) p result rescue Falcon::ApiError => e - puts "Error when calling SpotlightVulnerabilitiesApi->get_remediations_v2: #{e}" + puts "Error when calling VulnerabilitiesApi->get_remediations_v2: #{e}" end ``` @@ -134,7 +134,7 @@ begin p headers # => { ... } p data # => rescue Falcon::ApiError => e - puts "Error when calling SpotlightVulnerabilitiesApi->get_remediations_v2_with_http_info: #{e}" + puts "Error when calling VulnerabilitiesApi->get_remediations_v2_with_http_info: #{e}" end ``` @@ -177,7 +177,7 @@ Falcon.configure do |config| config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end -api_instance = Falcon::SpotlightVulnerabilitiesApi.new +api_instance = Falcon::VulnerabilitiesApi.new ids = ['inner_example'] # Array | One or more vulnerability IDs (max: 400). Find vulnerability IDs with GET /spotlight/queries/vulnerabilities/v1 begin @@ -185,7 +185,7 @@ begin result = api_instance.get_vulnerabilities(ids) p result rescue Falcon::ApiError => e - puts "Error when calling SpotlightVulnerabilitiesApi->get_vulnerabilities: #{e}" + puts "Error when calling VulnerabilitiesApi->get_vulnerabilities: #{e}" end ``` @@ -203,7 +203,7 @@ begin p headers # => { ... } p data # => rescue Falcon::ApiError => e - puts "Error when calling SpotlightVulnerabilitiesApi->get_vulnerabilities_with_http_info: #{e}" + puts "Error when calling VulnerabilitiesApi->get_vulnerabilities_with_http_info: #{e}" end ``` @@ -246,12 +246,12 @@ Falcon.configure do |config| config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end -api_instance = Falcon::SpotlightVulnerabilitiesApi.new -filter = 'filter_example' # String | Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include:
  • created_timestamp:>'2019-11-25T22:36:12Z'
  • closed_timestamp:>'2019-11-25T22:36:12Z'
  • aid:'8e7656b27d8c49a34a1af416424d6231'
+api_instance = Falcon::VulnerabilitiesApi.new +filter = 'filter_example' # String | Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp opts = { after: 'after_example', # String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. limit: 56, # Integer | The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results. - sort: 'sort_example' # String | Sort vulnerabilities by their properties. Common sort options include:
  • updated_timestamp|asc
  • closed_timestamp|asc
+ sort: 'sort_example' # String | Sort vulnerabilities by their properties. Available sort options:
  • updated_timestamp|asc/desc
  • closed_timestamp|asc
  • updated_timestamp|asc/desc
. Can be used in a format |asc for ascending order or |desc for descending order. } begin @@ -259,7 +259,7 @@ begin result = api_instance.query_vulnerabilities(filter, opts) p result rescue Falcon::ApiError => e - puts "Error when calling SpotlightVulnerabilitiesApi->query_vulnerabilities: #{e}" + puts "Error when calling VulnerabilitiesApi->query_vulnerabilities: #{e}" end ``` @@ -277,7 +277,7 @@ begin p headers # => { ... } p data # => rescue Falcon::ApiError => e - puts "Error when calling SpotlightVulnerabilitiesApi->query_vulnerabilities_with_http_info: #{e}" + puts "Error when calling VulnerabilitiesApi->query_vulnerabilities_with_http_info: #{e}" end ``` @@ -285,10 +285,10 @@ end | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | -| **filter** | **String** | Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul> | | +| **filter** | **String** | Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp | | | **after** | **String** | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. | [optional] | | **limit** | **Integer** | The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results. | [optional] | -| **sort** | **String** | Sort vulnerabilities by their properties. Common sort options include: <ul><li>updated_timestamp|asc</li><li>closed_timestamp|asc</li></ul> | [optional] | +| **sort** | **String** | Sort vulnerabilities by their properties. Available sort options: <ul><li>updated_timestamp|asc/desc</li><li>closed_timestamp|asc</li><li>updated_timestamp|asc/desc</li></ul>. Can be used in a format <field>|asc for ascending order or <field>|desc for descending order. | [optional] | ### Return type diff --git a/docs/SpotlightEvaluationLogicApi.md b/docs/VulnerabilitiesEvaluationLogicApi.md similarity index 82% rename from docs/SpotlightEvaluationLogicApi.md rename to docs/VulnerabilitiesEvaluationLogicApi.md index 5b368d53..bcc38933 100644 --- a/docs/SpotlightEvaluationLogicApi.md +++ b/docs/VulnerabilitiesEvaluationLogicApi.md @@ -1,12 +1,12 @@ -# Falcon::SpotlightEvaluationLogicApi +# Falcon::VulnerabilitiesEvaluationLogicApi All URIs are relative to *https://api.crowdstrike.com* | Method | HTTP request | Description | | ------ | ------------ | ----------- | -| [**combined_query_evaluation_logic**](SpotlightEvaluationLogicApi.md#combined_query_evaluation_logic) | **GET** /spotlight/combined/evaluation-logic/v1 | Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria. | -| [**get_evaluation_logic**](SpotlightEvaluationLogicApi.md#get_evaluation_logic) | **GET** /spotlight/entities/evaluation-logic/v1 | Get details on evaluation logic items by providing one or more IDs. | -| [**query_evaluation_logic**](SpotlightEvaluationLogicApi.md#query_evaluation_logic) | **GET** /spotlight/queries/evaluation-logic/v1 | Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria. | +| [**combined_query_evaluation_logic**](VulnerabilitiesEvaluationLogicApi.md#combined_query_evaluation_logic) | **GET** /spotlight/combined/evaluation-logic/v1 | Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria. | +| [**get_evaluation_logic**](VulnerabilitiesEvaluationLogicApi.md#get_evaluation_logic) | **GET** /spotlight/entities/evaluation-logic/v1 | Get details on evaluation logic items by providing one or more IDs. | +| [**query_evaluation_logic**](VulnerabilitiesEvaluationLogicApi.md#query_evaluation_logic) | **GET** /spotlight/queries/evaluation-logic/v1 | Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria. | ## combined_query_evaluation_logic @@ -28,7 +28,7 @@ Falcon.configure do |config| config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end -api_instance = Falcon::SpotlightEvaluationLogicApi.new +api_instance = Falcon::VulnerabilitiesEvaluationLogicApi.new filter = 'filter_example' # String | FQL query specifying the filter parameters. opts = { after: 'after_example', # String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. @@ -41,7 +41,7 @@ begin result = api_instance.combined_query_evaluation_logic(filter, opts) p result rescue Falcon::ApiError => e - puts "Error when calling SpotlightEvaluationLogicApi->combined_query_evaluation_logic: #{e}" + puts "Error when calling VulnerabilitiesEvaluationLogicApi->combined_query_evaluation_logic: #{e}" end ``` @@ -59,7 +59,7 @@ begin p headers # => { ... } p data # => rescue Falcon::ApiError => e - puts "Error when calling SpotlightEvaluationLogicApi->combined_query_evaluation_logic_with_http_info: #{e}" + puts "Error when calling VulnerabilitiesEvaluationLogicApi->combined_query_evaluation_logic_with_http_info: #{e}" end ``` @@ -105,7 +105,7 @@ Falcon.configure do |config| config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end -api_instance = Falcon::SpotlightEvaluationLogicApi.new +api_instance = Falcon::VulnerabilitiesEvaluationLogicApi.new ids = ['inner_example'] # Array | One or more evaluation logic IDs. begin @@ -113,7 +113,7 @@ begin result = api_instance.get_evaluation_logic(ids) p result rescue Falcon::ApiError => e - puts "Error when calling SpotlightEvaluationLogicApi->get_evaluation_logic: #{e}" + puts "Error when calling VulnerabilitiesEvaluationLogicApi->get_evaluation_logic: #{e}" end ``` @@ -131,7 +131,7 @@ begin p headers # => { ... } p data # => rescue Falcon::ApiError => e - puts "Error when calling SpotlightEvaluationLogicApi->get_evaluation_logic_with_http_info: #{e}" + puts "Error when calling VulnerabilitiesEvaluationLogicApi->get_evaluation_logic_with_http_info: #{e}" end ``` @@ -174,7 +174,7 @@ Falcon.configure do |config| config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end -api_instance = Falcon::SpotlightEvaluationLogicApi.new +api_instance = Falcon::VulnerabilitiesEvaluationLogicApi.new filter = 'filter_example' # String | FQL query specifying the filter parameters. opts = { after: 'after_example', # String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. @@ -187,7 +187,7 @@ begin result = api_instance.query_evaluation_logic(filter, opts) p result rescue Falcon::ApiError => e - puts "Error when calling SpotlightEvaluationLogicApi->query_evaluation_logic: #{e}" + puts "Error when calling VulnerabilitiesEvaluationLogicApi->query_evaluation_logic: #{e}" end ``` @@ -205,7 +205,7 @@ begin p headers # => { ... } p data # => rescue Falcon::ApiError => e - puts "Error when calling SpotlightEvaluationLogicApi->query_evaluation_logic_with_http_info: #{e}" + puts "Error when calling VulnerabilitiesEvaluationLogicApi->query_evaluation_logic_with_http_info: #{e}" end ``` diff --git a/lib/crimson-falcon.rb b/lib/crimson-falcon.rb index 10cf87de..5cb44c97 100644 --- a/lib/crimson-falcon.rb +++ b/lib/crimson-falcon.rb @@ -86,6 +86,7 @@ require 'crimson-falcon/models/api_rule_v1' require 'crimson-falcon/models/api_rules_get_request_v1' require 'crimson-falcon/models/api_rules_response' +require 'crimson-falcon/models/api_sensor_details_response_swagger' require 'crimson-falcon/models/api_token_create_request_v1' require 'crimson-falcon/models/api_token_details_resource_v1' require 'crimson-falcon/models/api_token_details_response_v1' @@ -99,6 +100,8 @@ require 'crimson-falcon/models/base_policy_members_resp_v1' require 'crimson-falcon/models/base_set_policy_precedence_req_v1' require 'crimson-falcon/models/binservapi_msa_put_file_response' +require 'crimson-falcon/models/classification_criteria' +require 'crimson-falcon/models/classification_label' require 'crimson-falcon/models/client_archive_create_response_v1' require 'crimson-falcon/models/client_archive_list_files_response_v1' require 'crimson-falcon/models/client_archive_with_files_v1' @@ -112,6 +115,7 @@ require 'crimson-falcon/models/client_sample_metadata_response_v2' require 'crimson-falcon/models/client_sample_metadata_v2' require 'crimson-falcon/models/common_cid_audit_result' +require 'crimson-falcon/models/common_entities_response' require 'crimson-falcon/models/common_os_audit' require 'crimson-falcon/models/core_entities_response' require 'crimson-falcon/models/detection_aggregate_indicator' @@ -170,9 +174,12 @@ require 'crimson-falcon/models/deviceapi_update_device_tags_swagger_v1' require 'crimson-falcon/models/domain_api_combined_findings_response_v1' require 'crimson-falcon/models/domain_api_detection_document' +require 'crimson-falcon/models/domain_api_entity_matched_v1' require 'crimson-falcon/models/domain_api_error' require 'crimson-falcon/models/domain_api_evaluation_logic_comparisons_v1' +require 'crimson-falcon/models/domain_api_evaluation_logic_entities_response_v1' require 'crimson-falcon/models/domain_api_evaluation_logic_entity_comparison_v1' +require 'crimson-falcon/models/domain_api_evaluation_logic_host_info_v1' require 'crimson-falcon/models/domain_api_evaluation_logic_item_v1' require 'crimson-falcon/models/domain_api_evaluation_logic_state_comparison_v1' require 'crimson-falcon/models/domain_api_evaluation_logic_v1' @@ -191,6 +198,7 @@ require 'crimson-falcon/models/domain_api_vulnerability_app_v2' require 'crimson-falcon/models/domain_api_vulnerability_cvecisa_info' require 'crimson-falcon/models/domain_api_vulnerability_cve_details_facet_v2' +require 'crimson-falcon/models/domain_api_vulnerability_data_provider_v1' require 'crimson-falcon/models/domain_api_vulnerability_extended_app_v2' require 'crimson-falcon/models/domain_api_vulnerability_host_facet_v2' require 'crimson-falcon/models/domain_api_vulnerability_remediation_facet_v2' @@ -212,7 +220,6 @@ require 'crimson-falcon/models/domain_aggregates_response' require 'crimson-falcon/models/domain_assessment' require 'crimson-falcon/models/domain_assessment_items' -require 'crimson-falcon/models/domain_assessment_paging' require 'crimson-falcon/models/domain_assessments_by_score_response' require 'crimson-falcon/models/domain_assessments_response' require 'crimson-falcon/models/domain_audit_response' @@ -247,6 +254,8 @@ require 'crimson-falcon/models/domain_case_creation_request_v2' require 'crimson-falcon/models/domain_child_link' require 'crimson-falcon/models/domain_children_response_v1' +require 'crimson-falcon/models/domain_cloud_accounts' +require 'crimson-falcon/models/domain_cloud_scope' require 'crimson-falcon/models/domain_command_execute_request' require 'crimson-falcon/models/domain_command_execute_response' require 'crimson-falcon/models/domain_command_execute_response_wrapper' @@ -340,6 +349,7 @@ require 'crimson-falcon/models/domain_msa_external_incident_response' require 'crimson-falcon/models/domain_msa_incident_perform_action_response' require 'crimson-falcon/models/domain_msa_incident_query_response' +require 'crimson-falcon/models/domain_msa_meta_info' require 'crimson-falcon/models/domain_msa_qf_response' require 'crimson-falcon/models/domain_multi_command_execute_response' require 'crimson-falcon/models/domain_multi_command_execute_response_wrapper' @@ -362,6 +372,7 @@ require 'crimson-falcon/models/domain_public_indicator_v3' require 'crimson-falcon/models/domain_public_indicators_v3_response' require 'crimson-falcon/models/domain_queries_patch_request' +require 'crimson-falcon/models/domain_query_mitre_attacks_response' require 'crimson-falcon/models/domain_query_response' require 'crimson-falcon/models/domain_queued_session_command' require 'crimson-falcon/models/domain_queued_session_job' @@ -467,6 +478,7 @@ require 'crimson-falcon/models/falconx_actor_summary' require 'crimson-falcon/models/falconx_associated_runtime' require 'crimson-falcon/models/falconx_c2' +require 'crimson-falcon/models/falconx_certificate' require 'crimson-falcon/models/falconx_contacted_host' require 'crimson-falcon/models/falconx_dns_request' require 'crimson-falcon/models/falconx_entity' @@ -474,8 +486,11 @@ require 'crimson-falcon/models/falconx_extracted_file' require 'crimson-falcon/models/falconx_extracted_interesting_string' require 'crimson-falcon/models/falconx_file_access' +require 'crimson-falcon/models/falconx_file_data_directory' require 'crimson-falcon/models/falconx_file_import' require 'crimson-falcon/models/falconx_file_metadata' +require 'crimson-falcon/models/falconx_file_resource' +require 'crimson-falcon/models/falconx_file_section' require 'crimson-falcon/models/falconx_http_request' require 'crimson-falcon/models/falconx_handle' require 'crimson-falcon/models/falconx_incident' @@ -492,6 +507,7 @@ require 'crimson-falcon/models/falconx_memory_dump_data' require 'crimson-falcon/models/falconx_memory_forensic' require 'crimson-falcon/models/falconx_meta_info' +require 'crimson-falcon/models/falconx_module' require 'crimson-falcon/models/falconx_parameter' require 'crimson-falcon/models/falconx_process' require 'crimson-falcon/models/falconx_process_flag' @@ -600,6 +616,8 @@ require 'crimson-falcon/models/host_groups_resp_v1' require 'crimson-falcon/models/host_groups_update_group_req_v1' require 'crimson-falcon/models/host_groups_update_groups_req_v1' +require 'crimson-falcon/models/images_ext_combined_images_response' +require 'crimson-falcon/models/internal_sensor_status' require 'crimson-falcon/models/ioa_cloud_account_id' require 'crimson-falcon/models/ioa_enrichments' require 'crimson-falcon/models/ioa_event_aggregate' @@ -694,9 +712,16 @@ require 'crimson-falcon/models/models_aws_account_access_health' require 'crimson-falcon/models/models_base_response_v1' require 'crimson-falcon/models/models_create_aws_accounts_v1' +require 'crimson-falcon/models/models_credentials' require 'crimson-falcon/models/models_customer_configurations_v1' +require 'crimson-falcon/models/models_ext_api_image_combined' +require 'crimson-falcon/models/models_job_meta_data' require 'crimson-falcon/models/models_modify_aws_customer_settings_v1' require 'crimson-falcon/models/models_package_info_type' +require 'crimson-falcon/models/models_registry_credentials_response' +require 'crimson-falcon/models/models_scan_results' +require 'crimson-falcon/models/models_snapshot_inventory_application' +require 'crimson-falcon/models/models_snapshot_inventory_payload' require 'crimson-falcon/models/models_update_aws_accounts_v1' require 'crimson-falcon/models/models_verify_access_response_v1' require 'crimson-falcon/models/msa_api_error' @@ -745,6 +770,7 @@ require 'crimson-falcon/models/processesapi_msa_process_detail_response' require 'crimson-falcon/models/processesapi_process_detail' require 'crimson-falcon/models/public_acl' +require 'crimson-falcon/models/public_acl_change' require 'crimson-falcon/models/public_after' require 'crimson-falcon/models/public_attribute' require 'crimson-falcon/models/public_basic' @@ -830,6 +856,7 @@ require 'crimson-falcon/models/resources' require 'crimson-falcon/models/sadomain_create_rule_request_v1' require 'crimson-falcon/models/sadomain_customer_assets' +require 'crimson-falcon/models/sadomain_notification_log' require 'crimson-falcon/models/sadomain_rule' require 'crimson-falcon/models/sadomain_submit_for_blocking_info' require 'crimson-falcon/models/sadomain_typosquatting_base_domain' @@ -871,7 +898,6 @@ require 'crimson-falcon/models/sv_exclusions_resp_v1' require 'crimson-falcon/models/sv_exclusions_sv_exclusion_v1' require 'crimson-falcon/models/sv_exclusions_update_req_v1' -require 'crimson-falcon/models/threatgraph_crawl_edges_request' require 'crimson-falcon/models/uninstall_token_resp_v1' require 'crimson-falcon/models/uninstall_token_reveal_uninstall_token_req_v1' require 'crimson-falcon/models/uninstall_token_uninstall_token_v1' @@ -880,6 +906,8 @@ # APIs require 'crimson-falcon/api/alerts_api' require 'crimson-falcon/api/cloud_connect_aws_api' +require 'crimson-falcon/api/configuration_assessment_api' +require 'crimson-falcon/api/configuration_assessment_evaluation_logic_api' require 'crimson-falcon/api/cspm_registration_api' require 'crimson-falcon/api/custom_ioa_api' require 'crimson-falcon/api/d4c_registration_api' @@ -900,11 +928,13 @@ require 'crimson-falcon/api/firewall_policies_api' require 'crimson-falcon/api/host_group_api' require 'crimson-falcon/api/hosts_api' +require 'crimson-falcon/api/identity_entities_api' require 'crimson-falcon/api/identity_protection_api' require 'crimson-falcon/api/incidents_api' require 'crimson-falcon/api/installation_tokens_api' require 'crimson-falcon/api/installation_tokens_settings_api' require 'crimson-falcon/api/intel_api' +require 'crimson-falcon/api/inventories_api' require 'crimson-falcon/api/ioa_exclusions_api' require 'crimson-falcon/api/ioc_api' require 'crimson-falcon/api/iocs_api' @@ -918,7 +948,7 @@ require 'crimson-falcon/api/ods_api' require 'crimson-falcon/api/overwatch_dashboard_api' require 'crimson-falcon/api/prevention_policies_api' -require 'crimson-falcon/api/public_assessments_api' +require 'crimson-falcon/api/provision_api' require 'crimson-falcon/api/quarantine_api' require 'crimson-falcon/api/quick_scan_api' require 'crimson-falcon/api/real_time_response_api' @@ -931,10 +961,10 @@ require 'crimson-falcon/api/sensor_download_api' require 'crimson-falcon/api/sensor_update_policies_api' require 'crimson-falcon/api/sensor_visibility_exclusions_api' -require 'crimson-falcon/api/spotlight_evaluation_logic_api' -require 'crimson-falcon/api/spotlight_vulnerabilities_api' require 'crimson-falcon/api/tailored_intelligence_api' require 'crimson-falcon/api/user_management_api' +require 'crimson-falcon/api/vulnerabilities_api' +require 'crimson-falcon/api/vulnerabilities_evaluation_logic_api' require 'crimson-falcon/api/zero_trust_assessment_api' module Falcon diff --git a/lib/crimson-falcon/api/public_assessments_api.rb b/lib/crimson-falcon/api/configuration_assessment_api.rb similarity index 88% rename from lib/crimson-falcon/api/public_assessments_api.rb rename to lib/crimson-falcon/api/configuration_assessment_api.rb index d6d61cfd..e2c9358c 100644 --- a/lib/crimson-falcon/api/public_assessments_api.rb +++ b/lib/crimson-falcon/api/configuration_assessment_api.rb @@ -30,7 +30,7 @@ require 'cgi' module Falcon - class PublicAssessmentsApi + class ConfigurationAssessmentApi attr_accessor :api_client def initialize(api_client = ApiClient.default) @@ -42,7 +42,7 @@ def initialize(api_client = ApiClient.default) # @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. # @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results. # @option opts [String] :sort Sort assessment by their properties. Common sort options include: <ul><li>created_timestamp|desc</li><li>updated_timestamp|asc</li></ul> - # @option opts [Array] :facet Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li></ul> + # @option opts [Array] :facet Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li><li>finding.evaluation_logic</li></ul> # @return [DomainAPICombinedFindingsResponseV1] def get_combined_assessments_query(filter, opts = {}) data, _status_code, _headers = get_combined_assessments_query_with_http_info(filter, opts) @@ -55,22 +55,22 @@ def get_combined_assessments_query(filter, opts = {}) # @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. # @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results. # @option opts [String] :sort Sort assessment by their properties. Common sort options include: <ul><li>created_timestamp|desc</li><li>updated_timestamp|asc</li></ul> - # @option opts [Array] :facet Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li></ul> + # @option opts [Array] :facet Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li><li>finding.evaluation_logic</li></ul> # @return [Array<(DomainAPICombinedFindingsResponseV1, Integer, Hash)>] DomainAPICombinedFindingsResponseV1 data, response status code and response headers def get_combined_assessments_query_with_http_info(filter, opts = {}) if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: PublicAssessmentsApi.get_combined_assessments_query ...' + @api_client.config.logger.debug 'Calling API: ConfigurationAssessmentApi.get_combined_assessments_query ...' end # verify the required parameter 'filter' is set if @api_client.config.client_side_validation && filter.nil? - fail ArgumentError, "Missing the required parameter 'filter' when calling PublicAssessmentsApi.get_combined_assessments_query" + fail ArgumentError, "Missing the required parameter 'filter' when calling ConfigurationAssessmentApi.get_combined_assessments_query" end if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 5000 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling PublicAssessmentsApi.get_combined_assessments_query, must be smaller than or equal to 5000.' + fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling ConfigurationAssessmentApi.get_combined_assessments_query, must be smaller than or equal to 5000.' end if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling PublicAssessmentsApi.get_combined_assessments_query, must be greater than or equal to 1.' + fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling ConfigurationAssessmentApi.get_combined_assessments_query, must be greater than or equal to 1.' end # resource path @@ -102,7 +102,7 @@ def get_combined_assessments_query_with_http_info(filter, opts = {}) auth_names = opts[:debug_auth_names] || ['oauth2'] new_options = opts.merge( - :operation => :"PublicAssessmentsApi.get_combined_assessments_query", + :operation => :"ConfigurationAssessmentApi.get_combined_assessments_query", :header_params => header_params, :query_params => query_params, :form_params => form_params, @@ -113,7 +113,7 @@ def get_combined_assessments_query_with_http_info(filter, opts = {}) data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) if @api_client.config.debugging - @api_client.config.logger.debug "API called: PublicAssessmentsApi#get_combined_assessments_query\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + @api_client.config.logger.debug "API called: ConfigurationAssessmentApi#get_combined_assessments_query\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end diff --git a/lib/crimson-falcon/api/configuration_assessment_evaluation_logic_api.rb b/lib/crimson-falcon/api/configuration_assessment_evaluation_logic_api.rb new file mode 100644 index 00000000..62283ed0 --- /dev/null +++ b/lib/crimson-falcon/api/configuration_assessment_evaluation_logic_api.rb @@ -0,0 +1,101 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'cgi' + +module Falcon + class ConfigurationAssessmentEvaluationLogicApi + attr_accessor :api_client + + def initialize(api_client = ApiClient.default) + @api_client = api_client + end + # Get details on evaluation logic items by providing one or more finding IDs. + # @param ids [Array] One or more evaluation logic finding IDs. + # @param [Hash] opts the optional parameters + # @return [DomainAPIEvaluationLogicEntitiesResponseV1] + def get_evaluation_logic_mixin0(ids, opts = {}) + data, _status_code, _headers = get_evaluation_logic_mixin0_with_http_info(ids, opts) + data + end + + # Get details on evaluation logic items by providing one or more finding IDs. + # @param ids [Array] One or more evaluation logic finding IDs. + # @param [Hash] opts the optional parameters + # @return [Array<(DomainAPIEvaluationLogicEntitiesResponseV1, Integer, Hash)>] DomainAPIEvaluationLogicEntitiesResponseV1 data, response status code and response headers + def get_evaluation_logic_mixin0_with_http_info(ids, opts = {}) + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: ConfigurationAssessmentEvaluationLogicApi.get_evaluation_logic_mixin0 ...' + end + # verify the required parameter 'ids' is set + if @api_client.config.client_side_validation && ids.nil? + fail ArgumentError, "Missing the required parameter 'ids' when calling ConfigurationAssessmentEvaluationLogicApi.get_evaluation_logic_mixin0" + end + # resource path + local_var_path = '/configuration-assessment/entities/evaluation-logic/v1' + + # query parameters + query_params = opts[:query_params] || {} + query_params[:'ids'] = @api_client.build_collection_param(ids, :multi) + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'DomainAPIEvaluationLogicEntitiesResponseV1' + + # auth_names + auth_names = opts[:debug_auth_names] || ['oauth2'] + + new_options = opts.merge( + :operation => :"ConfigurationAssessmentEvaluationLogicApi.get_evaluation_logic_mixin0", + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: ConfigurationAssessmentEvaluationLogicApi#get_evaluation_logic_mixin0\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + end +end diff --git a/lib/crimson-falcon/api/cspm_registration_api.rb b/lib/crimson-falcon/api/cspm_registration_api.rb index 80bd1172..6554b986 100644 --- a/lib/crimson-falcon/api/cspm_registration_api.rb +++ b/lib/crimson-falcon/api/cspm_registration_api.rb @@ -577,7 +577,8 @@ def get_configuration_detection_entities_with_http_info(ids, opts = {}) # @option opts [String] :filter use_current_scan_ids - *use this to get records for latest scans* account_name account_id agent_id attack_types azure_subscription_id cloud_provider cloud_service_keyword custom_policy_id is_managed policy_id policy_type resource_id region status scan_time severity severity_string # @option opts [String] :sort account_name account_id attack_types azure_subscription_id cloud_provider cloud_service_keyword status is_managed policy_id policy_type resource_id region scan_time severity severity_string timestamp (default to 'timestamp|desc') # @option opts [Integer] :limit The max number of detections to return (default to 500) - # @option opts [Integer] :offset Offset returned detections + # @option opts [Integer] :offset Offset returned detections. Cannot be combined with next_token filter + # @option opts [String] :next_token String to get next page of results. Cannot be combined with any filter except limit. # @return [RegistrationIOMEventIDsResponseV2] def get_configuration_detection_ids_v2(opts = {}) data, _status_code, _headers = get_configuration_detection_ids_v2_with_http_info(opts) @@ -589,7 +590,8 @@ def get_configuration_detection_ids_v2(opts = {}) # @option opts [String] :filter use_current_scan_ids - *use this to get records for latest scans* account_name account_id agent_id attack_types azure_subscription_id cloud_provider cloud_service_keyword custom_policy_id is_managed policy_id policy_type resource_id region status scan_time severity severity_string # @option opts [String] :sort account_name account_id attack_types azure_subscription_id cloud_provider cloud_service_keyword status is_managed policy_id policy_type resource_id region scan_time severity severity_string timestamp (default to 'timestamp|desc') # @option opts [Integer] :limit The max number of detections to return (default to 500) - # @option opts [Integer] :offset Offset returned detections + # @option opts [Integer] :offset Offset returned detections. Cannot be combined with next_token filter + # @option opts [String] :next_token String to get next page of results. Cannot be combined with any filter except limit. # @return [Array<(RegistrationIOMEventIDsResponseV2, Integer, Hash)>] RegistrationIOMEventIDsResponseV2 data, response status code and response headers def get_configuration_detection_ids_v2_with_http_info(opts = {}) if @api_client.config.debugging @@ -616,6 +618,7 @@ def get_configuration_detection_ids_v2_with_http_info(opts = {}) query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil? query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil? query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil? + query_params[:'next_token'] = opts[:'next_token'] if !opts[:'next_token'].nil? # header parameters header_params = opts[:header_params] || {} diff --git a/lib/crimson-falcon/api/custom_ioa_api.rb b/lib/crimson-falcon/api/custom_ioa_api.rb index 33df38fc..05b14e11 100644 --- a/lib/crimson-falcon/api/custom_ioa_api.rb +++ b/lib/crimson-falcon/api/custom_ioa_api.rb @@ -623,8 +623,8 @@ def get_rules_get_with_http_info(body, opts = {}) # @param ids [Array] The IDs of the entities # @param [Hash] opts the optional parameters # @return [ApiRulesResponse] - def get_rules_mixin0_mixin65(ids, opts = {}) - data, _status_code, _headers = get_rules_mixin0_mixin65_with_http_info(ids, opts) + def get_rules_mixin0(ids, opts = {}) + data, _status_code, _headers = get_rules_mixin0_with_http_info(ids, opts) data end @@ -632,13 +632,13 @@ def get_rules_mixin0_mixin65(ids, opts = {}) # @param ids [Array] The IDs of the entities # @param [Hash] opts the optional parameters # @return [Array<(ApiRulesResponse, Integer, Hash)>] ApiRulesResponse data, response status code and response headers - def get_rules_mixin0_mixin65_with_http_info(ids, opts = {}) + def get_rules_mixin0_with_http_info(ids, opts = {}) if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: CustomIoaApi.get_rules_mixin0_mixin65 ...' + @api_client.config.logger.debug 'Calling API: CustomIoaApi.get_rules_mixin0 ...' end # verify the required parameter 'ids' is set if @api_client.config.client_side_validation && ids.nil? - fail ArgumentError, "Missing the required parameter 'ids' when calling CustomIoaApi.get_rules_mixin0_mixin65" + fail ArgumentError, "Missing the required parameter 'ids' when calling CustomIoaApi.get_rules_mixin0" end # resource path local_var_path = '/ioarules/entities/rules/v1' @@ -665,7 +665,7 @@ def get_rules_mixin0_mixin65_with_http_info(ids, opts = {}) auth_names = opts[:debug_auth_names] || ['oauth2'] new_options = opts.merge( - :operation => :"CustomIoaApi.get_rules_mixin0_mixin65", + :operation => :"CustomIoaApi.get_rules_mixin0", :header_params => header_params, :query_params => query_params, :form_params => form_params, @@ -676,7 +676,7 @@ def get_rules_mixin0_mixin65_with_http_info(ids, opts = {}) data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) if @api_client.config.debugging - @api_client.config.logger.debug "API called: CustomIoaApi#get_rules_mixin0_mixin65\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + @api_client.config.logger.debug "API called: CustomIoaApi#get_rules_mixin0\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end @@ -805,7 +805,7 @@ def query_platforms_mixin0_with_http_info(opts = {}) # Find all rule groups matching the query with optional filter. # @param [Hash] opts the optional parameters - # @option opts [String] :sort Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled} + # @option opts [String] :sort Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on} # @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. # @option opts [String] :q Match query criteria, which includes all the filter string fields # @option opts [String] :offset Starting index of overall result set from which to return IDs @@ -818,7 +818,7 @@ def query_rule_groups_full(opts = {}) # Find all rule groups matching the query with optional filter. # @param [Hash] opts the optional parameters - # @option opts [String] :sort Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled} + # @option opts [String] :sort Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on} # @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. # @option opts [String] :q Match query criteria, which includes all the filter string fields # @option opts [String] :offset Starting index of overall result set from which to return IDs @@ -879,7 +879,7 @@ def query_rule_groups_full_with_http_info(opts = {}) # Finds all rule group IDs matching the query with optional filter. # @param [Hash] opts the optional parameters - # @option opts [String] :sort Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled} + # @option opts [String] :sort Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on} # @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. # @option opts [String] :q Match query criteria, which includes all the filter string fields # @option opts [String] :offset Starting index of overall result set from which to return IDs @@ -892,7 +892,7 @@ def query_rule_groups_mixin0(opts = {}) # Finds all rule group IDs matching the query with optional filter. # @param [Hash] opts the optional parameters - # @option opts [String] :sort Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled} + # @option opts [String] :sort Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on} # @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. # @option opts [String] :q Match query criteria, which includes all the filter string fields # @option opts [String] :offset Starting index of overall result set from which to return IDs @@ -1014,28 +1014,28 @@ def query_rule_types_with_http_info(opts = {}) # Finds all rule IDs matching the query with optional filter. # @param [Hash] opts the optional parameters - # @option opts [String] :sort Possible order by fields: {rules.enabled, rules.created_by, rules.current_version.modified_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.ruletype_name, rules.created_on, rules.current_version.name} + # @option opts [String] :sort Possible order by fields: {rules.created_on, rules.current_version.name, rules.current_version.modified_by, rules.ruletype_name, rules.created_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.enabled} # @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. # @option opts [String] :q Match query criteria, which includes all the filter string fields # @option opts [String] :offset Starting index of overall result set from which to return IDs # @option opts [Integer] :limit Number of IDs to return # @return [MsaQueryResponse] - def query_rules_mixin0_mixin65(opts = {}) - data, _status_code, _headers = query_rules_mixin0_mixin65_with_http_info(opts) + def query_rules_mixin0(opts = {}) + data, _status_code, _headers = query_rules_mixin0_with_http_info(opts) data end # Finds all rule IDs matching the query with optional filter. # @param [Hash] opts the optional parameters - # @option opts [String] :sort Possible order by fields: {rules.enabled, rules.created_by, rules.current_version.modified_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.ruletype_name, rules.created_on, rules.current_version.name} + # @option opts [String] :sort Possible order by fields: {rules.created_on, rules.current_version.name, rules.current_version.modified_by, rules.ruletype_name, rules.created_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.enabled} # @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. # @option opts [String] :q Match query criteria, which includes all the filter string fields # @option opts [String] :offset Starting index of overall result set from which to return IDs # @option opts [Integer] :limit Number of IDs to return # @return [Array<(MsaQueryResponse, Integer, Hash)>] MsaQueryResponse data, response status code and response headers - def query_rules_mixin0_mixin65_with_http_info(opts = {}) + def query_rules_mixin0_with_http_info(opts = {}) if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: CustomIoaApi.query_rules_mixin0_mixin65 ...' + @api_client.config.logger.debug 'Calling API: CustomIoaApi.query_rules_mixin0 ...' end allowable_values = ["rules.created_by", "rules.created_on", "rules.current_version.action_label", "rules.current_version.description", "rules.current_version.modified_by", "rules.current_version.modified_on", "rules.current_version.name", "rules.current_version.pattern_severity", "rules.enabled", "rules.ruletype_name"] if @api_client.config.client_side_validation && opts[:'sort'] && !allowable_values.include?(opts[:'sort']) @@ -1070,7 +1070,7 @@ def query_rules_mixin0_mixin65_with_http_info(opts = {}) auth_names = opts[:debug_auth_names] || ['oauth2'] new_options = opts.merge( - :operation => :"CustomIoaApi.query_rules_mixin0_mixin65", + :operation => :"CustomIoaApi.query_rules_mixin0", :header_params => header_params, :query_params => query_params, :form_params => form_params, @@ -1081,7 +1081,7 @@ def query_rules_mixin0_mixin65_with_http_info(opts = {}) data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) if @api_client.config.debugging - @api_client.config.logger.debug "API called: CustomIoaApi#query_rules_mixin0_mixin65\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + @api_client.config.logger.debug "API called: CustomIoaApi#query_rules_mixin0\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end diff --git a/lib/crimson-falcon/api/discover_api.rb b/lib/crimson-falcon/api/discover_api.rb index 77e202c2..9dcbf3fd 100644 --- a/lib/crimson-falcon/api/discover_api.rb +++ b/lib/crimson-falcon/api/discover_api.rb @@ -289,7 +289,7 @@ def get_logins_with_http_info(ids, opts = {}) # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. # @option opts [String] :sort Sort accounts by their properties. A single sort field is allowed. Common sort options include: <ul><li>username|asc</li><li>last_failed_login_timestamp|desc</li></ul> - # @option opts [String] :filter Filter accounts using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul> + # @option opts [String] :filter Filter accounts using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul> Available filter fields that support exact match: id, cid, user_sid, account_name, username, account_type, admin_privileges, first_seen_timestamp, last_successful_login_type, last_successful_login_timestamp, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_timestamp, last_failed_login_hostname, password_last_set_timestamp, local_admin_privileges Available filter fields that supports wildcard (*): id, cid, user_sid, account_name, username, account_type, admin_privileges, last_successful_login_type, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_hostname, local_admin_privileges Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_successful_login_timestamp,last_failed_login_timestamp, password_last_set_timestamp All filter fields and operations supports negation (!). # @return [MsaQueryResponse] def query_accounts(opts = {}) data, _status_code, _headers = query_accounts_with_http_info(opts) @@ -301,7 +301,7 @@ def query_accounts(opts = {}) # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. # @option opts [String] :sort Sort accounts by their properties. A single sort field is allowed. Common sort options include: <ul><li>username|asc</li><li>last_failed_login_timestamp|desc</li></ul> - # @option opts [String] :filter Filter accounts using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul> + # @option opts [String] :filter Filter accounts using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul> Available filter fields that support exact match: id, cid, user_sid, account_name, username, account_type, admin_privileges, first_seen_timestamp, last_successful_login_type, last_successful_login_timestamp, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_timestamp, last_failed_login_hostname, password_last_set_timestamp, local_admin_privileges Available filter fields that supports wildcard (*): id, cid, user_sid, account_name, username, account_type, admin_privileges, last_successful_login_type, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_hostname, local_admin_privileges Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_successful_login_timestamp,last_failed_login_timestamp, password_last_set_timestamp All filter fields and operations supports negation (!). # @return [Array<(MsaQueryResponse, Integer, Hash)>] MsaQueryResponse data, response status code and response headers def query_accounts_with_http_info(opts = {}) if @api_client.config.debugging @@ -363,340 +363,12 @@ def query_accounts_with_http_info(opts = {}) return data, status_code, headers end - # Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria. - # @param [Hash] opts the optional parameters - # @option opts [String] :x_cs_useruuid User UUID - # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. - # @option opts [Integer] :limit The number of active discovery network ids to return in this response (Min: 1, Max: 100, Default: 100). - # @option opts [String] :sort Sort active discovery networks by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for active discovery networks in your environment by providing an FQL filter. - # @return [MsaspecQueryResponse] - def query_active_discovery_networks(opts = {}) - data, _status_code, _headers = query_active_discovery_networks_with_http_info(opts) - data - end - - # Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria. - # @param [Hash] opts the optional parameters - # @option opts [String] :x_cs_useruuid User UUID - # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. - # @option opts [Integer] :limit The number of active discovery network ids to return in this response (Min: 1, Max: 100, Default: 100). - # @option opts [String] :sort Sort active discovery networks by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for active discovery networks in your environment by providing an FQL filter. - # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers - def query_active_discovery_networks_with_http_info(opts = {}) - if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: DiscoverApi.query_active_discovery_networks ...' - end - if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0 - fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling DiscoverApi.query_active_discovery_networks, must be greater than or equal to 0.' - end - - if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_networks, must be smaller than or equal to 100.' - end - - if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_networks, must be greater than or equal to 1.' - end - - # resource path - local_var_path = '/discover/queries/active-discovery-networks/v1' - - # query parameters - query_params = opts[:query_params] || {} - query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil? - query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil? - query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil? - query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil? - - # header parameters - header_params = opts[:header_params] || {} - # HTTP header 'Accept' (if needed) - header_params['Accept'] = @api_client.select_header_accept(['application/json']) - header_params[:'X-CS-USERUUID'] = opts[:'x_cs_useruuid'] if !opts[:'x_cs_useruuid'].nil? - - # form parameters - form_params = opts[:form_params] || {} - - # http body (model) - post_body = opts[:debug_body] - - # return_type - return_type = opts[:debug_return_type] || 'MsaspecQueryResponse' - - # auth_names - auth_names = opts[:debug_auth_names] || ['oauth2'] - - new_options = opts.merge( - :operation => :"DiscoverApi.query_active_discovery_networks", - :header_params => header_params, - :query_params => query_params, - :form_params => form_params, - :body => post_body, - :auth_names => auth_names, - :return_type => return_type - ) - - data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) - if @api_client.config.debugging - @api_client.config.logger.debug "API called: DiscoverApi#query_active_discovery_networks\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" - end - return data, status_code, headers - end - - # Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria. - # @param [Hash] opts the optional parameters - # @option opts [String] :x_cs_useruuid User UUID - # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. - # @option opts [Integer] :limit The number of active discovery rule ids to return in this response (Min: 1, Max: 100, Default: 100). - # @option opts [String] :sort Sort active discovery rules by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for active discovery rules in your environment by providing an FQL filter. - # @return [MsaspecQueryResponse] - def query_active_discovery_rules(opts = {}) - data, _status_code, _headers = query_active_discovery_rules_with_http_info(opts) - data - end - - # Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria. - # @param [Hash] opts the optional parameters - # @option opts [String] :x_cs_useruuid User UUID - # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. - # @option opts [Integer] :limit The number of active discovery rule ids to return in this response (Min: 1, Max: 100, Default: 100). - # @option opts [String] :sort Sort active discovery rules by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for active discovery rules in your environment by providing an FQL filter. - # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers - def query_active_discovery_rules_with_http_info(opts = {}) - if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: DiscoverApi.query_active_discovery_rules ...' - end - if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0 - fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling DiscoverApi.query_active_discovery_rules, must be greater than or equal to 0.' - end - - if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_rules, must be smaller than or equal to 100.' - end - - if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_rules, must be greater than or equal to 1.' - end - - # resource path - local_var_path = '/discover/queries/active-discovery-rules/v1' - - # query parameters - query_params = opts[:query_params] || {} - query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil? - query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil? - query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil? - query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil? - - # header parameters - header_params = opts[:header_params] || {} - # HTTP header 'Accept' (if needed) - header_params['Accept'] = @api_client.select_header_accept(['application/json']) - header_params[:'X-CS-USERUUID'] = opts[:'x_cs_useruuid'] if !opts[:'x_cs_useruuid'].nil? - - # form parameters - form_params = opts[:form_params] || {} - - # http body (model) - post_body = opts[:debug_body] - - # return_type - return_type = opts[:debug_return_type] || 'MsaspecQueryResponse' - - # auth_names - auth_names = opts[:debug_auth_names] || ['oauth2'] - - new_options = opts.merge( - :operation => :"DiscoverApi.query_active_discovery_rules", - :header_params => header_params, - :query_params => query_params, - :form_params => form_params, - :body => post_body, - :auth_names => auth_names, - :return_type => return_type - ) - - data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) - if @api_client.config.debugging - @api_client.config.logger.debug "API called: DiscoverApi#query_active_discovery_rules\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" - end - return data, status_code, headers - end - - # Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria. - # @param [Hash] opts the optional parameters - # @option opts [String] :x_cs_useruuid User UUID - # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. - # @option opts [Integer] :limit The number of active discovery scanner ids to return in this response (Min: 1, Max: 100, Default: 100). - # @option opts [String] :sort Sort active discovery scanners by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for active discovery scanners in your environment by providing an FQL filter. - # @return [MsaspecQueryResponse] - def query_active_discovery_scanners(opts = {}) - data, _status_code, _headers = query_active_discovery_scanners_with_http_info(opts) - data - end - - # Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria. - # @param [Hash] opts the optional parameters - # @option opts [String] :x_cs_useruuid User UUID - # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. - # @option opts [Integer] :limit The number of active discovery scanner ids to return in this response (Min: 1, Max: 100, Default: 100). - # @option opts [String] :sort Sort active discovery scanners by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for active discovery scanners in your environment by providing an FQL filter. - # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers - def query_active_discovery_scanners_with_http_info(opts = {}) - if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: DiscoverApi.query_active_discovery_scanners ...' - end - if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0 - fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling DiscoverApi.query_active_discovery_scanners, must be greater than or equal to 0.' - end - - if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_scanners, must be smaller than or equal to 100.' - end - - if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_scanners, must be greater than or equal to 1.' - end - - # resource path - local_var_path = '/discover/queries/active-discovery-scanners/v1' - - # query parameters - query_params = opts[:query_params] || {} - query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil? - query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil? - query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil? - query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil? - - # header parameters - header_params = opts[:header_params] || {} - # HTTP header 'Accept' (if needed) - header_params['Accept'] = @api_client.select_header_accept(['application/json']) - header_params[:'X-CS-USERUUID'] = opts[:'x_cs_useruuid'] if !opts[:'x_cs_useruuid'].nil? - - # form parameters - form_params = opts[:form_params] || {} - - # http body (model) - post_body = opts[:debug_body] - - # return_type - return_type = opts[:debug_return_type] || 'MsaspecQueryResponse' - - # auth_names - auth_names = opts[:debug_auth_names] || ['oauth2'] - - new_options = opts.merge( - :operation => :"DiscoverApi.query_active_discovery_scanners", - :header_params => header_params, - :query_params => query_params, - :form_params => form_params, - :body => post_body, - :auth_names => auth_names, - :return_type => return_type - ) - - data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) - if @api_client.config.debugging - @api_client.config.logger.debug "API called: DiscoverApi#query_active_discovery_scanners\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" - end - return data, status_code, headers - end - - # Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria. - # @param [Hash] opts the optional parameters - # @option opts [String] :x_cs_useruuid User UUID - # @option opts [Integer] :offset The index of the starting resource. - # @option opts [Integer] :limit The number of active discovery scan ids to return in this response (Min: 1, Max: 100, Default: 100). - # @option opts [String] :sort Sort active discovery scans by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for active discovery scans in your environment by providing an FQL filter. - # @return [MsaspecQueryResponse] - def query_active_discovery_scans(opts = {}) - data, _status_code, _headers = query_active_discovery_scans_with_http_info(opts) - data - end - - # Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria. - # @param [Hash] opts the optional parameters - # @option opts [String] :x_cs_useruuid User UUID - # @option opts [Integer] :offset The index of the starting resource. - # @option opts [Integer] :limit The number of active discovery scan ids to return in this response (Min: 1, Max: 100, Default: 100). - # @option opts [String] :sort Sort active discovery scans by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for active discovery scans in your environment by providing an FQL filter. - # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers - def query_active_discovery_scans_with_http_info(opts = {}) - if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: DiscoverApi.query_active_discovery_scans ...' - end - if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0 - fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling DiscoverApi.query_active_discovery_scans, must be greater than or equal to 0.' - end - - if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_scans, must be smaller than or equal to 100.' - end - - if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_scans, must be greater than or equal to 1.' - end - - # resource path - local_var_path = '/discover/queries/active-discovery-scans/v1' - - # query parameters - query_params = opts[:query_params] || {} - query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil? - query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil? - query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil? - query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil? - - # header parameters - header_params = opts[:header_params] || {} - # HTTP header 'Accept' (if needed) - header_params['Accept'] = @api_client.select_header_accept(['application/json']) - header_params[:'X-CS-USERUUID'] = opts[:'x_cs_useruuid'] if !opts[:'x_cs_useruuid'].nil? - - # form parameters - form_params = opts[:form_params] || {} - - # http body (model) - post_body = opts[:debug_body] - - # return_type - return_type = opts[:debug_return_type] || 'MsaspecQueryResponse' - - # auth_names - auth_names = opts[:debug_auth_names] || ['oauth2'] - - new_options = opts.merge( - :operation => :"DiscoverApi.query_active_discovery_scans", - :header_params => header_params, - :query_params => query_params, - :form_params => form_params, - :body => post_body, - :auth_names => auth_names, - :return_type => return_type - ) - - data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) - if @api_client.config.debugging - @api_client.config.logger.debug "API called: DiscoverApi#query_active_discovery_scans\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" - end - return data, status_code, headers - end - # Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria. # @param [Hash] opts the optional parameters # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of application ids to return in this response (Min: 1, Max: 100, Default: 100). # @option opts [String] :sort Sort applications by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for applications in your environment by providing an FQL filter. + # @option opts [String] :filter Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!). # @return [MsaspecQueryResponse] def query_applications(opts = {}) data, _status_code, _headers = query_applications_with_http_info(opts) @@ -708,7 +380,7 @@ def query_applications(opts = {}) # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of application ids to return in this response (Min: 1, Max: 100, Default: 100). # @option opts [String] :sort Sort applications by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for applications in your environment by providing an FQL filter. + # @option opts [String] :filter Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!). # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers def query_applications_with_http_info(opts = {}) if @api_client.config.debugging @@ -775,7 +447,7 @@ def query_applications_with_http_info(opts = {}) # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. # @option opts [String] :sort Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul> - # @option opts [String] :filter Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> + # @option opts [String] :filter Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp All filter fields and operations supports negation (!). # @return [MsaspecQueryResponse] def query_hosts(opts = {}) data, _status_code, _headers = query_hosts_with_http_info(opts) @@ -787,7 +459,7 @@ def query_hosts(opts = {}) # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. # @option opts [String] :sort Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul> - # @option opts [String] :filter Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> + # @option opts [String] :filter Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp All filter fields and operations supports negation (!). # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers def query_hosts_with_http_info(opts = {}) if @api_client.config.debugging @@ -854,7 +526,7 @@ def query_hosts_with_http_info(opts = {}) # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. # @option opts [String] :sort Sort logins by their properties. A single sort field is allowed. Common sort options include: <ul><li>account_name|asc</li><li>login_timestamp|desc</li></ul> - # @option opts [String] :filter Filter logins using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul> + # @option opts [String] :filter Filter logins using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul> Available filter fields that support exact match: id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_timestamp, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, is_suspicious, failure_description, login_event_count, aggregation_time_interval Available filter fields that supports wildcard (*): id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, failure_description, aggregation_time_interval Available filter fields that supports range comparisons (>, <, >=, <=): login_timestamp, login_event_count All filter fields and operations supports negation (!). # @return [MsaQueryResponse] def query_logins(opts = {}) data, _status_code, _headers = query_logins_with_http_info(opts) @@ -866,7 +538,7 @@ def query_logins(opts = {}) # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. # @option opts [String] :sort Sort logins by their properties. A single sort field is allowed. Common sort options include: <ul><li>account_name|asc</li><li>login_timestamp|desc</li></ul> - # @option opts [String] :filter Filter logins using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul> + # @option opts [String] :filter Filter logins using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul> Available filter fields that support exact match: id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_timestamp, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, is_suspicious, failure_description, login_event_count, aggregation_time_interval Available filter fields that supports wildcard (*): id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, failure_description, aggregation_time_interval Available filter fields that supports range comparisons (>, <, >=, <=): login_timestamp, login_event_count All filter fields and operations supports negation (!). # @return [Array<(MsaQueryResponse, Integer, Hash)>] MsaQueryResponse data, response status code and response headers def query_logins_with_http_info(opts = {}) if @api_client.config.debugging diff --git a/lib/crimson-falcon/api/discover_iot_api.rb b/lib/crimson-falcon/api/discover_iot_api.rb index 95c9ec7a..94ee70a3 100644 --- a/lib/crimson-falcon/api/discover_iot_api.rb +++ b/lib/crimson-falcon/api/discover_iot_api.rb @@ -103,7 +103,7 @@ def get_iot_hosts_with_http_info(ids, opts = {}) # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. # @option opts [String] :sort Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul> - # @option opts [String] :filter Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> + # @option opts [String] :filter Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, physical_connections_count, data_providers Available filter fields that supports wildcard (*): device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, data_providers Available filter fields that supports range comparisons (>, <, >=, <=): physical_connections_count All filter fields and operations supports negation (!). # @return [MsaspecQueryResponse] def query_iot_hosts(opts = {}) data, _status_code, _headers = query_iot_hosts_with_http_info(opts) @@ -115,7 +115,7 @@ def query_iot_hosts(opts = {}) # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. # @option opts [String] :sort Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul> - # @option opts [String] :filter Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> + # @option opts [String] :filter Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, physical_connections_count, data_providers Available filter fields that supports wildcard (*): device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, data_providers Available filter fields that supports range comparisons (>, <, >=, <=): physical_connections_count All filter fields and operations supports negation (!). # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers def query_iot_hosts_with_http_info(opts = {}) if @api_client.config.debugging diff --git a/lib/crimson-falcon/api/falcon_container_image_api.rb b/lib/crimson-falcon/api/falcon_container_image_api.rb index 7b4489c7..de21c86b 100644 --- a/lib/crimson-falcon/api/falcon_container_image_api.rb +++ b/lib/crimson-falcon/api/falcon_container_image_api.rb @@ -164,6 +164,73 @@ def delete_registry_entities_with_http_info(ids, opts = {}) return data, status_code, headers end + # Get image assessment results by providing an FQL filter and paging details + # @param [Hash] opts the optional parameters + # @option opts [String] :filter Filter images using a query in Falcon Query Language (FQL). Supported filters: container_running_status, cve_id, first_seen, registry, repository, tag, vulnerability_severity + # @option opts [Integer] :limit The upper-bound on the number of records to retrieve [1-100] + # @option opts [Integer] :offset The offset from where to begin. + # @option opts [String] :sort The fields to sort the records on. Supported columns: [first_seen registry repository tag vulnerability_severity] + # @return [ImagesExtCombinedImagesResponse] + def get_combined_images(opts = {}) + data, _status_code, _headers = get_combined_images_with_http_info(opts) + data + end + + # Get image assessment results by providing an FQL filter and paging details + # @param [Hash] opts the optional parameters + # @option opts [String] :filter Filter images using a query in Falcon Query Language (FQL). Supported filters: container_running_status, cve_id, first_seen, registry, repository, tag, vulnerability_severity + # @option opts [Integer] :limit The upper-bound on the number of records to retrieve [1-100] + # @option opts [Integer] :offset The offset from where to begin. + # @option opts [String] :sort The fields to sort the records on. Supported columns: [first_seen registry repository tag vulnerability_severity] + # @return [Array<(ImagesExtCombinedImagesResponse, Integer, Hash)>] ImagesExtCombinedImagesResponse data, response status code and response headers + def get_combined_images_with_http_info(opts = {}) + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: FalconContainerImageApi.get_combined_images ...' + end + # resource path + local_var_path = '/container-security/combined/image-assessment/images/v1' + + # query parameters + query_params = opts[:query_params] || {} + query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil? + query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil? + query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil? + query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil? + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'ImagesExtCombinedImagesResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || ['oauth2'] + + new_options = opts.merge( + :operation => :"FalconContainerImageApi.get_combined_images", + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: FalconContainerImageApi#get_combined_images\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # Retrieve registry entities identified by the customer id # @param [Hash] opts the optional parameters # @option opts [Integer] :limit The upper-bound on the number of records to retrieve. diff --git a/lib/crimson-falcon/api/filevantage_api.rb b/lib/crimson-falcon/api/filevantage_api.rb index ea88bfca..45343725 100644 --- a/lib/crimson-falcon/api/filevantage_api.rb +++ b/lib/crimson-falcon/api/filevantage_api.rb @@ -38,7 +38,7 @@ def initialize(api_client = ApiClient.default) end # Retrieve information on changes # Retrieve key attributes of Falcon FileVantage changes for the specified ids. - # @param ids [Array] Comma separated values of change ids + # @param ids [Array] One or more change ids in the form of ids=ID1&ids=ID2 # @param [Hash] opts the optional parameters # @return [PublicGetChangesResponse] def get_changes(ids, opts = {}) @@ -48,7 +48,7 @@ def get_changes(ids, opts = {}) # Retrieve information on changes # Retrieve key attributes of Falcon FileVantage changes for the specified ids. - # @param ids [Array] Comma separated values of change ids + # @param ids [Array] One or more change ids in the form of ids=ID1&ids=ID2 # @param [Hash] opts the optional parameters # @return [Array<(PublicGetChangesResponse, Integer, Hash)>] PublicGetChangesResponse data, response status code and response headers def get_changes_with_http_info(ids, opts = {}) diff --git a/lib/crimson-falcon/api/identity_entities_api.rb b/lib/crimson-falcon/api/identity_entities_api.rb new file mode 100644 index 00000000..5b1ffea2 --- /dev/null +++ b/lib/crimson-falcon/api/identity_entities_api.rb @@ -0,0 +1,238 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'cgi' + +module Falcon + class IdentityEntitiesApi + attr_accessor :api_client + + def initialize(api_client = ApiClient.default) + @api_client = api_client + end + # Get sensor aggregates as specified via json in request body. + # @param body [MsaAggregateQueryRequest] + # @param [Hash] opts the optional parameters + # @return [MsaAggregatesResponse] + def get_sensor_aggregates(body, opts = {}) + data, _status_code, _headers = get_sensor_aggregates_with_http_info(body, opts) + data + end + + # Get sensor aggregates as specified via json in request body. + # @param body [MsaAggregateQueryRequest] + # @param [Hash] opts the optional parameters + # @return [Array<(MsaAggregatesResponse, Integer, Hash)>] MsaAggregatesResponse data, response status code and response headers + def get_sensor_aggregates_with_http_info(body, opts = {}) + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: IdentityEntitiesApi.get_sensor_aggregates ...' + end + # verify the required parameter 'body' is set + if @api_client.config.client_side_validation && body.nil? + fail ArgumentError, "Missing the required parameter 'body' when calling IdentityEntitiesApi.get_sensor_aggregates" + end + # resource path + local_var_path = '/identity-protection/aggregates/devices/GET/v1' + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + # HTTP header 'Content-Type' + content_type = @api_client.select_header_content_type(['application/json']) + if !content_type.nil? + header_params['Content-Type'] = content_type + end + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] || @api_client.object_to_http_body(body) + + # return_type + return_type = opts[:debug_return_type] || 'MsaAggregatesResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || ['oauth2'] + + new_options = opts.merge( + :operation => :"IdentityEntitiesApi.get_sensor_aggregates", + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: IdentityEntitiesApi#get_sensor_aggregates\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + + # Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs. + # @param body [MsaIdsRequest] + # @param [Hash] opts the optional parameters + # @return [ApiSensorDetailsResponseSwagger] + def get_sensor_details(body, opts = {}) + data, _status_code, _headers = get_sensor_details_with_http_info(body, opts) + data + end + + # Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs. + # @param body [MsaIdsRequest] + # @param [Hash] opts the optional parameters + # @return [Array<(ApiSensorDetailsResponseSwagger, Integer, Hash)>] ApiSensorDetailsResponseSwagger data, response status code and response headers + def get_sensor_details_with_http_info(body, opts = {}) + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: IdentityEntitiesApi.get_sensor_details ...' + end + # verify the required parameter 'body' is set + if @api_client.config.client_side_validation && body.nil? + fail ArgumentError, "Missing the required parameter 'body' when calling IdentityEntitiesApi.get_sensor_details" + end + # resource path + local_var_path = '/identity-protection/entities/devices/GET/v1' + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + # HTTP header 'Content-Type' + content_type = @api_client.select_header_content_type(['application/json']) + if !content_type.nil? + header_params['Content-Type'] = content_type + end + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] || @api_client.object_to_http_body(body) + + # return_type + return_type = opts[:debug_return_type] || 'ApiSensorDetailsResponseSwagger' + + # auth_names + auth_names = opts[:debug_auth_names] || ['oauth2'] + + new_options = opts.merge( + :operation => :"IdentityEntitiesApi.get_sensor_details", + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: IdentityEntitiesApi#get_sensor_details\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + + # Search for sensors in your environment by hostname, IP, and other criteria. + # @param [Hash] opts the optional parameters + # @option opts [Integer] :offset The offset to start retrieving records from + # @option opts [Integer] :limit The maximum records to return. [1-200] + # @option opts [String] :sort The property to sort by (e.g. status.desc or hostname.asc) + # @option opts [String] :filter The filter expression that should be used to limit the results + # @return [MsaspecQueryResponse] + def query_sensors_by_filter(opts = {}) + data, _status_code, _headers = query_sensors_by_filter_with_http_info(opts) + data + end + + # Search for sensors in your environment by hostname, IP, and other criteria. + # @param [Hash] opts the optional parameters + # @option opts [Integer] :offset The offset to start retrieving records from + # @option opts [Integer] :limit The maximum records to return. [1-200] + # @option opts [String] :sort The property to sort by (e.g. status.desc or hostname.asc) + # @option opts [String] :filter The filter expression that should be used to limit the results + # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers + def query_sensors_by_filter_with_http_info(opts = {}) + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: IdentityEntitiesApi.query_sensors_by_filter ...' + end + # resource path + local_var_path = '/identity-protection/queries/devices/v1' + + # query parameters + query_params = opts[:query_params] || {} + query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil? + query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil? + query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil? + query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil? + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'MsaspecQueryResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || ['oauth2'] + + new_options = opts.merge( + :operation => :"IdentityEntitiesApi.query_sensors_by_filter", + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: IdentityEntitiesApi#query_sensors_by_filter\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + end +end diff --git a/lib/crimson-falcon/api/incidents_api.rb b/lib/crimson-falcon/api/incidents_api.rb index 9c4a1591..438d7d0b 100644 --- a/lib/crimson-falcon/api/incidents_api.rb +++ b/lib/crimson-falcon/api/incidents_api.rb @@ -334,7 +334,7 @@ def query_behaviors_with_http_info(opts = {}) if @api_client.config.debugging @api_client.config.logger.debug 'Calling API: IncidentsApi.query_behaviors ...' end - allowable_values = ["cmdline.asc", "cmdline.desc", "detection_ids.asc", "detection_ids.desc", "display_name.asc", "display_name.desc", "domain.asc", "domain.desc", "filepath.asc", "filepath.desc", "timestamp.asc", "timestamp.desc"] + allowable_values = ["alert_ids.asc", "alert_ids.desc", "cmdline.asc", "cmdline.desc", "detection_ids.asc", "detection_ids.desc", "display_name.asc", "display_name.desc", "domain.asc", "domain.desc", "filepath.asc", "filepath.desc", "timestamp.asc", "timestamp.desc"] if @api_client.config.client_side_validation && opts[:'sort'] && !allowable_values.include?(opts[:'sort']) fail ArgumentError, "invalid value for \"sort\", must be one of #{allowable_values}" end diff --git a/lib/crimson-falcon/api/intel_api.rb b/lib/crimson-falcon/api/intel_api.rb index 8b7647c3..e8b01370 100644 --- a/lib/crimson-falcon/api/intel_api.rb +++ b/lib/crimson-falcon/api/intel_api.rb @@ -703,7 +703,7 @@ def post_mitre_attacks_with_http_info(body, opts = {}) # @option opts [Integer] :offset Set the starting row number to return actors from. Defaults to 0. # @option opts [Integer] :limit Set the number of actors to return. The value must be between 1 and 5000. # @option opts [String] :sort Order fields in ascending or descending order. Ex: created_date|asc. - # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions. + # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value. # @option opts [String] :q Perform a generic substring search across all fields. # @option opts [Array] :fields The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: \\_\\_\\<collection\\>\\_\\_. Ex: slug \\_\\_full\\_\\_. Defaults to \\_\\_basic\\_\\_. # @return [DomainActorsResponse] @@ -717,7 +717,7 @@ def query_intel_actor_entities(opts = {}) # @option opts [Integer] :offset Set the starting row number to return actors from. Defaults to 0. # @option opts [Integer] :limit Set the number of actors to return. The value must be between 1 and 5000. # @option opts [String] :sort Order fields in ascending or descending order. Ex: created_date|asc. - # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions. + # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value. # @option opts [String] :q Perform a generic substring search across all fields. # @option opts [Array] :fields The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: \\_\\_\\<collection\\>\\_\\_. Ex: slug \\_\\_full\\_\\_. Defaults to \\_\\_basic\\_\\_. # @return [Array<(DomainActorsResponse, Integer, Hash)>] DomainActorsResponse data, response status code and response headers @@ -776,7 +776,7 @@ def query_intel_actor_entities_with_http_info(opts = {}) # @option opts [Integer] :offset Set the starting row number to return actors IDs from. Defaults to 0. # @option opts [Integer] :limit Set the number of actor IDs to return. The value must be between 1 and 5000. # @option opts [String] :sort Order fields in ascending or descending order. Ex: created_date|asc. - # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions. + # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value. # @option opts [String] :q Perform a generic substring search across all fields. # @return [MsaQueryResponse] def query_intel_actor_ids(opts = {}) @@ -789,7 +789,7 @@ def query_intel_actor_ids(opts = {}) # @option opts [Integer] :offset Set the starting row number to return actors IDs from. Defaults to 0. # @option opts [Integer] :limit Set the number of actor IDs to return. The value must be between 1 and 5000. # @option opts [String] :sort Order fields in ascending or descending order. Ex: created_date|asc. - # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions. + # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value. # @option opts [String] :q Perform a generic substring search across all fields. # @return [Array<(MsaQueryResponse, Integer, Hash)>] MsaQueryResponse data, response status code and response headers def query_intel_actor_ids_with_http_info(opts = {}) @@ -1225,33 +1225,32 @@ def query_intel_rule_ids_with_http_info(type, opts = {}) return data, status_code, headers end - # Gets MITRE tactics and techniques for the given actor - # @param id [String] The actor ID(derived from the actor's name) for which to retrieve a list of attacks. + # Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071 # @param [Hash] opts the optional parameters - # @return [nil] - def query_mitre_attacks(id, opts = {}) - query_mitre_attacks_with_http_info(id, opts) - nil + # @option opts [String] :id The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed + # @option opts [Array] :ids The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed + # @return [DomainQueryMitreAttacksResponse] + def query_mitre_attacks(opts = {}) + data, _status_code, _headers = query_mitre_attacks_with_http_info(opts) + data end - # Gets MITRE tactics and techniques for the given actor - # @param id [String] The actor ID(derived from the actor's name) for which to retrieve a list of attacks. + # Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071 # @param [Hash] opts the optional parameters - # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers - def query_mitre_attacks_with_http_info(id, opts = {}) + # @option opts [String] :id The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed + # @option opts [Array] :ids The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed + # @return [Array<(DomainQueryMitreAttacksResponse, Integer, Hash)>] DomainQueryMitreAttacksResponse data, response status code and response headers + def query_mitre_attacks_with_http_info(opts = {}) if @api_client.config.debugging @api_client.config.logger.debug 'Calling API: IntelApi.query_mitre_attacks ...' end - # verify the required parameter 'id' is set - if @api_client.config.client_side_validation && id.nil? - fail ArgumentError, "Missing the required parameter 'id' when calling IntelApi.query_mitre_attacks" - end # resource path local_var_path = '/intel/queries/mitre/v1' # query parameters query_params = opts[:query_params] || {} - query_params[:'id'] = id + query_params[:'id'] = opts[:'id'] if !opts[:'id'].nil? + query_params[:'ids'] = @api_client.build_collection_param(opts[:'ids'], :multi) if !opts[:'ids'].nil? # header parameters header_params = opts[:header_params] || {} @@ -1265,7 +1264,7 @@ def query_mitre_attacks_with_http_info(id, opts = {}) post_body = opts[:debug_body] # return_type - return_type = opts[:debug_return_type] + return_type = opts[:debug_return_type] || 'DomainQueryMitreAttacksResponse' # auth_names auth_names = opts[:debug_auth_names] || ['oauth2'] diff --git a/lib/crimson-falcon/api/inventories_api.rb b/lib/crimson-falcon/api/inventories_api.rb new file mode 100644 index 00000000..b8081678 --- /dev/null +++ b/lib/crimson-falcon/api/inventories_api.rb @@ -0,0 +1,105 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'cgi' + +module Falcon + class InventoriesApi + attr_accessor :api_client + + def initialize(api_client = ApiClient.default) + @api_client = api_client + end + # Create inventory from data received from snapshot + # @param body [ModelsSnapshotInventoryPayload] + # @param [Hash] opts the optional parameters + # @return [CommonEntitiesResponse] + def create_inventory(body, opts = {}) + data, _status_code, _headers = create_inventory_with_http_info(body, opts) + data + end + + # Create inventory from data received from snapshot + # @param body [ModelsSnapshotInventoryPayload] + # @param [Hash] opts the optional parameters + # @return [Array<(CommonEntitiesResponse, Integer, Hash)>] CommonEntitiesResponse data, response status code and response headers + def create_inventory_with_http_info(body, opts = {}) + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: InventoriesApi.create_inventory ...' + end + # verify the required parameter 'body' is set + if @api_client.config.client_side_validation && body.nil? + fail ArgumentError, "Missing the required parameter 'body' when calling InventoriesApi.create_inventory" + end + # resource path + local_var_path = '/snapshots/entities/inventories/v1' + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + # HTTP header 'Content-Type' + content_type = @api_client.select_header_content_type(['application/json']) + if !content_type.nil? + header_params['Content-Type'] = content_type + end + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] || @api_client.object_to_http_body(body) + + # return_type + return_type = opts[:debug_return_type] || 'CommonEntitiesResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || ['oauth2'] + + new_options = opts.merge( + :operation => :"InventoriesApi.create_inventory", + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: InventoriesApi#create_inventory\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + end +end diff --git a/lib/crimson-falcon/api/mssp_api.rb b/lib/crimson-falcon/api/mssp_api.rb index d901e7f1..5e97b175 100644 --- a/lib/crimson-falcon/api/mssp_api.rb +++ b/lib/crimson-falcon/api/mssp_api.rb @@ -366,7 +366,7 @@ def create_user_groups_with_http_info(body, opts = {}) return data, status_code, headers end - # Delete CID group members. + # Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members. # @param body [DomainCIDGroupMembersRequestV1] Both 'cid_group_id' and 'cids' fields are required. # @param [Hash] opts the optional parameters # @return [DomainCIDGroupMembersResponseV1] @@ -375,7 +375,7 @@ def delete_cid_group_members(body, opts = {}) data end - # Delete CID group members. + # Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members. # @param body [DomainCIDGroupMembersRequestV1] Both 'cid_group_id' and 'cids' fields are required. # @param [Hash] opts the optional parameters # @return [Array<(DomainCIDGroupMembersResponseV1, Integer, Hash)>] DomainCIDGroupMembersResponseV1 data, response status code and response headers @@ -432,6 +432,72 @@ def delete_cid_group_members_with_http_info(body, opts = {}) return data, status_code, headers end + # Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group. + # @param body [DomainCIDGroupMembersRequestV1] Both 'cid_group_id' and 'cids' fields are required. + # @param [Hash] opts the optional parameters + # @return [DomainCIDGroupMembersResponseV1] + def delete_cid_group_members_v2(body, opts = {}) + data, _status_code, _headers = delete_cid_group_members_v2_with_http_info(body, opts) + data + end + + # Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group. + # @param body [DomainCIDGroupMembersRequestV1] Both 'cid_group_id' and 'cids' fields are required. + # @param [Hash] opts the optional parameters + # @return [Array<(DomainCIDGroupMembersResponseV1, Integer, Hash)>] DomainCIDGroupMembersResponseV1 data, response status code and response headers + def delete_cid_group_members_v2_with_http_info(body, opts = {}) + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: MsspApi.delete_cid_group_members_v2 ...' + end + # verify the required parameter 'body' is set + if @api_client.config.client_side_validation && body.nil? + fail ArgumentError, "Missing the required parameter 'body' when calling MsspApi.delete_cid_group_members_v2" + end + # resource path + local_var_path = '/mssp/entities/cid-group-members/v2' + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + # HTTP header 'Content-Type' + content_type = @api_client.select_header_content_type(['application/json']) + if !content_type.nil? + header_params['Content-Type'] = content_type + end + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] || @api_client.object_to_http_body(body) + + # return_type + return_type = opts[:debug_return_type] || 'DomainCIDGroupMembersResponseV1' + + # auth_names + auth_names = opts[:debug_auth_names] || ['oauth2'] + + new_options = opts.merge( + :operation => :"MsspApi.delete_cid_group_members_v2", + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:DELETE, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: MsspApi#delete_cid_group_members_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # Delete CID groups by ID. # @param cid_group_ids [Array] CID group ids to delete # @param [Hash] opts the optional parameters diff --git a/lib/crimson-falcon/api/provision_api.rb b/lib/crimson-falcon/api/provision_api.rb new file mode 100644 index 00000000..9bc37d34 --- /dev/null +++ b/lib/crimson-falcon/api/provision_api.rb @@ -0,0 +1,94 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'cgi' + +module Falcon + class ProvisionApi + attr_accessor :api_client + + def initialize(api_client = ApiClient.default) + @api_client = api_client + end + # Gets the registry credentials + # @param [Hash] opts the optional parameters + # @return [ModelsRegistryCredentialsResponse] + def get_credentials_mixin0(opts = {}) + data, _status_code, _headers = get_credentials_mixin0_with_http_info(opts) + data + end + + # Gets the registry credentials + # @param [Hash] opts the optional parameters + # @return [Array<(ModelsRegistryCredentialsResponse, Integer, Hash)>] ModelsRegistryCredentialsResponse data, response status code and response headers + def get_credentials_mixin0_with_http_info(opts = {}) + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: ProvisionApi.get_credentials_mixin0 ...' + end + # resource path + local_var_path = '/snapshots/entities/image-registry-credentials/v1' + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'ModelsRegistryCredentialsResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || ['oauth2'] + + new_options = opts.merge( + :operation => :"ProvisionApi.get_credentials_mixin0", + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: ProvisionApi#get_credentials_mixin0\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + end +end diff --git a/lib/crimson-falcon/api/spotlight_vulnerabilities_api.rb b/lib/crimson-falcon/api/vulnerabilities_api.rb similarity index 72% rename from lib/crimson-falcon/api/spotlight_vulnerabilities_api.rb rename to lib/crimson-falcon/api/vulnerabilities_api.rb index 01f4c422..833a7742 100644 --- a/lib/crimson-falcon/api/spotlight_vulnerabilities_api.rb +++ b/lib/crimson-falcon/api/vulnerabilities_api.rb @@ -30,14 +30,14 @@ require 'cgi' module Falcon - class SpotlightVulnerabilitiesApi + class VulnerabilitiesApi attr_accessor :api_client def initialize(api_client = ApiClient.default) @api_client = api_client end # Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria - # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul> + # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp # @param [Hash] opts the optional parameters # @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. # @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results. @@ -50,7 +50,7 @@ def combined_query_vulnerabilities(filter, opts = {}) end # Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria - # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul> + # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp # @param [Hash] opts the optional parameters # @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. # @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results. @@ -59,18 +59,18 @@ def combined_query_vulnerabilities(filter, opts = {}) # @return [Array<(DomainSPAPICombinedVulnerabilitiesResponse, Integer, Hash)>] DomainSPAPICombinedVulnerabilitiesResponse data, response status code and response headers def combined_query_vulnerabilities_with_http_info(filter, opts = {}) if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: SpotlightVulnerabilitiesApi.combined_query_vulnerabilities ...' + @api_client.config.logger.debug 'Calling API: VulnerabilitiesApi.combined_query_vulnerabilities ...' end # verify the required parameter 'filter' is set if @api_client.config.client_side_validation && filter.nil? - fail ArgumentError, "Missing the required parameter 'filter' when calling SpotlightVulnerabilitiesApi.combined_query_vulnerabilities" + fail ArgumentError, "Missing the required parameter 'filter' when calling VulnerabilitiesApi.combined_query_vulnerabilities" end if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 5000 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling SpotlightVulnerabilitiesApi.combined_query_vulnerabilities, must be smaller than or equal to 5000.' + fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling VulnerabilitiesApi.combined_query_vulnerabilities, must be smaller than or equal to 5000.' end if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling SpotlightVulnerabilitiesApi.combined_query_vulnerabilities, must be greater than or equal to 1.' + fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling VulnerabilitiesApi.combined_query_vulnerabilities, must be greater than or equal to 1.' end # resource path @@ -102,7 +102,7 @@ def combined_query_vulnerabilities_with_http_info(filter, opts = {}) auth_names = opts[:debug_auth_names] || ['oauth2'] new_options = opts.merge( - :operation => :"SpotlightVulnerabilitiesApi.combined_query_vulnerabilities", + :operation => :"VulnerabilitiesApi.combined_query_vulnerabilities", :header_params => header_params, :query_params => query_params, :form_params => form_params, @@ -113,7 +113,7 @@ def combined_query_vulnerabilities_with_http_info(filter, opts = {}) data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) if @api_client.config.debugging - @api_client.config.logger.debug "API called: SpotlightVulnerabilitiesApi#combined_query_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + @api_client.config.logger.debug "API called: VulnerabilitiesApi#combined_query_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end @@ -133,11 +133,11 @@ def get_remediations_v2(ids, opts = {}) # @return [Array<(DomainSPAPIRemediationEntitiesResponseV2, Integer, Hash)>] DomainSPAPIRemediationEntitiesResponseV2 data, response status code and response headers def get_remediations_v2_with_http_info(ids, opts = {}) if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: SpotlightVulnerabilitiesApi.get_remediations_v2 ...' + @api_client.config.logger.debug 'Calling API: VulnerabilitiesApi.get_remediations_v2 ...' end # verify the required parameter 'ids' is set if @api_client.config.client_side_validation && ids.nil? - fail ArgumentError, "Missing the required parameter 'ids' when calling SpotlightVulnerabilitiesApi.get_remediations_v2" + fail ArgumentError, "Missing the required parameter 'ids' when calling VulnerabilitiesApi.get_remediations_v2" end # resource path local_var_path = '/spotlight/entities/remediations/v2' @@ -164,7 +164,7 @@ def get_remediations_v2_with_http_info(ids, opts = {}) auth_names = opts[:debug_auth_names] || ['oauth2'] new_options = opts.merge( - :operation => :"SpotlightVulnerabilitiesApi.get_remediations_v2", + :operation => :"VulnerabilitiesApi.get_remediations_v2", :header_params => header_params, :query_params => query_params, :form_params => form_params, @@ -175,7 +175,7 @@ def get_remediations_v2_with_http_info(ids, opts = {}) data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) if @api_client.config.debugging - @api_client.config.logger.debug "API called: SpotlightVulnerabilitiesApi#get_remediations_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + @api_client.config.logger.debug "API called: VulnerabilitiesApi#get_remediations_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end @@ -195,11 +195,11 @@ def get_vulnerabilities(ids, opts = {}) # @return [Array<(DomainSPAPIVulnerabilitiesEntitiesResponseV2, Integer, Hash)>] DomainSPAPIVulnerabilitiesEntitiesResponseV2 data, response status code and response headers def get_vulnerabilities_with_http_info(ids, opts = {}) if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: SpotlightVulnerabilitiesApi.get_vulnerabilities ...' + @api_client.config.logger.debug 'Calling API: VulnerabilitiesApi.get_vulnerabilities ...' end # verify the required parameter 'ids' is set if @api_client.config.client_side_validation && ids.nil? - fail ArgumentError, "Missing the required parameter 'ids' when calling SpotlightVulnerabilitiesApi.get_vulnerabilities" + fail ArgumentError, "Missing the required parameter 'ids' when calling VulnerabilitiesApi.get_vulnerabilities" end # resource path local_var_path = '/spotlight/entities/vulnerabilities/v2' @@ -226,7 +226,7 @@ def get_vulnerabilities_with_http_info(ids, opts = {}) auth_names = opts[:debug_auth_names] || ['oauth2'] new_options = opts.merge( - :operation => :"SpotlightVulnerabilitiesApi.get_vulnerabilities", + :operation => :"VulnerabilitiesApi.get_vulnerabilities", :header_params => header_params, :query_params => query_params, :form_params => form_params, @@ -237,17 +237,17 @@ def get_vulnerabilities_with_http_info(ids, opts = {}) data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) if @api_client.config.debugging - @api_client.config.logger.debug "API called: SpotlightVulnerabilitiesApi#get_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + @api_client.config.logger.debug "API called: VulnerabilitiesApi#get_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end # Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria - # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul> + # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp # @param [Hash] opts the optional parameters # @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. # @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results. - # @option opts [String] :sort Sort vulnerabilities by their properties. Common sort options include: <ul><li>updated_timestamp|asc</li><li>closed_timestamp|asc</li></ul> + # @option opts [String] :sort Sort vulnerabilities by their properties. Available sort options: <ul><li>updated_timestamp|asc/desc</li><li>closed_timestamp|asc</li><li>updated_timestamp|asc/desc</li></ul>. Can be used in a format <field>|asc for ascending order or <field>|desc for descending order. # @return [DomainSPAPIQueryResponse] def query_vulnerabilities(filter, opts = {}) data, _status_code, _headers = query_vulnerabilities_with_http_info(filter, opts) @@ -255,26 +255,26 @@ def query_vulnerabilities(filter, opts = {}) end # Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria - # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul> + # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp # @param [Hash] opts the optional parameters # @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. # @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results. - # @option opts [String] :sort Sort vulnerabilities by their properties. Common sort options include: <ul><li>updated_timestamp|asc</li><li>closed_timestamp|asc</li></ul> + # @option opts [String] :sort Sort vulnerabilities by their properties. Available sort options: <ul><li>updated_timestamp|asc/desc</li><li>closed_timestamp|asc</li><li>updated_timestamp|asc/desc</li></ul>. Can be used in a format <field>|asc for ascending order or <field>|desc for descending order. # @return [Array<(DomainSPAPIQueryResponse, Integer, Hash)>] DomainSPAPIQueryResponse data, response status code and response headers def query_vulnerabilities_with_http_info(filter, opts = {}) if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: SpotlightVulnerabilitiesApi.query_vulnerabilities ...' + @api_client.config.logger.debug 'Calling API: VulnerabilitiesApi.query_vulnerabilities ...' end # verify the required parameter 'filter' is set if @api_client.config.client_side_validation && filter.nil? - fail ArgumentError, "Missing the required parameter 'filter' when calling SpotlightVulnerabilitiesApi.query_vulnerabilities" + fail ArgumentError, "Missing the required parameter 'filter' when calling VulnerabilitiesApi.query_vulnerabilities" end if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 400 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling SpotlightVulnerabilitiesApi.query_vulnerabilities, must be smaller than or equal to 400.' + fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling VulnerabilitiesApi.query_vulnerabilities, must be smaller than or equal to 400.' end if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1 - fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling SpotlightVulnerabilitiesApi.query_vulnerabilities, must be greater than or equal to 1.' + fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling VulnerabilitiesApi.query_vulnerabilities, must be greater than or equal to 1.' end # resource path @@ -305,7 +305,7 @@ def query_vulnerabilities_with_http_info(filter, opts = {}) auth_names = opts[:debug_auth_names] || ['oauth2'] new_options = opts.merge( - :operation => :"SpotlightVulnerabilitiesApi.query_vulnerabilities", + :operation => :"VulnerabilitiesApi.query_vulnerabilities", :header_params => header_params, :query_params => query_params, :form_params => form_params, @@ -316,7 +316,7 @@ def query_vulnerabilities_with_http_info(filter, opts = {}) data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) if @api_client.config.debugging - @api_client.config.logger.debug "API called: SpotlightVulnerabilitiesApi#query_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + @api_client.config.logger.debug "API called: VulnerabilitiesApi#query_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end diff --git a/lib/crimson-falcon/api/spotlight_evaluation_logic_api.rb b/lib/crimson-falcon/api/vulnerabilities_evaluation_logic_api.rb similarity index 88% rename from lib/crimson-falcon/api/spotlight_evaluation_logic_api.rb rename to lib/crimson-falcon/api/vulnerabilities_evaluation_logic_api.rb index e70e40a2..160f9114 100644 --- a/lib/crimson-falcon/api/spotlight_evaluation_logic_api.rb +++ b/lib/crimson-falcon/api/vulnerabilities_evaluation_logic_api.rb @@ -30,7 +30,7 @@ require 'cgi' module Falcon - class SpotlightEvaluationLogicApi + class VulnerabilitiesEvaluationLogicApi attr_accessor :api_client def initialize(api_client = ApiClient.default) @@ -57,11 +57,11 @@ def combined_query_evaluation_logic(filter, opts = {}) # @return [Array<(DomainSPAPIEvaluationLogicCombinedResponseV1, Integer, Hash)>] DomainSPAPIEvaluationLogicCombinedResponseV1 data, response status code and response headers def combined_query_evaluation_logic_with_http_info(filter, opts = {}) if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: SpotlightEvaluationLogicApi.combined_query_evaluation_logic ...' + @api_client.config.logger.debug 'Calling API: VulnerabilitiesEvaluationLogicApi.combined_query_evaluation_logic ...' end # verify the required parameter 'filter' is set if @api_client.config.client_side_validation && filter.nil? - fail ArgumentError, "Missing the required parameter 'filter' when calling SpotlightEvaluationLogicApi.combined_query_evaluation_logic" + fail ArgumentError, "Missing the required parameter 'filter' when calling VulnerabilitiesEvaluationLogicApi.combined_query_evaluation_logic" end # resource path local_var_path = '/spotlight/combined/evaluation-logic/v1' @@ -91,7 +91,7 @@ def combined_query_evaluation_logic_with_http_info(filter, opts = {}) auth_names = opts[:debug_auth_names] || ['oauth2'] new_options = opts.merge( - :operation => :"SpotlightEvaluationLogicApi.combined_query_evaluation_logic", + :operation => :"VulnerabilitiesEvaluationLogicApi.combined_query_evaluation_logic", :header_params => header_params, :query_params => query_params, :form_params => form_params, @@ -102,7 +102,7 @@ def combined_query_evaluation_logic_with_http_info(filter, opts = {}) data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) if @api_client.config.debugging - @api_client.config.logger.debug "API called: SpotlightEvaluationLogicApi#combined_query_evaluation_logic\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + @api_client.config.logger.debug "API called: VulnerabilitiesEvaluationLogicApi#combined_query_evaluation_logic\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end @@ -122,11 +122,11 @@ def get_evaluation_logic(ids, opts = {}) # @return [Array<(DomainSPAPIEvaluationLogicEntitiesResponseV1, Integer, Hash)>] DomainSPAPIEvaluationLogicEntitiesResponseV1 data, response status code and response headers def get_evaluation_logic_with_http_info(ids, opts = {}) if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: SpotlightEvaluationLogicApi.get_evaluation_logic ...' + @api_client.config.logger.debug 'Calling API: VulnerabilitiesEvaluationLogicApi.get_evaluation_logic ...' end # verify the required parameter 'ids' is set if @api_client.config.client_side_validation && ids.nil? - fail ArgumentError, "Missing the required parameter 'ids' when calling SpotlightEvaluationLogicApi.get_evaluation_logic" + fail ArgumentError, "Missing the required parameter 'ids' when calling VulnerabilitiesEvaluationLogicApi.get_evaluation_logic" end # resource path local_var_path = '/spotlight/entities/evaluation-logic/v1' @@ -153,7 +153,7 @@ def get_evaluation_logic_with_http_info(ids, opts = {}) auth_names = opts[:debug_auth_names] || ['oauth2'] new_options = opts.merge( - :operation => :"SpotlightEvaluationLogicApi.get_evaluation_logic", + :operation => :"VulnerabilitiesEvaluationLogicApi.get_evaluation_logic", :header_params => header_params, :query_params => query_params, :form_params => form_params, @@ -164,7 +164,7 @@ def get_evaluation_logic_with_http_info(ids, opts = {}) data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) if @api_client.config.debugging - @api_client.config.logger.debug "API called: SpotlightEvaluationLogicApi#get_evaluation_logic\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + @api_client.config.logger.debug "API called: VulnerabilitiesEvaluationLogicApi#get_evaluation_logic\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end @@ -190,11 +190,11 @@ def query_evaluation_logic(filter, opts = {}) # @return [Array<(DomainSPAPIQueryResponse, Integer, Hash)>] DomainSPAPIQueryResponse data, response status code and response headers def query_evaluation_logic_with_http_info(filter, opts = {}) if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: SpotlightEvaluationLogicApi.query_evaluation_logic ...' + @api_client.config.logger.debug 'Calling API: VulnerabilitiesEvaluationLogicApi.query_evaluation_logic ...' end # verify the required parameter 'filter' is set if @api_client.config.client_side_validation && filter.nil? - fail ArgumentError, "Missing the required parameter 'filter' when calling SpotlightEvaluationLogicApi.query_evaluation_logic" + fail ArgumentError, "Missing the required parameter 'filter' when calling VulnerabilitiesEvaluationLogicApi.query_evaluation_logic" end # resource path local_var_path = '/spotlight/queries/evaluation-logic/v1' @@ -224,7 +224,7 @@ def query_evaluation_logic_with_http_info(filter, opts = {}) auth_names = opts[:debug_auth_names] || ['oauth2'] new_options = opts.merge( - :operation => :"SpotlightEvaluationLogicApi.query_evaluation_logic", + :operation => :"VulnerabilitiesEvaluationLogicApi.query_evaluation_logic", :header_params => header_params, :query_params => query_params, :form_params => form_params, @@ -235,7 +235,7 @@ def query_evaluation_logic_with_http_info(filter, opts = {}) data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) if @api_client.config.debugging - @api_client.config.logger.debug "API called: SpotlightEvaluationLogicApi#query_evaluation_logic\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + @api_client.config.logger.debug "API called: VulnerabilitiesEvaluationLogicApi#query_evaluation_logic\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end diff --git a/lib/crimson-falcon/models/api_sensor_details_response_swagger.rb b/lib/crimson-falcon/models/api_sensor_details_response_swagger.rb new file mode 100644 index 00000000..c78f791f --- /dev/null +++ b/lib/crimson-falcon/models/api_sensor_details_response_swagger.rb @@ -0,0 +1,271 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class ApiSensorDetailsResponseSwagger + attr_accessor :errors + + attr_accessor :meta + + attr_accessor :resources + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'errors' => :'errors', + :'meta' => :'meta', + :'resources' => :'resources' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'errors' => :'Array', + :'meta' => :'MsaspecMetaInfo', + :'resources' => :'Array' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ApiSensorDetailsResponseSwagger` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ApiSensorDetailsResponseSwagger`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'errors') + if (value = attributes[:'errors']).is_a?(Array) + self.errors = value + end + end + + if attributes.key?(:'meta') + self.meta = attributes[:'meta'] + end + + if attributes.key?(:'resources') + if (value = attributes[:'resources']).is_a?(Array) + self.resources = value + end + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @errors.nil? + invalid_properties.push('invalid value for "errors", errors cannot be nil.') + end + + if @meta.nil? + invalid_properties.push('invalid value for "meta", meta cannot be nil.') + end + + if @resources.nil? + invalid_properties.push('invalid value for "resources", resources cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @errors.nil? + return false if @meta.nil? + return false if @resources.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + errors == o.errors && + meta == o.meta && + resources == o.resources + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [errors, meta, resources].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/classification_criteria.rb b/lib/crimson-falcon/models/classification_criteria.rb new file mode 100644 index 00000000..3e271592 --- /dev/null +++ b/lib/crimson-falcon/models/classification_criteria.rb @@ -0,0 +1,247 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class ClassificationCriteria + attr_accessor :accounts + + attr_accessor :resources + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'accounts' => :'accounts', + :'resources' => :'resources' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'accounts' => :'Array', + :'resources' => :'Array' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ClassificationCriteria` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ClassificationCriteria`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'accounts') + if (value = attributes[:'accounts']).is_a?(Array) + self.accounts = value + end + end + + if attributes.key?(:'resources') + if (value = attributes[:'resources']).is_a?(Array) + self.resources = value + end + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + accounts == o.accounts && + resources == o.resources + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [accounts, resources].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/classification_label.rb b/lib/crimson-falcon/models/classification_label.rb new file mode 100644 index 00000000..04d317e7 --- /dev/null +++ b/lib/crimson-falcon/models/classification_label.rb @@ -0,0 +1,281 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class ClassificationLabel + attr_accessor :criteria + + attr_accessor :dynamic + + attr_accessor :global + + attr_accessor :group + + attr_accessor :id + + attr_accessor :name + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'criteria' => :'criteria', + :'dynamic' => :'dynamic', + :'global' => :'global', + :'group' => :'group', + :'id' => :'id', + :'name' => :'name' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'criteria' => :'Array', + :'dynamic' => :'Boolean', + :'global' => :'Boolean', + :'group' => :'String', + :'id' => :'Integer', + :'name' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ClassificationLabel` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ClassificationLabel`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'criteria') + if (value = attributes[:'criteria']).is_a?(Array) + self.criteria = value + end + end + + if attributes.key?(:'dynamic') + self.dynamic = attributes[:'dynamic'] + end + + if attributes.key?(:'global') + self.global = attributes[:'global'] + end + + if attributes.key?(:'group') + self.group = attributes[:'group'] + end + + if attributes.key?(:'id') + self.id = attributes[:'id'] + end + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + criteria == o.criteria && + dynamic == o.dynamic && + global == o.global && + group == o.group && + id == o.id && + name == o.name + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [criteria, dynamic, global, group, id, name].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/domain_assessment_paging.rb b/lib/crimson-falcon/models/common_entities_response.rb similarity index 84% rename from lib/crimson-falcon/models/domain_assessment_paging.rb rename to lib/crimson-falcon/models/common_entities_response.rb index 0be4b614..e6267d8f 100644 --- a/lib/crimson-falcon/models/domain_assessment_paging.rb +++ b/lib/crimson-falcon/models/common_entities_response.rb @@ -31,22 +31,19 @@ require 'time' module Falcon - class DomainAssessmentPaging - attr_accessor :expires_at + class CommonEntitiesResponse + attr_accessor :errors - attr_accessor :limit + attr_accessor :meta - attr_accessor :offset - - attr_accessor :total + attr_accessor :resources # Attribute mapping from ruby-style variable name to JSON key. def self.attribute_map { - :'expires_at' => :'expires_at', - :'limit' => :'limit', - :'offset' => :'offset', - :'total' => :'total' + :'errors' => :'errors', + :'meta' => :'meta', + :'resources' => :'resources' } end @@ -58,10 +55,9 @@ def self.acceptable_attributes # Attribute type mapping. def self.openapi_types { - :'expires_at' => :'Integer', - :'limit' => :'Integer', - :'offset' => :'String', - :'total' => :'Integer' + :'errors' => :'Array', + :'meta' => :'MsaspecMetaInfo', + :'resources' => :'Object' } end @@ -75,31 +71,29 @@ def self.openapi_nullable # @param [Hash] attributes Model attributes in the form of hash def initialize(attributes = {}) if (!attributes.is_a?(Hash)) - fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainAssessmentPaging` initialize method" + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::CommonEntitiesResponse` initialize method" end # check to see if the attribute exists and convert string to symbol for hash key attributes = attributes.each_with_object({}) { |(k, v), h| if (!self.class.attribute_map.key?(k.to_sym)) - fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainAssessmentPaging`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::CommonEntitiesResponse`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect end h[k.to_sym] = v } - if attributes.key?(:'expires_at') - self.expires_at = attributes[:'expires_at'] - end - - if attributes.key?(:'limit') - self.limit = attributes[:'limit'] + if attributes.key?(:'errors') + if (value = attributes[:'errors']).is_a?(Array) + self.errors = value + end end - if attributes.key?(:'offset') - self.offset = attributes[:'offset'] + if attributes.key?(:'meta') + self.meta = attributes[:'meta'] end - if attributes.key?(:'total') - self.total = attributes[:'total'] + if attributes.key?(:'resources') + self.resources = attributes[:'resources'] end end @@ -107,12 +101,16 @@ def initialize(attributes = {}) # @return Array for valid properties with the reasons def list_invalid_properties invalid_properties = Array.new - if @offset.nil? - invalid_properties.push('invalid value for "offset", offset cannot be nil.') + if @errors.nil? + invalid_properties.push('invalid value for "errors", errors cannot be nil.') + end + + if @meta.nil? + invalid_properties.push('invalid value for "meta", meta cannot be nil.') end - if @total.nil? - invalid_properties.push('invalid value for "total", total cannot be nil.') + if @resources.nil? + invalid_properties.push('invalid value for "resources", resources cannot be nil.') end invalid_properties @@ -121,8 +119,9 @@ def list_invalid_properties # Check to see if the all the properties in the model are valid # @return true if the model is valid def valid? - return false if @offset.nil? - return false if @total.nil? + return false if @errors.nil? + return false if @meta.nil? + return false if @resources.nil? true end @@ -131,10 +130,9 @@ def valid? def ==(o) return true if self.equal?(o) self.class == o.class && - expires_at == o.expires_at && - limit == o.limit && - offset == o.offset && - total == o.total + errors == o.errors && + meta == o.meta && + resources == o.resources end # @see the `==` method @@ -146,7 +144,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [expires_at, limit, offset, total].hash + [errors, meta, resources].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/detects_alert.rb b/lib/crimson-falcon/models/detects_alert.rb index aae763db..e56f4717 100644 --- a/lib/crimson-falcon/models/detects_alert.rb +++ b/lib/crimson-falcon/models/detects_alert.rb @@ -50,8 +50,6 @@ class DetectsAlert attr_accessor :crawl_edge_ids - attr_accessor :crawl_traversal - attr_accessor :crawl_vertex_ids attr_accessor :crawled_timestamp @@ -114,7 +112,6 @@ def self.attribute_map :'composite_id' => :'composite_id', :'confidence' => :'confidence', :'crawl_edge_ids' => :'crawl_edge_ids', - :'crawl_traversal' => :'crawl_traversal', :'crawl_vertex_ids' => :'crawl_vertex_ids', :'crawled_timestamp' => :'crawled_timestamp', :'created_timestamp' => :'created_timestamp', @@ -160,7 +157,6 @@ def self.openapi_types :'composite_id' => :'String', :'confidence' => :'Integer', :'crawl_edge_ids' => :'Hash>', - :'crawl_traversal' => :'Array', :'crawl_vertex_ids' => :'Hash>', :'crawled_timestamp' => :'Time', :'created_timestamp' => :'Time', @@ -248,12 +244,6 @@ def initialize(attributes = {}) end end - if attributes.key?(:'crawl_traversal') - if (value = attributes[:'crawl_traversal']).is_a?(Array) - self.crawl_traversal = value - end - end - if attributes.key?(:'crawl_vertex_ids') if (value = attributes[:'crawl_vertex_ids']).is_a?(Hash) self.crawl_vertex_ids = value @@ -396,7 +386,6 @@ def ==(o) composite_id == o.composite_id && confidence == o.confidence && crawl_edge_ids == o.crawl_edge_ids && - crawl_traversal == o.crawl_traversal && crawl_vertex_ids == o.crawl_vertex_ids && crawled_timestamp == o.crawled_timestamp && created_timestamp == o.created_timestamp && @@ -433,7 +422,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [agent_id, aggregate_id, assigned_to_name, assigned_to_uid, assigned_to_uuid, cid, composite_id, confidence, crawl_edge_ids, crawl_traversal, crawl_vertex_ids, crawled_timestamp, created_timestamp, description, display_name, email_sent, external, id, name, objective, pattern_id, platform, product, scenario, severity, show_in_ui, status, tactic, tactic_id, tags, technique, technique_id, timestamp, type, updated_timestamp].hash + [agent_id, aggregate_id, assigned_to_name, assigned_to_uid, assigned_to_uuid, cid, composite_id, confidence, crawl_edge_ids, crawl_vertex_ids, crawled_timestamp, created_timestamp, description, display_name, email_sent, external, id, name, objective, pattern_id, platform, product, scenario, severity, show_in_ui, status, tactic, tactic_id, tags, technique, technique_id, timestamp, type, updated_timestamp].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/device_control_exception_req_v1.rb b/lib/crimson-falcon/models/device_control_exception_req_v1.rb index c5bbf610..a7640803 100644 --- a/lib/crimson-falcon/models/device_control_exception_req_v1.rb +++ b/lib/crimson-falcon/models/device_control_exception_req_v1.rb @@ -51,6 +51,9 @@ class DeviceControlExceptionReqV1 attr_accessor :serial_number + # true indicates using blob syntax USB serial numbers + attr_accessor :use_wildcard + # Hexadecimal VendorID used to apply the exception attr_accessor :vendor_id @@ -72,6 +75,7 @@ def self.attribute_map :'product_id_decimal' => :'product_id_decimal', :'product_name' => :'product_name', :'serial_number' => :'serial_number', + :'use_wildcard' => :'use_wildcard', :'vendor_id' => :'vendor_id', :'vendor_id_decimal' => :'vendor_id_decimal', :'vendor_name' => :'vendor_name' @@ -95,6 +99,7 @@ def self.openapi_types :'product_id_decimal' => :'String', :'product_name' => :'String', :'serial_number' => :'String', + :'use_wildcard' => :'Boolean', :'vendor_id' => :'String', :'vendor_id_decimal' => :'String', :'vendor_name' => :'String' @@ -158,6 +163,10 @@ def initialize(attributes = {}) self.serial_number = attributes[:'serial_number'] end + if attributes.key?(:'use_wildcard') + self.use_wildcard = attributes[:'use_wildcard'] + end + if attributes.key?(:'vendor_id') self.vendor_id = attributes[:'vendor_id'] end @@ -198,6 +207,7 @@ def ==(o) product_id_decimal == o.product_id_decimal && product_name == o.product_name && serial_number == o.serial_number && + use_wildcard == o.use_wildcard && vendor_id == o.vendor_id && vendor_id_decimal == o.vendor_id_decimal && vendor_name == o.vendor_name @@ -212,7 +222,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [action, combined_id, description, expiration_time, id, product_id, product_id_decimal, product_name, serial_number, vendor_id, vendor_id_decimal, vendor_name].hash + [action, combined_id, description, expiration_time, id, product_id, product_id_decimal, product_name, serial_number, use_wildcard, vendor_id, vendor_id_decimal, vendor_name].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_actor_document.rb b/lib/crimson-falcon/models/domain_actor_document.rb index 6bfb5303..29a527c6 100644 --- a/lib/crimson-falcon/models/domain_actor_document.rb +++ b/lib/crimson-falcon/models/domain_actor_document.rb @@ -31,69 +31,95 @@ require 'time' module Falcon + # JSON definition of an Actor, also known as Adversary class DomainActorDocument + # Boolean field marking if actor is active attr_accessor :active + # Actor type, one of: targeted, ecrime attr_accessor :actor_type + # actor's capabilities, some examples: RAT,Ransomware,Spearphishing,Downloader,Backdoor,InformationStealer,exploit,CredentialHarvesting,dropper,DenialOfService,Loader,Phishing attr_accessor :capabilities attr_accessor :capability + # Actor's document creation date when it was added to the Falcon portal in unix timestamp format attr_accessor :created_date + # Actor's text description, partially containing structured data from other fields attr_accessor :description attr_accessor :ecrime_kill_chain + # Field used to filter user's access to actor documents attr_accessor :entitlements + # Actor's first activity observed date in unix timestamp format attr_accessor :first_activity_date attr_accessor :group + # Numerical ID for the Actor attr_accessor :id attr_accessor :image attr_accessor :kill_chain + # Alternative names and community identifiers of an actor attr_accessor :known_as + # Actor's last (most recent) activity observed date in unix timestamp format attr_accessor :last_activity_date + # Actor's document last modified date in unix timestamp format attr_accessor :last_modified_date + # Actor's activity motivation, one of: State-Sponsored, Criminal, Hacktivism attr_accessor :motivations + # Actor's name, composed of 2 words attr_accessor :name + # internal field attr_accessor :notify_users + # Actor's activity objectives, one of: IntelligenceGathering, FinancialGain, IntellectualPropertyTheft, defacement, Destruction, DenialOfService attr_accessor :objectives + # represents origin of actor's activity and/or members, some examples: China,Russian Federation,Eastern Europe,Iran,East Asia, South Asia attr_accessor :origins + # Recent CrowdStrike's finished intelligence alerting date in unix timestamp format attr_accessor :recent_alerting attr_accessor :region + # Rich text version of the description field attr_accessor :rich_text_description + # Short version of the description field attr_accessor :short_description + # Name in url friendly format, lowercased and spaces replaced with dash attr_accessor :slug + # Status of an actor, one of: Active, Inactive, Retired attr_accessor :status + # Target countries of actor's activity and attacks, slug value is a 2 characters code for the country value, some examples: United States,United Kingdom,Germany,India,Japan,France,Australia,Canada,China attr_accessor :target_countries + # Target economical industries of actor's activity and attacks. List of available values: Government, Financial Services, Technology, Telecommunications, Healthcare, Energy, Academic, Media, Aerospace, NGO, Manufacturing, Industrials and Engineering, Retail, Hospitality, Consulting and Professional Services, Opportunistic, Aviation, Defense, Transportation, Oil and Gas, Legal, Pharmaceutical, Logistics, Military, Automotive, Food and Beverage, Consumer Goods, Real Estate, Insurance, Agriculture, Chemicals, Utilities, Maritime, Extractive, Travel, Dissident, Cryptocurrency, Entertainment, National Government, Law Enforcement, Think Tanks, Local Government, Sports Organizations, Computer Gaming, Biomedical, Nonprofit, Financial Management & Hedge Funds, Political Parties, Architectural and Engineering, Emergency Services, Social Media, International Government, Nuclear, Research Entities, Vocational and Higher-Level Education, eCommerce attr_accessor :target_industries + # Target geographic regions of actor's activity and attacks. List of available values: North America, Western Europe, Southeast Asia, Middle East, Eastern Europe, South Asia, South America, Oceania, East Asia, Central Africa, Northern Europe, Southern Europe, North Africa, Southern Africa, Central America, Central Asia, East Africa, West Africa, Caribbean attr_accessor :target_regions attr_accessor :thumbnail + # URL at which actor profile can be accessed attr_accessor :url # Attribute mapping from ruby-style variable name to JSON key. @@ -383,10 +409,6 @@ def list_invalid_properties invalid_properties.push('invalid value for "motivations", motivations cannot be nil.') end - if @name.nil? - invalid_properties.push('invalid value for "name", name cannot be nil.') - end - if @notify_users.nil? invalid_properties.push('invalid value for "notify_users", notify_users cannot be nil.') end @@ -403,10 +425,6 @@ def list_invalid_properties invalid_properties.push('invalid value for "short_description", short_description cannot be nil.') end - if @slug.nil? - invalid_properties.push('invalid value for "slug", slug cannot be nil.') - end - if @status.nil? invalid_properties.push('invalid value for "status", status cannot be nil.') end @@ -438,12 +456,10 @@ def valid? return false if @last_activity_date.nil? return false if @last_modified_date.nil? return false if @motivations.nil? - return false if @name.nil? return false if @notify_users.nil? return false if @objectives.nil? return false if @origins.nil? return false if @short_description.nil? - return false if @slug.nil? return false if @status.nil? return false if @target_countries.nil? return false if @target_industries.nil? diff --git a/lib/crimson-falcon/models/domain_actors_response.rb b/lib/crimson-falcon/models/domain_actors_response.rb index cec41053..b3500547 100644 --- a/lib/crimson-falcon/models/domain_actors_response.rb +++ b/lib/crimson-falcon/models/domain_actors_response.rb @@ -32,6 +32,7 @@ module Falcon class DomainActorsResponse + # Array of API Errors attr_accessor :errors attr_accessor :meta diff --git a/lib/crimson-falcon/models/domain_api_entity_matched_v1.rb b/lib/crimson-falcon/models/domain_api_entity_matched_v1.rb new file mode 100644 index 00000000..c8be2b24 --- /dev/null +++ b/lib/crimson-falcon/models/domain_api_entity_matched_v1.rb @@ -0,0 +1,252 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class DomainAPIEntityMatchedV1 + attr_accessor :asset_id + + attr_accessor :data_provider + + attr_accessor :provider_asset_id + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'asset_id' => :'asset_id', + :'data_provider' => :'data_provider', + :'provider_asset_id' => :'provider_asset_id' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'asset_id' => :'String', + :'data_provider' => :'String', + :'provider_asset_id' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainAPIEntityMatchedV1` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainAPIEntityMatchedV1`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'asset_id') + self.asset_id = attributes[:'asset_id'] + end + + if attributes.key?(:'data_provider') + self.data_provider = attributes[:'data_provider'] + end + + if attributes.key?(:'provider_asset_id') + self.provider_asset_id = attributes[:'provider_asset_id'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + asset_id == o.asset_id && + data_provider == o.data_provider && + provider_asset_id == o.provider_asset_id + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [asset_id, data_provider, provider_asset_id].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/domain_api_evaluation_logic_entities_response_v1.rb b/lib/crimson-falcon/models/domain_api_evaluation_logic_entities_response_v1.rb new file mode 100644 index 00000000..84efc547 --- /dev/null +++ b/lib/crimson-falcon/models/domain_api_evaluation_logic_entities_response_v1.rb @@ -0,0 +1,266 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class DomainAPIEvaluationLogicEntitiesResponseV1 + attr_accessor :errors + + attr_accessor :meta + + attr_accessor :resources + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'errors' => :'errors', + :'meta' => :'meta', + :'resources' => :'resources' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'errors' => :'Array', + :'meta' => :'MsaspecMetaInfo', + :'resources' => :'Array' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainAPIEvaluationLogicEntitiesResponseV1` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainAPIEvaluationLogicEntitiesResponseV1`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'errors') + if (value = attributes[:'errors']).is_a?(Array) + self.errors = value + end + end + + if attributes.key?(:'meta') + self.meta = attributes[:'meta'] + end + + if attributes.key?(:'resources') + if (value = attributes[:'resources']).is_a?(Array) + self.resources = value + end + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @meta.nil? + invalid_properties.push('invalid value for "meta", meta cannot be nil.') + end + + if @resources.nil? + invalid_properties.push('invalid value for "resources", resources cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @meta.nil? + return false if @resources.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + errors == o.errors && + meta == o.meta && + resources == o.resources + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [errors, meta, resources].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/domain_api_evaluation_logic_host_info_v1.rb b/lib/crimson-falcon/models/domain_api_evaluation_logic_host_info_v1.rb new file mode 100644 index 00000000..bf613331 --- /dev/null +++ b/lib/crimson-falcon/models/domain_api_evaluation_logic_host_info_v1.rb @@ -0,0 +1,242 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class DomainAPIEvaluationLogicHostInfoV1 + # Refers to all the entities that were matched together during entity resolution process + attr_accessor :entities_matched + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'entities_matched' => :'entities_matched' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'entities_matched' => :'Array' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainAPIEvaluationLogicHostInfoV1` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainAPIEvaluationLogicHostInfoV1`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'entities_matched') + if (value = attributes[:'entities_matched']).is_a?(Array) + self.entities_matched = value + end + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @entities_matched.nil? + invalid_properties.push('invalid value for "entities_matched", entities_matched cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @entities_matched.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + entities_matched == o.entities_matched + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [entities_matched].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/domain_api_evaluation_logic_v1.rb b/lib/crimson-falcon/models/domain_api_evaluation_logic_v1.rb index 35703101..d61f1604 100644 --- a/lib/crimson-falcon/models/domain_api_evaluation_logic_v1.rb +++ b/lib/crimson-falcon/models/domain_api_evaluation_logic_v1.rb @@ -32,18 +32,30 @@ module Falcon class DomainAPIEvaluationLogicV1 + # Refers to an asset identifier attr_accessor :aid + # Refers to a customer identifier attr_accessor :cid + # Refers to a point in time when evaluation logic data was created in the system attr_accessor :created_timestamp + # Refers to a label given to the entity that provided this data attr_accessor :data_provider + attr_accessor :host_info + + # Contains a unique identifier for the evaluation logic attr_accessor :id + # Refers to the actual evaluation logic data attr_accessor :logic + # Refers to the identifier of the scanner that generated the evaluation logic + attr_accessor :scanner_id + + # Refers to a point in time when evaluation logic data was updated in the system attr_accessor :updated_timestamp # Attribute mapping from ruby-style variable name to JSON key. @@ -53,8 +65,10 @@ def self.attribute_map :'cid' => :'cid', :'created_timestamp' => :'created_timestamp', :'data_provider' => :'data_provider', + :'host_info' => :'host_info', :'id' => :'id', :'logic' => :'logic', + :'scanner_id' => :'scanner_id', :'updated_timestamp' => :'updated_timestamp' } end @@ -71,8 +85,10 @@ def self.openapi_types :'cid' => :'String', :'created_timestamp' => :'String', :'data_provider' => :'String', + :'host_info' => :'DomainAPIEvaluationLogicHostInfoV1', :'id' => :'String', :'logic' => :'Array', + :'scanner_id' => :'String', :'updated_timestamp' => :'String' } end @@ -114,6 +130,10 @@ def initialize(attributes = {}) self.data_provider = attributes[:'data_provider'] end + if attributes.key?(:'host_info') + self.host_info = attributes[:'host_info'] + end + if attributes.key?(:'id') self.id = attributes[:'id'] end @@ -124,6 +144,10 @@ def initialize(attributes = {}) end end + if attributes.key?(:'scanner_id') + self.scanner_id = attributes[:'scanner_id'] + end + if attributes.key?(:'updated_timestamp') self.updated_timestamp = attributes[:'updated_timestamp'] end @@ -156,8 +180,10 @@ def ==(o) cid == o.cid && created_timestamp == o.created_timestamp && data_provider == o.data_provider && + host_info == o.host_info && id == o.id && logic == o.logic && + scanner_id == o.scanner_id && updated_timestamp == o.updated_timestamp end @@ -170,7 +196,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [aid, cid, created_timestamp, data_provider, id, logic, updated_timestamp].hash + [aid, cid, created_timestamp, data_provider, host_info, id, logic, scanner_id, updated_timestamp].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_api_finding_facet_v1.rb b/lib/crimson-falcon/models/domain_api_finding_facet_v1.rb index 421786ea..cba04736 100644 --- a/lib/crimson-falcon/models/domain_api_finding_facet_v1.rb +++ b/lib/crimson-falcon/models/domain_api_finding_facet_v1.rb @@ -44,6 +44,8 @@ class DomainAPIFindingFacetV1 attr_accessor :id + attr_accessor :logic + attr_accessor :updated_timestamp # Attribute mapping from ruby-style variable name to JSON key. @@ -55,6 +57,7 @@ def self.attribute_map :'finding' => :'finding', :'host' => :'host', :'id' => :'id', + :'logic' => :'logic', :'updated_timestamp' => :'updated_timestamp' } end @@ -73,6 +76,7 @@ def self.openapi_types :'finding' => :'DomainAPIFindingWithRuleV1', :'host' => :'DomainAPIHostInfoFacetV1', :'id' => :'String', + :'logic' => :'Array', :'updated_timestamp' => :'String' } end @@ -122,6 +126,12 @@ def initialize(attributes = {}) self.id = attributes[:'id'] end + if attributes.key?(:'logic') + if (value = attributes[:'logic']).is_a?(Array) + self.logic = value + end + end + if attributes.key?(:'updated_timestamp') self.updated_timestamp = attributes[:'updated_timestamp'] end @@ -181,6 +191,7 @@ def ==(o) finding == o.finding && host == o.host && id == o.id && + logic == o.logic && updated_timestamp == o.updated_timestamp end @@ -193,7 +204,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [aid, cid, created_timestamp, finding, host, id, updated_timestamp].hash + [aid, cid, created_timestamp, finding, host, id, logic, updated_timestamp].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_api_finding_with_rule_v1.rb b/lib/crimson-falcon/models/domain_api_finding_with_rule_v1.rb index 997de6b3..f16e2e80 100644 --- a/lib/crimson-falcon/models/domain_api_finding_with_rule_v1.rb +++ b/lib/crimson-falcon/models/domain_api_finding_with_rule_v1.rb @@ -32,6 +32,9 @@ module Falcon class DomainAPIFindingWithRuleV1 + # Example values: NOT_AVAILABLE, AVAILABLE, DISABLE_RULE, UNSUPPORTED_RULE, OVERRIDE_STATUS + attr_accessor :evaluation_logic_type + attr_accessor :evaluation_reason attr_accessor :host_id @@ -45,6 +48,7 @@ class DomainAPIFindingWithRuleV1 # Attribute mapping from ruby-style variable name to JSON key. def self.attribute_map { + :'evaluation_logic_type' => :'evaluation_logic_type', :'evaluation_reason' => :'evaluation_reason', :'host_id' => :'host_id', :'rule' => :'rule', @@ -61,6 +65,7 @@ def self.acceptable_attributes # Attribute type mapping. def self.openapi_types { + :'evaluation_logic_type' => :'String', :'evaluation_reason' => :'String', :'host_id' => :'String', :'rule' => :'DomainAPIFindingRuleV1', @@ -90,6 +95,10 @@ def initialize(attributes = {}) h[k.to_sym] = v } + if attributes.key?(:'evaluation_logic_type') + self.evaluation_logic_type = attributes[:'evaluation_logic_type'] + end + if attributes.key?(:'evaluation_reason') self.evaluation_reason = attributes[:'evaluation_reason'] end @@ -129,6 +138,7 @@ def valid? def ==(o) return true if self.equal?(o) self.class == o.class && + evaluation_logic_type == o.evaluation_logic_type && evaluation_reason == o.evaluation_reason && host_id == o.host_id && rule == o.rule && @@ -145,7 +155,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [evaluation_reason, host_id, rule, status, status_since_timestamp].hash + [evaluation_logic_type, evaluation_reason, host_id, rule, status, status_since_timestamp].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_api_remediation_ids.rb b/lib/crimson-falcon/models/domain_api_remediation_ids.rb index 61829c18..b2c9fe29 100644 --- a/lib/crimson-falcon/models/domain_api_remediation_ids.rb +++ b/lib/crimson-falcon/models/domain_api_remediation_ids.rb @@ -32,6 +32,7 @@ module Falcon class DomainAPIRemediationIDs + # Refers to a remediation unique identifier that points to remediation details addressing this vulnerability attr_accessor :ids # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_api_remediation_v2.rb b/lib/crimson-falcon/models/domain_api_remediation_v2.rb index a8815ab5..e19a8cf8 100644 --- a/lib/crimson-falcon/models/domain_api_remediation_v2.rb +++ b/lib/crimson-falcon/models/domain_api_remediation_v2.rb @@ -32,16 +32,22 @@ module Falcon class DomainAPIRemediationV2 + # Expanded description of the remediation attr_accessor :action + # Refers to an unique identifier for a given remediation attr_accessor :id + # Link to the remediation page for the vendor attr_accessor :link + # Relevant reference for the remediation that can be used to get additional details for the remediation. For example, a KB number that needs to be installed for a KB_SECURITY_UPDATE attr_accessor :reference + # Short description of the remediation attr_accessor :title + # Link to the vendor advisory - Note: This field is populated if there are extra steps that are required to complete the remediation attr_accessor :vendor_url # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_cve_details_facet_v2.rb b/lib/crimson-falcon/models/domain_api_vulnerability_cve_details_facet_v2.rb index d20b1752..c682bb83 100644 --- a/lib/crimson-falcon/models/domain_api_vulnerability_cve_details_facet_v2.rb +++ b/lib/crimson-falcon/models/domain_api_vulnerability_cve_details_facet_v2.rb @@ -32,38 +32,53 @@ module Falcon class DomainAPIVulnerabilityCVEDetailsFacetV2 + # Contains a list of actors that are known for exploiting this vulnerability ot in the wild attr_accessor :actors + # The base score for a Common Vulnerability Enumeration (CVE) is a numerical value that represents the intrinsic severity and impact of a security vulnerability. attr_accessor :base_score attr_accessor :cisa_info + # Refers to description of the vulnerability attr_accessor :description + # Exploit status refers to the current state or availability of known exploits for a specific vulnerability, indicating whether there are known techniques or tools to leverage the vulnerability in an attack. attr_accessor :exploit_status + # Represents a numerical value that indicates the relative ease or difficulty for an attacker to exploit a vulnerability attr_accessor :exploitability_score + # Expert.AI score on the vulnerability attr_accessor :exprt_rating attr_accessor :id + # Refers to a numerical value that represents the potential impact or severity of a vulnerability when it is successfully exploited attr_accessor :impact_score + # Vulnerability name attr_accessor :name + # Refers to a point in time when the vulnerability has been disclosed attr_accessor :published_date + # Refers to one or more references with more details about the vulnerability attr_accessor :references + # Remediation level indicates the required effort to mitigate a security vulnerability, ranging from official fixes to unavailable remedies attr_accessor :remediation_level + # Severity refers to the level of impact or potential harm caused by a security vulnerability. It is often assessed using metrics such as the CVSS base score, which takes into account factors such as exploitability, impact on confidentiality, integrity, and availability, and other relevant parameters to determine the severity level of a vulnerability. attr_accessor :severity + # Corresponds to a point in time when Spotlight offered support for detecting a specific vulnerability attr_accessor :spotlight_published_date + # Refers to the vector of attack or the specific method or path through which an attacker can exploit a vulnerability attr_accessor :vector + # Refers to one or more URLs that points to vendor advisories attr_accessor :vendor_advisory # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_cvecisa_info.rb b/lib/crimson-falcon/models/domain_api_vulnerability_cvecisa_info.rb index 8c17cab9..5e260d87 100644 --- a/lib/crimson-falcon/models/domain_api_vulnerability_cvecisa_info.rb +++ b/lib/crimson-falcon/models/domain_api_vulnerability_cvecisa_info.rb @@ -32,8 +32,10 @@ module Falcon class DomainAPIVulnerabilityCVECISAInfo + # Refers to the deadline or target date set by the Cybersecurity and Infrastructure Security Agency (CISA) for addressing or mitigating a Critical Infrastructure Security Advisory Key (CISAK) vulnerability attr_accessor :due_date + # Refers to the designation of a vulnerability as a Critical Infrastructure Security Advisory Key (CISAK) by the Cybersecurity and Infrastructure Security Agency (CISA), indicating its significance and potential impact on critical infrastructure systems and operations attr_accessor :is_cisa_kev # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_data_provider_v1.rb b/lib/crimson-falcon/models/domain_api_vulnerability_data_provider_v1.rb new file mode 100644 index 00000000..32e0c94f --- /dev/null +++ b/lib/crimson-falcon/models/domain_api_vulnerability_data_provider_v1.rb @@ -0,0 +1,277 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class DomainAPIVulnerabilityDataProviderV1 + # Ports that the vulnerability affects + attr_accessor :ports + + # Label for the provider + attr_accessor :provider + + # Rating provided by the vulnerability provider + attr_accessor :rating + + # Time when the detection occurred + attr_accessor :scan_time + + # Scanner ID of the vulnerability provider + attr_accessor :scanner_id + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'ports' => :'ports', + :'provider' => :'provider', + :'rating' => :'rating', + :'scan_time' => :'scan_time', + :'scanner_id' => :'scanner_id' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'ports' => :'Array', + :'provider' => :'String', + :'rating' => :'String', + :'scan_time' => :'String', + :'scanner_id' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainAPIVulnerabilityDataProviderV1` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainAPIVulnerabilityDataProviderV1`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'ports') + if (value = attributes[:'ports']).is_a?(Array) + self.ports = value + end + end + + if attributes.key?(:'provider') + self.provider = attributes[:'provider'] + end + + if attributes.key?(:'rating') + self.rating = attributes[:'rating'] + end + + if attributes.key?(:'scan_time') + self.scan_time = attributes[:'scan_time'] + end + + if attributes.key?(:'scanner_id') + self.scanner_id = attributes[:'scanner_id'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + ports == o.ports && + provider == o.provider && + rating == o.rating && + scan_time == o.scan_time && + scanner_id == o.scanner_id + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [ports, provider, rating, scan_time, scanner_id].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_extended_app_v2.rb b/lib/crimson-falcon/models/domain_api_vulnerability_extended_app_v2.rb index 08068f4e..63afb042 100644 --- a/lib/crimson-falcon/models/domain_api_vulnerability_extended_app_v2.rb +++ b/lib/crimson-falcon/models/domain_api_vulnerability_extended_app_v2.rb @@ -38,6 +38,7 @@ class DomainAPIVulnerabilityExtendedAppV2 attr_accessor :remediation + # Contains vulnerability status for a particular product - can differentiate in cases where a vulnerability is detected for multiple products attr_accessor :sub_status # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_host_facet_v2.rb b/lib/crimson-falcon/models/domain_api_vulnerability_host_facet_v2.rb index 7e0cf017..68d6bff6 100644 --- a/lib/crimson-falcon/models/domain_api_vulnerability_host_facet_v2.rb +++ b/lib/crimson-falcon/models/domain_api_vulnerability_host_facet_v2.rb @@ -32,49 +32,78 @@ module Falcon class DomainAPIVulnerabilityHostFacetV2 + # Refers to how critical an asset has been evaluated to be attr_accessor :asset_criticality + # Refers to one or more roles that have been assigned to the assets attr_accessor :asset_roles + # A unique identifier assigned by entity graph + attr_accessor :entity_graph_id + + # Refers to a logic grouping of assets attr_accessor :groups + # A timestamp corresponding to the last day when we detected activity coming from an asset attr_accessor :host_last_seen_timestamp + # Refers to the hostname used by the asset on which the vulnerability was detected attr_accessor :hostname + # Refers to a unique identifier assigned to an asset attr_accessor :instance_id + # Refers to the level of exposure an asset has to the internet attr_accessor :internet_exposure + # Refers to the local IP used by the asset on which the vulnerability was detected attr_accessor :local_ip + # The machine domain of an asset is the network identity within a network infrastructure attr_accessor :machine_domain + # Name of the entity that is managing the asset + attr_accessor :managed_by + + # Refers to the specific build or version number of an operating system, indicating a particular release or revision of the operating system attr_accessor :os_build + # Refers to the operating system version used by the asset on which the vulnerability was detected attr_accessor :os_version + # Refers to the specific organizational grouping or container within an Active Directory (AD) or directory service where the host is located or categorized. attr_accessor :ou + # Refers to the name or designation of the specific software platform or operating system on which the asset is running attr_accessor :platform + # Refers to the descriptive label or category that identifies the type or edition of the operating system product installed on the asset attr_accessor :product_type_desc + # Refers to a company, organization, or entity that offers or provided this specific asset attr_accessor :service_provider + # Refers to the unique identifier associated with a service provider account, typically used in cloud computing or managed service environments attr_accessor :service_provider_account_id + # Refers to the name or label assigned to the physical or logical location within a network infrastructure where the host is situated attr_accessor :site_name + # Refers to the company or organization that designed and produced the hardware system or device attr_accessor :system_manufacturer + # Refers to a logical grouping of assets via tags attr_accessor :tags + # zero or more unique identifiers assigned by third party entities which provided data for the asset + attr_accessor :third_party_asset_ids + # Attribute mapping from ruby-style variable name to JSON key. def self.attribute_map { :'asset_criticality' => :'asset_criticality', :'asset_roles' => :'asset_roles', + :'entity_graph_id' => :'entity_graph_id', :'groups' => :'groups', :'host_last_seen_timestamp' => :'host_last_seen_timestamp', :'hostname' => :'hostname', @@ -82,6 +111,7 @@ def self.attribute_map :'internet_exposure' => :'internet_exposure', :'local_ip' => :'local_ip', :'machine_domain' => :'machine_domain', + :'managed_by' => :'managed_by', :'os_build' => :'os_build', :'os_version' => :'os_version', :'ou' => :'ou', @@ -91,7 +121,8 @@ def self.attribute_map :'service_provider_account_id' => :'service_provider_account_id', :'site_name' => :'site_name', :'system_manufacturer' => :'system_manufacturer', - :'tags' => :'tags' + :'tags' => :'tags', + :'third_party_asset_ids' => :'third_party_asset_ids' } end @@ -105,6 +136,7 @@ def self.openapi_types { :'asset_criticality' => :'String', :'asset_roles' => :'Array', + :'entity_graph_id' => :'String', :'groups' => :'Array', :'host_last_seen_timestamp' => :'String', :'hostname' => :'String', @@ -112,6 +144,7 @@ def self.openapi_types :'internet_exposure' => :'String', :'local_ip' => :'String', :'machine_domain' => :'String', + :'managed_by' => :'String', :'os_build' => :'String', :'os_version' => :'String', :'ou' => :'String', @@ -121,7 +154,8 @@ def self.openapi_types :'service_provider_account_id' => :'String', :'site_name' => :'String', :'system_manufacturer' => :'String', - :'tags' => :'Array' + :'tags' => :'Array', + :'third_party_asset_ids' => :'Array' } end @@ -156,6 +190,10 @@ def initialize(attributes = {}) end end + if attributes.key?(:'entity_graph_id') + self.entity_graph_id = attributes[:'entity_graph_id'] + end + if attributes.key?(:'groups') if (value = attributes[:'groups']).is_a?(Array) self.groups = value @@ -186,6 +224,10 @@ def initialize(attributes = {}) self.machine_domain = attributes[:'machine_domain'] end + if attributes.key?(:'managed_by') + self.managed_by = attributes[:'managed_by'] + end + if attributes.key?(:'os_build') self.os_build = attributes[:'os_build'] end @@ -227,6 +269,12 @@ def initialize(attributes = {}) self.tags = value end end + + if attributes.key?(:'third_party_asset_ids') + if (value = attributes[:'third_party_asset_ids']).is_a?(Array) + self.third_party_asset_ids = value + end + end end # Show invalid properties with the reasons. Usually used together with valid? @@ -284,6 +332,7 @@ def ==(o) self.class == o.class && asset_criticality == o.asset_criticality && asset_roles == o.asset_roles && + entity_graph_id == o.entity_graph_id && groups == o.groups && host_last_seen_timestamp == o.host_last_seen_timestamp && hostname == o.hostname && @@ -291,6 +340,7 @@ def ==(o) internet_exposure == o.internet_exposure && local_ip == o.local_ip && machine_domain == o.machine_domain && + managed_by == o.managed_by && os_build == o.os_build && os_version == o.os_version && ou == o.ou && @@ -300,7 +350,8 @@ def ==(o) service_provider_account_id == o.service_provider_account_id && site_name == o.site_name && system_manufacturer == o.system_manufacturer && - tags == o.tags + tags == o.tags && + third_party_asset_ids == o.third_party_asset_ids end # @see the `==` method @@ -312,7 +363,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [asset_criticality, asset_roles, groups, host_last_seen_timestamp, hostname, instance_id, internet_exposure, local_ip, machine_domain, os_build, os_version, ou, platform, product_type_desc, service_provider, service_provider_account_id, site_name, system_manufacturer, tags].hash + [asset_criticality, asset_roles, entity_graph_id, groups, host_last_seen_timestamp, hostname, instance_id, internet_exposure, local_ip, machine_domain, managed_by, os_build, os_version, ou, platform, product_type_desc, service_provider, service_provider_account_id, site_name, system_manufacturer, tags, third_party_asset_ids].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_remediation_facet_v2.rb b/lib/crimson-falcon/models/domain_api_vulnerability_remediation_facet_v2.rb index cc8c4ffb..3ef8d72d 100644 --- a/lib/crimson-falcon/models/domain_api_vulnerability_remediation_facet_v2.rb +++ b/lib/crimson-falcon/models/domain_api_vulnerability_remediation_facet_v2.rb @@ -32,8 +32,10 @@ module Falcon class DomainAPIVulnerabilityRemediationFacetV2 + # Contains the actual remediation data attr_accessor :entities + # Refers to a remediation unique identifier that points to remediation details addressing this vulnerability attr_accessor :ids # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_suppression_info_v2.rb b/lib/crimson-falcon/models/domain_api_vulnerability_suppression_info_v2.rb index 47b713ab..291e9c11 100644 --- a/lib/crimson-falcon/models/domain_api_vulnerability_suppression_info_v2.rb +++ b/lib/crimson-falcon/models/domain_api_vulnerability_suppression_info_v2.rb @@ -32,8 +32,10 @@ module Falcon class DomainAPIVulnerabilitySuppressionInfoV2 + # Indicates if a vulnerability has been suppressed or not attr_accessor :is_suppressed + # Indicates what is the rule ID for which a vulnerability has been suppressed attr_accessor :reason # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_v2.rb b/lib/crimson-falcon/models/domain_api_vulnerability_v2.rb index 692b7a19..4b34a1f5 100644 --- a/lib/crimson-falcon/models/domain_api_vulnerability_v2.rb +++ b/lib/crimson-falcon/models/domain_api_vulnerability_v2.rb @@ -32,32 +32,52 @@ module Falcon class DomainAPIVulnerabilityV2 + # Asset ID for which the vulnerability has been detected. For managed assets it can correspond to the sensor ID, for unmanaged assets can be a stand alone ID attr_accessor :aid attr_accessor :app + # Provide details related to the products for which a the vulnerability has been detected attr_accessor :apps + # Contains the customer identifier associated with the asset for which the vulnerability has been detected attr_accessor :cid + # A timestamp corresponding to the point in time when the vulnerability has no longer been detected (eg: it got fixed) attr_accessor :closed_timestamp + # A timestamp corresponding to the point in time when the vulnerability has been created (detected) in our system attr_accessor :created_timestamp attr_accessor :cve + # Contains information about the vulnerability data providers of this entity + attr_accessor :data_providers + attr_accessor :host_info + # Vulnerability unique ID attr_accessor :id + # Contains ports that the vulnerability affects + attr_accessor :ports + attr_accessor :remediation + # Current status of a vulnerability (open, closed, reopen) attr_accessor :status attr_accessor :suppression_info + # A timestamp corresponding to the point in time when a vulnerability's information or status have been updated attr_accessor :updated_timestamp + # Dynamic label that contains the CVE ID if applicable, otherwise the vulnerability metadata ID or label from the provider + attr_accessor :vulnerability_id + + # Unique identifier for the vulnerability metadata + attr_accessor :vulnerability_metadata_id + # Attribute mapping from ruby-style variable name to JSON key. def self.attribute_map { @@ -68,12 +88,16 @@ def self.attribute_map :'closed_timestamp' => :'closed_timestamp', :'created_timestamp' => :'created_timestamp', :'cve' => :'cve', + :'data_providers' => :'data_providers', :'host_info' => :'host_info', :'id' => :'id', + :'ports' => :'ports', :'remediation' => :'remediation', :'status' => :'status', :'suppression_info' => :'suppression_info', - :'updated_timestamp' => :'updated_timestamp' + :'updated_timestamp' => :'updated_timestamp', + :'vulnerability_id' => :'vulnerability_id', + :'vulnerability_metadata_id' => :'vulnerability_metadata_id' } end @@ -92,12 +116,16 @@ def self.openapi_types :'closed_timestamp' => :'String', :'created_timestamp' => :'String', :'cve' => :'DomainAPIVulnerabilityCVEDetailsFacetV2', + :'data_providers' => :'Array', :'host_info' => :'DomainAPIVulnerabilityHostFacetV2', :'id' => :'String', + :'ports' => :'Array', :'remediation' => :'DomainAPIVulnerabilityRemediationFacetV2', :'status' => :'String', :'suppression_info' => :'DomainAPIVulnerabilitySuppressionInfoV2', - :'updated_timestamp' => :'String' + :'updated_timestamp' => :'String', + :'vulnerability_id' => :'String', + :'vulnerability_metadata_id' => :'String' } end @@ -152,6 +180,12 @@ def initialize(attributes = {}) self.cve = attributes[:'cve'] end + if attributes.key?(:'data_providers') + if (value = attributes[:'data_providers']).is_a?(Array) + self.data_providers = value + end + end + if attributes.key?(:'host_info') self.host_info = attributes[:'host_info'] end @@ -160,6 +194,12 @@ def initialize(attributes = {}) self.id = attributes[:'id'] end + if attributes.key?(:'ports') + if (value = attributes[:'ports']).is_a?(Array) + self.ports = value + end + end + if attributes.key?(:'remediation') self.remediation = attributes[:'remediation'] end @@ -175,6 +215,14 @@ def initialize(attributes = {}) if attributes.key?(:'updated_timestamp') self.updated_timestamp = attributes[:'updated_timestamp'] end + + if attributes.key?(:'vulnerability_id') + self.vulnerability_id = attributes[:'vulnerability_id'] + end + + if attributes.key?(:'vulnerability_metadata_id') + self.vulnerability_metadata_id = attributes[:'vulnerability_metadata_id'] + end end # Show invalid properties with the reasons. Usually used together with valid? @@ -232,12 +280,16 @@ def ==(o) closed_timestamp == o.closed_timestamp && created_timestamp == o.created_timestamp && cve == o.cve && + data_providers == o.data_providers && host_info == o.host_info && id == o.id && + ports == o.ports && remediation == o.remediation && status == o.status && suppression_info == o.suppression_info && - updated_timestamp == o.updated_timestamp + updated_timestamp == o.updated_timestamp && + vulnerability_id == o.vulnerability_id && + vulnerability_metadata_id == o.vulnerability_metadata_id end # @see the `==` method @@ -249,7 +301,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [aid, app, apps, cid, closed_timestamp, created_timestamp, cve, host_info, id, remediation, status, suppression_info, updated_timestamp].hash + [aid, app, apps, cid, closed_timestamp, created_timestamp, cve, data_providers, host_info, id, ports, remediation, status, suppression_info, updated_timestamp, vulnerability_id, vulnerability_metadata_id].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_aws_account_v2.rb b/lib/crimson-falcon/models/domain_aws_account_v2.rb index 32254191..1891291e 100644 --- a/lib/crimson-falcon/models/domain_aws_account_v2.rb +++ b/lib/crimson-falcon/models/domain_aws_account_v2.rb @@ -43,6 +43,9 @@ class DomainAWSAccountV2 # 12 digit AWS provided unique identifier for the account. attr_accessor :account_id + # AWS account name + attr_accessor :account_name + attr_accessor :account_type attr_accessor :active_regions @@ -63,6 +66,8 @@ class DomainAWSAccountV2 attr_accessor :cid + attr_accessor :cloud_scopes + attr_accessor :cloudformation_url attr_accessor :conditions @@ -73,6 +78,8 @@ class DomainAWSAccountV2 attr_accessor :d4c_migrated + attr_accessor :environment + attr_accessor :eventbus_name # ID assigned for use with cross account IAM role access. @@ -122,6 +129,7 @@ def self.attribute_map :'id' => :'ID', :'updated_at' => :'UpdatedAt', :'account_id' => :'account_id', + :'account_name' => :'account_name', :'account_type' => :'account_type', :'active_regions' => :'active_regions', :'aws_cloudtrail_bucket_name' => :'aws_cloudtrail_bucket_name', @@ -130,11 +138,13 @@ def self.attribute_map :'aws_permissions_status' => :'aws_permissions_status', :'behavior_assessment_enabled' => :'behavior_assessment_enabled', :'cid' => :'cid', + :'cloud_scopes' => :'cloud_scopes', :'cloudformation_url' => :'cloudformation_url', :'conditions' => :'conditions', :'cspm_enabled' => :'cspm_enabled', :'d4c' => :'d4c', :'d4c_migrated' => :'d4c_migrated', + :'environment' => :'environment', :'eventbus_name' => :'eventbus_name', :'external_id' => :'external_id', :'iam_role_arn' => :'iam_role_arn', @@ -169,6 +179,7 @@ def self.openapi_types :'id' => :'Integer', :'updated_at' => :'Time', :'account_id' => :'String', + :'account_name' => :'String', :'account_type' => :'String', :'active_regions' => :'Array', :'aws_cloudtrail_bucket_name' => :'String', @@ -177,11 +188,13 @@ def self.openapi_types :'aws_permissions_status' => :'Array', :'behavior_assessment_enabled' => :'Boolean', :'cid' => :'String', + :'cloud_scopes' => :'Array', :'cloudformation_url' => :'String', :'conditions' => :'Array', :'cspm_enabled' => :'Boolean', :'d4c' => :'DomainAWSD4CAccountV1', :'d4c_migrated' => :'Boolean', + :'environment' => :'String', :'eventbus_name' => :'String', :'external_id' => :'String', :'iam_role_arn' => :'String', @@ -244,6 +257,10 @@ def initialize(attributes = {}) self.account_id = attributes[:'account_id'] end + if attributes.key?(:'account_name') + self.account_name = attributes[:'account_name'] + end + if attributes.key?(:'account_type') self.account_type = attributes[:'account_type'] end @@ -280,6 +297,12 @@ def initialize(attributes = {}) self.cid = attributes[:'cid'] end + if attributes.key?(:'cloud_scopes') + if (value = attributes[:'cloud_scopes']).is_a?(Array) + self.cloud_scopes = value + end + end + if attributes.key?(:'cloudformation_url') self.cloudformation_url = attributes[:'cloudformation_url'] end @@ -302,6 +325,10 @@ def initialize(attributes = {}) self.d4c_migrated = attributes[:'d4c_migrated'] end + if attributes.key?(:'environment') + self.environment = attributes[:'environment'] + end + if attributes.key?(:'eventbus_name') self.eventbus_name = attributes[:'eventbus_name'] end @@ -433,6 +460,7 @@ def ==(o) id == o.id && updated_at == o.updated_at && account_id == o.account_id && + account_name == o.account_name && account_type == o.account_type && active_regions == o.active_regions && aws_cloudtrail_bucket_name == o.aws_cloudtrail_bucket_name && @@ -441,11 +469,13 @@ def ==(o) aws_permissions_status == o.aws_permissions_status && behavior_assessment_enabled == o.behavior_assessment_enabled && cid == o.cid && + cloud_scopes == o.cloud_scopes && cloudformation_url == o.cloudformation_url && conditions == o.conditions && cspm_enabled == o.cspm_enabled && d4c == o.d4c && d4c_migrated == o.d4c_migrated && + environment == o.environment && eventbus_name == o.eventbus_name && external_id == o.external_id && iam_role_arn == o.iam_role_arn && @@ -475,7 +505,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [created_at, deleted_at, id, updated_at, account_id, account_type, active_regions, aws_cloudtrail_bucket_name, aws_cloudtrail_region, aws_eventbus_arn, aws_permissions_status, behavior_assessment_enabled, cid, cloudformation_url, conditions, cspm_enabled, d4c, d4c_migrated, eventbus_name, external_id, iam_role_arn, intermediate_role_arn, is_custom_rolename, is_master, organization_id, remediation_cloudformation_url, remediation_region, remediation_tou_accepted, root_account_id, root_iam_role, secondary_role_arn, sensor_management_enabled, settings, status, use_existing_cloudtrail, valid].hash + [created_at, deleted_at, id, updated_at, account_id, account_name, account_type, active_regions, aws_cloudtrail_bucket_name, aws_cloudtrail_region, aws_eventbus_arn, aws_permissions_status, behavior_assessment_enabled, cid, cloud_scopes, cloudformation_url, conditions, cspm_enabled, d4c, d4c_migrated, environment, eventbus_name, external_id, iam_role_arn, intermediate_role_arn, is_custom_rolename, is_master, organization_id, remediation_cloudformation_url, remediation_region, remediation_tou_accepted, root_account_id, root_iam_role, secondary_role_arn, sensor_management_enabled, settings, status, use_existing_cloudtrail, valid].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_base_api_vulnerability_v2.rb b/lib/crimson-falcon/models/domain_base_api_vulnerability_v2.rb index cba18350..75f06ee9 100644 --- a/lib/crimson-falcon/models/domain_base_api_vulnerability_v2.rb +++ b/lib/crimson-falcon/models/domain_base_api_vulnerability_v2.rb @@ -32,32 +32,52 @@ module Falcon class DomainBaseAPIVulnerabilityV2 + # Asset ID for which the vulnerability has been detected. For managed assets it can correspond to the sensor ID, for unmanaged assets can be a stand alone ID attr_accessor :aid attr_accessor :app + # Provide details related to the products for which a the vulnerability has been detected attr_accessor :apps + # Contains the customer identifier associated with the asset for which the vulnerability has been detected attr_accessor :cid + # A timestamp corresponding to the point in time when the vulnerability has no longer been detected (eg: it got fixed) attr_accessor :closed_timestamp + # A timestamp corresponding to the point in time when the vulnerability has been created (detected) in our system attr_accessor :created_timestamp attr_accessor :cve + # Contains information about the vulnerability data providers of this entity + attr_accessor :data_providers + attr_accessor :host_info + # Vulnerability unique ID attr_accessor :id + # Contains ports that the vulnerability affects + attr_accessor :ports + attr_accessor :remediation + # Current status of a vulnerability (open, closed, reopen) attr_accessor :status attr_accessor :suppression_info + # A timestamp corresponding to the point in time when a vulnerability's information or status have been updated attr_accessor :updated_timestamp + # Dynamic label that contains the CVE ID if applicable, otherwise the vulnerability metadata ID or label from the provider + attr_accessor :vulnerability_id + + # Unique identifier for the vulnerability metadata + attr_accessor :vulnerability_metadata_id + # Attribute mapping from ruby-style variable name to JSON key. def self.attribute_map { @@ -68,12 +88,16 @@ def self.attribute_map :'closed_timestamp' => :'closed_timestamp', :'created_timestamp' => :'created_timestamp', :'cve' => :'cve', + :'data_providers' => :'data_providers', :'host_info' => :'host_info', :'id' => :'id', + :'ports' => :'ports', :'remediation' => :'remediation', :'status' => :'status', :'suppression_info' => :'suppression_info', - :'updated_timestamp' => :'updated_timestamp' + :'updated_timestamp' => :'updated_timestamp', + :'vulnerability_id' => :'vulnerability_id', + :'vulnerability_metadata_id' => :'vulnerability_metadata_id' } end @@ -92,12 +116,16 @@ def self.openapi_types :'closed_timestamp' => :'String', :'created_timestamp' => :'String', :'cve' => :'DomainAPIVulnerabilityCVEDetailsFacetV2', + :'data_providers' => :'Array', :'host_info' => :'DomainAPIVulnerabilityHostFacetV2', :'id' => :'String', + :'ports' => :'Array', :'remediation' => :'DomainAPIVulnerabilityRemediationFacetV2', :'status' => :'String', :'suppression_info' => :'DomainAPIVulnerabilitySuppressionInfoV2', - :'updated_timestamp' => :'String' + :'updated_timestamp' => :'String', + :'vulnerability_id' => :'String', + :'vulnerability_metadata_id' => :'String' } end @@ -152,6 +180,12 @@ def initialize(attributes = {}) self.cve = attributes[:'cve'] end + if attributes.key?(:'data_providers') + if (value = attributes[:'data_providers']).is_a?(Array) + self.data_providers = value + end + end + if attributes.key?(:'host_info') self.host_info = attributes[:'host_info'] end @@ -160,6 +194,12 @@ def initialize(attributes = {}) self.id = attributes[:'id'] end + if attributes.key?(:'ports') + if (value = attributes[:'ports']).is_a?(Array) + self.ports = value + end + end + if attributes.key?(:'remediation') self.remediation = attributes[:'remediation'] end @@ -175,6 +215,14 @@ def initialize(attributes = {}) if attributes.key?(:'updated_timestamp') self.updated_timestamp = attributes[:'updated_timestamp'] end + + if attributes.key?(:'vulnerability_id') + self.vulnerability_id = attributes[:'vulnerability_id'] + end + + if attributes.key?(:'vulnerability_metadata_id') + self.vulnerability_metadata_id = attributes[:'vulnerability_metadata_id'] + end end # Show invalid properties with the reasons. Usually used together with valid? @@ -232,12 +280,16 @@ def ==(o) closed_timestamp == o.closed_timestamp && created_timestamp == o.created_timestamp && cve == o.cve && + data_providers == o.data_providers && host_info == o.host_info && id == o.id && + ports == o.ports && remediation == o.remediation && status == o.status && suppression_info == o.suppression_info && - updated_timestamp == o.updated_timestamp + updated_timestamp == o.updated_timestamp && + vulnerability_id == o.vulnerability_id && + vulnerability_metadata_id == o.vulnerability_metadata_id end # @see the `==` method @@ -249,7 +301,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [aid, app, apps, cid, closed_timestamp, created_timestamp, cve, host_info, id, remediation, status, suppression_info, updated_timestamp].hash + [aid, app, apps, cid, closed_timestamp, created_timestamp, cve, data_providers, host_info, id, ports, remediation, status, suppression_info, updated_timestamp, vulnerability_id, vulnerability_metadata_id].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_behavior.rb b/lib/crimson-falcon/models/domain_behavior.rb index c4f8c318..ecc1a85e 100644 --- a/lib/crimson-falcon/models/domain_behavior.rb +++ b/lib/crimson-falcon/models/domain_behavior.rb @@ -34,6 +34,8 @@ module Falcon class DomainBehavior attr_accessor :aid + attr_accessor :alert_ids + attr_accessor :behavior_id attr_accessor :cid @@ -90,6 +92,7 @@ class DomainBehavior def self.attribute_map { :'aid' => :'aid', + :'alert_ids' => :'alert_ids', :'behavior_id' => :'behavior_id', :'cid' => :'cid', :'cmdline' => :'cmdline', @@ -128,6 +131,7 @@ def self.acceptable_attributes def self.openapi_types { :'aid' => :'String', + :'alert_ids' => :'Array', :'behavior_id' => :'String', :'cid' => :'String', :'cmdline' => :'String', @@ -182,6 +186,12 @@ def initialize(attributes = {}) self.aid = attributes[:'aid'] end + if attributes.key?(:'alert_ids') + if (value = attributes[:'alert_ids']).is_a?(Array) + self.alert_ids = value + end + end + if attributes.key?(:'behavior_id') self.behavior_id = attributes[:'behavior_id'] end @@ -325,6 +335,7 @@ def ==(o) return true if self.equal?(o) self.class == o.class && aid == o.aid && + alert_ids == o.alert_ids && behavior_id == o.behavior_id && cid == o.cid && cmdline == o.cmdline && @@ -362,7 +373,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [aid, behavior_id, cid, cmdline, compound_tto, detection_ids, display_name, domain, exclusion_type, filepath, incident_id, incident_ids, ioc_source, ioc_type, ioc_value, objective, pattern_disposition, pattern_disposition_details, pattern_id, sha256, tactic, tactic_id, technique, technique_id, template_instance_id, timestamp, user_name].hash + [aid, alert_ids, behavior_id, cid, cmdline, compound_tto, detection_ids, display_name, domain, exclusion_type, filepath, incident_id, incident_ids, ioc_source, ioc_type, ioc_value, objective, pattern_disposition, pattern_disposition_details, pattern_id, sha256, tactic, tactic_id, technique, technique_id, template_instance_id, timestamp, user_name].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_cid_group.rb b/lib/crimson-falcon/models/domain_cid_group.rb index 84189351..7c11f883 100644 --- a/lib/crimson-falcon/models/domain_cid_group.rb +++ b/lib/crimson-falcon/models/domain_cid_group.rb @@ -32,8 +32,6 @@ module Falcon class DomainCIDGroup - attr_accessor :cid - attr_accessor :cid_group_id attr_accessor :description @@ -43,7 +41,6 @@ class DomainCIDGroup # Attribute mapping from ruby-style variable name to JSON key. def self.attribute_map { - :'cid' => :'cid', :'cid_group_id' => :'cid_group_id', :'description' => :'description', :'name' => :'name' @@ -58,7 +55,6 @@ def self.acceptable_attributes # Attribute type mapping. def self.openapi_types { - :'cid' => :'String', :'cid_group_id' => :'String', :'description' => :'String', :'name' => :'String' @@ -86,10 +82,6 @@ def initialize(attributes = {}) h[k.to_sym] = v } - if attributes.key?(:'cid') - self.cid = attributes[:'cid'] - end - if attributes.key?(:'cid_group_id') self.cid_group_id = attributes[:'cid_group_id'] end @@ -107,8 +99,8 @@ def initialize(attributes = {}) # @return Array for valid properties with the reasons def list_invalid_properties invalid_properties = Array.new - if @description.nil? - invalid_properties.push('invalid value for "description", description cannot be nil.') + if @cid_group_id.nil? + invalid_properties.push('invalid value for "cid_group_id", cid_group_id cannot be nil.') end if @name.nil? @@ -121,7 +113,7 @@ def list_invalid_properties # Check to see if the all the properties in the model are valid # @return true if the model is valid def valid? - return false if @description.nil? + return false if @cid_group_id.nil? return false if @name.nil? true end @@ -131,7 +123,6 @@ def valid? def ==(o) return true if self.equal?(o) self.class == o.class && - cid == o.cid && cid_group_id == o.cid_group_id && description == o.description && name == o.name @@ -146,7 +137,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [cid, cid_group_id, description, name].hash + [cid_group_id, description, name].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_cid_policy_assignments.rb b/lib/crimson-falcon/models/domain_cid_policy_assignments.rb index b8d5f673..87d681a0 100644 --- a/lib/crimson-falcon/models/domain_cid_policy_assignments.rb +++ b/lib/crimson-falcon/models/domain_cid_policy_assignments.rb @@ -40,6 +40,8 @@ class DomainCIDPolicyAssignments attr_accessor :cis_benchmark + attr_accessor :cisa_benchmark + attr_accessor :cloud_asset_type attr_accessor :cloud_asset_type_id @@ -60,6 +62,8 @@ class DomainCIDPolicyAssignments attr_accessor :is_remediable + attr_accessor :iso_benchmark + attr_accessor :name attr_accessor :nist_benchmark @@ -87,6 +91,7 @@ def self.attribute_map :'attack_types' => :'attack_types', :'cid' => :'cid', :'cis_benchmark' => :'cis_benchmark', + :'cisa_benchmark' => :'cisa_benchmark', :'cloud_asset_type' => :'cloud_asset_type', :'cloud_asset_type_id' => :'cloud_asset_type_id', :'cloud_provider' => :'cloud_provider', @@ -97,6 +102,7 @@ def self.attribute_map :'default_severity' => :'default_severity', :'fql_policy' => :'fql_policy', :'is_remediable' => :'is_remediable', + :'iso_benchmark' => :'iso_benchmark', :'name' => :'name', :'nist_benchmark' => :'nist_benchmark', :'pci_benchmark' => :'pci_benchmark', @@ -122,6 +128,7 @@ def self.openapi_types :'attack_types' => :'Array', :'cid' => :'String', :'cis_benchmark' => :'Array', + :'cisa_benchmark' => :'Array', :'cloud_asset_type' => :'String', :'cloud_asset_type_id' => :'Integer', :'cloud_provider' => :'String', @@ -132,6 +139,7 @@ def self.openapi_types :'default_severity' => :'String', :'fql_policy' => :'String', :'is_remediable' => :'Boolean', + :'iso_benchmark' => :'Array', :'name' => :'String', :'nist_benchmark' => :'Array', :'pci_benchmark' => :'Array', @@ -186,6 +194,12 @@ def initialize(attributes = {}) end end + if attributes.key?(:'cisa_benchmark') + if (value = attributes[:'cisa_benchmark']).is_a?(Array) + self.cisa_benchmark = value + end + end + if attributes.key?(:'cloud_asset_type') self.cloud_asset_type = attributes[:'cloud_asset_type'] end @@ -226,6 +240,12 @@ def initialize(attributes = {}) self.is_remediable = attributes[:'is_remediable'] end + if attributes.key?(:'iso_benchmark') + if (value = attributes[:'iso_benchmark']).is_a?(Array) + self.iso_benchmark = value + end + end + if attributes.key?(:'name') self.name = attributes[:'name'] end @@ -302,6 +322,7 @@ def ==(o) attack_types == o.attack_types && cid == o.cid && cis_benchmark == o.cis_benchmark && + cisa_benchmark == o.cisa_benchmark && cloud_asset_type == o.cloud_asset_type && cloud_asset_type_id == o.cloud_asset_type_id && cloud_provider == o.cloud_provider && @@ -312,6 +333,7 @@ def ==(o) default_severity == o.default_severity && fql_policy == o.fql_policy && is_remediable == o.is_remediable && + iso_benchmark == o.iso_benchmark && name == o.name && nist_benchmark == o.nist_benchmark && pci_benchmark == o.pci_benchmark && @@ -333,7 +355,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [account_scope, attack_types, cid, cis_benchmark, cloud_asset_type, cloud_asset_type_id, cloud_provider, cloud_service, cloud_service_friendly, cloud_service_subtype, created_at, default_severity, fql_policy, is_remediable, name, nist_benchmark, pci_benchmark, policy_id, policy_settings, policy_timestamp, policy_type, remediation_summary, soc2_benchmark, updated_at].hash + [account_scope, attack_types, cid, cis_benchmark, cisa_benchmark, cloud_asset_type, cloud_asset_type_id, cloud_provider, cloud_service, cloud_service_friendly, cloud_service_subtype, created_at, default_severity, fql_policy, is_remediable, iso_benchmark, name, nist_benchmark, pci_benchmark, policy_id, policy_settings, policy_timestamp, policy_type, remediation_summary, soc2_benchmark, updated_at].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_cloud_accounts.rb b/lib/crimson-falcon/models/domain_cloud_accounts.rb new file mode 100644 index 00000000..c40557c6 --- /dev/null +++ b/lib/crimson-falcon/models/domain_cloud_accounts.rb @@ -0,0 +1,245 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class DomainCloudAccounts + attr_accessor :ids + + attr_accessor :provider + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'ids' => :'ids', + :'provider' => :'provider' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'ids' => :'Array', + :'provider' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainCloudAccounts` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainCloudAccounts`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'ids') + if (value = attributes[:'ids']).is_a?(Array) + self.ids = value + end + end + + if attributes.key?(:'provider') + self.provider = attributes[:'provider'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + ids == o.ids && + provider == o.provider + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [ids, provider].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/domain_cloud_scope.rb b/lib/crimson-falcon/models/domain_cloud_scope.rb new file mode 100644 index 00000000..a556abdb --- /dev/null +++ b/lib/crimson-falcon/models/domain_cloud_scope.rb @@ -0,0 +1,319 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class DomainCloudScope + attr_accessor :accounts + + attr_accessor :business_impact + + attr_accessor :business_unit + + attr_accessor :cid + + attr_accessor :created_at + + attr_accessor :description + + attr_accessor :id + + attr_accessor :name + + attr_accessor :owners + + attr_accessor :total_accounts + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'accounts' => :'accounts', + :'business_impact' => :'business_impact', + :'business_unit' => :'business_unit', + :'cid' => :'cid', + :'created_at' => :'created_at', + :'description' => :'description', + :'id' => :'id', + :'name' => :'name', + :'owners' => :'owners', + :'total_accounts' => :'total_accounts' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'accounts' => :'Array', + :'business_impact' => :'String', + :'business_unit' => :'String', + :'cid' => :'String', + :'created_at' => :'Time', + :'description' => :'String', + :'id' => :'Integer', + :'name' => :'String', + :'owners' => :'Array', + :'total_accounts' => :'Integer' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainCloudScope` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainCloudScope`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'accounts') + if (value = attributes[:'accounts']).is_a?(Array) + self.accounts = value + end + end + + if attributes.key?(:'business_impact') + self.business_impact = attributes[:'business_impact'] + end + + if attributes.key?(:'business_unit') + self.business_unit = attributes[:'business_unit'] + end + + if attributes.key?(:'cid') + self.cid = attributes[:'cid'] + end + + if attributes.key?(:'created_at') + self.created_at = attributes[:'created_at'] + end + + if attributes.key?(:'description') + self.description = attributes[:'description'] + end + + if attributes.key?(:'id') + self.id = attributes[:'id'] + end + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + + if attributes.key?(:'owners') + if (value = attributes[:'owners']).is_a?(Array) + self.owners = value + end + end + + if attributes.key?(:'total_accounts') + self.total_accounts = attributes[:'total_accounts'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + accounts == o.accounts && + business_impact == o.business_impact && + business_unit == o.business_unit && + cid == o.cid && + created_at == o.created_at && + description == o.description && + id == o.id && + name == o.name && + owners == o.owners && + total_accounts == o.total_accounts + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [accounts, business_impact, business_unit, cid, created_at, description, id, name, owners, total_accounts].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/domain_discover_api_host.rb b/lib/crimson-falcon/models/domain_discover_api_host.rb index 3c3cf7e8..24e2ef8d 100644 --- a/lib/crimson-falcon/models/domain_discover_api_host.rb +++ b/lib/crimson-falcon/models/domain_discover_api_host.rb @@ -47,7 +47,7 @@ class DomainDiscoverAPIHost # The agent ID of the Falcon sensor installed on the asset. attr_accessor :aid - # List of asset roles (computed or given by the user) + # The asset role or roles currently assigned to the asset either automatically or by a user (Jump host, Highly connected, Highly active, Server by behavior, DHCP server, DNS server, FTP server, SSH server, or Web server). attr_accessor :asset_roles # The first and last name of the person who is assigned to this asset. @@ -92,6 +92,9 @@ class DomainDiscoverAPIHost # The cloud provider assigned identifier of the cloud account the instance is located in. attr_accessor :cloud_account_id + # The id of the cloud instance. + attr_accessor :cloud_instance_id + # The cloud provider environment the instance is located in (AWS/Azure/GCP). attr_accessor :cloud_provider @@ -104,9 +107,12 @@ class DomainDiscoverAPIHost # The cloud provider assigned identifier of the instance. attr_accessor :cloud_resource_id - # List of computed asset roles + # The asset role or roles assigned to the asset automatically (Jump host, Highly connected, Highly active, Server by behavior, DHCP server, DNS server, FTP server, SSH server, or Web server). attr_accessor :computed_asset_roles + # Whether the asset is exposed to the internet as determined automatically (Yes, No, or Unknown). + attr_accessor :computed_internet_exposure + # The level of confidence that the asset is a corporate asset (25 = low confidence, 50 = medium confidence, 75 = high confidence). attr_accessor :confidence @@ -122,12 +128,21 @@ class DomainDiscoverAPIHost # The time the asset was created in Active Directory, according to LDAP info. attr_accessor :creation_timestamp - # Asset criticality + # The criticality level of the asset (Critical, High, Noncritical, or Unassigned) attr_accessor :criticality - # The ID of the criticality rule that last matched on this host + # The description the user entered when manually assigning a criticality level + attr_accessor :criticality_description + + # The ID of the criticality rule that has most recently applied to the asset. attr_accessor :criticality_rule_id + # The date and time the criticality level was manually assigned + attr_accessor :criticality_timestamp + + # The username of the account that manually assigned the criticality level + attr_accessor :criticality_username + # The last seen local IPv4 address of the asset. attr_accessor :current_local_ip @@ -149,6 +164,9 @@ class DomainDiscoverAPIHost # The number of sources that discovered the asset. attr_accessor :discoverer_count + # The hostnames of the sources that discovered the asset. + attr_accessor :discoverer_hostnames + # The platform names of the sources that discovered the asset. attr_accessor :discoverer_platform_names @@ -209,12 +227,24 @@ class DomainDiscoverAPIHost # Whether the asset is exposed to the internet (Yes or Unknown). attr_accessor :internet_exposure + # The description the user entered when manually assigning a internet exposure level + attr_accessor :internet_exposure_description + + # The date and time the internet exposure level was manually assigned + attr_accessor :internet_exposure_timestamp + + # The username of the account that manually assigned the internet exposure level + attr_accessor :internet_exposure_username + # For Linux and Mac hosts: the major version, minor version, and patch version of the kernel for the asset. For Windows hosts: the build number of the asset. attr_accessor :kernel_version # The agent ID of the Falcon sensor installed on the source that most recently discovered the asset. attr_accessor :last_discoverer_aid + # The hostname of the last source that discovered the asset. + attr_accessor :last_discoverer_hostname + # The most recent time the asset was seen in your environment. attr_accessor :last_seen_timestamp @@ -277,12 +307,15 @@ class DomainDiscoverAPIHost # The organizational unit of the asset. attr_accessor :ou - # True if the user has override asset roles computed automatically + # Whether a user overrode automatically assigned asset roles to manually assign a role to the asset (true or false). attr_accessor :override_asset_roles - # True if the host should not be evaluated against the criticality rules + # Whether a user overrode a criticality rule to manually assign a criticality level on the asset (true or false). attr_accessor :override_criticality_rules + # Whether a user overrode the automatically assigned internet exposure (True or False). + attr_accessor :override_internet_exposure + # The first and last name of the person who owns this asset. attr_accessor :owned_by @@ -377,18 +410,23 @@ def self.attribute_map :'city' => :'city', :'classification' => :'classification', :'cloud_account_id' => :'cloud_account_id', + :'cloud_instance_id' => :'cloud_instance_id', :'cloud_provider' => :'cloud_provider', :'cloud_region' => :'cloud_region', :'cloud_registered' => :'cloud_registered', :'cloud_resource_id' => :'cloud_resource_id', :'computed_asset_roles' => :'computed_asset_roles', + :'computed_internet_exposure' => :'computed_internet_exposure', :'confidence' => :'confidence', :'country' => :'country', :'cpu_manufacturer' => :'cpu_manufacturer', :'cpu_processor_name' => :'cpu_processor_name', :'creation_timestamp' => :'creation_timestamp', :'criticality' => :'criticality', + :'criticality_description' => :'criticality_description', :'criticality_rule_id' => :'criticality_rule_id', + :'criticality_timestamp' => :'criticality_timestamp', + :'criticality_username' => :'criticality_username', :'current_local_ip' => :'current_local_ip', :'data_providers' => :'data_providers', :'data_providers_count' => :'data_providers_count', @@ -396,6 +434,7 @@ def self.attribute_map :'descriptions' => :'descriptions', :'discoverer_aids' => :'discoverer_aids', :'discoverer_count' => :'discoverer_count', + :'discoverer_hostnames' => :'discoverer_hostnames', :'discoverer_platform_names' => :'discoverer_platform_names', :'discoverer_product_type_descs' => :'discoverer_product_type_descs', :'discoverer_tags' => :'discoverer_tags', @@ -416,8 +455,12 @@ def self.attribute_map :'hostname' => :'hostname', :'id' => :'id', :'internet_exposure' => :'internet_exposure', + :'internet_exposure_description' => :'internet_exposure_description', + :'internet_exposure_timestamp' => :'internet_exposure_timestamp', + :'internet_exposure_username' => :'internet_exposure_username', :'kernel_version' => :'kernel_version', :'last_discoverer_aid' => :'last_discoverer_aid', + :'last_discoverer_hostname' => :'last_discoverer_hostname', :'last_seen_timestamp' => :'last_seen_timestamp', :'local_ip_addresses' => :'local_ip_addresses', :'local_ips_count' => :'local_ips_count', @@ -441,6 +484,7 @@ def self.attribute_map :'ou' => :'ou', :'override_asset_roles' => :'override_asset_roles', :'override_criticality_rules' => :'override_criticality_rules', + :'override_internet_exposure' => :'override_internet_exposure', :'owned_by' => :'owned_by', :'physical_core_count' => :'physical_core_count', :'platform_name' => :'platform_name', @@ -496,18 +540,23 @@ def self.openapi_types :'city' => :'String', :'classification' => :'String', :'cloud_account_id' => :'String', + :'cloud_instance_id' => :'String', :'cloud_provider' => :'String', :'cloud_region' => :'String', :'cloud_registered' => :'Boolean', :'cloud_resource_id' => :'String', :'computed_asset_roles' => :'Array', + :'computed_internet_exposure' => :'String', :'confidence' => :'Integer', :'country' => :'String', :'cpu_manufacturer' => :'String', :'cpu_processor_name' => :'String', :'creation_timestamp' => :'String', :'criticality' => :'String', + :'criticality_description' => :'String', :'criticality_rule_id' => :'String', + :'criticality_timestamp' => :'String', + :'criticality_username' => :'String', :'current_local_ip' => :'String', :'data_providers' => :'Array', :'data_providers_count' => :'Integer', @@ -515,6 +564,7 @@ def self.openapi_types :'descriptions' => :'Array', :'discoverer_aids' => :'Array', :'discoverer_count' => :'Integer', + :'discoverer_hostnames' => :'Array', :'discoverer_platform_names' => :'Array', :'discoverer_product_type_descs' => :'Array', :'discoverer_tags' => :'Array', @@ -535,8 +585,12 @@ def self.openapi_types :'hostname' => :'String', :'id' => :'String', :'internet_exposure' => :'String', + :'internet_exposure_description' => :'String', + :'internet_exposure_timestamp' => :'String', + :'internet_exposure_username' => :'String', :'kernel_version' => :'String', :'last_discoverer_aid' => :'String', + :'last_discoverer_hostname' => :'String', :'last_seen_timestamp' => :'String', :'local_ip_addresses' => :'Array', :'local_ips_count' => :'Integer', @@ -560,6 +614,7 @@ def self.openapi_types :'ou' => :'String', :'override_asset_roles' => :'Boolean', :'override_criticality_rules' => :'Boolean', + :'override_internet_exposure' => :'Boolean', :'owned_by' => :'String', :'physical_core_count' => :'Integer', :'platform_name' => :'String', @@ -692,6 +747,10 @@ def initialize(attributes = {}) self.cloud_account_id = attributes[:'cloud_account_id'] end + if attributes.key?(:'cloud_instance_id') + self.cloud_instance_id = attributes[:'cloud_instance_id'] + end + if attributes.key?(:'cloud_provider') self.cloud_provider = attributes[:'cloud_provider'] end @@ -714,6 +773,10 @@ def initialize(attributes = {}) end end + if attributes.key?(:'computed_internet_exposure') + self.computed_internet_exposure = attributes[:'computed_internet_exposure'] + end + if attributes.key?(:'confidence') self.confidence = attributes[:'confidence'] end @@ -738,10 +801,22 @@ def initialize(attributes = {}) self.criticality = attributes[:'criticality'] end + if attributes.key?(:'criticality_description') + self.criticality_description = attributes[:'criticality_description'] + end + if attributes.key?(:'criticality_rule_id') self.criticality_rule_id = attributes[:'criticality_rule_id'] end + if attributes.key?(:'criticality_timestamp') + self.criticality_timestamp = attributes[:'criticality_timestamp'] + end + + if attributes.key?(:'criticality_username') + self.criticality_username = attributes[:'criticality_username'] + end + if attributes.key?(:'current_local_ip') self.current_local_ip = attributes[:'current_local_ip'] end @@ -776,6 +851,12 @@ def initialize(attributes = {}) self.discoverer_count = attributes[:'discoverer_count'] end + if attributes.key?(:'discoverer_hostnames') + if (value = attributes[:'discoverer_hostnames']).is_a?(Array) + self.discoverer_hostnames = value + end + end + if attributes.key?(:'discoverer_platform_names') if (value = attributes[:'discoverer_platform_names']).is_a?(Array) self.discoverer_platform_names = value @@ -872,6 +953,18 @@ def initialize(attributes = {}) self.internet_exposure = attributes[:'internet_exposure'] end + if attributes.key?(:'internet_exposure_description') + self.internet_exposure_description = attributes[:'internet_exposure_description'] + end + + if attributes.key?(:'internet_exposure_timestamp') + self.internet_exposure_timestamp = attributes[:'internet_exposure_timestamp'] + end + + if attributes.key?(:'internet_exposure_username') + self.internet_exposure_username = attributes[:'internet_exposure_username'] + end + if attributes.key?(:'kernel_version') self.kernel_version = attributes[:'kernel_version'] end @@ -880,6 +973,10 @@ def initialize(attributes = {}) self.last_discoverer_aid = attributes[:'last_discoverer_aid'] end + if attributes.key?(:'last_discoverer_hostname') + self.last_discoverer_hostname = attributes[:'last_discoverer_hostname'] + end + if attributes.key?(:'last_seen_timestamp') self.last_seen_timestamp = attributes[:'last_seen_timestamp'] end @@ -980,6 +1077,10 @@ def initialize(attributes = {}) self.override_criticality_rules = attributes[:'override_criticality_rules'] end + if attributes.key?(:'override_internet_exposure') + self.override_internet_exposure = attributes[:'override_internet_exposure'] + end + if attributes.key?(:'owned_by') self.owned_by = attributes[:'owned_by'] end @@ -1129,18 +1230,23 @@ def ==(o) city == o.city && classification == o.classification && cloud_account_id == o.cloud_account_id && + cloud_instance_id == o.cloud_instance_id && cloud_provider == o.cloud_provider && cloud_region == o.cloud_region && cloud_registered == o.cloud_registered && cloud_resource_id == o.cloud_resource_id && computed_asset_roles == o.computed_asset_roles && + computed_internet_exposure == o.computed_internet_exposure && confidence == o.confidence && country == o.country && cpu_manufacturer == o.cpu_manufacturer && cpu_processor_name == o.cpu_processor_name && creation_timestamp == o.creation_timestamp && criticality == o.criticality && + criticality_description == o.criticality_description && criticality_rule_id == o.criticality_rule_id && + criticality_timestamp == o.criticality_timestamp && + criticality_username == o.criticality_username && current_local_ip == o.current_local_ip && data_providers == o.data_providers && data_providers_count == o.data_providers_count && @@ -1148,6 +1254,7 @@ def ==(o) descriptions == o.descriptions && discoverer_aids == o.discoverer_aids && discoverer_count == o.discoverer_count && + discoverer_hostnames == o.discoverer_hostnames && discoverer_platform_names == o.discoverer_platform_names && discoverer_product_type_descs == o.discoverer_product_type_descs && discoverer_tags == o.discoverer_tags && @@ -1168,8 +1275,12 @@ def ==(o) hostname == o.hostname && id == o.id && internet_exposure == o.internet_exposure && + internet_exposure_description == o.internet_exposure_description && + internet_exposure_timestamp == o.internet_exposure_timestamp && + internet_exposure_username == o.internet_exposure_username && kernel_version == o.kernel_version && last_discoverer_aid == o.last_discoverer_aid && + last_discoverer_hostname == o.last_discoverer_hostname && last_seen_timestamp == o.last_seen_timestamp && local_ip_addresses == o.local_ip_addresses && local_ips_count == o.local_ips_count && @@ -1193,6 +1304,7 @@ def ==(o) ou == o.ou && override_asset_roles == o.override_asset_roles && override_criticality_rules == o.override_criticality_rules && + override_internet_exposure == o.override_internet_exposure && owned_by == o.owned_by && physical_core_count == o.physical_core_count && platform_name == o.platform_name && @@ -1228,7 +1340,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [account_enabled, active_discovery, ad_user_account_control, agent_version, aid, asset_roles, assigned_to, available_disk_space, available_disk_space_pct, average_memory_usage, average_memory_usage_pct, average_processor_usage, bios_hashes_data, bios_id, bios_manufacturer, bios_version, cid, city, classification, cloud_account_id, cloud_provider, cloud_region, cloud_registered, cloud_resource_id, computed_asset_roles, confidence, country, cpu_manufacturer, cpu_processor_name, creation_timestamp, criticality, criticality_rule_id, current_local_ip, data_providers, data_providers_count, department, descriptions, discoverer_aids, discoverer_count, discoverer_platform_names, discoverer_product_type_descs, discoverer_tags, discovering_by, disk_sizes, email, encrypted_drives, encrypted_drives_count, encryption_status, entity_type, external_ip, field_metadata, first_discoverer_aid, first_seen_timestamp, form_factor, fqdn, groups, hostname, id, internet_exposure, kernel_version, last_discoverer_aid, last_seen_timestamp, local_ip_addresses, local_ips_count, location, logical_core_count, mac_addresses, machine_domain, managed_by, max_memory_usage, max_memory_usage_pct, max_processor_usage, mount_storage_info, network_interfaces, number_of_disk_drives, object_guid, object_sid, os_is_eol, os_security, os_service_pack, os_version, ou, override_asset_roles, override_criticality_rules, owned_by, physical_core_count, platform_name, processor_package_count, product_type, product_type_desc, reduced_functionality_mode, servicenow_id, site_name, state, system_manufacturer, system_product_name, system_serial_number, tags, tenableio_id, total_bios_files, total_disk_space, total_memory, triage, unencrypted_drives, unencrypted_drives_count, used_disk_space, used_disk_space_pct, used_for].hash + [account_enabled, active_discovery, ad_user_account_control, agent_version, aid, asset_roles, assigned_to, available_disk_space, available_disk_space_pct, average_memory_usage, average_memory_usage_pct, average_processor_usage, bios_hashes_data, bios_id, bios_manufacturer, bios_version, cid, city, classification, cloud_account_id, cloud_instance_id, cloud_provider, cloud_region, cloud_registered, cloud_resource_id, computed_asset_roles, computed_internet_exposure, confidence, country, cpu_manufacturer, cpu_processor_name, creation_timestamp, criticality, criticality_description, criticality_rule_id, criticality_timestamp, criticality_username, current_local_ip, data_providers, data_providers_count, department, descriptions, discoverer_aids, discoverer_count, discoverer_hostnames, discoverer_platform_names, discoverer_product_type_descs, discoverer_tags, discovering_by, disk_sizes, email, encrypted_drives, encrypted_drives_count, encryption_status, entity_type, external_ip, field_metadata, first_discoverer_aid, first_seen_timestamp, form_factor, fqdn, groups, hostname, id, internet_exposure, internet_exposure_description, internet_exposure_timestamp, internet_exposure_username, kernel_version, last_discoverer_aid, last_discoverer_hostname, last_seen_timestamp, local_ip_addresses, local_ips_count, location, logical_core_count, mac_addresses, machine_domain, managed_by, max_memory_usage, max_memory_usage_pct, max_processor_usage, mount_storage_info, network_interfaces, number_of_disk_drives, object_guid, object_sid, os_is_eol, os_security, os_service_pack, os_version, ou, override_asset_roles, override_criticality_rules, override_internet_exposure, owned_by, physical_core_count, platform_name, processor_package_count, product_type, product_type_desc, reduced_functionality_mode, servicenow_id, site_name, state, system_manufacturer, system_product_name, system_serial_number, tags, tenableio_id, total_bios_files, total_disk_space, total_memory, triage, unencrypted_drives, unencrypted_drives_count, used_disk_space, used_disk_space_pct, used_for].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_discover_apiio_t_host.rb b/lib/crimson-falcon/models/domain_discover_apiio_t_host.rb index e7259a83..5cbf221b 100644 --- a/lib/crimson-falcon/models/domain_discover_apiio_t_host.rb +++ b/lib/crimson-falcon/models/domain_discover_apiio_t_host.rb @@ -108,6 +108,9 @@ class DomainDiscoverAPIIoTHost # The number of sources that discovered the asset. attr_accessor :discoverer_count + # A list of agent IDs of the Falcon sensors installed on the source hosts that discovered the asset via ICS Asset discovery mechanism + attr_accessor :discoverer_ics_collector_ids + # The product type descriptions of the sources that discovered the asset. attr_accessor :discoverer_product_type_descs @@ -322,6 +325,7 @@ def self.attribute_map :'device_slots' => :'device_slots', :'device_type' => :'device_type', :'discoverer_count' => :'discoverer_count', + :'discoverer_ics_collector_ids' => :'discoverer_ics_collector_ids', :'discoverer_product_type_descs' => :'discoverer_product_type_descs', :'disk_sizes' => :'disk_sizes', :'encrypted_drives' => :'encrypted_drives', @@ -420,6 +424,7 @@ def self.openapi_types :'device_slots' => :'Array', :'device_type' => :'String', :'discoverer_count' => :'Integer', + :'discoverer_ics_collector_ids' => :'Array', :'discoverer_product_type_descs' => :'Array', :'disk_sizes' => :'Array', :'encrypted_drives' => :'Array', @@ -610,6 +615,12 @@ def initialize(attributes = {}) self.discoverer_count = attributes[:'discoverer_count'] end + if attributes.key?(:'discoverer_ics_collector_ids') + if (value = attributes[:'discoverer_ics_collector_ids']).is_a?(Array) + self.discoverer_ics_collector_ids = value + end + end + if attributes.key?(:'discoverer_product_type_descs') if (value = attributes[:'discoverer_product_type_descs']).is_a?(Array) self.discoverer_product_type_descs = value @@ -938,6 +949,7 @@ def ==(o) device_slots == o.device_slots && device_type == o.device_type && discoverer_count == o.discoverer_count && + discoverer_ics_collector_ids == o.discoverer_ics_collector_ids && discoverer_product_type_descs == o.discoverer_product_type_descs && disk_sizes == o.disk_sizes && encrypted_drives == o.encrypted_drives && @@ -1011,7 +1023,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [agent_version, aid, available_disk_space, average_memory_usage, average_processor_usage, bios_id, bios_manufacturer, bios_version, business_criticality, cid, city, claroty_id, confidence, country, cpu_processor_name, credential_guard_status, current_local_ip, data_providers, data_providers_count, device_class, device_family, device_guard_status, device_slots, device_type, discoverer_count, discoverer_product_type_descs, disk_sizes, encrypted_drives, encrypted_drives_count, encryption_status, entity_type, external_ip, field_metadata, first_seen_timestamp, groups, hostname, ics_id, id, internet_exposure, iommu_protection_status, kernel_dma_protection_status, kernel_version, last_discoverer_ics_collector_id, last_seen_timestamp, local_ip_addresses, local_ips_count, logical_core_count, mac_addresses, machine_domain, max_memory_usage, max_processor_usage, memory_total, mount_storage_info, network_id, network_interfaces, number_of_disk_drives, os_is_eol, os_version, ou, physical_core_count, platform_name, processor_package_count, product_type, product_type_desc, protocols, purdue_level, reduced_functionality_mode, secure_boot_enabled_status, secure_boot_requested_status, secure_memory_overwrite_requested_status, site_name, subnet, system_guard_status, system_manufacturer, system_product_name, system_serial_number, tags, total_bios_files, total_disk_space, uefi_memory_protection_status, unencrypted_drives, unencrypted_drives_count, used_disk_space, virtual_zone, virtualization_based_security_status, vlan, xdome_id].hash + [agent_version, aid, available_disk_space, average_memory_usage, average_processor_usage, bios_id, bios_manufacturer, bios_version, business_criticality, cid, city, claroty_id, confidence, country, cpu_processor_name, credential_guard_status, current_local_ip, data_providers, data_providers_count, device_class, device_family, device_guard_status, device_slots, device_type, discoverer_count, discoverer_ics_collector_ids, discoverer_product_type_descs, disk_sizes, encrypted_drives, encrypted_drives_count, encryption_status, entity_type, external_ip, field_metadata, first_seen_timestamp, groups, hostname, ics_id, id, internet_exposure, iommu_protection_status, kernel_dma_protection_status, kernel_version, last_discoverer_ics_collector_id, last_seen_timestamp, local_ip_addresses, local_ips_count, logical_core_count, mac_addresses, machine_domain, max_memory_usage, max_processor_usage, memory_total, mount_storage_info, network_id, network_interfaces, number_of_disk_drives, os_is_eol, os_version, ou, physical_core_count, platform_name, processor_package_count, product_type, product_type_desc, protocols, purdue_level, reduced_functionality_mode, secure_boot_enabled_status, secure_boot_requested_status, secure_memory_overwrite_requested_status, site_name, subnet, system_guard_status, system_manufacturer, system_product_name, system_serial_number, tags, total_bios_files, total_disk_space, uefi_memory_protection_status, unencrypted_drives, unencrypted_drives_count, used_disk_space, virtual_zone, virtualization_based_security_status, vlan, xdome_id].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_discover_params.rb b/lib/crimson-falcon/models/domain_discover_params.rb index 7a5dfbc6..c741d960 100644 --- a/lib/crimson-falcon/models/domain_discover_params.rb +++ b/lib/crimson-falcon/models/domain_discover_params.rb @@ -32,14 +32,20 @@ module Falcon class DomainDiscoverParams + attr_accessor :application_filters + attr_accessor :application_group_id + attr_accessor :application_vendors + attr_accessor :requirement_criteria # Attribute mapping from ruby-style variable name to JSON key. def self.attribute_map { + :'application_filters' => :'application_filters', :'application_group_id' => :'application_group_id', + :'application_vendors' => :'application_vendors', :'requirement_criteria' => :'requirement_criteria' } end @@ -52,7 +58,9 @@ def self.acceptable_attributes # Attribute type mapping. def self.openapi_types { + :'application_filters' => :'String', :'application_group_id' => :'String', + :'application_vendors' => :'String', :'requirement_criteria' => :'String' } end @@ -78,10 +86,18 @@ def initialize(attributes = {}) h[k.to_sym] = v } + if attributes.key?(:'application_filters') + self.application_filters = attributes[:'application_filters'] + end + if attributes.key?(:'application_group_id') self.application_group_id = attributes[:'application_group_id'] end + if attributes.key?(:'application_vendors') + self.application_vendors = attributes[:'application_vendors'] + end + if attributes.key?(:'requirement_criteria') self.requirement_criteria = attributes[:'requirement_criteria'] end @@ -91,10 +107,18 @@ def initialize(attributes = {}) # @return Array for valid properties with the reasons def list_invalid_properties invalid_properties = Array.new + if @application_filters.nil? + invalid_properties.push('invalid value for "application_filters", application_filters cannot be nil.') + end + if @application_group_id.nil? invalid_properties.push('invalid value for "application_group_id", application_group_id cannot be nil.') end + if @application_vendors.nil? + invalid_properties.push('invalid value for "application_vendors", application_vendors cannot be nil.') + end + if @requirement_criteria.nil? invalid_properties.push('invalid value for "requirement_criteria", requirement_criteria cannot be nil.') end @@ -105,7 +129,9 @@ def list_invalid_properties # Check to see if the all the properties in the model are valid # @return true if the model is valid def valid? + return false if @application_filters.nil? return false if @application_group_id.nil? + return false if @application_vendors.nil? return false if @requirement_criteria.nil? true end @@ -115,7 +141,9 @@ def valid? def ==(o) return true if self.equal?(o) self.class == o.class && + application_filters == o.application_filters && application_group_id == o.application_group_id && + application_vendors == o.application_vendors && requirement_criteria == o.requirement_criteria end @@ -128,7 +156,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [application_group_id, requirement_criteria].hash + [application_filters, application_group_id, application_vendors, requirement_criteria].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_e_crime_kill_chain.rb b/lib/crimson-falcon/models/domain_e_crime_kill_chain.rb index 71c59fad..0893d475 100644 --- a/lib/crimson-falcon/models/domain_e_crime_kill_chain.rb +++ b/lib/crimson-falcon/models/domain_e_crime_kill_chain.rb @@ -32,44 +32,64 @@ module Falcon class DomainECrimeKillChain + # Free form text describing attribution of the ecrime actor attr_accessor :attribution + # Free form text describing actor's crimes attr_accessor :crimes + # Free form text describing ecrime actor's customers and affiliates attr_accessor :customers + # Comma separated values of vulnerabilities by CVE codes that are exploited by actor attr_accessor :exploitation + # Free form text describing ecrime actor's marketing campaigns and advertisement attr_accessor :marketing + # Legacy field, not used and empty attr_accessor :monetization + # Rich text version of the attribution field attr_accessor :rich_text_attribution + # Rich text version of the crimes field attr_accessor :rich_text_crimes + # Rich text version of the customers field attr_accessor :rich_text_customers + # Rich text version of the exploitation field attr_accessor :rich_text_exploitation + # Rich text version of the marketing field attr_accessor :rich_text_marketing + # Legacy field, not used and empty attr_accessor :rich_text_monetization + # Rich text version of the services_offered field attr_accessor :rich_text_services_offered + # Rich text version of the services_used field attr_accessor :rich_text_services_used + # Rich text version of the technical_tradecraft field attr_accessor :rich_text_technical_tradecraft + # Rich text version of the victims field attr_accessor :rich_text_victims + # Free form text describing ecrime actor's services offered and monetized attr_accessor :services_offered + # Free form text describing ecrime actor's used services provided by other actors or groups attr_accessor :services_used + # Free form text describing methods and descriptions of techniques used by actor attr_accessor :technical_tradecraft + # Free form text describing victims or their characteristics of the ecrime actor attr_accessor :victims # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_entity.rb b/lib/crimson-falcon/models/domain_entity.rb index 91b02ee3..0f8ada4b 100644 --- a/lib/crimson-falcon/models/domain_entity.rb +++ b/lib/crimson-falcon/models/domain_entity.rb @@ -32,12 +32,16 @@ module Falcon class DomainEntity + # numerical id ensuring data integrity attr_accessor :id + # name of the entity attr_accessor :name + # search and url friendly value, usually lowercase representation of value with spaces replaced with dashes, except for countries where 2 letters codes are used attr_accessor :slug + # string value of the generic entity which is searchable and filterable attr_accessor :value # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_gcp_account_v1.rb b/lib/crimson-falcon/models/domain_gcp_account_v1.rb index 704f5810..77ea872a 100644 --- a/lib/crimson-falcon/models/domain_gcp_account_v1.rb +++ b/lib/crimson-falcon/models/domain_gcp_account_v1.rb @@ -42,11 +42,15 @@ class DomainGCPAccountV1 attr_accessor :cid + attr_accessor :cloud_scopes + attr_accessor :cspm_enabled # GCP Display Name attr_accessor :display_name + attr_accessor :environment + # GCP folder ID attr_accessor :folder_id @@ -91,8 +95,10 @@ def self.attribute_map :'id' => :'ID', :'updated_at' => :'UpdatedAt', :'cid' => :'cid', + :'cloud_scopes' => :'cloud_scopes', :'cspm_enabled' => :'cspm_enabled', :'display_name' => :'display_name', + :'environment' => :'environment', :'folder_id' => :'folder_id', :'folder_name' => :'folder_name', :'gcp_permissions_status' => :'gcp_permissions_status', @@ -122,8 +128,10 @@ def self.openapi_types :'id' => :'Integer', :'updated_at' => :'Time', :'cid' => :'String', + :'cloud_scopes' => :'Array', :'cspm_enabled' => :'Boolean', :'display_name' => :'String', + :'environment' => :'String', :'folder_id' => :'String', :'folder_name' => :'String', :'gcp_permissions_status' => :'Array', @@ -181,6 +189,12 @@ def initialize(attributes = {}) self.cid = attributes[:'cid'] end + if attributes.key?(:'cloud_scopes') + if (value = attributes[:'cloud_scopes']).is_a?(Array) + self.cloud_scopes = value + end + end + if attributes.key?(:'cspm_enabled') self.cspm_enabled = attributes[:'cspm_enabled'] end @@ -189,6 +203,10 @@ def initialize(attributes = {}) self.display_name = attributes[:'display_name'] end + if attributes.key?(:'environment') + self.environment = attributes[:'environment'] + end + if attributes.key?(:'folder_id') self.folder_id = attributes[:'folder_id'] end @@ -307,8 +325,10 @@ def ==(o) id == o.id && updated_at == o.updated_at && cid == o.cid && + cloud_scopes == o.cloud_scopes && cspm_enabled == o.cspm_enabled && display_name == o.display_name && + environment == o.environment && folder_id == o.folder_id && folder_name == o.folder_name && gcp_permissions_status == o.gcp_permissions_status && @@ -333,7 +353,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [created_at, deleted_at, id, updated_at, cid, cspm_enabled, display_name, folder_id, folder_name, gcp_permissions_status, organization_id, organization_name, parent_id, parent_type, project_id, service_account_client_email, service_account_client_id, service_account_id, service_account_private_key_id, status].hash + [created_at, deleted_at, id, updated_at, cid, cloud_scopes, cspm_enabled, display_name, environment, folder_id, folder_name, gcp_permissions_status, organization_id, organization_name, parent_id, parent_type, project_id, service_account_client_email, service_account_client_id, service_account_id, service_account_private_key_id, status].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_kill_chain.rb b/lib/crimson-falcon/models/domain_kill_chain.rb index 1a478892..f8e8b306 100644 --- a/lib/crimson-falcon/models/domain_kill_chain.rb +++ b/lib/crimson-falcon/models/domain_kill_chain.rb @@ -32,36 +32,52 @@ module Falcon class DomainKillChain + # Free form text describing actions and objectives of the actor attr_accessor :actions_and_objectives + # Free form text describing methods and tools used to communicate with and control an infected machine or network attr_accessor :command_and_control + # Free form text describing malware delivery by actor attr_accessor :delivery + # Comma separated values of vulnerabilities by CVE codes that are exploited by actor attr_accessor :exploitation + # Free form text describing actor's malware installation on the asset attr_accessor :installation + # Legacy field, not used and empty attr_accessor :objectives + # Free form text describing how targets are researched, identified and selected attr_accessor :reconnaissance + # Rich free form text describing actions and objectives of the actor attr_accessor :rich_text_actions_and_objectives + # Rich free form text describing methods and tools used to communicate with and control an infected machine or network attr_accessor :rich_text_command_and_control + # Rich free form text describing malware delivery by actor attr_accessor :rich_text_delivery + # Rich text comma separated values of vulnerabilities by CVE codes that are exploited by actor attr_accessor :rich_text_exploitation + # Rich free form text describing actor's malware installation on the asset attr_accessor :rich_text_installation + # Legacy field, not used and empty attr_accessor :rich_text_objectives + # Rich free form text describing how targets are researched, identified and selected attr_accessor :rich_text_reconnaissance + # Rich free form text describing weaponization of the threat/malware (couples exploit with backdoor into deliverable payload) attr_accessor :rich_text_weaponization + # Free form text describing weaponization of the threat/malware (couples exploit with backdoor into deliverable payload) attr_accessor :weaponization # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_matched_breach_summary_v1.rb b/lib/crimson-falcon/models/domain_matched_breach_summary_v1.rb index ea9e6b48..36b2f5c8 100644 --- a/lib/crimson-falcon/models/domain_matched_breach_summary_v1.rb +++ b/lib/crimson-falcon/models/domain_matched_breach_summary_v1.rb @@ -60,6 +60,10 @@ class DomainMatchedBreachSummaryV1 # Metadata regarding the file(s) where exposed data records where found. attr_accessor :files + attr_accessor :idp_send_date + + attr_accessor :idp_send_status + # The name of the breach attr_accessor :name @@ -82,6 +86,8 @@ def self.attribute_map :'exposure_date' => :'exposure_date', :'fields' => :'fields', :'files' => :'files', + :'idp_send_date' => :'idp_send_date', + :'idp_send_status' => :'idp_send_status', :'name' => :'name', :'obtained_by' => :'obtained_by', :'url' => :'url' @@ -106,6 +112,8 @@ def self.openapi_types :'exposure_date' => :'Time', :'fields' => :'Array', :'files' => :'Array', + :'idp_send_date' => :'Time', + :'idp_send_status' => :'String', :'name' => :'String', :'obtained_by' => :'String', :'url' => :'String' @@ -181,6 +189,14 @@ def initialize(attributes = {}) end end + if attributes.key?(:'idp_send_date') + self.idp_send_date = attributes[:'idp_send_date'] + end + + if attributes.key?(:'idp_send_status') + self.idp_send_status = attributes[:'idp_send_status'] + end + if attributes.key?(:'name') self.name = attributes[:'name'] end @@ -237,6 +253,8 @@ def ==(o) exposure_date == o.exposure_date && fields == o.fields && files == o.files && + idp_send_date == o.idp_send_date && + idp_send_status == o.idp_send_status && name == o.name && obtained_by == o.obtained_by && url == o.url @@ -251,7 +269,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [community_name, confidence_level, credentials_domains, credentials_ips, description, event_date, event_id, exposure_date, fields, files, name, obtained_by, url].hash + [community_name, confidence_level, credentials_domains, credentials_ips, description, event_date, event_id, exposure_date, fields, files, idp_send_date, idp_send_status, name, obtained_by, url].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_meta_info.rb b/lib/crimson-falcon/models/domain_meta_info.rb index 06708a87..db4d2301 100644 --- a/lib/crimson-falcon/models/domain_meta_info.rb +++ b/lib/crimson-falcon/models/domain_meta_info.rb @@ -32,21 +32,15 @@ module Falcon class DomainMetaInfo - attr_accessor :pagination + attr_accessor :msa_meta_info - attr_accessor :powered_by - - attr_accessor :query_time - - attr_accessor :trace_id + attr_accessor :quota # Attribute mapping from ruby-style variable name to JSON key. def self.attribute_map { - :'pagination' => :'pagination', - :'powered_by' => :'powered_by', - :'query_time' => :'query_time', - :'trace_id' => :'trace_id' + :'msa_meta_info' => :'MsaMetaInfo', + :'quota' => :'quota' } end @@ -58,10 +52,8 @@ def self.acceptable_attributes # Attribute type mapping. def self.openapi_types { - :'pagination' => :'DomainAssessmentPaging', - :'powered_by' => :'String', - :'query_time' => :'Float', - :'trace_id' => :'String' + :'msa_meta_info' => :'MsaspecMetaInfo', + :'quota' => :'DomainQuota' } end @@ -86,20 +78,12 @@ def initialize(attributes = {}) h[k.to_sym] = v } - if attributes.key?(:'pagination') - self.pagination = attributes[:'pagination'] - end - - if attributes.key?(:'powered_by') - self.powered_by = attributes[:'powered_by'] + if attributes.key?(:'msa_meta_info') + self.msa_meta_info = attributes[:'msa_meta_info'] end - if attributes.key?(:'query_time') - self.query_time = attributes[:'query_time'] - end - - if attributes.key?(:'trace_id') - self.trace_id = attributes[:'trace_id'] + if attributes.key?(:'quota') + self.quota = attributes[:'quota'] end end @@ -107,12 +91,8 @@ def initialize(attributes = {}) # @return Array for valid properties with the reasons def list_invalid_properties invalid_properties = Array.new - if @query_time.nil? - invalid_properties.push('invalid value for "query_time", query_time cannot be nil.') - end - - if @trace_id.nil? - invalid_properties.push('invalid value for "trace_id", trace_id cannot be nil.') + if @msa_meta_info.nil? + invalid_properties.push('invalid value for "msa_meta_info", msa_meta_info cannot be nil.') end invalid_properties @@ -121,8 +101,7 @@ def list_invalid_properties # Check to see if the all the properties in the model are valid # @return true if the model is valid def valid? - return false if @query_time.nil? - return false if @trace_id.nil? + return false if @msa_meta_info.nil? true end @@ -131,10 +110,8 @@ def valid? def ==(o) return true if self.equal?(o) self.class == o.class && - pagination == o.pagination && - powered_by == o.powered_by && - query_time == o.query_time && - trace_id == o.trace_id + msa_meta_info == o.msa_meta_info && + quota == o.quota end # @see the `==` method @@ -146,7 +123,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [pagination, powered_by, query_time, trace_id].hash + [msa_meta_info, quota].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_msa_meta_info.rb b/lib/crimson-falcon/models/domain_msa_meta_info.rb new file mode 100644 index 00000000..a94c2673 --- /dev/null +++ b/lib/crimson-falcon/models/domain_msa_meta_info.rb @@ -0,0 +1,248 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class DomainMsaMetaInfo + attr_accessor :pagination + + attr_accessor :query_time + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'pagination' => :'pagination', + :'query_time' => :'queryTime' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'pagination' => :'MsaspecPaging', + :'query_time' => :'Float' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainMsaMetaInfo` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainMsaMetaInfo`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'pagination') + self.pagination = attributes[:'pagination'] + end + + if attributes.key?(:'query_time') + self.query_time = attributes[:'query_time'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @query_time.nil? + invalid_properties.push('invalid value for "query_time", query_time cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @query_time.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + pagination == o.pagination && + query_time == o.query_time + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [pagination, query_time].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/domain_news_document.rb b/lib/crimson-falcon/models/domain_news_document.rb index 7fe79be2..e86fb78b 100644 --- a/lib/crimson-falcon/models/domain_news_document.rb +++ b/lib/crimson-falcon/models/domain_news_document.rb @@ -32,42 +32,59 @@ module Falcon class DomainNewsDocument + # legacy field, not used attr_accessor :active + # Actors mentioned, related or referenced in the news/report attr_accessor :actors + # News attachment, containing either pdf url or feeds zip and/or gzip archive attr_accessor :attachments + # Date of the news document creation, unix timestampt attr_accessor :created_date + # Full report description, extracted from the document attr_accessor :description + # internal property used for permissions check of access, not returned or explicitly filterable attr_accessor :entitlements + # Integer ID of the News document attr_accessor :id attr_accessor :image + # Date of the news document last modification, unix timestampt attr_accessor :last_modified_date + # News mentioned motivation or motivation of related actors and malware families attr_accessor :motivations + # News title attr_accessor :name + # internal field, not used attr_accessor :notify_users + # Rich text description with markup attr_accessor :rich_text_description + # Short description of the report content attr_accessor :short_description + # News title in a url friendly way, which is title in lowercase and special characters including space replaced with dash attr_accessor :slug attr_accessor :sub_type + # News tags, which contains MITRE, Vulnerability community identifiers, capabilities, malware family name, customer target, activity cluster, notable event, geopolitical issue attr_accessor :tags + # News mentioned target countries or related actor's target countries attr_accessor :target_countries + # News mentioned target industries or related actor's target industries attr_accessor :target_industries attr_accessor :thumbnail @@ -76,6 +93,7 @@ class DomainNewsDocument attr_accessor :type + # URL of the news document where it can be accessed in the Falcon Portal attr_accessor :url # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_news_response.rb b/lib/crimson-falcon/models/domain_news_response.rb index 9463f2a6..d4dbc568 100644 --- a/lib/crimson-falcon/models/domain_news_response.rb +++ b/lib/crimson-falcon/models/domain_news_response.rb @@ -32,6 +32,7 @@ module Falcon class DomainNewsResponse + # Array of API Errors attr_accessor :errors attr_accessor :meta diff --git a/lib/crimson-falcon/models/domain_notification_v1.rb b/lib/crimson-falcon/models/domain_notification_v1.rb index 4f90b0f4..4d920134 100644 --- a/lib/crimson-falcon/models/domain_notification_v1.rb +++ b/lib/crimson-falcon/models/domain_notification_v1.rb @@ -75,6 +75,8 @@ class DomainNotificationV1 # Type of the item which matched the rule: `post`, `reply`, `botnet_config`, `breach`, etc. attr_accessor :item_type + attr_accessor :logs + # ID of the raw intel item that matched the rule attr_accessor :raw_intel_id @@ -119,6 +121,7 @@ def self.attribute_map :'item_site' => :'item_site', :'item_site_id' => :'item_site_id', :'item_type' => :'item_type', + :'logs' => :'logs', :'raw_intel_id' => :'raw_intel_id', :'rule_id' => :'rule_id', :'rule_name' => :'rule_name', @@ -154,6 +157,7 @@ def self.openapi_types :'item_site' => :'String', :'item_site_id' => :'String', :'item_type' => :'String', + :'logs' => :'Array', :'raw_intel_id' => :'String', :'rule_id' => :'String', :'rule_name' => :'String', @@ -249,6 +253,12 @@ def initialize(attributes = {}) self.item_type = attributes[:'item_type'] end + if attributes.key?(:'logs') + if (value = attributes[:'logs']).is_a?(Array) + self.logs = value + end + end + if attributes.key?(:'raw_intel_id') self.raw_intel_id = attributes[:'raw_intel_id'] end @@ -384,6 +394,7 @@ def ==(o) item_site == o.item_site && item_site_id == o.item_site_id && item_type == o.item_type && + logs == o.logs && raw_intel_id == o.raw_intel_id && rule_id == o.rule_id && rule_name == o.rule_name && @@ -404,7 +415,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [assigned_to_uid, assigned_to_username, assigned_to_uuid, breach_summary, cid, created_date, highlights, id, item_author, item_author_id, item_date, item_id, item_site, item_site_id, item_type, raw_intel_id, rule_id, rule_name, rule_priority, rule_topic, source_category, status, typosquatting, updated_date].hash + [assigned_to_uid, assigned_to_username, assigned_to_uuid, breach_summary, cid, created_date, highlights, id, item_author, item_author_id, item_date, item_id, item_site, item_site_id, item_type, logs, raw_intel_id, rule_id, rule_name, rule_priority, rule_topic, source_category, status, typosquatting, updated_date].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_policy_info.rb b/lib/crimson-falcon/models/domain_policy_info.rb index fae29b7a..bdb8d1f7 100644 --- a/lib/crimson-falcon/models/domain_policy_info.rb +++ b/lib/crimson-falcon/models/domain_policy_info.rb @@ -56,6 +56,8 @@ class DomainPolicyInfo attr_accessor :cis_benchmark_ids + attr_accessor :cisa_benchmark_ids + attr_accessor :cli_command attr_accessor :cloud_asset_type @@ -90,6 +92,8 @@ class DomainPolicyInfo attr_accessor :is_remediable + attr_accessor :iso_benchmark_ids + attr_accessor :mitre_attack_cloud_matrix attr_accessor :mitre_attack_cloud_subtype @@ -145,6 +149,7 @@ def self.attribute_map :'attack_tool_command' => :'attack_tool_command', :'attack_types' => :'attack_types', :'cis_benchmark_ids' => :'cis_benchmark_ids', + :'cisa_benchmark_ids' => :'cisa_benchmark_ids', :'cli_command' => :'cli_command', :'cloud_asset_type' => :'cloud_asset_type', :'cloud_document' => :'cloud_document', @@ -162,6 +167,7 @@ def self.attribute_map :'internal_only' => :'internal_only', :'is_enabled' => :'is_enabled', :'is_remediable' => :'is_remediable', + :'iso_benchmark_ids' => :'iso_benchmark_ids', :'mitre_attack_cloud_matrix' => :'mitre_attack_cloud_matrix', :'mitre_attack_cloud_subtype' => :'mitre_attack_cloud_subtype', :'nist_benchmark_ids' => :'nist_benchmark_ids', @@ -205,6 +211,7 @@ def self.openapi_types :'attack_tool_command' => :'String', :'attack_types' => :'Array', :'cis_benchmark_ids' => :'Array', + :'cisa_benchmark_ids' => :'Array', :'cli_command' => :'String', :'cloud_asset_type' => :'String', :'cloud_document' => :'String', @@ -222,6 +229,7 @@ def self.openapi_types :'internal_only' => :'Boolean', :'is_enabled' => :'Boolean', :'is_remediable' => :'Boolean', + :'iso_benchmark_ids' => :'Array', :'mitre_attack_cloud_matrix' => :'String', :'mitre_attack_cloud_subtype' => :'String', :'nist_benchmark_ids' => :'Array', @@ -318,6 +326,12 @@ def initialize(attributes = {}) end end + if attributes.key?(:'cisa_benchmark_ids') + if (value = attributes[:'cisa_benchmark_ids']).is_a?(Array) + self.cisa_benchmark_ids = value + end + end + if attributes.key?(:'cli_command') self.cli_command = attributes[:'cli_command'] end @@ -386,6 +400,12 @@ def initialize(attributes = {}) self.is_remediable = attributes[:'is_remediable'] end + if attributes.key?(:'iso_benchmark_ids') + if (value = attributes[:'iso_benchmark_ids']).is_a?(Array) + self.iso_benchmark_ids = value + end + end + if attributes.key?(:'mitre_attack_cloud_matrix') self.mitre_attack_cloud_matrix = attributes[:'mitre_attack_cloud_matrix'] end @@ -538,6 +558,7 @@ def ==(o) attack_tool_command == o.attack_tool_command && attack_types == o.attack_types && cis_benchmark_ids == o.cis_benchmark_ids && + cisa_benchmark_ids == o.cisa_benchmark_ids && cli_command == o.cli_command && cloud_asset_type == o.cloud_asset_type && cloud_document == o.cloud_document && @@ -555,6 +576,7 @@ def ==(o) internal_only == o.internal_only && is_enabled == o.is_enabled && is_remediable == o.is_remediable && + iso_benchmark_ids == o.iso_benchmark_ids && mitre_attack_cloud_matrix == o.mitre_attack_cloud_matrix && mitre_attack_cloud_subtype == o.mitre_attack_cloud_subtype && nist_benchmark_ids == o.nist_benchmark_ids && @@ -586,7 +608,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [created_at, deleted_at, id, updated_at, account_scope, alert_logic, api_command, asset_type_id, attack_tool, attack_tool_command, attack_types, cis_benchmark_ids, cli_command, cloud_asset_type, cloud_document, cloud_platform, cloud_platform_type, cloud_service, cloud_service_friendly, cloud_service_subtype, cloud_service_type, confidence, default_severity, description, event_type, fql_policy, internal_only, is_enabled, is_remediable, mitre_attack_cloud_matrix, mitre_attack_cloud_subtype, nist_benchmark_ids, pci_benchmark_ids, policy_confidence_score, policy_fail_query, policy_pass_query, policy_remediation, policy_severity, policy_severity_score, policy_statement, policy_type, remediation_summary, soc2_benchmark_ids, tactic, tactic_id, tactic_url, technique, technique_id, technique_url].hash + [created_at, deleted_at, id, updated_at, account_scope, alert_logic, api_command, asset_type_id, attack_tool, attack_tool_command, attack_types, cis_benchmark_ids, cisa_benchmark_ids, cli_command, cloud_asset_type, cloud_document, cloud_platform, cloud_platform_type, cloud_service, cloud_service_friendly, cloud_service_subtype, cloud_service_type, confidence, default_severity, description, event_type, fql_policy, internal_only, is_enabled, is_remediable, iso_benchmark_ids, mitre_attack_cloud_matrix, mitre_attack_cloud_subtype, nist_benchmark_ids, pci_benchmark_ids, policy_confidence_score, policy_fail_query, policy_pass_query, policy_remediation, policy_severity, policy_severity_score, policy_statement, policy_type, remediation_summary, soc2_benchmark_ids, tactic, tactic_id, tactic_url, technique, technique_id, technique_url].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_query_mitre_attacks_response.rb b/lib/crimson-falcon/models/domain_query_mitre_attacks_response.rb new file mode 100644 index 00000000..59e59f52 --- /dev/null +++ b/lib/crimson-falcon/models/domain_query_mitre_attacks_response.rb @@ -0,0 +1,273 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class DomainQueryMitreAttacksResponse + # Array of API Errors + attr_accessor :errors + + attr_accessor :meta + + # Actor's MITRE attack (Tactic and Technique) ids, represents a concatenation of actors slug, tactic id and technique id (optional) concatenated by underscore, example: fancy-bear_TA0011_T1071' + attr_accessor :resources + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'errors' => :'errors', + :'meta' => :'meta', + :'resources' => :'resources' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'errors' => :'Array', + :'meta' => :'MsaspecMetaInfo', + :'resources' => :'Array' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainQueryMitreAttacksResponse` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainQueryMitreAttacksResponse`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'errors') + if (value = attributes[:'errors']).is_a?(Array) + self.errors = value + end + end + + if attributes.key?(:'meta') + self.meta = attributes[:'meta'] + end + + if attributes.key?(:'resources') + if (value = attributes[:'resources']).is_a?(Array) + self.resources = value + end + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @errors.nil? + invalid_properties.push('invalid value for "errors", errors cannot be nil.') + end + + if @meta.nil? + invalid_properties.push('invalid value for "meta", meta cannot be nil.') + end + + if @resources.nil? + invalid_properties.push('invalid value for "resources", resources cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @errors.nil? + return false if @meta.nil? + return false if @resources.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + errors == o.errors && + meta == o.meta && + resources == o.resources + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [errors, meta, resources].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/domain_query_response.rb b/lib/crimson-falcon/models/domain_query_response.rb index bcad9b12..856b84d6 100644 --- a/lib/crimson-falcon/models/domain_query_response.rb +++ b/lib/crimson-falcon/models/domain_query_response.rb @@ -55,8 +55,8 @@ def self.acceptable_attributes # Attribute type mapping. def self.openapi_types { - :'errors' => :'Array', - :'meta' => :'MsaspecMetaInfo', + :'errors' => :'Array', + :'meta' => :'DomainMsaMetaInfo', :'resources' => :'Array' } end @@ -103,10 +103,6 @@ def initialize(attributes = {}) # @return Array for valid properties with the reasons def list_invalid_properties invalid_properties = Array.new - if @errors.nil? - invalid_properties.push('invalid value for "errors", errors cannot be nil.') - end - if @meta.nil? invalid_properties.push('invalid value for "meta", meta cannot be nil.') end @@ -121,7 +117,6 @@ def list_invalid_properties # Check to see if the all the properties in the model are valid # @return true if the model is valid def valid? - return false if @errors.nil? return false if @meta.nil? return false if @resources.nil? true diff --git a/lib/crimson-falcon/models/domain_rule.rb b/lib/crimson-falcon/models/domain_rule.rb index 16ba4f9b..d4f89a75 100644 --- a/lib/crimson-falcon/models/domain_rule.rb +++ b/lib/crimson-falcon/models/domain_rule.rb @@ -32,41 +32,36 @@ module Falcon class DomainRule - # The categories associated with the rule - attr_accessor :categories - - # UTC timestamp when rule was created attr_accessor :created_date - # The ID of the customer - attr_accessor :customer_id + attr_accessor :description - # The ID of the rule attr_accessor :id - # The name of the rule + attr_accessor :last_modified_date + attr_accessor :name - # The type of the rule - attr_accessor :rule_type + attr_accessor :rich_text_description + + attr_accessor :short_description - # UTC timestamp when rule was last updated - attr_accessor :updated_date + attr_accessor :tags - # The value of the rule - attr_accessor :value + attr_accessor :type # Attribute mapping from ruby-style variable name to JSON key. def self.attribute_map { - :'categories' => :'categories', :'created_date' => :'created_date', - :'customer_id' => :'customer_id', + :'description' => :'description', :'id' => :'id', + :'last_modified_date' => :'last_modified_date', :'name' => :'name', - :'rule_type' => :'rule_type', - :'updated_date' => :'updated_date', - :'value' => :'value' + :'rich_text_description' => :'rich_text_description', + :'short_description' => :'short_description', + :'tags' => :'tags', + :'type' => :'type' } end @@ -78,14 +73,15 @@ def self.acceptable_attributes # Attribute type mapping. def self.openapi_types { - :'categories' => :'Array', - :'created_date' => :'String', - :'customer_id' => :'String', - :'id' => :'String', + :'created_date' => :'Integer', + :'description' => :'String', + :'id' => :'Integer', + :'last_modified_date' => :'Integer', :'name' => :'String', - :'rule_type' => :'String', - :'updated_date' => :'String', - :'value' => :'String' + :'rich_text_description' => :'String', + :'short_description' => :'String', + :'tags' => :'Array', + :'type' => :'String' } end @@ -110,38 +106,42 @@ def initialize(attributes = {}) h[k.to_sym] = v } - if attributes.key?(:'categories') - if (value = attributes[:'categories']).is_a?(Array) - self.categories = value - end - end - if attributes.key?(:'created_date') self.created_date = attributes[:'created_date'] end - if attributes.key?(:'customer_id') - self.customer_id = attributes[:'customer_id'] + if attributes.key?(:'description') + self.description = attributes[:'description'] end if attributes.key?(:'id') self.id = attributes[:'id'] end + if attributes.key?(:'last_modified_date') + self.last_modified_date = attributes[:'last_modified_date'] + end + if attributes.key?(:'name') self.name = attributes[:'name'] end - if attributes.key?(:'rule_type') - self.rule_type = attributes[:'rule_type'] + if attributes.key?(:'rich_text_description') + self.rich_text_description = attributes[:'rich_text_description'] end - if attributes.key?(:'updated_date') - self.updated_date = attributes[:'updated_date'] + if attributes.key?(:'short_description') + self.short_description = attributes[:'short_description'] end - if attributes.key?(:'value') - self.value = attributes[:'value'] + if attributes.key?(:'tags') + if (value = attributes[:'tags']).is_a?(Array) + self.tags = value + end + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] end end @@ -149,36 +149,40 @@ def initialize(attributes = {}) # @return Array for valid properties with the reasons def list_invalid_properties invalid_properties = Array.new - if @categories.nil? - invalid_properties.push('invalid value for "categories", categories cannot be nil.') - end - if @created_date.nil? invalid_properties.push('invalid value for "created_date", created_date cannot be nil.') end - if @customer_id.nil? - invalid_properties.push('invalid value for "customer_id", customer_id cannot be nil.') + if @description.nil? + invalid_properties.push('invalid value for "description", description cannot be nil.') end if @id.nil? invalid_properties.push('invalid value for "id", id cannot be nil.') end + if @last_modified_date.nil? + invalid_properties.push('invalid value for "last_modified_date", last_modified_date cannot be nil.') + end + if @name.nil? invalid_properties.push('invalid value for "name", name cannot be nil.') end - if @rule_type.nil? - invalid_properties.push('invalid value for "rule_type", rule_type cannot be nil.') + if @rich_text_description.nil? + invalid_properties.push('invalid value for "rich_text_description", rich_text_description cannot be nil.') + end + + if @short_description.nil? + invalid_properties.push('invalid value for "short_description", short_description cannot be nil.') end - if @updated_date.nil? - invalid_properties.push('invalid value for "updated_date", updated_date cannot be nil.') + if @tags.nil? + invalid_properties.push('invalid value for "tags", tags cannot be nil.') end - if @value.nil? - invalid_properties.push('invalid value for "value", value cannot be nil.') + if @type.nil? + invalid_properties.push('invalid value for "type", type cannot be nil.') end invalid_properties @@ -187,14 +191,15 @@ def list_invalid_properties # Check to see if the all the properties in the model are valid # @return true if the model is valid def valid? - return false if @categories.nil? return false if @created_date.nil? - return false if @customer_id.nil? + return false if @description.nil? return false if @id.nil? + return false if @last_modified_date.nil? return false if @name.nil? - return false if @rule_type.nil? - return false if @updated_date.nil? - return false if @value.nil? + return false if @rich_text_description.nil? + return false if @short_description.nil? + return false if @tags.nil? + return false if @type.nil? true end @@ -203,14 +208,15 @@ def valid? def ==(o) return true if self.equal?(o) self.class == o.class && - categories == o.categories && created_date == o.created_date && - customer_id == o.customer_id && + description == o.description && id == o.id && + last_modified_date == o.last_modified_date && name == o.name && - rule_type == o.rule_type && - updated_date == o.updated_date && - value == o.value + rich_text_description == o.rich_text_description && + short_description == o.short_description && + tags == o.tags && + type == o.type end # @see the `==` method @@ -222,7 +228,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [categories, created_date, customer_id, id, name, rule_type, updated_date, value].hash + [created_date, description, id, last_modified_date, name, rich_text_description, short_description, tags, type].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_update_notification_request_v1.rb b/lib/crimson-falcon/models/domain_update_notification_request_v1.rb index baccb898..8ca083fd 100644 --- a/lib/crimson-falcon/models/domain_update_notification_request_v1.rb +++ b/lib/crimson-falcon/models/domain_update_notification_request_v1.rb @@ -38,6 +38,10 @@ class DomainUpdateNotificationRequestV1 # The ID of the notifications attr_accessor :id + attr_accessor :idp_send_status + + attr_accessor :message + # The notification status. This can be one of: `new`, `in-progress`, `closed-false-positive`, `closed-true-positive`. attr_accessor :status @@ -46,6 +50,8 @@ def self.attribute_map { :'assigned_to_uuid' => :'assigned_to_uuid', :'id' => :'id', + :'idp_send_status' => :'idp_send_status', + :'message' => :'message', :'status' => :'status' } end @@ -60,6 +66,8 @@ def self.openapi_types { :'assigned_to_uuid' => :'String', :'id' => :'String', + :'idp_send_status' => :'String', + :'message' => :'String', :'status' => :'String' } end @@ -93,6 +101,14 @@ def initialize(attributes = {}) self.id = attributes[:'id'] end + if attributes.key?(:'idp_send_status') + self.idp_send_status = attributes[:'idp_send_status'] + end + + if attributes.key?(:'message') + self.message = attributes[:'message'] + end + if attributes.key?(:'status') self.status = attributes[:'status'] end @@ -110,6 +126,14 @@ def list_invalid_properties invalid_properties.push('invalid value for "id", id cannot be nil.') end + if @idp_send_status.nil? + invalid_properties.push('invalid value for "idp_send_status", idp_send_status cannot be nil.') + end + + if @message.nil? + invalid_properties.push('invalid value for "message", message cannot be nil.') + end + if @status.nil? invalid_properties.push('invalid value for "status", status cannot be nil.') end @@ -122,6 +146,8 @@ def list_invalid_properties def valid? return false if @assigned_to_uuid.nil? return false if @id.nil? + return false if @idp_send_status.nil? + return false if @message.nil? return false if @status.nil? true end @@ -133,6 +159,8 @@ def ==(o) self.class == o.class && assigned_to_uuid == o.assigned_to_uuid && id == o.id && + idp_send_status == o.idp_send_status && + message == o.message && status == o.status end @@ -145,7 +173,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [assigned_to_uuid, id, status].hash + [assigned_to_uuid, id, idp_send_status, message, status].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/domain_user_action.rb b/lib/crimson-falcon/models/domain_user_action.rb index 6a6b4083..c4125a08 100644 --- a/lib/crimson-falcon/models/domain_user_action.rb +++ b/lib/crimson-falcon/models/domain_user_action.rb @@ -116,12 +116,17 @@ def initialize(attributes = {}) # @return Array for valid properties with the reasons def list_invalid_properties invalid_properties = Array.new + if @action_name.nil? + invalid_properties.push('invalid value for "action_name", action_name cannot be nil.') + end + invalid_properties end # Check to see if the all the properties in the model are valid # @return true if the model is valid def valid? + return false if @action_name.nil? action_name_validator = EnumAttributeValidator.new('String', ["reset_password", "reset_2fa"]) return false unless action_name_validator.valid?(@action_name) true diff --git a/lib/crimson-falcon/models/domain_user_action_request.rb b/lib/crimson-falcon/models/domain_user_action_request.rb index 2faf0a4a..f3020753 100644 --- a/lib/crimson-falcon/models/domain_user_action_request.rb +++ b/lib/crimson-falcon/models/domain_user_action_request.rb @@ -31,7 +31,7 @@ require 'time' module Falcon - # ID(s) of users the action are to applied to + # ID(s) of users the action(s) are to applied to class DomainUserActionRequest attr_accessor :action diff --git a/lib/crimson-falcon/models/domain_vulnerability.rb b/lib/crimson-falcon/models/domain_vulnerability.rb index cb490a62..060d2a9f 100644 --- a/lib/crimson-falcon/models/domain_vulnerability.rb +++ b/lib/crimson-falcon/models/domain_vulnerability.rb @@ -32,32 +32,46 @@ module Falcon class DomainVulnerability + # List of products affected by vulnerability, specifying product and vendor attr_accessor :affected_products + # Vulnerability community identifiers, which is usually populated for the most popular vulnerabilities attr_accessor :community_identifiers + # CVE ID number with four or more digits in the sequence number portion of the ID, examples: CVE-1999-0067, CVE-2014-12345, CVE-2016-7654321 attr_accessor :cve + # Vulnerability severity score, according to Common Vulnerability Scoring System V2 attr_accessor :cvss_v2_base + # Vulnerability severity score, according to Common Vulnerability Scoring System V3 attr_accessor :cvss_v3_base + # Text description of the vulnerability attr_accessor :description + # Exploit status of vulnerability, one of: unproven, available, easilyaccessible, activelyused attr_accessor :exploit_status + # legacy field, not populated attr_accessor :name + # Date when the vulnerability was published attr_accessor :publish_date + # Threat actors that exploits vulnerability attr_accessor :related_actors + # Related finished Intelligence Reports to vulnerability, which usually describes the exploitation or attacks using those attr_accessor :related_reports + # Malware Families (threats) that are known to be related to the vulnerability attr_accessor :related_threats + # Severity of the vulnerability, can be empty or one of: LOW, MEDIUM, HIGH, CRITICAL attr_accessor :severity + # Date when the vulnerability was last time updated in the CrowdStrike's database attr_accessor :updated_timestamp # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_vulnerability_actor.rb b/lib/crimson-falcon/models/domain_vulnerability_actor.rb index 4a341457..b2da7872 100644 --- a/lib/crimson-falcon/models/domain_vulnerability_actor.rb +++ b/lib/crimson-falcon/models/domain_vulnerability_actor.rb @@ -32,8 +32,10 @@ module Falcon class DomainVulnerabilityActor + # Actor internal ID, consisting of it's name with spaces removed attr_accessor :id + # Actor name, composed of 2 uppercase words attr_accessor :name # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_vulnerability_affected_product.rb b/lib/crimson-falcon/models/domain_vulnerability_affected_product.rb index e1e50391..d3d44710 100644 --- a/lib/crimson-falcon/models/domain_vulnerability_affected_product.rb +++ b/lib/crimson-falcon/models/domain_vulnerability_affected_product.rb @@ -32,8 +32,10 @@ module Falcon class DomainVulnerabilityAffectedProduct + # Lowercase product name that vulnerability affects attr_accessor :product + # Lowercase vendor name that develops or provides the affected product attr_accessor :vendor # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_vulnerability_related_threat.rb b/lib/crimson-falcon/models/domain_vulnerability_related_threat.rb index 87246533..aca3f425 100644 --- a/lib/crimson-falcon/models/domain_vulnerability_related_threat.rb +++ b/lib/crimson-falcon/models/domain_vulnerability_related_threat.rb @@ -32,8 +32,10 @@ module Falcon class DomainVulnerabilityRelatedThreat + # List of malware family or threat capabilities attr_accessor :capabilities + # Malware Family or Threat Name attr_accessor :name # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_vulnerability_report.rb b/lib/crimson-falcon/models/domain_vulnerability_report.rb index cac9d45b..19d5d140 100644 --- a/lib/crimson-falcon/models/domain_vulnerability_report.rb +++ b/lib/crimson-falcon/models/domain_vulnerability_report.rb @@ -32,8 +32,10 @@ module Falcon class DomainVulnerabilityReport + # Report serial ID, composed of 2 parts separated with dash, example: CSA-20000, CSIT-220000 attr_accessor :serial_id + # legacy, not populated field attr_accessor :title # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/domain_vulnerability_response.rb b/lib/crimson-falcon/models/domain_vulnerability_response.rb index e4dc89a1..48ff3676 100644 --- a/lib/crimson-falcon/models/domain_vulnerability_response.rb +++ b/lib/crimson-falcon/models/domain_vulnerability_response.rb @@ -32,10 +32,12 @@ module Falcon class DomainVulnerabilityResponse + # Array of API Errors attr_accessor :errors attr_accessor :meta + # Array of Vulnerability documents that were requested attr_accessor :resources # Attribute mapping from ruby-style variable name to JSON key. diff --git a/lib/crimson-falcon/models/falconx_amsi_call.rb b/lib/crimson-falcon/models/falconx_amsi_call.rb index c54a25ec..eb15302d 100644 --- a/lib/crimson-falcon/models/falconx_amsi_call.rb +++ b/lib/crimson-falcon/models/falconx_amsi_call.rb @@ -32,11 +32,17 @@ module Falcon class FalconxAMSICall + attr_accessor :app_name + + attr_accessor :filename + attr_accessor :raw_script_content # Attribute mapping from ruby-style variable name to JSON key. def self.attribute_map { + :'app_name' => :'app_name', + :'filename' => :'filename', :'raw_script_content' => :'raw_script_content' } end @@ -49,6 +55,8 @@ def self.acceptable_attributes # Attribute type mapping. def self.openapi_types { + :'app_name' => :'String', + :'filename' => :'String', :'raw_script_content' => :'String' } end @@ -74,6 +82,14 @@ def initialize(attributes = {}) h[k.to_sym] = v } + if attributes.key?(:'app_name') + self.app_name = attributes[:'app_name'] + end + + if attributes.key?(:'filename') + self.filename = attributes[:'filename'] + end + if attributes.key?(:'raw_script_content') self.raw_script_content = attributes[:'raw_script_content'] end @@ -97,6 +113,8 @@ def valid? def ==(o) return true if self.equal?(o) self.class == o.class && + app_name == o.app_name && + filename == o.filename && raw_script_content == o.raw_script_content end @@ -109,7 +127,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [raw_script_content].hash + [app_name, filename, raw_script_content].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/falconx_certificate.rb b/lib/crimson-falcon/models/falconx_certificate.rb new file mode 100644 index 00000000..5f5f4fb1 --- /dev/null +++ b/lib/crimson-falcon/models/falconx_certificate.rb @@ -0,0 +1,288 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class FalconxCertificate + attr_accessor :issuer + + attr_accessor :md5 + + attr_accessor :owner + + attr_accessor :serial_number + + attr_accessor :sha1 + + attr_accessor :valid_from + + attr_accessor :valid_until + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'issuer' => :'issuer', + :'md5' => :'md5', + :'owner' => :'owner', + :'serial_number' => :'serial_number', + :'sha1' => :'sha1', + :'valid_from' => :'valid_from', + :'valid_until' => :'valid_until' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'issuer' => :'String', + :'md5' => :'String', + :'owner' => :'String', + :'serial_number' => :'String', + :'sha1' => :'String', + :'valid_from' => :'Time', + :'valid_until' => :'Time' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::FalconxCertificate` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::FalconxCertificate`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'issuer') + self.issuer = attributes[:'issuer'] + end + + if attributes.key?(:'md5') + self.md5 = attributes[:'md5'] + end + + if attributes.key?(:'owner') + self.owner = attributes[:'owner'] + end + + if attributes.key?(:'serial_number') + self.serial_number = attributes[:'serial_number'] + end + + if attributes.key?(:'sha1') + self.sha1 = attributes[:'sha1'] + end + + if attributes.key?(:'valid_from') + self.valid_from = attributes[:'valid_from'] + end + + if attributes.key?(:'valid_until') + self.valid_until = attributes[:'valid_until'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + issuer == o.issuer && + md5 == o.md5 && + owner == o.owner && + serial_number == o.serial_number && + sha1 == o.sha1 && + valid_from == o.valid_from && + valid_until == o.valid_until + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [issuer, md5, owner, serial_number, sha1, valid_from, valid_until].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/falconx_file_data_directory.rb b/lib/crimson-falcon/models/falconx_file_data_directory.rb new file mode 100644 index 00000000..3a4af3bf --- /dev/null +++ b/lib/crimson-falcon/models/falconx_file_data_directory.rb @@ -0,0 +1,261 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class FalconxFileDataDirectory + attr_accessor :is_in_section + + attr_accessor :name + + attr_accessor :virtual_address + + attr_accessor :virtual_size + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'is_in_section' => :'is_in_section', + :'name' => :'name', + :'virtual_address' => :'virtual_address', + :'virtual_size' => :'virtual_size' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'is_in_section' => :'String', + :'name' => :'String', + :'virtual_address' => :'String', + :'virtual_size' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::FalconxFileDataDirectory` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::FalconxFileDataDirectory`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'is_in_section') + self.is_in_section = attributes[:'is_in_section'] + end + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + + if attributes.key?(:'virtual_address') + self.virtual_address = attributes[:'virtual_address'] + end + + if attributes.key?(:'virtual_size') + self.virtual_size = attributes[:'virtual_size'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + is_in_section == o.is_in_section && + name == o.name && + virtual_address == o.virtual_address && + virtual_size == o.virtual_size + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [is_in_section, name, virtual_address, virtual_size].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/falconx_file_resource.rb b/lib/crimson-falcon/models/falconx_file_resource.rb new file mode 100644 index 00000000..5fab943c --- /dev/null +++ b/lib/crimson-falcon/models/falconx_file_resource.rb @@ -0,0 +1,270 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class FalconxFileResource + attr_accessor :language + + attr_accessor :name + + attr_accessor :rva + + attr_accessor :size + + attr_accessor :type + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'language' => :'language', + :'name' => :'name', + :'rva' => :'rva', + :'size' => :'size', + :'type' => :'type' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'language' => :'String', + :'name' => :'String', + :'rva' => :'String', + :'size' => :'String', + :'type' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::FalconxFileResource` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::FalconxFileResource`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'language') + self.language = attributes[:'language'] + end + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + + if attributes.key?(:'rva') + self.rva = attributes[:'rva'] + end + + if attributes.key?(:'size') + self.size = attributes[:'size'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + language == o.language && + name == o.name && + rva == o.rva && + size == o.size && + type == o.type + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [language, name, rva, size, type].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/threatgraph_crawl_edges_request.rb b/lib/crimson-falcon/models/falconx_file_section.rb similarity index 73% rename from lib/crimson-falcon/models/threatgraph_crawl_edges_request.rb rename to lib/crimson-falcon/models/falconx_file_section.rb index 1d2beb5a..bd90231e 100644 --- a/lib/crimson-falcon/models/threatgraph_crawl_edges_request.rb +++ b/lib/crimson-falcon/models/falconx_file_section.rb @@ -31,28 +31,31 @@ require 'time' module Falcon - class ThreatgraphCrawlEdgesRequest - attr_accessor :edge_direction + class FalconxFileSection + attr_accessor :characteristics - attr_accessor :edge_type + attr_accessor :entropy - attr_accessor :limit + attr_accessor :md5 - attr_accessor :next_requests + attr_accessor :name - attr_accessor :scope + attr_accessor :raw_size - attr_accessor :sort_descending + attr_accessor :virtual_address + + attr_accessor :virtual_size # Attribute mapping from ruby-style variable name to JSON key. def self.attribute_map { - :'edge_direction' => :'edge_direction', - :'edge_type' => :'edge_type', - :'limit' => :'limit', - :'next_requests' => :'next_requests', - :'scope' => :'scope', - :'sort_descending' => :'sort_descending' + :'characteristics' => :'characteristics', + :'entropy' => :'entropy', + :'md5' => :'md5', + :'name' => :'name', + :'raw_size' => :'raw_size', + :'virtual_address' => :'virtual_address', + :'virtual_size' => :'virtual_size' } end @@ -64,12 +67,13 @@ def self.acceptable_attributes # Attribute type mapping. def self.openapi_types { - :'edge_direction' => :'String', - :'edge_type' => :'String', - :'limit' => :'Integer', - :'next_requests' => :'Array', - :'scope' => :'String', - :'sort_descending' => :'Boolean' + :'characteristics' => :'Array', + :'entropy' => :'Float', + :'md5' => :'String', + :'name' => :'String', + :'raw_size' => :'String', + :'virtual_address' => :'String', + :'virtual_size' => :'String' } end @@ -83,41 +87,45 @@ def self.openapi_nullable # @param [Hash] attributes Model attributes in the form of hash def initialize(attributes = {}) if (!attributes.is_a?(Hash)) - fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ThreatgraphCrawlEdgesRequest` initialize method" + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::FalconxFileSection` initialize method" end # check to see if the attribute exists and convert string to symbol for hash key attributes = attributes.each_with_object({}) { |(k, v), h| if (!self.class.attribute_map.key?(k.to_sym)) - fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ThreatgraphCrawlEdgesRequest`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::FalconxFileSection`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect end h[k.to_sym] = v } - if attributes.key?(:'edge_direction') - self.edge_direction = attributes[:'edge_direction'] + if attributes.key?(:'characteristics') + if (value = attributes[:'characteristics']).is_a?(Array) + self.characteristics = value + end end - if attributes.key?(:'edge_type') - self.edge_type = attributes[:'edge_type'] + if attributes.key?(:'entropy') + self.entropy = attributes[:'entropy'] end - if attributes.key?(:'limit') - self.limit = attributes[:'limit'] + if attributes.key?(:'md5') + self.md5 = attributes[:'md5'] end - if attributes.key?(:'next_requests') - if (value = attributes[:'next_requests']).is_a?(Array) - self.next_requests = value - end + if attributes.key?(:'name') + self.name = attributes[:'name'] end - if attributes.key?(:'scope') - self.scope = attributes[:'scope'] + if attributes.key?(:'raw_size') + self.raw_size = attributes[:'raw_size'] end - if attributes.key?(:'sort_descending') - self.sort_descending = attributes[:'sort_descending'] + if attributes.key?(:'virtual_address') + self.virtual_address = attributes[:'virtual_address'] + end + + if attributes.key?(:'virtual_size') + self.virtual_size = attributes[:'virtual_size'] end end @@ -125,32 +133,12 @@ def initialize(attributes = {}) # @return Array for valid properties with the reasons def list_invalid_properties invalid_properties = Array.new - if @edge_direction.nil? - invalid_properties.push('invalid value for "edge_direction", edge_direction cannot be nil.') - end - - if @edge_type.nil? - invalid_properties.push('invalid value for "edge_type", edge_type cannot be nil.') - end - - if @limit.nil? - invalid_properties.push('invalid value for "limit", limit cannot be nil.') - end - - if @scope.nil? - invalid_properties.push('invalid value for "scope", scope cannot be nil.') - end - invalid_properties end # Check to see if the all the properties in the model are valid # @return true if the model is valid def valid? - return false if @edge_direction.nil? - return false if @edge_type.nil? - return false if @limit.nil? - return false if @scope.nil? true end @@ -159,12 +147,13 @@ def valid? def ==(o) return true if self.equal?(o) self.class == o.class && - edge_direction == o.edge_direction && - edge_type == o.edge_type && - limit == o.limit && - next_requests == o.next_requests && - scope == o.scope && - sort_descending == o.sort_descending + characteristics == o.characteristics && + entropy == o.entropy && + md5 == o.md5 && + name == o.name && + raw_size == o.raw_size && + virtual_address == o.virtual_address && + virtual_size == o.virtual_size end # @see the `==` method @@ -176,7 +165,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [edge_direction, edge_type, limit, next_requests, scope, sort_descending].hash + [characteristics, entropy, md5, name, raw_size, virtual_address, virtual_size].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/falconx_module.rb b/lib/crimson-falcon/models/falconx_module.rb new file mode 100644 index 00000000..f2e99821 --- /dev/null +++ b/lib/crimson-falcon/models/falconx_module.rb @@ -0,0 +1,243 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class FalconxModule + attr_accessor :base + + attr_accessor :path + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'base' => :'base', + :'path' => :'path' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'base' => :'String', + :'path' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::FalconxModule` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::FalconxModule`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'base') + self.base = attributes[:'base'] + end + + if attributes.key?(:'path') + self.path = attributes[:'path'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + base == o.base && + path == o.path + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [base, path].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/falconx_process.rb b/lib/crimson-falcon/models/falconx_process.rb index 1ac6e581..36e2941b 100644 --- a/lib/crimson-falcon/models/falconx_process.rb +++ b/lib/crimson-falcon/models/falconx_process.rb @@ -42,6 +42,8 @@ class FalconxProcess attr_accessor :icon_artifact_id + attr_accessor :modules + attr_accessor :mutants attr_accessor :name @@ -72,6 +74,7 @@ def self.attribute_map :'file_accesses' => :'file_accesses', :'handles' => :'handles', :'icon_artifact_id' => :'icon_artifact_id', + :'modules' => :'modules', :'mutants' => :'mutants', :'name' => :'name', :'normalized_path' => :'normalized_path', @@ -99,6 +102,7 @@ def self.openapi_types :'file_accesses' => :'Array', :'handles' => :'Array', :'icon_artifact_id' => :'String', + :'modules' => :'Array', :'mutants' => :'Array', :'name' => :'String', :'normalized_path' => :'String', @@ -160,6 +164,12 @@ def initialize(attributes = {}) self.icon_artifact_id = attributes[:'icon_artifact_id'] end + if attributes.key?(:'modules') + if (value = attributes[:'modules']).is_a?(Array) + self.modules = value + end + end + if attributes.key?(:'mutants') if (value = attributes[:'mutants']).is_a?(Array) self.mutants = value @@ -238,6 +248,7 @@ def ==(o) file_accesses == o.file_accesses && handles == o.handles && icon_artifact_id == o.icon_artifact_id && + modules == o.modules && mutants == o.mutants && name == o.name && normalized_path == o.normalized_path && @@ -260,7 +271,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [amsi_calls, command_line, file_accesses, handles, icon_artifact_id, mutants, name, normalized_path, parent_uid, pid, process_flags, registry, script_calls, sha256, streams, uid].hash + [amsi_calls, command_line, file_accesses, handles, icon_artifact_id, modules, mutants, name, normalized_path, parent_uid, pid, process_flags, registry, script_calls, sha256, streams, uid].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/falconx_sandbox_parameters_v1.rb b/lib/crimson-falcon/models/falconx_sandbox_parameters_v1.rb index 6cc34c53..6aba794f 100644 --- a/lib/crimson-falcon/models/falconx_sandbox_parameters_v1.rb +++ b/lib/crimson-falcon/models/falconx_sandbox_parameters_v1.rb @@ -32,6 +32,8 @@ module Falcon class FalconxSandboxParametersV1 + attr_accessor :interactivity + attr_accessor :action_script attr_accessor :command_line @@ -57,6 +59,7 @@ class FalconxSandboxParametersV1 # Attribute mapping from ruby-style variable name to JSON key. def self.attribute_map { + :'interactivity' => :'Interactivity', :'action_script' => :'action_script', :'command_line' => :'command_line', :'document_password' => :'document_password', @@ -79,6 +82,7 @@ def self.acceptable_attributes # Attribute type mapping. def self.openapi_types { + :'interactivity' => :'Boolean', :'action_script' => :'String', :'command_line' => :'String', :'document_password' => :'String', @@ -114,6 +118,10 @@ def initialize(attributes = {}) h[k.to_sym] = v } + if attributes.key?(:'interactivity') + self.interactivity = attributes[:'interactivity'] + end + if attributes.key?(:'action_script') self.action_script = attributes[:'action_script'] end @@ -163,12 +171,17 @@ def initialize(attributes = {}) # @return Array for valid properties with the reasons def list_invalid_properties invalid_properties = Array.new + if @interactivity.nil? + invalid_properties.push('invalid value for "interactivity", interactivity cannot be nil.') + end + invalid_properties end # Check to see if the all the properties in the model are valid # @return true if the model is valid def valid? + return false if @interactivity.nil? true end @@ -177,6 +190,7 @@ def valid? def ==(o) return true if self.equal?(o) self.class == o.class && + interactivity == o.interactivity && action_script == o.action_script && command_line == o.command_line && document_password == o.document_password && @@ -199,7 +213,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [action_script, command_line, document_password, enable_tor, environment_id, network_settings, sha256, submit_name, system_date, system_time, url].hash + [interactivity, action_script, command_line, document_password, enable_tor, environment_id, network_settings, sha256, submit_name, system_date, system_time, url].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/falconx_sandbox_report_v1.rb b/lib/crimson-falcon/models/falconx_sandbox_report_v1.rb index e5c88e3b..2205383d 100644 --- a/lib/crimson-falcon/models/falconx_sandbox_report_v1.rb +++ b/lib/crimson-falcon/models/falconx_sandbox_report_v1.rb @@ -34,14 +34,28 @@ module Falcon class FalconxSandboxReportV1 attr_accessor :architecture + attr_accessor :certificates + + attr_accessor :certificates_validation_message + attr_accessor :classification attr_accessor :classification_tags attr_accessor :contacted_hosts + attr_accessor :dll_characteristics + attr_accessor :dns_requests + attr_accessor :entrypoint + + attr_accessor :entrypoint_preview_count + + attr_accessor :entrypoint_preview_instructions + + attr_accessor :entrypoint_section + attr_accessor :environment_description attr_accessor :environment_id @@ -58,10 +72,16 @@ class FalconxSandboxReportV1 attr_accessor :extracted_interesting_strings + attr_accessor :file_data_directories + attr_accessor :file_imports attr_accessor :file_metadata + attr_accessor :file_resources + + attr_accessor :file_sections + attr_accessor :file_size attr_accessor :file_type @@ -70,6 +90,12 @@ class FalconxSandboxReportV1 attr_accessor :http_requests + attr_accessor :icon + + attr_accessor :image_base + + attr_accessor :image_file_characteristics + attr_accessor :incidents attr_accessor :intelligence_mitre_attacks @@ -78,6 +104,12 @@ class FalconxSandboxReportV1 attr_accessor :ioc_report_strict_artifact_id + attr_accessor :is_certificates_valid + + attr_accessor :language + + attr_accessor :major_os_version + attr_accessor :memory_dumps attr_accessor :memory_dumps_artifact_id @@ -86,6 +118,8 @@ class FalconxSandboxReportV1 attr_accessor :memory_strings_artifact_id + attr_accessor :minor_os_version + attr_accessor :mitre_attacks attr_accessor :network_settings @@ -110,6 +144,8 @@ class FalconxSandboxReportV1 attr_accessor :submit_url + attr_accessor :subsystem + attr_accessor :suricata_alerts attr_accessor :target_url @@ -122,6 +158,8 @@ class FalconxSandboxReportV1 attr_accessor :version_info + attr_accessor :visualization + attr_accessor :windows_version_bitness attr_accessor :windows_version_edition @@ -136,10 +174,17 @@ class FalconxSandboxReportV1 def self.attribute_map { :'architecture' => :'architecture', + :'certificates' => :'certificates', + :'certificates_validation_message' => :'certificates_validation_message', :'classification' => :'classification', :'classification_tags' => :'classification_tags', :'contacted_hosts' => :'contacted_hosts', + :'dll_characteristics' => :'dll_characteristics', :'dns_requests' => :'dns_requests', + :'entrypoint' => :'entrypoint', + :'entrypoint_preview_count' => :'entrypoint_preview_count', + :'entrypoint_preview_instructions' => :'entrypoint_preview_instructions', + :'entrypoint_section' => :'entrypoint_section', :'environment_description' => :'environment_description', :'environment_id' => :'environment_id', :'error_message' => :'error_message', @@ -148,20 +193,30 @@ def self.attribute_map :'exact_deep_hash' => :'exact_deep_hash', :'extracted_files' => :'extracted_files', :'extracted_interesting_strings' => :'extracted_interesting_strings', + :'file_data_directories' => :'file_data_directories', :'file_imports' => :'file_imports', :'file_metadata' => :'file_metadata', + :'file_resources' => :'file_resources', + :'file_sections' => :'file_sections', :'file_size' => :'file_size', :'file_type' => :'file_type', :'file_type_short' => :'file_type_short', :'http_requests' => :'http_requests', + :'icon' => :'icon', + :'image_base' => :'image_base', + :'image_file_characteristics' => :'image_file_characteristics', :'incidents' => :'incidents', :'intelligence_mitre_attacks' => :'intelligence_mitre_attacks', :'ioc_report_broad_artifact_id' => :'ioc_report_broad_artifact_id', :'ioc_report_strict_artifact_id' => :'ioc_report_strict_artifact_id', + :'is_certificates_valid' => :'is_certificates_valid', + :'language' => :'language', + :'major_os_version' => :'major_os_version', :'memory_dumps' => :'memory_dumps', :'memory_dumps_artifact_id' => :'memory_dumps_artifact_id', :'memory_forensics' => :'memory_forensics', :'memory_strings_artifact_id' => :'memory_strings_artifact_id', + :'minor_os_version' => :'minor_os_version', :'mitre_attacks' => :'mitre_attacks', :'network_settings' => :'network_settings', :'packer' => :'packer', @@ -174,12 +229,14 @@ def self.attribute_map :'submission_type' => :'submission_type', :'submit_name' => :'submit_name', :'submit_url' => :'submit_url', + :'subsystem' => :'subsystem', :'suricata_alerts' => :'suricata_alerts', :'target_url' => :'target_url', :'threat_score' => :'threat_score', :'urls' => :'urls', :'verdict' => :'verdict', :'version_info' => :'version_info', + :'visualization' => :'visualization', :'windows_version_bitness' => :'windows_version_bitness', :'windows_version_edition' => :'windows_version_edition', :'windows_version_name' => :'windows_version_name', @@ -197,10 +254,17 @@ def self.acceptable_attributes def self.openapi_types { :'architecture' => :'String', + :'certificates' => :'Array', + :'certificates_validation_message' => :'String', :'classification' => :'Array', :'classification_tags' => :'Array', :'contacted_hosts' => :'Array', + :'dll_characteristics' => :'Array', :'dns_requests' => :'Array', + :'entrypoint' => :'String', + :'entrypoint_preview_count' => :'Integer', + :'entrypoint_preview_instructions' => :'Array', + :'entrypoint_section' => :'String', :'environment_description' => :'String', :'environment_id' => :'Integer', :'error_message' => :'String', @@ -209,20 +273,30 @@ def self.openapi_types :'exact_deep_hash' => :'String', :'extracted_files' => :'Array', :'extracted_interesting_strings' => :'Array', + :'file_data_directories' => :'Array', :'file_imports' => :'Array', :'file_metadata' => :'FalconxFileMetadata', + :'file_resources' => :'Array', + :'file_sections' => :'Array', :'file_size' => :'Integer', :'file_type' => :'String', :'file_type_short' => :'Array', :'http_requests' => :'Array', + :'icon' => :'String', + :'image_base' => :'String', + :'image_file_characteristics' => :'Array', :'incidents' => :'Array', :'intelligence_mitre_attacks' => :'Array', :'ioc_report_broad_artifact_id' => :'String', :'ioc_report_strict_artifact_id' => :'String', + :'is_certificates_valid' => :'Boolean', + :'language' => :'String', + :'major_os_version' => :'Integer', :'memory_dumps' => :'Array', :'memory_dumps_artifact_id' => :'String', :'memory_forensics' => :'Array', :'memory_strings_artifact_id' => :'String', + :'minor_os_version' => :'Integer', :'mitre_attacks' => :'Array', :'network_settings' => :'String', :'packer' => :'String', @@ -235,12 +309,14 @@ def self.openapi_types :'submission_type' => :'String', :'submit_name' => :'String', :'submit_url' => :'String', + :'subsystem' => :'String', :'suricata_alerts' => :'Array', :'target_url' => :'String', :'threat_score' => :'Integer', :'urls' => :'Array', :'verdict' => :'String', :'version_info' => :'Array', + :'visualization' => :'String', :'windows_version_bitness' => :'Integer', :'windows_version_edition' => :'String', :'windows_version_name' => :'String', @@ -274,6 +350,16 @@ def initialize(attributes = {}) self.architecture = attributes[:'architecture'] end + if attributes.key?(:'certificates') + if (value = attributes[:'certificates']).is_a?(Array) + self.certificates = value + end + end + + if attributes.key?(:'certificates_validation_message') + self.certificates_validation_message = attributes[:'certificates_validation_message'] + end + if attributes.key?(:'classification') if (value = attributes[:'classification']).is_a?(Array) self.classification = value @@ -292,12 +378,36 @@ def initialize(attributes = {}) end end + if attributes.key?(:'dll_characteristics') + if (value = attributes[:'dll_characteristics']).is_a?(Array) + self.dll_characteristics = value + end + end + if attributes.key?(:'dns_requests') if (value = attributes[:'dns_requests']).is_a?(Array) self.dns_requests = value end end + if attributes.key?(:'entrypoint') + self.entrypoint = attributes[:'entrypoint'] + end + + if attributes.key?(:'entrypoint_preview_count') + self.entrypoint_preview_count = attributes[:'entrypoint_preview_count'] + end + + if attributes.key?(:'entrypoint_preview_instructions') + if (value = attributes[:'entrypoint_preview_instructions']).is_a?(Array) + self.entrypoint_preview_instructions = value + end + end + + if attributes.key?(:'entrypoint_section') + self.entrypoint_section = attributes[:'entrypoint_section'] + end + if attributes.key?(:'environment_description') self.environment_description = attributes[:'environment_description'] end @@ -334,6 +444,12 @@ def initialize(attributes = {}) end end + if attributes.key?(:'file_data_directories') + if (value = attributes[:'file_data_directories']).is_a?(Array) + self.file_data_directories = value + end + end + if attributes.key?(:'file_imports') if (value = attributes[:'file_imports']).is_a?(Array) self.file_imports = value @@ -344,6 +460,18 @@ def initialize(attributes = {}) self.file_metadata = attributes[:'file_metadata'] end + if attributes.key?(:'file_resources') + if (value = attributes[:'file_resources']).is_a?(Array) + self.file_resources = value + end + end + + if attributes.key?(:'file_sections') + if (value = attributes[:'file_sections']).is_a?(Array) + self.file_sections = value + end + end + if attributes.key?(:'file_size') self.file_size = attributes[:'file_size'] end @@ -364,6 +492,20 @@ def initialize(attributes = {}) end end + if attributes.key?(:'icon') + self.icon = attributes[:'icon'] + end + + if attributes.key?(:'image_base') + self.image_base = attributes[:'image_base'] + end + + if attributes.key?(:'image_file_characteristics') + if (value = attributes[:'image_file_characteristics']).is_a?(Array) + self.image_file_characteristics = value + end + end + if attributes.key?(:'incidents') if (value = attributes[:'incidents']).is_a?(Array) self.incidents = value @@ -384,6 +526,18 @@ def initialize(attributes = {}) self.ioc_report_strict_artifact_id = attributes[:'ioc_report_strict_artifact_id'] end + if attributes.key?(:'is_certificates_valid') + self.is_certificates_valid = attributes[:'is_certificates_valid'] + end + + if attributes.key?(:'language') + self.language = attributes[:'language'] + end + + if attributes.key?(:'major_os_version') + self.major_os_version = attributes[:'major_os_version'] + end + if attributes.key?(:'memory_dumps') if (value = attributes[:'memory_dumps']).is_a?(Array) self.memory_dumps = value @@ -404,6 +558,10 @@ def initialize(attributes = {}) self.memory_strings_artifact_id = attributes[:'memory_strings_artifact_id'] end + if attributes.key?(:'minor_os_version') + self.minor_os_version = attributes[:'minor_os_version'] + end + if attributes.key?(:'mitre_attacks') if (value = attributes[:'mitre_attacks']).is_a?(Array) self.mitre_attacks = value @@ -462,6 +620,10 @@ def initialize(attributes = {}) self.submit_url = attributes[:'submit_url'] end + if attributes.key?(:'subsystem') + self.subsystem = attributes[:'subsystem'] + end + if attributes.key?(:'suricata_alerts') if (value = attributes[:'suricata_alerts']).is_a?(Array) self.suricata_alerts = value @@ -492,6 +654,10 @@ def initialize(attributes = {}) end end + if attributes.key?(:'visualization') + self.visualization = attributes[:'visualization'] + end + if attributes.key?(:'windows_version_bitness') self.windows_version_bitness = attributes[:'windows_version_bitness'] end @@ -517,12 +683,17 @@ def initialize(attributes = {}) # @return Array for valid properties with the reasons def list_invalid_properties invalid_properties = Array.new + if @is_certificates_valid.nil? + invalid_properties.push('invalid value for "is_certificates_valid", is_certificates_valid cannot be nil.') + end + invalid_properties end # Check to see if the all the properties in the model are valid # @return true if the model is valid def valid? + return false if @is_certificates_valid.nil? true end @@ -532,10 +703,17 @@ def ==(o) return true if self.equal?(o) self.class == o.class && architecture == o.architecture && + certificates == o.certificates && + certificates_validation_message == o.certificates_validation_message && classification == o.classification && classification_tags == o.classification_tags && contacted_hosts == o.contacted_hosts && + dll_characteristics == o.dll_characteristics && dns_requests == o.dns_requests && + entrypoint == o.entrypoint && + entrypoint_preview_count == o.entrypoint_preview_count && + entrypoint_preview_instructions == o.entrypoint_preview_instructions && + entrypoint_section == o.entrypoint_section && environment_description == o.environment_description && environment_id == o.environment_id && error_message == o.error_message && @@ -544,20 +722,30 @@ def ==(o) exact_deep_hash == o.exact_deep_hash && extracted_files == o.extracted_files && extracted_interesting_strings == o.extracted_interesting_strings && + file_data_directories == o.file_data_directories && file_imports == o.file_imports && file_metadata == o.file_metadata && + file_resources == o.file_resources && + file_sections == o.file_sections && file_size == o.file_size && file_type == o.file_type && file_type_short == o.file_type_short && http_requests == o.http_requests && + icon == o.icon && + image_base == o.image_base && + image_file_characteristics == o.image_file_characteristics && incidents == o.incidents && intelligence_mitre_attacks == o.intelligence_mitre_attacks && ioc_report_broad_artifact_id == o.ioc_report_broad_artifact_id && ioc_report_strict_artifact_id == o.ioc_report_strict_artifact_id && + is_certificates_valid == o.is_certificates_valid && + language == o.language && + major_os_version == o.major_os_version && memory_dumps == o.memory_dumps && memory_dumps_artifact_id == o.memory_dumps_artifact_id && memory_forensics == o.memory_forensics && memory_strings_artifact_id == o.memory_strings_artifact_id && + minor_os_version == o.minor_os_version && mitre_attacks == o.mitre_attacks && network_settings == o.network_settings && packer == o.packer && @@ -570,12 +758,14 @@ def ==(o) submission_type == o.submission_type && submit_name == o.submit_name && submit_url == o.submit_url && + subsystem == o.subsystem && suricata_alerts == o.suricata_alerts && target_url == o.target_url && threat_score == o.threat_score && urls == o.urls && verdict == o.verdict && version_info == o.version_info && + visualization == o.visualization && windows_version_bitness == o.windows_version_bitness && windows_version_edition == o.windows_version_edition && windows_version_name == o.windows_version_name && @@ -592,7 +782,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [architecture, classification, classification_tags, contacted_hosts, dns_requests, environment_description, environment_id, error_message, error_origin, error_type, exact_deep_hash, extracted_files, extracted_interesting_strings, file_imports, file_metadata, file_size, file_type, file_type_short, http_requests, incidents, intelligence_mitre_attacks, ioc_report_broad_artifact_id, ioc_report_strict_artifact_id, memory_dumps, memory_dumps_artifact_id, memory_forensics, memory_strings_artifact_id, mitre_attacks, network_settings, packer, pcap_report_artifact_id, processes, sample_flags, screenshots_artifact_ids, sha256, signatures, submission_type, submit_name, submit_url, suricata_alerts, target_url, threat_score, urls, verdict, version_info, windows_version_bitness, windows_version_edition, windows_version_name, windows_version_service_pack, windows_version_version].hash + [architecture, certificates, certificates_validation_message, classification, classification_tags, contacted_hosts, dll_characteristics, dns_requests, entrypoint, entrypoint_preview_count, entrypoint_preview_instructions, entrypoint_section, environment_description, environment_id, error_message, error_origin, error_type, exact_deep_hash, extracted_files, extracted_interesting_strings, file_data_directories, file_imports, file_metadata, file_resources, file_sections, file_size, file_type, file_type_short, http_requests, icon, image_base, image_file_characteristics, incidents, intelligence_mitre_attacks, ioc_report_broad_artifact_id, ioc_report_strict_artifact_id, is_certificates_valid, language, major_os_version, memory_dumps, memory_dumps_artifact_id, memory_forensics, memory_strings_artifact_id, minor_os_version, mitre_attacks, network_settings, packer, pcap_report_artifact_id, processes, sample_flags, screenshots_artifact_ids, sha256, signatures, submission_type, submit_name, submit_url, subsystem, suricata_alerts, target_url, threat_score, urls, verdict, version_info, visualization, windows_version_bitness, windows_version_edition, windows_version_name, windows_version_service_pack, windows_version_version].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/fwmgr_firewall_match_event_response.rb b/lib/crimson-falcon/models/fwmgr_firewall_match_event_response.rb index aa32d989..d0b22461 100644 --- a/lib/crimson-falcon/models/fwmgr_firewall_match_event_response.rb +++ b/lib/crimson-falcon/models/fwmgr_firewall_match_event_response.rb @@ -40,6 +40,8 @@ class FwmgrFirewallMatchEventResponse attr_accessor :connection_direction + attr_accessor :domain_name_list + attr_accessor :event_type attr_accessor :flags @@ -107,6 +109,7 @@ def self.attribute_map :'cid' => :'cid', :'command_line' => :'command_line', :'connection_direction' => :'connection_direction', + :'domain_name_list' => :'domain_name_list', :'event_type' => :'event_type', :'flags' => :'flags', :'hidden' => :'hidden', @@ -152,6 +155,7 @@ def self.openapi_types :'cid' => :'String', :'command_line' => :'String', :'connection_direction' => :'String', + :'domain_name_list' => :'String', :'event_type' => :'String', :'flags' => :'FwmgrFirewallFlags', :'hidden' => :'Boolean', @@ -222,6 +226,10 @@ def initialize(attributes = {}) self.connection_direction = attributes[:'connection_direction'] end + if attributes.key?(:'domain_name_list') + self.domain_name_list = attributes[:'domain_name_list'] + end + if attributes.key?(:'event_type') self.event_type = attributes[:'event_type'] end @@ -363,6 +371,10 @@ def list_invalid_properties invalid_properties.push('invalid value for "connection_direction", connection_direction cannot be nil.') end + if @domain_name_list.nil? + invalid_properties.push('invalid value for "domain_name_list", domain_name_list cannot be nil.') + end + if @event_type.nil? invalid_properties.push('invalid value for "event_type", event_type cannot be nil.') end @@ -493,6 +505,7 @@ def valid? return false if @cid.nil? return false if @command_line.nil? return false if @connection_direction.nil? + return false if @domain_name_list.nil? return false if @event_type.nil? return false if @flags.nil? return false if @hidden.nil? @@ -535,6 +548,7 @@ def ==(o) cid == o.cid && command_line == o.command_line && connection_direction == o.connection_direction && + domain_name_list == o.domain_name_list && event_type == o.event_type && flags == o.flags && hidden == o.hidden && @@ -576,7 +590,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [aid, cid, command_line, connection_direction, event_type, flags, hidden, host_name, icmp_code, icmp_type, id, image_file_name, ipv, local_address, local_port, match_count, match_count_since_last_event, network_profile, pid, platform, policy_id, policy_name, protocol, remote_address, remote_port, rule_action, rule_description, rule_family_id, rule_group_name, rule_id, rule_name, status, timestamp, tree_id].hash + [aid, cid, command_line, connection_direction, domain_name_list, event_type, flags, hidden, host_name, icmp_code, icmp_type, id, image_file_name, ipv, local_address, local_port, match_count, match_count_since_last_event, network_profile, pid, platform, policy_id, policy_name, protocol, remote_address, remote_port, rule_action, rule_description, rule_family_id, rule_group_name, rule_id, rule_name, status, timestamp, tree_id].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/images_ext_combined_images_response.rb b/lib/crimson-falcon/models/images_ext_combined_images_response.rb new file mode 100644 index 00000000..21a0d044 --- /dev/null +++ b/lib/crimson-falcon/models/images_ext_combined_images_response.rb @@ -0,0 +1,266 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class ImagesExtCombinedImagesResponse + attr_accessor :errors + + attr_accessor :meta + + attr_accessor :resources + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'errors' => :'errors', + :'meta' => :'meta', + :'resources' => :'resources' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'errors' => :'Array', + :'meta' => :'MsaspecMetaInfo', + :'resources' => :'Array' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ImagesExtCombinedImagesResponse` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ImagesExtCombinedImagesResponse`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'errors') + if (value = attributes[:'errors']).is_a?(Array) + self.errors = value + end + end + + if attributes.key?(:'meta') + self.meta = attributes[:'meta'] + end + + if attributes.key?(:'resources') + if (value = attributes[:'resources']).is_a?(Array) + self.resources = value + end + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @meta.nil? + invalid_properties.push('invalid value for "meta", meta cannot be nil.') + end + + if @resources.nil? + invalid_properties.push('invalid value for "resources", resources cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @meta.nil? + return false if @resources.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + errors == o.errors && + meta == o.meta && + resources == o.resources + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [errors, meta, resources].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/internal_sensor_status.rb b/lib/crimson-falcon/models/internal_sensor_status.rb new file mode 100644 index 00000000..7362c1d4 --- /dev/null +++ b/lib/crimson-falcon/models/internal_sensor_status.rb @@ -0,0 +1,325 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class InternalSensorStatus + attr_accessor :agent_version + + attr_accessor :cid + + attr_accessor :device_id + + attr_accessor :hostname + + attr_accessor :idp_policy_id + + attr_accessor :idp_policy_name + + attr_accessor :local_ip + + attr_accessor :machine_domain + + attr_accessor :os_version + + attr_accessor :ti_enabled + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'agent_version' => :'agent_version', + :'cid' => :'cid', + :'device_id' => :'device_id', + :'hostname' => :'hostname', + :'idp_policy_id' => :'idp_policy_id', + :'idp_policy_name' => :'idp_policy_name', + :'local_ip' => :'local_ip', + :'machine_domain' => :'machine_domain', + :'os_version' => :'os_version', + :'ti_enabled' => :'ti_enabled' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'agent_version' => :'String', + :'cid' => :'String', + :'device_id' => :'String', + :'hostname' => :'String', + :'idp_policy_id' => :'String', + :'idp_policy_name' => :'String', + :'local_ip' => :'String', + :'machine_domain' => :'String', + :'os_version' => :'String', + :'ti_enabled' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::InternalSensorStatus` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::InternalSensorStatus`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'agent_version') + self.agent_version = attributes[:'agent_version'] + end + + if attributes.key?(:'cid') + self.cid = attributes[:'cid'] + end + + if attributes.key?(:'device_id') + self.device_id = attributes[:'device_id'] + end + + if attributes.key?(:'hostname') + self.hostname = attributes[:'hostname'] + end + + if attributes.key?(:'idp_policy_id') + self.idp_policy_id = attributes[:'idp_policy_id'] + end + + if attributes.key?(:'idp_policy_name') + self.idp_policy_name = attributes[:'idp_policy_name'] + end + + if attributes.key?(:'local_ip') + self.local_ip = attributes[:'local_ip'] + end + + if attributes.key?(:'machine_domain') + self.machine_domain = attributes[:'machine_domain'] + end + + if attributes.key?(:'os_version') + self.os_version = attributes[:'os_version'] + end + + if attributes.key?(:'ti_enabled') + self.ti_enabled = attributes[:'ti_enabled'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @cid.nil? + invalid_properties.push('invalid value for "cid", cid cannot be nil.') + end + + if @device_id.nil? + invalid_properties.push('invalid value for "device_id", device_id cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @cid.nil? + return false if @device_id.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + agent_version == o.agent_version && + cid == o.cid && + device_id == o.device_id && + hostname == o.hostname && + idp_policy_id == o.idp_policy_id && + idp_policy_name == o.idp_policy_name && + local_ip == o.local_ip && + machine_domain == o.machine_domain && + os_version == o.os_version && + ti_enabled == o.ti_enabled + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [agent_version, cid, device_id, hostname, idp_policy_id, idp_policy_name, local_ip, machine_domain, os_version, ti_enabled].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/models_credentials.rb b/lib/crimson-falcon/models/models_credentials.rb new file mode 100644 index 00000000..370faa7a --- /dev/null +++ b/lib/crimson-falcon/models/models_credentials.rb @@ -0,0 +1,239 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class ModelsCredentials + attr_accessor :token + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'token' => :'token' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'token' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ModelsCredentials` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ModelsCredentials`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'token') + self.token = attributes[:'token'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @token.nil? + invalid_properties.push('invalid value for "token", token cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @token.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + token == o.token + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [token].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/models_ext_api_image_combined.rb b/lib/crimson-falcon/models/models_ext_api_image_combined.rb new file mode 100644 index 00000000..52a42b7d --- /dev/null +++ b/lib/crimson-falcon/models/models_ext_api_image_combined.rb @@ -0,0 +1,491 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class ModelsExtAPIImageCombined + attr_accessor :base_os + + attr_accessor :cid + + attr_accessor :containers + + attr_accessor :detections + + attr_accessor :first_seen + + attr_accessor :highest_detection_severity + + attr_accessor :highest_vulnerability_severity + + attr_accessor :image_digest + + attr_accessor :image_id + + attr_accessor :last_seen + + attr_accessor :layers_with_vulnerabilities + + attr_accessor :packages + + attr_accessor :registry + + attr_accessor :report_url_by_id_and_digest + + attr_accessor :report_url_by_repo_and_tag + + attr_accessor :repository + + attr_accessor :tag + + attr_accessor :vulnerabilities + + attr_accessor :warning + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'base_os' => :'base_os', + :'cid' => :'cid', + :'containers' => :'containers', + :'detections' => :'detections', + :'first_seen' => :'first_seen', + :'highest_detection_severity' => :'highest_detection_severity', + :'highest_vulnerability_severity' => :'highest_vulnerability_severity', + :'image_digest' => :'image_digest', + :'image_id' => :'image_id', + :'last_seen' => :'last_seen', + :'layers_with_vulnerabilities' => :'layers_with_vulnerabilities', + :'packages' => :'packages', + :'registry' => :'registry', + :'report_url_by_id_and_digest' => :'report_url_by_id_and_digest', + :'report_url_by_repo_and_tag' => :'report_url_by_repo_and_tag', + :'repository' => :'repository', + :'tag' => :'tag', + :'vulnerabilities' => :'vulnerabilities', + :'warning' => :'warning' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'base_os' => :'String', + :'cid' => :'String', + :'containers' => :'Integer', + :'detections' => :'Integer', + :'first_seen' => :'String', + :'highest_detection_severity' => :'String', + :'highest_vulnerability_severity' => :'String', + :'image_digest' => :'String', + :'image_id' => :'String', + :'last_seen' => :'String', + :'layers_with_vulnerabilities' => :'Integer', + :'packages' => :'Integer', + :'registry' => :'String', + :'report_url_by_id_and_digest' => :'String', + :'report_url_by_repo_and_tag' => :'String', + :'repository' => :'String', + :'tag' => :'String', + :'vulnerabilities' => :'Integer', + :'warning' => :'Integer' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ModelsExtAPIImageCombined` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ModelsExtAPIImageCombined`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'base_os') + self.base_os = attributes[:'base_os'] + end + + if attributes.key?(:'cid') + self.cid = attributes[:'cid'] + end + + if attributes.key?(:'containers') + self.containers = attributes[:'containers'] + end + + if attributes.key?(:'detections') + self.detections = attributes[:'detections'] + end + + if attributes.key?(:'first_seen') + self.first_seen = attributes[:'first_seen'] + end + + if attributes.key?(:'highest_detection_severity') + self.highest_detection_severity = attributes[:'highest_detection_severity'] + end + + if attributes.key?(:'highest_vulnerability_severity') + self.highest_vulnerability_severity = attributes[:'highest_vulnerability_severity'] + end + + if attributes.key?(:'image_digest') + self.image_digest = attributes[:'image_digest'] + end + + if attributes.key?(:'image_id') + self.image_id = attributes[:'image_id'] + end + + if attributes.key?(:'last_seen') + self.last_seen = attributes[:'last_seen'] + end + + if attributes.key?(:'layers_with_vulnerabilities') + self.layers_with_vulnerabilities = attributes[:'layers_with_vulnerabilities'] + end + + if attributes.key?(:'packages') + self.packages = attributes[:'packages'] + end + + if attributes.key?(:'registry') + self.registry = attributes[:'registry'] + end + + if attributes.key?(:'report_url_by_id_and_digest') + self.report_url_by_id_and_digest = attributes[:'report_url_by_id_and_digest'] + end + + if attributes.key?(:'report_url_by_repo_and_tag') + self.report_url_by_repo_and_tag = attributes[:'report_url_by_repo_and_tag'] + end + + if attributes.key?(:'repository') + self.repository = attributes[:'repository'] + end + + if attributes.key?(:'tag') + self.tag = attributes[:'tag'] + end + + if attributes.key?(:'vulnerabilities') + self.vulnerabilities = attributes[:'vulnerabilities'] + end + + if attributes.key?(:'warning') + self.warning = attributes[:'warning'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @base_os.nil? + invalid_properties.push('invalid value for "base_os", base_os cannot be nil.') + end + + if @cid.nil? + invalid_properties.push('invalid value for "cid", cid cannot be nil.') + end + + if @containers.nil? + invalid_properties.push('invalid value for "containers", containers cannot be nil.') + end + + if @detections.nil? + invalid_properties.push('invalid value for "detections", detections cannot be nil.') + end + + if @first_seen.nil? + invalid_properties.push('invalid value for "first_seen", first_seen cannot be nil.') + end + + if @highest_detection_severity.nil? + invalid_properties.push('invalid value for "highest_detection_severity", highest_detection_severity cannot be nil.') + end + + if @highest_vulnerability_severity.nil? + invalid_properties.push('invalid value for "highest_vulnerability_severity", highest_vulnerability_severity cannot be nil.') + end + + if @image_digest.nil? + invalid_properties.push('invalid value for "image_digest", image_digest cannot be nil.') + end + + if @image_id.nil? + invalid_properties.push('invalid value for "image_id", image_id cannot be nil.') + end + + if @last_seen.nil? + invalid_properties.push('invalid value for "last_seen", last_seen cannot be nil.') + end + + if @layers_with_vulnerabilities.nil? + invalid_properties.push('invalid value for "layers_with_vulnerabilities", layers_with_vulnerabilities cannot be nil.') + end + + if @packages.nil? + invalid_properties.push('invalid value for "packages", packages cannot be nil.') + end + + if @registry.nil? + invalid_properties.push('invalid value for "registry", registry cannot be nil.') + end + + if @report_url_by_id_and_digest.nil? + invalid_properties.push('invalid value for "report_url_by_id_and_digest", report_url_by_id_and_digest cannot be nil.') + end + + if @report_url_by_repo_and_tag.nil? + invalid_properties.push('invalid value for "report_url_by_repo_and_tag", report_url_by_repo_and_tag cannot be nil.') + end + + if @repository.nil? + invalid_properties.push('invalid value for "repository", repository cannot be nil.') + end + + if @tag.nil? + invalid_properties.push('invalid value for "tag", tag cannot be nil.') + end + + if @vulnerabilities.nil? + invalid_properties.push('invalid value for "vulnerabilities", vulnerabilities cannot be nil.') + end + + if @warning.nil? + invalid_properties.push('invalid value for "warning", warning cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @base_os.nil? + return false if @cid.nil? + return false if @containers.nil? + return false if @detections.nil? + return false if @first_seen.nil? + return false if @highest_detection_severity.nil? + return false if @highest_vulnerability_severity.nil? + return false if @image_digest.nil? + return false if @image_id.nil? + return false if @last_seen.nil? + return false if @layers_with_vulnerabilities.nil? + return false if @packages.nil? + return false if @registry.nil? + return false if @report_url_by_id_and_digest.nil? + return false if @report_url_by_repo_and_tag.nil? + return false if @repository.nil? + return false if @tag.nil? + return false if @vulnerabilities.nil? + return false if @warning.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + base_os == o.base_os && + cid == o.cid && + containers == o.containers && + detections == o.detections && + first_seen == o.first_seen && + highest_detection_severity == o.highest_detection_severity && + highest_vulnerability_severity == o.highest_vulnerability_severity && + image_digest == o.image_digest && + image_id == o.image_id && + last_seen == o.last_seen && + layers_with_vulnerabilities == o.layers_with_vulnerabilities && + packages == o.packages && + registry == o.registry && + report_url_by_id_and_digest == o.report_url_by_id_and_digest && + report_url_by_repo_and_tag == o.report_url_by_repo_and_tag && + repository == o.repository && + tag == o.tag && + vulnerabilities == o.vulnerabilities && + warning == o.warning + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [base_os, cid, containers, detections, first_seen, highest_detection_severity, highest_vulnerability_severity, image_digest, image_id, last_seen, layers_with_vulnerabilities, packages, registry, report_url_by_id_and_digest, report_url_by_repo_and_tag, repository, tag, vulnerabilities, warning].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/models_job_meta_data.rb b/lib/crimson-falcon/models/models_job_meta_data.rb new file mode 100644 index 00000000..aeb606e5 --- /dev/null +++ b/lib/crimson-falcon/models/models_job_meta_data.rb @@ -0,0 +1,337 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class ModelsJobMetaData + attr_accessor :cloud_provider + + attr_accessor :instance_id + + attr_accessor :job_end_time + + attr_accessor :job_id + + attr_accessor :job_start_time + + attr_accessor :message + + attr_accessor :scanner_version + + attr_accessor :status + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'cloud_provider' => :'cloud_provider', + :'instance_id' => :'instance_id', + :'job_end_time' => :'job_end_time', + :'job_id' => :'job_id', + :'job_start_time' => :'job_start_time', + :'message' => :'message', + :'scanner_version' => :'scanner_version', + :'status' => :'status' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'cloud_provider' => :'String', + :'instance_id' => :'String', + :'job_end_time' => :'Time', + :'job_id' => :'String', + :'job_start_time' => :'Time', + :'message' => :'String', + :'scanner_version' => :'String', + :'status' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ModelsJobMetaData` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ModelsJobMetaData`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'cloud_provider') + self.cloud_provider = attributes[:'cloud_provider'] + end + + if attributes.key?(:'instance_id') + self.instance_id = attributes[:'instance_id'] + end + + if attributes.key?(:'job_end_time') + self.job_end_time = attributes[:'job_end_time'] + end + + if attributes.key?(:'job_id') + self.job_id = attributes[:'job_id'] + end + + if attributes.key?(:'job_start_time') + self.job_start_time = attributes[:'job_start_time'] + end + + if attributes.key?(:'message') + self.message = attributes[:'message'] + end + + if attributes.key?(:'scanner_version') + self.scanner_version = attributes[:'scanner_version'] + end + + if attributes.key?(:'status') + self.status = attributes[:'status'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @cloud_provider.nil? + invalid_properties.push('invalid value for "cloud_provider", cloud_provider cannot be nil.') + end + + if @instance_id.nil? + invalid_properties.push('invalid value for "instance_id", instance_id cannot be nil.') + end + + if @job_end_time.nil? + invalid_properties.push('invalid value for "job_end_time", job_end_time cannot be nil.') + end + + if @job_id.nil? + invalid_properties.push('invalid value for "job_id", job_id cannot be nil.') + end + + if @job_start_time.nil? + invalid_properties.push('invalid value for "job_start_time", job_start_time cannot be nil.') + end + + if @message.nil? + invalid_properties.push('invalid value for "message", message cannot be nil.') + end + + if @scanner_version.nil? + invalid_properties.push('invalid value for "scanner_version", scanner_version cannot be nil.') + end + + if @status.nil? + invalid_properties.push('invalid value for "status", status cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @cloud_provider.nil? + return false if @instance_id.nil? + return false if @job_end_time.nil? + return false if @job_id.nil? + return false if @job_start_time.nil? + return false if @message.nil? + return false if @scanner_version.nil? + return false if @status.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + cloud_provider == o.cloud_provider && + instance_id == o.instance_id && + job_end_time == o.job_end_time && + job_id == o.job_id && + job_start_time == o.job_start_time && + message == o.message && + scanner_version == o.scanner_version && + status == o.status + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [cloud_provider, instance_id, job_end_time, job_id, job_start_time, message, scanner_version, status].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/models_registry_credentials_response.rb b/lib/crimson-falcon/models/models_registry_credentials_response.rb new file mode 100644 index 00000000..73f6f2da --- /dev/null +++ b/lib/crimson-falcon/models/models_registry_credentials_response.rb @@ -0,0 +1,271 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class ModelsRegistryCredentialsResponse + attr_accessor :errors + + attr_accessor :meta + + attr_accessor :resources + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'errors' => :'errors', + :'meta' => :'meta', + :'resources' => :'resources' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'errors' => :'Array', + :'meta' => :'MsaspecMetaInfo', + :'resources' => :'Array' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ModelsRegistryCredentialsResponse` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ModelsRegistryCredentialsResponse`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'errors') + if (value = attributes[:'errors']).is_a?(Array) + self.errors = value + end + end + + if attributes.key?(:'meta') + self.meta = attributes[:'meta'] + end + + if attributes.key?(:'resources') + if (value = attributes[:'resources']).is_a?(Array) + self.resources = value + end + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @errors.nil? + invalid_properties.push('invalid value for "errors", errors cannot be nil.') + end + + if @meta.nil? + invalid_properties.push('invalid value for "meta", meta cannot be nil.') + end + + if @resources.nil? + invalid_properties.push('invalid value for "resources", resources cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @errors.nil? + return false if @meta.nil? + return false if @resources.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + errors == o.errors && + meta == o.meta && + resources == o.resources + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [errors, meta, resources].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/models_scan_results.rb b/lib/crimson-falcon/models/models_scan_results.rb new file mode 100644 index 00000000..b5fbb467 --- /dev/null +++ b/lib/crimson-falcon/models/models_scan_results.rb @@ -0,0 +1,255 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class ModelsScanResults + attr_accessor :applications + + attr_accessor :os_version + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'applications' => :'applications', + :'os_version' => :'os_version' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'applications' => :'Array', + :'os_version' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ModelsScanResults` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ModelsScanResults`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'applications') + if (value = attributes[:'applications']).is_a?(Array) + self.applications = value + end + end + + if attributes.key?(:'os_version') + self.os_version = attributes[:'os_version'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @applications.nil? + invalid_properties.push('invalid value for "applications", applications cannot be nil.') + end + + if @os_version.nil? + invalid_properties.push('invalid value for "os_version", os_version cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @applications.nil? + return false if @os_version.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + applications == o.applications && + os_version == o.os_version + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [applications, os_version].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/models_snapshot_inventory_application.rb b/lib/crimson-falcon/models/models_snapshot_inventory_application.rb new file mode 100644 index 00000000..e4c2a5c2 --- /dev/null +++ b/lib/crimson-falcon/models/models_snapshot_inventory_application.rb @@ -0,0 +1,351 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class ModelsSnapshotInventoryApplication + attr_accessor :major_version + + attr_accessor :package_hash + + attr_accessor :package_provider + + attr_accessor :package_source + + attr_accessor :path + + attr_accessor :product + + attr_accessor :software_architecture + + attr_accessor :type + + attr_accessor :vendor + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'major_version' => :'major_version', + :'package_hash' => :'package_hash', + :'package_provider' => :'package_provider', + :'package_source' => :'package_source', + :'path' => :'path', + :'product' => :'product', + :'software_architecture' => :'software_architecture', + :'type' => :'type', + :'vendor' => :'vendor' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'major_version' => :'String', + :'package_hash' => :'String', + :'package_provider' => :'String', + :'package_source' => :'String', + :'path' => :'String', + :'product' => :'String', + :'software_architecture' => :'String', + :'type' => :'String', + :'vendor' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ModelsSnapshotInventoryApplication` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ModelsSnapshotInventoryApplication`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'major_version') + self.major_version = attributes[:'major_version'] + end + + if attributes.key?(:'package_hash') + self.package_hash = attributes[:'package_hash'] + end + + if attributes.key?(:'package_provider') + self.package_provider = attributes[:'package_provider'] + end + + if attributes.key?(:'package_source') + self.package_source = attributes[:'package_source'] + end + + if attributes.key?(:'path') + self.path = attributes[:'path'] + end + + if attributes.key?(:'product') + self.product = attributes[:'product'] + end + + if attributes.key?(:'software_architecture') + self.software_architecture = attributes[:'software_architecture'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + end + + if attributes.key?(:'vendor') + self.vendor = attributes[:'vendor'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @major_version.nil? + invalid_properties.push('invalid value for "major_version", major_version cannot be nil.') + end + + if @package_hash.nil? + invalid_properties.push('invalid value for "package_hash", package_hash cannot be nil.') + end + + if @package_provider.nil? + invalid_properties.push('invalid value for "package_provider", package_provider cannot be nil.') + end + + if @package_source.nil? + invalid_properties.push('invalid value for "package_source", package_source cannot be nil.') + end + + if @path.nil? + invalid_properties.push('invalid value for "path", path cannot be nil.') + end + + if @product.nil? + invalid_properties.push('invalid value for "product", product cannot be nil.') + end + + if @software_architecture.nil? + invalid_properties.push('invalid value for "software_architecture", software_architecture cannot be nil.') + end + + if @type.nil? + invalid_properties.push('invalid value for "type", type cannot be nil.') + end + + if @vendor.nil? + invalid_properties.push('invalid value for "vendor", vendor cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @major_version.nil? + return false if @package_hash.nil? + return false if @package_provider.nil? + return false if @package_source.nil? + return false if @path.nil? + return false if @product.nil? + return false if @software_architecture.nil? + return false if @type.nil? + return false if @vendor.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + major_version == o.major_version && + package_hash == o.package_hash && + package_provider == o.package_provider && + package_source == o.package_source && + path == o.path && + product == o.product && + software_architecture == o.software_architecture && + type == o.type && + vendor == o.vendor + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [major_version, package_hash, package_provider, package_source, path, product, software_architecture, type, vendor].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/models_snapshot_inventory_payload.rb b/lib/crimson-falcon/models/models_snapshot_inventory_payload.rb new file mode 100644 index 00000000..dd16d075 --- /dev/null +++ b/lib/crimson-falcon/models/models_snapshot_inventory_payload.rb @@ -0,0 +1,253 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class ModelsSnapshotInventoryPayload + attr_accessor :job_metadata + + attr_accessor :results + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'job_metadata' => :'job_metadata', + :'results' => :'results' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'job_metadata' => :'ModelsJobMetaData', + :'results' => :'ModelsScanResults' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ModelsSnapshotInventoryPayload` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ModelsSnapshotInventoryPayload`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'job_metadata') + self.job_metadata = attributes[:'job_metadata'] + end + + if attributes.key?(:'results') + self.results = attributes[:'results'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @job_metadata.nil? + invalid_properties.push('invalid value for "job_metadata", job_metadata cannot be nil.') + end + + if @results.nil? + invalid_properties.push('invalid value for "results", results cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @job_metadata.nil? + return false if @results.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + job_metadata == o.job_metadata && + results == o.results + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [job_metadata, results].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/public_acl.rb b/lib/crimson-falcon/models/public_acl.rb index ab179341..09691088 100644 --- a/lib/crimson-falcon/models/public_acl.rb +++ b/lib/crimson-falcon/models/public_acl.rb @@ -58,7 +58,7 @@ def self.acceptable_attributes # Attribute type mapping. def self.openapi_types { - :'acl_permission_change' => :'Array', + :'acl_permission_change' => :'Array', :'entity' => :'String', :'entity_id' => :'String', :'entity_name' => :'String' diff --git a/lib/crimson-falcon/models/public_acl_change.rb b/lib/crimson-falcon/models/public_acl_change.rb new file mode 100644 index 00000000..d07fa37c --- /dev/null +++ b/lib/crimson-falcon/models/public_acl_change.rb @@ -0,0 +1,243 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class PublicACLChange + attr_accessor :operation + + attr_accessor :permissions + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'operation' => :'operation', + :'permissions' => :'permissions' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'operation' => :'String', + :'permissions' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::PublicACLChange` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::PublicACLChange`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'operation') + self.operation = attributes[:'operation'] + end + + if attributes.key?(:'permissions') + self.permissions = attributes[:'permissions'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + operation == o.operation && + permissions == o.permissions + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [operation, permissions].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/models/registration_azure_account_v1_ext.rb b/lib/crimson-falcon/models/registration_azure_account_v1_ext.rb index f3bd0385..829d92d3 100644 --- a/lib/crimson-falcon/models/registration_azure_account_v1_ext.rb +++ b/lib/crimson-falcon/models/registration_azure_account_v1_ext.rb @@ -49,6 +49,8 @@ class RegistrationAzureAccountV1Ext attr_accessor :client_id + attr_accessor :cloud_scopes + attr_accessor :conditions attr_accessor :credentials_end_date @@ -58,6 +60,8 @@ class RegistrationAzureAccountV1Ext # Default Azure Subscription ID to provision shared IOA infrastructure. attr_accessor :default_subscription_id + attr_accessor :environment + attr_accessor :object_id attr_accessor :public_certificate @@ -75,6 +79,9 @@ class RegistrationAzureAccountV1Ext # Azure Subscription ID. attr_accessor :subscription_id + # Azure Subscription Name. + attr_accessor :subscription_name + # Azure Tenant ID to use. attr_accessor :tenant_id @@ -91,10 +98,12 @@ def self.attribute_map :'azure_permissions_status' => :'azure_permissions_status', :'cid' => :'cid', :'client_id' => :'client_id', + :'cloud_scopes' => :'cloud_scopes', :'conditions' => :'conditions', :'credentials_end_date' => :'credentials_end_date', :'credentials_type' => :'credentials_type', :'default_subscription_id' => :'default_subscription_id', + :'environment' => :'environment', :'object_id' => :'object_id', :'public_certificate' => :'public_certificate', :'public_certificate_raw' => :'public_certificate_raw', @@ -102,6 +111,7 @@ def self.attribute_map :'show_modal' => :'show_modal', :'status' => :'status', :'subscription_id' => :'subscription_id', + :'subscription_name' => :'subscription_name', :'tenant_id' => :'tenant_id', :'years_valid' => :'years_valid' } @@ -123,10 +133,12 @@ def self.openapi_types :'azure_permissions_status' => :'Array', :'cid' => :'String', :'client_id' => :'String', + :'cloud_scopes' => :'Array', :'conditions' => :'Array', :'credentials_end_date' => :'Time', :'credentials_type' => :'String', :'default_subscription_id' => :'String', + :'environment' => :'String', :'object_id' => :'String', :'public_certificate' => :'String', :'public_certificate_raw' => :'String', @@ -134,6 +146,7 @@ def self.openapi_types :'show_modal' => :'Boolean', :'status' => :'String', :'subscription_id' => :'String', + :'subscription_name' => :'String', :'tenant_id' => :'String', :'years_valid' => :'Integer' } @@ -194,6 +207,12 @@ def initialize(attributes = {}) self.client_id = attributes[:'client_id'] end + if attributes.key?(:'cloud_scopes') + if (value = attributes[:'cloud_scopes']).is_a?(Array) + self.cloud_scopes = value + end + end + if attributes.key?(:'conditions') if (value = attributes[:'conditions']).is_a?(Array) self.conditions = value @@ -212,6 +231,10 @@ def initialize(attributes = {}) self.default_subscription_id = attributes[:'default_subscription_id'] end + if attributes.key?(:'environment') + self.environment = attributes[:'environment'] + end + if attributes.key?(:'object_id') self.object_id = attributes[:'object_id'] end @@ -242,6 +265,10 @@ def initialize(attributes = {}) self.subscription_id = attributes[:'subscription_id'] end + if attributes.key?(:'subscription_name') + self.subscription_name = attributes[:'subscription_name'] + end + if attributes.key?(:'tenant_id') self.tenant_id = attributes[:'tenant_id'] end @@ -312,10 +339,12 @@ def ==(o) azure_permissions_status == o.azure_permissions_status && cid == o.cid && client_id == o.client_id && + cloud_scopes == o.cloud_scopes && conditions == o.conditions && credentials_end_date == o.credentials_end_date && credentials_type == o.credentials_type && default_subscription_id == o.default_subscription_id && + environment == o.environment && object_id == o.object_id && public_certificate == o.public_certificate && public_certificate_raw == o.public_certificate_raw && @@ -323,6 +352,7 @@ def ==(o) show_modal == o.show_modal && status == o.status && subscription_id == o.subscription_id && + subscription_name == o.subscription_name && tenant_id == o.tenant_id && years_valid == o.years_valid end @@ -336,7 +366,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [created_at, deleted_at, id, updated_at, account_type, azure_permissions_status, cid, client_id, conditions, credentials_end_date, credentials_type, default_subscription_id, object_id, public_certificate, public_certificate_raw, role_assignments, show_modal, status, subscription_id, tenant_id, years_valid].hash + [created_at, deleted_at, id, updated_at, account_type, azure_permissions_status, cid, client_id, cloud_scopes, conditions, credentials_end_date, credentials_type, default_subscription_id, environment, object_id, public_certificate, public_certificate_raw, role_assignments, show_modal, status, subscription_id, subscription_name, tenant_id, years_valid].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/registration_ioa_event.rb b/lib/crimson-falcon/models/registration_ioa_event.rb index ec246831..c5435e12 100644 --- a/lib/crimson-falcon/models/registration_ioa_event.rb +++ b/lib/crimson-falcon/models/registration_ioa_event.rb @@ -183,9 +183,9 @@ def self.openapi_types :'read_only' => :'Boolean', :'recipient_account_id' => :'String', :'request_id' => :'String', - :'request_parameters' => :'String', - :'resources' => :'String', - :'response_elements' => :'String', + :'request_parameters' => :'Object', + :'resources' => :'Array', + :'response_elements' => :'Object', :'service' => :'String', :'service_event_details' => :'String', :'severity' => :'String', @@ -194,7 +194,7 @@ def self.openapi_types :'state' => :'String', :'user_agent' => :'String', :'user_id' => :'String', - :'user_identity' => :'String', + :'user_identity' => :'Object', :'vertex_id' => :'String', :'vertex_type' => :'String', :'vpc_endpoint_id' => :'String' @@ -319,7 +319,9 @@ def initialize(attributes = {}) end if attributes.key?(:'resources') - self.resources = attributes[:'resources'] + if (value = attributes[:'resources']).is_a?(Array) + self.resources = value + end end if attributes.key?(:'response_elements') diff --git a/lib/crimson-falcon/models/registration_iom_event_v2.rb b/lib/crimson-falcon/models/registration_iom_event_v2.rb index e1b8cce5..2ddf9997 100644 --- a/lib/crimson-falcon/models/registration_iom_event_v2.rb +++ b/lib/crimson-falcon/models/registration_iom_event_v2.rb @@ -42,8 +42,12 @@ class RegistrationIOMEventV2 attr_accessor :cid + attr_accessor :cloud_labels + attr_accessor :cloud_provider + attr_accessor :cloud_scopes + attr_accessor :custom_policy_id attr_accessor :finding @@ -96,7 +100,9 @@ def self.attribute_map :'agent_id' => :'agent_id', :'azure_tenant_id' => :'azure_tenant_id', :'cid' => :'cid', + :'cloud_labels' => :'cloud_labels', :'cloud_provider' => :'cloud_provider', + :'cloud_scopes' => :'cloud_scopes', :'custom_policy_id' => :'custom_policy_id', :'finding' => :'finding', :'id' => :'id', @@ -135,7 +141,9 @@ def self.openapi_types :'agent_id' => :'String', :'azure_tenant_id' => :'String', :'cid' => :'String', + :'cloud_labels' => :'Array', :'cloud_provider' => :'String', + :'cloud_scopes' => :'Array', :'custom_policy_id' => :'Integer', :'finding' => :'Object', :'id' => :'String', @@ -202,10 +210,22 @@ def initialize(attributes = {}) self.cid = attributes[:'cid'] end + if attributes.key?(:'cloud_labels') + if (value = attributes[:'cloud_labels']).is_a?(Array) + self.cloud_labels = value + end + end + if attributes.key?(:'cloud_provider') self.cloud_provider = attributes[:'cloud_provider'] end + if attributes.key?(:'cloud_scopes') + if (value = attributes[:'cloud_scopes']).is_a?(Array) + self.cloud_scopes = value + end + end + if attributes.key?(:'custom_policy_id') self.custom_policy_id = attributes[:'custom_policy_id'] end @@ -420,7 +440,9 @@ def ==(o) agent_id == o.agent_id && azure_tenant_id == o.azure_tenant_id && cid == o.cid && + cloud_labels == o.cloud_labels && cloud_provider == o.cloud_provider && + cloud_scopes == o.cloud_scopes && custom_policy_id == o.custom_policy_id && finding == o.finding && id == o.id && @@ -454,7 +476,7 @@ def eql?(o) # Calculates hash code according to all attributes. # @return [Integer] Hash code def hash - [account_id, account_name, agent_id, azure_tenant_id, cid, cloud_provider, custom_policy_id, finding, id, is_managed, policy_id, policy_statement, policy_type, region, report_date_time, resource_attributes, resource_create_time, resource_id, resource_id_type, resource_url, resource_uuid, scan_id, scan_time, service, severity, status, tags, vm_id].hash + [account_id, account_name, agent_id, azure_tenant_id, cid, cloud_labels, cloud_provider, cloud_scopes, custom_policy_id, finding, id, is_managed, policy_id, policy_statement, policy_type, region, report_date_time, resource_attributes, resource_create_time, resource_id, resource_id_type, resource_url, resource_uuid, scan_id, scan_time, service, severity, status, tags, vm_id].hash end # Builds the object from hash diff --git a/lib/crimson-falcon/models/sadomain_notification_log.rb b/lib/crimson-falcon/models/sadomain_notification_log.rb new file mode 100644 index 00000000..53f4349d --- /dev/null +++ b/lib/crimson-falcon/models/sadomain_notification_log.rb @@ -0,0 +1,365 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'date' +require 'time' + +module Falcon + class SadomainNotificationLog + attr_accessor :action + + attr_accessor :cid + + attr_accessor :created_date + + attr_accessor :details + + attr_accessor :id + + attr_accessor :message + + attr_accessor :notification_id + + attr_accessor :user_email + + attr_accessor :user_uuid + + attr_accessor :username + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'action' => :'action', + :'cid' => :'cid', + :'created_date' => :'created_date', + :'details' => :'details', + :'id' => :'id', + :'message' => :'message', + :'notification_id' => :'notification_id', + :'user_email' => :'user_email', + :'user_uuid' => :'user_uuid', + :'username' => :'username' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'action' => :'String', + :'cid' => :'String', + :'created_date' => :'Time', + :'details' => :'String', + :'id' => :'String', + :'message' => :'String', + :'notification_id' => :'String', + :'user_email' => :'String', + :'user_uuid' => :'String', + :'username' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::SadomainNotificationLog` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::SadomainNotificationLog`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'action') + self.action = attributes[:'action'] + end + + if attributes.key?(:'cid') + self.cid = attributes[:'cid'] + end + + if attributes.key?(:'created_date') + self.created_date = attributes[:'created_date'] + end + + if attributes.key?(:'details') + self.details = attributes[:'details'] + end + + if attributes.key?(:'id') + self.id = attributes[:'id'] + end + + if attributes.key?(:'message') + self.message = attributes[:'message'] + end + + if attributes.key?(:'notification_id') + self.notification_id = attributes[:'notification_id'] + end + + if attributes.key?(:'user_email') + self.user_email = attributes[:'user_email'] + end + + if attributes.key?(:'user_uuid') + self.user_uuid = attributes[:'user_uuid'] + end + + if attributes.key?(:'username') + self.username = attributes[:'username'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @action.nil? + invalid_properties.push('invalid value for "action", action cannot be nil.') + end + + if @cid.nil? + invalid_properties.push('invalid value for "cid", cid cannot be nil.') + end + + if @created_date.nil? + invalid_properties.push('invalid value for "created_date", created_date cannot be nil.') + end + + if @details.nil? + invalid_properties.push('invalid value for "details", details cannot be nil.') + end + + if @id.nil? + invalid_properties.push('invalid value for "id", id cannot be nil.') + end + + if @message.nil? + invalid_properties.push('invalid value for "message", message cannot be nil.') + end + + if @notification_id.nil? + invalid_properties.push('invalid value for "notification_id", notification_id cannot be nil.') + end + + if @user_email.nil? + invalid_properties.push('invalid value for "user_email", user_email cannot be nil.') + end + + if @user_uuid.nil? + invalid_properties.push('invalid value for "user_uuid", user_uuid cannot be nil.') + end + + if @username.nil? + invalid_properties.push('invalid value for "username", username cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @action.nil? + return false if @cid.nil? + return false if @created_date.nil? + return false if @details.nil? + return false if @id.nil? + return false if @message.nil? + return false if @notification_id.nil? + return false if @user_email.nil? + return false if @user_uuid.nil? + return false if @username.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + action == o.action && + cid == o.cid && + created_date == o.created_date && + details == o.details && + id == o.id && + message == o.message && + notification_id == o.notification_id && + user_email == o.user_email && + user_uuid == o.user_uuid && + username == o.username + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [action, cid, created_date, details, id, message, notification_id, user_email, user_uuid, username].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + attributes = attributes.transform_keys(&:to_sym) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = Falcon.const_get(type) + klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + end +end diff --git a/lib/crimson-falcon/version.rb b/lib/crimson-falcon/version.rb index 212ea5ea..18e52620 100644 --- a/lib/crimson-falcon/version.rb +++ b/lib/crimson-falcon/version.rb @@ -25,7 +25,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -CrowdStrike Swagger API Version: 2023-05-30T23:10:32Z +CrowdStrike Swagger API Version: 2023-08-03T23:00:01Z =end module Falcon diff --git a/spec/api/public_assessments_api_spec.rb b/spec/api/configuration_assessment_api_spec.rb similarity index 88% rename from spec/api/public_assessments_api_spec.rb rename to spec/api/configuration_assessment_api_spec.rb index 1ffedcea..6ae78bf3 100644 --- a/spec/api/public_assessments_api_spec.rb +++ b/spec/api/configuration_assessment_api_spec.rb @@ -30,22 +30,22 @@ require 'spec_helper' require 'json' -# Unit tests for Falcon::PublicAssessmentsApi +# Unit tests for Falcon::ConfigurationAssessmentApi # Automatically generated by openapi-generator (https://openapi-generator.tech) # Please update as you see appropriate -describe 'PublicAssessmentsApi' do +describe 'ConfigurationAssessmentApi' do before do # run before each test - @api_instance = Falcon::PublicAssessmentsApi.new + @api_instance = Falcon::ConfigurationAssessmentApi.new end after do # run after each test end - describe 'test an instance of PublicAssessmentsApi' do - it 'should create an instance of PublicAssessmentsApi' do - expect(@api_instance).to be_instance_of(Falcon::PublicAssessmentsApi) + describe 'test an instance of ConfigurationAssessmentApi' do + it 'should create an instance of ConfigurationAssessmentApi' do + expect(@api_instance).to be_instance_of(Falcon::ConfigurationAssessmentApi) end end @@ -56,7 +56,7 @@ # @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. # @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results. # @option opts [String] :sort Sort assessment by their properties. Common sort options include: <ul><li>created_timestamp|desc</li><li>updated_timestamp|asc</li></ul> - # @option opts [Array] :facet Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li></ul> + # @option opts [Array] :facet Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li><li>finding.evaluation_logic</li></ul> # @return [DomainAPICombinedFindingsResponseV1] describe 'get_combined_assessments_query test' do it 'should work' do diff --git a/spec/api/configuration_assessment_evaluation_logic_api_spec.rb b/spec/api/configuration_assessment_evaluation_logic_api_spec.rb new file mode 100644 index 00000000..59ed4c07 --- /dev/null +++ b/spec/api/configuration_assessment_evaluation_logic_api_spec.rb @@ -0,0 +1,63 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' + +# Unit tests for Falcon::ConfigurationAssessmentEvaluationLogicApi +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe 'ConfigurationAssessmentEvaluationLogicApi' do + before do + # run before each test + @api_instance = Falcon::ConfigurationAssessmentEvaluationLogicApi.new + end + + after do + # run after each test + end + + describe 'test an instance of ConfigurationAssessmentEvaluationLogicApi' do + it 'should create an instance of ConfigurationAssessmentEvaluationLogicApi' do + expect(@api_instance).to be_instance_of(Falcon::ConfigurationAssessmentEvaluationLogicApi) + end + end + + # unit tests for get_evaluation_logic_mixin0 + # Get details on evaluation logic items by providing one or more finding IDs. + # @param ids One or more evaluation logic finding IDs. + # @param [Hash] opts the optional parameters + # @return [DomainAPIEvaluationLogicEntitiesResponseV1] + describe 'get_evaluation_logic_mixin0 test' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/api/cspm_registration_api_spec.rb b/spec/api/cspm_registration_api_spec.rb index 96685f91..49f586a7 100644 --- a/spec/api/cspm_registration_api_spec.rb +++ b/spec/api/cspm_registration_api_spec.rb @@ -150,7 +150,8 @@ # @option opts [String] :filter use_current_scan_ids - *use this to get records for latest scans* account_name account_id agent_id attack_types azure_subscription_id cloud_provider cloud_service_keyword custom_policy_id is_managed policy_id policy_type resource_id region status scan_time severity severity_string # @option opts [String] :sort account_name account_id attack_types azure_subscription_id cloud_provider cloud_service_keyword status is_managed policy_id policy_type resource_id region scan_time severity severity_string timestamp # @option opts [Integer] :limit The max number of detections to return - # @option opts [Integer] :offset Offset returned detections + # @option opts [Integer] :offset Offset returned detections. Cannot be combined with next_token filter + # @option opts [String] :next_token String to get next page of results. Cannot be combined with any filter except limit. # @return [RegistrationIOMEventIDsResponseV2] describe 'get_configuration_detection_ids_v2 test' do it 'should work' do diff --git a/spec/api/custom_ioa_api_spec.rb b/spec/api/custom_ioa_api_spec.rb index 32640f87..68acae6f 100644 --- a/spec/api/custom_ioa_api_spec.rb +++ b/spec/api/custom_ioa_api_spec.rb @@ -151,12 +151,12 @@ end end - # unit tests for get_rules_mixin0_mixin65 + # unit tests for get_rules_mixin0 # Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size. # @param ids The IDs of the entities # @param [Hash] opts the optional parameters # @return [ApiRulesResponse] - describe 'get_rules_mixin0_mixin65 test' do + describe 'get_rules_mixin0 test' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end @@ -189,7 +189,7 @@ # unit tests for query_rule_groups_full # Find all rule groups matching the query with optional filter. # @param [Hash] opts the optional parameters - # @option opts [String] :sort Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled} + # @option opts [String] :sort Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on} # @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. # @option opts [String] :q Match query criteria, which includes all the filter string fields # @option opts [String] :offset Starting index of overall result set from which to return IDs @@ -204,7 +204,7 @@ # unit tests for query_rule_groups_mixin0 # Finds all rule group IDs matching the query with optional filter. # @param [Hash] opts the optional parameters - # @option opts [String] :sort Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled} + # @option opts [String] :sort Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on} # @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. # @option opts [String] :q Match query criteria, which includes all the filter string fields # @option opts [String] :offset Starting index of overall result set from which to return IDs @@ -228,16 +228,16 @@ end end - # unit tests for query_rules_mixin0_mixin65 + # unit tests for query_rules_mixin0 # Finds all rule IDs matching the query with optional filter. # @param [Hash] opts the optional parameters - # @option opts [String] :sort Possible order by fields: {rules.enabled, rules.created_by, rules.current_version.modified_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.ruletype_name, rules.created_on, rules.current_version.name} + # @option opts [String] :sort Possible order by fields: {rules.created_on, rules.current_version.name, rules.current_version.modified_by, rules.ruletype_name, rules.created_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.enabled} # @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. # @option opts [String] :q Match query criteria, which includes all the filter string fields # @option opts [String] :offset Starting index of overall result set from which to return IDs # @option opts [Integer] :limit Number of IDs to return # @return [MsaQueryResponse] - describe 'query_rules_mixin0_mixin65 test' do + describe 'query_rules_mixin0 test' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end diff --git a/spec/api/discover_api_spec.rb b/spec/api/discover_api_spec.rb index 222e8b2b..c3d58fbf 100644 --- a/spec/api/discover_api_spec.rb +++ b/spec/api/discover_api_spec.rb @@ -99,7 +99,7 @@ # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. # @option opts [String] :sort Sort accounts by their properties. A single sort field is allowed. Common sort options include: <ul><li>username|asc</li><li>last_failed_login_timestamp|desc</li></ul> - # @option opts [String] :filter Filter accounts using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul> + # @option opts [String] :filter Filter accounts using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul> Available filter fields that support exact match: id, cid, user_sid, account_name, username, account_type, admin_privileges, first_seen_timestamp, last_successful_login_type, last_successful_login_timestamp, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_timestamp, last_failed_login_hostname, password_last_set_timestamp, local_admin_privileges Available filter fields that supports wildcard (*): id, cid, user_sid, account_name, username, account_type, admin_privileges, last_successful_login_type, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_hostname, local_admin_privileges Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_successful_login_timestamp,last_failed_login_timestamp, password_last_set_timestamp All filter fields and operations supports negation (!). # @return [MsaQueryResponse] describe 'query_accounts test' do it 'should work' do @@ -107,73 +107,13 @@ end end - # unit tests for query_active_discovery_networks - # Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria. - # @param [Hash] opts the optional parameters - # @option opts [String] :x_cs_useruuid User UUID - # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. - # @option opts [Integer] :limit The number of active discovery network ids to return in this response (Min: 1, Max: 100, Default: 100). - # @option opts [String] :sort Sort active discovery networks by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for active discovery networks in your environment by providing an FQL filter. - # @return [MsaspecQueryResponse] - describe 'query_active_discovery_networks test' do - it 'should work' do - # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ - end - end - - # unit tests for query_active_discovery_rules - # Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria. - # @param [Hash] opts the optional parameters - # @option opts [String] :x_cs_useruuid User UUID - # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. - # @option opts [Integer] :limit The number of active discovery rule ids to return in this response (Min: 1, Max: 100, Default: 100). - # @option opts [String] :sort Sort active discovery rules by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for active discovery rules in your environment by providing an FQL filter. - # @return [MsaspecQueryResponse] - describe 'query_active_discovery_rules test' do - it 'should work' do - # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ - end - end - - # unit tests for query_active_discovery_scanners - # Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria. - # @param [Hash] opts the optional parameters - # @option opts [String] :x_cs_useruuid User UUID - # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. - # @option opts [Integer] :limit The number of active discovery scanner ids to return in this response (Min: 1, Max: 100, Default: 100). - # @option opts [String] :sort Sort active discovery scanners by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for active discovery scanners in your environment by providing an FQL filter. - # @return [MsaspecQueryResponse] - describe 'query_active_discovery_scanners test' do - it 'should work' do - # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ - end - end - - # unit tests for query_active_discovery_scans - # Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria. - # @param [Hash] opts the optional parameters - # @option opts [String] :x_cs_useruuid User UUID - # @option opts [Integer] :offset The index of the starting resource. - # @option opts [Integer] :limit The number of active discovery scan ids to return in this response (Min: 1, Max: 100, Default: 100). - # @option opts [String] :sort Sort active discovery scans by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for active discovery scans in your environment by providing an FQL filter. - # @return [MsaspecQueryResponse] - describe 'query_active_discovery_scans test' do - it 'should work' do - # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ - end - end - # unit tests for query_applications # Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria. # @param [Hash] opts the optional parameters # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of application ids to return in this response (Min: 1, Max: 100, Default: 100). # @option opts [String] :sort Sort applications by their properties. A single sort field is allowed. - # @option opts [String] :filter Search for applications in your environment by providing an FQL filter. + # @option opts [String] :filter Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!). # @return [MsaspecQueryResponse] describe 'query_applications test' do it 'should work' do @@ -187,7 +127,7 @@ # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. # @option opts [String] :sort Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul> - # @option opts [String] :filter Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> + # @option opts [String] :filter Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp All filter fields and operations supports negation (!). # @return [MsaspecQueryResponse] describe 'query_hosts test' do it 'should work' do @@ -201,7 +141,7 @@ # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. # @option opts [String] :sort Sort logins by their properties. A single sort field is allowed. Common sort options include: <ul><li>account_name|asc</li><li>login_timestamp|desc</li></ul> - # @option opts [String] :filter Filter logins using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul> + # @option opts [String] :filter Filter logins using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul> Available filter fields that support exact match: id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_timestamp, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, is_suspicious, failure_description, login_event_count, aggregation_time_interval Available filter fields that supports wildcard (*): id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, failure_description, aggregation_time_interval Available filter fields that supports range comparisons (>, <, >=, <=): login_timestamp, login_event_count All filter fields and operations supports negation (!). # @return [MsaQueryResponse] describe 'query_logins test' do it 'should work' do diff --git a/spec/api/discover_iot_api_spec.rb b/spec/api/discover_iot_api_spec.rb index b9ad8ca1..93b03641 100644 --- a/spec/api/discover_iot_api_spec.rb +++ b/spec/api/discover_iot_api_spec.rb @@ -66,7 +66,7 @@ # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. # @option opts [Integer] :limit The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. # @option opts [String] :sort Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul> - # @option opts [String] :filter Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> + # @option opts [String] :filter Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, physical_connections_count, data_providers Available filter fields that supports wildcard (*): device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, data_providers Available filter fields that supports range comparisons (>, <, >=, <=): physical_connections_count All filter fields and operations supports negation (!). # @return [MsaspecQueryResponse] describe 'query_iot_hosts test' do it 'should work' do diff --git a/spec/api/falcon_container_image_api_spec.rb b/spec/api/falcon_container_image_api_spec.rb index 2d72614f..9900f9d7 100644 --- a/spec/api/falcon_container_image_api_spec.rb +++ b/spec/api/falcon_container_image_api_spec.rb @@ -71,6 +71,20 @@ end end + # unit tests for get_combined_images + # Get image assessment results by providing an FQL filter and paging details + # @param [Hash] opts the optional parameters + # @option opts [String] :filter Filter images using a query in Falcon Query Language (FQL). Supported filters: container_running_status, cve_id, first_seen, registry, repository, tag, vulnerability_severity + # @option opts [Integer] :limit The upper-bound on the number of records to retrieve [1-100] + # @option opts [Integer] :offset The offset from where to begin. + # @option opts [String] :sort The fields to sort the records on. Supported columns: [first_seen registry repository tag vulnerability_severity] + # @return [ImagesExtCombinedImagesResponse] + describe 'get_combined_images test' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + # unit tests for read_registry_entities # Retrieve registry entities identified by the customer id # @param [Hash] opts the optional parameters diff --git a/spec/api/filevantage_api_spec.rb b/spec/api/filevantage_api_spec.rb index efc43c37..d50091ea 100644 --- a/spec/api/filevantage_api_spec.rb +++ b/spec/api/filevantage_api_spec.rb @@ -52,7 +52,7 @@ # unit tests for get_changes # Retrieve information on changes # Retrieve key attributes of Falcon FileVantage changes for the specified ids. - # @param ids Comma separated values of change ids + # @param ids One or more change ids in the form of ids=ID1&ids=ID2 # @param [Hash] opts the optional parameters # @return [PublicGetChangesResponse] describe 'get_changes test' do diff --git a/spec/api/identity_entities_api_spec.rb b/spec/api/identity_entities_api_spec.rb new file mode 100644 index 00000000..07e96865 --- /dev/null +++ b/spec/api/identity_entities_api_spec.rb @@ -0,0 +1,88 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' + +# Unit tests for Falcon::IdentityEntitiesApi +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe 'IdentityEntitiesApi' do + before do + # run before each test + @api_instance = Falcon::IdentityEntitiesApi.new + end + + after do + # run after each test + end + + describe 'test an instance of IdentityEntitiesApi' do + it 'should create an instance of IdentityEntitiesApi' do + expect(@api_instance).to be_instance_of(Falcon::IdentityEntitiesApi) + end + end + + # unit tests for get_sensor_aggregates + # Get sensor aggregates as specified via json in request body. + # @param body + # @param [Hash] opts the optional parameters + # @return [MsaAggregatesResponse] + describe 'get_sensor_aggregates test' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + # unit tests for get_sensor_details + # Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs. + # @param body + # @param [Hash] opts the optional parameters + # @return [ApiSensorDetailsResponseSwagger] + describe 'get_sensor_details test' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + # unit tests for query_sensors_by_filter + # Search for sensors in your environment by hostname, IP, and other criteria. + # @param [Hash] opts the optional parameters + # @option opts [Integer] :offset The offset to start retrieving records from + # @option opts [Integer] :limit The maximum records to return. [1-200] + # @option opts [String] :sort The property to sort by (e.g. status.desc or hostname.asc) + # @option opts [String] :filter The filter expression that should be used to limit the results + # @return [MsaspecQueryResponse] + describe 'query_sensors_by_filter test' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/api/intel_api_spec.rb b/spec/api/intel_api_spec.rb index c4b22af9..5286cd27 100644 --- a/spec/api/intel_api_spec.rb +++ b/spec/api/intel_api_spec.rb @@ -175,7 +175,7 @@ # @option opts [Integer] :offset Set the starting row number to return actors from. Defaults to 0. # @option opts [Integer] :limit Set the number of actors to return. The value must be between 1 and 5000. # @option opts [String] :sort Order fields in ascending or descending order. Ex: created_date|asc. - # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions. + # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value. # @option opts [String] :q Perform a generic substring search across all fields. # @option opts [Array] :fields The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: \\_\\_\\<collection\\>\\_\\_. Ex: slug \\_\\_full\\_\\_. Defaults to \\_\\_basic\\_\\_. # @return [DomainActorsResponse] @@ -191,7 +191,7 @@ # @option opts [Integer] :offset Set the starting row number to return actors IDs from. Defaults to 0. # @option opts [Integer] :limit Set the number of actor IDs to return. The value must be between 1 and 5000. # @option opts [String] :sort Order fields in ascending or descending order. Ex: created_date|asc. - # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions. + # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value. # @option opts [String] :q Perform a generic substring search across all fields. # @return [MsaQueryResponse] describe 'query_intel_actor_ids test' do @@ -286,10 +286,11 @@ end # unit tests for query_mitre_attacks - # Gets MITRE tactics and techniques for the given actor - # @param id The actor ID(derived from the actor's name) for which to retrieve a list of attacks. + # Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071 # @param [Hash] opts the optional parameters - # @return [nil] + # @option opts [String] :id The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed + # @option opts [Array] :ids The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed + # @return [DomainQueryMitreAttacksResponse] describe 'query_mitre_attacks test' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/api/inventories_api_spec.rb b/spec/api/inventories_api_spec.rb new file mode 100644 index 00000000..d7266bd9 --- /dev/null +++ b/spec/api/inventories_api_spec.rb @@ -0,0 +1,63 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' + +# Unit tests for Falcon::InventoriesApi +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe 'InventoriesApi' do + before do + # run before each test + @api_instance = Falcon::InventoriesApi.new + end + + after do + # run after each test + end + + describe 'test an instance of InventoriesApi' do + it 'should create an instance of InventoriesApi' do + expect(@api_instance).to be_instance_of(Falcon::InventoriesApi) + end + end + + # unit tests for create_inventory + # Create inventory from data received from snapshot + # @param body + # @param [Hash] opts the optional parameters + # @return [CommonEntitiesResponse] + describe 'create_inventory test' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/api/mssp_api_spec.rb b/spec/api/mssp_api_spec.rb index 68f4b13c..6bd1a1f4 100644 --- a/spec/api/mssp_api_spec.rb +++ b/spec/api/mssp_api_spec.rb @@ -105,7 +105,7 @@ end # unit tests for delete_cid_group_members - # Delete CID group members. + # Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members. # @param body Both 'cid_group_id' and 'cids' fields are required. # @param [Hash] opts the optional parameters # @return [DomainCIDGroupMembersResponseV1] @@ -115,6 +115,17 @@ end end + # unit tests for delete_cid_group_members_v2 + # Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group. + # @param body Both 'cid_group_id' and 'cids' fields are required. + # @param [Hash] opts the optional parameters + # @return [DomainCIDGroupMembersResponseV1] + describe 'delete_cid_group_members_v2 test' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + # unit tests for delete_cid_groups # Delete CID groups by ID. # @param cid_group_ids CID group ids to delete diff --git a/spec/api/provision_api_spec.rb b/spec/api/provision_api_spec.rb new file mode 100644 index 00000000..55de5db6 --- /dev/null +++ b/spec/api/provision_api_spec.rb @@ -0,0 +1,62 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' + +# Unit tests for Falcon::ProvisionApi +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe 'ProvisionApi' do + before do + # run before each test + @api_instance = Falcon::ProvisionApi.new + end + + after do + # run after each test + end + + describe 'test an instance of ProvisionApi' do + it 'should create an instance of ProvisionApi' do + expect(@api_instance).to be_instance_of(Falcon::ProvisionApi) + end + end + + # unit tests for get_credentials_mixin0 + # Gets the registry credentials + # @param [Hash] opts the optional parameters + # @return [ModelsRegistryCredentialsResponse] + describe 'get_credentials_mixin0 test' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/api/spotlight_vulnerabilities_api_spec.rb b/spec/api/vulnerabilities_api_spec.rb similarity index 69% rename from spec/api/spotlight_vulnerabilities_api_spec.rb rename to spec/api/vulnerabilities_api_spec.rb index 0b376ac2..e462fd80 100644 --- a/spec/api/spotlight_vulnerabilities_api_spec.rb +++ b/spec/api/vulnerabilities_api_spec.rb @@ -30,28 +30,28 @@ require 'spec_helper' require 'json' -# Unit tests for Falcon::SpotlightVulnerabilitiesApi +# Unit tests for Falcon::VulnerabilitiesApi # Automatically generated by openapi-generator (https://openapi-generator.tech) # Please update as you see appropriate -describe 'SpotlightVulnerabilitiesApi' do +describe 'VulnerabilitiesApi' do before do # run before each test - @api_instance = Falcon::SpotlightVulnerabilitiesApi.new + @api_instance = Falcon::VulnerabilitiesApi.new end after do # run after each test end - describe 'test an instance of SpotlightVulnerabilitiesApi' do - it 'should create an instance of SpotlightVulnerabilitiesApi' do - expect(@api_instance).to be_instance_of(Falcon::SpotlightVulnerabilitiesApi) + describe 'test an instance of VulnerabilitiesApi' do + it 'should create an instance of VulnerabilitiesApi' do + expect(@api_instance).to be_instance_of(Falcon::VulnerabilitiesApi) end end # unit tests for combined_query_vulnerabilities # Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria - # @param filter Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul> + # @param filter Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp # @param [Hash] opts the optional parameters # @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. # @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results. @@ -88,11 +88,11 @@ # unit tests for query_vulnerabilities # Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria - # @param filter Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul> + # @param filter Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp # @param [Hash] opts the optional parameters # @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. # @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results. - # @option opts [String] :sort Sort vulnerabilities by their properties. Common sort options include: <ul><li>updated_timestamp|asc</li><li>closed_timestamp|asc</li></ul> + # @option opts [String] :sort Sort vulnerabilities by their properties. Available sort options: <ul><li>updated_timestamp|asc/desc</li><li>closed_timestamp|asc</li><li>updated_timestamp|asc/desc</li></ul>. Can be used in a format <field>|asc for ascending order or <field>|desc for descending order. # @return [DomainSPAPIQueryResponse] describe 'query_vulnerabilities test' do it 'should work' do diff --git a/spec/api/spotlight_evaluation_logic_api_spec.rb b/spec/api/vulnerabilities_evaluation_logic_api_spec.rb similarity index 90% rename from spec/api/spotlight_evaluation_logic_api_spec.rb rename to spec/api/vulnerabilities_evaluation_logic_api_spec.rb index 12644c85..c0dcbff8 100644 --- a/spec/api/spotlight_evaluation_logic_api_spec.rb +++ b/spec/api/vulnerabilities_evaluation_logic_api_spec.rb @@ -30,22 +30,22 @@ require 'spec_helper' require 'json' -# Unit tests for Falcon::SpotlightEvaluationLogicApi +# Unit tests for Falcon::VulnerabilitiesEvaluationLogicApi # Automatically generated by openapi-generator (https://openapi-generator.tech) # Please update as you see appropriate -describe 'SpotlightEvaluationLogicApi' do +describe 'VulnerabilitiesEvaluationLogicApi' do before do # run before each test - @api_instance = Falcon::SpotlightEvaluationLogicApi.new + @api_instance = Falcon::VulnerabilitiesEvaluationLogicApi.new end after do # run after each test end - describe 'test an instance of SpotlightEvaluationLogicApi' do - it 'should create an instance of SpotlightEvaluationLogicApi' do - expect(@api_instance).to be_instance_of(Falcon::SpotlightEvaluationLogicApi) + describe 'test an instance of VulnerabilitiesEvaluationLogicApi' do + it 'should create an instance of VulnerabilitiesEvaluationLogicApi' do + expect(@api_instance).to be_instance_of(Falcon::VulnerabilitiesEvaluationLogicApi) end end diff --git a/spec/models/api_sensor_details_response_swagger_spec.rb b/spec/models/api_sensor_details_response_swagger_spec.rb new file mode 100644 index 00000000..243bd050 --- /dev/null +++ b/spec/models/api_sensor_details_response_swagger_spec.rb @@ -0,0 +1,63 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::ApiSensorDetailsResponseSwagger +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::ApiSensorDetailsResponseSwagger do + let(:instance) { Falcon::ApiSensorDetailsResponseSwagger.new } + + describe 'test an instance of ApiSensorDetailsResponseSwagger' do + it 'should create an instance of ApiSensorDetailsResponseSwagger' do + expect(instance).to be_instance_of(Falcon::ApiSensorDetailsResponseSwagger) + end + end + describe 'test attribute "errors"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "meta"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "resources"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/classification_criteria_spec.rb b/spec/models/classification_criteria_spec.rb new file mode 100644 index 00000000..c1e57f54 --- /dev/null +++ b/spec/models/classification_criteria_spec.rb @@ -0,0 +1,57 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::ClassificationCriteria +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::ClassificationCriteria do + let(:instance) { Falcon::ClassificationCriteria.new } + + describe 'test an instance of ClassificationCriteria' do + it 'should create an instance of ClassificationCriteria' do + expect(instance).to be_instance_of(Falcon::ClassificationCriteria) + end + end + describe 'test attribute "accounts"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "resources"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/threatgraph_crawl_edges_request_spec.rb b/spec/models/classification_label_spec.rb similarity index 77% rename from spec/models/threatgraph_crawl_edges_request_spec.rb rename to spec/models/classification_label_spec.rb index 0863530b..1a6a1f3d 100644 --- a/spec/models/threatgraph_crawl_edges_request_spec.rb +++ b/spec/models/classification_label_spec.rb @@ -31,48 +31,48 @@ require 'json' require 'date' -# Unit tests for Falcon::ThreatgraphCrawlEdgesRequest +# Unit tests for Falcon::ClassificationLabel # Automatically generated by openapi-generator (https://openapi-generator.tech) # Please update as you see appropriate -describe Falcon::ThreatgraphCrawlEdgesRequest do - let(:instance) { Falcon::ThreatgraphCrawlEdgesRequest.new } +describe Falcon::ClassificationLabel do + let(:instance) { Falcon::ClassificationLabel.new } - describe 'test an instance of ThreatgraphCrawlEdgesRequest' do - it 'should create an instance of ThreatgraphCrawlEdgesRequest' do - expect(instance).to be_instance_of(Falcon::ThreatgraphCrawlEdgesRequest) + describe 'test an instance of ClassificationLabel' do + it 'should create an instance of ClassificationLabel' do + expect(instance).to be_instance_of(Falcon::ClassificationLabel) end end - describe 'test attribute "edge_direction"' do + describe 'test attribute "criteria"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "edge_type"' do + describe 'test attribute "dynamic"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "limit"' do + describe 'test attribute "global"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "next_requests"' do + describe 'test attribute "group"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "scope"' do + describe 'test attribute "id"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "sort_descending"' do + describe 'test attribute "name"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end diff --git a/spec/models/common_entities_response_spec.rb b/spec/models/common_entities_response_spec.rb new file mode 100644 index 00000000..85ded2cf --- /dev/null +++ b/spec/models/common_entities_response_spec.rb @@ -0,0 +1,63 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::CommonEntitiesResponse +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::CommonEntitiesResponse do + let(:instance) { Falcon::CommonEntitiesResponse.new } + + describe 'test an instance of CommonEntitiesResponse' do + it 'should create an instance of CommonEntitiesResponse' do + expect(instance).to be_instance_of(Falcon::CommonEntitiesResponse) + end + end + describe 'test attribute "errors"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "meta"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "resources"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/detects_alert_spec.rb b/spec/models/detects_alert_spec.rb index bb57a122..1c9a9f03 100644 --- a/spec/models/detects_alert_spec.rb +++ b/spec/models/detects_alert_spec.rb @@ -96,12 +96,6 @@ end end - describe 'test attribute "crawl_traversal"' do - it 'should work' do - # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ - end - end - describe 'test attribute "crawl_vertex_ids"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/device_control_exception_req_v1_spec.rb b/spec/models/device_control_exception_req_v1_spec.rb index 8daa28d9..b18bea13 100644 --- a/spec/models/device_control_exception_req_v1_spec.rb +++ b/spec/models/device_control_exception_req_v1_spec.rb @@ -96,6 +96,12 @@ end end + describe 'test attribute "use_wildcard"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "vendor_id"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_api_entity_matched_v1_spec.rb b/spec/models/domain_api_entity_matched_v1_spec.rb new file mode 100644 index 00000000..e7b85ef1 --- /dev/null +++ b/spec/models/domain_api_entity_matched_v1_spec.rb @@ -0,0 +1,63 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::DomainAPIEntityMatchedV1 +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::DomainAPIEntityMatchedV1 do + let(:instance) { Falcon::DomainAPIEntityMatchedV1.new } + + describe 'test an instance of DomainAPIEntityMatchedV1' do + it 'should create an instance of DomainAPIEntityMatchedV1' do + expect(instance).to be_instance_of(Falcon::DomainAPIEntityMatchedV1) + end + end + describe 'test attribute "asset_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "data_provider"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "provider_asset_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/domain_api_evaluation_logic_entities_response_v1_spec.rb b/spec/models/domain_api_evaluation_logic_entities_response_v1_spec.rb new file mode 100644 index 00000000..bd812cef --- /dev/null +++ b/spec/models/domain_api_evaluation_logic_entities_response_v1_spec.rb @@ -0,0 +1,63 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::DomainAPIEvaluationLogicEntitiesResponseV1 +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::DomainAPIEvaluationLogicEntitiesResponseV1 do + let(:instance) { Falcon::DomainAPIEvaluationLogicEntitiesResponseV1.new } + + describe 'test an instance of DomainAPIEvaluationLogicEntitiesResponseV1' do + it 'should create an instance of DomainAPIEvaluationLogicEntitiesResponseV1' do + expect(instance).to be_instance_of(Falcon::DomainAPIEvaluationLogicEntitiesResponseV1) + end + end + describe 'test attribute "errors"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "meta"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "resources"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/domain_api_evaluation_logic_host_info_v1_spec.rb b/spec/models/domain_api_evaluation_logic_host_info_v1_spec.rb new file mode 100644 index 00000000..2b52ed91 --- /dev/null +++ b/spec/models/domain_api_evaluation_logic_host_info_v1_spec.rb @@ -0,0 +1,51 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::DomainAPIEvaluationLogicHostInfoV1 +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::DomainAPIEvaluationLogicHostInfoV1 do + let(:instance) { Falcon::DomainAPIEvaluationLogicHostInfoV1.new } + + describe 'test an instance of DomainAPIEvaluationLogicHostInfoV1' do + it 'should create an instance of DomainAPIEvaluationLogicHostInfoV1' do + expect(instance).to be_instance_of(Falcon::DomainAPIEvaluationLogicHostInfoV1) + end + end + describe 'test attribute "entities_matched"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/domain_api_evaluation_logic_v1_spec.rb b/spec/models/domain_api_evaluation_logic_v1_spec.rb index 1ad388f2..8c7998a3 100644 --- a/spec/models/domain_api_evaluation_logic_v1_spec.rb +++ b/spec/models/domain_api_evaluation_logic_v1_spec.rb @@ -66,6 +66,12 @@ end end + describe 'test attribute "host_info"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "id"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -78,6 +84,12 @@ end end + describe 'test attribute "scanner_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "updated_timestamp"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_api_finding_facet_v1_spec.rb b/spec/models/domain_api_finding_facet_v1_spec.rb index d46a4a38..f4fcd057 100644 --- a/spec/models/domain_api_finding_facet_v1_spec.rb +++ b/spec/models/domain_api_finding_facet_v1_spec.rb @@ -78,6 +78,12 @@ end end + describe 'test attribute "logic"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "updated_timestamp"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_api_finding_with_rule_v1_spec.rb b/spec/models/domain_api_finding_with_rule_v1_spec.rb index 07346af4..f7989839 100644 --- a/spec/models/domain_api_finding_with_rule_v1_spec.rb +++ b/spec/models/domain_api_finding_with_rule_v1_spec.rb @@ -42,6 +42,12 @@ expect(instance).to be_instance_of(Falcon::DomainAPIFindingWithRuleV1) end end + describe 'test attribute "evaluation_logic_type"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "evaluation_reason"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_api_vulnerability_data_provider_v1_spec.rb b/spec/models/domain_api_vulnerability_data_provider_v1_spec.rb new file mode 100644 index 00000000..5c9849ab --- /dev/null +++ b/spec/models/domain_api_vulnerability_data_provider_v1_spec.rb @@ -0,0 +1,75 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::DomainAPIVulnerabilityDataProviderV1 +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::DomainAPIVulnerabilityDataProviderV1 do + let(:instance) { Falcon::DomainAPIVulnerabilityDataProviderV1.new } + + describe 'test an instance of DomainAPIVulnerabilityDataProviderV1' do + it 'should create an instance of DomainAPIVulnerabilityDataProviderV1' do + expect(instance).to be_instance_of(Falcon::DomainAPIVulnerabilityDataProviderV1) + end + end + describe 'test attribute "ports"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "provider"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "rating"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "scan_time"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "scanner_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/domain_api_vulnerability_host_facet_v2_spec.rb b/spec/models/domain_api_vulnerability_host_facet_v2_spec.rb index 4e76ac43..aab653a8 100644 --- a/spec/models/domain_api_vulnerability_host_facet_v2_spec.rb +++ b/spec/models/domain_api_vulnerability_host_facet_v2_spec.rb @@ -54,6 +54,12 @@ end end + describe 'test attribute "entity_graph_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "groups"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -96,6 +102,12 @@ end end + describe 'test attribute "managed_by"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "os_build"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -156,4 +168,10 @@ end end + describe 'test attribute "third_party_asset_ids"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + end diff --git a/spec/models/domain_api_vulnerability_v2_spec.rb b/spec/models/domain_api_vulnerability_v2_spec.rb index 18c9bf7e..7fe4ffe5 100644 --- a/spec/models/domain_api_vulnerability_v2_spec.rb +++ b/spec/models/domain_api_vulnerability_v2_spec.rb @@ -84,6 +84,12 @@ end end + describe 'test attribute "data_providers"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "host_info"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -96,6 +102,12 @@ end end + describe 'test attribute "ports"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "remediation"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -120,4 +132,16 @@ end end + describe 'test attribute "vulnerability_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "vulnerability_metadata_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + end diff --git a/spec/models/domain_aws_account_v2_spec.rb b/spec/models/domain_aws_account_v2_spec.rb index b844f1ad..2ab952bd 100644 --- a/spec/models/domain_aws_account_v2_spec.rb +++ b/spec/models/domain_aws_account_v2_spec.rb @@ -72,6 +72,12 @@ end end + describe 'test attribute "account_name"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "account_type"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -120,6 +126,12 @@ end end + describe 'test attribute "cloud_scopes"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "cloudformation_url"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -150,6 +162,12 @@ end end + describe 'test attribute "environment"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "eventbus_name"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_base_api_vulnerability_v2_spec.rb b/spec/models/domain_base_api_vulnerability_v2_spec.rb index a500b3e0..c57baf81 100644 --- a/spec/models/domain_base_api_vulnerability_v2_spec.rb +++ b/spec/models/domain_base_api_vulnerability_v2_spec.rb @@ -84,6 +84,12 @@ end end + describe 'test attribute "data_providers"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "host_info"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -96,6 +102,12 @@ end end + describe 'test attribute "ports"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "remediation"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -120,4 +132,16 @@ end end + describe 'test attribute "vulnerability_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "vulnerability_metadata_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + end diff --git a/spec/models/domain_behavior_spec.rb b/spec/models/domain_behavior_spec.rb index 0314dc91..4260a568 100644 --- a/spec/models/domain_behavior_spec.rb +++ b/spec/models/domain_behavior_spec.rb @@ -48,6 +48,12 @@ end end + describe 'test attribute "alert_ids"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "behavior_id"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_cid_group_spec.rb b/spec/models/domain_cid_group_spec.rb index 7ef9ec3e..d8b476eb 100644 --- a/spec/models/domain_cid_group_spec.rb +++ b/spec/models/domain_cid_group_spec.rb @@ -42,12 +42,6 @@ expect(instance).to be_instance_of(Falcon::DomainCIDGroup) end end - describe 'test attribute "cid"' do - it 'should work' do - # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ - end - end - describe 'test attribute "cid_group_id"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_cid_policy_assignments_spec.rb b/spec/models/domain_cid_policy_assignments_spec.rb index 15ac1332..1ec6dc0a 100644 --- a/spec/models/domain_cid_policy_assignments_spec.rb +++ b/spec/models/domain_cid_policy_assignments_spec.rb @@ -66,6 +66,12 @@ end end + describe 'test attribute "cisa_benchmark"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "cloud_asset_type"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -126,6 +132,12 @@ end end + describe 'test attribute "iso_benchmark"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "name"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_cloud_accounts_spec.rb b/spec/models/domain_cloud_accounts_spec.rb new file mode 100644 index 00000000..85c7c8cb --- /dev/null +++ b/spec/models/domain_cloud_accounts_spec.rb @@ -0,0 +1,57 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::DomainCloudAccounts +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::DomainCloudAccounts do + let(:instance) { Falcon::DomainCloudAccounts.new } + + describe 'test an instance of DomainCloudAccounts' do + it 'should create an instance of DomainCloudAccounts' do + expect(instance).to be_instance_of(Falcon::DomainCloudAccounts) + end + end + describe 'test attribute "ids"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "provider"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/domain_cloud_scope_spec.rb b/spec/models/domain_cloud_scope_spec.rb new file mode 100644 index 00000000..028d0f23 --- /dev/null +++ b/spec/models/domain_cloud_scope_spec.rb @@ -0,0 +1,105 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::DomainCloudScope +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::DomainCloudScope do + let(:instance) { Falcon::DomainCloudScope.new } + + describe 'test an instance of DomainCloudScope' do + it 'should create an instance of DomainCloudScope' do + expect(instance).to be_instance_of(Falcon::DomainCloudScope) + end + end + describe 'test attribute "accounts"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "business_impact"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "business_unit"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "cid"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "created_at"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "description"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "name"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "owners"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "total_accounts"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/domain_discover_api_host_spec.rb b/spec/models/domain_discover_api_host_spec.rb index 240dcd4e..deac7184 100644 --- a/spec/models/domain_discover_api_host_spec.rb +++ b/spec/models/domain_discover_api_host_spec.rb @@ -162,6 +162,12 @@ end end + describe 'test attribute "cloud_instance_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "cloud_provider"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -192,6 +198,12 @@ end end + describe 'test attribute "computed_internet_exposure"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "confidence"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -228,12 +240,30 @@ end end + describe 'test attribute "criticality_description"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "criticality_rule_id"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end + describe 'test attribute "criticality_timestamp"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "criticality_username"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "current_local_ip"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -276,6 +306,12 @@ end end + describe 'test attribute "discoverer_hostnames"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "discoverer_platform_names"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -396,6 +432,24 @@ end end + describe 'test attribute "internet_exposure_description"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "internet_exposure_timestamp"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "internet_exposure_username"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "kernel_version"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -408,6 +462,12 @@ end end + describe 'test attribute "last_discoverer_hostname"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "last_seen_timestamp"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -546,6 +606,12 @@ end end + describe 'test attribute "override_internet_exposure"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "owned_by"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_discover_apiio_t_host_spec.rb b/spec/models/domain_discover_apiio_t_host_spec.rb index 19d1df2a..eeb6eed4 100644 --- a/spec/models/domain_discover_apiio_t_host_spec.rb +++ b/spec/models/domain_discover_apiio_t_host_spec.rb @@ -192,6 +192,12 @@ end end + describe 'test attribute "discoverer_ics_collector_ids"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "discoverer_product_type_descs"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_discover_params_spec.rb b/spec/models/domain_discover_params_spec.rb index 25217c10..71d31a88 100644 --- a/spec/models/domain_discover_params_spec.rb +++ b/spec/models/domain_discover_params_spec.rb @@ -42,12 +42,24 @@ expect(instance).to be_instance_of(Falcon::DomainDiscoverParams) end end + describe 'test attribute "application_filters"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "application_group_id"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end + describe 'test attribute "application_vendors"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "requirement_criteria"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_gcp_account_v1_spec.rb b/spec/models/domain_gcp_account_v1_spec.rb index f4692745..8d42c912 100644 --- a/spec/models/domain_gcp_account_v1_spec.rb +++ b/spec/models/domain_gcp_account_v1_spec.rb @@ -72,6 +72,12 @@ end end + describe 'test attribute "cloud_scopes"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "cspm_enabled"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -84,6 +90,12 @@ end end + describe 'test attribute "environment"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "folder_id"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_matched_breach_summary_v1_spec.rb b/spec/models/domain_matched_breach_summary_v1_spec.rb index 1c2b53d0..8f889c7f 100644 --- a/spec/models/domain_matched_breach_summary_v1_spec.rb +++ b/spec/models/domain_matched_breach_summary_v1_spec.rb @@ -102,6 +102,18 @@ end end + describe 'test attribute "idp_send_date"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "idp_send_status"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "name"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_meta_info_spec.rb b/spec/models/domain_meta_info_spec.rb index 154911c7..65becd4e 100644 --- a/spec/models/domain_meta_info_spec.rb +++ b/spec/models/domain_meta_info_spec.rb @@ -42,25 +42,13 @@ expect(instance).to be_instance_of(Falcon::DomainMetaInfo) end end - describe 'test attribute "pagination"' do + describe 'test attribute "msa_meta_info"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "powered_by"' do - it 'should work' do - # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ - end - end - - describe 'test attribute "query_time"' do - it 'should work' do - # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ - end - end - - describe 'test attribute "trace_id"' do + describe 'test attribute "quota"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end diff --git a/spec/models/domain_msa_meta_info_spec.rb b/spec/models/domain_msa_meta_info_spec.rb new file mode 100644 index 00000000..efe6da45 --- /dev/null +++ b/spec/models/domain_msa_meta_info_spec.rb @@ -0,0 +1,57 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::DomainMsaMetaInfo +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::DomainMsaMetaInfo do + let(:instance) { Falcon::DomainMsaMetaInfo.new } + + describe 'test an instance of DomainMsaMetaInfo' do + it 'should create an instance of DomainMsaMetaInfo' do + expect(instance).to be_instance_of(Falcon::DomainMsaMetaInfo) + end + end + describe 'test attribute "pagination"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "query_time"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/domain_notification_v1_spec.rb b/spec/models/domain_notification_v1_spec.rb index 14807019..2f829d6e 100644 --- a/spec/models/domain_notification_v1_spec.rb +++ b/spec/models/domain_notification_v1_spec.rb @@ -132,6 +132,12 @@ end end + describe 'test attribute "logs"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "raw_intel_id"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_policy_info_spec.rb b/spec/models/domain_policy_info_spec.rb index 111b6812..2ce4bbb2 100644 --- a/spec/models/domain_policy_info_spec.rb +++ b/spec/models/domain_policy_info_spec.rb @@ -114,6 +114,12 @@ end end + describe 'test attribute "cisa_benchmark_ids"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "cli_command"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -216,6 +222,12 @@ end end + describe 'test attribute "iso_benchmark_ids"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "mitre_attack_cloud_matrix"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/domain_query_mitre_attacks_response_spec.rb b/spec/models/domain_query_mitre_attacks_response_spec.rb new file mode 100644 index 00000000..92b74864 --- /dev/null +++ b/spec/models/domain_query_mitre_attacks_response_spec.rb @@ -0,0 +1,63 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::DomainQueryMitreAttacksResponse +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::DomainQueryMitreAttacksResponse do + let(:instance) { Falcon::DomainQueryMitreAttacksResponse.new } + + describe 'test an instance of DomainQueryMitreAttacksResponse' do + it 'should create an instance of DomainQueryMitreAttacksResponse' do + expect(instance).to be_instance_of(Falcon::DomainQueryMitreAttacksResponse) + end + end + describe 'test attribute "errors"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "meta"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "resources"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/domain_rule_spec.rb b/spec/models/domain_rule_spec.rb index 9d53eb80..f071f7be 100644 --- a/spec/models/domain_rule_spec.rb +++ b/spec/models/domain_rule_spec.rb @@ -42,25 +42,25 @@ expect(instance).to be_instance_of(Falcon::DomainRule) end end - describe 'test attribute "categories"' do + describe 'test attribute "created_date"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "created_date"' do + describe 'test attribute "description"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "customer_id"' do + describe 'test attribute "id"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "id"' do + describe 'test attribute "last_modified_date"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end @@ -72,19 +72,25 @@ end end - describe 'test attribute "rule_type"' do + describe 'test attribute "rich_text_description"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "short_description"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "updated_date"' do + describe 'test attribute "tags"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "value"' do + describe 'test attribute "type"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end diff --git a/spec/models/domain_update_notification_request_v1_spec.rb b/spec/models/domain_update_notification_request_v1_spec.rb index 5e360321..77b8ad50 100644 --- a/spec/models/domain_update_notification_request_v1_spec.rb +++ b/spec/models/domain_update_notification_request_v1_spec.rb @@ -54,6 +54,18 @@ end end + describe 'test attribute "idp_send_status"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "message"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "status"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/falconx_amsi_call_spec.rb b/spec/models/falconx_amsi_call_spec.rb index e02580ce..c577aa2c 100644 --- a/spec/models/falconx_amsi_call_spec.rb +++ b/spec/models/falconx_amsi_call_spec.rb @@ -42,6 +42,18 @@ expect(instance).to be_instance_of(Falcon::FalconxAMSICall) end end + describe 'test attribute "app_name"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "filename"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "raw_script_content"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/falconx_certificate_spec.rb b/spec/models/falconx_certificate_spec.rb new file mode 100644 index 00000000..fdb0e555 --- /dev/null +++ b/spec/models/falconx_certificate_spec.rb @@ -0,0 +1,87 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::FalconxCertificate +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::FalconxCertificate do + let(:instance) { Falcon::FalconxCertificate.new } + + describe 'test an instance of FalconxCertificate' do + it 'should create an instance of FalconxCertificate' do + expect(instance).to be_instance_of(Falcon::FalconxCertificate) + end + end + describe 'test attribute "issuer"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "md5"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "owner"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "serial_number"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "sha1"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "valid_from"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "valid_until"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/domain_assessment_paging_spec.rb b/spec/models/falconx_file_data_directory_spec.rb similarity index 78% rename from spec/models/domain_assessment_paging_spec.rb rename to spec/models/falconx_file_data_directory_spec.rb index 7a37bdcf..9f83276c 100644 --- a/spec/models/domain_assessment_paging_spec.rb +++ b/spec/models/falconx_file_data_directory_spec.rb @@ -31,36 +31,36 @@ require 'json' require 'date' -# Unit tests for Falcon::DomainAssessmentPaging +# Unit tests for Falcon::FalconxFileDataDirectory # Automatically generated by openapi-generator (https://openapi-generator.tech) # Please update as you see appropriate -describe Falcon::DomainAssessmentPaging do - let(:instance) { Falcon::DomainAssessmentPaging.new } +describe Falcon::FalconxFileDataDirectory do + let(:instance) { Falcon::FalconxFileDataDirectory.new } - describe 'test an instance of DomainAssessmentPaging' do - it 'should create an instance of DomainAssessmentPaging' do - expect(instance).to be_instance_of(Falcon::DomainAssessmentPaging) + describe 'test an instance of FalconxFileDataDirectory' do + it 'should create an instance of FalconxFileDataDirectory' do + expect(instance).to be_instance_of(Falcon::FalconxFileDataDirectory) end end - describe 'test attribute "expires_at"' do + describe 'test attribute "is_in_section"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "limit"' do + describe 'test attribute "name"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "offset"' do + describe 'test attribute "virtual_address"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end - describe 'test attribute "total"' do + describe 'test attribute "virtual_size"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end diff --git a/spec/models/falconx_file_resource_spec.rb b/spec/models/falconx_file_resource_spec.rb new file mode 100644 index 00000000..b3aeca03 --- /dev/null +++ b/spec/models/falconx_file_resource_spec.rb @@ -0,0 +1,75 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::FalconxFileResource +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::FalconxFileResource do + let(:instance) { Falcon::FalconxFileResource.new } + + describe 'test an instance of FalconxFileResource' do + it 'should create an instance of FalconxFileResource' do + expect(instance).to be_instance_of(Falcon::FalconxFileResource) + end + end + describe 'test attribute "language"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "name"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "rva"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "size"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "type"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/falconx_file_section_spec.rb b/spec/models/falconx_file_section_spec.rb new file mode 100644 index 00000000..75f548ef --- /dev/null +++ b/spec/models/falconx_file_section_spec.rb @@ -0,0 +1,87 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::FalconxFileSection +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::FalconxFileSection do + let(:instance) { Falcon::FalconxFileSection.new } + + describe 'test an instance of FalconxFileSection' do + it 'should create an instance of FalconxFileSection' do + expect(instance).to be_instance_of(Falcon::FalconxFileSection) + end + end + describe 'test attribute "characteristics"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "entropy"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "md5"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "name"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "raw_size"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "virtual_address"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "virtual_size"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/falconx_module_spec.rb b/spec/models/falconx_module_spec.rb new file mode 100644 index 00000000..ba5231f4 --- /dev/null +++ b/spec/models/falconx_module_spec.rb @@ -0,0 +1,57 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::FalconxModule +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::FalconxModule do + let(:instance) { Falcon::FalconxModule.new } + + describe 'test an instance of FalconxModule' do + it 'should create an instance of FalconxModule' do + expect(instance).to be_instance_of(Falcon::FalconxModule) + end + end + describe 'test attribute "base"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "path"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/falconx_process_spec.rb b/spec/models/falconx_process_spec.rb index 70025c8e..2448cc54 100644 --- a/spec/models/falconx_process_spec.rb +++ b/spec/models/falconx_process_spec.rb @@ -72,6 +72,12 @@ end end + describe 'test attribute "modules"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "mutants"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/falconx_sandbox_parameters_v1_spec.rb b/spec/models/falconx_sandbox_parameters_v1_spec.rb index 38e7546d..c71f10a3 100644 --- a/spec/models/falconx_sandbox_parameters_v1_spec.rb +++ b/spec/models/falconx_sandbox_parameters_v1_spec.rb @@ -42,6 +42,12 @@ expect(instance).to be_instance_of(Falcon::FalconxSandboxParametersV1) end end + describe 'test attribute "interactivity"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "action_script"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/falconx_sandbox_report_v1_spec.rb b/spec/models/falconx_sandbox_report_v1_spec.rb index ce8394d6..93af9bb6 100644 --- a/spec/models/falconx_sandbox_report_v1_spec.rb +++ b/spec/models/falconx_sandbox_report_v1_spec.rb @@ -48,6 +48,18 @@ end end + describe 'test attribute "certificates"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "certificates_validation_message"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "classification"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -66,12 +78,42 @@ end end + describe 'test attribute "dll_characteristics"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "dns_requests"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end + describe 'test attribute "entrypoint"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "entrypoint_preview_count"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "entrypoint_preview_instructions"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "entrypoint_section"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "environment_description"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -120,6 +162,12 @@ end end + describe 'test attribute "file_data_directories"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "file_imports"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -132,6 +180,18 @@ end end + describe 'test attribute "file_resources"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "file_sections"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "file_size"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -156,6 +216,24 @@ end end + describe 'test attribute "icon"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "image_base"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "image_file_characteristics"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "incidents"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -180,6 +258,24 @@ end end + describe 'test attribute "is_certificates_valid"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "language"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "major_os_version"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "memory_dumps"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -204,6 +300,12 @@ end end + describe 'test attribute "minor_os_version"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "mitre_attacks"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -276,6 +378,12 @@ end end + describe 'test attribute "subsystem"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "suricata_alerts"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -312,6 +420,12 @@ end end + describe 'test attribute "visualization"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "windows_version_bitness"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/fwmgr_firewall_match_event_response_spec.rb b/spec/models/fwmgr_firewall_match_event_response_spec.rb index f255bf4d..42a6d404 100644 --- a/spec/models/fwmgr_firewall_match_event_response_spec.rb +++ b/spec/models/fwmgr_firewall_match_event_response_spec.rb @@ -66,6 +66,12 @@ end end + describe 'test attribute "domain_name_list"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "event_type"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/images_ext_combined_images_response_spec.rb b/spec/models/images_ext_combined_images_response_spec.rb new file mode 100644 index 00000000..26fb3f53 --- /dev/null +++ b/spec/models/images_ext_combined_images_response_spec.rb @@ -0,0 +1,63 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::ImagesExtCombinedImagesResponse +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::ImagesExtCombinedImagesResponse do + let(:instance) { Falcon::ImagesExtCombinedImagesResponse.new } + + describe 'test an instance of ImagesExtCombinedImagesResponse' do + it 'should create an instance of ImagesExtCombinedImagesResponse' do + expect(instance).to be_instance_of(Falcon::ImagesExtCombinedImagesResponse) + end + end + describe 'test attribute "errors"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "meta"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "resources"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/internal_sensor_status_spec.rb b/spec/models/internal_sensor_status_spec.rb new file mode 100644 index 00000000..6f2e9b34 --- /dev/null +++ b/spec/models/internal_sensor_status_spec.rb @@ -0,0 +1,105 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::InternalSensorStatus +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::InternalSensorStatus do + let(:instance) { Falcon::InternalSensorStatus.new } + + describe 'test an instance of InternalSensorStatus' do + it 'should create an instance of InternalSensorStatus' do + expect(instance).to be_instance_of(Falcon::InternalSensorStatus) + end + end + describe 'test attribute "agent_version"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "cid"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "device_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "hostname"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "idp_policy_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "idp_policy_name"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "local_ip"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "machine_domain"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "os_version"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "ti_enabled"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/models_credentials_spec.rb b/spec/models/models_credentials_spec.rb new file mode 100644 index 00000000..b158c09d --- /dev/null +++ b/spec/models/models_credentials_spec.rb @@ -0,0 +1,51 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::ModelsCredentials +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::ModelsCredentials do + let(:instance) { Falcon::ModelsCredentials.new } + + describe 'test an instance of ModelsCredentials' do + it 'should create an instance of ModelsCredentials' do + expect(instance).to be_instance_of(Falcon::ModelsCredentials) + end + end + describe 'test attribute "token"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/models_ext_api_image_combined_spec.rb b/spec/models/models_ext_api_image_combined_spec.rb new file mode 100644 index 00000000..779d01d7 --- /dev/null +++ b/spec/models/models_ext_api_image_combined_spec.rb @@ -0,0 +1,159 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::ModelsExtAPIImageCombined +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::ModelsExtAPIImageCombined do + let(:instance) { Falcon::ModelsExtAPIImageCombined.new } + + describe 'test an instance of ModelsExtAPIImageCombined' do + it 'should create an instance of ModelsExtAPIImageCombined' do + expect(instance).to be_instance_of(Falcon::ModelsExtAPIImageCombined) + end + end + describe 'test attribute "base_os"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "cid"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "containers"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "detections"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "first_seen"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "highest_detection_severity"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "highest_vulnerability_severity"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "image_digest"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "image_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "last_seen"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "layers_with_vulnerabilities"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "packages"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "registry"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "report_url_by_id_and_digest"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "report_url_by_repo_and_tag"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "repository"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "tag"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "vulnerabilities"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "warning"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/models_job_meta_data_spec.rb b/spec/models/models_job_meta_data_spec.rb new file mode 100644 index 00000000..25183f94 --- /dev/null +++ b/spec/models/models_job_meta_data_spec.rb @@ -0,0 +1,93 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::ModelsJobMetaData +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::ModelsJobMetaData do + let(:instance) { Falcon::ModelsJobMetaData.new } + + describe 'test an instance of ModelsJobMetaData' do + it 'should create an instance of ModelsJobMetaData' do + expect(instance).to be_instance_of(Falcon::ModelsJobMetaData) + end + end + describe 'test attribute "cloud_provider"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "instance_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "job_end_time"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "job_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "job_start_time"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "message"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "scanner_version"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "status"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/models_registry_credentials_response_spec.rb b/spec/models/models_registry_credentials_response_spec.rb new file mode 100644 index 00000000..0e7d53a2 --- /dev/null +++ b/spec/models/models_registry_credentials_response_spec.rb @@ -0,0 +1,63 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::ModelsRegistryCredentialsResponse +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::ModelsRegistryCredentialsResponse do + let(:instance) { Falcon::ModelsRegistryCredentialsResponse.new } + + describe 'test an instance of ModelsRegistryCredentialsResponse' do + it 'should create an instance of ModelsRegistryCredentialsResponse' do + expect(instance).to be_instance_of(Falcon::ModelsRegistryCredentialsResponse) + end + end + describe 'test attribute "errors"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "meta"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "resources"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/models_scan_results_spec.rb b/spec/models/models_scan_results_spec.rb new file mode 100644 index 00000000..9eeee6b3 --- /dev/null +++ b/spec/models/models_scan_results_spec.rb @@ -0,0 +1,57 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::ModelsScanResults +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::ModelsScanResults do + let(:instance) { Falcon::ModelsScanResults.new } + + describe 'test an instance of ModelsScanResults' do + it 'should create an instance of ModelsScanResults' do + expect(instance).to be_instance_of(Falcon::ModelsScanResults) + end + end + describe 'test attribute "applications"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "os_version"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/models_snapshot_inventory_application_spec.rb b/spec/models/models_snapshot_inventory_application_spec.rb new file mode 100644 index 00000000..c21ef71b --- /dev/null +++ b/spec/models/models_snapshot_inventory_application_spec.rb @@ -0,0 +1,99 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::ModelsSnapshotInventoryApplication +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::ModelsSnapshotInventoryApplication do + let(:instance) { Falcon::ModelsSnapshotInventoryApplication.new } + + describe 'test an instance of ModelsSnapshotInventoryApplication' do + it 'should create an instance of ModelsSnapshotInventoryApplication' do + expect(instance).to be_instance_of(Falcon::ModelsSnapshotInventoryApplication) + end + end + describe 'test attribute "major_version"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "package_hash"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "package_provider"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "package_source"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "path"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "product"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "software_architecture"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "type"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "vendor"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/models_snapshot_inventory_payload_spec.rb b/spec/models/models_snapshot_inventory_payload_spec.rb new file mode 100644 index 00000000..f824d0e7 --- /dev/null +++ b/spec/models/models_snapshot_inventory_payload_spec.rb @@ -0,0 +1,57 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::ModelsSnapshotInventoryPayload +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::ModelsSnapshotInventoryPayload do + let(:instance) { Falcon::ModelsSnapshotInventoryPayload.new } + + describe 'test an instance of ModelsSnapshotInventoryPayload' do + it 'should create an instance of ModelsSnapshotInventoryPayload' do + expect(instance).to be_instance_of(Falcon::ModelsSnapshotInventoryPayload) + end + end + describe 'test attribute "job_metadata"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "results"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/public_acl_change_spec.rb b/spec/models/public_acl_change_spec.rb new file mode 100644 index 00000000..998bc80f --- /dev/null +++ b/spec/models/public_acl_change_spec.rb @@ -0,0 +1,57 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::PublicACLChange +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::PublicACLChange do + let(:instance) { Falcon::PublicACLChange.new } + + describe 'test an instance of PublicACLChange' do + it 'should create an instance of PublicACLChange' do + expect(instance).to be_instance_of(Falcon::PublicACLChange) + end + end + describe 'test attribute "operation"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "permissions"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end diff --git a/spec/models/registration_azure_account_v1_ext_spec.rb b/spec/models/registration_azure_account_v1_ext_spec.rb index 6d4dbcfb..3e11d089 100644 --- a/spec/models/registration_azure_account_v1_ext_spec.rb +++ b/spec/models/registration_azure_account_v1_ext_spec.rb @@ -90,6 +90,12 @@ end end + describe 'test attribute "cloud_scopes"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "conditions"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -114,6 +120,12 @@ end end + describe 'test attribute "environment"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "object_id"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ @@ -156,6 +168,12 @@ end end + describe 'test attribute "subscription_name"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "tenant_id"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/registration_iom_event_v2_spec.rb b/spec/models/registration_iom_event_v2_spec.rb index 8987aeb9..abb89f26 100644 --- a/spec/models/registration_iom_event_v2_spec.rb +++ b/spec/models/registration_iom_event_v2_spec.rb @@ -72,12 +72,24 @@ end end + describe 'test attribute "cloud_labels"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "cloud_provider"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ end end + describe 'test attribute "cloud_scopes"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + describe 'test attribute "custom_policy_id"' do it 'should work' do # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ diff --git a/spec/models/sadomain_notification_log_spec.rb b/spec/models/sadomain_notification_log_spec.rb new file mode 100644 index 00000000..a4f93353 --- /dev/null +++ b/spec/models/sadomain_notification_log_spec.rb @@ -0,0 +1,105 @@ +=begin +Crimson Falcon - Ruby Client SDK + +Code auto-generated by OpenAPI Generator; DO NOT EDIT. + +MIT License + +Copyright (c) 2023 Crowdstrike + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for Falcon::SadomainNotificationLog +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe Falcon::SadomainNotificationLog do + let(:instance) { Falcon::SadomainNotificationLog.new } + + describe 'test an instance of SadomainNotificationLog' do + it 'should create an instance of SadomainNotificationLog' do + expect(instance).to be_instance_of(Falcon::SadomainNotificationLog) + end + end + describe 'test attribute "action"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "cid"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "created_date"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "details"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "message"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "notification_id"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "user_email"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "user_uuid"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + + describe 'test attribute "username"' do + it 'should work' do + # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/ + end + end + +end