diff --git a/README.md b/README.md
index 6bbd6ee9..6fb512a6 100644
--- a/README.md
+++ b/README.md
@@ -227,6 +227,22 @@ We appreciate your interest in our project and look forward to collaborating wit
---
+**Class**: `Falcon::ConfigurationAssessmentApi`
+
+- **Operation**: [**get_combined_assessments_query**](docs/ConfigurationAssessmentApi.md#get_combined_assessments_query)
+- **GET**: /configuration-assessment/combined/assessments/v1
+- **Description**: Search for assessments in your environment by providing an FQL filter and paging details. Returns a set of HostFinding entities which match the filter criteria
+
+---
+
+**Class**: `Falcon::ConfigurationAssessmentEvaluationLogicApi`
+
+- **Operation**: [**get_evaluation_logic_mixin0**](docs/ConfigurationAssessmentEvaluationLogicApi.md#get_evaluation_logic_mixin0)
+- **GET**: /configuration-assessment/entities/evaluation-logic/v1
+- **Description**: Get details on evaluation logic items by providing one or more finding IDs.
+
+---
+
**Class**: `Falcon::CspmRegistrationApi`
- **Operation**: [**azure_download_certificate**](docs/CspmRegistrationApi.md#azure_download_certificate)
@@ -485,7 +501,7 @@ We appreciate your interest in our project and look forward to collaborating wit
**Class**: `Falcon::CustomIoaApi`
-- **Operation**: [**get_rules_mixin0_mixin65**](docs/CustomIoaApi.md#get_rules_mixin0_mixin65)
+- **Operation**: [**get_rules_mixin0**](docs/CustomIoaApi.md#get_rules_mixin0)
- **GET**: /ioarules/entities/rules/v1
- **Description**: Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size.
@@ -533,7 +549,7 @@ We appreciate your interest in our project and look forward to collaborating wit
**Class**: `Falcon::CustomIoaApi`
-- **Operation**: [**query_rules_mixin0_mixin65**](docs/CustomIoaApi.md#query_rules_mixin0_mixin65)
+- **Operation**: [**query_rules_mixin0**](docs/CustomIoaApi.md#query_rules_mixin0)
- **GET**: /ioarules/queries/rules/v1
- **Description**: Finds all rule IDs matching the query with optional filter.
@@ -861,38 +877,6 @@ We appreciate your interest in our project and look forward to collaborating wit
**Class**: `Falcon::DiscoverApi`
-- **Operation**: [**query_active_discovery_networks**](docs/DiscoverApi.md#query_active_discovery_networks)
-- **GET**: /discover/queries/active-discovery-networks/v1
-- **Description**: Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria.
-
----
-
-**Class**: `Falcon::DiscoverApi`
-
-- **Operation**: [**query_active_discovery_rules**](docs/DiscoverApi.md#query_active_discovery_rules)
-- **GET**: /discover/queries/active-discovery-rules/v1
-- **Description**: Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria.
-
----
-
-**Class**: `Falcon::DiscoverApi`
-
-- **Operation**: [**query_active_discovery_scanners**](docs/DiscoverApi.md#query_active_discovery_scanners)
-- **GET**: /discover/queries/active-discovery-scanners/v1
-- **Description**: Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria.
-
----
-
-**Class**: `Falcon::DiscoverApi`
-
-- **Operation**: [**query_active_discovery_scans**](docs/DiscoverApi.md#query_active_discovery_scans)
-- **GET**: /discover/queries/active-discovery-scans/v1
-- **Description**: Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria.
-
----
-
-**Class**: `Falcon::DiscoverApi`
-
- **Operation**: [**query_applications**](docs/DiscoverApi.md#query_applications)
- **GET**: /discover/queries/applications/v1
- **Description**: Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria.
@@ -1117,6 +1101,14 @@ We appreciate your interest in our project and look forward to collaborating wit
**Class**: `Falcon::FalconContainerImageApi`
+- **Operation**: [**get_combined_images**](docs/FalconContainerImageApi.md#get_combined_images)
+- **GET**: /container-security/combined/image-assessment/images/v1
+- **Description**: Get image assessment results by providing an FQL filter and paging details
+
+---
+
+**Class**: `Falcon::FalconContainerImageApi`
+
- **Operation**: [**read_registry_entities**](docs/FalconContainerImageApi.md#read_registry_entities)
- **GET**: /container-security/queries/registries/v1
- **Description**: Retrieve registry entities identified by the customer id
@@ -1803,6 +1795,30 @@ We appreciate your interest in our project and look forward to collaborating wit
---
+**Class**: `Falcon::IdentityEntitiesApi`
+
+- **Operation**: [**get_sensor_aggregates**](docs/IdentityEntitiesApi.md#get_sensor_aggregates)
+- **POST**: /identity-protection/aggregates/devices/GET/v1
+- **Description**: Get sensor aggregates as specified via json in request body.
+
+---
+
+**Class**: `Falcon::IdentityEntitiesApi`
+
+- **Operation**: [**get_sensor_details**](docs/IdentityEntitiesApi.md#get_sensor_details)
+- **POST**: /identity-protection/entities/devices/GET/v1
+- **Description**: Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs.
+
+---
+
+**Class**: `Falcon::IdentityEntitiesApi`
+
+- **Operation**: [**query_sensors_by_filter**](docs/IdentityEntitiesApi.md#query_sensors_by_filter)
+- **GET**: /identity-protection/queries/devices/v1
+- **Description**: Search for sensors in your environment by hostname, IP, and other criteria.
+
+---
+
**Class**: `Falcon::IdentityProtectionApi`
- **Operation**: [**api_preempt_proxy_post_graphql**](docs/IdentityProtectionApi.md#api_preempt_proxy_post_graphql)
@@ -2071,7 +2087,7 @@ We appreciate your interest in our project and look forward to collaborating wit
- **Operation**: [**query_mitre_attacks**](docs/IntelApi.md#query_mitre_attacks)
- **GET**: /intel/queries/mitre/v1
-- **Description**: Gets MITRE tactics and techniques for the given actor
+- **Description**: Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071
---
@@ -2083,6 +2099,14 @@ We appreciate your interest in our project and look forward to collaborating wit
---
+**Class**: `Falcon::InventoriesApi`
+
+- **Operation**: [**create_inventory**](docs/InventoriesApi.md#create_inventory)
+- **POST**: /snapshots/entities/inventories/v1
+- **Description**: Create inventory from data received from snapshot
+
+---
+
**Class**: `Falcon::IoaExclusionsApi`
- **Operation**: [**create_ioa_exclusions_v1**](docs/IoaExclusionsApi.md#create_ioa_exclusions_v1)
@@ -2647,7 +2671,15 @@ We appreciate your interest in our project and look forward to collaborating wit
- **Operation**: [**delete_cid_group_members**](docs/MsspApi.md#delete_cid_group_members)
- **DELETE**: /mssp/entities/cid-group-members/v1
-- **Description**: Delete CID group members.
+- **Description**: Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members.
+
+---
+
+**Class**: `Falcon::MsspApi`
+
+- **Operation**: [**delete_cid_group_members_v2**](docs/MsspApi.md#delete_cid_group_members_v2)
+- **DELETE**: /mssp/entities/cid-group-members/v2
+- **Description**: Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group.
---
@@ -3091,11 +3123,11 @@ We appreciate your interest in our project and look forward to collaborating wit
---
-**Class**: `Falcon::PublicAssessmentsApi`
+**Class**: `Falcon::ProvisionApi`
-- **Operation**: [**get_combined_assessments_query**](docs/PublicAssessmentsApi.md#get_combined_assessments_query)
-- **GET**: /configuration-assessment/combined/assessments/v1
-- **Description**: Search for assessments in your environment by providing an FQL filter and paging details. Returns a set of HostFinding entities which match the filter criteria
+- **Operation**: [**get_credentials_mixin0**](docs/ProvisionApi.md#get_credentials_mixin0)
+- **GET**: /snapshots/entities/image-registry-credentials/v1
+- **Description**: Gets the registry credentials
---
@@ -4131,62 +4163,6 @@ We appreciate your interest in our project and look forward to collaborating wit
---
-**Class**: `Falcon::SpotlightEvaluationLogicApi`
-
-- **Operation**: [**combined_query_evaluation_logic**](docs/SpotlightEvaluationLogicApi.md#combined_query_evaluation_logic)
-- **GET**: /spotlight/combined/evaluation-logic/v1
-- **Description**: Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.
-
----
-
-**Class**: `Falcon::SpotlightEvaluationLogicApi`
-
-- **Operation**: [**get_evaluation_logic**](docs/SpotlightEvaluationLogicApi.md#get_evaluation_logic)
-- **GET**: /spotlight/entities/evaluation-logic/v1
-- **Description**: Get details on evaluation logic items by providing one or more IDs.
-
----
-
-**Class**: `Falcon::SpotlightEvaluationLogicApi`
-
-- **Operation**: [**query_evaluation_logic**](docs/SpotlightEvaluationLogicApi.md#query_evaluation_logic)
-- **GET**: /spotlight/queries/evaluation-logic/v1
-- **Description**: Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria.
-
----
-
-**Class**: `Falcon::SpotlightVulnerabilitiesApi`
-
-- **Operation**: [**combined_query_vulnerabilities**](docs/SpotlightVulnerabilitiesApi.md#combined_query_vulnerabilities)
-- **GET**: /spotlight/combined/vulnerabilities/v1
-- **Description**: Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria
-
----
-
-**Class**: `Falcon::SpotlightVulnerabilitiesApi`
-
-- **Operation**: [**get_remediations_v2**](docs/SpotlightVulnerabilitiesApi.md#get_remediations_v2)
-- **GET**: /spotlight/entities/remediations/v2
-- **Description**: Get details on remediation by providing one or more IDs
-
----
-
-**Class**: `Falcon::SpotlightVulnerabilitiesApi`
-
-- **Operation**: [**get_vulnerabilities**](docs/SpotlightVulnerabilitiesApi.md#get_vulnerabilities)
-- **GET**: /spotlight/entities/vulnerabilities/v2
-- **Description**: Get details on vulnerabilities by providing one or more IDs
-
----
-
-**Class**: `Falcon::SpotlightVulnerabilitiesApi`
-
-- **Operation**: [**query_vulnerabilities**](docs/SpotlightVulnerabilitiesApi.md#query_vulnerabilities)
-- **GET**: /spotlight/queries/vulnerabilities/v1
-- **Description**: Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria
-
----
-
**Class**: `Falcon::TailoredIntelligenceApi`
- **Operation**: [**get_events_body**](docs/TailoredIntelligenceApi.md#get_events_body)
@@ -4403,6 +4379,62 @@ We appreciate your interest in our project and look forward to collaborating wit
---
+**Class**: `Falcon::VulnerabilitiesApi`
+
+- **Operation**: [**combined_query_vulnerabilities**](docs/VulnerabilitiesApi.md#combined_query_vulnerabilities)
+- **GET**: /spotlight/combined/vulnerabilities/v1
+- **Description**: Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria
+
+---
+
+**Class**: `Falcon::VulnerabilitiesApi`
+
+- **Operation**: [**get_remediations_v2**](docs/VulnerabilitiesApi.md#get_remediations_v2)
+- **GET**: /spotlight/entities/remediations/v2
+- **Description**: Get details on remediation by providing one or more IDs
+
+---
+
+**Class**: `Falcon::VulnerabilitiesApi`
+
+- **Operation**: [**get_vulnerabilities**](docs/VulnerabilitiesApi.md#get_vulnerabilities)
+- **GET**: /spotlight/entities/vulnerabilities/v2
+- **Description**: Get details on vulnerabilities by providing one or more IDs
+
+---
+
+**Class**: `Falcon::VulnerabilitiesApi`
+
+- **Operation**: [**query_vulnerabilities**](docs/VulnerabilitiesApi.md#query_vulnerabilities)
+- **GET**: /spotlight/queries/vulnerabilities/v1
+- **Description**: Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria
+
+---
+
+**Class**: `Falcon::VulnerabilitiesEvaluationLogicApi`
+
+- **Operation**: [**combined_query_evaluation_logic**](docs/VulnerabilitiesEvaluationLogicApi.md#combined_query_evaluation_logic)
+- **GET**: /spotlight/combined/evaluation-logic/v1
+- **Description**: Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.
+
+---
+
+**Class**: `Falcon::VulnerabilitiesEvaluationLogicApi`
+
+- **Operation**: [**get_evaluation_logic**](docs/VulnerabilitiesEvaluationLogicApi.md#get_evaluation_logic)
+- **GET**: /spotlight/entities/evaluation-logic/v1
+- **Description**: Get details on evaluation logic items by providing one or more IDs.
+
+---
+
+**Class**: `Falcon::VulnerabilitiesEvaluationLogicApi`
+
+- **Operation**: [**query_evaluation_logic**](docs/VulnerabilitiesEvaluationLogicApi.md#query_evaluation_logic)
+- **GET**: /spotlight/queries/evaluation-logic/v1
+- **Description**: Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria.
+
+---
+
**Class**: `Falcon::ZeroTrustAssessmentApi`
- **Operation**: [**get_assessment_v1**](docs/ZeroTrustAssessmentApi.md#get_assessment_v1)
diff --git a/docs/ApiSensorDetailsResponseSwagger.md b/docs/ApiSensorDetailsResponseSwagger.md
new file mode 100644
index 00000000..cd3c725e
--- /dev/null
+++ b/docs/ApiSensorDetailsResponseSwagger.md
@@ -0,0 +1,22 @@
+# Falcon::ApiSensorDetailsResponseSwagger
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | |
+| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | |
+| **resources** | [**Array<InternalSensorStatus>**](InternalSensorStatus.md) | | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::ApiSensorDetailsResponseSwagger.new(
+ errors: null,
+ meta: null,
+ resources: null
+)
+```
+
diff --git a/docs/ClassificationCriteria.md b/docs/ClassificationCriteria.md
new file mode 100644
index 00000000..77a04150
--- /dev/null
+++ b/docs/ClassificationCriteria.md
@@ -0,0 +1,20 @@
+# Falcon::ClassificationCriteria
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **accounts** | **Array<String>** | | [optional] |
+| **resources** | **Array<String>** | | [optional] |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::ClassificationCriteria.new(
+ accounts: null,
+ resources: null
+)
+```
+
diff --git a/docs/ClassificationLabel.md b/docs/ClassificationLabel.md
new file mode 100644
index 00000000..b47e0f82
--- /dev/null
+++ b/docs/ClassificationLabel.md
@@ -0,0 +1,28 @@
+# Falcon::ClassificationLabel
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **criteria** | [**Array<ClassificationCriteria>**](ClassificationCriteria.md) | | [optional] |
+| **dynamic** | **Boolean** | | [optional] |
+| **global** | **Boolean** | | [optional] |
+| **group** | **String** | | [optional] |
+| **id** | **Integer** | | [optional] |
+| **name** | **String** | | [optional] |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::ClassificationLabel.new(
+ criteria: null,
+ dynamic: null,
+ global: null,
+ group: null,
+ id: null,
+ name: null
+)
+```
+
diff --git a/docs/CommonEntitiesResponse.md b/docs/CommonEntitiesResponse.md
new file mode 100644
index 00000000..da5ca47a
--- /dev/null
+++ b/docs/CommonEntitiesResponse.md
@@ -0,0 +1,22 @@
+# Falcon::CommonEntitiesResponse
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | |
+| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | |
+| **resources** | **Object** | | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::CommonEntitiesResponse.new(
+ errors: null,
+ meta: null,
+ resources: null
+)
+```
+
diff --git a/docs/PublicAssessmentsApi.md b/docs/ConfigurationAssessmentApi.md
similarity index 84%
rename from docs/PublicAssessmentsApi.md
rename to docs/ConfigurationAssessmentApi.md
index deb9c153..c0af1f14 100644
--- a/docs/PublicAssessmentsApi.md
+++ b/docs/ConfigurationAssessmentApi.md
@@ -1,10 +1,10 @@
-# Falcon::PublicAssessmentsApi
+# Falcon::ConfigurationAssessmentApi
All URIs are relative to *https://api.crowdstrike.com*
| Method | HTTP request | Description |
| ------ | ------------ | ----------- |
-| [**get_combined_assessments_query**](PublicAssessmentsApi.md#get_combined_assessments_query) | **GET** /configuration-assessment/combined/assessments/v1 | Search for assessments in your environment by providing an FQL filter and paging details. Returns a set of HostFinding entities which match the filter criteria |
+| [**get_combined_assessments_query**](ConfigurationAssessmentApi.md#get_combined_assessments_query) | **GET** /configuration-assessment/combined/assessments/v1 | Search for assessments in your environment by providing an FQL filter and paging details. Returns a set of HostFinding entities which match the filter criteria |
## get_combined_assessments_query
@@ -26,13 +26,13 @@ Falcon.configure do |config|
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
-api_instance = Falcon::PublicAssessmentsApi.new
+api_instance = Falcon::ConfigurationAssessmentApi.new
filter = 'filter_example' # String | Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: - created_timestamp:>'2019-11-25T22:36:12Z'
- updated_timestamp:>'2019-11-25T22:36:12Z'
- aid:'8e7656b27d8c49a34a1af416424d6231'
opts = {
after: 'after_example', # String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.
limit: 56, # Integer | The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.
sort: 'sort_example', # String | Sort assessment by their properties. Common sort options include: - created_timestamp|desc
- updated_timestamp|asc
- facet: ['inner_example'] # Array | Select various details blocks to be returned for each assessment entity. Supported values:
+ facet: ['inner_example'] # Array | Select various details blocks to be returned for each assessment entity. Supported values: - host
- finding.rule
- finding.evaluation_logic
}
begin
@@ -40,7 +40,7 @@ begin
result = api_instance.get_combined_assessments_query(filter, opts)
p result
rescue Falcon::ApiError => e
- puts "Error when calling PublicAssessmentsApi->get_combined_assessments_query: #{e}"
+ puts "Error when calling ConfigurationAssessmentApi->get_combined_assessments_query: #{e}"
end
```
@@ -58,7 +58,7 @@ begin
p headers # => { ... }
p data # =>
rescue Falcon::ApiError => e
- puts "Error when calling PublicAssessmentsApi->get_combined_assessments_query_with_http_info: #{e}"
+ puts "Error when calling ConfigurationAssessmentApi->get_combined_assessments_query_with_http_info: #{e}"
end
```
@@ -70,7 +70,7 @@ end
| **after** | **String** | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. | [optional] |
| **limit** | **Integer** | The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results. | [optional] |
| **sort** | **String** | Sort assessment by their properties. Common sort options include: <ul><li>created_timestamp|desc</li><li>updated_timestamp|asc</li></ul> | [optional] |
-| **facet** | [**Array<String>**](String.md) | Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li></ul> | [optional] |
+| **facet** | [**Array<String>**](String.md) | Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li><li>finding.evaluation_logic</li></ul> | [optional] |
### Return type
diff --git a/docs/ConfigurationAssessmentEvaluationLogicApi.md b/docs/ConfigurationAssessmentEvaluationLogicApi.md
new file mode 100644
index 00000000..86bc74bb
--- /dev/null
+++ b/docs/ConfigurationAssessmentEvaluationLogicApi.md
@@ -0,0 +1,77 @@
+# Falcon::ConfigurationAssessmentEvaluationLogicApi
+
+All URIs are relative to *https://api.crowdstrike.com*
+
+| Method | HTTP request | Description |
+| ------ | ------------ | ----------- |
+| [**get_evaluation_logic_mixin0**](ConfigurationAssessmentEvaluationLogicApi.md#get_evaluation_logic_mixin0) | **GET** /configuration-assessment/entities/evaluation-logic/v1 | Get details on evaluation logic items by providing one or more finding IDs. |
+
+
+## get_evaluation_logic_mixin0
+
+> get_evaluation_logic_mixin0(ids)
+
+Get details on evaluation logic items by providing one or more finding IDs.
+
+### Examples
+
+```ruby
+require 'time'
+require 'crimson-falcon'
+
+# Setup authorization
+Falcon.configure do |config|
+ config.client_id = "Your_Client_ID"
+ config.client_secret = "Your_Client_Secret"
+ config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
+end
+
+api_instance = Falcon::ConfigurationAssessmentEvaluationLogicApi.new
+ids = ['inner_example'] # Array | One or more evaluation logic finding IDs.
+
+begin
+ # Get details on evaluation logic items by providing one or more finding IDs.
+ result = api_instance.get_evaluation_logic_mixin0(ids)
+ p result
+rescue Falcon::ApiError => e
+ puts "Error when calling ConfigurationAssessmentEvaluationLogicApi->get_evaluation_logic_mixin0: #{e}"
+end
+```
+
+#### Using the get_evaluation_logic_mixin0_with_http_info variant
+
+This returns an Array which contains the response data, status code and headers.
+
+> , Integer, Hash)> get_evaluation_logic_mixin0_with_http_info(ids)
+
+```ruby
+begin
+ # Get details on evaluation logic items by providing one or more finding IDs.
+ data, status_code, headers = api_instance.get_evaluation_logic_mixin0_with_http_info(ids)
+ p status_code # => 2xx
+ p headers # => { ... }
+ p data # =>
+rescue Falcon::ApiError => e
+ puts "Error when calling ConfigurationAssessmentEvaluationLogicApi->get_evaluation_logic_mixin0_with_http_info: #{e}"
+end
+```
+
+### Parameters
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **ids** | [**Array<String>**](String.md) | One or more evaluation logic finding IDs. | |
+
+### Return type
+
+[**DomainAPIEvaluationLogicEntitiesResponseV1**](DomainAPIEvaluationLogicEntitiesResponseV1.md)
+
+### Authorization
+
+**oauth2**
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
diff --git a/docs/CspmRegistrationApi.md b/docs/CspmRegistrationApi.md
index 58eae877..0f1c5d02 100644
--- a/docs/CspmRegistrationApi.md
+++ b/docs/CspmRegistrationApi.md
@@ -580,7 +580,8 @@ opts = {
filter: 'filter_example', # String | use_current_scan_ids - *use this to get records for latest scans* account_name account_id agent_id attack_types azure_subscription_id cloud_provider cloud_service_keyword custom_policy_id is_managed policy_id policy_type resource_id region status scan_time severity severity_string
sort: 'sort_example', # String | account_name account_id attack_types azure_subscription_id cloud_provider cloud_service_keyword status is_managed policy_id policy_type resource_id region scan_time severity severity_string timestamp
limit: 56, # Integer | The max number of detections to return
- offset: 56 # Integer | Offset returned detections
+ offset: 56, # Integer | Offset returned detections. Cannot be combined with next_token filter
+ next_token: 'next_token_example' # String | String to get next page of results. Cannot be combined with any filter except limit.
}
begin
@@ -617,7 +618,8 @@ end
| **filter** | **String** | use_current_scan_ids - *use this to get records for latest scans* account_name account_id agent_id attack_types azure_subscription_id cloud_provider cloud_service_keyword custom_policy_id is_managed policy_id policy_type resource_id region status scan_time severity severity_string | [optional] |
| **sort** | **String** | account_name account_id attack_types azure_subscription_id cloud_provider cloud_service_keyword status is_managed policy_id policy_type resource_id region scan_time severity severity_string timestamp | [optional][default to 'timestamp|desc'] |
| **limit** | **Integer** | The max number of detections to return | [optional][default to 500] |
-| **offset** | **Integer** | Offset returned detections | [optional] |
+| **offset** | **Integer** | Offset returned detections. Cannot be combined with next_token filter | [optional] |
+| **next_token** | **String** | String to get next page of results. Cannot be combined with any filter except limit. | [optional] |
### Return type
diff --git a/docs/CustomIoaApi.md b/docs/CustomIoaApi.md
index dad531ff..5bb614a1 100644
--- a/docs/CustomIoaApi.md
+++ b/docs/CustomIoaApi.md
@@ -13,13 +13,13 @@ All URIs are relative to *https://api.crowdstrike.com*
| [**get_rule_groups_mixin0**](CustomIoaApi.md#get_rule_groups_mixin0) | **GET** /ioarules/entities/rule-groups/v1 | Get rule groups by ID. |
| [**get_rule_types**](CustomIoaApi.md#get_rule_types) | **GET** /ioarules/entities/rule-types/v1 | Get rule types by ID. |
| [**get_rules_get**](CustomIoaApi.md#get_rules_get) | **POST** /ioarules/entities/rules/GET/v1 | Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. |
-| [**get_rules_mixin0_mixin65**](CustomIoaApi.md#get_rules_mixin0_mixin65) | **GET** /ioarules/entities/rules/v1 | Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size. |
+| [**get_rules_mixin0**](CustomIoaApi.md#get_rules_mixin0) | **GET** /ioarules/entities/rules/v1 | Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size. |
| [**query_patterns**](CustomIoaApi.md#query_patterns) | **GET** /ioarules/queries/pattern-severities/v1 | Get all pattern severity IDs. |
| [**query_platforms_mixin0**](CustomIoaApi.md#query_platforms_mixin0) | **GET** /ioarules/queries/platforms/v1 | Get all platform IDs. |
| [**query_rule_groups_full**](CustomIoaApi.md#query_rule_groups_full) | **GET** /ioarules/queries/rule-groups-full/v1 | Find all rule groups matching the query with optional filter. |
| [**query_rule_groups_mixin0**](CustomIoaApi.md#query_rule_groups_mixin0) | **GET** /ioarules/queries/rule-groups/v1 | Finds all rule group IDs matching the query with optional filter. |
| [**query_rule_types**](CustomIoaApi.md#query_rule_types) | **GET** /ioarules/queries/rule-types/v1 | Get all rule type IDs. |
-| [**query_rules_mixin0_mixin65**](CustomIoaApi.md#query_rules_mixin0_mixin65) | **GET** /ioarules/queries/rules/v1 | Finds all rule IDs matching the query with optional filter. |
+| [**query_rules_mixin0**](CustomIoaApi.md#query_rules_mixin0) | **GET** /ioarules/queries/rules/v1 | Finds all rule IDs matching the query with optional filter. |
| [**update_rule_group_mixin0**](CustomIoaApi.md#update_rule_group_mixin0) | **PATCH** /ioarules/entities/rule-groups/v1 | Update a rule group. The following properties can be modified: name, description, enabled. |
| [**update_rules**](CustomIoaApi.md#update_rules) | **PATCH** /ioarules/entities/rules/v1 | Update rules within a rule group. Return the updated rules. |
| [**validate**](CustomIoaApi.md#validate) | **POST** /ioarules/entities/rules/validate/v1 | Validates field values and checks for matches if a test string is provided. |
@@ -656,9 +656,9 @@ end
- **Accept**: application/json
-## get_rules_mixin0_mixin65
+## get_rules_mixin0
-> get_rules_mixin0_mixin65(ids)
+> get_rules_mixin0(ids)
Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size.
@@ -680,28 +680,28 @@ ids = ['inner_example'] # Array | The IDs of the entities
begin
# Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size.
- result = api_instance.get_rules_mixin0_mixin65(ids)
+ result = api_instance.get_rules_mixin0(ids)
p result
rescue Falcon::ApiError => e
- puts "Error when calling CustomIoaApi->get_rules_mixin0_mixin65: #{e}"
+ puts "Error when calling CustomIoaApi->get_rules_mixin0: #{e}"
end
```
-#### Using the get_rules_mixin0_mixin65_with_http_info variant
+#### Using the get_rules_mixin0_with_http_info variant
This returns an Array which contains the response data, status code and headers.
-> , Integer, Hash)> get_rules_mixin0_mixin65_with_http_info(ids)
+> , Integer, Hash)> get_rules_mixin0_with_http_info(ids)
```ruby
begin
# Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size.
- data, status_code, headers = api_instance.get_rules_mixin0_mixin65_with_http_info(ids)
+ data, status_code, headers = api_instance.get_rules_mixin0_with_http_info(ids)
p status_code # => 2xx
p headers # => { ... }
p data # =>
rescue Falcon::ApiError => e
- puts "Error when calling CustomIoaApi->get_rules_mixin0_mixin65_with_http_info: #{e}"
+ puts "Error when calling CustomIoaApi->get_rules_mixin0_with_http_info: #{e}"
end
```
@@ -892,7 +892,7 @@ end
api_instance = Falcon::CustomIoaApi.new
opts = {
- sort: 'created_by', # String | Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled}
+ sort: 'created_by', # String | Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on}
filter: 'filter_example', # String | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.
q: 'q_example', # String | Match query criteria, which includes all the filter string fields
offset: 'offset_example', # String | Starting index of overall result set from which to return IDs
@@ -930,7 +930,7 @@ end
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **sort** | **String** | Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled} | [optional] |
+| **sort** | **String** | Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on} | [optional] |
| **filter** | **String** | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | [optional] |
| **q** | **String** | Match query criteria, which includes all the filter string fields | [optional] |
| **offset** | **String** | Starting index of overall result set from which to return IDs | [optional] |
@@ -971,7 +971,7 @@ end
api_instance = Falcon::CustomIoaApi.new
opts = {
- sort: 'created_by', # String | Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled}
+ sort: 'created_by', # String | Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on}
filter: 'filter_example', # String | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.
q: 'q_example', # String | Match query criteria, which includes all the filter string fields
offset: 'offset_example', # String | Starting index of overall result set from which to return IDs
@@ -1009,7 +1009,7 @@ end
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **sort** | **String** | Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled} | [optional] |
+| **sort** | **String** | Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on} | [optional] |
| **filter** | **String** | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | [optional] |
| **q** | **String** | Match query criteria, which includes all the filter string fields | [optional] |
| **offset** | **String** | Starting index of overall result set from which to return IDs | [optional] |
@@ -1102,9 +1102,9 @@ end
- **Accept**: application/json
-## query_rules_mixin0_mixin65
+## query_rules_mixin0
-> query_rules_mixin0_mixin65(opts)
+> query_rules_mixin0(opts)
Finds all rule IDs matching the query with optional filter.
@@ -1123,7 +1123,7 @@ end
api_instance = Falcon::CustomIoaApi.new
opts = {
- sort: 'rules.created_by', # String | Possible order by fields: {rules.enabled, rules.created_by, rules.current_version.modified_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.ruletype_name, rules.created_on, rules.current_version.name}
+ sort: 'rules.created_by', # String | Possible order by fields: {rules.created_on, rules.current_version.name, rules.current_version.modified_by, rules.ruletype_name, rules.created_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.enabled}
filter: 'filter_example', # String | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.
q: 'q_example', # String | Match query criteria, which includes all the filter string fields
offset: 'offset_example', # String | Starting index of overall result set from which to return IDs
@@ -1132,28 +1132,28 @@ opts = {
begin
# Finds all rule IDs matching the query with optional filter.
- result = api_instance.query_rules_mixin0_mixin65(opts)
+ result = api_instance.query_rules_mixin0(opts)
p result
rescue Falcon::ApiError => e
- puts "Error when calling CustomIoaApi->query_rules_mixin0_mixin65: #{e}"
+ puts "Error when calling CustomIoaApi->query_rules_mixin0: #{e}"
end
```
-#### Using the query_rules_mixin0_mixin65_with_http_info variant
+#### Using the query_rules_mixin0_with_http_info variant
This returns an Array which contains the response data, status code and headers.
-> , Integer, Hash)> query_rules_mixin0_mixin65_with_http_info(opts)
+> , Integer, Hash)> query_rules_mixin0_with_http_info(opts)
```ruby
begin
# Finds all rule IDs matching the query with optional filter.
- data, status_code, headers = api_instance.query_rules_mixin0_mixin65_with_http_info(opts)
+ data, status_code, headers = api_instance.query_rules_mixin0_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # =>
rescue Falcon::ApiError => e
- puts "Error when calling CustomIoaApi->query_rules_mixin0_mixin65_with_http_info: #{e}"
+ puts "Error when calling CustomIoaApi->query_rules_mixin0_with_http_info: #{e}"
end
```
@@ -1161,7 +1161,7 @@ end
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **sort** | **String** | Possible order by fields: {rules.enabled, rules.created_by, rules.current_version.modified_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.ruletype_name, rules.created_on, rules.current_version.name} | [optional] |
+| **sort** | **String** | Possible order by fields: {rules.created_on, rules.current_version.name, rules.current_version.modified_by, rules.ruletype_name, rules.created_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.enabled} | [optional] |
| **filter** | **String** | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | [optional] |
| **q** | **String** | Match query criteria, which includes all the filter string fields | [optional] |
| **offset** | **String** | Starting index of overall result set from which to return IDs | [optional] |
diff --git a/docs/DetectsAlert.md b/docs/DetectsAlert.md
index b85cbe61..c2e1d755 100644
--- a/docs/DetectsAlert.md
+++ b/docs/DetectsAlert.md
@@ -13,7 +13,6 @@
| **composite_id** | **String** | | [optional] |
| **confidence** | **Integer** | | [optional] |
| **crawl_edge_ids** | **Hash<String, Array<String>>** | | [optional] |
-| **crawl_traversal** | [**Array<ThreatgraphCrawlEdgesRequest>**](ThreatgraphCrawlEdgesRequest.md) | | [optional] |
| **crawl_vertex_ids** | **Hash<String, Array<String>>** | | [optional] |
| **crawled_timestamp** | **Time** | | [optional] |
| **created_timestamp** | **Time** | | [optional] |
@@ -55,7 +54,6 @@ instance = Falcon::DetectsAlert.new(
composite_id: null,
confidence: null,
crawl_edge_ids: null,
- crawl_traversal: null,
crawl_vertex_ids: null,
crawled_timestamp: null,
created_timestamp: null,
diff --git a/docs/DeviceControlExceptionReqV1.md b/docs/DeviceControlExceptionReqV1.md
index c74c92c5..a28f79f5 100644
--- a/docs/DeviceControlExceptionReqV1.md
+++ b/docs/DeviceControlExceptionReqV1.md
@@ -13,6 +13,7 @@
| **product_id_decimal** | **String** | | [optional] |
| **product_name** | **String** | | [optional] |
| **serial_number** | **String** | | [optional] |
+| **use_wildcard** | **Boolean** | true indicates using blob syntax USB serial numbers | [optional] |
| **vendor_id** | **String** | Hexadecimal VendorID used to apply the exception | [optional] |
| **vendor_id_decimal** | **String** | Hexadecimal VendorID used to apply the exception | [optional] |
| **vendor_name** | **String** | Vendor Name, optional | [optional] |
@@ -32,6 +33,7 @@ instance = Falcon::DeviceControlExceptionReqV1.new(
product_id_decimal: null,
product_name: null,
serial_number: null,
+ use_wildcard: null,
vendor_id: null,
vendor_id_decimal: null,
vendor_name: null
diff --git a/docs/DiscoverApi.md b/docs/DiscoverApi.md
index 37e812a2..693b0c7b 100644
--- a/docs/DiscoverApi.md
+++ b/docs/DiscoverApi.md
@@ -9,10 +9,6 @@ All URIs are relative to *https://api.crowdstrike.com*
| [**get_hosts**](DiscoverApi.md#get_hosts) | **GET** /discover/entities/hosts/v1 | Get details on assets by providing one or more IDs. |
| [**get_logins**](DiscoverApi.md#get_logins) | **GET** /discover/entities/logins/v1 | Get details on logins by providing one or more IDs. |
| [**query_accounts**](DiscoverApi.md#query_accounts) | **GET** /discover/queries/accounts/v1 | Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of account IDs which match the filter criteria. |
-| [**query_active_discovery_networks**](DiscoverApi.md#query_active_discovery_networks) | **GET** /discover/queries/active-discovery-networks/v1 | Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria. |
-| [**query_active_discovery_rules**](DiscoverApi.md#query_active_discovery_rules) | **GET** /discover/queries/active-discovery-rules/v1 | Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria. |
-| [**query_active_discovery_scanners**](DiscoverApi.md#query_active_discovery_scanners) | **GET** /discover/queries/active-discovery-scanners/v1 | Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria. |
-| [**query_active_discovery_scans**](DiscoverApi.md#query_active_discovery_scans) | **GET** /discover/queries/active-discovery-scans/v1 | Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria. |
| [**query_applications**](DiscoverApi.md#query_applications) | **GET** /discover/queries/applications/v1 | Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria. |
| [**query_hosts**](DiscoverApi.md#query_hosts) | **GET** /discover/queries/hosts/v1 | Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria. |
| [**query_logins**](DiscoverApi.md#query_logins) | **GET** /discover/queries/logins/v1 | Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of login IDs which match the filter criteria. |
@@ -318,7 +314,7 @@ opts = {
offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
limit: 56, # Integer | The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.
sort: 'sort_example', # String | Sort accounts by their properties. A single sort field is allowed. Common sort options include: - username|asc
- last_failed_login_timestamp|desc
- filter: 'filter_example' # String | Filter accounts using an FQL query. Common filter options include: - account_type:'Local'
- admin_privileges:'Yes'
- first_seen_timestamp:<'now-7d'
- last_successful_login_type:'Terminal server'
+ filter: 'filter_example' # String | Filter accounts using an FQL query. Common filter options include:- account_type:'Local'
- admin_privileges:'Yes'
- first_seen_timestamp:<'now-7d'
- last_successful_login_type:'Terminal server'
Available filter fields that support exact match: id, cid, user_sid, account_name, username, account_type, admin_privileges, first_seen_timestamp, last_successful_login_type, last_successful_login_timestamp, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_timestamp, last_failed_login_hostname, password_last_set_timestamp, local_admin_privileges Available filter fields that supports wildcard (*): id, cid, user_sid, account_name, username, account_type, admin_privileges, last_successful_login_type, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_hostname, local_admin_privileges Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_successful_login_timestamp,last_failed_login_timestamp, password_last_set_timestamp All filter fields and operations supports negation (!).
}
begin
@@ -355,7 +351,7 @@ end
| **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] |
| **limit** | **Integer** | The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. | [optional] |
| **sort** | **String** | Sort accounts by their properties. A single sort field is allowed. Common sort options include: <ul><li>username|asc</li><li>last_failed_login_timestamp|desc</li></ul> | [optional] |
-| **filter** | **String** | Filter accounts using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul> | [optional] |
+| **filter** | **String** | Filter accounts using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul> Available filter fields that support exact match: id, cid, user_sid, account_name, username, account_type, admin_privileges, first_seen_timestamp, last_successful_login_type, last_successful_login_timestamp, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_timestamp, last_failed_login_hostname, password_last_set_timestamp, local_admin_privileges Available filter fields that supports wildcard (*): id, cid, user_sid, account_name, username, account_type, admin_privileges, last_successful_login_type, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_hostname, local_admin_privileges Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_successful_login_timestamp,last_failed_login_timestamp, password_last_set_timestamp All filter fields and operations supports negation (!). | [optional] |
### Return type
@@ -371,322 +367,6 @@ end
- **Accept**: application/json
-## query_active_discovery_networks
-
-> query_active_discovery_networks(opts)
-
-Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria.
-
-### Examples
-
-```ruby
-require 'time'
-require 'crimson-falcon'
-
-# Setup authorization
-Falcon.configure do |config|
- config.client_id = "Your_Client_ID"
- config.client_secret = "Your_Client_Secret"
- config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
-end
-
-api_instance = Falcon::DiscoverApi.new
-opts = {
- x_cs_useruuid: 'x_cs_useruuid_example', # String | User UUID
- offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
- limit: 56, # Integer | The number of active discovery network ids to return in this response (Min: 1, Max: 100, Default: 100).
- sort: 'sort_example', # String | Sort active discovery networks by their properties. A single sort field is allowed.
- filter: 'filter_example' # String | Search for active discovery networks in your environment by providing an FQL filter.
-}
-
-begin
- # Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria.
- result = api_instance.query_active_discovery_networks(opts)
- p result
-rescue Falcon::ApiError => e
- puts "Error when calling DiscoverApi->query_active_discovery_networks: #{e}"
-end
-```
-
-#### Using the query_active_discovery_networks_with_http_info variant
-
-This returns an Array which contains the response data, status code and headers.
-
-> , Integer, Hash)> query_active_discovery_networks_with_http_info(opts)
-
-```ruby
-begin
- # Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria.
- data, status_code, headers = api_instance.query_active_discovery_networks_with_http_info(opts)
- p status_code # => 2xx
- p headers # => { ... }
- p data # =>
-rescue Falcon::ApiError => e
- puts "Error when calling DiscoverApi->query_active_discovery_networks_with_http_info: #{e}"
-end
-```
-
-### Parameters
-
-| Name | Type | Description | Notes |
-| ---- | ---- | ----------- | ----- |
-| **x_cs_useruuid** | **String** | User UUID | [optional] |
-| **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] |
-| **limit** | **Integer** | The number of active discovery network ids to return in this response (Min: 1, Max: 100, Default: 100). | [optional] |
-| **sort** | **String** | Sort active discovery networks by their properties. A single sort field is allowed. | [optional] |
-| **filter** | **String** | Search for active discovery networks in your environment by providing an FQL filter. | [optional] |
-
-### Return type
-
-[**MsaspecQueryResponse**](MsaspecQueryResponse.md)
-
-### Authorization
-
-**oauth2**
-
-### HTTP request headers
-
-- **Content-Type**: Not defined
-- **Accept**: application/json
-
-
-## query_active_discovery_rules
-
-> query_active_discovery_rules(opts)
-
-Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria.
-
-### Examples
-
-```ruby
-require 'time'
-require 'crimson-falcon'
-
-# Setup authorization
-Falcon.configure do |config|
- config.client_id = "Your_Client_ID"
- config.client_secret = "Your_Client_Secret"
- config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
-end
-
-api_instance = Falcon::DiscoverApi.new
-opts = {
- x_cs_useruuid: 'x_cs_useruuid_example', # String | User UUID
- offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
- limit: 56, # Integer | The number of active discovery rule ids to return in this response (Min: 1, Max: 100, Default: 100).
- sort: 'sort_example', # String | Sort active discovery rules by their properties. A single sort field is allowed.
- filter: 'filter_example' # String | Search for active discovery rules in your environment by providing an FQL filter.
-}
-
-begin
- # Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria.
- result = api_instance.query_active_discovery_rules(opts)
- p result
-rescue Falcon::ApiError => e
- puts "Error when calling DiscoverApi->query_active_discovery_rules: #{e}"
-end
-```
-
-#### Using the query_active_discovery_rules_with_http_info variant
-
-This returns an Array which contains the response data, status code and headers.
-
-> , Integer, Hash)> query_active_discovery_rules_with_http_info(opts)
-
-```ruby
-begin
- # Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria.
- data, status_code, headers = api_instance.query_active_discovery_rules_with_http_info(opts)
- p status_code # => 2xx
- p headers # => { ... }
- p data # =>
-rescue Falcon::ApiError => e
- puts "Error when calling DiscoverApi->query_active_discovery_rules_with_http_info: #{e}"
-end
-```
-
-### Parameters
-
-| Name | Type | Description | Notes |
-| ---- | ---- | ----------- | ----- |
-| **x_cs_useruuid** | **String** | User UUID | [optional] |
-| **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] |
-| **limit** | **Integer** | The number of active discovery rule ids to return in this response (Min: 1, Max: 100, Default: 100). | [optional] |
-| **sort** | **String** | Sort active discovery rules by their properties. A single sort field is allowed. | [optional] |
-| **filter** | **String** | Search for active discovery rules in your environment by providing an FQL filter. | [optional] |
-
-### Return type
-
-[**MsaspecQueryResponse**](MsaspecQueryResponse.md)
-
-### Authorization
-
-**oauth2**
-
-### HTTP request headers
-
-- **Content-Type**: Not defined
-- **Accept**: application/json
-
-
-## query_active_discovery_scanners
-
-> query_active_discovery_scanners(opts)
-
-Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria.
-
-### Examples
-
-```ruby
-require 'time'
-require 'crimson-falcon'
-
-# Setup authorization
-Falcon.configure do |config|
- config.client_id = "Your_Client_ID"
- config.client_secret = "Your_Client_Secret"
- config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
-end
-
-api_instance = Falcon::DiscoverApi.new
-opts = {
- x_cs_useruuid: 'x_cs_useruuid_example', # String | User UUID
- offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
- limit: 56, # Integer | The number of active discovery scanner ids to return in this response (Min: 1, Max: 100, Default: 100).
- sort: 'sort_example', # String | Sort active discovery scanners by their properties. A single sort field is allowed.
- filter: 'filter_example' # String | Search for active discovery scanners in your environment by providing an FQL filter.
-}
-
-begin
- # Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria.
- result = api_instance.query_active_discovery_scanners(opts)
- p result
-rescue Falcon::ApiError => e
- puts "Error when calling DiscoverApi->query_active_discovery_scanners: #{e}"
-end
-```
-
-#### Using the query_active_discovery_scanners_with_http_info variant
-
-This returns an Array which contains the response data, status code and headers.
-
-> , Integer, Hash)> query_active_discovery_scanners_with_http_info(opts)
-
-```ruby
-begin
- # Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria.
- data, status_code, headers = api_instance.query_active_discovery_scanners_with_http_info(opts)
- p status_code # => 2xx
- p headers # => { ... }
- p data # =>
-rescue Falcon::ApiError => e
- puts "Error when calling DiscoverApi->query_active_discovery_scanners_with_http_info: #{e}"
-end
-```
-
-### Parameters
-
-| Name | Type | Description | Notes |
-| ---- | ---- | ----------- | ----- |
-| **x_cs_useruuid** | **String** | User UUID | [optional] |
-| **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] |
-| **limit** | **Integer** | The number of active discovery scanner ids to return in this response (Min: 1, Max: 100, Default: 100). | [optional] |
-| **sort** | **String** | Sort active discovery scanners by their properties. A single sort field is allowed. | [optional] |
-| **filter** | **String** | Search for active discovery scanners in your environment by providing an FQL filter. | [optional] |
-
-### Return type
-
-[**MsaspecQueryResponse**](MsaspecQueryResponse.md)
-
-### Authorization
-
-**oauth2**
-
-### HTTP request headers
-
-- **Content-Type**: Not defined
-- **Accept**: application/json
-
-
-## query_active_discovery_scans
-
-> query_active_discovery_scans(opts)
-
-Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria.
-
-### Examples
-
-```ruby
-require 'time'
-require 'crimson-falcon'
-
-# Setup authorization
-Falcon.configure do |config|
- config.client_id = "Your_Client_ID"
- config.client_secret = "Your_Client_Secret"
- config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
-end
-
-api_instance = Falcon::DiscoverApi.new
-opts = {
- x_cs_useruuid: 'x_cs_useruuid_example', # String | User UUID
- offset: 56, # Integer | The index of the starting resource.
- limit: 56, # Integer | The number of active discovery scan ids to return in this response (Min: 1, Max: 100, Default: 100).
- sort: 'sort_example', # String | Sort active discovery scans by their properties. A single sort field is allowed.
- filter: 'filter_example' # String | Search for active discovery scans in your environment by providing an FQL filter.
-}
-
-begin
- # Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria.
- result = api_instance.query_active_discovery_scans(opts)
- p result
-rescue Falcon::ApiError => e
- puts "Error when calling DiscoverApi->query_active_discovery_scans: #{e}"
-end
-```
-
-#### Using the query_active_discovery_scans_with_http_info variant
-
-This returns an Array which contains the response data, status code and headers.
-
-> , Integer, Hash)> query_active_discovery_scans_with_http_info(opts)
-
-```ruby
-begin
- # Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria.
- data, status_code, headers = api_instance.query_active_discovery_scans_with_http_info(opts)
- p status_code # => 2xx
- p headers # => { ... }
- p data # =>
-rescue Falcon::ApiError => e
- puts "Error when calling DiscoverApi->query_active_discovery_scans_with_http_info: #{e}"
-end
-```
-
-### Parameters
-
-| Name | Type | Description | Notes |
-| ---- | ---- | ----------- | ----- |
-| **x_cs_useruuid** | **String** | User UUID | [optional] |
-| **offset** | **Integer** | The index of the starting resource. | [optional] |
-| **limit** | **Integer** | The number of active discovery scan ids to return in this response (Min: 1, Max: 100, Default: 100). | [optional] |
-| **sort** | **String** | Sort active discovery scans by their properties. A single sort field is allowed. | [optional] |
-| **filter** | **String** | Search for active discovery scans in your environment by providing an FQL filter. | [optional] |
-
-### Return type
-
-[**MsaspecQueryResponse**](MsaspecQueryResponse.md)
-
-### Authorization
-
-**oauth2**
-
-### HTTP request headers
-
-- **Content-Type**: Not defined
-- **Accept**: application/json
-
-
## query_applications
> query_applications(opts)
@@ -711,7 +391,7 @@ opts = {
offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
limit: 56, # Integer | The number of application ids to return in this response (Min: 1, Max: 100, Default: 100).
sort: 'sort_example', # String | Sort applications by their properties. A single sort field is allowed.
- filter: 'filter_example' # String | Search for applications in your environment by providing an FQL filter.
+ filter: 'filter_example' # String | Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!).
}
begin
@@ -748,7 +428,7 @@ end
| **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] |
| **limit** | **Integer** | The number of application ids to return in this response (Min: 1, Max: 100, Default: 100). | [optional] |
| **sort** | **String** | Sort applications by their properties. A single sort field is allowed. | [optional] |
-| **filter** | **String** | Search for applications in your environment by providing an FQL filter. | [optional] |
+| **filter** | **String** | Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!). | [optional] |
### Return type
@@ -788,7 +468,7 @@ opts = {
offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
limit: 56, # Integer | The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.
sort: 'sort_example', # String | Sort assets by their properties. A single sort field is allowed. Common sort options include: - hostname|asc
- product_type_desc|desc
- filter: 'filter_example' # String | Filter assets using an FQL query. Common filter options include: - entity_type:'managed'
- product_type_desc:'Workstation'
- platform_name:'Windows'
- last_seen_timestamp:>'now-7d'
+ filter: 'filter_example' # String | Filter assets using an FQL query. Common filter options include:- entity_type:'managed'
- product_type_desc:'Workstation'
- platform_name:'Windows'
- last_seen_timestamp:>'now-7d'
Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp All filter fields and operations supports negation (!).
}
begin
@@ -825,7 +505,7 @@ end
| **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] |
| **limit** | **Integer** | The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. | [optional] |
| **sort** | **String** | Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul> | [optional] |
-| **filter** | **String** | Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> | [optional] |
+| **filter** | **String** | Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp All filter fields and operations supports negation (!). | [optional] |
### Return type
@@ -865,7 +545,7 @@ opts = {
offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
limit: 56, # Integer | The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.
sort: 'sort_example', # String | Sort logins by their properties. A single sort field is allowed. Common sort options include: - account_name|asc
- login_timestamp|desc
- filter: 'filter_example' # String | Filter logins using an FQL query. Common filter options include: - account_type:'Local'
- login_type:'Interactive'
- first_seen_timestamp:<'now-7d'
- admin_privileges:'No'
+ filter: 'filter_example' # String | Filter logins using an FQL query. Common filter options include:- account_type:'Local'
- login_type:'Interactive'
- first_seen_timestamp:<'now-7d'
- admin_privileges:'No'
Available filter fields that support exact match: id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_timestamp, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, is_suspicious, failure_description, login_event_count, aggregation_time_interval Available filter fields that supports wildcard (*): id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, failure_description, aggregation_time_interval Available filter fields that supports range comparisons (>, <, >=, <=): login_timestamp, login_event_count All filter fields and operations supports negation (!).
}
begin
@@ -902,7 +582,7 @@ end
| **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] |
| **limit** | **Integer** | The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. | [optional] |
| **sort** | **String** | Sort logins by their properties. A single sort field is allowed. Common sort options include: <ul><li>account_name|asc</li><li>login_timestamp|desc</li></ul> | [optional] |
-| **filter** | **String** | Filter logins using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul> | [optional] |
+| **filter** | **String** | Filter logins using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul> Available filter fields that support exact match: id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_timestamp, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, is_suspicious, failure_description, login_event_count, aggregation_time_interval Available filter fields that supports wildcard (*): id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, failure_description, aggregation_time_interval Available filter fields that supports range comparisons (>, <, >=, <=): login_timestamp, login_event_count All filter fields and operations supports negation (!). | [optional] |
### Return type
diff --git a/docs/DiscoverIotApi.md b/docs/DiscoverIotApi.md
index 909779f2..5caff4fc 100644
--- a/docs/DiscoverIotApi.md
+++ b/docs/DiscoverIotApi.md
@@ -101,7 +101,7 @@ opts = {
offset: 56, # Integer | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
limit: 56, # Integer | The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.
sort: 'sort_example', # String | Sort assets by their properties. A single sort field is allowed. Common sort options include: - hostname|asc
- product_type_desc|desc
- filter: 'filter_example' # String | Filter assets using an FQL query. Common filter options include: - entity_type:'managed'
- product_type_desc:'Workstation'
- platform_name:'Windows'
- last_seen_timestamp:>'now-7d'
+ filter: 'filter_example' # String | Filter assets using an FQL query. Common filter options include:- entity_type:'managed'
- product_type_desc:'Workstation'
- platform_name:'Windows'
- last_seen_timestamp:>'now-7d'
Available filter fields that support exact match: device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, physical_connections_count, data_providers Available filter fields that supports wildcard (*): device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, data_providers Available filter fields that supports range comparisons (>, <, >=, <=): physical_connections_count All filter fields and operations supports negation (!).
}
begin
@@ -138,7 +138,7 @@ end
| **offset** | **Integer** | An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results. | [optional] |
| **limit** | **Integer** | The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results. | [optional] |
| **sort** | **String** | Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul> | [optional] |
-| **filter** | **String** | Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> | [optional] |
+| **filter** | **String** | Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, physical_connections_count, data_providers Available filter fields that supports wildcard (*): device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, data_providers Available filter fields that supports range comparisons (>, <, >=, <=): physical_connections_count All filter fields and operations supports negation (!). | [optional] |
### Return type
diff --git a/docs/DomainAPIEntityMatchedV1.md b/docs/DomainAPIEntityMatchedV1.md
new file mode 100644
index 00000000..57ad84aa
--- /dev/null
+++ b/docs/DomainAPIEntityMatchedV1.md
@@ -0,0 +1,22 @@
+# Falcon::DomainAPIEntityMatchedV1
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **asset_id** | **String** | | [optional] |
+| **data_provider** | **String** | | [optional] |
+| **provider_asset_id** | **String** | | [optional] |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::DomainAPIEntityMatchedV1.new(
+ asset_id: null,
+ data_provider: null,
+ provider_asset_id: null
+)
+```
+
diff --git a/docs/DomainAPIEvaluationLogicEntitiesResponseV1.md b/docs/DomainAPIEvaluationLogicEntitiesResponseV1.md
new file mode 100644
index 00000000..35f02bf3
--- /dev/null
+++ b/docs/DomainAPIEvaluationLogicEntitiesResponseV1.md
@@ -0,0 +1,22 @@
+# Falcon::DomainAPIEvaluationLogicEntitiesResponseV1
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | [optional] |
+| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | |
+| **resources** | [**Array<DomainAPIEvaluationLogicV1>**](DomainAPIEvaluationLogicV1.md) | | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::DomainAPIEvaluationLogicEntitiesResponseV1.new(
+ errors: null,
+ meta: null,
+ resources: null
+)
+```
+
diff --git a/docs/DomainAPIEvaluationLogicHostInfoV1.md b/docs/DomainAPIEvaluationLogicHostInfoV1.md
new file mode 100644
index 00000000..7b1e1fbe
--- /dev/null
+++ b/docs/DomainAPIEvaluationLogicHostInfoV1.md
@@ -0,0 +1,18 @@
+# Falcon::DomainAPIEvaluationLogicHostInfoV1
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **entities_matched** | [**Array<DomainAPIEntityMatchedV1>**](DomainAPIEntityMatchedV1.md) | Refers to all the entities that were matched together during entity resolution process | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::DomainAPIEvaluationLogicHostInfoV1.new(
+ entities_matched: null
+)
+```
+
diff --git a/docs/DomainAPIEvaluationLogicV1.md b/docs/DomainAPIEvaluationLogicV1.md
index 04e20e8b..f98a5dc8 100644
--- a/docs/DomainAPIEvaluationLogicV1.md
+++ b/docs/DomainAPIEvaluationLogicV1.md
@@ -4,13 +4,15 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **aid** | **String** | | [optional] |
-| **cid** | **String** | | [optional] |
-| **created_timestamp** | **String** | | [optional] |
-| **data_provider** | **String** | | [optional] |
-| **id** | **String** | | |
-| **logic** | [**Array<DomainAPIEvaluationLogicItemV1>**](DomainAPIEvaluationLogicItemV1.md) | | [optional] |
-| **updated_timestamp** | **String** | | [optional] |
+| **aid** | **String** | Refers to an asset identifier | [optional] |
+| **cid** | **String** | Refers to a customer identifier | [optional] |
+| **created_timestamp** | **String** | Refers to a point in time when evaluation logic data was created in the system | [optional] |
+| **data_provider** | **String** | Refers to a label given to the entity that provided this data | [optional] |
+| **host_info** | [**DomainAPIEvaluationLogicHostInfoV1**](DomainAPIEvaluationLogicHostInfoV1.md) | | [optional] |
+| **id** | **String** | Contains a unique identifier for the evaluation logic | |
+| **logic** | [**Array<DomainAPIEvaluationLogicItemV1>**](DomainAPIEvaluationLogicItemV1.md) | Refers to the actual evaluation logic data | [optional] |
+| **scanner_id** | **String** | Refers to the identifier of the scanner that generated the evaluation logic | [optional] |
+| **updated_timestamp** | **String** | Refers to a point in time when evaluation logic data was updated in the system | [optional] |
## Example
@@ -22,8 +24,10 @@ instance = Falcon::DomainAPIEvaluationLogicV1.new(
cid: null,
created_timestamp: null,
data_provider: null,
+ host_info: null,
id: null,
logic: null,
+ scanner_id: null,
updated_timestamp: null
)
```
diff --git a/docs/DomainAPIFindingFacetV1.md b/docs/DomainAPIFindingFacetV1.md
index 18318667..0feab7ee 100644
--- a/docs/DomainAPIFindingFacetV1.md
+++ b/docs/DomainAPIFindingFacetV1.md
@@ -10,6 +10,7 @@
| **finding** | [**DomainAPIFindingWithRuleV1**](DomainAPIFindingWithRuleV1.md) | | |
| **host** | [**DomainAPIHostInfoFacetV1**](DomainAPIHostInfoFacetV1.md) | | [optional] |
| **id** | **String** | | |
+| **logic** | [**Array<DomainAPIEvaluationLogicItemV1>**](DomainAPIEvaluationLogicItemV1.md) | | [optional] |
| **updated_timestamp** | **String** | | |
## Example
@@ -24,6 +25,7 @@ instance = Falcon::DomainAPIFindingFacetV1.new(
finding: null,
host: null,
id: null,
+ logic: null,
updated_timestamp: null
)
```
diff --git a/docs/DomainAPIFindingWithRuleV1.md b/docs/DomainAPIFindingWithRuleV1.md
index 09c236f0..005b8617 100644
--- a/docs/DomainAPIFindingWithRuleV1.md
+++ b/docs/DomainAPIFindingWithRuleV1.md
@@ -4,6 +4,7 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
+| **evaluation_logic_type** | **String** | Example values: NOT_AVAILABLE, AVAILABLE, DISABLE_RULE, UNSUPPORTED_RULE, OVERRIDE_STATUS | [optional] |
| **evaluation_reason** | **String** | | [optional] |
| **host_id** | **String** | | [optional] |
| **rule** | [**DomainAPIFindingRuleV1**](DomainAPIFindingRuleV1.md) | | [optional] |
@@ -16,6 +17,7 @@
require 'crimson-falcon'
instance = Falcon::DomainAPIFindingWithRuleV1.new(
+ evaluation_logic_type: null,
evaluation_reason: null,
host_id: null,
rule: null,
diff --git a/docs/DomainAPIRemediationIDs.md b/docs/DomainAPIRemediationIDs.md
index 618c0dbf..b7b94da1 100644
--- a/docs/DomainAPIRemediationIDs.md
+++ b/docs/DomainAPIRemediationIDs.md
@@ -4,7 +4,7 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **ids** | **Array<String>** | | [optional] |
+| **ids** | **Array<String>** | Refers to a remediation unique identifier that points to remediation details addressing this vulnerability | [optional] |
## Example
diff --git a/docs/DomainAPIRemediationV2.md b/docs/DomainAPIRemediationV2.md
index 386b5e91..0f16b8f6 100644
--- a/docs/DomainAPIRemediationV2.md
+++ b/docs/DomainAPIRemediationV2.md
@@ -4,12 +4,12 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **action** | **String** | | |
-| **id** | **String** | | |
-| **link** | **String** | | |
-| **reference** | **String** | | |
-| **title** | **String** | | |
-| **vendor_url** | **String** | | |
+| **action** | **String** | Expanded description of the remediation | |
+| **id** | **String** | Refers to an unique identifier for a given remediation | |
+| **link** | **String** | Link to the remediation page for the vendor | |
+| **reference** | **String** | Relevant reference for the remediation that can be used to get additional details for the remediation. For example, a KB number that needs to be installed for a KB_SECURITY_UPDATE | |
+| **title** | **String** | Short description of the remediation | |
+| **vendor_url** | **String** | Link to the vendor advisory - Note: This field is populated if there are extra steps that are required to complete the remediation | |
## Example
diff --git a/docs/DomainAPIVulnerabilityCVECISAInfo.md b/docs/DomainAPIVulnerabilityCVECISAInfo.md
index b7c2afa8..12601e17 100644
--- a/docs/DomainAPIVulnerabilityCVECISAInfo.md
+++ b/docs/DomainAPIVulnerabilityCVECISAInfo.md
@@ -4,8 +4,8 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **due_date** | **String** | | [optional] |
-| **is_cisa_kev** | **Boolean** | | |
+| **due_date** | **String** | Refers to the deadline or target date set by the Cybersecurity and Infrastructure Security Agency (CISA) for addressing or mitigating a Critical Infrastructure Security Advisory Key (CISAK) vulnerability | [optional] |
+| **is_cisa_kev** | **Boolean** | Refers to the designation of a vulnerability as a Critical Infrastructure Security Advisory Key (CISAK) by the Cybersecurity and Infrastructure Security Agency (CISA), indicating its significance and potential impact on critical infrastructure systems and operations | |
## Example
diff --git a/docs/DomainAPIVulnerabilityCVEDetailsFacetV2.md b/docs/DomainAPIVulnerabilityCVEDetailsFacetV2.md
index 0b22f54f..30bd675e 100644
--- a/docs/DomainAPIVulnerabilityCVEDetailsFacetV2.md
+++ b/docs/DomainAPIVulnerabilityCVEDetailsFacetV2.md
@@ -4,23 +4,23 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **actors** | **Array<String>** | | [optional] |
-| **base_score** | **Float** | | [optional] |
+| **actors** | **Array<String>** | Contains a list of actors that are known for exploiting this vulnerability ot in the wild | [optional] |
+| **base_score** | **Float** | The base score for a Common Vulnerability Enumeration (CVE) is a numerical value that represents the intrinsic severity and impact of a security vulnerability. | [optional] |
| **cisa_info** | [**DomainAPIVulnerabilityCVECISAInfo**](DomainAPIVulnerabilityCVECISAInfo.md) | | [optional] |
-| **description** | **String** | | [optional] |
-| **exploit_status** | **Integer** | | [optional] |
-| **exploitability_score** | **Float** | | [optional] |
-| **exprt_rating** | **String** | | [optional] |
+| **description** | **String** | Refers to description of the vulnerability | [optional] |
+| **exploit_status** | **Integer** | Exploit status refers to the current state or availability of known exploits for a specific vulnerability, indicating whether there are known techniques or tools to leverage the vulnerability in an attack. | [optional] |
+| **exploitability_score** | **Float** | Represents a numerical value that indicates the relative ease or difficulty for an attacker to exploit a vulnerability | [optional] |
+| **exprt_rating** | **String** | Expert.AI score on the vulnerability | [optional] |
| **id** | **String** | | |
-| **impact_score** | **Float** | | [optional] |
-| **name** | **String** | | [optional] |
-| **published_date** | **String** | | [optional] |
-| **references** | **Array<String>** | | [optional] |
-| **remediation_level** | **String** | | [optional] |
-| **severity** | **String** | | [optional] |
-| **spotlight_published_date** | **String** | | [optional] |
-| **vector** | **String** | | [optional] |
-| **vendor_advisory** | **Array<String>** | | [optional] |
+| **impact_score** | **Float** | Refers to a numerical value that represents the potential impact or severity of a vulnerability when it is successfully exploited | [optional] |
+| **name** | **String** | Vulnerability name | [optional] |
+| **published_date** | **String** | Refers to a point in time when the vulnerability has been disclosed | [optional] |
+| **references** | **Array<String>** | Refers to one or more references with more details about the vulnerability | [optional] |
+| **remediation_level** | **String** | Remediation level indicates the required effort to mitigate a security vulnerability, ranging from official fixes to unavailable remedies | [optional] |
+| **severity** | **String** | Severity refers to the level of impact or potential harm caused by a security vulnerability. It is often assessed using metrics such as the CVSS base score, which takes into account factors such as exploitability, impact on confidentiality, integrity, and availability, and other relevant parameters to determine the severity level of a vulnerability. | [optional] |
+| **spotlight_published_date** | **String** | Corresponds to a point in time when Spotlight offered support for detecting a specific vulnerability | [optional] |
+| **vector** | **String** | Refers to the vector of attack or the specific method or path through which an attacker can exploit a vulnerability | [optional] |
+| **vendor_advisory** | **Array<String>** | Refers to one or more URLs that points to vendor advisories | [optional] |
## Example
diff --git a/docs/DomainAPIVulnerabilityDataProviderV1.md b/docs/DomainAPIVulnerabilityDataProviderV1.md
new file mode 100644
index 00000000..3b1b6fe3
--- /dev/null
+++ b/docs/DomainAPIVulnerabilityDataProviderV1.md
@@ -0,0 +1,26 @@
+# Falcon::DomainAPIVulnerabilityDataProviderV1
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **ports** | **Array<Integer>** | Ports that the vulnerability affects | [optional] |
+| **provider** | **String** | Label for the provider | [optional] |
+| **rating** | **String** | Rating provided by the vulnerability provider | [optional] |
+| **scan_time** | **String** | Time when the detection occurred | [optional] |
+| **scanner_id** | **String** | Scanner ID of the vulnerability provider | [optional] |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::DomainAPIVulnerabilityDataProviderV1.new(
+ ports: null,
+ provider: null,
+ rating: null,
+ scan_time: null,
+ scanner_id: null
+)
+```
+
diff --git a/docs/DomainAPIVulnerabilityExtendedAppV2.md b/docs/DomainAPIVulnerabilityExtendedAppV2.md
index 1eb88db5..d9faf2e3 100644
--- a/docs/DomainAPIVulnerabilityExtendedAppV2.md
+++ b/docs/DomainAPIVulnerabilityExtendedAppV2.md
@@ -7,7 +7,7 @@
| **evaluation_logic** | [**DomainAPIEvaluationLogicV1**](DomainAPIEvaluationLogicV1.md) | | [optional] |
| **product_name_version** | **String** | | |
| **remediation** | [**DomainAPIRemediationIDs**](DomainAPIRemediationIDs.md) | | [optional] |
-| **sub_status** | **String** | | [optional] |
+| **sub_status** | **String** | Contains vulnerability status for a particular product - can differentiate in cases where a vulnerability is detected for multiple products | [optional] |
## Example
diff --git a/docs/DomainAPIVulnerabilityHostFacetV2.md b/docs/DomainAPIVulnerabilityHostFacetV2.md
index ef43776f..e86e1cc8 100644
--- a/docs/DomainAPIVulnerabilityHostFacetV2.md
+++ b/docs/DomainAPIVulnerabilityHostFacetV2.md
@@ -4,25 +4,28 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **asset_criticality** | **String** | | [optional] |
-| **asset_roles** | **Array<String>** | | [optional] |
-| **groups** | [**Array<DomainAPIHostGroup>**](DomainAPIHostGroup.md) | | [optional] |
-| **host_last_seen_timestamp** | **String** | | [optional] |
-| **hostname** | **String** | | |
-| **instance_id** | **String** | | [optional] |
-| **internet_exposure** | **String** | | [optional] |
-| **local_ip** | **String** | | |
-| **machine_domain** | **String** | | |
-| **os_build** | **String** | | [optional] |
-| **os_version** | **String** | | |
-| **ou** | **String** | | |
-| **platform** | **String** | | [optional] |
-| **product_type_desc** | **String** | | [optional] |
-| **service_provider** | **String** | | [optional] |
-| **service_provider_account_id** | **String** | | [optional] |
-| **site_name** | **String** | | |
-| **system_manufacturer** | **String** | | |
-| **tags** | **Array<String>** | | [optional] |
+| **asset_criticality** | **String** | Refers to how critical an asset has been evaluated to be | [optional] |
+| **asset_roles** | **Array<String>** | Refers to one or more roles that have been assigned to the assets | [optional] |
+| **entity_graph_id** | **String** | A unique identifier assigned by entity graph | [optional] |
+| **groups** | [**Array<DomainAPIHostGroup>**](DomainAPIHostGroup.md) | Refers to a logic grouping of assets | [optional] |
+| **host_last_seen_timestamp** | **String** | A timestamp corresponding to the last day when we detected activity coming from an asset | [optional] |
+| **hostname** | **String** | Refers to the hostname used by the asset on which the vulnerability was detected | |
+| **instance_id** | **String** | Refers to a unique identifier assigned to an asset | [optional] |
+| **internet_exposure** | **String** | Refers to the level of exposure an asset has to the internet | [optional] |
+| **local_ip** | **String** | Refers to the local IP used by the asset on which the vulnerability was detected | |
+| **machine_domain** | **String** | The machine domain of an asset is the network identity within a network infrastructure | |
+| **managed_by** | **String** | Name of the entity that is managing the asset | [optional] |
+| **os_build** | **String** | Refers to the specific build or version number of an operating system, indicating a particular release or revision of the operating system | [optional] |
+| **os_version** | **String** | Refers to the operating system version used by the asset on which the vulnerability was detected | |
+| **ou** | **String** | Refers to the specific organizational grouping or container within an Active Directory (AD) or directory service where the host is located or categorized. | |
+| **platform** | **String** | Refers to the name or designation of the specific software platform or operating system on which the asset is running | [optional] |
+| **product_type_desc** | **String** | Refers to the descriptive label or category that identifies the type or edition of the operating system product installed on the asset | [optional] |
+| **service_provider** | **String** | Refers to a company, organization, or entity that offers or provided this specific asset | [optional] |
+| **service_provider_account_id** | **String** | Refers to the unique identifier associated with a service provider account, typically used in cloud computing or managed service environments | [optional] |
+| **site_name** | **String** | Refers to the name or label assigned to the physical or logical location within a network infrastructure where the host is situated | |
+| **system_manufacturer** | **String** | Refers to the company or organization that designed and produced the hardware system or device | |
+| **tags** | **Array<String>** | Refers to a logical grouping of assets via tags | [optional] |
+| **third_party_asset_ids** | **Array<String>** | zero or more unique identifiers assigned by third party entities which provided data for the asset | [optional] |
## Example
@@ -32,6 +35,7 @@ require 'crimson-falcon'
instance = Falcon::DomainAPIVulnerabilityHostFacetV2.new(
asset_criticality: null,
asset_roles: null,
+ entity_graph_id: null,
groups: null,
host_last_seen_timestamp: null,
hostname: null,
@@ -39,6 +43,7 @@ instance = Falcon::DomainAPIVulnerabilityHostFacetV2.new(
internet_exposure: null,
local_ip: null,
machine_domain: null,
+ managed_by: null,
os_build: null,
os_version: null,
ou: null,
@@ -48,7 +53,8 @@ instance = Falcon::DomainAPIVulnerabilityHostFacetV2.new(
service_provider_account_id: null,
site_name: null,
system_manufacturer: null,
- tags: null
+ tags: null,
+ third_party_asset_ids: null
)
```
diff --git a/docs/DomainAPIVulnerabilityRemediationFacetV2.md b/docs/DomainAPIVulnerabilityRemediationFacetV2.md
index 24b48be0..f7a55460 100644
--- a/docs/DomainAPIVulnerabilityRemediationFacetV2.md
+++ b/docs/DomainAPIVulnerabilityRemediationFacetV2.md
@@ -4,8 +4,8 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **entities** | [**Array<DomainAPIRemediationV2>**](DomainAPIRemediationV2.md) | | [optional] |
-| **ids** | **Array<String>** | | [optional] |
+| **entities** | [**Array<DomainAPIRemediationV2>**](DomainAPIRemediationV2.md) | Contains the actual remediation data | [optional] |
+| **ids** | **Array<String>** | Refers to a remediation unique identifier that points to remediation details addressing this vulnerability | [optional] |
## Example
diff --git a/docs/DomainAPIVulnerabilitySuppressionInfoV2.md b/docs/DomainAPIVulnerabilitySuppressionInfoV2.md
index ca4a7afc..3b0cdc5b 100644
--- a/docs/DomainAPIVulnerabilitySuppressionInfoV2.md
+++ b/docs/DomainAPIVulnerabilitySuppressionInfoV2.md
@@ -4,8 +4,8 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **is_suppressed** | **Boolean** | | |
-| **reason** | **String** | | [optional] |
+| **is_suppressed** | **Boolean** | Indicates if a vulnerability has been suppressed or not | |
+| **reason** | **String** | Indicates what is the rule ID for which a vulnerability has been suppressed | [optional] |
## Example
diff --git a/docs/DomainAPIVulnerabilityV2.md b/docs/DomainAPIVulnerabilityV2.md
index f47fcdd1..57668fbe 100644
--- a/docs/DomainAPIVulnerabilityV2.md
+++ b/docs/DomainAPIVulnerabilityV2.md
@@ -4,19 +4,23 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **aid** | **String** | | |
+| **aid** | **String** | Asset ID for which the vulnerability has been detected. For managed assets it can correspond to the sensor ID, for unmanaged assets can be a stand alone ID | |
| **app** | [**DomainAPIVulnerabilityAppV2**](DomainAPIVulnerabilityAppV2.md) | | [optional] |
-| **apps** | [**Array<DomainAPIVulnerabilityExtendedAppV2>**](DomainAPIVulnerabilityExtendedAppV2.md) | | [optional] |
-| **cid** | **String** | | |
-| **closed_timestamp** | **String** | | [optional] |
-| **created_timestamp** | **String** | | |
+| **apps** | [**Array<DomainAPIVulnerabilityExtendedAppV2>**](DomainAPIVulnerabilityExtendedAppV2.md) | Provide details related to the products for which a the vulnerability has been detected | [optional] |
+| **cid** | **String** | Contains the customer identifier associated with the asset for which the vulnerability has been detected | |
+| **closed_timestamp** | **String** | A timestamp corresponding to the point in time when the vulnerability has no longer been detected (eg: it got fixed) | [optional] |
+| **created_timestamp** | **String** | A timestamp corresponding to the point in time when the vulnerability has been created (detected) in our system | |
| **cve** | [**DomainAPIVulnerabilityCVEDetailsFacetV2**](DomainAPIVulnerabilityCVEDetailsFacetV2.md) | | [optional] |
+| **data_providers** | [**Array<DomainAPIVulnerabilityDataProviderV1>**](DomainAPIVulnerabilityDataProviderV1.md) | Contains information about the vulnerability data providers of this entity | [optional] |
| **host_info** | [**DomainAPIVulnerabilityHostFacetV2**](DomainAPIVulnerabilityHostFacetV2.md) | | [optional] |
-| **id** | **String** | | |
+| **id** | **String** | Vulnerability unique ID | |
+| **ports** | **Array<Integer>** | Contains ports that the vulnerability affects | [optional] |
| **remediation** | [**DomainAPIVulnerabilityRemediationFacetV2**](DomainAPIVulnerabilityRemediationFacetV2.md) | | [optional] |
-| **status** | **String** | | |
+| **status** | **String** | Current status of a vulnerability (open, closed, reopen) | |
| **suppression_info** | [**DomainAPIVulnerabilitySuppressionInfoV2**](DomainAPIVulnerabilitySuppressionInfoV2.md) | | [optional] |
-| **updated_timestamp** | **String** | | |
+| **updated_timestamp** | **String** | A timestamp corresponding to the point in time when a vulnerability's information or status have been updated | |
+| **vulnerability_id** | **String** | Dynamic label that contains the CVE ID if applicable, otherwise the vulnerability metadata ID or label from the provider | [optional] |
+| **vulnerability_metadata_id** | **String** | Unique identifier for the vulnerability metadata | [optional] |
## Example
@@ -31,12 +35,16 @@ instance = Falcon::DomainAPIVulnerabilityV2.new(
closed_timestamp: null,
created_timestamp: null,
cve: null,
+ data_providers: null,
host_info: null,
id: null,
+ ports: null,
remediation: null,
status: null,
suppression_info: null,
- updated_timestamp: null
+ updated_timestamp: null,
+ vulnerability_id: null,
+ vulnerability_metadata_id: null
)
```
diff --git a/docs/DomainAWSAccountV2.md b/docs/DomainAWSAccountV2.md
index 1d235cb8..b543637f 100644
--- a/docs/DomainAWSAccountV2.md
+++ b/docs/DomainAWSAccountV2.md
@@ -9,6 +9,7 @@
| **id** | **Integer** | | |
| **updated_at** | **Time** | | |
| **account_id** | **String** | 12 digit AWS provided unique identifier for the account. | [optional] |
+| **account_name** | **String** | AWS account name | [optional] |
| **account_type** | **String** | | [optional] |
| **active_regions** | **Array<String>** | | [optional] |
| **aws_cloudtrail_bucket_name** | **String** | AWS CloudTrail bucket name to store logs. | [optional] |
@@ -17,11 +18,13 @@
| **aws_permissions_status** | [**Array<DomainPermission>**](DomainPermission.md) | Permissions status returned via API. | |
| **behavior_assessment_enabled** | **Boolean** | | [optional] |
| **cid** | **String** | | [optional] |
+| **cloud_scopes** | [**Array<DomainCloudScope>**](DomainCloudScope.md) | | [optional] |
| **cloudformation_url** | **String** | | [optional] |
| **conditions** | [**Array<DomainCondition>**](DomainCondition.md) | | [optional] |
| **cspm_enabled** | **Boolean** | | [optional] |
| **d4c** | [**DomainAWSD4CAccountV1**](DomainAWSD4CAccountV1.md) | | [optional] |
| **d4c_migrated** | **Boolean** | | [optional] |
+| **environment** | **String** | | [optional] |
| **eventbus_name** | **String** | | [optional] |
| **external_id** | **String** | ID assigned for use with cross account IAM role access. | [optional] |
| **iam_role_arn** | **String** | The full arn of the IAM role created in this account to control access. | [optional] |
@@ -52,6 +55,7 @@ instance = Falcon::DomainAWSAccountV2.new(
id: null,
updated_at: null,
account_id: null,
+ account_name: null,
account_type: null,
active_regions: null,
aws_cloudtrail_bucket_name: null,
@@ -60,11 +64,13 @@ instance = Falcon::DomainAWSAccountV2.new(
aws_permissions_status: null,
behavior_assessment_enabled: null,
cid: null,
+ cloud_scopes: null,
cloudformation_url: null,
conditions: null,
cspm_enabled: null,
d4c: null,
d4c_migrated: null,
+ environment: null,
eventbus_name: null,
external_id: null,
iam_role_arn: null,
diff --git a/docs/DomainActorDocument.md b/docs/DomainActorDocument.md
index e8e35445..4090a13c 100644
--- a/docs/DomainActorDocument.md
+++ b/docs/DomainActorDocument.md
@@ -4,38 +4,38 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **active** | **Boolean** | | |
-| **actor_type** | **String** | | [optional] |
-| **capabilities** | [**Array<DomainEntity>**](DomainEntity.md) | | |
+| **active** | **Boolean** | Boolean field marking if actor is active | |
+| **actor_type** | **String** | Actor type, one of: targeted, ecrime | [optional] |
+| **capabilities** | [**Array<DomainEntity>**](DomainEntity.md) | actor's capabilities, some examples: RAT,Ransomware,Spearphishing,Downloader,Backdoor,InformationStealer,exploit,CredentialHarvesting,dropper,DenialOfService,Loader,Phishing | |
| **capability** | [**DomainEntity**](DomainEntity.md) | | [optional] |
-| **created_date** | **Integer** | | |
-| **description** | **String** | | [optional] |
+| **created_date** | **Integer** | Actor's document creation date when it was added to the Falcon portal in unix timestamp format | |
+| **description** | **String** | Actor's text description, partially containing structured data from other fields | [optional] |
| **ecrime_kill_chain** | [**DomainECrimeKillChain**](DomainECrimeKillChain.md) | | [optional] |
-| **entitlements** | [**Array<DomainEntity>**](DomainEntity.md) | | [optional] |
-| **first_activity_date** | **Integer** | | |
+| **entitlements** | [**Array<DomainEntity>**](DomainEntity.md) | Field used to filter user's access to actor documents | [optional] |
+| **first_activity_date** | **Integer** | Actor's first activity observed date in unix timestamp format | |
| **group** | [**DomainEntity**](DomainEntity.md) | | [optional] |
-| **id** | **Integer** | | |
+| **id** | **Integer** | Numerical ID for the Actor | |
| **image** | [**DomainImage**](DomainImage.md) | | [optional] |
| **kill_chain** | [**DomainKillChain**](DomainKillChain.md) | | [optional] |
-| **known_as** | **String** | | |
-| **last_activity_date** | **Integer** | | |
-| **last_modified_date** | **Integer** | | |
-| **motivations** | [**Array<DomainEntity>**](DomainEntity.md) | | |
-| **name** | **String** | | |
-| **notify_users** | **Boolean** | | |
-| **objectives** | [**Array<DomainEntity>**](DomainEntity.md) | | |
-| **origins** | [**Array<DomainEntity>**](DomainEntity.md) | | |
-| **recent_alerting** | **Integer** | | [optional] |
+| **known_as** | **String** | Alternative names and community identifiers of an actor | |
+| **last_activity_date** | **Integer** | Actor's last (most recent) activity observed date in unix timestamp format | |
+| **last_modified_date** | **Integer** | Actor's document last modified date in unix timestamp format | |
+| **motivations** | [**Array<DomainEntity>**](DomainEntity.md) | Actor's activity motivation, one of: State-Sponsored, Criminal, Hacktivism | |
+| **name** | **String** | Actor's name, composed of 2 words | [optional] |
+| **notify_users** | **Boolean** | internal field | |
+| **objectives** | [**Array<DomainEntity>**](DomainEntity.md) | Actor's activity objectives, one of: IntelligenceGathering, FinancialGain, IntellectualPropertyTheft, defacement, Destruction, DenialOfService | |
+| **origins** | [**Array<DomainEntity>**](DomainEntity.md) | represents origin of actor's activity and/or members, some examples: China,Russian Federation,Eastern Europe,Iran,East Asia, South Asia | |
+| **recent_alerting** | **Integer** | Recent CrowdStrike's finished intelligence alerting date in unix timestamp format | [optional] |
| **region** | [**DomainEntity**](DomainEntity.md) | | [optional] |
-| **rich_text_description** | **String** | | [optional] |
-| **short_description** | **String** | | |
-| **slug** | **String** | | |
-| **status** | **String** | | |
-| **target_countries** | [**Array<DomainEntity>**](DomainEntity.md) | | |
-| **target_industries** | [**Array<DomainEntity>**](DomainEntity.md) | | |
-| **target_regions** | [**Array<DomainEntity>**](DomainEntity.md) | | |
+| **rich_text_description** | **String** | Rich text version of the description field | [optional] |
+| **short_description** | **String** | Short version of the description field | |
+| **slug** | **String** | Name in url friendly format, lowercased and spaces replaced with dash | [optional] |
+| **status** | **String** | Status of an actor, one of: Active, Inactive, Retired | |
+| **target_countries** | [**Array<DomainEntity>**](DomainEntity.md) | Target countries of actor's activity and attacks, slug value is a 2 characters code for the country value, some examples: United States,United Kingdom,Germany,India,Japan,France,Australia,Canada,China | |
+| **target_industries** | [**Array<DomainEntity>**](DomainEntity.md) | Target economical industries of actor's activity and attacks. List of available values: Government, Financial Services, Technology, Telecommunications, Healthcare, Energy, Academic, Media, Aerospace, NGO, Manufacturing, Industrials and Engineering, Retail, Hospitality, Consulting and Professional Services, Opportunistic, Aviation, Defense, Transportation, Oil and Gas, Legal, Pharmaceutical, Logistics, Military, Automotive, Food and Beverage, Consumer Goods, Real Estate, Insurance, Agriculture, Chemicals, Utilities, Maritime, Extractive, Travel, Dissident, Cryptocurrency, Entertainment, National Government, Law Enforcement, Think Tanks, Local Government, Sports Organizations, Computer Gaming, Biomedical, Nonprofit, Financial Management & Hedge Funds, Political Parties, Architectural and Engineering, Emergency Services, Social Media, International Government, Nuclear, Research Entities, Vocational and Higher-Level Education, eCommerce | |
+| **target_regions** | [**Array<DomainEntity>**](DomainEntity.md) | Target geographic regions of actor's activity and attacks. List of available values: North America, Western Europe, Southeast Asia, Middle East, Eastern Europe, South Asia, South America, Oceania, East Asia, Central Africa, Northern Europe, Southern Europe, North Africa, Southern Africa, Central America, Central Asia, East Africa, West Africa, Caribbean | |
| **thumbnail** | [**DomainImage**](DomainImage.md) | | [optional] |
-| **url** | **String** | | [optional] |
+| **url** | **String** | URL at which actor profile can be accessed | [optional] |
## Example
diff --git a/docs/DomainActorsResponse.md b/docs/DomainActorsResponse.md
index d1954033..8afb6e31 100644
--- a/docs/DomainActorsResponse.md
+++ b/docs/DomainActorsResponse.md
@@ -4,7 +4,7 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | |
+| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | Array of API Errors | |
| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | |
| **resources** | [**Array<DomainActorDocument>**](DomainActorDocument.md) | | |
diff --git a/docs/DomainAssessmentPaging.md b/docs/DomainAssessmentPaging.md
deleted file mode 100644
index 54733151..00000000
--- a/docs/DomainAssessmentPaging.md
+++ /dev/null
@@ -1,24 +0,0 @@
-# Falcon::DomainAssessmentPaging
-
-## Properties
-
-| Name | Type | Description | Notes |
-| ---- | ---- | ----------- | ----- |
-| **expires_at** | **Integer** | | [optional] |
-| **limit** | **Integer** | | [optional] |
-| **offset** | **String** | | |
-| **total** | **Integer** | | |
-
-## Example
-
-```ruby
-require 'crimson-falcon'
-
-instance = Falcon::DomainAssessmentPaging.new(
- expires_at: null,
- limit: null,
- offset: null,
- total: null
-)
-```
-
diff --git a/docs/DomainBaseAPIVulnerabilityV2.md b/docs/DomainBaseAPIVulnerabilityV2.md
index 7cc23b0a..78bae4af 100644
--- a/docs/DomainBaseAPIVulnerabilityV2.md
+++ b/docs/DomainBaseAPIVulnerabilityV2.md
@@ -4,19 +4,23 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **aid** | **String** | | |
+| **aid** | **String** | Asset ID for which the vulnerability has been detected. For managed assets it can correspond to the sensor ID, for unmanaged assets can be a stand alone ID | |
| **app** | [**DomainAPIVulnerabilityAppV2**](DomainAPIVulnerabilityAppV2.md) | | [optional] |
-| **apps** | [**Array<DomainAPIVulnerabilityExtendedAppV2>**](DomainAPIVulnerabilityExtendedAppV2.md) | | [optional] |
-| **cid** | **String** | | |
-| **closed_timestamp** | **String** | | [optional] |
-| **created_timestamp** | **String** | | |
+| **apps** | [**Array<DomainAPIVulnerabilityExtendedAppV2>**](DomainAPIVulnerabilityExtendedAppV2.md) | Provide details related to the products for which a the vulnerability has been detected | [optional] |
+| **cid** | **String** | Contains the customer identifier associated with the asset for which the vulnerability has been detected | |
+| **closed_timestamp** | **String** | A timestamp corresponding to the point in time when the vulnerability has no longer been detected (eg: it got fixed) | [optional] |
+| **created_timestamp** | **String** | A timestamp corresponding to the point in time when the vulnerability has been created (detected) in our system | |
| **cve** | [**DomainAPIVulnerabilityCVEDetailsFacetV2**](DomainAPIVulnerabilityCVEDetailsFacetV2.md) | | [optional] |
+| **data_providers** | [**Array<DomainAPIVulnerabilityDataProviderV1>**](DomainAPIVulnerabilityDataProviderV1.md) | Contains information about the vulnerability data providers of this entity | [optional] |
| **host_info** | [**DomainAPIVulnerabilityHostFacetV2**](DomainAPIVulnerabilityHostFacetV2.md) | | [optional] |
-| **id** | **String** | | |
+| **id** | **String** | Vulnerability unique ID | |
+| **ports** | **Array<Integer>** | Contains ports that the vulnerability affects | [optional] |
| **remediation** | [**DomainAPIVulnerabilityRemediationFacetV2**](DomainAPIVulnerabilityRemediationFacetV2.md) | | [optional] |
-| **status** | **String** | | |
+| **status** | **String** | Current status of a vulnerability (open, closed, reopen) | |
| **suppression_info** | [**DomainAPIVulnerabilitySuppressionInfoV2**](DomainAPIVulnerabilitySuppressionInfoV2.md) | | [optional] |
-| **updated_timestamp** | **String** | | |
+| **updated_timestamp** | **String** | A timestamp corresponding to the point in time when a vulnerability's information or status have been updated | |
+| **vulnerability_id** | **String** | Dynamic label that contains the CVE ID if applicable, otherwise the vulnerability metadata ID or label from the provider | [optional] |
+| **vulnerability_metadata_id** | **String** | Unique identifier for the vulnerability metadata | [optional] |
## Example
@@ -31,12 +35,16 @@ instance = Falcon::DomainBaseAPIVulnerabilityV2.new(
closed_timestamp: null,
created_timestamp: null,
cve: null,
+ data_providers: null,
host_info: null,
id: null,
+ ports: null,
remediation: null,
status: null,
suppression_info: null,
- updated_timestamp: null
+ updated_timestamp: null,
+ vulnerability_id: null,
+ vulnerability_metadata_id: null
)
```
diff --git a/docs/DomainBehavior.md b/docs/DomainBehavior.md
index e84d925c..d6b40143 100644
--- a/docs/DomainBehavior.md
+++ b/docs/DomainBehavior.md
@@ -5,6 +5,7 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
| **aid** | **String** | | [optional] |
+| **alert_ids** | **Array<String>** | | [optional] |
| **behavior_id** | **String** | | [optional] |
| **cid** | **String** | | [optional] |
| **cmdline** | **String** | | [optional] |
@@ -39,6 +40,7 @@ require 'crimson-falcon'
instance = Falcon::DomainBehavior.new(
aid: null,
+ alert_ids: null,
behavior_id: null,
cid: null,
cmdline: null,
diff --git a/docs/DomainCIDGroup.md b/docs/DomainCIDGroup.md
index 02b598f9..e6e253b0 100644
--- a/docs/DomainCIDGroup.md
+++ b/docs/DomainCIDGroup.md
@@ -4,9 +4,8 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **cid** | **String** | | [optional] |
-| **cid_group_id** | **String** | | [optional] |
-| **description** | **String** | | |
+| **cid_group_id** | **String** | | |
+| **description** | **String** | | [optional] |
| **name** | **String** | | |
## Example
@@ -15,7 +14,6 @@
require 'crimson-falcon'
instance = Falcon::DomainCIDGroup.new(
- cid: null,
cid_group_id: null,
description: null,
name: null
diff --git a/docs/DomainCIDPolicyAssignments.md b/docs/DomainCIDPolicyAssignments.md
index ddae6d75..ce05ff85 100644
--- a/docs/DomainCIDPolicyAssignments.md
+++ b/docs/DomainCIDPolicyAssignments.md
@@ -8,6 +8,7 @@
| **attack_types** | **Array<String>** | | [optional] |
| **cid** | **String** | | [optional] |
| **cis_benchmark** | [**Array<DomainBenchmark>**](DomainBenchmark.md) | | [optional] |
+| **cisa_benchmark** | [**Array<DomainBenchmark>**](DomainBenchmark.md) | | [optional] |
| **cloud_asset_type** | **String** | | [optional] |
| **cloud_asset_type_id** | **Integer** | | [optional] |
| **cloud_provider** | **String** | | [optional] |
@@ -18,6 +19,7 @@
| **default_severity** | **String** | | [optional] |
| **fql_policy** | **String** | | [optional] |
| **is_remediable** | **Boolean** | | |
+| **iso_benchmark** | [**Array<DomainBenchmark>**](DomainBenchmark.md) | | [optional] |
| **name** | **String** | | [optional] |
| **nist_benchmark** | [**Array<DomainBenchmark>**](DomainBenchmark.md) | | [optional] |
| **pci_benchmark** | [**Array<DomainBenchmark>**](DomainBenchmark.md) | | [optional] |
@@ -39,6 +41,7 @@ instance = Falcon::DomainCIDPolicyAssignments.new(
attack_types: null,
cid: null,
cis_benchmark: null,
+ cisa_benchmark: null,
cloud_asset_type: null,
cloud_asset_type_id: null,
cloud_provider: null,
@@ -49,6 +52,7 @@ instance = Falcon::DomainCIDPolicyAssignments.new(
default_severity: null,
fql_policy: null,
is_remediable: null,
+ iso_benchmark: null,
name: null,
nist_benchmark: null,
pci_benchmark: null,
diff --git a/docs/DomainCloudAccounts.md b/docs/DomainCloudAccounts.md
new file mode 100644
index 00000000..00a24f24
--- /dev/null
+++ b/docs/DomainCloudAccounts.md
@@ -0,0 +1,20 @@
+# Falcon::DomainCloudAccounts
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **ids** | **Array<String>** | | [optional] |
+| **provider** | **String** | | [optional] |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::DomainCloudAccounts.new(
+ ids: null,
+ provider: null
+)
+```
+
diff --git a/docs/DomainCloudScope.md b/docs/DomainCloudScope.md
new file mode 100644
index 00000000..923c9752
--- /dev/null
+++ b/docs/DomainCloudScope.md
@@ -0,0 +1,36 @@
+# Falcon::DomainCloudScope
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **accounts** | [**Array<DomainCloudAccounts>**](DomainCloudAccounts.md) | | [optional] |
+| **business_impact** | **String** | | [optional] |
+| **business_unit** | **String** | | [optional] |
+| **cid** | **String** | | [optional] |
+| **created_at** | **Time** | | [optional] |
+| **description** | **String** | | [optional] |
+| **id** | **Integer** | | [optional] |
+| **name** | **String** | | [optional] |
+| **owners** | **Array<String>** | | [optional] |
+| **total_accounts** | **Integer** | | [optional] |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::DomainCloudScope.new(
+ accounts: null,
+ business_impact: null,
+ business_unit: null,
+ cid: null,
+ created_at: null,
+ description: null,
+ id: null,
+ name: null,
+ owners: null,
+ total_accounts: null
+)
+```
+
diff --git a/docs/DomainDiscoverAPIHost.md b/docs/DomainDiscoverAPIHost.md
index 8b316ef9..8e60cfea 100644
--- a/docs/DomainDiscoverAPIHost.md
+++ b/docs/DomainDiscoverAPIHost.md
@@ -9,7 +9,7 @@
| **ad_user_account_control** | **Integer** | The user account control properties in Active Directory. | [optional] |
| **agent_version** | **String** | The version of the Falcon sensor that's installed on the asset. | [optional] |
| **aid** | **String** | The agent ID of the Falcon sensor installed on the asset. | [optional] |
-| **asset_roles** | **Array<String>** | List of asset roles (computed or given by the user) | [optional] |
+| **asset_roles** | **Array<String>** | The asset role or roles currently assigned to the asset either automatically or by a user (Jump host, Highly connected, Highly active, Server by behavior, DHCP server, DNS server, FTP server, SSH server, or Web server). | [optional] |
| **assigned_to** | **String** | The first and last name of the person who is assigned to this asset. | [optional] |
| **available_disk_space** | **Integer** | The available disk space in the last 15 minutes on the host | [optional] |
| **available_disk_space_pct** | **Integer** | The available disk space percent in the last 15 minutes on the host | [optional] |
@@ -24,18 +24,23 @@
| **city** | **String** | The name of the city where the asset is located. | [optional] |
| **classification** | **String** | How the server is classified, such as production, development, disaster recovery, or user acceptance testing. | [optional] |
| **cloud_account_id** | **String** | The cloud provider assigned identifier of the cloud account the instance is located in. | [optional] |
+| **cloud_instance_id** | **String** | The id of the cloud instance. | [optional] |
| **cloud_provider** | **String** | The cloud provider environment the instance is located in (AWS/Azure/GCP). | [optional] |
| **cloud_region** | **String** | The cloud provider assigned identifier of the cloud region the instance is located in (e.g. “us-west-1”, “westeurope”, “asia-northeast1) | [optional] |
| **cloud_registered** | **Boolean** | Whether or not the instance is located in a cloud account registered with cloud security posture. | [optional] |
| **cloud_resource_id** | **String** | The cloud provider assigned identifier of the instance. | [optional] |
-| **computed_asset_roles** | **Array<String>** | List of computed asset roles | [optional] |
+| **computed_asset_roles** | **Array<String>** | The asset role or roles assigned to the asset automatically (Jump host, Highly connected, Highly active, Server by behavior, DHCP server, DNS server, FTP server, SSH server, or Web server). | [optional] |
+| **computed_internet_exposure** | **String** | Whether the asset is exposed to the internet as determined automatically (Yes, No, or Unknown). | [optional] |
| **confidence** | **Integer** | The level of confidence that the asset is a corporate asset (25 = low confidence, 50 = medium confidence, 75 = high confidence). | [optional] |
| **country** | **String** | The name of the country where the asset is located. | [optional] |
| **cpu_manufacturer** | **String** | The manufacturer of the asset's CPU. | [optional] |
| **cpu_processor_name** | **String** | The name of the processor on the system | [optional] |
| **creation_timestamp** | **String** | The time the asset was created in Active Directory, according to LDAP info. | [optional] |
-| **criticality** | **String** | Asset criticality | [optional] |
-| **criticality_rule_id** | **String** | The ID of the criticality rule that last matched on this host | [optional] |
+| **criticality** | **String** | The criticality level of the asset (Critical, High, Noncritical, or Unassigned) | [optional] |
+| **criticality_description** | **String** | The description the user entered when manually assigning a criticality level | [optional] |
+| **criticality_rule_id** | **String** | The ID of the criticality rule that has most recently applied to the asset. | [optional] |
+| **criticality_timestamp** | **String** | The date and time the criticality level was manually assigned | [optional] |
+| **criticality_username** | **String** | The username of the account that manually assigned the criticality level | [optional] |
| **current_local_ip** | **String** | The last seen local IPv4 address of the asset. | [optional] |
| **data_providers** | **Array<String>** | Where the data about the asset came from (such as CrowdStrike, ServiceNow, or Active Directory). | [optional] |
| **data_providers_count** | **Integer** | How many services provided data about the asset. | [optional] |
@@ -43,6 +48,7 @@
| **descriptions** | **Array<String>** | The descriptions of the asset in Active Directory (Cannot be used for filtering, sorting, or querying). | [optional] |
| **discoverer_aids** | **Array<String>** | The agent IDs of the Falcon sensors installed on the sources that discovered the asset. | [optional] |
| **discoverer_count** | **Integer** | The number of sources that discovered the asset. | [optional] |
+| **discoverer_hostnames** | **Array<String>** | The hostnames of the sources that discovered the asset. | [optional] |
| **discoverer_platform_names** | **Array<String>** | The platform names of the sources that discovered the asset. | [optional] |
| **discoverer_product_type_descs** | **Array<String>** | The product type descriptions of the sources that discovered the asset. | [optional] |
| **discoverer_tags** | **Array<String>** | The tags of the sources that discovered the asset. | [optional] |
@@ -63,8 +69,12 @@
| **hostname** | **String** | The asset's hostname. | [optional] |
| **id** | **String** | The unique ID of the asset. | |
| **internet_exposure** | **String** | Whether the asset is exposed to the internet (Yes or Unknown). | [optional] |
+| **internet_exposure_description** | **String** | The description the user entered when manually assigning a internet exposure level | [optional] |
+| **internet_exposure_timestamp** | **String** | The date and time the internet exposure level was manually assigned | [optional] |
+| **internet_exposure_username** | **String** | The username of the account that manually assigned the internet exposure level | [optional] |
| **kernel_version** | **String** | For Linux and Mac hosts: the major version, minor version, and patch version of the kernel for the asset. For Windows hosts: the build number of the asset. | [optional] |
| **last_discoverer_aid** | **String** | The agent ID of the Falcon sensor installed on the source that most recently discovered the asset. | [optional] |
+| **last_discoverer_hostname** | **String** | The hostname of the last source that discovered the asset. | [optional] |
| **last_seen_timestamp** | **String** | The most recent time the asset was seen in your environment. | [optional] |
| **local_ip_addresses** | **Array<String>** | Historical local IPv4 addresses associated with the asset. | [optional] |
| **local_ips_count** | **Integer** | The number of historical local IPv4 addresses the asset has had. | [optional] |
@@ -86,8 +96,9 @@
| **os_service_pack** | **String** | The OS service pack on the asset. | [optional] |
| **os_version** | **String** | The OS version of the asset. | [optional] |
| **ou** | **String** | The organizational unit of the asset. | [optional] |
-| **override_asset_roles** | **Boolean** | True if the user has override asset roles computed automatically | [optional] |
-| **override_criticality_rules** | **Boolean** | True if the host should not be evaluated against the criticality rules | [optional] |
+| **override_asset_roles** | **Boolean** | Whether a user overrode automatically assigned asset roles to manually assign a role to the asset (true or false). | [optional] |
+| **override_criticality_rules** | **Boolean** | Whether a user overrode a criticality rule to manually assign a criticality level on the asset (true or false). | [optional] |
+| **override_internet_exposure** | **Boolean** | Whether a user overrode the automatically assigned internet exposure (True or False). | [optional] |
| **owned_by** | **String** | The first and last name of the person who owns this asset. | [optional] |
| **physical_core_count** | **Integer** | The number of physical CPU cores available on the system. | [optional] |
| **platform_name** | **String** | The platform name of the asset (Windows, Mac, Linux). | [optional] |
@@ -139,18 +150,23 @@ instance = Falcon::DomainDiscoverAPIHost.new(
city: null,
classification: null,
cloud_account_id: null,
+ cloud_instance_id: null,
cloud_provider: null,
cloud_region: null,
cloud_registered: null,
cloud_resource_id: null,
computed_asset_roles: null,
+ computed_internet_exposure: null,
confidence: null,
country: null,
cpu_manufacturer: null,
cpu_processor_name: null,
creation_timestamp: null,
criticality: null,
+ criticality_description: null,
criticality_rule_id: null,
+ criticality_timestamp: null,
+ criticality_username: null,
current_local_ip: null,
data_providers: null,
data_providers_count: null,
@@ -158,6 +174,7 @@ instance = Falcon::DomainDiscoverAPIHost.new(
descriptions: null,
discoverer_aids: null,
discoverer_count: null,
+ discoverer_hostnames: null,
discoverer_platform_names: null,
discoverer_product_type_descs: null,
discoverer_tags: null,
@@ -178,8 +195,12 @@ instance = Falcon::DomainDiscoverAPIHost.new(
hostname: null,
id: null,
internet_exposure: null,
+ internet_exposure_description: null,
+ internet_exposure_timestamp: null,
+ internet_exposure_username: null,
kernel_version: null,
last_discoverer_aid: null,
+ last_discoverer_hostname: null,
last_seen_timestamp: null,
local_ip_addresses: null,
local_ips_count: null,
@@ -203,6 +224,7 @@ instance = Falcon::DomainDiscoverAPIHost.new(
ou: null,
override_asset_roles: null,
override_criticality_rules: null,
+ override_internet_exposure: null,
owned_by: null,
physical_core_count: null,
platform_name: null,
diff --git a/docs/DomainDiscoverAPIIoTHost.md b/docs/DomainDiscoverAPIIoTHost.md
index c36436f0..e81eaffc 100644
--- a/docs/DomainDiscoverAPIIoTHost.md
+++ b/docs/DomainDiscoverAPIIoTHost.md
@@ -29,6 +29,7 @@
| **device_slots** | [**Array<DomainDiscoverAPIDeviceSlot>**](DomainDiscoverAPIDeviceSlot.md) | The slots of IoT Asset | [optional] |
| **device_type** | **String** | The Device Type of IoT Asset | [optional] |
| **discoverer_count** | **Integer** | The number of sources that discovered the asset. | [optional] |
+| **discoverer_ics_collector_ids** | **Array<String>** | A list of agent IDs of the Falcon sensors installed on the source hosts that discovered the asset via ICS Asset discovery mechanism | [optional] |
| **discoverer_product_type_descs** | **Array<String>** | The product type descriptions of the sources that discovered the asset. | [optional] |
| **disk_sizes** | [**Array<DomainDiscoverAPIDiskSize>**](DomainDiscoverAPIDiskSize.md) | The names and sizes of the disks on the asset | [optional] |
| **encrypted_drives** | **Array<String>** | The list of encrypted drives on the asset | [optional] |
@@ -123,6 +124,7 @@ instance = Falcon::DomainDiscoverAPIIoTHost.new(
device_slots: null,
device_type: null,
discoverer_count: null,
+ discoverer_ics_collector_ids: null,
discoverer_product_type_descs: null,
disk_sizes: null,
encrypted_drives: null,
diff --git a/docs/DomainDiscoverParams.md b/docs/DomainDiscoverParams.md
index 282c2643..d9302fe7 100644
--- a/docs/DomainDiscoverParams.md
+++ b/docs/DomainDiscoverParams.md
@@ -4,7 +4,9 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
+| **application_filters** | **String** | | |
| **application_group_id** | **String** | | |
+| **application_vendors** | **String** | | |
| **requirement_criteria** | **String** | | |
## Example
@@ -13,7 +15,9 @@
require 'crimson-falcon'
instance = Falcon::DomainDiscoverParams.new(
+ application_filters: null,
application_group_id: null,
+ application_vendors: null,
requirement_criteria: null
)
```
diff --git a/docs/DomainECrimeKillChain.md b/docs/DomainECrimeKillChain.md
index 314dfb7c..521d2dfb 100644
--- a/docs/DomainECrimeKillChain.md
+++ b/docs/DomainECrimeKillChain.md
@@ -4,26 +4,26 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **attribution** | **String** | | [optional] |
-| **crimes** | **String** | | [optional] |
-| **customers** | **String** | | [optional] |
-| **exploitation** | **String** | | [optional] |
-| **marketing** | **String** | | [optional] |
-| **monetization** | **String** | | [optional] |
-| **rich_text_attribution** | **String** | | [optional] |
-| **rich_text_crimes** | **String** | | [optional] |
-| **rich_text_customers** | **String** | | [optional] |
-| **rich_text_exploitation** | **String** | | [optional] |
-| **rich_text_marketing** | **String** | | [optional] |
-| **rich_text_monetization** | **String** | | [optional] |
-| **rich_text_services_offered** | **String** | | [optional] |
-| **rich_text_services_used** | **String** | | [optional] |
-| **rich_text_technical_tradecraft** | **String** | | [optional] |
-| **rich_text_victims** | **String** | | [optional] |
-| **services_offered** | **String** | | [optional] |
-| **services_used** | **String** | | [optional] |
-| **technical_tradecraft** | **String** | | [optional] |
-| **victims** | **String** | | [optional] |
+| **attribution** | **String** | Free form text describing attribution of the ecrime actor | [optional] |
+| **crimes** | **String** | Free form text describing actor's crimes | [optional] |
+| **customers** | **String** | Free form text describing ecrime actor's customers and affiliates | [optional] |
+| **exploitation** | **String** | Comma separated values of vulnerabilities by CVE codes that are exploited by actor | [optional] |
+| **marketing** | **String** | Free form text describing ecrime actor's marketing campaigns and advertisement | [optional] |
+| **monetization** | **String** | Legacy field, not used and empty | [optional] |
+| **rich_text_attribution** | **String** | Rich text version of the attribution field | [optional] |
+| **rich_text_crimes** | **String** | Rich text version of the crimes field | [optional] |
+| **rich_text_customers** | **String** | Rich text version of the customers field | [optional] |
+| **rich_text_exploitation** | **String** | Rich text version of the exploitation field | [optional] |
+| **rich_text_marketing** | **String** | Rich text version of the marketing field | [optional] |
+| **rich_text_monetization** | **String** | Legacy field, not used and empty | [optional] |
+| **rich_text_services_offered** | **String** | Rich text version of the services_offered field | [optional] |
+| **rich_text_services_used** | **String** | Rich text version of the services_used field | [optional] |
+| **rich_text_technical_tradecraft** | **String** | Rich text version of the technical_tradecraft field | [optional] |
+| **rich_text_victims** | **String** | Rich text version of the victims field | [optional] |
+| **services_offered** | **String** | Free form text describing ecrime actor's services offered and monetized | [optional] |
+| **services_used** | **String** | Free form text describing ecrime actor's used services provided by other actors or groups | [optional] |
+| **technical_tradecraft** | **String** | Free form text describing methods and descriptions of techniques used by actor | [optional] |
+| **victims** | **String** | Free form text describing victims or their characteristics of the ecrime actor | [optional] |
## Example
diff --git a/docs/DomainEntity.md b/docs/DomainEntity.md
index d4eec535..4fc14aa2 100644
--- a/docs/DomainEntity.md
+++ b/docs/DomainEntity.md
@@ -4,10 +4,10 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **id** | **Integer** | | |
-| **name** | **String** | | [optional] |
-| **slug** | **String** | | [optional] |
-| **value** | **String** | | [optional] |
+| **id** | **Integer** | numerical id ensuring data integrity | |
+| **name** | **String** | name of the entity | [optional] |
+| **slug** | **String** | search and url friendly value, usually lowercase representation of value with spaces replaced with dashes, except for countries where 2 letters codes are used | [optional] |
+| **value** | **String** | string value of the generic entity which is searchable and filterable | [optional] |
## Example
diff --git a/docs/DomainGCPAccountV1.md b/docs/DomainGCPAccountV1.md
index 382468c7..99382393 100644
--- a/docs/DomainGCPAccountV1.md
+++ b/docs/DomainGCPAccountV1.md
@@ -9,8 +9,10 @@
| **id** | **Integer** | | |
| **updated_at** | **Time** | | |
| **cid** | **String** | | |
+| **cloud_scopes** | [**Array<DomainCloudScope>**](DomainCloudScope.md) | | [optional] |
| **cspm_enabled** | **Boolean** | | |
| **display_name** | **String** | GCP Display Name | [optional] |
+| **environment** | **String** | | [optional] |
| **folder_id** | **String** | GCP folder ID | [optional] |
| **folder_name** | **String** | GCP folder Name | [optional] |
| **gcp_permissions_status** | [**Array<DomainPermission>**](DomainPermission.md) | Permissions status returned via API. | |
@@ -36,8 +38,10 @@ instance = Falcon::DomainGCPAccountV1.new(
id: null,
updated_at: null,
cid: null,
+ cloud_scopes: null,
cspm_enabled: null,
display_name: null,
+ environment: null,
folder_id: null,
folder_name: null,
gcp_permissions_status: null,
diff --git a/docs/DomainKillChain.md b/docs/DomainKillChain.md
index 71c84d21..d0e38c6b 100644
--- a/docs/DomainKillChain.md
+++ b/docs/DomainKillChain.md
@@ -4,22 +4,22 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **actions_and_objectives** | **String** | | [optional] |
-| **command_and_control** | **String** | | [optional] |
-| **delivery** | **String** | | [optional] |
-| **exploitation** | **String** | | [optional] |
-| **installation** | **String** | | [optional] |
-| **objectives** | **String** | | [optional] |
-| **reconnaissance** | **String** | | [optional] |
-| **rich_text_actions_and_objectives** | **String** | | [optional] |
-| **rich_text_command_and_control** | **String** | | [optional] |
-| **rich_text_delivery** | **String** | | [optional] |
-| **rich_text_exploitation** | **String** | | [optional] |
-| **rich_text_installation** | **String** | | [optional] |
-| **rich_text_objectives** | **String** | | [optional] |
-| **rich_text_reconnaissance** | **String** | | [optional] |
-| **rich_text_weaponization** | **String** | | [optional] |
-| **weaponization** | **String** | | [optional] |
+| **actions_and_objectives** | **String** | Free form text describing actions and objectives of the actor | [optional] |
+| **command_and_control** | **String** | Free form text describing methods and tools used to communicate with and control an infected machine or network | [optional] |
+| **delivery** | **String** | Free form text describing malware delivery by actor | [optional] |
+| **exploitation** | **String** | Comma separated values of vulnerabilities by CVE codes that are exploited by actor | [optional] |
+| **installation** | **String** | Free form text describing actor's malware installation on the asset | [optional] |
+| **objectives** | **String** | Legacy field, not used and empty | [optional] |
+| **reconnaissance** | **String** | Free form text describing how targets are researched, identified and selected | [optional] |
+| **rich_text_actions_and_objectives** | **String** | Rich free form text describing actions and objectives of the actor | [optional] |
+| **rich_text_command_and_control** | **String** | Rich free form text describing methods and tools used to communicate with and control an infected machine or network | [optional] |
+| **rich_text_delivery** | **String** | Rich free form text describing malware delivery by actor | [optional] |
+| **rich_text_exploitation** | **String** | Rich text comma separated values of vulnerabilities by CVE codes that are exploited by actor | [optional] |
+| **rich_text_installation** | **String** | Rich free form text describing actor's malware installation on the asset | [optional] |
+| **rich_text_objectives** | **String** | Legacy field, not used and empty | [optional] |
+| **rich_text_reconnaissance** | **String** | Rich free form text describing how targets are researched, identified and selected | [optional] |
+| **rich_text_weaponization** | **String** | Rich free form text describing weaponization of the threat/malware (couples exploit with backdoor into deliverable payload) | [optional] |
+| **weaponization** | **String** | Free form text describing weaponization of the threat/malware (couples exploit with backdoor into deliverable payload) | [optional] |
## Example
diff --git a/docs/DomainMatchedBreachSummaryV1.md b/docs/DomainMatchedBreachSummaryV1.md
index abc3018d..10f6bb00 100644
--- a/docs/DomainMatchedBreachSummaryV1.md
+++ b/docs/DomainMatchedBreachSummaryV1.md
@@ -14,6 +14,8 @@
| **exposure_date** | **Time** | The date when the data was leaked online | [optional] |
| **fields** | **Array<String>** | The set of fields which were breached: 'email', 'password', 'login_id', 'phone', etc. | |
| **files** | [**Array<DomainFileDetailsV1>**](DomainFileDetailsV1.md) | Metadata regarding the file(s) where exposed data records where found. | [optional] |
+| **idp_send_date** | **Time** | | [optional] |
+| **idp_send_status** | **String** | | [optional] |
| **name** | **String** | The name of the breach | |
| **obtained_by** | **String** | Exposed Data Event Threat Actor/Group: Moniker(s) or real name(s) of the individual/group who unveiled confidential data. | [optional] |
| **url** | **String** | Where the leak was found. | [optional] |
@@ -34,6 +36,8 @@ instance = Falcon::DomainMatchedBreachSummaryV1.new(
exposure_date: null,
fields: null,
files: null,
+ idp_send_date: null,
+ idp_send_status: null,
name: null,
obtained_by: null,
url: null
diff --git a/docs/DomainMetaInfo.md b/docs/DomainMetaInfo.md
index 3c436889..291916a4 100644
--- a/docs/DomainMetaInfo.md
+++ b/docs/DomainMetaInfo.md
@@ -4,10 +4,8 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **pagination** | [**DomainAssessmentPaging**](DomainAssessmentPaging.md) | | [optional] |
-| **powered_by** | **String** | | [optional] |
-| **query_time** | **Float** | | |
-| **trace_id** | **String** | | |
+| **msa_meta_info** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | |
+| **quota** | [**DomainQuota**](DomainQuota.md) | | [optional] |
## Example
@@ -15,10 +13,8 @@
require 'crimson-falcon'
instance = Falcon::DomainMetaInfo.new(
- pagination: null,
- powered_by: null,
- query_time: null,
- trace_id: null
+ msa_meta_info: null,
+ quota: null
)
```
diff --git a/docs/DomainMsaMetaInfo.md b/docs/DomainMsaMetaInfo.md
new file mode 100644
index 00000000..fe57f7c6
--- /dev/null
+++ b/docs/DomainMsaMetaInfo.md
@@ -0,0 +1,20 @@
+# Falcon::DomainMsaMetaInfo
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **pagination** | [**MsaspecPaging**](MsaspecPaging.md) | | [optional] |
+| **query_time** | **Float** | | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::DomainMsaMetaInfo.new(
+ pagination: null,
+ query_time: null
+)
+```
+
diff --git a/docs/DomainNewsDocument.md b/docs/DomainNewsDocument.md
index 0b000316..a4d1fdff 100644
--- a/docs/DomainNewsDocument.md
+++ b/docs/DomainNewsDocument.md
@@ -4,29 +4,29 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **active** | **Boolean** | | [optional] |
-| **actors** | [**Array<DomainSimpleActor>**](DomainSimpleActor.md) | | |
-| **attachments** | [**Array<DomainFile>**](DomainFile.md) | | [optional] |
-| **created_date** | **Integer** | | |
-| **description** | **String** | | [optional] |
-| **entitlements** | [**Array<DomainEntity>**](DomainEntity.md) | | [optional] |
-| **id** | **Integer** | | |
+| **active** | **Boolean** | legacy field, not used | [optional] |
+| **actors** | [**Array<DomainSimpleActor>**](DomainSimpleActor.md) | Actors mentioned, related or referenced in the news/report | |
+| **attachments** | [**Array<DomainFile>**](DomainFile.md) | News attachment, containing either pdf url or feeds zip and/or gzip archive | [optional] |
+| **created_date** | **Integer** | Date of the news document creation, unix timestampt | |
+| **description** | **String** | Full report description, extracted from the document | [optional] |
+| **entitlements** | [**Array<DomainEntity>**](DomainEntity.md) | internal property used for permissions check of access, not returned or explicitly filterable | [optional] |
+| **id** | **Integer** | Integer ID of the News document | |
| **image** | [**DomainImage**](DomainImage.md) | | [optional] |
-| **last_modified_date** | **Integer** | | |
-| **motivations** | [**Array<DomainEntity>**](DomainEntity.md) | | |
-| **name** | **String** | | |
-| **notify_users** | **Boolean** | | [optional] |
-| **rich_text_description** | **String** | | [optional] |
-| **short_description** | **String** | | [optional] |
-| **slug** | **String** | | |
+| **last_modified_date** | **Integer** | Date of the news document last modification, unix timestampt | |
+| **motivations** | [**Array<DomainEntity>**](DomainEntity.md) | News mentioned motivation or motivation of related actors and malware families | |
+| **name** | **String** | News title | |
+| **notify_users** | **Boolean** | internal field, not used | [optional] |
+| **rich_text_description** | **String** | Rich text description with markup | [optional] |
+| **short_description** | **String** | Short description of the report content | [optional] |
+| **slug** | **String** | News title in a url friendly way, which is title in lowercase and special characters including space replaced with dash | |
| **sub_type** | [**DomainEntity**](DomainEntity.md) | | [optional] |
-| **tags** | [**Array<DomainEntity>**](DomainEntity.md) | | |
-| **target_countries** | [**Array<DomainEntity>**](DomainEntity.md) | | |
-| **target_industries** | [**Array<DomainEntity>**](DomainEntity.md) | | |
+| **tags** | [**Array<DomainEntity>**](DomainEntity.md) | News tags, which contains MITRE, Vulnerability community identifiers, capabilities, malware family name, customer target, activity cluster, notable event, geopolitical issue | |
+| **target_countries** | [**Array<DomainEntity>**](DomainEntity.md) | News mentioned target countries or related actor's target countries | |
+| **target_industries** | [**Array<DomainEntity>**](DomainEntity.md) | News mentioned target industries or related actor's target industries | |
| **thumbnail** | [**DomainImage**](DomainImage.md) | | |
| **topic** | [**DomainEntity**](DomainEntity.md) | | [optional] |
| **type** | [**DomainEntity**](DomainEntity.md) | | [optional] |
-| **url** | **String** | | [optional] |
+| **url** | **String** | URL of the news document where it can be accessed in the Falcon Portal | [optional] |
## Example
diff --git a/docs/DomainNewsResponse.md b/docs/DomainNewsResponse.md
index 7beb1954..ed6296a4 100644
--- a/docs/DomainNewsResponse.md
+++ b/docs/DomainNewsResponse.md
@@ -4,7 +4,7 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | |
+| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | Array of API Errors | |
| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | |
| **resources** | [**Array<DomainNewsDocument>**](DomainNewsDocument.md) | | |
diff --git a/docs/DomainNotificationV1.md b/docs/DomainNotificationV1.md
index d1ea07b4..07891061 100644
--- a/docs/DomainNotificationV1.md
+++ b/docs/DomainNotificationV1.md
@@ -19,6 +19,7 @@
| **item_site** | **String** | The site where the intelligence item was found | [optional] |
| **item_site_id** | **String** | The ID of the site where the intelligence item was found | [optional] |
| **item_type** | **String** | Type of the item which matched the rule: `post`, `reply`, `botnet_config`, `breach`, etc. | |
+| **logs** | [**Array<SadomainNotificationLog>**](SadomainNotificationLog.md) | | [optional] |
| **raw_intel_id** | **String** | ID of the raw intel item that matched the rule | |
| **rule_id** | **String** | The ID of the rule that generated this notification | |
| **rule_name** | **String** | The name of the rule that generated this notification | |
@@ -50,6 +51,7 @@ instance = Falcon::DomainNotificationV1.new(
item_site: null,
item_site_id: null,
item_type: null,
+ logs: null,
raw_intel_id: null,
rule_id: null,
rule_name: null,
diff --git a/docs/DomainPolicyInfo.md b/docs/DomainPolicyInfo.md
index ef6562ec..da9c717b 100644
--- a/docs/DomainPolicyInfo.md
+++ b/docs/DomainPolicyInfo.md
@@ -16,6 +16,7 @@
| **attack_tool_command** | **String** | | [optional] |
| **attack_types** | **Array<String>** | | [optional] |
| **cis_benchmark_ids** | **Array<Integer>** | | [optional] |
+| **cisa_benchmark_ids** | **Array<Integer>** | | [optional] |
| **cli_command** | **String** | | [optional] |
| **cloud_asset_type** | **String** | | [optional] |
| **cloud_document** | **String** | | [optional] |
@@ -33,6 +34,7 @@
| **internal_only** | **Boolean** | | [optional] |
| **is_enabled** | **Boolean** | | |
| **is_remediable** | **Boolean** | | |
+| **iso_benchmark_ids** | **Array<Integer>** | | [optional] |
| **mitre_attack_cloud_matrix** | **String** | | [optional] |
| **mitre_attack_cloud_subtype** | **String** | | [optional] |
| **nist_benchmark_ids** | **Array<Integer>** | | [optional] |
@@ -72,6 +74,7 @@ instance = Falcon::DomainPolicyInfo.new(
attack_tool_command: null,
attack_types: null,
cis_benchmark_ids: null,
+ cisa_benchmark_ids: null,
cli_command: null,
cloud_asset_type: null,
cloud_document: null,
@@ -89,6 +92,7 @@ instance = Falcon::DomainPolicyInfo.new(
internal_only: null,
is_enabled: null,
is_remediable: null,
+ iso_benchmark_ids: null,
mitre_attack_cloud_matrix: null,
mitre_attack_cloud_subtype: null,
nist_benchmark_ids: null,
diff --git a/docs/DomainQueryMitreAttacksResponse.md b/docs/DomainQueryMitreAttacksResponse.md
new file mode 100644
index 00000000..293847b6
--- /dev/null
+++ b/docs/DomainQueryMitreAttacksResponse.md
@@ -0,0 +1,22 @@
+# Falcon::DomainQueryMitreAttacksResponse
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | Array of API Errors | |
+| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | |
+| **resources** | **Array<String>** | Actor's MITRE attack (Tactic and Technique) ids, represents a concatenation of actors slug, tactic id and technique id (optional) concatenated by underscore, example: fancy-bear_TA0011_T1071' | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::DomainQueryMitreAttacksResponse.new(
+ errors: null,
+ meta: null,
+ resources: null
+)
+```
+
diff --git a/docs/DomainQueryResponse.md b/docs/DomainQueryResponse.md
index f2587360..a1269488 100644
--- a/docs/DomainQueryResponse.md
+++ b/docs/DomainQueryResponse.md
@@ -4,8 +4,8 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **errors** | [**Array<DomainReconAPIError>**](DomainReconAPIError.md) | | |
-| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | |
+| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | [optional] |
+| **meta** | [**DomainMsaMetaInfo**](DomainMsaMetaInfo.md) | | |
| **resources** | **Array<String>** | | |
## Example
diff --git a/docs/DomainRule.md b/docs/DomainRule.md
index e02c5acb..22827b49 100644
--- a/docs/DomainRule.md
+++ b/docs/DomainRule.md
@@ -4,14 +4,15 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **categories** | **Array<String>** | The categories associated with the rule | |
-| **created_date** | **String** | UTC timestamp when rule was created | |
-| **customer_id** | **String** | The ID of the customer | |
-| **id** | **String** | The ID of the rule | |
-| **name** | **String** | The name of the rule | |
-| **rule_type** | **String** | The type of the rule | |
-| **updated_date** | **String** | UTC timestamp when rule was last updated | |
-| **value** | **String** | The value of the rule | |
+| **created_date** | **Integer** | | |
+| **description** | **String** | | |
+| **id** | **Integer** | | |
+| **last_modified_date** | **Integer** | | |
+| **name** | **String** | | |
+| **rich_text_description** | **String** | | |
+| **short_description** | **String** | | |
+| **tags** | **Array<String>** | | |
+| **type** | **String** | | |
## Example
@@ -19,14 +20,15 @@
require 'crimson-falcon'
instance = Falcon::DomainRule.new(
- categories: null,
created_date: null,
- customer_id: null,
+ description: null,
id: null,
+ last_modified_date: null,
name: null,
- rule_type: null,
- updated_date: null,
- value: null
+ rich_text_description: null,
+ short_description: null,
+ tags: null,
+ type: null
)
```
diff --git a/docs/DomainUpdateNotificationRequestV1.md b/docs/DomainUpdateNotificationRequestV1.md
index dca89d5d..df31b6c8 100644
--- a/docs/DomainUpdateNotificationRequestV1.md
+++ b/docs/DomainUpdateNotificationRequestV1.md
@@ -6,6 +6,8 @@
| ---- | ---- | ----------- | ----- |
| **assigned_to_uuid** | **String** | The unique ID of the user who is assigned to this notification. The value `unassigned` can be used to unassign a notification. | |
| **id** | **String** | The ID of the notifications | |
+| **idp_send_status** | **String** | | |
+| **message** | **String** | | |
| **status** | **String** | The notification status. This can be one of: `new`, `in-progress`, `closed-false-positive`, `closed-true-positive`. | |
## Example
@@ -16,6 +18,8 @@ require 'crimson-falcon'
instance = Falcon::DomainUpdateNotificationRequestV1.new(
assigned_to_uuid: null,
id: null,
+ idp_send_status: null,
+ message: null,
status: null
)
```
diff --git a/docs/DomainUserAction.md b/docs/DomainUserAction.md
index 2c05b3ff..d560c3c4 100644
--- a/docs/DomainUserAction.md
+++ b/docs/DomainUserAction.md
@@ -4,7 +4,7 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **action_name** | **String** | Action name | [optional] |
+| **action_name** | **String** | Action name | |
| **action_value** | **String** | Value for action, if any | [optional] |
## Example
diff --git a/docs/DomainVulnerability.md b/docs/DomainVulnerability.md
index f7caa7a9..4f6f9e68 100644
--- a/docs/DomainVulnerability.md
+++ b/docs/DomainVulnerability.md
@@ -4,20 +4,20 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **affected_products** | [**Array<DomainVulnerabilityAffectedProduct>**](DomainVulnerabilityAffectedProduct.md) | | [optional] |
-| **community_identifiers** | **Array<String>** | | [optional] |
-| **cve** | **String** | | |
-| **cvss_v2_base** | **String** | | [optional] |
-| **cvss_v3_base** | **String** | | [optional] |
-| **description** | **String** | | [optional] |
-| **exploit_status** | **String** | | [optional] |
-| **name** | **String** | | [optional] |
-| **publish_date** | **String** | | [optional] |
-| **related_actors** | [**Array<DomainVulnerabilityActor>**](DomainVulnerabilityActor.md) | | [optional] |
-| **related_reports** | [**Array<DomainVulnerabilityReport>**](DomainVulnerabilityReport.md) | | [optional] |
-| **related_threats** | [**Array<DomainVulnerabilityRelatedThreat>**](DomainVulnerabilityRelatedThreat.md) | | [optional] |
-| **severity** | **String** | | [optional] |
-| **updated_timestamp** | **String** | | [optional] |
+| **affected_products** | [**Array<DomainVulnerabilityAffectedProduct>**](DomainVulnerabilityAffectedProduct.md) | List of products affected by vulnerability, specifying product and vendor | [optional] |
+| **community_identifiers** | **Array<String>** | Vulnerability community identifiers, which is usually populated for the most popular vulnerabilities | [optional] |
+| **cve** | **String** | CVE ID number with four or more digits in the sequence number portion of the ID, examples: CVE-1999-0067, CVE-2014-12345, CVE-2016-7654321 | |
+| **cvss_v2_base** | **String** | Vulnerability severity score, according to Common Vulnerability Scoring System V2 | [optional] |
+| **cvss_v3_base** | **String** | Vulnerability severity score, according to Common Vulnerability Scoring System V3 | [optional] |
+| **description** | **String** | Text description of the vulnerability | [optional] |
+| **exploit_status** | **String** | Exploit status of vulnerability, one of: unproven, available, easilyaccessible, activelyused | [optional] |
+| **name** | **String** | legacy field, not populated | [optional] |
+| **publish_date** | **String** | Date when the vulnerability was published | [optional] |
+| **related_actors** | [**Array<DomainVulnerabilityActor>**](DomainVulnerabilityActor.md) | Threat actors that exploits vulnerability | [optional] |
+| **related_reports** | [**Array<DomainVulnerabilityReport>**](DomainVulnerabilityReport.md) | Related finished Intelligence Reports to vulnerability, which usually describes the exploitation or attacks using those | [optional] |
+| **related_threats** | [**Array<DomainVulnerabilityRelatedThreat>**](DomainVulnerabilityRelatedThreat.md) | Malware Families (threats) that are known to be related to the vulnerability | [optional] |
+| **severity** | **String** | Severity of the vulnerability, can be empty or one of: LOW, MEDIUM, HIGH, CRITICAL | [optional] |
+| **updated_timestamp** | **String** | Date when the vulnerability was last time updated in the CrowdStrike's database | [optional] |
## Example
diff --git a/docs/DomainVulnerabilityActor.md b/docs/DomainVulnerabilityActor.md
index 685e78b9..12e84054 100644
--- a/docs/DomainVulnerabilityActor.md
+++ b/docs/DomainVulnerabilityActor.md
@@ -4,8 +4,8 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **id** | **String** | | [optional] |
-| **name** | **String** | | [optional] |
+| **id** | **String** | Actor internal ID, consisting of it's name with spaces removed | [optional] |
+| **name** | **String** | Actor name, composed of 2 uppercase words | [optional] |
## Example
diff --git a/docs/DomainVulnerabilityAffectedProduct.md b/docs/DomainVulnerabilityAffectedProduct.md
index 87681c58..47476e87 100644
--- a/docs/DomainVulnerabilityAffectedProduct.md
+++ b/docs/DomainVulnerabilityAffectedProduct.md
@@ -4,8 +4,8 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **product** | **String** | | [optional] |
-| **vendor** | **String** | | [optional] |
+| **product** | **String** | Lowercase product name that vulnerability affects | [optional] |
+| **vendor** | **String** | Lowercase vendor name that develops or provides the affected product | [optional] |
## Example
diff --git a/docs/DomainVulnerabilityRelatedThreat.md b/docs/DomainVulnerabilityRelatedThreat.md
index f90b45f3..8089dd6e 100644
--- a/docs/DomainVulnerabilityRelatedThreat.md
+++ b/docs/DomainVulnerabilityRelatedThreat.md
@@ -4,8 +4,8 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **capabilities** | **Array<String>** | | [optional] |
-| **name** | **String** | | [optional] |
+| **capabilities** | **Array<String>** | List of malware family or threat capabilities | [optional] |
+| **name** | **String** | Malware Family or Threat Name | [optional] |
## Example
diff --git a/docs/DomainVulnerabilityReport.md b/docs/DomainVulnerabilityReport.md
index c725a4f9..4dc3d015 100644
--- a/docs/DomainVulnerabilityReport.md
+++ b/docs/DomainVulnerabilityReport.md
@@ -4,8 +4,8 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **serial_id** | **String** | | [optional] |
-| **title** | **String** | | [optional] |
+| **serial_id** | **String** | Report serial ID, composed of 2 parts separated with dash, example: CSA-20000, CSIT-220000 | [optional] |
+| **title** | **String** | legacy, not populated field | [optional] |
## Example
diff --git a/docs/DomainVulnerabilityResponse.md b/docs/DomainVulnerabilityResponse.md
index 800d2168..10006faa 100644
--- a/docs/DomainVulnerabilityResponse.md
+++ b/docs/DomainVulnerabilityResponse.md
@@ -4,9 +4,9 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | |
+| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | Array of API Errors | |
| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | |
-| **resources** | [**Array<DomainVulnerability>**](DomainVulnerability.md) | | |
+| **resources** | [**Array<DomainVulnerability>**](DomainVulnerability.md) | Array of Vulnerability documents that were requested | |
## Example
diff --git a/docs/FalconContainerImageApi.md b/docs/FalconContainerImageApi.md
index 0289d9df..e7fdeee5 100644
--- a/docs/FalconContainerImageApi.md
+++ b/docs/FalconContainerImageApi.md
@@ -6,6 +6,7 @@ All URIs are relative to *https://api.crowdstrike.com*
| ------ | ------------ | ----------- |
| [**create_registry_entities**](FalconContainerImageApi.md#create_registry_entities) | **POST** /container-security/entities/registries/v1 | Create a registry entity using the provided details |
| [**delete_registry_entities**](FalconContainerImageApi.md#delete_registry_entities) | **DELETE** /container-security/entities/registries/v1 | Delete the registry entity identified by the entity UUID |
+| [**get_combined_images**](FalconContainerImageApi.md#get_combined_images) | **GET** /container-security/combined/image-assessment/images/v1 | Get image assessment results by providing an FQL filter and paging details |
| [**read_registry_entities**](FalconContainerImageApi.md#read_registry_entities) | **GET** /container-security/queries/registries/v1 | Retrieve registry entities identified by the customer id |
| [**read_registry_entities_by_uuid**](FalconContainerImageApi.md#read_registry_entities_by_uuid) | **GET** /container-security/entities/registries/v1 | Retrieve the registry entity identified by the entity UUID |
| [**update_registry_entities**](FalconContainerImageApi.md#update_registry_entities) | **PATCH** /container-security/entities/registries/v1 | Update the registry entity, as identified by the entity UUID, using the provided details |
@@ -149,6 +150,83 @@ end
- **Accept**: application/json
+## get_combined_images
+
+> get_combined_images(opts)
+
+Get image assessment results by providing an FQL filter and paging details
+
+### Examples
+
+```ruby
+require 'time'
+require 'crimson-falcon'
+
+# Setup authorization
+Falcon.configure do |config|
+ config.client_id = "Your_Client_ID"
+ config.client_secret = "Your_Client_Secret"
+ config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
+end
+
+api_instance = Falcon::FalconContainerImageApi.new
+opts = {
+ filter: 'filter_example', # String | Filter images using a query in Falcon Query Language (FQL). Supported filters: container_running_status, cve_id, first_seen, registry, repository, tag, vulnerability_severity
+ limit: 56, # Integer | The upper-bound on the number of records to retrieve [1-100]
+ offset: 56, # Integer | The offset from where to begin.
+ sort: 'sort_example' # String | The fields to sort the records on. Supported columns: [first_seen registry repository tag vulnerability_severity]
+}
+
+begin
+ # Get image assessment results by providing an FQL filter and paging details
+ result = api_instance.get_combined_images(opts)
+ p result
+rescue Falcon::ApiError => e
+ puts "Error when calling FalconContainerImageApi->get_combined_images: #{e}"
+end
+```
+
+#### Using the get_combined_images_with_http_info variant
+
+This returns an Array which contains the response data, status code and headers.
+
+> , Integer, Hash)> get_combined_images_with_http_info(opts)
+
+```ruby
+begin
+ # Get image assessment results by providing an FQL filter and paging details
+ data, status_code, headers = api_instance.get_combined_images_with_http_info(opts)
+ p status_code # => 2xx
+ p headers # => { ... }
+ p data # =>
+rescue Falcon::ApiError => e
+ puts "Error when calling FalconContainerImageApi->get_combined_images_with_http_info: #{e}"
+end
+```
+
+### Parameters
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **filter** | **String** | Filter images using a query in Falcon Query Language (FQL). Supported filters: container_running_status, cve_id, first_seen, registry, repository, tag, vulnerability_severity | [optional] |
+| **limit** | **Integer** | The upper-bound on the number of records to retrieve [1-100] | [optional] |
+| **offset** | **Integer** | The offset from where to begin. | [optional] |
+| **sort** | **String** | The fields to sort the records on. Supported columns: [first_seen registry repository tag vulnerability_severity] | [optional] |
+
+### Return type
+
+[**ImagesExtCombinedImagesResponse**](ImagesExtCombinedImagesResponse.md)
+
+### Authorization
+
+**oauth2**
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+
## read_registry_entities
> read_registry_entities(opts)
diff --git a/docs/FalconxAMSICall.md b/docs/FalconxAMSICall.md
index 29c234a6..d3605484 100644
--- a/docs/FalconxAMSICall.md
+++ b/docs/FalconxAMSICall.md
@@ -4,6 +4,8 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
+| **app_name** | **String** | | [optional] |
+| **filename** | **String** | | [optional] |
| **raw_script_content** | **String** | | [optional] |
## Example
@@ -12,6 +14,8 @@
require 'crimson-falcon'
instance = Falcon::FalconxAMSICall.new(
+ app_name: null,
+ filename: null,
raw_script_content: null
)
```
diff --git a/docs/FalconxCertificate.md b/docs/FalconxCertificate.md
new file mode 100644
index 00000000..e30c95c6
--- /dev/null
+++ b/docs/FalconxCertificate.md
@@ -0,0 +1,30 @@
+# Falcon::FalconxCertificate
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **issuer** | **String** | | [optional] |
+| **md5** | **String** | | [optional] |
+| **owner** | **String** | | [optional] |
+| **serial_number** | **String** | | [optional] |
+| **sha1** | **String** | | [optional] |
+| **valid_from** | **Time** | | [optional] |
+| **valid_until** | **Time** | | [optional] |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::FalconxCertificate.new(
+ issuer: null,
+ md5: null,
+ owner: null,
+ serial_number: null,
+ sha1: null,
+ valid_from: null,
+ valid_until: null
+)
+```
+
diff --git a/docs/FalconxFileDataDirectory.md b/docs/FalconxFileDataDirectory.md
new file mode 100644
index 00000000..2c630b00
--- /dev/null
+++ b/docs/FalconxFileDataDirectory.md
@@ -0,0 +1,24 @@
+# Falcon::FalconxFileDataDirectory
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **is_in_section** | **String** | | [optional] |
+| **name** | **String** | | [optional] |
+| **virtual_address** | **String** | | [optional] |
+| **virtual_size** | **String** | | [optional] |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::FalconxFileDataDirectory.new(
+ is_in_section: null,
+ name: null,
+ virtual_address: null,
+ virtual_size: null
+)
+```
+
diff --git a/docs/FalconxFileResource.md b/docs/FalconxFileResource.md
new file mode 100644
index 00000000..d7100a16
--- /dev/null
+++ b/docs/FalconxFileResource.md
@@ -0,0 +1,26 @@
+# Falcon::FalconxFileResource
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **language** | **String** | | [optional] |
+| **name** | **String** | | [optional] |
+| **rva** | **String** | | [optional] |
+| **size** | **String** | | [optional] |
+| **type** | **String** | | [optional] |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::FalconxFileResource.new(
+ language: null,
+ name: null,
+ rva: null,
+ size: null,
+ type: null
+)
+```
+
diff --git a/docs/FalconxFileSection.md b/docs/FalconxFileSection.md
new file mode 100644
index 00000000..8fcc4b13
--- /dev/null
+++ b/docs/FalconxFileSection.md
@@ -0,0 +1,30 @@
+# Falcon::FalconxFileSection
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **characteristics** | **Array<String>** | | [optional] |
+| **entropy** | **Float** | | [optional] |
+| **md5** | **String** | | [optional] |
+| **name** | **String** | | [optional] |
+| **raw_size** | **String** | | [optional] |
+| **virtual_address** | **String** | | [optional] |
+| **virtual_size** | **String** | | [optional] |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::FalconxFileSection.new(
+ characteristics: null,
+ entropy: null,
+ md5: null,
+ name: null,
+ raw_size: null,
+ virtual_address: null,
+ virtual_size: null
+)
+```
+
diff --git a/docs/FalconxModule.md b/docs/FalconxModule.md
new file mode 100644
index 00000000..b2e13c2f
--- /dev/null
+++ b/docs/FalconxModule.md
@@ -0,0 +1,20 @@
+# Falcon::FalconxModule
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **base** | **String** | | [optional] |
+| **path** | **String** | | [optional] |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::FalconxModule.new(
+ base: null,
+ path: null
+)
+```
+
diff --git a/docs/FalconxProcess.md b/docs/FalconxProcess.md
index 38c31e3b..64461166 100644
--- a/docs/FalconxProcess.md
+++ b/docs/FalconxProcess.md
@@ -9,6 +9,7 @@
| **file_accesses** | [**Array<FalconxFileAccess>**](FalconxFileAccess.md) | | [optional] |
| **handles** | [**Array<FalconxHandle>**](FalconxHandle.md) | | [optional] |
| **icon_artifact_id** | **String** | | [optional] |
+| **modules** | [**Array<FalconxModule>**](FalconxModule.md) | | [optional] |
| **mutants** | **Array<String>** | | [optional] |
| **name** | **String** | | [optional] |
| **normalized_path** | **String** | | [optional] |
@@ -32,6 +33,7 @@ instance = Falcon::FalconxProcess.new(
file_accesses: null,
handles: null,
icon_artifact_id: null,
+ modules: null,
mutants: null,
name: null,
normalized_path: null,
diff --git a/docs/FalconxSandboxParametersV1.md b/docs/FalconxSandboxParametersV1.md
index d2fa79ab..82856132 100644
--- a/docs/FalconxSandboxParametersV1.md
+++ b/docs/FalconxSandboxParametersV1.md
@@ -4,6 +4,7 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
+| **interactivity** | **Boolean** | | |
| **action_script** | **String** | | [optional] |
| **command_line** | **String** | | [optional] |
| **document_password** | **String** | | [optional] |
@@ -22,6 +23,7 @@
require 'crimson-falcon'
instance = Falcon::FalconxSandboxParametersV1.new(
+ interactivity: null,
action_script: null,
command_line: null,
document_password: null,
diff --git a/docs/FalconxSandboxReportV1.md b/docs/FalconxSandboxReportV1.md
index b42a022c..397564c9 100644
--- a/docs/FalconxSandboxReportV1.md
+++ b/docs/FalconxSandboxReportV1.md
@@ -5,10 +5,17 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
| **architecture** | **String** | | [optional] |
+| **certificates** | [**Array<FalconxCertificate>**](FalconxCertificate.md) | | [optional] |
+| **certificates_validation_message** | **String** | | [optional] |
| **classification** | **Array<String>** | | [optional] |
| **classification_tags** | **Array<String>** | | [optional] |
| **contacted_hosts** | [**Array<FalconxContactedHost>**](FalconxContactedHost.md) | | [optional] |
+| **dll_characteristics** | **Array<String>** | | [optional] |
| **dns_requests** | [**Array<FalconxDNSRequest>**](FalconxDNSRequest.md) | | [optional] |
+| **entrypoint** | **String** | | [optional] |
+| **entrypoint_preview_count** | **Integer** | | [optional] |
+| **entrypoint_preview_instructions** | **Array<String>** | | [optional] |
+| **entrypoint_section** | **String** | | [optional] |
| **environment_description** | **String** | | [optional] |
| **environment_id** | **Integer** | | [optional] |
| **error_message** | **String** | | [optional] |
@@ -17,20 +24,30 @@
| **exact_deep_hash** | **String** | | [optional] |
| **extracted_files** | [**Array<FalconxExtractedFile>**](FalconxExtractedFile.md) | | [optional] |
| **extracted_interesting_strings** | [**Array<FalconxExtractedInterestingString>**](FalconxExtractedInterestingString.md) | | [optional] |
+| **file_data_directories** | [**Array<FalconxFileDataDirectory>**](FalconxFileDataDirectory.md) | | [optional] |
| **file_imports** | [**Array<FalconxFileImport>**](FalconxFileImport.md) | | [optional] |
| **file_metadata** | [**FalconxFileMetadata**](FalconxFileMetadata.md) | | [optional] |
+| **file_resources** | [**Array<FalconxFileResource>**](FalconxFileResource.md) | | [optional] |
+| **file_sections** | [**Array<FalconxFileSection>**](FalconxFileSection.md) | | [optional] |
| **file_size** | **Integer** | | [optional] |
| **file_type** | **String** | | [optional] |
| **file_type_short** | **Array<String>** | | [optional] |
| **http_requests** | [**Array<FalconxHTTPRequest>**](FalconxHTTPRequest.md) | | [optional] |
+| **icon** | **String** | | [optional] |
+| **image_base** | **String** | | [optional] |
+| **image_file_characteristics** | **Array<String>** | | [optional] |
| **incidents** | [**Array<FalconxIncident>**](FalconxIncident.md) | | [optional] |
| **intelligence_mitre_attacks** | [**Array<FalconxMITREAttack>**](FalconxMITREAttack.md) | | [optional] |
| **ioc_report_broad_artifact_id** | **String** | | [optional] |
| **ioc_report_strict_artifact_id** | **String** | | [optional] |
+| **is_certificates_valid** | **Boolean** | | |
+| **language** | **String** | | [optional] |
+| **major_os_version** | **Integer** | | [optional] |
| **memory_dumps** | [**Array<FalconxMemoryDumpData>**](FalconxMemoryDumpData.md) | | [optional] |
| **memory_dumps_artifact_id** | **String** | | [optional] |
| **memory_forensics** | [**Array<FalconxMemoryForensic>**](FalconxMemoryForensic.md) | | [optional] |
| **memory_strings_artifact_id** | **String** | | [optional] |
+| **minor_os_version** | **Integer** | | [optional] |
| **mitre_attacks** | [**Array<FalconxMITREAttack>**](FalconxMITREAttack.md) | | [optional] |
| **network_settings** | **String** | | [optional] |
| **packer** | **String** | | [optional] |
@@ -43,12 +60,14 @@
| **submission_type** | **String** | | [optional] |
| **submit_name** | **String** | | [optional] |
| **submit_url** | **String** | | [optional] |
+| **subsystem** | **String** | | [optional] |
| **suricata_alerts** | [**Array<FalconxSuricataAlert>**](FalconxSuricataAlert.md) | | [optional] |
| **target_url** | **String** | | [optional] |
| **threat_score** | **Integer** | | [optional] |
| **urls** | [**Array<FalconxUrlData>**](FalconxUrlData.md) | | [optional] |
| **verdict** | **String** | | [optional] |
| **version_info** | [**Array<FalconxVersionInfo>**](FalconxVersionInfo.md) | | [optional] |
+| **visualization** | **String** | | [optional] |
| **windows_version_bitness** | **Integer** | | [optional] |
| **windows_version_edition** | **String** | | [optional] |
| **windows_version_name** | **String** | | [optional] |
@@ -62,10 +81,17 @@ require 'crimson-falcon'
instance = Falcon::FalconxSandboxReportV1.new(
architecture: null,
+ certificates: null,
+ certificates_validation_message: null,
classification: null,
classification_tags: null,
contacted_hosts: null,
+ dll_characteristics: null,
dns_requests: null,
+ entrypoint: null,
+ entrypoint_preview_count: null,
+ entrypoint_preview_instructions: null,
+ entrypoint_section: null,
environment_description: null,
environment_id: null,
error_message: null,
@@ -74,20 +100,30 @@ instance = Falcon::FalconxSandboxReportV1.new(
exact_deep_hash: null,
extracted_files: null,
extracted_interesting_strings: null,
+ file_data_directories: null,
file_imports: null,
file_metadata: null,
+ file_resources: null,
+ file_sections: null,
file_size: null,
file_type: null,
file_type_short: null,
http_requests: null,
+ icon: null,
+ image_base: null,
+ image_file_characteristics: null,
incidents: null,
intelligence_mitre_attacks: null,
ioc_report_broad_artifact_id: null,
ioc_report_strict_artifact_id: null,
+ is_certificates_valid: null,
+ language: null,
+ major_os_version: null,
memory_dumps: null,
memory_dumps_artifact_id: null,
memory_forensics: null,
memory_strings_artifact_id: null,
+ minor_os_version: null,
mitre_attacks: null,
network_settings: null,
packer: null,
@@ -100,12 +136,14 @@ instance = Falcon::FalconxSandboxReportV1.new(
submission_type: null,
submit_name: null,
submit_url: null,
+ subsystem: null,
suricata_alerts: null,
target_url: null,
threat_score: null,
urls: null,
verdict: null,
version_info: null,
+ visualization: null,
windows_version_bitness: null,
windows_version_edition: null,
windows_version_name: null,
diff --git a/docs/FilevantageApi.md b/docs/FilevantageApi.md
index 48c3cfa9..86b15e41 100644
--- a/docs/FilevantageApi.md
+++ b/docs/FilevantageApi.md
@@ -30,7 +30,7 @@ Falcon.configure do |config|
end
api_instance = Falcon::FilevantageApi.new
-ids = ['inner_example'] # Array | Comma separated values of change ids
+ids = ['inner_example'] # Array | One or more change ids in the form of ids=ID1&ids=ID2
begin
# Retrieve information on changes
@@ -63,7 +63,7 @@ end
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **ids** | [**Array<String>**](String.md) | Comma separated values of change ids | |
+| **ids** | [**Array<String>**](String.md) | One or more change ids in the form of ids=ID1&ids=ID2 | |
### Return type
diff --git a/docs/FwmgrFirewallMatchEventResponse.md b/docs/FwmgrFirewallMatchEventResponse.md
index eb315505..2e73dbee 100644
--- a/docs/FwmgrFirewallMatchEventResponse.md
+++ b/docs/FwmgrFirewallMatchEventResponse.md
@@ -8,6 +8,7 @@
| **cid** | **String** | | |
| **command_line** | **String** | | |
| **connection_direction** | **String** | | |
+| **domain_name_list** | **String** | | |
| **event_type** | **String** | | |
| **flags** | [**FwmgrFirewallFlags**](FwmgrFirewallFlags.md) | | |
| **hidden** | **Boolean** | | |
@@ -49,6 +50,7 @@ instance = Falcon::FwmgrFirewallMatchEventResponse.new(
cid: null,
command_line: null,
connection_direction: null,
+ domain_name_list: null,
event_type: null,
flags: null,
hidden: null,
diff --git a/docs/IdentityEntitiesApi.md b/docs/IdentityEntitiesApi.md
new file mode 100644
index 00000000..e64640db
--- /dev/null
+++ b/docs/IdentityEntitiesApi.md
@@ -0,0 +1,225 @@
+# Falcon::IdentityEntitiesApi
+
+All URIs are relative to *https://api.crowdstrike.com*
+
+| Method | HTTP request | Description |
+| ------ | ------------ | ----------- |
+| [**get_sensor_aggregates**](IdentityEntitiesApi.md#get_sensor_aggregates) | **POST** /identity-protection/aggregates/devices/GET/v1 | Get sensor aggregates as specified via json in request body. |
+| [**get_sensor_details**](IdentityEntitiesApi.md#get_sensor_details) | **POST** /identity-protection/entities/devices/GET/v1 | Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs. |
+| [**query_sensors_by_filter**](IdentityEntitiesApi.md#query_sensors_by_filter) | **GET** /identity-protection/queries/devices/v1 | Search for sensors in your environment by hostname, IP, and other criteria. |
+
+
+## get_sensor_aggregates
+
+> get_sensor_aggregates(body)
+
+Get sensor aggregates as specified via json in request body.
+
+### Examples
+
+```ruby
+require 'time'
+require 'crimson-falcon'
+
+# Setup authorization
+Falcon.configure do |config|
+ config.client_id = "Your_Client_ID"
+ config.client_secret = "Your_Client_Secret"
+ config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
+end
+
+api_instance = Falcon::IdentityEntitiesApi.new
+body = Falcon::MsaAggregateQueryRequest.new({date_ranges: [Falcon::MsaDateRangeSpec.new({from: 'from_example', to: 'to_example'})], exclude: 'exclude_example', field: 'field_example', filter: 'filter_example', from: 37, include: 'include_example', interval: 'interval_example', missing: 'missing_example', name: 'name_example', q: 'q_example', ranges: [Falcon::MsaRangeSpec.new({from: 3.56, to: 3.56})], size: 37, sort: 'sort_example', sub_aggregates: [Falcon::MsaAggregateQueryRequest.new({date_ranges: [Falcon::MsaDateRangeSpec.new({from: 'from_example', to: 'to_example'})], exclude: 'exclude_example', field: 'field_example', filter: 'filter_example', from: 37, include: 'include_example', interval: 'interval_example', missing: 'missing_example', name: 'name_example', q: 'q_example', ranges: [Falcon::MsaRangeSpec.new({from: 3.56, to: 3.56})], size: 37, sort: 'sort_example', sub_aggregates: [], time_zone: 'time_zone_example', type: 'type_example'})], time_zone: 'time_zone_example', type: 'type_example'}) # MsaAggregateQueryRequest |
+
+begin
+ # Get sensor aggregates as specified via json in request body.
+ result = api_instance.get_sensor_aggregates(body)
+ p result
+rescue Falcon::ApiError => e
+ puts "Error when calling IdentityEntitiesApi->get_sensor_aggregates: #{e}"
+end
+```
+
+#### Using the get_sensor_aggregates_with_http_info variant
+
+This returns an Array which contains the response data, status code and headers.
+
+> , Integer, Hash)> get_sensor_aggregates_with_http_info(body)
+
+```ruby
+begin
+ # Get sensor aggregates as specified via json in request body.
+ data, status_code, headers = api_instance.get_sensor_aggregates_with_http_info(body)
+ p status_code # => 2xx
+ p headers # => { ... }
+ p data # =>
+rescue Falcon::ApiError => e
+ puts "Error when calling IdentityEntitiesApi->get_sensor_aggregates_with_http_info: #{e}"
+end
+```
+
+### Parameters
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **body** | [**MsaAggregateQueryRequest**](MsaAggregateQueryRequest.md) | | |
+
+### Return type
+
+[**MsaAggregatesResponse**](MsaAggregatesResponse.md)
+
+### Authorization
+
+**oauth2**
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+
+## get_sensor_details
+
+> get_sensor_details(body)
+
+Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs.
+
+### Examples
+
+```ruby
+require 'time'
+require 'crimson-falcon'
+
+# Setup authorization
+Falcon.configure do |config|
+ config.client_id = "Your_Client_ID"
+ config.client_secret = "Your_Client_Secret"
+ config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
+end
+
+api_instance = Falcon::IdentityEntitiesApi.new
+body = Falcon::MsaIdsRequest.new({ids: ['ids_example']}) # MsaIdsRequest |
+
+begin
+ # Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs.
+ result = api_instance.get_sensor_details(body)
+ p result
+rescue Falcon::ApiError => e
+ puts "Error when calling IdentityEntitiesApi->get_sensor_details: #{e}"
+end
+```
+
+#### Using the get_sensor_details_with_http_info variant
+
+This returns an Array which contains the response data, status code and headers.
+
+> , Integer, Hash)> get_sensor_details_with_http_info(body)
+
+```ruby
+begin
+ # Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs.
+ data, status_code, headers = api_instance.get_sensor_details_with_http_info(body)
+ p status_code # => 2xx
+ p headers # => { ... }
+ p data # =>
+rescue Falcon::ApiError => e
+ puts "Error when calling IdentityEntitiesApi->get_sensor_details_with_http_info: #{e}"
+end
+```
+
+### Parameters
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **body** | [**MsaIdsRequest**](MsaIdsRequest.md) | | |
+
+### Return type
+
+[**ApiSensorDetailsResponseSwagger**](ApiSensorDetailsResponseSwagger.md)
+
+### Authorization
+
+**oauth2**
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+
+## query_sensors_by_filter
+
+> query_sensors_by_filter(opts)
+
+Search for sensors in your environment by hostname, IP, and other criteria.
+
+### Examples
+
+```ruby
+require 'time'
+require 'crimson-falcon'
+
+# Setup authorization
+Falcon.configure do |config|
+ config.client_id = "Your_Client_ID"
+ config.client_secret = "Your_Client_Secret"
+ config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
+end
+
+api_instance = Falcon::IdentityEntitiesApi.new
+opts = {
+ offset: 56, # Integer | The offset to start retrieving records from
+ limit: 56, # Integer | The maximum records to return. [1-200]
+ sort: 'sort_example', # String | The property to sort by (e.g. status.desc or hostname.asc)
+ filter: 'filter_example' # String | The filter expression that should be used to limit the results
+}
+
+begin
+ # Search for sensors in your environment by hostname, IP, and other criteria.
+ result = api_instance.query_sensors_by_filter(opts)
+ p result
+rescue Falcon::ApiError => e
+ puts "Error when calling IdentityEntitiesApi->query_sensors_by_filter: #{e}"
+end
+```
+
+#### Using the query_sensors_by_filter_with_http_info variant
+
+This returns an Array which contains the response data, status code and headers.
+
+> , Integer, Hash)> query_sensors_by_filter_with_http_info(opts)
+
+```ruby
+begin
+ # Search for sensors in your environment by hostname, IP, and other criteria.
+ data, status_code, headers = api_instance.query_sensors_by_filter_with_http_info(opts)
+ p status_code # => 2xx
+ p headers # => { ... }
+ p data # =>
+rescue Falcon::ApiError => e
+ puts "Error when calling IdentityEntitiesApi->query_sensors_by_filter_with_http_info: #{e}"
+end
+```
+
+### Parameters
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **offset** | **Integer** | The offset to start retrieving records from | [optional] |
+| **limit** | **Integer** | The maximum records to return. [1-200] | [optional] |
+| **sort** | **String** | The property to sort by (e.g. status.desc or hostname.asc) | [optional] |
+| **filter** | **String** | The filter expression that should be used to limit the results | [optional] |
+
+### Return type
+
+[**MsaspecQueryResponse**](MsaspecQueryResponse.md)
+
+### Authorization
+
+**oauth2**
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
diff --git a/docs/ImagesExtCombinedImagesResponse.md b/docs/ImagesExtCombinedImagesResponse.md
new file mode 100644
index 00000000..535f682b
--- /dev/null
+++ b/docs/ImagesExtCombinedImagesResponse.md
@@ -0,0 +1,22 @@
+# Falcon::ImagesExtCombinedImagesResponse
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | [optional] |
+| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | |
+| **resources** | [**Array<ModelsExtAPIImageCombined>**](ModelsExtAPIImageCombined.md) | | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::ImagesExtCombinedImagesResponse.new(
+ errors: null,
+ meta: null,
+ resources: null
+)
+```
+
diff --git a/docs/IncidentsApi.md b/docs/IncidentsApi.md
index fece2f39..cb09851c 100644
--- a/docs/IncidentsApi.md
+++ b/docs/IncidentsApi.md
@@ -326,7 +326,7 @@ opts = {
filter: 'filter_example', # String | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).
offset: 56, # Integer | Starting index of overall result set from which to return ids.
limit: 56, # Integer | The maximum records to return. [1-500]
- sort: 'cmdline.asc' # String | The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".
+ sort: 'alert_ids.asc' # String | The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".
}
begin
diff --git a/docs/IntelApi.md b/docs/IntelApi.md
index 2a07b89b..ec3f0f33 100644
--- a/docs/IntelApi.md
+++ b/docs/IntelApi.md
@@ -21,7 +21,7 @@ All URIs are relative to *https://api.crowdstrike.com*
| [**query_intel_report_entities**](IntelApi.md#query_intel_report_entities) | **GET** /intel/combined/reports/v1 | Get info about reports that match provided FQL filters. |
| [**query_intel_report_ids**](IntelApi.md#query_intel_report_ids) | **GET** /intel/queries/reports/v1 | Get report IDs that match provided FQL filters. |
| [**query_intel_rule_ids**](IntelApi.md#query_intel_rule_ids) | **GET** /intel/queries/rules/v1 | Search for rule IDs that match provided filter criteria. |
-| [**query_mitre_attacks**](IntelApi.md#query_mitre_attacks) | **GET** /intel/queries/mitre/v1 | Gets MITRE tactics and techniques for the given actor |
+| [**query_mitre_attacks**](IntelApi.md#query_mitre_attacks) | **GET** /intel/queries/mitre/v1 | Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071 |
| [**query_vulnerabilities**](IntelApi.md#query_vulnerabilities) | **GET** /intel/queries/vulnerabilities/v1 | Get vulnerabilities IDs |
@@ -764,7 +764,7 @@ opts = {
offset: 56, # Integer | Set the starting row number to return actors from. Defaults to 0.
limit: 56, # Integer | Set the number of actors to return. The value must be between 1 and 5000.
sort: 'sort_example', # String | Order fields in ascending or descending order. Ex: created_date|asc.
- filter: 'filter_example', # String | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions.
+ filter: 'filter_example', # String | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value.
q: 'q_example', # String | Perform a generic substring search across all fields.
fields: ['inner_example'] # Array | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: \\_\\_\\\\_\\_. Ex: slug \\_\\_full\\_\\_. Defaults to \\_\\_basic\\_\\_.
}
@@ -803,7 +803,7 @@ end
| **offset** | **Integer** | Set the starting row number to return actors from. Defaults to 0. | [optional] |
| **limit** | **Integer** | Set the number of actors to return. The value must be between 1 and 5000. | [optional] |
| **sort** | **String** | Order fields in ascending or descending order. Ex: created_date|asc. | [optional] |
-| **filter** | **String** | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions. | [optional] |
+| **filter** | **String** | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value. | [optional] |
| **q** | **String** | Perform a generic substring search across all fields. | [optional] |
| **fields** | [**Array<String>**](String.md) | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: \\_\\_\\<collection\\>\\_\\_. Ex: slug \\_\\_full\\_\\_. Defaults to \\_\\_basic\\_\\_. | [optional] |
@@ -845,7 +845,7 @@ opts = {
offset: 56, # Integer | Set the starting row number to return actors IDs from. Defaults to 0.
limit: 56, # Integer | Set the number of actor IDs to return. The value must be between 1 and 5000.
sort: 'sort_example', # String | Order fields in ascending or descending order. Ex: created_date|asc.
- filter: 'filter_example', # String | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions.
+ filter: 'filter_example', # String | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value.
q: 'q_example' # String | Perform a generic substring search across all fields.
}
@@ -883,7 +883,7 @@ end
| **offset** | **Integer** | Set the starting row number to return actors IDs from. Defaults to 0. | [optional] |
| **limit** | **Integer** | Set the number of actor IDs to return. The value must be between 1 and 5000. | [optional] |
| **sort** | **String** | Order fields in ascending or descending order. Ex: created_date|asc. | [optional] |
-| **filter** | **String** | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions. | [optional] |
+| **filter** | **String** | Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value. | [optional] |
| **q** | **String** | Perform a generic substring search across all fields. | [optional] |
### Return type
@@ -1317,9 +1317,9 @@ end
## query_mitre_attacks
-> query_mitre_attacks(id)
+> query_mitre_attacks(opts)
-Gets MITRE tactics and techniques for the given actor
+Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071
### Examples
@@ -1335,11 +1335,15 @@ Falcon.configure do |config|
end
api_instance = Falcon::IntelApi.new
-id = 'id_example' # String | The actor ID(derived from the actor's name) for which to retrieve a list of attacks.
+opts = {
+ id: 'id_example', # String | The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed
+ ids: ['inner_example'] # Array | The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed
+}
begin
- # Gets MITRE tactics and techniques for the given actor
- api_instance.query_mitre_attacks(id)
+ # Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071
+ result = api_instance.query_mitre_attacks(opts)
+ p result
rescue Falcon::ApiError => e
puts "Error when calling IntelApi->query_mitre_attacks: #{e}"
end
@@ -1347,17 +1351,17 @@ end
#### Using the query_mitre_attacks_with_http_info variant
-This returns an Array which contains the response data (`nil` in this case), status code and headers.
+This returns an Array which contains the response data, status code and headers.
-> query_mitre_attacks_with_http_info(id)
+> , Integer, Hash)> query_mitre_attacks_with_http_info(opts)
```ruby
begin
- # Gets MITRE tactics and techniques for the given actor
- data, status_code, headers = api_instance.query_mitre_attacks_with_http_info(id)
+ # Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071
+ data, status_code, headers = api_instance.query_mitre_attacks_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
- p data # => nil
+ p data # =>
rescue Falcon::ApiError => e
puts "Error when calling IntelApi->query_mitre_attacks_with_http_info: #{e}"
end
@@ -1367,11 +1371,12 @@ end
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **id** | **String** | The actor ID(derived from the actor's name) for which to retrieve a list of attacks. | |
+| **id** | **String** | The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed | [optional] |
+| **ids** | [**Array<String>**](String.md) | The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed | [optional] |
### Return type
-nil (empty response body)
+[**DomainQueryMitreAttacksResponse**](DomainQueryMitreAttacksResponse.md)
### Authorization
diff --git a/docs/InternalSensorStatus.md b/docs/InternalSensorStatus.md
new file mode 100644
index 00000000..314de0a5
--- /dev/null
+++ b/docs/InternalSensorStatus.md
@@ -0,0 +1,36 @@
+# Falcon::InternalSensorStatus
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **agent_version** | **String** | | [optional] |
+| **cid** | **String** | | |
+| **device_id** | **String** | | |
+| **hostname** | **String** | | [optional] |
+| **idp_policy_id** | **String** | | [optional] |
+| **idp_policy_name** | **String** | | [optional] |
+| **local_ip** | **String** | | [optional] |
+| **machine_domain** | **String** | | [optional] |
+| **os_version** | **String** | | [optional] |
+| **ti_enabled** | **String** | | [optional] |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::InternalSensorStatus.new(
+ agent_version: null,
+ cid: null,
+ device_id: null,
+ hostname: null,
+ idp_policy_id: null,
+ idp_policy_name: null,
+ local_ip: null,
+ machine_domain: null,
+ os_version: null,
+ ti_enabled: null
+)
+```
+
diff --git a/docs/InventoriesApi.md b/docs/InventoriesApi.md
new file mode 100644
index 00000000..a4db4bc0
--- /dev/null
+++ b/docs/InventoriesApi.md
@@ -0,0 +1,77 @@
+# Falcon::InventoriesApi
+
+All URIs are relative to *https://api.crowdstrike.com*
+
+| Method | HTTP request | Description |
+| ------ | ------------ | ----------- |
+| [**create_inventory**](InventoriesApi.md#create_inventory) | **POST** /snapshots/entities/inventories/v1 | Create inventory from data received from snapshot |
+
+
+## create_inventory
+
+> create_inventory(body)
+
+Create inventory from data received from snapshot
+
+### Examples
+
+```ruby
+require 'time'
+require 'crimson-falcon'
+
+# Setup authorization
+Falcon.configure do |config|
+ config.client_id = "Your_Client_ID"
+ config.client_secret = "Your_Client_Secret"
+ config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
+end
+
+api_instance = Falcon::InventoriesApi.new
+body = Falcon::ModelsSnapshotInventoryPayload.new({job_metadata: Falcon::ModelsJobMetaData.new({cloud_provider: 'cloud_provider_example', instance_id: 'instance_id_example', job_end_time: Time.now, job_id: 'job_id_example', job_start_time: Time.now, message: 'message_example', scanner_version: 'scanner_version_example', status: 'status_example'}), results: Falcon::ModelsScanResults.new({applications: [Falcon::ModelsSnapshotInventoryApplication.new({major_version: 'major_version_example', package_hash: 'package_hash_example', package_provider: 'package_provider_example', package_source: 'package_source_example', path: 'path_example', product: 'product_example', software_architecture: 'software_architecture_example', type: 'type_example', vendor: 'vendor_example'})], os_version: 'os_version_example'})}) # ModelsSnapshotInventoryPayload |
+
+begin
+ # Create inventory from data received from snapshot
+ result = api_instance.create_inventory(body)
+ p result
+rescue Falcon::ApiError => e
+ puts "Error when calling InventoriesApi->create_inventory: #{e}"
+end
+```
+
+#### Using the create_inventory_with_http_info variant
+
+This returns an Array which contains the response data, status code and headers.
+
+> , Integer, Hash)> create_inventory_with_http_info(body)
+
+```ruby
+begin
+ # Create inventory from data received from snapshot
+ data, status_code, headers = api_instance.create_inventory_with_http_info(body)
+ p status_code # => 2xx
+ p headers # => { ... }
+ p data # =>
+rescue Falcon::ApiError => e
+ puts "Error when calling InventoriesApi->create_inventory_with_http_info: #{e}"
+end
+```
+
+### Parameters
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **body** | [**ModelsSnapshotInventoryPayload**](ModelsSnapshotInventoryPayload.md) | | |
+
+### Return type
+
+[**CommonEntitiesResponse**](CommonEntitiesResponse.md)
+
+### Authorization
+
+**oauth2**
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
diff --git a/docs/ModelsCredentials.md b/docs/ModelsCredentials.md
new file mode 100644
index 00000000..70214f3e
--- /dev/null
+++ b/docs/ModelsCredentials.md
@@ -0,0 +1,18 @@
+# Falcon::ModelsCredentials
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **token** | **String** | | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::ModelsCredentials.new(
+ token: null
+)
+```
+
diff --git a/docs/ModelsExtAPIImageCombined.md b/docs/ModelsExtAPIImageCombined.md
new file mode 100644
index 00000000..e6b9e916
--- /dev/null
+++ b/docs/ModelsExtAPIImageCombined.md
@@ -0,0 +1,54 @@
+# Falcon::ModelsExtAPIImageCombined
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **base_os** | **String** | | |
+| **cid** | **String** | | |
+| **containers** | **Integer** | | |
+| **detections** | **Integer** | | |
+| **first_seen** | **String** | | |
+| **highest_detection_severity** | **String** | | |
+| **highest_vulnerability_severity** | **String** | | |
+| **image_digest** | **String** | | |
+| **image_id** | **String** | | |
+| **last_seen** | **String** | | |
+| **layers_with_vulnerabilities** | **Integer** | | |
+| **packages** | **Integer** | | |
+| **registry** | **String** | | |
+| **report_url_by_id_and_digest** | **String** | | |
+| **report_url_by_repo_and_tag** | **String** | | |
+| **repository** | **String** | | |
+| **tag** | **String** | | |
+| **vulnerabilities** | **Integer** | | |
+| **warning** | **Integer** | | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::ModelsExtAPIImageCombined.new(
+ base_os: null,
+ cid: null,
+ containers: null,
+ detections: null,
+ first_seen: null,
+ highest_detection_severity: null,
+ highest_vulnerability_severity: null,
+ image_digest: null,
+ image_id: null,
+ last_seen: null,
+ layers_with_vulnerabilities: null,
+ packages: null,
+ registry: null,
+ report_url_by_id_and_digest: null,
+ report_url_by_repo_and_tag: null,
+ repository: null,
+ tag: null,
+ vulnerabilities: null,
+ warning: null
+)
+```
+
diff --git a/docs/ModelsJobMetaData.md b/docs/ModelsJobMetaData.md
new file mode 100644
index 00000000..14c01906
--- /dev/null
+++ b/docs/ModelsJobMetaData.md
@@ -0,0 +1,32 @@
+# Falcon::ModelsJobMetaData
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **cloud_provider** | **String** | | |
+| **instance_id** | **String** | | |
+| **job_end_time** | **Time** | | |
+| **job_id** | **String** | | |
+| **job_start_time** | **Time** | | |
+| **message** | **String** | | |
+| **scanner_version** | **String** | | |
+| **status** | **String** | | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::ModelsJobMetaData.new(
+ cloud_provider: null,
+ instance_id: null,
+ job_end_time: null,
+ job_id: null,
+ job_start_time: null,
+ message: null,
+ scanner_version: null,
+ status: null
+)
+```
+
diff --git a/docs/ModelsRegistryCredentialsResponse.md b/docs/ModelsRegistryCredentialsResponse.md
new file mode 100644
index 00000000..74db838a
--- /dev/null
+++ b/docs/ModelsRegistryCredentialsResponse.md
@@ -0,0 +1,22 @@
+# Falcon::ModelsRegistryCredentialsResponse
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **errors** | [**Array<MsaspecError>**](MsaspecError.md) | | |
+| **meta** | [**MsaspecMetaInfo**](MsaspecMetaInfo.md) | | |
+| **resources** | [**Array<ModelsCredentials>**](ModelsCredentials.md) | | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::ModelsRegistryCredentialsResponse.new(
+ errors: null,
+ meta: null,
+ resources: null
+)
+```
+
diff --git a/docs/ModelsScanResults.md b/docs/ModelsScanResults.md
new file mode 100644
index 00000000..2cca7443
--- /dev/null
+++ b/docs/ModelsScanResults.md
@@ -0,0 +1,20 @@
+# Falcon::ModelsScanResults
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **applications** | [**Array<ModelsSnapshotInventoryApplication>**](ModelsSnapshotInventoryApplication.md) | | |
+| **os_version** | **String** | | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::ModelsScanResults.new(
+ applications: null,
+ os_version: null
+)
+```
+
diff --git a/docs/ModelsSnapshotInventoryApplication.md b/docs/ModelsSnapshotInventoryApplication.md
new file mode 100644
index 00000000..f838e3e9
--- /dev/null
+++ b/docs/ModelsSnapshotInventoryApplication.md
@@ -0,0 +1,34 @@
+# Falcon::ModelsSnapshotInventoryApplication
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **major_version** | **String** | | |
+| **package_hash** | **String** | | |
+| **package_provider** | **String** | | |
+| **package_source** | **String** | | |
+| **path** | **String** | | |
+| **product** | **String** | | |
+| **software_architecture** | **String** | | |
+| **type** | **String** | | |
+| **vendor** | **String** | | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::ModelsSnapshotInventoryApplication.new(
+ major_version: null,
+ package_hash: null,
+ package_provider: null,
+ package_source: null,
+ path: null,
+ product: null,
+ software_architecture: null,
+ type: null,
+ vendor: null
+)
+```
+
diff --git a/docs/ModelsSnapshotInventoryPayload.md b/docs/ModelsSnapshotInventoryPayload.md
new file mode 100644
index 00000000..17bd6418
--- /dev/null
+++ b/docs/ModelsSnapshotInventoryPayload.md
@@ -0,0 +1,20 @@
+# Falcon::ModelsSnapshotInventoryPayload
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **job_metadata** | [**ModelsJobMetaData**](ModelsJobMetaData.md) | | |
+| **results** | [**ModelsScanResults**](ModelsScanResults.md) | | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::ModelsSnapshotInventoryPayload.new(
+ job_metadata: null,
+ results: null
+)
+```
+
diff --git a/docs/MsspApi.md b/docs/MsspApi.md
index eb3ee625..f1be55f9 100644
--- a/docs/MsspApi.md
+++ b/docs/MsspApi.md
@@ -9,7 +9,8 @@ All URIs are relative to *https://api.crowdstrike.com*
| [**add_user_group_members**](MsspApi.md#add_user_group_members) | **POST** /mssp/entities/user-group-members/v1 | Add new user group member. Maximum 500 members allowed per user group. |
| [**create_cid_groups**](MsspApi.md#create_cid_groups) | **POST** /mssp/entities/cid-groups/v1 | Create new CID groups. Name is a required field but description is an optional field. Maximum 500 CID groups allowed. |
| [**create_user_groups**](MsspApi.md#create_user_groups) | **POST** /mssp/entities/user-groups/v1 | Create new user groups. Name is a required field but description is an optional field. Maximum 500 user groups allowed per customer. |
-| [**delete_cid_group_members**](MsspApi.md#delete_cid_group_members) | **DELETE** /mssp/entities/cid-group-members/v1 | Delete CID group members. |
+| [**delete_cid_group_members**](MsspApi.md#delete_cid_group_members) | **DELETE** /mssp/entities/cid-group-members/v1 | Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members. |
+| [**delete_cid_group_members_v2**](MsspApi.md#delete_cid_group_members_v2) | **DELETE** /mssp/entities/cid-group-members/v2 | Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group. |
| [**delete_cid_groups**](MsspApi.md#delete_cid_groups) | **DELETE** /mssp/entities/cid-groups/v1 | Delete CID groups by ID. |
| [**delete_user_group_members**](MsspApi.md#delete_user_group_members) | **DELETE** /mssp/entities/user-group-members/v1 | Delete user group members entry. |
| [**delete_user_groups**](MsspApi.md#delete_user_groups) | **DELETE** /mssp/entities/user-groups/v1 | Delete user groups by ID. |
@@ -262,7 +263,7 @@ Falcon.configure do |config|
end
api_instance = Falcon::MsspApi.new
-body = Falcon::DomainCIDGroupsRequestV1.new({resources: [Falcon::DomainCIDGroup.new({description: 'description_example', name: 'name_example'})]}) # DomainCIDGroupsRequestV1 | Only 'name' and/or 'description' fields are required. Remaining are assigned by the system.
+body = Falcon::DomainCIDGroupsRequestV1.new({resources: [Falcon::DomainCIDGroup.new({cid_group_id: 'cid_group_id_example', name: 'name_example'})]}) # DomainCIDGroupsRequestV1 | Only 'name' and/or 'description' fields are required. Remaining are assigned by the system.
begin
# Create new CID groups. Name is a required field but description is an optional field. Maximum 500 CID groups allowed.
@@ -384,7 +385,7 @@ end
> delete_cid_group_members(body)
-Delete CID group members.
+Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members.
### Examples
@@ -403,7 +404,7 @@ api_instance = Falcon::MsspApi.new
body = Falcon::DomainCIDGroupMembersRequestV1.new({resources: [Falcon::DomainCIDGroupMembers.new({cid_group_id: 'cid_group_id_example', cids: ['cids_example']})]}) # DomainCIDGroupMembersRequestV1 | Both 'cid_group_id' and 'cids' fields are required.
begin
- # Delete CID group members.
+ # Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members.
result = api_instance.delete_cid_group_members(body)
p result
rescue Falcon::ApiError => e
@@ -419,7 +420,7 @@ This returns an Array which contains the response data, status code and headers.
```ruby
begin
- # Delete CID group members.
+ # Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members.
data, status_code, headers = api_instance.delete_cid_group_members_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
@@ -449,6 +450,75 @@ end
- **Accept**: application/json
+## delete_cid_group_members_v2
+
+> delete_cid_group_members_v2(body)
+
+Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group.
+
+### Examples
+
+```ruby
+require 'time'
+require 'crimson-falcon'
+
+# Setup authorization
+Falcon.configure do |config|
+ config.client_id = "Your_Client_ID"
+ config.client_secret = "Your_Client_Secret"
+ config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
+end
+
+api_instance = Falcon::MsspApi.new
+body = Falcon::DomainCIDGroupMembersRequestV1.new({resources: [Falcon::DomainCIDGroupMembers.new({cid_group_id: 'cid_group_id_example', cids: ['cids_example']})]}) # DomainCIDGroupMembersRequestV1 | Both 'cid_group_id' and 'cids' fields are required.
+
+begin
+ # Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group.
+ result = api_instance.delete_cid_group_members_v2(body)
+ p result
+rescue Falcon::ApiError => e
+ puts "Error when calling MsspApi->delete_cid_group_members_v2: #{e}"
+end
+```
+
+#### Using the delete_cid_group_members_v2_with_http_info variant
+
+This returns an Array which contains the response data, status code and headers.
+
+> , Integer, Hash)> delete_cid_group_members_v2_with_http_info(body)
+
+```ruby
+begin
+ # Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group.
+ data, status_code, headers = api_instance.delete_cid_group_members_v2_with_http_info(body)
+ p status_code # => 2xx
+ p headers # => { ... }
+ p data # =>
+rescue Falcon::ApiError => e
+ puts "Error when calling MsspApi->delete_cid_group_members_v2_with_http_info: #{e}"
+end
+```
+
+### Parameters
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **body** | [**DomainCIDGroupMembersRequestV1**](DomainCIDGroupMembersRequestV1.md) | Both 'cid_group_id' and 'cids' fields are required. | |
+
+### Return type
+
+[**DomainCIDGroupMembersResponseV1**](DomainCIDGroupMembersResponseV1.md)
+
+### Authorization
+
+**oauth2**
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+
## delete_cid_groups
> delete_cid_groups(cid_group_ids)
@@ -1970,7 +2040,7 @@ Falcon.configure do |config|
end
api_instance = Falcon::MsspApi.new
-body = Falcon::DomainCIDGroupsRequestV1.new({resources: [Falcon::DomainCIDGroup.new({description: 'description_example', name: 'name_example'})]}) # DomainCIDGroupsRequestV1 | 'cid_group_id' field is required to identify the CID group to update along with 'name' and/or 'description' fields to be updated.
+body = Falcon::DomainCIDGroupsRequestV1.new({resources: [Falcon::DomainCIDGroup.new({cid_group_id: 'cid_group_id_example', name: 'name_example'})]}) # DomainCIDGroupsRequestV1 | 'cid_group_id' field is required to identify the CID group to update along with 'name' and/or 'description' fields to be updated.
begin
# Update existing CID groups. CID group ID is expected for each CID group definition provided in request body. Name is a required field but description is an optional field. Empty description will override existing value. CID group member(s) remain unaffected.
diff --git a/docs/ProvisionApi.md b/docs/ProvisionApi.md
new file mode 100644
index 00000000..b76a6b0a
--- /dev/null
+++ b/docs/ProvisionApi.md
@@ -0,0 +1,74 @@
+# Falcon::ProvisionApi
+
+All URIs are relative to *https://api.crowdstrike.com*
+
+| Method | HTTP request | Description |
+| ------ | ------------ | ----------- |
+| [**get_credentials_mixin0**](ProvisionApi.md#get_credentials_mixin0) | **GET** /snapshots/entities/image-registry-credentials/v1 | Gets the registry credentials |
+
+
+## get_credentials_mixin0
+
+> get_credentials_mixin0
+
+Gets the registry credentials
+
+### Examples
+
+```ruby
+require 'time'
+require 'crimson-falcon'
+
+# Setup authorization
+Falcon.configure do |config|
+ config.client_id = "Your_Client_ID"
+ config.client_secret = "Your_Client_Secret"
+ config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
+end
+
+api_instance = Falcon::ProvisionApi.new
+
+begin
+ # Gets the registry credentials
+ result = api_instance.get_credentials_mixin0
+ p result
+rescue Falcon::ApiError => e
+ puts "Error when calling ProvisionApi->get_credentials_mixin0: #{e}"
+end
+```
+
+#### Using the get_credentials_mixin0_with_http_info variant
+
+This returns an Array which contains the response data, status code and headers.
+
+> , Integer, Hash)> get_credentials_mixin0_with_http_info
+
+```ruby
+begin
+ # Gets the registry credentials
+ data, status_code, headers = api_instance.get_credentials_mixin0_with_http_info
+ p status_code # => 2xx
+ p headers # => { ... }
+ p data # =>
+rescue Falcon::ApiError => e
+ puts "Error when calling ProvisionApi->get_credentials_mixin0_with_http_info: #{e}"
+end
+```
+
+### Parameters
+
+This endpoint does not need any parameter.
+
+### Return type
+
+[**ModelsRegistryCredentialsResponse**](ModelsRegistryCredentialsResponse.md)
+
+### Authorization
+
+**oauth2**
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
diff --git a/docs/PublicACL.md b/docs/PublicACL.md
index 5ad40381..5c48722a 100644
--- a/docs/PublicACL.md
+++ b/docs/PublicACL.md
@@ -4,7 +4,7 @@
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **acl_permission_change** | [**Array<PublicBasic>**](PublicBasic.md) | | [optional] |
+| **acl_permission_change** | [**Array<PublicACLChange>**](PublicACLChange.md) | | [optional] |
| **entity** | **String** | | [optional] |
| **entity_id** | **String** | | [optional] |
| **entity_name** | **String** | | [optional] |
diff --git a/docs/PublicACLChange.md b/docs/PublicACLChange.md
new file mode 100644
index 00000000..2a6d2ea2
--- /dev/null
+++ b/docs/PublicACLChange.md
@@ -0,0 +1,20 @@
+# Falcon::PublicACLChange
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **operation** | **String** | | [optional] |
+| **permissions** | **String** | | [optional] |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::PublicACLChange.new(
+ operation: null,
+ permissions: null
+)
+```
+
diff --git a/docs/ReconApi.md b/docs/ReconApi.md
index 522fe664..18d14d34 100644
--- a/docs/ReconApi.md
+++ b/docs/ReconApi.md
@@ -1752,7 +1752,7 @@ Falcon.configure do |config|
end
api_instance = Falcon::ReconApi.new
-body = [Falcon::DomainUpdateNotificationRequestV1.new({assigned_to_uuid: 'assigned_to_uuid_example', id: 'id_example', status: 'status_example'})] # Array |
+body = [Falcon::DomainUpdateNotificationRequestV1.new({assigned_to_uuid: 'assigned_to_uuid_example', id: 'id_example', idp_send_status: 'idp_send_status_example', message: 'message_example', status: 'status_example'})] # Array |
begin
# Update notification status or assignee. Accepts bulk requests
diff --git a/docs/RegistrationAzureAccountV1Ext.md b/docs/RegistrationAzureAccountV1Ext.md
index ba91af8a..196d02ce 100644
--- a/docs/RegistrationAzureAccountV1Ext.md
+++ b/docs/RegistrationAzureAccountV1Ext.md
@@ -12,10 +12,12 @@
| **azure_permissions_status** | [**Array<DomainPermission>**](DomainPermission.md) | Permissions status returned via API. | |
| **cid** | **String** | | |
| **client_id** | **String** | | [optional] |
+| **cloud_scopes** | [**Array<DomainCloudScope>**](DomainCloudScope.md) | | [optional] |
| **conditions** | [**Array<DomainCondition>**](DomainCondition.md) | | [optional] |
| **credentials_end_date** | **Time** | | [optional] |
| **credentials_type** | **String** | | [optional] |
| **default_subscription_id** | **String** | Default Azure Subscription ID to provision shared IOA infrastructure. | [optional] |
+| **environment** | **String** | | [optional] |
| **object_id** | **String** | | [optional] |
| **public_certificate** | **String** | | [optional] |
| **public_certificate_raw** | **String** | | [optional] |
@@ -23,6 +25,7 @@
| **show_modal** | **Boolean** | Whether to show modal on the UI instructing existing D4C Azure customer to reregister subscriptions for CSPM. | |
| **status** | **String** | Account registration status. | [optional] |
| **subscription_id** | **String** | Azure Subscription ID. | [optional] |
+| **subscription_name** | **String** | Azure Subscription Name. | [optional] |
| **tenant_id** | **String** | Azure Tenant ID to use. | [optional] |
| **years_valid** | **Integer** | | [optional] |
@@ -40,10 +43,12 @@ instance = Falcon::RegistrationAzureAccountV1Ext.new(
azure_permissions_status: null,
cid: null,
client_id: null,
+ cloud_scopes: null,
conditions: null,
credentials_end_date: null,
credentials_type: null,
default_subscription_id: null,
+ environment: null,
object_id: null,
public_certificate: null,
public_certificate_raw: null,
@@ -51,6 +56,7 @@ instance = Falcon::RegistrationAzureAccountV1Ext.new(
show_modal: null,
status: null,
subscription_id: null,
+ subscription_name: null,
tenant_id: null,
years_valid: null
)
diff --git a/docs/RegistrationIOAEvent.md b/docs/RegistrationIOAEvent.md
index 3e4e3e24..a622b817 100644
--- a/docs/RegistrationIOAEvent.md
+++ b/docs/RegistrationIOAEvent.md
@@ -27,9 +27,9 @@
| **read_only** | **Boolean** | | [optional] |
| **recipient_account_id** | **String** | | [optional] |
| **request_id** | **String** | | [optional] |
-| **request_parameters** | **String** | | [optional] |
-| **resources** | **String** | | [optional] |
-| **response_elements** | **String** | | [optional] |
+| **request_parameters** | **Object** | | [optional] |
+| **resources** | **Array<Object>** | | [optional] |
+| **response_elements** | **Object** | | [optional] |
| **service** | **String** | | |
| **service_event_details** | **String** | | [optional] |
| **severity** | **String** | | |
@@ -38,7 +38,7 @@
| **state** | **String** | | |
| **user_agent** | **String** | | [optional] |
| **user_id** | **String** | | [optional] |
-| **user_identity** | **String** | | [optional] |
+| **user_identity** | **Object** | | [optional] |
| **vertex_id** | **String** | | |
| **vertex_type** | **String** | | |
| **vpc_endpoint_id** | **String** | | [optional] |
diff --git a/docs/RegistrationIOMEventV2.md b/docs/RegistrationIOMEventV2.md
index 5ae4e6f1..31f48038 100644
--- a/docs/RegistrationIOMEventV2.md
+++ b/docs/RegistrationIOMEventV2.md
@@ -9,7 +9,9 @@
| **agent_id** | **String** | | [optional] |
| **azure_tenant_id** | **String** | | [optional] |
| **cid** | **String** | | |
+| **cloud_labels** | [**Array<ClassificationLabel>**](ClassificationLabel.md) | | [optional] |
| **cloud_provider** | **String** | | |
+| **cloud_scopes** | [**Array<DomainCloudScope>**](DomainCloudScope.md) | | [optional] |
| **custom_policy_id** | **Integer** | | [optional] |
| **finding** | **Object** | | |
| **id** | **String** | | |
@@ -44,7 +46,9 @@ instance = Falcon::RegistrationIOMEventV2.new(
agent_id: null,
azure_tenant_id: null,
cid: null,
+ cloud_labels: null,
cloud_provider: null,
+ cloud_scopes: null,
custom_policy_id: null,
finding: null,
id: null,
diff --git a/docs/SadomainNotificationLog.md b/docs/SadomainNotificationLog.md
new file mode 100644
index 00000000..cfc9bf62
--- /dev/null
+++ b/docs/SadomainNotificationLog.md
@@ -0,0 +1,36 @@
+# Falcon::SadomainNotificationLog
+
+## Properties
+
+| Name | Type | Description | Notes |
+| ---- | ---- | ----------- | ----- |
+| **action** | **String** | | |
+| **cid** | **String** | | |
+| **created_date** | **Time** | | |
+| **details** | **String** | | |
+| **id** | **String** | | |
+| **message** | **String** | | |
+| **notification_id** | **String** | | |
+| **user_email** | **String** | | |
+| **user_uuid** | **String** | | |
+| **username** | **String** | | |
+
+## Example
+
+```ruby
+require 'crimson-falcon'
+
+instance = Falcon::SadomainNotificationLog.new(
+ action: null,
+ cid: null,
+ created_date: null,
+ details: null,
+ id: null,
+ message: null,
+ notification_id: null,
+ user_email: null,
+ user_uuid: null,
+ username: null
+)
+```
+
diff --git a/docs/ThreatgraphCrawlEdgesRequest.md b/docs/ThreatgraphCrawlEdgesRequest.md
deleted file mode 100644
index 3ed859bc..00000000
--- a/docs/ThreatgraphCrawlEdgesRequest.md
+++ /dev/null
@@ -1,28 +0,0 @@
-# Falcon::ThreatgraphCrawlEdgesRequest
-
-## Properties
-
-| Name | Type | Description | Notes |
-| ---- | ---- | ----------- | ----- |
-| **edge_direction** | **String** | | |
-| **edge_type** | **String** | | |
-| **limit** | **Integer** | | |
-| **next_requests** | [**Array<ThreatgraphCrawlEdgesRequest>**](ThreatgraphCrawlEdgesRequest.md) | | [optional] |
-| **scope** | **String** | | |
-| **sort_descending** | **Boolean** | | [optional] |
-
-## Example
-
-```ruby
-require 'crimson-falcon'
-
-instance = Falcon::ThreatgraphCrawlEdgesRequest.new(
- edge_direction: null,
- edge_type: null,
- limit: null,
- next_requests: null,
- scope: null,
- sort_descending: null
-)
-```
-
diff --git a/docs/UserManagementApi.md b/docs/UserManagementApi.md
index 3904236b..93a05962 100644
--- a/docs/UserManagementApi.md
+++ b/docs/UserManagementApi.md
@@ -1463,7 +1463,7 @@ Falcon.configure do |config|
end
api_instance = Falcon::UserManagementApi.new
-body = Falcon::DomainUserActionRequest.new({action: Falcon::DomainUserAction.new, ids: ['ids_example']}) # DomainUserActionRequest | User UUIDs and Action Name params are required. Allowed values for Action Name param includes 'reset_2fa' and 'reset_password'
+body = Falcon::DomainUserActionRequest.new({action: Falcon::DomainUserAction.new({action_name: 'reset_password'}), ids: ['ids_example']}) # DomainUserActionRequest | User UUIDs and Action Name params are required. Allowed values for Action Name param includes 'reset_2fa' and 'reset_password'
begin
# Apply actions to one or more User. Available action names: reset_2fa, reset_password. User UUIDs can be provided in `ids` param as part of request payload.
diff --git a/docs/SpotlightVulnerabilitiesApi.md b/docs/VulnerabilitiesApi.md
similarity index 65%
rename from docs/SpotlightVulnerabilitiesApi.md
rename to docs/VulnerabilitiesApi.md
index 6e6b7c5e..6fcb0ad3 100644
--- a/docs/SpotlightVulnerabilitiesApi.md
+++ b/docs/VulnerabilitiesApi.md
@@ -1,13 +1,13 @@
-# Falcon::SpotlightVulnerabilitiesApi
+# Falcon::VulnerabilitiesApi
All URIs are relative to *https://api.crowdstrike.com*
| Method | HTTP request | Description |
| ------ | ------------ | ----------- |
-| [**combined_query_vulnerabilities**](SpotlightVulnerabilitiesApi.md#combined_query_vulnerabilities) | **GET** /spotlight/combined/vulnerabilities/v1 | Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria |
-| [**get_remediations_v2**](SpotlightVulnerabilitiesApi.md#get_remediations_v2) | **GET** /spotlight/entities/remediations/v2 | Get details on remediation by providing one or more IDs |
-| [**get_vulnerabilities**](SpotlightVulnerabilitiesApi.md#get_vulnerabilities) | **GET** /spotlight/entities/vulnerabilities/v2 | Get details on vulnerabilities by providing one or more IDs |
-| [**query_vulnerabilities**](SpotlightVulnerabilitiesApi.md#query_vulnerabilities) | **GET** /spotlight/queries/vulnerabilities/v1 | Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria |
+| [**combined_query_vulnerabilities**](VulnerabilitiesApi.md#combined_query_vulnerabilities) | **GET** /spotlight/combined/vulnerabilities/v1 | Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria |
+| [**get_remediations_v2**](VulnerabilitiesApi.md#get_remediations_v2) | **GET** /spotlight/entities/remediations/v2 | Get details on remediation by providing one or more IDs |
+| [**get_vulnerabilities**](VulnerabilitiesApi.md#get_vulnerabilities) | **GET** /spotlight/entities/vulnerabilities/v2 | Get details on vulnerabilities by providing one or more IDs |
+| [**query_vulnerabilities**](VulnerabilitiesApi.md#query_vulnerabilities) | **GET** /spotlight/queries/vulnerabilities/v1 | Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria |
## combined_query_vulnerabilities
@@ -29,8 +29,8 @@ Falcon.configure do |config|
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
-api_instance = Falcon::SpotlightVulnerabilitiesApi.new
-filter = 'filter_example' # String | Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: - created_timestamp:>'2019-11-25T22:36:12Z'
- closed_timestamp:>'2019-11-25T22:36:12Z'
- aid:'8e7656b27d8c49a34a1af416424d6231'
+api_instance = Falcon::VulnerabilitiesApi.new
+filter = 'filter_example' # String | Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp
opts = {
after: 'after_example', # String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.
limit: 56, # Integer | The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.
@@ -43,7 +43,7 @@ begin
result = api_instance.combined_query_vulnerabilities(filter, opts)
p result
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightVulnerabilitiesApi->combined_query_vulnerabilities: #{e}"
+ puts "Error when calling VulnerabilitiesApi->combined_query_vulnerabilities: #{e}"
end
```
@@ -61,7 +61,7 @@ begin
p headers # => { ... }
p data # =>
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightVulnerabilitiesApi->combined_query_vulnerabilities_with_http_info: #{e}"
+ puts "Error when calling VulnerabilitiesApi->combined_query_vulnerabilities_with_http_info: #{e}"
end
```
@@ -69,7 +69,7 @@ end
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **filter** | **String** | Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul> | |
+| **filter** | **String** | Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp | |
| **after** | **String** | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. | [optional] |
| **limit** | **Integer** | The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results. | [optional] |
| **sort** | **String** | Sort vulnerabilities by their properties. Common sort options include: <ul><li>updated_timestamp|asc</li><li>closed_timestamp|asc</li></ul> | [optional] |
@@ -108,7 +108,7 @@ Falcon.configure do |config|
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
-api_instance = Falcon::SpotlightVulnerabilitiesApi.new
+api_instance = Falcon::VulnerabilitiesApi.new
ids = ['inner_example'] # Array | One or more remediation IDs
begin
@@ -116,7 +116,7 @@ begin
result = api_instance.get_remediations_v2(ids)
p result
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightVulnerabilitiesApi->get_remediations_v2: #{e}"
+ puts "Error when calling VulnerabilitiesApi->get_remediations_v2: #{e}"
end
```
@@ -134,7 +134,7 @@ begin
p headers # => { ... }
p data # =>
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightVulnerabilitiesApi->get_remediations_v2_with_http_info: #{e}"
+ puts "Error when calling VulnerabilitiesApi->get_remediations_v2_with_http_info: #{e}"
end
```
@@ -177,7 +177,7 @@ Falcon.configure do |config|
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
-api_instance = Falcon::SpotlightVulnerabilitiesApi.new
+api_instance = Falcon::VulnerabilitiesApi.new
ids = ['inner_example'] # Array | One or more vulnerability IDs (max: 400). Find vulnerability IDs with GET /spotlight/queries/vulnerabilities/v1
begin
@@ -185,7 +185,7 @@ begin
result = api_instance.get_vulnerabilities(ids)
p result
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightVulnerabilitiesApi->get_vulnerabilities: #{e}"
+ puts "Error when calling VulnerabilitiesApi->get_vulnerabilities: #{e}"
end
```
@@ -203,7 +203,7 @@ begin
p headers # => { ... }
p data # =>
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightVulnerabilitiesApi->get_vulnerabilities_with_http_info: #{e}"
+ puts "Error when calling VulnerabilitiesApi->get_vulnerabilities_with_http_info: #{e}"
end
```
@@ -246,12 +246,12 @@ Falcon.configure do |config|
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
-api_instance = Falcon::SpotlightVulnerabilitiesApi.new
-filter = 'filter_example' # String | Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: - created_timestamp:>'2019-11-25T22:36:12Z'
- closed_timestamp:>'2019-11-25T22:36:12Z'
- aid:'8e7656b27d8c49a34a1af416424d6231'
+api_instance = Falcon::VulnerabilitiesApi.new
+filter = 'filter_example' # String | Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp
opts = {
after: 'after_example', # String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.
limit: 56, # Integer | The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results.
- sort: 'sort_example' # String | Sort vulnerabilities by their properties. Common sort options include: - updated_timestamp|asc
- closed_timestamp|asc
+ sort: 'sort_example' # String | Sort vulnerabilities by their properties. Available sort options: - updated_timestamp|asc/desc
- closed_timestamp|asc
- updated_timestamp|asc/desc
. Can be used in a format |asc for ascending order or |desc for descending order.
}
begin
@@ -259,7 +259,7 @@ begin
result = api_instance.query_vulnerabilities(filter, opts)
p result
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightVulnerabilitiesApi->query_vulnerabilities: #{e}"
+ puts "Error when calling VulnerabilitiesApi->query_vulnerabilities: #{e}"
end
```
@@ -277,7 +277,7 @@ begin
p headers # => { ... }
p data # =>
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightVulnerabilitiesApi->query_vulnerabilities_with_http_info: #{e}"
+ puts "Error when calling VulnerabilitiesApi->query_vulnerabilities_with_http_info: #{e}"
end
```
@@ -285,10 +285,10 @@ end
| Name | Type | Description | Notes |
| ---- | ---- | ----------- | ----- |
-| **filter** | **String** | Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul> | |
+| **filter** | **String** | Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp | |
| **after** | **String** | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. | [optional] |
| **limit** | **Integer** | The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results. | [optional] |
-| **sort** | **String** | Sort vulnerabilities by their properties. Common sort options include: <ul><li>updated_timestamp|asc</li><li>closed_timestamp|asc</li></ul> | [optional] |
+| **sort** | **String** | Sort vulnerabilities by their properties. Available sort options: <ul><li>updated_timestamp|asc/desc</li><li>closed_timestamp|asc</li><li>updated_timestamp|asc/desc</li></ul>. Can be used in a format <field>|asc for ascending order or <field>|desc for descending order. | [optional] |
### Return type
diff --git a/docs/SpotlightEvaluationLogicApi.md b/docs/VulnerabilitiesEvaluationLogicApi.md
similarity index 82%
rename from docs/SpotlightEvaluationLogicApi.md
rename to docs/VulnerabilitiesEvaluationLogicApi.md
index 5b368d53..bcc38933 100644
--- a/docs/SpotlightEvaluationLogicApi.md
+++ b/docs/VulnerabilitiesEvaluationLogicApi.md
@@ -1,12 +1,12 @@
-# Falcon::SpotlightEvaluationLogicApi
+# Falcon::VulnerabilitiesEvaluationLogicApi
All URIs are relative to *https://api.crowdstrike.com*
| Method | HTTP request | Description |
| ------ | ------------ | ----------- |
-| [**combined_query_evaluation_logic**](SpotlightEvaluationLogicApi.md#combined_query_evaluation_logic) | **GET** /spotlight/combined/evaluation-logic/v1 | Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria. |
-| [**get_evaluation_logic**](SpotlightEvaluationLogicApi.md#get_evaluation_logic) | **GET** /spotlight/entities/evaluation-logic/v1 | Get details on evaluation logic items by providing one or more IDs. |
-| [**query_evaluation_logic**](SpotlightEvaluationLogicApi.md#query_evaluation_logic) | **GET** /spotlight/queries/evaluation-logic/v1 | Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria. |
+| [**combined_query_evaluation_logic**](VulnerabilitiesEvaluationLogicApi.md#combined_query_evaluation_logic) | **GET** /spotlight/combined/evaluation-logic/v1 | Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria. |
+| [**get_evaluation_logic**](VulnerabilitiesEvaluationLogicApi.md#get_evaluation_logic) | **GET** /spotlight/entities/evaluation-logic/v1 | Get details on evaluation logic items by providing one or more IDs. |
+| [**query_evaluation_logic**](VulnerabilitiesEvaluationLogicApi.md#query_evaluation_logic) | **GET** /spotlight/queries/evaluation-logic/v1 | Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria. |
## combined_query_evaluation_logic
@@ -28,7 +28,7 @@ Falcon.configure do |config|
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
-api_instance = Falcon::SpotlightEvaluationLogicApi.new
+api_instance = Falcon::VulnerabilitiesEvaluationLogicApi.new
filter = 'filter_example' # String | FQL query specifying the filter parameters.
opts = {
after: 'after_example', # String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.
@@ -41,7 +41,7 @@ begin
result = api_instance.combined_query_evaluation_logic(filter, opts)
p result
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightEvaluationLogicApi->combined_query_evaluation_logic: #{e}"
+ puts "Error when calling VulnerabilitiesEvaluationLogicApi->combined_query_evaluation_logic: #{e}"
end
```
@@ -59,7 +59,7 @@ begin
p headers # => { ... }
p data # =>
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightEvaluationLogicApi->combined_query_evaluation_logic_with_http_info: #{e}"
+ puts "Error when calling VulnerabilitiesEvaluationLogicApi->combined_query_evaluation_logic_with_http_info: #{e}"
end
```
@@ -105,7 +105,7 @@ Falcon.configure do |config|
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
-api_instance = Falcon::SpotlightEvaluationLogicApi.new
+api_instance = Falcon::VulnerabilitiesEvaluationLogicApi.new
ids = ['inner_example'] # Array | One or more evaluation logic IDs.
begin
@@ -113,7 +113,7 @@ begin
result = api_instance.get_evaluation_logic(ids)
p result
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightEvaluationLogicApi->get_evaluation_logic: #{e}"
+ puts "Error when calling VulnerabilitiesEvaluationLogicApi->get_evaluation_logic: #{e}"
end
```
@@ -131,7 +131,7 @@ begin
p headers # => { ... }
p data # =>
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightEvaluationLogicApi->get_evaluation_logic_with_http_info: #{e}"
+ puts "Error when calling VulnerabilitiesEvaluationLogicApi->get_evaluation_logic_with_http_info: #{e}"
end
```
@@ -174,7 +174,7 @@ Falcon.configure do |config|
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
-api_instance = Falcon::SpotlightEvaluationLogicApi.new
+api_instance = Falcon::VulnerabilitiesEvaluationLogicApi.new
filter = 'filter_example' # String | FQL query specifying the filter parameters.
opts = {
after: 'after_example', # String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.
@@ -187,7 +187,7 @@ begin
result = api_instance.query_evaluation_logic(filter, opts)
p result
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightEvaluationLogicApi->query_evaluation_logic: #{e}"
+ puts "Error when calling VulnerabilitiesEvaluationLogicApi->query_evaluation_logic: #{e}"
end
```
@@ -205,7 +205,7 @@ begin
p headers # => { ... }
p data # =>
rescue Falcon::ApiError => e
- puts "Error when calling SpotlightEvaluationLogicApi->query_evaluation_logic_with_http_info: #{e}"
+ puts "Error when calling VulnerabilitiesEvaluationLogicApi->query_evaluation_logic_with_http_info: #{e}"
end
```
diff --git a/lib/crimson-falcon.rb b/lib/crimson-falcon.rb
index 10cf87de..5cb44c97 100644
--- a/lib/crimson-falcon.rb
+++ b/lib/crimson-falcon.rb
@@ -86,6 +86,7 @@
require 'crimson-falcon/models/api_rule_v1'
require 'crimson-falcon/models/api_rules_get_request_v1'
require 'crimson-falcon/models/api_rules_response'
+require 'crimson-falcon/models/api_sensor_details_response_swagger'
require 'crimson-falcon/models/api_token_create_request_v1'
require 'crimson-falcon/models/api_token_details_resource_v1'
require 'crimson-falcon/models/api_token_details_response_v1'
@@ -99,6 +100,8 @@
require 'crimson-falcon/models/base_policy_members_resp_v1'
require 'crimson-falcon/models/base_set_policy_precedence_req_v1'
require 'crimson-falcon/models/binservapi_msa_put_file_response'
+require 'crimson-falcon/models/classification_criteria'
+require 'crimson-falcon/models/classification_label'
require 'crimson-falcon/models/client_archive_create_response_v1'
require 'crimson-falcon/models/client_archive_list_files_response_v1'
require 'crimson-falcon/models/client_archive_with_files_v1'
@@ -112,6 +115,7 @@
require 'crimson-falcon/models/client_sample_metadata_response_v2'
require 'crimson-falcon/models/client_sample_metadata_v2'
require 'crimson-falcon/models/common_cid_audit_result'
+require 'crimson-falcon/models/common_entities_response'
require 'crimson-falcon/models/common_os_audit'
require 'crimson-falcon/models/core_entities_response'
require 'crimson-falcon/models/detection_aggregate_indicator'
@@ -170,9 +174,12 @@
require 'crimson-falcon/models/deviceapi_update_device_tags_swagger_v1'
require 'crimson-falcon/models/domain_api_combined_findings_response_v1'
require 'crimson-falcon/models/domain_api_detection_document'
+require 'crimson-falcon/models/domain_api_entity_matched_v1'
require 'crimson-falcon/models/domain_api_error'
require 'crimson-falcon/models/domain_api_evaluation_logic_comparisons_v1'
+require 'crimson-falcon/models/domain_api_evaluation_logic_entities_response_v1'
require 'crimson-falcon/models/domain_api_evaluation_logic_entity_comparison_v1'
+require 'crimson-falcon/models/domain_api_evaluation_logic_host_info_v1'
require 'crimson-falcon/models/domain_api_evaluation_logic_item_v1'
require 'crimson-falcon/models/domain_api_evaluation_logic_state_comparison_v1'
require 'crimson-falcon/models/domain_api_evaluation_logic_v1'
@@ -191,6 +198,7 @@
require 'crimson-falcon/models/domain_api_vulnerability_app_v2'
require 'crimson-falcon/models/domain_api_vulnerability_cvecisa_info'
require 'crimson-falcon/models/domain_api_vulnerability_cve_details_facet_v2'
+require 'crimson-falcon/models/domain_api_vulnerability_data_provider_v1'
require 'crimson-falcon/models/domain_api_vulnerability_extended_app_v2'
require 'crimson-falcon/models/domain_api_vulnerability_host_facet_v2'
require 'crimson-falcon/models/domain_api_vulnerability_remediation_facet_v2'
@@ -212,7 +220,6 @@
require 'crimson-falcon/models/domain_aggregates_response'
require 'crimson-falcon/models/domain_assessment'
require 'crimson-falcon/models/domain_assessment_items'
-require 'crimson-falcon/models/domain_assessment_paging'
require 'crimson-falcon/models/domain_assessments_by_score_response'
require 'crimson-falcon/models/domain_assessments_response'
require 'crimson-falcon/models/domain_audit_response'
@@ -247,6 +254,8 @@
require 'crimson-falcon/models/domain_case_creation_request_v2'
require 'crimson-falcon/models/domain_child_link'
require 'crimson-falcon/models/domain_children_response_v1'
+require 'crimson-falcon/models/domain_cloud_accounts'
+require 'crimson-falcon/models/domain_cloud_scope'
require 'crimson-falcon/models/domain_command_execute_request'
require 'crimson-falcon/models/domain_command_execute_response'
require 'crimson-falcon/models/domain_command_execute_response_wrapper'
@@ -340,6 +349,7 @@
require 'crimson-falcon/models/domain_msa_external_incident_response'
require 'crimson-falcon/models/domain_msa_incident_perform_action_response'
require 'crimson-falcon/models/domain_msa_incident_query_response'
+require 'crimson-falcon/models/domain_msa_meta_info'
require 'crimson-falcon/models/domain_msa_qf_response'
require 'crimson-falcon/models/domain_multi_command_execute_response'
require 'crimson-falcon/models/domain_multi_command_execute_response_wrapper'
@@ -362,6 +372,7 @@
require 'crimson-falcon/models/domain_public_indicator_v3'
require 'crimson-falcon/models/domain_public_indicators_v3_response'
require 'crimson-falcon/models/domain_queries_patch_request'
+require 'crimson-falcon/models/domain_query_mitre_attacks_response'
require 'crimson-falcon/models/domain_query_response'
require 'crimson-falcon/models/domain_queued_session_command'
require 'crimson-falcon/models/domain_queued_session_job'
@@ -467,6 +478,7 @@
require 'crimson-falcon/models/falconx_actor_summary'
require 'crimson-falcon/models/falconx_associated_runtime'
require 'crimson-falcon/models/falconx_c2'
+require 'crimson-falcon/models/falconx_certificate'
require 'crimson-falcon/models/falconx_contacted_host'
require 'crimson-falcon/models/falconx_dns_request'
require 'crimson-falcon/models/falconx_entity'
@@ -474,8 +486,11 @@
require 'crimson-falcon/models/falconx_extracted_file'
require 'crimson-falcon/models/falconx_extracted_interesting_string'
require 'crimson-falcon/models/falconx_file_access'
+require 'crimson-falcon/models/falconx_file_data_directory'
require 'crimson-falcon/models/falconx_file_import'
require 'crimson-falcon/models/falconx_file_metadata'
+require 'crimson-falcon/models/falconx_file_resource'
+require 'crimson-falcon/models/falconx_file_section'
require 'crimson-falcon/models/falconx_http_request'
require 'crimson-falcon/models/falconx_handle'
require 'crimson-falcon/models/falconx_incident'
@@ -492,6 +507,7 @@
require 'crimson-falcon/models/falconx_memory_dump_data'
require 'crimson-falcon/models/falconx_memory_forensic'
require 'crimson-falcon/models/falconx_meta_info'
+require 'crimson-falcon/models/falconx_module'
require 'crimson-falcon/models/falconx_parameter'
require 'crimson-falcon/models/falconx_process'
require 'crimson-falcon/models/falconx_process_flag'
@@ -600,6 +616,8 @@
require 'crimson-falcon/models/host_groups_resp_v1'
require 'crimson-falcon/models/host_groups_update_group_req_v1'
require 'crimson-falcon/models/host_groups_update_groups_req_v1'
+require 'crimson-falcon/models/images_ext_combined_images_response'
+require 'crimson-falcon/models/internal_sensor_status'
require 'crimson-falcon/models/ioa_cloud_account_id'
require 'crimson-falcon/models/ioa_enrichments'
require 'crimson-falcon/models/ioa_event_aggregate'
@@ -694,9 +712,16 @@
require 'crimson-falcon/models/models_aws_account_access_health'
require 'crimson-falcon/models/models_base_response_v1'
require 'crimson-falcon/models/models_create_aws_accounts_v1'
+require 'crimson-falcon/models/models_credentials'
require 'crimson-falcon/models/models_customer_configurations_v1'
+require 'crimson-falcon/models/models_ext_api_image_combined'
+require 'crimson-falcon/models/models_job_meta_data'
require 'crimson-falcon/models/models_modify_aws_customer_settings_v1'
require 'crimson-falcon/models/models_package_info_type'
+require 'crimson-falcon/models/models_registry_credentials_response'
+require 'crimson-falcon/models/models_scan_results'
+require 'crimson-falcon/models/models_snapshot_inventory_application'
+require 'crimson-falcon/models/models_snapshot_inventory_payload'
require 'crimson-falcon/models/models_update_aws_accounts_v1'
require 'crimson-falcon/models/models_verify_access_response_v1'
require 'crimson-falcon/models/msa_api_error'
@@ -745,6 +770,7 @@
require 'crimson-falcon/models/processesapi_msa_process_detail_response'
require 'crimson-falcon/models/processesapi_process_detail'
require 'crimson-falcon/models/public_acl'
+require 'crimson-falcon/models/public_acl_change'
require 'crimson-falcon/models/public_after'
require 'crimson-falcon/models/public_attribute'
require 'crimson-falcon/models/public_basic'
@@ -830,6 +856,7 @@
require 'crimson-falcon/models/resources'
require 'crimson-falcon/models/sadomain_create_rule_request_v1'
require 'crimson-falcon/models/sadomain_customer_assets'
+require 'crimson-falcon/models/sadomain_notification_log'
require 'crimson-falcon/models/sadomain_rule'
require 'crimson-falcon/models/sadomain_submit_for_blocking_info'
require 'crimson-falcon/models/sadomain_typosquatting_base_domain'
@@ -871,7 +898,6 @@
require 'crimson-falcon/models/sv_exclusions_resp_v1'
require 'crimson-falcon/models/sv_exclusions_sv_exclusion_v1'
require 'crimson-falcon/models/sv_exclusions_update_req_v1'
-require 'crimson-falcon/models/threatgraph_crawl_edges_request'
require 'crimson-falcon/models/uninstall_token_resp_v1'
require 'crimson-falcon/models/uninstall_token_reveal_uninstall_token_req_v1'
require 'crimson-falcon/models/uninstall_token_uninstall_token_v1'
@@ -880,6 +906,8 @@
# APIs
require 'crimson-falcon/api/alerts_api'
require 'crimson-falcon/api/cloud_connect_aws_api'
+require 'crimson-falcon/api/configuration_assessment_api'
+require 'crimson-falcon/api/configuration_assessment_evaluation_logic_api'
require 'crimson-falcon/api/cspm_registration_api'
require 'crimson-falcon/api/custom_ioa_api'
require 'crimson-falcon/api/d4c_registration_api'
@@ -900,11 +928,13 @@
require 'crimson-falcon/api/firewall_policies_api'
require 'crimson-falcon/api/host_group_api'
require 'crimson-falcon/api/hosts_api'
+require 'crimson-falcon/api/identity_entities_api'
require 'crimson-falcon/api/identity_protection_api'
require 'crimson-falcon/api/incidents_api'
require 'crimson-falcon/api/installation_tokens_api'
require 'crimson-falcon/api/installation_tokens_settings_api'
require 'crimson-falcon/api/intel_api'
+require 'crimson-falcon/api/inventories_api'
require 'crimson-falcon/api/ioa_exclusions_api'
require 'crimson-falcon/api/ioc_api'
require 'crimson-falcon/api/iocs_api'
@@ -918,7 +948,7 @@
require 'crimson-falcon/api/ods_api'
require 'crimson-falcon/api/overwatch_dashboard_api'
require 'crimson-falcon/api/prevention_policies_api'
-require 'crimson-falcon/api/public_assessments_api'
+require 'crimson-falcon/api/provision_api'
require 'crimson-falcon/api/quarantine_api'
require 'crimson-falcon/api/quick_scan_api'
require 'crimson-falcon/api/real_time_response_api'
@@ -931,10 +961,10 @@
require 'crimson-falcon/api/sensor_download_api'
require 'crimson-falcon/api/sensor_update_policies_api'
require 'crimson-falcon/api/sensor_visibility_exclusions_api'
-require 'crimson-falcon/api/spotlight_evaluation_logic_api'
-require 'crimson-falcon/api/spotlight_vulnerabilities_api'
require 'crimson-falcon/api/tailored_intelligence_api'
require 'crimson-falcon/api/user_management_api'
+require 'crimson-falcon/api/vulnerabilities_api'
+require 'crimson-falcon/api/vulnerabilities_evaluation_logic_api'
require 'crimson-falcon/api/zero_trust_assessment_api'
module Falcon
diff --git a/lib/crimson-falcon/api/public_assessments_api.rb b/lib/crimson-falcon/api/configuration_assessment_api.rb
similarity index 88%
rename from lib/crimson-falcon/api/public_assessments_api.rb
rename to lib/crimson-falcon/api/configuration_assessment_api.rb
index d6d61cfd..e2c9358c 100644
--- a/lib/crimson-falcon/api/public_assessments_api.rb
+++ b/lib/crimson-falcon/api/configuration_assessment_api.rb
@@ -30,7 +30,7 @@
require 'cgi'
module Falcon
- class PublicAssessmentsApi
+ class ConfigurationAssessmentApi
attr_accessor :api_client
def initialize(api_client = ApiClient.default)
@@ -42,7 +42,7 @@ def initialize(api_client = ApiClient.default)
# @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.
# @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.
# @option opts [String] :sort Sort assessment by their properties. Common sort options include: <ul><li>created_timestamp|desc</li><li>updated_timestamp|asc</li></ul>
- # @option opts [Array] :facet Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li></ul>
+ # @option opts [Array] :facet Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li><li>finding.evaluation_logic</li></ul>
# @return [DomainAPICombinedFindingsResponseV1]
def get_combined_assessments_query(filter, opts = {})
data, _status_code, _headers = get_combined_assessments_query_with_http_info(filter, opts)
@@ -55,22 +55,22 @@ def get_combined_assessments_query(filter, opts = {})
# @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.
# @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.
# @option opts [String] :sort Sort assessment by their properties. Common sort options include: <ul><li>created_timestamp|desc</li><li>updated_timestamp|asc</li></ul>
- # @option opts [Array] :facet Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li></ul>
+ # @option opts [Array] :facet Select various details blocks to be returned for each assessment entity. Supported values: <ul><li>host</li><li>finding.rule</li><li>finding.evaluation_logic</li></ul>
# @return [Array<(DomainAPICombinedFindingsResponseV1, Integer, Hash)>] DomainAPICombinedFindingsResponseV1 data, response status code and response headers
def get_combined_assessments_query_with_http_info(filter, opts = {})
if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: PublicAssessmentsApi.get_combined_assessments_query ...'
+ @api_client.config.logger.debug 'Calling API: ConfigurationAssessmentApi.get_combined_assessments_query ...'
end
# verify the required parameter 'filter' is set
if @api_client.config.client_side_validation && filter.nil?
- fail ArgumentError, "Missing the required parameter 'filter' when calling PublicAssessmentsApi.get_combined_assessments_query"
+ fail ArgumentError, "Missing the required parameter 'filter' when calling ConfigurationAssessmentApi.get_combined_assessments_query"
end
if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 5000
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling PublicAssessmentsApi.get_combined_assessments_query, must be smaller than or equal to 5000.'
+ fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling ConfigurationAssessmentApi.get_combined_assessments_query, must be smaller than or equal to 5000.'
end
if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling PublicAssessmentsApi.get_combined_assessments_query, must be greater than or equal to 1.'
+ fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling ConfigurationAssessmentApi.get_combined_assessments_query, must be greater than or equal to 1.'
end
# resource path
@@ -102,7 +102,7 @@ def get_combined_assessments_query_with_http_info(filter, opts = {})
auth_names = opts[:debug_auth_names] || ['oauth2']
new_options = opts.merge(
- :operation => :"PublicAssessmentsApi.get_combined_assessments_query",
+ :operation => :"ConfigurationAssessmentApi.get_combined_assessments_query",
:header_params => header_params,
:query_params => query_params,
:form_params => form_params,
@@ -113,7 +113,7 @@ def get_combined_assessments_query_with_http_info(filter, opts = {})
data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
if @api_client.config.debugging
- @api_client.config.logger.debug "API called: PublicAssessmentsApi#get_combined_assessments_query\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ @api_client.config.logger.debug "API called: ConfigurationAssessmentApi#get_combined_assessments_query\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
end
return data, status_code, headers
end
diff --git a/lib/crimson-falcon/api/configuration_assessment_evaluation_logic_api.rb b/lib/crimson-falcon/api/configuration_assessment_evaluation_logic_api.rb
new file mode 100644
index 00000000..62283ed0
--- /dev/null
+++ b/lib/crimson-falcon/api/configuration_assessment_evaluation_logic_api.rb
@@ -0,0 +1,101 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'cgi'
+
+module Falcon
+ class ConfigurationAssessmentEvaluationLogicApi
+ attr_accessor :api_client
+
+ def initialize(api_client = ApiClient.default)
+ @api_client = api_client
+ end
+ # Get details on evaluation logic items by providing one or more finding IDs.
+ # @param ids [Array] One or more evaluation logic finding IDs.
+ # @param [Hash] opts the optional parameters
+ # @return [DomainAPIEvaluationLogicEntitiesResponseV1]
+ def get_evaluation_logic_mixin0(ids, opts = {})
+ data, _status_code, _headers = get_evaluation_logic_mixin0_with_http_info(ids, opts)
+ data
+ end
+
+ # Get details on evaluation logic items by providing one or more finding IDs.
+ # @param ids [Array] One or more evaluation logic finding IDs.
+ # @param [Hash] opts the optional parameters
+ # @return [Array<(DomainAPIEvaluationLogicEntitiesResponseV1, Integer, Hash)>] DomainAPIEvaluationLogicEntitiesResponseV1 data, response status code and response headers
+ def get_evaluation_logic_mixin0_with_http_info(ids, opts = {})
+ if @api_client.config.debugging
+ @api_client.config.logger.debug 'Calling API: ConfigurationAssessmentEvaluationLogicApi.get_evaluation_logic_mixin0 ...'
+ end
+ # verify the required parameter 'ids' is set
+ if @api_client.config.client_side_validation && ids.nil?
+ fail ArgumentError, "Missing the required parameter 'ids' when calling ConfigurationAssessmentEvaluationLogicApi.get_evaluation_logic_mixin0"
+ end
+ # resource path
+ local_var_path = '/configuration-assessment/entities/evaluation-logic/v1'
+
+ # query parameters
+ query_params = opts[:query_params] || {}
+ query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)
+
+ # header parameters
+ header_params = opts[:header_params] || {}
+ # HTTP header 'Accept' (if needed)
+ header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+ # form parameters
+ form_params = opts[:form_params] || {}
+
+ # http body (model)
+ post_body = opts[:debug_body]
+
+ # return_type
+ return_type = opts[:debug_return_type] || 'DomainAPIEvaluationLogicEntitiesResponseV1'
+
+ # auth_names
+ auth_names = opts[:debug_auth_names] || ['oauth2']
+
+ new_options = opts.merge(
+ :operation => :"ConfigurationAssessmentEvaluationLogicApi.get_evaluation_logic_mixin0",
+ :header_params => header_params,
+ :query_params => query_params,
+ :form_params => form_params,
+ :body => post_body,
+ :auth_names => auth_names,
+ :return_type => return_type
+ )
+
+ data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+ if @api_client.config.debugging
+ @api_client.config.logger.debug "API called: ConfigurationAssessmentEvaluationLogicApi#get_evaluation_logic_mixin0\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ end
+ return data, status_code, headers
+ end
+ end
+end
diff --git a/lib/crimson-falcon/api/cspm_registration_api.rb b/lib/crimson-falcon/api/cspm_registration_api.rb
index 80bd1172..6554b986 100644
--- a/lib/crimson-falcon/api/cspm_registration_api.rb
+++ b/lib/crimson-falcon/api/cspm_registration_api.rb
@@ -577,7 +577,8 @@ def get_configuration_detection_entities_with_http_info(ids, opts = {})
# @option opts [String] :filter use_current_scan_ids - *use this to get records for latest scans* account_name account_id agent_id attack_types azure_subscription_id cloud_provider cloud_service_keyword custom_policy_id is_managed policy_id policy_type resource_id region status scan_time severity severity_string
# @option opts [String] :sort account_name account_id attack_types azure_subscription_id cloud_provider cloud_service_keyword status is_managed policy_id policy_type resource_id region scan_time severity severity_string timestamp (default to 'timestamp|desc')
# @option opts [Integer] :limit The max number of detections to return (default to 500)
- # @option opts [Integer] :offset Offset returned detections
+ # @option opts [Integer] :offset Offset returned detections. Cannot be combined with next_token filter
+ # @option opts [String] :next_token String to get next page of results. Cannot be combined with any filter except limit.
# @return [RegistrationIOMEventIDsResponseV2]
def get_configuration_detection_ids_v2(opts = {})
data, _status_code, _headers = get_configuration_detection_ids_v2_with_http_info(opts)
@@ -589,7 +590,8 @@ def get_configuration_detection_ids_v2(opts = {})
# @option opts [String] :filter use_current_scan_ids - *use this to get records for latest scans* account_name account_id agent_id attack_types azure_subscription_id cloud_provider cloud_service_keyword custom_policy_id is_managed policy_id policy_type resource_id region status scan_time severity severity_string
# @option opts [String] :sort account_name account_id attack_types azure_subscription_id cloud_provider cloud_service_keyword status is_managed policy_id policy_type resource_id region scan_time severity severity_string timestamp (default to 'timestamp|desc')
# @option opts [Integer] :limit The max number of detections to return (default to 500)
- # @option opts [Integer] :offset Offset returned detections
+ # @option opts [Integer] :offset Offset returned detections. Cannot be combined with next_token filter
+ # @option opts [String] :next_token String to get next page of results. Cannot be combined with any filter except limit.
# @return [Array<(RegistrationIOMEventIDsResponseV2, Integer, Hash)>] RegistrationIOMEventIDsResponseV2 data, response status code and response headers
def get_configuration_detection_ids_v2_with_http_info(opts = {})
if @api_client.config.debugging
@@ -616,6 +618,7 @@ def get_configuration_detection_ids_v2_with_http_info(opts = {})
query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
+ query_params[:'next_token'] = opts[:'next_token'] if !opts[:'next_token'].nil?
# header parameters
header_params = opts[:header_params] || {}
diff --git a/lib/crimson-falcon/api/custom_ioa_api.rb b/lib/crimson-falcon/api/custom_ioa_api.rb
index 33df38fc..05b14e11 100644
--- a/lib/crimson-falcon/api/custom_ioa_api.rb
+++ b/lib/crimson-falcon/api/custom_ioa_api.rb
@@ -623,8 +623,8 @@ def get_rules_get_with_http_info(body, opts = {})
# @param ids [Array] The IDs of the entities
# @param [Hash] opts the optional parameters
# @return [ApiRulesResponse]
- def get_rules_mixin0_mixin65(ids, opts = {})
- data, _status_code, _headers = get_rules_mixin0_mixin65_with_http_info(ids, opts)
+ def get_rules_mixin0(ids, opts = {})
+ data, _status_code, _headers = get_rules_mixin0_with_http_info(ids, opts)
data
end
@@ -632,13 +632,13 @@ def get_rules_mixin0_mixin65(ids, opts = {})
# @param ids [Array] The IDs of the entities
# @param [Hash] opts the optional parameters
# @return [Array<(ApiRulesResponse, Integer, Hash)>] ApiRulesResponse data, response status code and response headers
- def get_rules_mixin0_mixin65_with_http_info(ids, opts = {})
+ def get_rules_mixin0_with_http_info(ids, opts = {})
if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: CustomIoaApi.get_rules_mixin0_mixin65 ...'
+ @api_client.config.logger.debug 'Calling API: CustomIoaApi.get_rules_mixin0 ...'
end
# verify the required parameter 'ids' is set
if @api_client.config.client_side_validation && ids.nil?
- fail ArgumentError, "Missing the required parameter 'ids' when calling CustomIoaApi.get_rules_mixin0_mixin65"
+ fail ArgumentError, "Missing the required parameter 'ids' when calling CustomIoaApi.get_rules_mixin0"
end
# resource path
local_var_path = '/ioarules/entities/rules/v1'
@@ -665,7 +665,7 @@ def get_rules_mixin0_mixin65_with_http_info(ids, opts = {})
auth_names = opts[:debug_auth_names] || ['oauth2']
new_options = opts.merge(
- :operation => :"CustomIoaApi.get_rules_mixin0_mixin65",
+ :operation => :"CustomIoaApi.get_rules_mixin0",
:header_params => header_params,
:query_params => query_params,
:form_params => form_params,
@@ -676,7 +676,7 @@ def get_rules_mixin0_mixin65_with_http_info(ids, opts = {})
data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
if @api_client.config.debugging
- @api_client.config.logger.debug "API called: CustomIoaApi#get_rules_mixin0_mixin65\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ @api_client.config.logger.debug "API called: CustomIoaApi#get_rules_mixin0\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
end
return data, status_code, headers
end
@@ -805,7 +805,7 @@ def query_platforms_mixin0_with_http_info(opts = {})
# Find all rule groups matching the query with optional filter.
# @param [Hash] opts the optional parameters
- # @option opts [String] :sort Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled}
+ # @option opts [String] :sort Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on}
# @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.
# @option opts [String] :q Match query criteria, which includes all the filter string fields
# @option opts [String] :offset Starting index of overall result set from which to return IDs
@@ -818,7 +818,7 @@ def query_rule_groups_full(opts = {})
# Find all rule groups matching the query with optional filter.
# @param [Hash] opts the optional parameters
- # @option opts [String] :sort Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled}
+ # @option opts [String] :sort Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on}
# @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.
# @option opts [String] :q Match query criteria, which includes all the filter string fields
# @option opts [String] :offset Starting index of overall result set from which to return IDs
@@ -879,7 +879,7 @@ def query_rule_groups_full_with_http_info(opts = {})
# Finds all rule group IDs matching the query with optional filter.
# @param [Hash] opts the optional parameters
- # @option opts [String] :sort Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled}
+ # @option opts [String] :sort Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on}
# @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.
# @option opts [String] :q Match query criteria, which includes all the filter string fields
# @option opts [String] :offset Starting index of overall result set from which to return IDs
@@ -892,7 +892,7 @@ def query_rule_groups_mixin0(opts = {})
# Finds all rule group IDs matching the query with optional filter.
# @param [Hash] opts the optional parameters
- # @option opts [String] :sort Possible order by fields: {name, created_by, created_on, modified_by, modified_on, enabled}
+ # @option opts [String] :sort Possible order by fields: {enabled, name, created_by, created_on, modified_by, modified_on}
# @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.
# @option opts [String] :q Match query criteria, which includes all the filter string fields
# @option opts [String] :offset Starting index of overall result set from which to return IDs
@@ -1014,28 +1014,28 @@ def query_rule_types_with_http_info(opts = {})
# Finds all rule IDs matching the query with optional filter.
# @param [Hash] opts the optional parameters
- # @option opts [String] :sort Possible order by fields: {rules.enabled, rules.created_by, rules.current_version.modified_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.ruletype_name, rules.created_on, rules.current_version.name}
+ # @option opts [String] :sort Possible order by fields: {rules.created_on, rules.current_version.name, rules.current_version.modified_by, rules.ruletype_name, rules.created_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.enabled}
# @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.
# @option opts [String] :q Match query criteria, which includes all the filter string fields
# @option opts [String] :offset Starting index of overall result set from which to return IDs
# @option opts [Integer] :limit Number of IDs to return
# @return [MsaQueryResponse]
- def query_rules_mixin0_mixin65(opts = {})
- data, _status_code, _headers = query_rules_mixin0_mixin65_with_http_info(opts)
+ def query_rules_mixin0(opts = {})
+ data, _status_code, _headers = query_rules_mixin0_with_http_info(opts)
data
end
# Finds all rule IDs matching the query with optional filter.
# @param [Hash] opts the optional parameters
- # @option opts [String] :sort Possible order by fields: {rules.enabled, rules.created_by, rules.current_version.modified_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.ruletype_name, rules.created_on, rules.current_version.name}
+ # @option opts [String] :sort Possible order by fields: {rules.created_on, rules.current_version.name, rules.current_version.modified_by, rules.ruletype_name, rules.created_by, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on, rules.enabled}
# @option opts [String] :filter FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.
# @option opts [String] :q Match query criteria, which includes all the filter string fields
# @option opts [String] :offset Starting index of overall result set from which to return IDs
# @option opts [Integer] :limit Number of IDs to return
# @return [Array<(MsaQueryResponse, Integer, Hash)>] MsaQueryResponse data, response status code and response headers
- def query_rules_mixin0_mixin65_with_http_info(opts = {})
+ def query_rules_mixin0_with_http_info(opts = {})
if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: CustomIoaApi.query_rules_mixin0_mixin65 ...'
+ @api_client.config.logger.debug 'Calling API: CustomIoaApi.query_rules_mixin0 ...'
end
allowable_values = ["rules.created_by", "rules.created_on", "rules.current_version.action_label", "rules.current_version.description", "rules.current_version.modified_by", "rules.current_version.modified_on", "rules.current_version.name", "rules.current_version.pattern_severity", "rules.enabled", "rules.ruletype_name"]
if @api_client.config.client_side_validation && opts[:'sort'] && !allowable_values.include?(opts[:'sort'])
@@ -1070,7 +1070,7 @@ def query_rules_mixin0_mixin65_with_http_info(opts = {})
auth_names = opts[:debug_auth_names] || ['oauth2']
new_options = opts.merge(
- :operation => :"CustomIoaApi.query_rules_mixin0_mixin65",
+ :operation => :"CustomIoaApi.query_rules_mixin0",
:header_params => header_params,
:query_params => query_params,
:form_params => form_params,
@@ -1081,7 +1081,7 @@ def query_rules_mixin0_mixin65_with_http_info(opts = {})
data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
if @api_client.config.debugging
- @api_client.config.logger.debug "API called: CustomIoaApi#query_rules_mixin0_mixin65\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ @api_client.config.logger.debug "API called: CustomIoaApi#query_rules_mixin0\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
end
return data, status_code, headers
end
diff --git a/lib/crimson-falcon/api/discover_api.rb b/lib/crimson-falcon/api/discover_api.rb
index 77e202c2..9dcbf3fd 100644
--- a/lib/crimson-falcon/api/discover_api.rb
+++ b/lib/crimson-falcon/api/discover_api.rb
@@ -289,7 +289,7 @@ def get_logins_with_http_info(ids, opts = {})
# @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
# @option opts [Integer] :limit The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.
# @option opts [String] :sort Sort accounts by their properties. A single sort field is allowed. Common sort options include: <ul><li>username|asc</li><li>last_failed_login_timestamp|desc</li></ul>
- # @option opts [String] :filter Filter accounts using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul>
+ # @option opts [String] :filter Filter accounts using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul> Available filter fields that support exact match: id, cid, user_sid, account_name, username, account_type, admin_privileges, first_seen_timestamp, last_successful_login_type, last_successful_login_timestamp, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_timestamp, last_failed_login_hostname, password_last_set_timestamp, local_admin_privileges Available filter fields that supports wildcard (*): id, cid, user_sid, account_name, username, account_type, admin_privileges, last_successful_login_type, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_hostname, local_admin_privileges Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_successful_login_timestamp,last_failed_login_timestamp, password_last_set_timestamp All filter fields and operations supports negation (!).
# @return [MsaQueryResponse]
def query_accounts(opts = {})
data, _status_code, _headers = query_accounts_with_http_info(opts)
@@ -301,7 +301,7 @@ def query_accounts(opts = {})
# @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
# @option opts [Integer] :limit The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.
# @option opts [String] :sort Sort accounts by their properties. A single sort field is allowed. Common sort options include: <ul><li>username|asc</li><li>last_failed_login_timestamp|desc</li></ul>
- # @option opts [String] :filter Filter accounts using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul>
+ # @option opts [String] :filter Filter accounts using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>admin_privileges:'Yes'</li><li>first_seen_timestamp:<'now-7d'</li><li>last_successful_login_type:'Terminal server'</li></ul> Available filter fields that support exact match: id, cid, user_sid, account_name, username, account_type, admin_privileges, first_seen_timestamp, last_successful_login_type, last_successful_login_timestamp, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_timestamp, last_failed_login_hostname, password_last_set_timestamp, local_admin_privileges Available filter fields that supports wildcard (*): id, cid, user_sid, account_name, username, account_type, admin_privileges, last_successful_login_type, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_hostname, local_admin_privileges Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_successful_login_timestamp,last_failed_login_timestamp, password_last_set_timestamp All filter fields and operations supports negation (!).
# @return [Array<(MsaQueryResponse, Integer, Hash)>] MsaQueryResponse data, response status code and response headers
def query_accounts_with_http_info(opts = {})
if @api_client.config.debugging
@@ -363,340 +363,12 @@ def query_accounts_with_http_info(opts = {})
return data, status_code, headers
end
- # Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria.
- # @param [Hash] opts the optional parameters
- # @option opts [String] :x_cs_useruuid User UUID
- # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
- # @option opts [Integer] :limit The number of active discovery network ids to return in this response (Min: 1, Max: 100, Default: 100).
- # @option opts [String] :sort Sort active discovery networks by their properties. A single sort field is allowed.
- # @option opts [String] :filter Search for active discovery networks in your environment by providing an FQL filter.
- # @return [MsaspecQueryResponse]
- def query_active_discovery_networks(opts = {})
- data, _status_code, _headers = query_active_discovery_networks_with_http_info(opts)
- data
- end
-
- # Search for active discovery networks in your environment by providing an FQL filter and paging details. returns a set of network IDs which match the filter criteria.
- # @param [Hash] opts the optional parameters
- # @option opts [String] :x_cs_useruuid User UUID
- # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
- # @option opts [Integer] :limit The number of active discovery network ids to return in this response (Min: 1, Max: 100, Default: 100).
- # @option opts [String] :sort Sort active discovery networks by their properties. A single sort field is allowed.
- # @option opts [String] :filter Search for active discovery networks in your environment by providing an FQL filter.
- # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers
- def query_active_discovery_networks_with_http_info(opts = {})
- if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: DiscoverApi.query_active_discovery_networks ...'
- end
- if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
- fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling DiscoverApi.query_active_discovery_networks, must be greater than or equal to 0.'
- end
-
- if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_networks, must be smaller than or equal to 100.'
- end
-
- if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_networks, must be greater than or equal to 1.'
- end
-
- # resource path
- local_var_path = '/discover/queries/active-discovery-networks/v1'
-
- # query parameters
- query_params = opts[:query_params] || {}
- query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
- query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
- query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
- query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
-
- # header parameters
- header_params = opts[:header_params] || {}
- # HTTP header 'Accept' (if needed)
- header_params['Accept'] = @api_client.select_header_accept(['application/json'])
- header_params[:'X-CS-USERUUID'] = opts[:'x_cs_useruuid'] if !opts[:'x_cs_useruuid'].nil?
-
- # form parameters
- form_params = opts[:form_params] || {}
-
- # http body (model)
- post_body = opts[:debug_body]
-
- # return_type
- return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'
-
- # auth_names
- auth_names = opts[:debug_auth_names] || ['oauth2']
-
- new_options = opts.merge(
- :operation => :"DiscoverApi.query_active_discovery_networks",
- :header_params => header_params,
- :query_params => query_params,
- :form_params => form_params,
- :body => post_body,
- :auth_names => auth_names,
- :return_type => return_type
- )
-
- data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
- if @api_client.config.debugging
- @api_client.config.logger.debug "API called: DiscoverApi#query_active_discovery_networks\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
- end
- return data, status_code, headers
- end
-
- # Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria.
- # @param [Hash] opts the optional parameters
- # @option opts [String] :x_cs_useruuid User UUID
- # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
- # @option opts [Integer] :limit The number of active discovery rule ids to return in this response (Min: 1, Max: 100, Default: 100).
- # @option opts [String] :sort Sort active discovery rules by their properties. A single sort field is allowed.
- # @option opts [String] :filter Search for active discovery rules in your environment by providing an FQL filter.
- # @return [MsaspecQueryResponse]
- def query_active_discovery_rules(opts = {})
- data, _status_code, _headers = query_active_discovery_rules_with_http_info(opts)
- data
- end
-
- # Search for active discovery rules in your environment by providing an FQL filter and paging details. returns a set of rule IDs which match the filter criteria.
- # @param [Hash] opts the optional parameters
- # @option opts [String] :x_cs_useruuid User UUID
- # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
- # @option opts [Integer] :limit The number of active discovery rule ids to return in this response (Min: 1, Max: 100, Default: 100).
- # @option opts [String] :sort Sort active discovery rules by their properties. A single sort field is allowed.
- # @option opts [String] :filter Search for active discovery rules in your environment by providing an FQL filter.
- # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers
- def query_active_discovery_rules_with_http_info(opts = {})
- if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: DiscoverApi.query_active_discovery_rules ...'
- end
- if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
- fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling DiscoverApi.query_active_discovery_rules, must be greater than or equal to 0.'
- end
-
- if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_rules, must be smaller than or equal to 100.'
- end
-
- if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_rules, must be greater than or equal to 1.'
- end
-
- # resource path
- local_var_path = '/discover/queries/active-discovery-rules/v1'
-
- # query parameters
- query_params = opts[:query_params] || {}
- query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
- query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
- query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
- query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
-
- # header parameters
- header_params = opts[:header_params] || {}
- # HTTP header 'Accept' (if needed)
- header_params['Accept'] = @api_client.select_header_accept(['application/json'])
- header_params[:'X-CS-USERUUID'] = opts[:'x_cs_useruuid'] if !opts[:'x_cs_useruuid'].nil?
-
- # form parameters
- form_params = opts[:form_params] || {}
-
- # http body (model)
- post_body = opts[:debug_body]
-
- # return_type
- return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'
-
- # auth_names
- auth_names = opts[:debug_auth_names] || ['oauth2']
-
- new_options = opts.merge(
- :operation => :"DiscoverApi.query_active_discovery_rules",
- :header_params => header_params,
- :query_params => query_params,
- :form_params => form_params,
- :body => post_body,
- :auth_names => auth_names,
- :return_type => return_type
- )
-
- data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
- if @api_client.config.debugging
- @api_client.config.logger.debug "API called: DiscoverApi#query_active_discovery_rules\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
- end
- return data, status_code, headers
- end
-
- # Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria.
- # @param [Hash] opts the optional parameters
- # @option opts [String] :x_cs_useruuid User UUID
- # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
- # @option opts [Integer] :limit The number of active discovery scanner ids to return in this response (Min: 1, Max: 100, Default: 100).
- # @option opts [String] :sort Sort active discovery scanners by their properties. A single sort field is allowed.
- # @option opts [String] :filter Search for active discovery scanners in your environment by providing an FQL filter.
- # @return [MsaspecQueryResponse]
- def query_active_discovery_scanners(opts = {})
- data, _status_code, _headers = query_active_discovery_scanners_with_http_info(opts)
- data
- end
-
- # Search for active discovery scanners in your environment by providing an FQL filter and paging details. returns a set of scanner IDs which match the filter criteria.
- # @param [Hash] opts the optional parameters
- # @option opts [String] :x_cs_useruuid User UUID
- # @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
- # @option opts [Integer] :limit The number of active discovery scanner ids to return in this response (Min: 1, Max: 100, Default: 100).
- # @option opts [String] :sort Sort active discovery scanners by their properties. A single sort field is allowed.
- # @option opts [String] :filter Search for active discovery scanners in your environment by providing an FQL filter.
- # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers
- def query_active_discovery_scanners_with_http_info(opts = {})
- if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: DiscoverApi.query_active_discovery_scanners ...'
- end
- if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
- fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling DiscoverApi.query_active_discovery_scanners, must be greater than or equal to 0.'
- end
-
- if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_scanners, must be smaller than or equal to 100.'
- end
-
- if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_scanners, must be greater than or equal to 1.'
- end
-
- # resource path
- local_var_path = '/discover/queries/active-discovery-scanners/v1'
-
- # query parameters
- query_params = opts[:query_params] || {}
- query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
- query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
- query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
- query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
-
- # header parameters
- header_params = opts[:header_params] || {}
- # HTTP header 'Accept' (if needed)
- header_params['Accept'] = @api_client.select_header_accept(['application/json'])
- header_params[:'X-CS-USERUUID'] = opts[:'x_cs_useruuid'] if !opts[:'x_cs_useruuid'].nil?
-
- # form parameters
- form_params = opts[:form_params] || {}
-
- # http body (model)
- post_body = opts[:debug_body]
-
- # return_type
- return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'
-
- # auth_names
- auth_names = opts[:debug_auth_names] || ['oauth2']
-
- new_options = opts.merge(
- :operation => :"DiscoverApi.query_active_discovery_scanners",
- :header_params => header_params,
- :query_params => query_params,
- :form_params => form_params,
- :body => post_body,
- :auth_names => auth_names,
- :return_type => return_type
- )
-
- data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
- if @api_client.config.debugging
- @api_client.config.logger.debug "API called: DiscoverApi#query_active_discovery_scanners\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
- end
- return data, status_code, headers
- end
-
- # Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria.
- # @param [Hash] opts the optional parameters
- # @option opts [String] :x_cs_useruuid User UUID
- # @option opts [Integer] :offset The index of the starting resource.
- # @option opts [Integer] :limit The number of active discovery scan ids to return in this response (Min: 1, Max: 100, Default: 100).
- # @option opts [String] :sort Sort active discovery scans by their properties. A single sort field is allowed.
- # @option opts [String] :filter Search for active discovery scans in your environment by providing an FQL filter.
- # @return [MsaspecQueryResponse]
- def query_active_discovery_scans(opts = {})
- data, _status_code, _headers = query_active_discovery_scans_with_http_info(opts)
- data
- end
-
- # Search for active discovery scans in your environment by providing an FQL filter and paging details. returns a set of scan IDs which match the filter criteria.
- # @param [Hash] opts the optional parameters
- # @option opts [String] :x_cs_useruuid User UUID
- # @option opts [Integer] :offset The index of the starting resource.
- # @option opts [Integer] :limit The number of active discovery scan ids to return in this response (Min: 1, Max: 100, Default: 100).
- # @option opts [String] :sort Sort active discovery scans by their properties. A single sort field is allowed.
- # @option opts [String] :filter Search for active discovery scans in your environment by providing an FQL filter.
- # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers
- def query_active_discovery_scans_with_http_info(opts = {})
- if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: DiscoverApi.query_active_discovery_scans ...'
- end
- if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
- fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling DiscoverApi.query_active_discovery_scans, must be greater than or equal to 0.'
- end
-
- if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_scans, must be smaller than or equal to 100.'
- end
-
- if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_active_discovery_scans, must be greater than or equal to 1.'
- end
-
- # resource path
- local_var_path = '/discover/queries/active-discovery-scans/v1'
-
- # query parameters
- query_params = opts[:query_params] || {}
- query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
- query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
- query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
- query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
-
- # header parameters
- header_params = opts[:header_params] || {}
- # HTTP header 'Accept' (if needed)
- header_params['Accept'] = @api_client.select_header_accept(['application/json'])
- header_params[:'X-CS-USERUUID'] = opts[:'x_cs_useruuid'] if !opts[:'x_cs_useruuid'].nil?
-
- # form parameters
- form_params = opts[:form_params] || {}
-
- # http body (model)
- post_body = opts[:debug_body]
-
- # return_type
- return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'
-
- # auth_names
- auth_names = opts[:debug_auth_names] || ['oauth2']
-
- new_options = opts.merge(
- :operation => :"DiscoverApi.query_active_discovery_scans",
- :header_params => header_params,
- :query_params => query_params,
- :form_params => form_params,
- :body => post_body,
- :auth_names => auth_names,
- :return_type => return_type
- )
-
- data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
- if @api_client.config.debugging
- @api_client.config.logger.debug "API called: DiscoverApi#query_active_discovery_scans\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
- end
- return data, status_code, headers
- end
-
# Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria.
# @param [Hash] opts the optional parameters
# @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
# @option opts [Integer] :limit The number of application ids to return in this response (Min: 1, Max: 100, Default: 100).
# @option opts [String] :sort Sort applications by their properties. A single sort field is allowed.
- # @option opts [String] :filter Search for applications in your environment by providing an FQL filter.
+ # @option opts [String] :filter Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!).
# @return [MsaspecQueryResponse]
def query_applications(opts = {})
data, _status_code, _headers = query_applications_with_http_info(opts)
@@ -708,7 +380,7 @@ def query_applications(opts = {})
# @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
# @option opts [Integer] :limit The number of application ids to return in this response (Min: 1, Max: 100, Default: 100).
# @option opts [String] :sort Sort applications by their properties. A single sort field is allowed.
- # @option opts [String] :filter Search for applications in your environment by providing an FQL filter.
+ # @option opts [String] :filter Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!).
# @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers
def query_applications_with_http_info(opts = {})
if @api_client.config.debugging
@@ -775,7 +447,7 @@ def query_applications_with_http_info(opts = {})
# @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
# @option opts [Integer] :limit The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.
# @option opts [String] :sort Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul>
- # @option opts [String] :filter Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul>
+ # @option opts [String] :filter Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp All filter fields and operations supports negation (!).
# @return [MsaspecQueryResponse]
def query_hosts(opts = {})
data, _status_code, _headers = query_hosts_with_http_info(opts)
@@ -787,7 +459,7 @@ def query_hosts(opts = {})
# @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
# @option opts [Integer] :limit The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.
# @option opts [String] :sort Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul>
- # @option opts [String] :filter Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul>
+ # @option opts [String] :filter Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports range comparisons (>, <, >=, <=): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp All filter fields and operations supports negation (!).
# @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers
def query_hosts_with_http_info(opts = {})
if @api_client.config.debugging
@@ -854,7 +526,7 @@ def query_hosts_with_http_info(opts = {})
# @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
# @option opts [Integer] :limit The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.
# @option opts [String] :sort Sort logins by their properties. A single sort field is allowed. Common sort options include: <ul><li>account_name|asc</li><li>login_timestamp|desc</li></ul>
- # @option opts [String] :filter Filter logins using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul>
+ # @option opts [String] :filter Filter logins using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul> Available filter fields that support exact match: id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_timestamp, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, is_suspicious, failure_description, login_event_count, aggregation_time_interval Available filter fields that supports wildcard (*): id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, failure_description, aggregation_time_interval Available filter fields that supports range comparisons (>, <, >=, <=): login_timestamp, login_event_count All filter fields and operations supports negation (!).
# @return [MsaQueryResponse]
def query_logins(opts = {})
data, _status_code, _headers = query_logins_with_http_info(opts)
@@ -866,7 +538,7 @@ def query_logins(opts = {})
# @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
# @option opts [Integer] :limit The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.
# @option opts [String] :sort Sort logins by their properties. A single sort field is allowed. Common sort options include: <ul><li>account_name|asc</li><li>login_timestamp|desc</li></ul>
- # @option opts [String] :filter Filter logins using an FQL query. Common filter options include: <ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul>
+ # @option opts [String] :filter Filter logins using an FQL query. Common filter options include:<ul><li>account_type:'Local'</li><li>login_type:'Interactive'</li><li>first_seen_timestamp:<'now-7d'</li><li>admin_privileges:'No'</li></ul> Available filter fields that support exact match: id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_timestamp, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, is_suspicious, failure_description, login_event_count, aggregation_time_interval Available filter fields that supports wildcard (*): id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, failure_description, aggregation_time_interval Available filter fields that supports range comparisons (>, <, >=, <=): login_timestamp, login_event_count All filter fields and operations supports negation (!).
# @return [Array<(MsaQueryResponse, Integer, Hash)>] MsaQueryResponse data, response status code and response headers
def query_logins_with_http_info(opts = {})
if @api_client.config.debugging
diff --git a/lib/crimson-falcon/api/discover_iot_api.rb b/lib/crimson-falcon/api/discover_iot_api.rb
index 95c9ec7a..94ee70a3 100644
--- a/lib/crimson-falcon/api/discover_iot_api.rb
+++ b/lib/crimson-falcon/api/discover_iot_api.rb
@@ -103,7 +103,7 @@ def get_iot_hosts_with_http_info(ids, opts = {})
# @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
# @option opts [Integer] :limit The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.
# @option opts [String] :sort Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul>
- # @option opts [String] :filter Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul>
+ # @option opts [String] :filter Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, physical_connections_count, data_providers Available filter fields that supports wildcard (*): device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, data_providers Available filter fields that supports range comparisons (>, <, >=, <=): physical_connections_count All filter fields and operations supports negation (!).
# @return [MsaspecQueryResponse]
def query_iot_hosts(opts = {})
data, _status_code, _headers = query_iot_hosts_with_http_info(opts)
@@ -115,7 +115,7 @@ def query_iot_hosts(opts = {})
# @option opts [Integer] :offset An offset used with the `limit` parameter to manage pagination of results. On your first request, don’t provide an `offset`. On subsequent requests, add previous `offset` with the previous `limit` to continue from that place in the results.
# @option opts [Integer] :limit The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.
# @option opts [String] :sort Sort assets by their properties. A single sort field is allowed. Common sort options include: <ul><li>hostname|asc</li><li>product_type_desc|desc</li></ul>
- # @option opts [String] :filter Filter assets using an FQL query. Common filter options include: <ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul>
+ # @option opts [String] :filter Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'</li><li>product_type_desc:'Workstation'</li><li>platform_name:'Windows'</li><li>last_seen_timestamp:>'now-7d'</li></ul> Available filter fields that support exact match: device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, physical_connections_count, data_providers Available filter fields that supports wildcard (*): device_family, device_class, device_type, device_mode, business_criticality, line_of_business, virtual_zone, subnet, purdue_level, vlan, local_ip_addresses, mac_addresses, data_providers Available filter fields that supports range comparisons (>, <, >=, <=): physical_connections_count All filter fields and operations supports negation (!).
# @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers
def query_iot_hosts_with_http_info(opts = {})
if @api_client.config.debugging
diff --git a/lib/crimson-falcon/api/falcon_container_image_api.rb b/lib/crimson-falcon/api/falcon_container_image_api.rb
index 7b4489c7..de21c86b 100644
--- a/lib/crimson-falcon/api/falcon_container_image_api.rb
+++ b/lib/crimson-falcon/api/falcon_container_image_api.rb
@@ -164,6 +164,73 @@ def delete_registry_entities_with_http_info(ids, opts = {})
return data, status_code, headers
end
+ # Get image assessment results by providing an FQL filter and paging details
+ # @param [Hash] opts the optional parameters
+ # @option opts [String] :filter Filter images using a query in Falcon Query Language (FQL). Supported filters: container_running_status, cve_id, first_seen, registry, repository, tag, vulnerability_severity
+ # @option opts [Integer] :limit The upper-bound on the number of records to retrieve [1-100]
+ # @option opts [Integer] :offset The offset from where to begin.
+ # @option opts [String] :sort The fields to sort the records on. Supported columns: [first_seen registry repository tag vulnerability_severity]
+ # @return [ImagesExtCombinedImagesResponse]
+ def get_combined_images(opts = {})
+ data, _status_code, _headers = get_combined_images_with_http_info(opts)
+ data
+ end
+
+ # Get image assessment results by providing an FQL filter and paging details
+ # @param [Hash] opts the optional parameters
+ # @option opts [String] :filter Filter images using a query in Falcon Query Language (FQL). Supported filters: container_running_status, cve_id, first_seen, registry, repository, tag, vulnerability_severity
+ # @option opts [Integer] :limit The upper-bound on the number of records to retrieve [1-100]
+ # @option opts [Integer] :offset The offset from where to begin.
+ # @option opts [String] :sort The fields to sort the records on. Supported columns: [first_seen registry repository tag vulnerability_severity]
+ # @return [Array<(ImagesExtCombinedImagesResponse, Integer, Hash)>] ImagesExtCombinedImagesResponse data, response status code and response headers
+ def get_combined_images_with_http_info(opts = {})
+ if @api_client.config.debugging
+ @api_client.config.logger.debug 'Calling API: FalconContainerImageApi.get_combined_images ...'
+ end
+ # resource path
+ local_var_path = '/container-security/combined/image-assessment/images/v1'
+
+ # query parameters
+ query_params = opts[:query_params] || {}
+ query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
+ query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
+ query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
+ query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
+
+ # header parameters
+ header_params = opts[:header_params] || {}
+ # HTTP header 'Accept' (if needed)
+ header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+ # form parameters
+ form_params = opts[:form_params] || {}
+
+ # http body (model)
+ post_body = opts[:debug_body]
+
+ # return_type
+ return_type = opts[:debug_return_type] || 'ImagesExtCombinedImagesResponse'
+
+ # auth_names
+ auth_names = opts[:debug_auth_names] || ['oauth2']
+
+ new_options = opts.merge(
+ :operation => :"FalconContainerImageApi.get_combined_images",
+ :header_params => header_params,
+ :query_params => query_params,
+ :form_params => form_params,
+ :body => post_body,
+ :auth_names => auth_names,
+ :return_type => return_type
+ )
+
+ data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+ if @api_client.config.debugging
+ @api_client.config.logger.debug "API called: FalconContainerImageApi#get_combined_images\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ end
+ return data, status_code, headers
+ end
+
# Retrieve registry entities identified by the customer id
# @param [Hash] opts the optional parameters
# @option opts [Integer] :limit The upper-bound on the number of records to retrieve.
diff --git a/lib/crimson-falcon/api/filevantage_api.rb b/lib/crimson-falcon/api/filevantage_api.rb
index ea88bfca..45343725 100644
--- a/lib/crimson-falcon/api/filevantage_api.rb
+++ b/lib/crimson-falcon/api/filevantage_api.rb
@@ -38,7 +38,7 @@ def initialize(api_client = ApiClient.default)
end
# Retrieve information on changes
# Retrieve key attributes of Falcon FileVantage changes for the specified ids.
- # @param ids [Array] Comma separated values of change ids
+ # @param ids [Array] One or more change ids in the form of ids=ID1&ids=ID2
# @param [Hash] opts the optional parameters
# @return [PublicGetChangesResponse]
def get_changes(ids, opts = {})
@@ -48,7 +48,7 @@ def get_changes(ids, opts = {})
# Retrieve information on changes
# Retrieve key attributes of Falcon FileVantage changes for the specified ids.
- # @param ids [Array] Comma separated values of change ids
+ # @param ids [Array] One or more change ids in the form of ids=ID1&ids=ID2
# @param [Hash] opts the optional parameters
# @return [Array<(PublicGetChangesResponse, Integer, Hash)>] PublicGetChangesResponse data, response status code and response headers
def get_changes_with_http_info(ids, opts = {})
diff --git a/lib/crimson-falcon/api/identity_entities_api.rb b/lib/crimson-falcon/api/identity_entities_api.rb
new file mode 100644
index 00000000..5b1ffea2
--- /dev/null
+++ b/lib/crimson-falcon/api/identity_entities_api.rb
@@ -0,0 +1,238 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'cgi'
+
+module Falcon
+ class IdentityEntitiesApi
+ attr_accessor :api_client
+
+ def initialize(api_client = ApiClient.default)
+ @api_client = api_client
+ end
+ # Get sensor aggregates as specified via json in request body.
+ # @param body [MsaAggregateQueryRequest]
+ # @param [Hash] opts the optional parameters
+ # @return [MsaAggregatesResponse]
+ def get_sensor_aggregates(body, opts = {})
+ data, _status_code, _headers = get_sensor_aggregates_with_http_info(body, opts)
+ data
+ end
+
+ # Get sensor aggregates as specified via json in request body.
+ # @param body [MsaAggregateQueryRequest]
+ # @param [Hash] opts the optional parameters
+ # @return [Array<(MsaAggregatesResponse, Integer, Hash)>] MsaAggregatesResponse data, response status code and response headers
+ def get_sensor_aggregates_with_http_info(body, opts = {})
+ if @api_client.config.debugging
+ @api_client.config.logger.debug 'Calling API: IdentityEntitiesApi.get_sensor_aggregates ...'
+ end
+ # verify the required parameter 'body' is set
+ if @api_client.config.client_side_validation && body.nil?
+ fail ArgumentError, "Missing the required parameter 'body' when calling IdentityEntitiesApi.get_sensor_aggregates"
+ end
+ # resource path
+ local_var_path = '/identity-protection/aggregates/devices/GET/v1'
+
+ # query parameters
+ query_params = opts[:query_params] || {}
+
+ # header parameters
+ header_params = opts[:header_params] || {}
+ # HTTP header 'Accept' (if needed)
+ header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+ # HTTP header 'Content-Type'
+ content_type = @api_client.select_header_content_type(['application/json'])
+ if !content_type.nil?
+ header_params['Content-Type'] = content_type
+ end
+
+ # form parameters
+ form_params = opts[:form_params] || {}
+
+ # http body (model)
+ post_body = opts[:debug_body] || @api_client.object_to_http_body(body)
+
+ # return_type
+ return_type = opts[:debug_return_type] || 'MsaAggregatesResponse'
+
+ # auth_names
+ auth_names = opts[:debug_auth_names] || ['oauth2']
+
+ new_options = opts.merge(
+ :operation => :"IdentityEntitiesApi.get_sensor_aggregates",
+ :header_params => header_params,
+ :query_params => query_params,
+ :form_params => form_params,
+ :body => post_body,
+ :auth_names => auth_names,
+ :return_type => return_type
+ )
+
+ data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+ if @api_client.config.debugging
+ @api_client.config.logger.debug "API called: IdentityEntitiesApi#get_sensor_aggregates\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ end
+ return data, status_code, headers
+ end
+
+ # Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs.
+ # @param body [MsaIdsRequest]
+ # @param [Hash] opts the optional parameters
+ # @return [ApiSensorDetailsResponseSwagger]
+ def get_sensor_details(body, opts = {})
+ data, _status_code, _headers = get_sensor_details_with_http_info(body, opts)
+ data
+ end
+
+ # Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs.
+ # @param body [MsaIdsRequest]
+ # @param [Hash] opts the optional parameters
+ # @return [Array<(ApiSensorDetailsResponseSwagger, Integer, Hash)>] ApiSensorDetailsResponseSwagger data, response status code and response headers
+ def get_sensor_details_with_http_info(body, opts = {})
+ if @api_client.config.debugging
+ @api_client.config.logger.debug 'Calling API: IdentityEntitiesApi.get_sensor_details ...'
+ end
+ # verify the required parameter 'body' is set
+ if @api_client.config.client_side_validation && body.nil?
+ fail ArgumentError, "Missing the required parameter 'body' when calling IdentityEntitiesApi.get_sensor_details"
+ end
+ # resource path
+ local_var_path = '/identity-protection/entities/devices/GET/v1'
+
+ # query parameters
+ query_params = opts[:query_params] || {}
+
+ # header parameters
+ header_params = opts[:header_params] || {}
+ # HTTP header 'Accept' (if needed)
+ header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+ # HTTP header 'Content-Type'
+ content_type = @api_client.select_header_content_type(['application/json'])
+ if !content_type.nil?
+ header_params['Content-Type'] = content_type
+ end
+
+ # form parameters
+ form_params = opts[:form_params] || {}
+
+ # http body (model)
+ post_body = opts[:debug_body] || @api_client.object_to_http_body(body)
+
+ # return_type
+ return_type = opts[:debug_return_type] || 'ApiSensorDetailsResponseSwagger'
+
+ # auth_names
+ auth_names = opts[:debug_auth_names] || ['oauth2']
+
+ new_options = opts.merge(
+ :operation => :"IdentityEntitiesApi.get_sensor_details",
+ :header_params => header_params,
+ :query_params => query_params,
+ :form_params => form_params,
+ :body => post_body,
+ :auth_names => auth_names,
+ :return_type => return_type
+ )
+
+ data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+ if @api_client.config.debugging
+ @api_client.config.logger.debug "API called: IdentityEntitiesApi#get_sensor_details\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ end
+ return data, status_code, headers
+ end
+
+ # Search for sensors in your environment by hostname, IP, and other criteria.
+ # @param [Hash] opts the optional parameters
+ # @option opts [Integer] :offset The offset to start retrieving records from
+ # @option opts [Integer] :limit The maximum records to return. [1-200]
+ # @option opts [String] :sort The property to sort by (e.g. status.desc or hostname.asc)
+ # @option opts [String] :filter The filter expression that should be used to limit the results
+ # @return [MsaspecQueryResponse]
+ def query_sensors_by_filter(opts = {})
+ data, _status_code, _headers = query_sensors_by_filter_with_http_info(opts)
+ data
+ end
+
+ # Search for sensors in your environment by hostname, IP, and other criteria.
+ # @param [Hash] opts the optional parameters
+ # @option opts [Integer] :offset The offset to start retrieving records from
+ # @option opts [Integer] :limit The maximum records to return. [1-200]
+ # @option opts [String] :sort The property to sort by (e.g. status.desc or hostname.asc)
+ # @option opts [String] :filter The filter expression that should be used to limit the results
+ # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers
+ def query_sensors_by_filter_with_http_info(opts = {})
+ if @api_client.config.debugging
+ @api_client.config.logger.debug 'Calling API: IdentityEntitiesApi.query_sensors_by_filter ...'
+ end
+ # resource path
+ local_var_path = '/identity-protection/queries/devices/v1'
+
+ # query parameters
+ query_params = opts[:query_params] || {}
+ query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
+ query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
+ query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
+ query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
+
+ # header parameters
+ header_params = opts[:header_params] || {}
+ # HTTP header 'Accept' (if needed)
+ header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+ # form parameters
+ form_params = opts[:form_params] || {}
+
+ # http body (model)
+ post_body = opts[:debug_body]
+
+ # return_type
+ return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'
+
+ # auth_names
+ auth_names = opts[:debug_auth_names] || ['oauth2']
+
+ new_options = opts.merge(
+ :operation => :"IdentityEntitiesApi.query_sensors_by_filter",
+ :header_params => header_params,
+ :query_params => query_params,
+ :form_params => form_params,
+ :body => post_body,
+ :auth_names => auth_names,
+ :return_type => return_type
+ )
+
+ data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+ if @api_client.config.debugging
+ @api_client.config.logger.debug "API called: IdentityEntitiesApi#query_sensors_by_filter\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ end
+ return data, status_code, headers
+ end
+ end
+end
diff --git a/lib/crimson-falcon/api/incidents_api.rb b/lib/crimson-falcon/api/incidents_api.rb
index 9c4a1591..438d7d0b 100644
--- a/lib/crimson-falcon/api/incidents_api.rb
+++ b/lib/crimson-falcon/api/incidents_api.rb
@@ -334,7 +334,7 @@ def query_behaviors_with_http_info(opts = {})
if @api_client.config.debugging
@api_client.config.logger.debug 'Calling API: IncidentsApi.query_behaviors ...'
end
- allowable_values = ["cmdline.asc", "cmdline.desc", "detection_ids.asc", "detection_ids.desc", "display_name.asc", "display_name.desc", "domain.asc", "domain.desc", "filepath.asc", "filepath.desc", "timestamp.asc", "timestamp.desc"]
+ allowable_values = ["alert_ids.asc", "alert_ids.desc", "cmdline.asc", "cmdline.desc", "detection_ids.asc", "detection_ids.desc", "display_name.asc", "display_name.desc", "domain.asc", "domain.desc", "filepath.asc", "filepath.desc", "timestamp.asc", "timestamp.desc"]
if @api_client.config.client_side_validation && opts[:'sort'] && !allowable_values.include?(opts[:'sort'])
fail ArgumentError, "invalid value for \"sort\", must be one of #{allowable_values}"
end
diff --git a/lib/crimson-falcon/api/intel_api.rb b/lib/crimson-falcon/api/intel_api.rb
index 8b7647c3..e8b01370 100644
--- a/lib/crimson-falcon/api/intel_api.rb
+++ b/lib/crimson-falcon/api/intel_api.rb
@@ -703,7 +703,7 @@ def post_mitre_attacks_with_http_info(body, opts = {})
# @option opts [Integer] :offset Set the starting row number to return actors from. Defaults to 0.
# @option opts [Integer] :limit Set the number of actors to return. The value must be between 1 and 5000.
# @option opts [String] :sort Order fields in ascending or descending order. Ex: created_date|asc.
- # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions.
+ # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value.
# @option opts [String] :q Perform a generic substring search across all fields.
# @option opts [Array] :fields The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: \\_\\_\\<collection\\>\\_\\_. Ex: slug \\_\\_full\\_\\_. Defaults to \\_\\_basic\\_\\_.
# @return [DomainActorsResponse]
@@ -717,7 +717,7 @@ def query_intel_actor_entities(opts = {})
# @option opts [Integer] :offset Set the starting row number to return actors from. Defaults to 0.
# @option opts [Integer] :limit Set the number of actors to return. The value must be between 1 and 5000.
# @option opts [String] :sort Order fields in ascending or descending order. Ex: created_date|asc.
- # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions.
+ # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value.
# @option opts [String] :q Perform a generic substring search across all fields.
# @option opts [Array] :fields The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: \\_\\_\\<collection\\>\\_\\_. Ex: slug \\_\\_full\\_\\_. Defaults to \\_\\_basic\\_\\_.
# @return [Array<(DomainActorsResponse, Integer, Hash)>] DomainActorsResponse data, response status code and response headers
@@ -776,7 +776,7 @@ def query_intel_actor_entities_with_http_info(opts = {})
# @option opts [Integer] :offset Set the starting row number to return actors IDs from. Defaults to 0.
# @option opts [Integer] :limit Set the number of actor IDs to return. The value must be between 1 and 5000.
# @option opts [String] :sort Order fields in ascending or descending order. Ex: created_date|asc.
- # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions.
+ # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value.
# @option opts [String] :q Perform a generic substring search across all fields.
# @return [MsaQueryResponse]
def query_intel_actor_ids(opts = {})
@@ -789,7 +789,7 @@ def query_intel_actor_ids(opts = {})
# @option opts [Integer] :offset Set the starting row number to return actors IDs from. Defaults to 0.
# @option opts [Integer] :limit Set the number of actor IDs to return. The value must be between 1 and 5000.
# @option opts [String] :sort Order fields in ascending or descending order. Ex: created_date|asc.
- # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions.
+ # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value.
# @option opts [String] :q Perform a generic substring search across all fields.
# @return [Array<(MsaQueryResponse, Integer, Hash)>] MsaQueryResponse data, response status code and response headers
def query_intel_actor_ids_with_http_info(opts = {})
@@ -1225,33 +1225,32 @@ def query_intel_rule_ids_with_http_info(type, opts = {})
return data, status_code, headers
end
- # Gets MITRE tactics and techniques for the given actor
- # @param id [String] The actor ID(derived from the actor's name) for which to retrieve a list of attacks.
+ # Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071
# @param [Hash] opts the optional parameters
- # @return [nil]
- def query_mitre_attacks(id, opts = {})
- query_mitre_attacks_with_http_info(id, opts)
- nil
+ # @option opts [String] :id The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed
+ # @option opts [Array] :ids The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed
+ # @return [DomainQueryMitreAttacksResponse]
+ def query_mitre_attacks(opts = {})
+ data, _status_code, _headers = query_mitre_attacks_with_http_info(opts)
+ data
end
- # Gets MITRE tactics and techniques for the given actor
- # @param id [String] The actor ID(derived from the actor's name) for which to retrieve a list of attacks.
+ # Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071
# @param [Hash] opts the optional parameters
- # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers
- def query_mitre_attacks_with_http_info(id, opts = {})
+ # @option opts [String] :id The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed
+ # @option opts [Array] :ids The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed
+ # @return [Array<(DomainQueryMitreAttacksResponse, Integer, Hash)>] DomainQueryMitreAttacksResponse data, response status code and response headers
+ def query_mitre_attacks_with_http_info(opts = {})
if @api_client.config.debugging
@api_client.config.logger.debug 'Calling API: IntelApi.query_mitre_attacks ...'
end
- # verify the required parameter 'id' is set
- if @api_client.config.client_side_validation && id.nil?
- fail ArgumentError, "Missing the required parameter 'id' when calling IntelApi.query_mitre_attacks"
- end
# resource path
local_var_path = '/intel/queries/mitre/v1'
# query parameters
query_params = opts[:query_params] || {}
- query_params[:'id'] = id
+ query_params[:'id'] = opts[:'id'] if !opts[:'id'].nil?
+ query_params[:'ids'] = @api_client.build_collection_param(opts[:'ids'], :multi) if !opts[:'ids'].nil?
# header parameters
header_params = opts[:header_params] || {}
@@ -1265,7 +1264,7 @@ def query_mitre_attacks_with_http_info(id, opts = {})
post_body = opts[:debug_body]
# return_type
- return_type = opts[:debug_return_type]
+ return_type = opts[:debug_return_type] || 'DomainQueryMitreAttacksResponse'
# auth_names
auth_names = opts[:debug_auth_names] || ['oauth2']
diff --git a/lib/crimson-falcon/api/inventories_api.rb b/lib/crimson-falcon/api/inventories_api.rb
new file mode 100644
index 00000000..b8081678
--- /dev/null
+++ b/lib/crimson-falcon/api/inventories_api.rb
@@ -0,0 +1,105 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'cgi'
+
+module Falcon
+ class InventoriesApi
+ attr_accessor :api_client
+
+ def initialize(api_client = ApiClient.default)
+ @api_client = api_client
+ end
+ # Create inventory from data received from snapshot
+ # @param body [ModelsSnapshotInventoryPayload]
+ # @param [Hash] opts the optional parameters
+ # @return [CommonEntitiesResponse]
+ def create_inventory(body, opts = {})
+ data, _status_code, _headers = create_inventory_with_http_info(body, opts)
+ data
+ end
+
+ # Create inventory from data received from snapshot
+ # @param body [ModelsSnapshotInventoryPayload]
+ # @param [Hash] opts the optional parameters
+ # @return [Array<(CommonEntitiesResponse, Integer, Hash)>] CommonEntitiesResponse data, response status code and response headers
+ def create_inventory_with_http_info(body, opts = {})
+ if @api_client.config.debugging
+ @api_client.config.logger.debug 'Calling API: InventoriesApi.create_inventory ...'
+ end
+ # verify the required parameter 'body' is set
+ if @api_client.config.client_side_validation && body.nil?
+ fail ArgumentError, "Missing the required parameter 'body' when calling InventoriesApi.create_inventory"
+ end
+ # resource path
+ local_var_path = '/snapshots/entities/inventories/v1'
+
+ # query parameters
+ query_params = opts[:query_params] || {}
+
+ # header parameters
+ header_params = opts[:header_params] || {}
+ # HTTP header 'Accept' (if needed)
+ header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+ # HTTP header 'Content-Type'
+ content_type = @api_client.select_header_content_type(['application/json'])
+ if !content_type.nil?
+ header_params['Content-Type'] = content_type
+ end
+
+ # form parameters
+ form_params = opts[:form_params] || {}
+
+ # http body (model)
+ post_body = opts[:debug_body] || @api_client.object_to_http_body(body)
+
+ # return_type
+ return_type = opts[:debug_return_type] || 'CommonEntitiesResponse'
+
+ # auth_names
+ auth_names = opts[:debug_auth_names] || ['oauth2']
+
+ new_options = opts.merge(
+ :operation => :"InventoriesApi.create_inventory",
+ :header_params => header_params,
+ :query_params => query_params,
+ :form_params => form_params,
+ :body => post_body,
+ :auth_names => auth_names,
+ :return_type => return_type
+ )
+
+ data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+ if @api_client.config.debugging
+ @api_client.config.logger.debug "API called: InventoriesApi#create_inventory\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ end
+ return data, status_code, headers
+ end
+ end
+end
diff --git a/lib/crimson-falcon/api/mssp_api.rb b/lib/crimson-falcon/api/mssp_api.rb
index d901e7f1..5e97b175 100644
--- a/lib/crimson-falcon/api/mssp_api.rb
+++ b/lib/crimson-falcon/api/mssp_api.rb
@@ -366,7 +366,7 @@ def create_user_groups_with_http_info(body, opts = {})
return data, status_code, headers
end
- # Delete CID group members.
+ # Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members.
# @param body [DomainCIDGroupMembersRequestV1] Both 'cid_group_id' and 'cids' fields are required.
# @param [Hash] opts the optional parameters
# @return [DomainCIDGroupMembersResponseV1]
@@ -375,7 +375,7 @@ def delete_cid_group_members(body, opts = {})
data
end
- # Delete CID group members.
+ # Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members.
# @param body [DomainCIDGroupMembersRequestV1] Both 'cid_group_id' and 'cids' fields are required.
# @param [Hash] opts the optional parameters
# @return [Array<(DomainCIDGroupMembersResponseV1, Integer, Hash)>] DomainCIDGroupMembersResponseV1 data, response status code and response headers
@@ -432,6 +432,72 @@ def delete_cid_group_members_with_http_info(body, opts = {})
return data, status_code, headers
end
+ # Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group.
+ # @param body [DomainCIDGroupMembersRequestV1] Both 'cid_group_id' and 'cids' fields are required.
+ # @param [Hash] opts the optional parameters
+ # @return [DomainCIDGroupMembersResponseV1]
+ def delete_cid_group_members_v2(body, opts = {})
+ data, _status_code, _headers = delete_cid_group_members_v2_with_http_info(body, opts)
+ data
+ end
+
+ # Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group.
+ # @param body [DomainCIDGroupMembersRequestV1] Both 'cid_group_id' and 'cids' fields are required.
+ # @param [Hash] opts the optional parameters
+ # @return [Array<(DomainCIDGroupMembersResponseV1, Integer, Hash)>] DomainCIDGroupMembersResponseV1 data, response status code and response headers
+ def delete_cid_group_members_v2_with_http_info(body, opts = {})
+ if @api_client.config.debugging
+ @api_client.config.logger.debug 'Calling API: MsspApi.delete_cid_group_members_v2 ...'
+ end
+ # verify the required parameter 'body' is set
+ if @api_client.config.client_side_validation && body.nil?
+ fail ArgumentError, "Missing the required parameter 'body' when calling MsspApi.delete_cid_group_members_v2"
+ end
+ # resource path
+ local_var_path = '/mssp/entities/cid-group-members/v2'
+
+ # query parameters
+ query_params = opts[:query_params] || {}
+
+ # header parameters
+ header_params = opts[:header_params] || {}
+ # HTTP header 'Accept' (if needed)
+ header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+ # HTTP header 'Content-Type'
+ content_type = @api_client.select_header_content_type(['application/json'])
+ if !content_type.nil?
+ header_params['Content-Type'] = content_type
+ end
+
+ # form parameters
+ form_params = opts[:form_params] || {}
+
+ # http body (model)
+ post_body = opts[:debug_body] || @api_client.object_to_http_body(body)
+
+ # return_type
+ return_type = opts[:debug_return_type] || 'DomainCIDGroupMembersResponseV1'
+
+ # auth_names
+ auth_names = opts[:debug_auth_names] || ['oauth2']
+
+ new_options = opts.merge(
+ :operation => :"MsspApi.delete_cid_group_members_v2",
+ :header_params => header_params,
+ :query_params => query_params,
+ :form_params => form_params,
+ :body => post_body,
+ :auth_names => auth_names,
+ :return_type => return_type
+ )
+
+ data, status_code, headers = @api_client.call_api(:DELETE, local_var_path, new_options)
+ if @api_client.config.debugging
+ @api_client.config.logger.debug "API called: MsspApi#delete_cid_group_members_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ end
+ return data, status_code, headers
+ end
+
# Delete CID groups by ID.
# @param cid_group_ids [Array] CID group ids to delete
# @param [Hash] opts the optional parameters
diff --git a/lib/crimson-falcon/api/provision_api.rb b/lib/crimson-falcon/api/provision_api.rb
new file mode 100644
index 00000000..9bc37d34
--- /dev/null
+++ b/lib/crimson-falcon/api/provision_api.rb
@@ -0,0 +1,94 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'cgi'
+
+module Falcon
+ class ProvisionApi
+ attr_accessor :api_client
+
+ def initialize(api_client = ApiClient.default)
+ @api_client = api_client
+ end
+ # Gets the registry credentials
+ # @param [Hash] opts the optional parameters
+ # @return [ModelsRegistryCredentialsResponse]
+ def get_credentials_mixin0(opts = {})
+ data, _status_code, _headers = get_credentials_mixin0_with_http_info(opts)
+ data
+ end
+
+ # Gets the registry credentials
+ # @param [Hash] opts the optional parameters
+ # @return [Array<(ModelsRegistryCredentialsResponse, Integer, Hash)>] ModelsRegistryCredentialsResponse data, response status code and response headers
+ def get_credentials_mixin0_with_http_info(opts = {})
+ if @api_client.config.debugging
+ @api_client.config.logger.debug 'Calling API: ProvisionApi.get_credentials_mixin0 ...'
+ end
+ # resource path
+ local_var_path = '/snapshots/entities/image-registry-credentials/v1'
+
+ # query parameters
+ query_params = opts[:query_params] || {}
+
+ # header parameters
+ header_params = opts[:header_params] || {}
+ # HTTP header 'Accept' (if needed)
+ header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+ # form parameters
+ form_params = opts[:form_params] || {}
+
+ # http body (model)
+ post_body = opts[:debug_body]
+
+ # return_type
+ return_type = opts[:debug_return_type] || 'ModelsRegistryCredentialsResponse'
+
+ # auth_names
+ auth_names = opts[:debug_auth_names] || ['oauth2']
+
+ new_options = opts.merge(
+ :operation => :"ProvisionApi.get_credentials_mixin0",
+ :header_params => header_params,
+ :query_params => query_params,
+ :form_params => form_params,
+ :body => post_body,
+ :auth_names => auth_names,
+ :return_type => return_type
+ )
+
+ data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+ if @api_client.config.debugging
+ @api_client.config.logger.debug "API called: ProvisionApi#get_credentials_mixin0\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ end
+ return data, status_code, headers
+ end
+ end
+end
diff --git a/lib/crimson-falcon/api/spotlight_vulnerabilities_api.rb b/lib/crimson-falcon/api/vulnerabilities_api.rb
similarity index 72%
rename from lib/crimson-falcon/api/spotlight_vulnerabilities_api.rb
rename to lib/crimson-falcon/api/vulnerabilities_api.rb
index 01f4c422..833a7742 100644
--- a/lib/crimson-falcon/api/spotlight_vulnerabilities_api.rb
+++ b/lib/crimson-falcon/api/vulnerabilities_api.rb
@@ -30,14 +30,14 @@
require 'cgi'
module Falcon
- class SpotlightVulnerabilitiesApi
+ class VulnerabilitiesApi
attr_accessor :api_client
def initialize(api_client = ApiClient.default)
@api_client = api_client
end
# Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria
- # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul>
+ # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp
# @param [Hash] opts the optional parameters
# @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.
# @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.
@@ -50,7 +50,7 @@ def combined_query_vulnerabilities(filter, opts = {})
end
# Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria
- # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul>
+ # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp
# @param [Hash] opts the optional parameters
# @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.
# @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.
@@ -59,18 +59,18 @@ def combined_query_vulnerabilities(filter, opts = {})
# @return [Array<(DomainSPAPICombinedVulnerabilitiesResponse, Integer, Hash)>] DomainSPAPICombinedVulnerabilitiesResponse data, response status code and response headers
def combined_query_vulnerabilities_with_http_info(filter, opts = {})
if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: SpotlightVulnerabilitiesApi.combined_query_vulnerabilities ...'
+ @api_client.config.logger.debug 'Calling API: VulnerabilitiesApi.combined_query_vulnerabilities ...'
end
# verify the required parameter 'filter' is set
if @api_client.config.client_side_validation && filter.nil?
- fail ArgumentError, "Missing the required parameter 'filter' when calling SpotlightVulnerabilitiesApi.combined_query_vulnerabilities"
+ fail ArgumentError, "Missing the required parameter 'filter' when calling VulnerabilitiesApi.combined_query_vulnerabilities"
end
if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 5000
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling SpotlightVulnerabilitiesApi.combined_query_vulnerabilities, must be smaller than or equal to 5000.'
+ fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling VulnerabilitiesApi.combined_query_vulnerabilities, must be smaller than or equal to 5000.'
end
if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling SpotlightVulnerabilitiesApi.combined_query_vulnerabilities, must be greater than or equal to 1.'
+ fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling VulnerabilitiesApi.combined_query_vulnerabilities, must be greater than or equal to 1.'
end
# resource path
@@ -102,7 +102,7 @@ def combined_query_vulnerabilities_with_http_info(filter, opts = {})
auth_names = opts[:debug_auth_names] || ['oauth2']
new_options = opts.merge(
- :operation => :"SpotlightVulnerabilitiesApi.combined_query_vulnerabilities",
+ :operation => :"VulnerabilitiesApi.combined_query_vulnerabilities",
:header_params => header_params,
:query_params => query_params,
:form_params => form_params,
@@ -113,7 +113,7 @@ def combined_query_vulnerabilities_with_http_info(filter, opts = {})
data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
if @api_client.config.debugging
- @api_client.config.logger.debug "API called: SpotlightVulnerabilitiesApi#combined_query_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ @api_client.config.logger.debug "API called: VulnerabilitiesApi#combined_query_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
end
return data, status_code, headers
end
@@ -133,11 +133,11 @@ def get_remediations_v2(ids, opts = {})
# @return [Array<(DomainSPAPIRemediationEntitiesResponseV2, Integer, Hash)>] DomainSPAPIRemediationEntitiesResponseV2 data, response status code and response headers
def get_remediations_v2_with_http_info(ids, opts = {})
if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: SpotlightVulnerabilitiesApi.get_remediations_v2 ...'
+ @api_client.config.logger.debug 'Calling API: VulnerabilitiesApi.get_remediations_v2 ...'
end
# verify the required parameter 'ids' is set
if @api_client.config.client_side_validation && ids.nil?
- fail ArgumentError, "Missing the required parameter 'ids' when calling SpotlightVulnerabilitiesApi.get_remediations_v2"
+ fail ArgumentError, "Missing the required parameter 'ids' when calling VulnerabilitiesApi.get_remediations_v2"
end
# resource path
local_var_path = '/spotlight/entities/remediations/v2'
@@ -164,7 +164,7 @@ def get_remediations_v2_with_http_info(ids, opts = {})
auth_names = opts[:debug_auth_names] || ['oauth2']
new_options = opts.merge(
- :operation => :"SpotlightVulnerabilitiesApi.get_remediations_v2",
+ :operation => :"VulnerabilitiesApi.get_remediations_v2",
:header_params => header_params,
:query_params => query_params,
:form_params => form_params,
@@ -175,7 +175,7 @@ def get_remediations_v2_with_http_info(ids, opts = {})
data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
if @api_client.config.debugging
- @api_client.config.logger.debug "API called: SpotlightVulnerabilitiesApi#get_remediations_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ @api_client.config.logger.debug "API called: VulnerabilitiesApi#get_remediations_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
end
return data, status_code, headers
end
@@ -195,11 +195,11 @@ def get_vulnerabilities(ids, opts = {})
# @return [Array<(DomainSPAPIVulnerabilitiesEntitiesResponseV2, Integer, Hash)>] DomainSPAPIVulnerabilitiesEntitiesResponseV2 data, response status code and response headers
def get_vulnerabilities_with_http_info(ids, opts = {})
if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: SpotlightVulnerabilitiesApi.get_vulnerabilities ...'
+ @api_client.config.logger.debug 'Calling API: VulnerabilitiesApi.get_vulnerabilities ...'
end
# verify the required parameter 'ids' is set
if @api_client.config.client_side_validation && ids.nil?
- fail ArgumentError, "Missing the required parameter 'ids' when calling SpotlightVulnerabilitiesApi.get_vulnerabilities"
+ fail ArgumentError, "Missing the required parameter 'ids' when calling VulnerabilitiesApi.get_vulnerabilities"
end
# resource path
local_var_path = '/spotlight/entities/vulnerabilities/v2'
@@ -226,7 +226,7 @@ def get_vulnerabilities_with_http_info(ids, opts = {})
auth_names = opts[:debug_auth_names] || ['oauth2']
new_options = opts.merge(
- :operation => :"SpotlightVulnerabilitiesApi.get_vulnerabilities",
+ :operation => :"VulnerabilitiesApi.get_vulnerabilities",
:header_params => header_params,
:query_params => query_params,
:form_params => form_params,
@@ -237,17 +237,17 @@ def get_vulnerabilities_with_http_info(ids, opts = {})
data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
if @api_client.config.debugging
- @api_client.config.logger.debug "API called: SpotlightVulnerabilitiesApi#get_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ @api_client.config.logger.debug "API called: VulnerabilitiesApi#get_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
end
return data, status_code, headers
end
# Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria
- # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul>
+ # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp
# @param [Hash] opts the optional parameters
# @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.
# @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results.
- # @option opts [String] :sort Sort vulnerabilities by their properties. Common sort options include: <ul><li>updated_timestamp|asc</li><li>closed_timestamp|asc</li></ul>
+ # @option opts [String] :sort Sort vulnerabilities by their properties. Available sort options: <ul><li>updated_timestamp|asc/desc</li><li>closed_timestamp|asc</li><li>updated_timestamp|asc/desc</li></ul>. Can be used in a format <field>|asc for ascending order or <field>|desc for descending order.
# @return [DomainSPAPIQueryResponse]
def query_vulnerabilities(filter, opts = {})
data, _status_code, _headers = query_vulnerabilities_with_http_info(filter, opts)
@@ -255,26 +255,26 @@ def query_vulnerabilities(filter, opts = {})
end
# Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria
- # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include: <ul><li>created_timestamp:>'2019-11-25T22:36:12Z'</li><li>closed_timestamp:>'2019-11-25T22:36:12Z'</li><li>aid:'8e7656b27d8c49a34a1af416424d6231'</li></ul>
+ # @param filter [String] Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp
# @param [Hash] opts the optional parameters
# @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.
# @option opts [Integer] :limit The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results.
- # @option opts [String] :sort Sort vulnerabilities by their properties. Common sort options include: <ul><li>updated_timestamp|asc</li><li>closed_timestamp|asc</li></ul>
+ # @option opts [String] :sort Sort vulnerabilities by their properties. Available sort options: <ul><li>updated_timestamp|asc/desc</li><li>closed_timestamp|asc</li><li>updated_timestamp|asc/desc</li></ul>. Can be used in a format <field>|asc for ascending order or <field>|desc for descending order.
# @return [Array<(DomainSPAPIQueryResponse, Integer, Hash)>] DomainSPAPIQueryResponse data, response status code and response headers
def query_vulnerabilities_with_http_info(filter, opts = {})
if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: SpotlightVulnerabilitiesApi.query_vulnerabilities ...'
+ @api_client.config.logger.debug 'Calling API: VulnerabilitiesApi.query_vulnerabilities ...'
end
# verify the required parameter 'filter' is set
if @api_client.config.client_side_validation && filter.nil?
- fail ArgumentError, "Missing the required parameter 'filter' when calling SpotlightVulnerabilitiesApi.query_vulnerabilities"
+ fail ArgumentError, "Missing the required parameter 'filter' when calling VulnerabilitiesApi.query_vulnerabilities"
end
if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 400
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling SpotlightVulnerabilitiesApi.query_vulnerabilities, must be smaller than or equal to 400.'
+ fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling VulnerabilitiesApi.query_vulnerabilities, must be smaller than or equal to 400.'
end
if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
- fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling SpotlightVulnerabilitiesApi.query_vulnerabilities, must be greater than or equal to 1.'
+ fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling VulnerabilitiesApi.query_vulnerabilities, must be greater than or equal to 1.'
end
# resource path
@@ -305,7 +305,7 @@ def query_vulnerabilities_with_http_info(filter, opts = {})
auth_names = opts[:debug_auth_names] || ['oauth2']
new_options = opts.merge(
- :operation => :"SpotlightVulnerabilitiesApi.query_vulnerabilities",
+ :operation => :"VulnerabilitiesApi.query_vulnerabilities",
:header_params => header_params,
:query_params => query_params,
:form_params => form_params,
@@ -316,7 +316,7 @@ def query_vulnerabilities_with_http_info(filter, opts = {})
data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
if @api_client.config.debugging
- @api_client.config.logger.debug "API called: SpotlightVulnerabilitiesApi#query_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ @api_client.config.logger.debug "API called: VulnerabilitiesApi#query_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
end
return data, status_code, headers
end
diff --git a/lib/crimson-falcon/api/spotlight_evaluation_logic_api.rb b/lib/crimson-falcon/api/vulnerabilities_evaluation_logic_api.rb
similarity index 88%
rename from lib/crimson-falcon/api/spotlight_evaluation_logic_api.rb
rename to lib/crimson-falcon/api/vulnerabilities_evaluation_logic_api.rb
index e70e40a2..160f9114 100644
--- a/lib/crimson-falcon/api/spotlight_evaluation_logic_api.rb
+++ b/lib/crimson-falcon/api/vulnerabilities_evaluation_logic_api.rb
@@ -30,7 +30,7 @@
require 'cgi'
module Falcon
- class SpotlightEvaluationLogicApi
+ class VulnerabilitiesEvaluationLogicApi
attr_accessor :api_client
def initialize(api_client = ApiClient.default)
@@ -57,11 +57,11 @@ def combined_query_evaluation_logic(filter, opts = {})
# @return [Array<(DomainSPAPIEvaluationLogicCombinedResponseV1, Integer, Hash)>] DomainSPAPIEvaluationLogicCombinedResponseV1 data, response status code and response headers
def combined_query_evaluation_logic_with_http_info(filter, opts = {})
if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: SpotlightEvaluationLogicApi.combined_query_evaluation_logic ...'
+ @api_client.config.logger.debug 'Calling API: VulnerabilitiesEvaluationLogicApi.combined_query_evaluation_logic ...'
end
# verify the required parameter 'filter' is set
if @api_client.config.client_side_validation && filter.nil?
- fail ArgumentError, "Missing the required parameter 'filter' when calling SpotlightEvaluationLogicApi.combined_query_evaluation_logic"
+ fail ArgumentError, "Missing the required parameter 'filter' when calling VulnerabilitiesEvaluationLogicApi.combined_query_evaluation_logic"
end
# resource path
local_var_path = '/spotlight/combined/evaluation-logic/v1'
@@ -91,7 +91,7 @@ def combined_query_evaluation_logic_with_http_info(filter, opts = {})
auth_names = opts[:debug_auth_names] || ['oauth2']
new_options = opts.merge(
- :operation => :"SpotlightEvaluationLogicApi.combined_query_evaluation_logic",
+ :operation => :"VulnerabilitiesEvaluationLogicApi.combined_query_evaluation_logic",
:header_params => header_params,
:query_params => query_params,
:form_params => form_params,
@@ -102,7 +102,7 @@ def combined_query_evaluation_logic_with_http_info(filter, opts = {})
data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
if @api_client.config.debugging
- @api_client.config.logger.debug "API called: SpotlightEvaluationLogicApi#combined_query_evaluation_logic\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ @api_client.config.logger.debug "API called: VulnerabilitiesEvaluationLogicApi#combined_query_evaluation_logic\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
end
return data, status_code, headers
end
@@ -122,11 +122,11 @@ def get_evaluation_logic(ids, opts = {})
# @return [Array<(DomainSPAPIEvaluationLogicEntitiesResponseV1, Integer, Hash)>] DomainSPAPIEvaluationLogicEntitiesResponseV1 data, response status code and response headers
def get_evaluation_logic_with_http_info(ids, opts = {})
if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: SpotlightEvaluationLogicApi.get_evaluation_logic ...'
+ @api_client.config.logger.debug 'Calling API: VulnerabilitiesEvaluationLogicApi.get_evaluation_logic ...'
end
# verify the required parameter 'ids' is set
if @api_client.config.client_side_validation && ids.nil?
- fail ArgumentError, "Missing the required parameter 'ids' when calling SpotlightEvaluationLogicApi.get_evaluation_logic"
+ fail ArgumentError, "Missing the required parameter 'ids' when calling VulnerabilitiesEvaluationLogicApi.get_evaluation_logic"
end
# resource path
local_var_path = '/spotlight/entities/evaluation-logic/v1'
@@ -153,7 +153,7 @@ def get_evaluation_logic_with_http_info(ids, opts = {})
auth_names = opts[:debug_auth_names] || ['oauth2']
new_options = opts.merge(
- :operation => :"SpotlightEvaluationLogicApi.get_evaluation_logic",
+ :operation => :"VulnerabilitiesEvaluationLogicApi.get_evaluation_logic",
:header_params => header_params,
:query_params => query_params,
:form_params => form_params,
@@ -164,7 +164,7 @@ def get_evaluation_logic_with_http_info(ids, opts = {})
data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
if @api_client.config.debugging
- @api_client.config.logger.debug "API called: SpotlightEvaluationLogicApi#get_evaluation_logic\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ @api_client.config.logger.debug "API called: VulnerabilitiesEvaluationLogicApi#get_evaluation_logic\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
end
return data, status_code, headers
end
@@ -190,11 +190,11 @@ def query_evaluation_logic(filter, opts = {})
# @return [Array<(DomainSPAPIQueryResponse, Integer, Hash)>] DomainSPAPIQueryResponse data, response status code and response headers
def query_evaluation_logic_with_http_info(filter, opts = {})
if @api_client.config.debugging
- @api_client.config.logger.debug 'Calling API: SpotlightEvaluationLogicApi.query_evaluation_logic ...'
+ @api_client.config.logger.debug 'Calling API: VulnerabilitiesEvaluationLogicApi.query_evaluation_logic ...'
end
# verify the required parameter 'filter' is set
if @api_client.config.client_side_validation && filter.nil?
- fail ArgumentError, "Missing the required parameter 'filter' when calling SpotlightEvaluationLogicApi.query_evaluation_logic"
+ fail ArgumentError, "Missing the required parameter 'filter' when calling VulnerabilitiesEvaluationLogicApi.query_evaluation_logic"
end
# resource path
local_var_path = '/spotlight/queries/evaluation-logic/v1'
@@ -224,7 +224,7 @@ def query_evaluation_logic_with_http_info(filter, opts = {})
auth_names = opts[:debug_auth_names] || ['oauth2']
new_options = opts.merge(
- :operation => :"SpotlightEvaluationLogicApi.query_evaluation_logic",
+ :operation => :"VulnerabilitiesEvaluationLogicApi.query_evaluation_logic",
:header_params => header_params,
:query_params => query_params,
:form_params => form_params,
@@ -235,7 +235,7 @@ def query_evaluation_logic_with_http_info(filter, opts = {})
data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
if @api_client.config.debugging
- @api_client.config.logger.debug "API called: SpotlightEvaluationLogicApi#query_evaluation_logic\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+ @api_client.config.logger.debug "API called: VulnerabilitiesEvaluationLogicApi#query_evaluation_logic\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
end
return data, status_code, headers
end
diff --git a/lib/crimson-falcon/models/api_sensor_details_response_swagger.rb b/lib/crimson-falcon/models/api_sensor_details_response_swagger.rb
new file mode 100644
index 00000000..c78f791f
--- /dev/null
+++ b/lib/crimson-falcon/models/api_sensor_details_response_swagger.rb
@@ -0,0 +1,271 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class ApiSensorDetailsResponseSwagger
+ attr_accessor :errors
+
+ attr_accessor :meta
+
+ attr_accessor :resources
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'errors' => :'errors',
+ :'meta' => :'meta',
+ :'resources' => :'resources'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'errors' => :'Array',
+ :'meta' => :'MsaspecMetaInfo',
+ :'resources' => :'Array'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ApiSensorDetailsResponseSwagger` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ApiSensorDetailsResponseSwagger`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'errors')
+ if (value = attributes[:'errors']).is_a?(Array)
+ self.errors = value
+ end
+ end
+
+ if attributes.key?(:'meta')
+ self.meta = attributes[:'meta']
+ end
+
+ if attributes.key?(:'resources')
+ if (value = attributes[:'resources']).is_a?(Array)
+ self.resources = value
+ end
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ if @errors.nil?
+ invalid_properties.push('invalid value for "errors", errors cannot be nil.')
+ end
+
+ if @meta.nil?
+ invalid_properties.push('invalid value for "meta", meta cannot be nil.')
+ end
+
+ if @resources.nil?
+ invalid_properties.push('invalid value for "resources", resources cannot be nil.')
+ end
+
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ return false if @errors.nil?
+ return false if @meta.nil?
+ return false if @resources.nil?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ errors == o.errors &&
+ meta == o.meta &&
+ resources == o.resources
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [errors, meta, resources].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/classification_criteria.rb b/lib/crimson-falcon/models/classification_criteria.rb
new file mode 100644
index 00000000..3e271592
--- /dev/null
+++ b/lib/crimson-falcon/models/classification_criteria.rb
@@ -0,0 +1,247 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class ClassificationCriteria
+ attr_accessor :accounts
+
+ attr_accessor :resources
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'accounts' => :'accounts',
+ :'resources' => :'resources'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'accounts' => :'Array',
+ :'resources' => :'Array'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ClassificationCriteria` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ClassificationCriteria`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'accounts')
+ if (value = attributes[:'accounts']).is_a?(Array)
+ self.accounts = value
+ end
+ end
+
+ if attributes.key?(:'resources')
+ if (value = attributes[:'resources']).is_a?(Array)
+ self.resources = value
+ end
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ accounts == o.accounts &&
+ resources == o.resources
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [accounts, resources].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/classification_label.rb b/lib/crimson-falcon/models/classification_label.rb
new file mode 100644
index 00000000..04d317e7
--- /dev/null
+++ b/lib/crimson-falcon/models/classification_label.rb
@@ -0,0 +1,281 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class ClassificationLabel
+ attr_accessor :criteria
+
+ attr_accessor :dynamic
+
+ attr_accessor :global
+
+ attr_accessor :group
+
+ attr_accessor :id
+
+ attr_accessor :name
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'criteria' => :'criteria',
+ :'dynamic' => :'dynamic',
+ :'global' => :'global',
+ :'group' => :'group',
+ :'id' => :'id',
+ :'name' => :'name'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'criteria' => :'Array',
+ :'dynamic' => :'Boolean',
+ :'global' => :'Boolean',
+ :'group' => :'String',
+ :'id' => :'Integer',
+ :'name' => :'String'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ClassificationLabel` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ClassificationLabel`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'criteria')
+ if (value = attributes[:'criteria']).is_a?(Array)
+ self.criteria = value
+ end
+ end
+
+ if attributes.key?(:'dynamic')
+ self.dynamic = attributes[:'dynamic']
+ end
+
+ if attributes.key?(:'global')
+ self.global = attributes[:'global']
+ end
+
+ if attributes.key?(:'group')
+ self.group = attributes[:'group']
+ end
+
+ if attributes.key?(:'id')
+ self.id = attributes[:'id']
+ end
+
+ if attributes.key?(:'name')
+ self.name = attributes[:'name']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ criteria == o.criteria &&
+ dynamic == o.dynamic &&
+ global == o.global &&
+ group == o.group &&
+ id == o.id &&
+ name == o.name
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [criteria, dynamic, global, group, id, name].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/domain_assessment_paging.rb b/lib/crimson-falcon/models/common_entities_response.rb
similarity index 84%
rename from lib/crimson-falcon/models/domain_assessment_paging.rb
rename to lib/crimson-falcon/models/common_entities_response.rb
index 0be4b614..e6267d8f 100644
--- a/lib/crimson-falcon/models/domain_assessment_paging.rb
+++ b/lib/crimson-falcon/models/common_entities_response.rb
@@ -31,22 +31,19 @@
require 'time'
module Falcon
- class DomainAssessmentPaging
- attr_accessor :expires_at
+ class CommonEntitiesResponse
+ attr_accessor :errors
- attr_accessor :limit
+ attr_accessor :meta
- attr_accessor :offset
-
- attr_accessor :total
+ attr_accessor :resources
# Attribute mapping from ruby-style variable name to JSON key.
def self.attribute_map
{
- :'expires_at' => :'expires_at',
- :'limit' => :'limit',
- :'offset' => :'offset',
- :'total' => :'total'
+ :'errors' => :'errors',
+ :'meta' => :'meta',
+ :'resources' => :'resources'
}
end
@@ -58,10 +55,9 @@ def self.acceptable_attributes
# Attribute type mapping.
def self.openapi_types
{
- :'expires_at' => :'Integer',
- :'limit' => :'Integer',
- :'offset' => :'String',
- :'total' => :'Integer'
+ :'errors' => :'Array',
+ :'meta' => :'MsaspecMetaInfo',
+ :'resources' => :'Object'
}
end
@@ -75,31 +71,29 @@ def self.openapi_nullable
# @param [Hash] attributes Model attributes in the form of hash
def initialize(attributes = {})
if (!attributes.is_a?(Hash))
- fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainAssessmentPaging` initialize method"
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::CommonEntitiesResponse` initialize method"
end
# check to see if the attribute exists and convert string to symbol for hash key
attributes = attributes.each_with_object({}) { |(k, v), h|
if (!self.class.attribute_map.key?(k.to_sym))
- fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainAssessmentPaging`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::CommonEntitiesResponse`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
end
h[k.to_sym] = v
}
- if attributes.key?(:'expires_at')
- self.expires_at = attributes[:'expires_at']
- end
-
- if attributes.key?(:'limit')
- self.limit = attributes[:'limit']
+ if attributes.key?(:'errors')
+ if (value = attributes[:'errors']).is_a?(Array)
+ self.errors = value
+ end
end
- if attributes.key?(:'offset')
- self.offset = attributes[:'offset']
+ if attributes.key?(:'meta')
+ self.meta = attributes[:'meta']
end
- if attributes.key?(:'total')
- self.total = attributes[:'total']
+ if attributes.key?(:'resources')
+ self.resources = attributes[:'resources']
end
end
@@ -107,12 +101,16 @@ def initialize(attributes = {})
# @return Array for valid properties with the reasons
def list_invalid_properties
invalid_properties = Array.new
- if @offset.nil?
- invalid_properties.push('invalid value for "offset", offset cannot be nil.')
+ if @errors.nil?
+ invalid_properties.push('invalid value for "errors", errors cannot be nil.')
+ end
+
+ if @meta.nil?
+ invalid_properties.push('invalid value for "meta", meta cannot be nil.')
end
- if @total.nil?
- invalid_properties.push('invalid value for "total", total cannot be nil.')
+ if @resources.nil?
+ invalid_properties.push('invalid value for "resources", resources cannot be nil.')
end
invalid_properties
@@ -121,8 +119,9 @@ def list_invalid_properties
# Check to see if the all the properties in the model are valid
# @return true if the model is valid
def valid?
- return false if @offset.nil?
- return false if @total.nil?
+ return false if @errors.nil?
+ return false if @meta.nil?
+ return false if @resources.nil?
true
end
@@ -131,10 +130,9 @@ def valid?
def ==(o)
return true if self.equal?(o)
self.class == o.class &&
- expires_at == o.expires_at &&
- limit == o.limit &&
- offset == o.offset &&
- total == o.total
+ errors == o.errors &&
+ meta == o.meta &&
+ resources == o.resources
end
# @see the `==` method
@@ -146,7 +144,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [expires_at, limit, offset, total].hash
+ [errors, meta, resources].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/detects_alert.rb b/lib/crimson-falcon/models/detects_alert.rb
index aae763db..e56f4717 100644
--- a/lib/crimson-falcon/models/detects_alert.rb
+++ b/lib/crimson-falcon/models/detects_alert.rb
@@ -50,8 +50,6 @@ class DetectsAlert
attr_accessor :crawl_edge_ids
- attr_accessor :crawl_traversal
-
attr_accessor :crawl_vertex_ids
attr_accessor :crawled_timestamp
@@ -114,7 +112,6 @@ def self.attribute_map
:'composite_id' => :'composite_id',
:'confidence' => :'confidence',
:'crawl_edge_ids' => :'crawl_edge_ids',
- :'crawl_traversal' => :'crawl_traversal',
:'crawl_vertex_ids' => :'crawl_vertex_ids',
:'crawled_timestamp' => :'crawled_timestamp',
:'created_timestamp' => :'created_timestamp',
@@ -160,7 +157,6 @@ def self.openapi_types
:'composite_id' => :'String',
:'confidence' => :'Integer',
:'crawl_edge_ids' => :'Hash>',
- :'crawl_traversal' => :'Array',
:'crawl_vertex_ids' => :'Hash>',
:'crawled_timestamp' => :'Time',
:'created_timestamp' => :'Time',
@@ -248,12 +244,6 @@ def initialize(attributes = {})
end
end
- if attributes.key?(:'crawl_traversal')
- if (value = attributes[:'crawl_traversal']).is_a?(Array)
- self.crawl_traversal = value
- end
- end
-
if attributes.key?(:'crawl_vertex_ids')
if (value = attributes[:'crawl_vertex_ids']).is_a?(Hash)
self.crawl_vertex_ids = value
@@ -396,7 +386,6 @@ def ==(o)
composite_id == o.composite_id &&
confidence == o.confidence &&
crawl_edge_ids == o.crawl_edge_ids &&
- crawl_traversal == o.crawl_traversal &&
crawl_vertex_ids == o.crawl_vertex_ids &&
crawled_timestamp == o.crawled_timestamp &&
created_timestamp == o.created_timestamp &&
@@ -433,7 +422,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [agent_id, aggregate_id, assigned_to_name, assigned_to_uid, assigned_to_uuid, cid, composite_id, confidence, crawl_edge_ids, crawl_traversal, crawl_vertex_ids, crawled_timestamp, created_timestamp, description, display_name, email_sent, external, id, name, objective, pattern_id, platform, product, scenario, severity, show_in_ui, status, tactic, tactic_id, tags, technique, technique_id, timestamp, type, updated_timestamp].hash
+ [agent_id, aggregate_id, assigned_to_name, assigned_to_uid, assigned_to_uuid, cid, composite_id, confidence, crawl_edge_ids, crawl_vertex_ids, crawled_timestamp, created_timestamp, description, display_name, email_sent, external, id, name, objective, pattern_id, platform, product, scenario, severity, show_in_ui, status, tactic, tactic_id, tags, technique, technique_id, timestamp, type, updated_timestamp].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/device_control_exception_req_v1.rb b/lib/crimson-falcon/models/device_control_exception_req_v1.rb
index c5bbf610..a7640803 100644
--- a/lib/crimson-falcon/models/device_control_exception_req_v1.rb
+++ b/lib/crimson-falcon/models/device_control_exception_req_v1.rb
@@ -51,6 +51,9 @@ class DeviceControlExceptionReqV1
attr_accessor :serial_number
+ # true indicates using blob syntax USB serial numbers
+ attr_accessor :use_wildcard
+
# Hexadecimal VendorID used to apply the exception
attr_accessor :vendor_id
@@ -72,6 +75,7 @@ def self.attribute_map
:'product_id_decimal' => :'product_id_decimal',
:'product_name' => :'product_name',
:'serial_number' => :'serial_number',
+ :'use_wildcard' => :'use_wildcard',
:'vendor_id' => :'vendor_id',
:'vendor_id_decimal' => :'vendor_id_decimal',
:'vendor_name' => :'vendor_name'
@@ -95,6 +99,7 @@ def self.openapi_types
:'product_id_decimal' => :'String',
:'product_name' => :'String',
:'serial_number' => :'String',
+ :'use_wildcard' => :'Boolean',
:'vendor_id' => :'String',
:'vendor_id_decimal' => :'String',
:'vendor_name' => :'String'
@@ -158,6 +163,10 @@ def initialize(attributes = {})
self.serial_number = attributes[:'serial_number']
end
+ if attributes.key?(:'use_wildcard')
+ self.use_wildcard = attributes[:'use_wildcard']
+ end
+
if attributes.key?(:'vendor_id')
self.vendor_id = attributes[:'vendor_id']
end
@@ -198,6 +207,7 @@ def ==(o)
product_id_decimal == o.product_id_decimal &&
product_name == o.product_name &&
serial_number == o.serial_number &&
+ use_wildcard == o.use_wildcard &&
vendor_id == o.vendor_id &&
vendor_id_decimal == o.vendor_id_decimal &&
vendor_name == o.vendor_name
@@ -212,7 +222,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [action, combined_id, description, expiration_time, id, product_id, product_id_decimal, product_name, serial_number, vendor_id, vendor_id_decimal, vendor_name].hash
+ [action, combined_id, description, expiration_time, id, product_id, product_id_decimal, product_name, serial_number, use_wildcard, vendor_id, vendor_id_decimal, vendor_name].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_actor_document.rb b/lib/crimson-falcon/models/domain_actor_document.rb
index 6bfb5303..29a527c6 100644
--- a/lib/crimson-falcon/models/domain_actor_document.rb
+++ b/lib/crimson-falcon/models/domain_actor_document.rb
@@ -31,69 +31,95 @@
require 'time'
module Falcon
+ # JSON definition of an Actor, also known as Adversary
class DomainActorDocument
+ # Boolean field marking if actor is active
attr_accessor :active
+ # Actor type, one of: targeted, ecrime
attr_accessor :actor_type
+ # actor's capabilities, some examples: RAT,Ransomware,Spearphishing,Downloader,Backdoor,InformationStealer,exploit,CredentialHarvesting,dropper,DenialOfService,Loader,Phishing
attr_accessor :capabilities
attr_accessor :capability
+ # Actor's document creation date when it was added to the Falcon portal in unix timestamp format
attr_accessor :created_date
+ # Actor's text description, partially containing structured data from other fields
attr_accessor :description
attr_accessor :ecrime_kill_chain
+ # Field used to filter user's access to actor documents
attr_accessor :entitlements
+ # Actor's first activity observed date in unix timestamp format
attr_accessor :first_activity_date
attr_accessor :group
+ # Numerical ID for the Actor
attr_accessor :id
attr_accessor :image
attr_accessor :kill_chain
+ # Alternative names and community identifiers of an actor
attr_accessor :known_as
+ # Actor's last (most recent) activity observed date in unix timestamp format
attr_accessor :last_activity_date
+ # Actor's document last modified date in unix timestamp format
attr_accessor :last_modified_date
+ # Actor's activity motivation, one of: State-Sponsored, Criminal, Hacktivism
attr_accessor :motivations
+ # Actor's name, composed of 2 words
attr_accessor :name
+ # internal field
attr_accessor :notify_users
+ # Actor's activity objectives, one of: IntelligenceGathering, FinancialGain, IntellectualPropertyTheft, defacement, Destruction, DenialOfService
attr_accessor :objectives
+ # represents origin of actor's activity and/or members, some examples: China,Russian Federation,Eastern Europe,Iran,East Asia, South Asia
attr_accessor :origins
+ # Recent CrowdStrike's finished intelligence alerting date in unix timestamp format
attr_accessor :recent_alerting
attr_accessor :region
+ # Rich text version of the description field
attr_accessor :rich_text_description
+ # Short version of the description field
attr_accessor :short_description
+ # Name in url friendly format, lowercased and spaces replaced with dash
attr_accessor :slug
+ # Status of an actor, one of: Active, Inactive, Retired
attr_accessor :status
+ # Target countries of actor's activity and attacks, slug value is a 2 characters code for the country value, some examples: United States,United Kingdom,Germany,India,Japan,France,Australia,Canada,China
attr_accessor :target_countries
+ # Target economical industries of actor's activity and attacks. List of available values: Government, Financial Services, Technology, Telecommunications, Healthcare, Energy, Academic, Media, Aerospace, NGO, Manufacturing, Industrials and Engineering, Retail, Hospitality, Consulting and Professional Services, Opportunistic, Aviation, Defense, Transportation, Oil and Gas, Legal, Pharmaceutical, Logistics, Military, Automotive, Food and Beverage, Consumer Goods, Real Estate, Insurance, Agriculture, Chemicals, Utilities, Maritime, Extractive, Travel, Dissident, Cryptocurrency, Entertainment, National Government, Law Enforcement, Think Tanks, Local Government, Sports Organizations, Computer Gaming, Biomedical, Nonprofit, Financial Management & Hedge Funds, Political Parties, Architectural and Engineering, Emergency Services, Social Media, International Government, Nuclear, Research Entities, Vocational and Higher-Level Education, eCommerce
attr_accessor :target_industries
+ # Target geographic regions of actor's activity and attacks. List of available values: North America, Western Europe, Southeast Asia, Middle East, Eastern Europe, South Asia, South America, Oceania, East Asia, Central Africa, Northern Europe, Southern Europe, North Africa, Southern Africa, Central America, Central Asia, East Africa, West Africa, Caribbean
attr_accessor :target_regions
attr_accessor :thumbnail
+ # URL at which actor profile can be accessed
attr_accessor :url
# Attribute mapping from ruby-style variable name to JSON key.
@@ -383,10 +409,6 @@ def list_invalid_properties
invalid_properties.push('invalid value for "motivations", motivations cannot be nil.')
end
- if @name.nil?
- invalid_properties.push('invalid value for "name", name cannot be nil.')
- end
-
if @notify_users.nil?
invalid_properties.push('invalid value for "notify_users", notify_users cannot be nil.')
end
@@ -403,10 +425,6 @@ def list_invalid_properties
invalid_properties.push('invalid value for "short_description", short_description cannot be nil.')
end
- if @slug.nil?
- invalid_properties.push('invalid value for "slug", slug cannot be nil.')
- end
-
if @status.nil?
invalid_properties.push('invalid value for "status", status cannot be nil.')
end
@@ -438,12 +456,10 @@ def valid?
return false if @last_activity_date.nil?
return false if @last_modified_date.nil?
return false if @motivations.nil?
- return false if @name.nil?
return false if @notify_users.nil?
return false if @objectives.nil?
return false if @origins.nil?
return false if @short_description.nil?
- return false if @slug.nil?
return false if @status.nil?
return false if @target_countries.nil?
return false if @target_industries.nil?
diff --git a/lib/crimson-falcon/models/domain_actors_response.rb b/lib/crimson-falcon/models/domain_actors_response.rb
index cec41053..b3500547 100644
--- a/lib/crimson-falcon/models/domain_actors_response.rb
+++ b/lib/crimson-falcon/models/domain_actors_response.rb
@@ -32,6 +32,7 @@
module Falcon
class DomainActorsResponse
+ # Array of API Errors
attr_accessor :errors
attr_accessor :meta
diff --git a/lib/crimson-falcon/models/domain_api_entity_matched_v1.rb b/lib/crimson-falcon/models/domain_api_entity_matched_v1.rb
new file mode 100644
index 00000000..c8be2b24
--- /dev/null
+++ b/lib/crimson-falcon/models/domain_api_entity_matched_v1.rb
@@ -0,0 +1,252 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class DomainAPIEntityMatchedV1
+ attr_accessor :asset_id
+
+ attr_accessor :data_provider
+
+ attr_accessor :provider_asset_id
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'asset_id' => :'asset_id',
+ :'data_provider' => :'data_provider',
+ :'provider_asset_id' => :'provider_asset_id'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'asset_id' => :'String',
+ :'data_provider' => :'String',
+ :'provider_asset_id' => :'String'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainAPIEntityMatchedV1` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainAPIEntityMatchedV1`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'asset_id')
+ self.asset_id = attributes[:'asset_id']
+ end
+
+ if attributes.key?(:'data_provider')
+ self.data_provider = attributes[:'data_provider']
+ end
+
+ if attributes.key?(:'provider_asset_id')
+ self.provider_asset_id = attributes[:'provider_asset_id']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ asset_id == o.asset_id &&
+ data_provider == o.data_provider &&
+ provider_asset_id == o.provider_asset_id
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [asset_id, data_provider, provider_asset_id].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/domain_api_evaluation_logic_entities_response_v1.rb b/lib/crimson-falcon/models/domain_api_evaluation_logic_entities_response_v1.rb
new file mode 100644
index 00000000..84efc547
--- /dev/null
+++ b/lib/crimson-falcon/models/domain_api_evaluation_logic_entities_response_v1.rb
@@ -0,0 +1,266 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class DomainAPIEvaluationLogicEntitiesResponseV1
+ attr_accessor :errors
+
+ attr_accessor :meta
+
+ attr_accessor :resources
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'errors' => :'errors',
+ :'meta' => :'meta',
+ :'resources' => :'resources'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'errors' => :'Array',
+ :'meta' => :'MsaspecMetaInfo',
+ :'resources' => :'Array'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainAPIEvaluationLogicEntitiesResponseV1` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainAPIEvaluationLogicEntitiesResponseV1`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'errors')
+ if (value = attributes[:'errors']).is_a?(Array)
+ self.errors = value
+ end
+ end
+
+ if attributes.key?(:'meta')
+ self.meta = attributes[:'meta']
+ end
+
+ if attributes.key?(:'resources')
+ if (value = attributes[:'resources']).is_a?(Array)
+ self.resources = value
+ end
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ if @meta.nil?
+ invalid_properties.push('invalid value for "meta", meta cannot be nil.')
+ end
+
+ if @resources.nil?
+ invalid_properties.push('invalid value for "resources", resources cannot be nil.')
+ end
+
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ return false if @meta.nil?
+ return false if @resources.nil?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ errors == o.errors &&
+ meta == o.meta &&
+ resources == o.resources
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [errors, meta, resources].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/domain_api_evaluation_logic_host_info_v1.rb b/lib/crimson-falcon/models/domain_api_evaluation_logic_host_info_v1.rb
new file mode 100644
index 00000000..bf613331
--- /dev/null
+++ b/lib/crimson-falcon/models/domain_api_evaluation_logic_host_info_v1.rb
@@ -0,0 +1,242 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class DomainAPIEvaluationLogicHostInfoV1
+ # Refers to all the entities that were matched together during entity resolution process
+ attr_accessor :entities_matched
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'entities_matched' => :'entities_matched'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'entities_matched' => :'Array'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainAPIEvaluationLogicHostInfoV1` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainAPIEvaluationLogicHostInfoV1`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'entities_matched')
+ if (value = attributes[:'entities_matched']).is_a?(Array)
+ self.entities_matched = value
+ end
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ if @entities_matched.nil?
+ invalid_properties.push('invalid value for "entities_matched", entities_matched cannot be nil.')
+ end
+
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ return false if @entities_matched.nil?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ entities_matched == o.entities_matched
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [entities_matched].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/domain_api_evaluation_logic_v1.rb b/lib/crimson-falcon/models/domain_api_evaluation_logic_v1.rb
index 35703101..d61f1604 100644
--- a/lib/crimson-falcon/models/domain_api_evaluation_logic_v1.rb
+++ b/lib/crimson-falcon/models/domain_api_evaluation_logic_v1.rb
@@ -32,18 +32,30 @@
module Falcon
class DomainAPIEvaluationLogicV1
+ # Refers to an asset identifier
attr_accessor :aid
+ # Refers to a customer identifier
attr_accessor :cid
+ # Refers to a point in time when evaluation logic data was created in the system
attr_accessor :created_timestamp
+ # Refers to a label given to the entity that provided this data
attr_accessor :data_provider
+ attr_accessor :host_info
+
+ # Contains a unique identifier for the evaluation logic
attr_accessor :id
+ # Refers to the actual evaluation logic data
attr_accessor :logic
+ # Refers to the identifier of the scanner that generated the evaluation logic
+ attr_accessor :scanner_id
+
+ # Refers to a point in time when evaluation logic data was updated in the system
attr_accessor :updated_timestamp
# Attribute mapping from ruby-style variable name to JSON key.
@@ -53,8 +65,10 @@ def self.attribute_map
:'cid' => :'cid',
:'created_timestamp' => :'created_timestamp',
:'data_provider' => :'data_provider',
+ :'host_info' => :'host_info',
:'id' => :'id',
:'logic' => :'logic',
+ :'scanner_id' => :'scanner_id',
:'updated_timestamp' => :'updated_timestamp'
}
end
@@ -71,8 +85,10 @@ def self.openapi_types
:'cid' => :'String',
:'created_timestamp' => :'String',
:'data_provider' => :'String',
+ :'host_info' => :'DomainAPIEvaluationLogicHostInfoV1',
:'id' => :'String',
:'logic' => :'Array',
+ :'scanner_id' => :'String',
:'updated_timestamp' => :'String'
}
end
@@ -114,6 +130,10 @@ def initialize(attributes = {})
self.data_provider = attributes[:'data_provider']
end
+ if attributes.key?(:'host_info')
+ self.host_info = attributes[:'host_info']
+ end
+
if attributes.key?(:'id')
self.id = attributes[:'id']
end
@@ -124,6 +144,10 @@ def initialize(attributes = {})
end
end
+ if attributes.key?(:'scanner_id')
+ self.scanner_id = attributes[:'scanner_id']
+ end
+
if attributes.key?(:'updated_timestamp')
self.updated_timestamp = attributes[:'updated_timestamp']
end
@@ -156,8 +180,10 @@ def ==(o)
cid == o.cid &&
created_timestamp == o.created_timestamp &&
data_provider == o.data_provider &&
+ host_info == o.host_info &&
id == o.id &&
logic == o.logic &&
+ scanner_id == o.scanner_id &&
updated_timestamp == o.updated_timestamp
end
@@ -170,7 +196,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [aid, cid, created_timestamp, data_provider, id, logic, updated_timestamp].hash
+ [aid, cid, created_timestamp, data_provider, host_info, id, logic, scanner_id, updated_timestamp].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_api_finding_facet_v1.rb b/lib/crimson-falcon/models/domain_api_finding_facet_v1.rb
index 421786ea..cba04736 100644
--- a/lib/crimson-falcon/models/domain_api_finding_facet_v1.rb
+++ b/lib/crimson-falcon/models/domain_api_finding_facet_v1.rb
@@ -44,6 +44,8 @@ class DomainAPIFindingFacetV1
attr_accessor :id
+ attr_accessor :logic
+
attr_accessor :updated_timestamp
# Attribute mapping from ruby-style variable name to JSON key.
@@ -55,6 +57,7 @@ def self.attribute_map
:'finding' => :'finding',
:'host' => :'host',
:'id' => :'id',
+ :'logic' => :'logic',
:'updated_timestamp' => :'updated_timestamp'
}
end
@@ -73,6 +76,7 @@ def self.openapi_types
:'finding' => :'DomainAPIFindingWithRuleV1',
:'host' => :'DomainAPIHostInfoFacetV1',
:'id' => :'String',
+ :'logic' => :'Array',
:'updated_timestamp' => :'String'
}
end
@@ -122,6 +126,12 @@ def initialize(attributes = {})
self.id = attributes[:'id']
end
+ if attributes.key?(:'logic')
+ if (value = attributes[:'logic']).is_a?(Array)
+ self.logic = value
+ end
+ end
+
if attributes.key?(:'updated_timestamp')
self.updated_timestamp = attributes[:'updated_timestamp']
end
@@ -181,6 +191,7 @@ def ==(o)
finding == o.finding &&
host == o.host &&
id == o.id &&
+ logic == o.logic &&
updated_timestamp == o.updated_timestamp
end
@@ -193,7 +204,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [aid, cid, created_timestamp, finding, host, id, updated_timestamp].hash
+ [aid, cid, created_timestamp, finding, host, id, logic, updated_timestamp].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_api_finding_with_rule_v1.rb b/lib/crimson-falcon/models/domain_api_finding_with_rule_v1.rb
index 997de6b3..f16e2e80 100644
--- a/lib/crimson-falcon/models/domain_api_finding_with_rule_v1.rb
+++ b/lib/crimson-falcon/models/domain_api_finding_with_rule_v1.rb
@@ -32,6 +32,9 @@
module Falcon
class DomainAPIFindingWithRuleV1
+ # Example values: NOT_AVAILABLE, AVAILABLE, DISABLE_RULE, UNSUPPORTED_RULE, OVERRIDE_STATUS
+ attr_accessor :evaluation_logic_type
+
attr_accessor :evaluation_reason
attr_accessor :host_id
@@ -45,6 +48,7 @@ class DomainAPIFindingWithRuleV1
# Attribute mapping from ruby-style variable name to JSON key.
def self.attribute_map
{
+ :'evaluation_logic_type' => :'evaluation_logic_type',
:'evaluation_reason' => :'evaluation_reason',
:'host_id' => :'host_id',
:'rule' => :'rule',
@@ -61,6 +65,7 @@ def self.acceptable_attributes
# Attribute type mapping.
def self.openapi_types
{
+ :'evaluation_logic_type' => :'String',
:'evaluation_reason' => :'String',
:'host_id' => :'String',
:'rule' => :'DomainAPIFindingRuleV1',
@@ -90,6 +95,10 @@ def initialize(attributes = {})
h[k.to_sym] = v
}
+ if attributes.key?(:'evaluation_logic_type')
+ self.evaluation_logic_type = attributes[:'evaluation_logic_type']
+ end
+
if attributes.key?(:'evaluation_reason')
self.evaluation_reason = attributes[:'evaluation_reason']
end
@@ -129,6 +138,7 @@ def valid?
def ==(o)
return true if self.equal?(o)
self.class == o.class &&
+ evaluation_logic_type == o.evaluation_logic_type &&
evaluation_reason == o.evaluation_reason &&
host_id == o.host_id &&
rule == o.rule &&
@@ -145,7 +155,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [evaluation_reason, host_id, rule, status, status_since_timestamp].hash
+ [evaluation_logic_type, evaluation_reason, host_id, rule, status, status_since_timestamp].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_api_remediation_ids.rb b/lib/crimson-falcon/models/domain_api_remediation_ids.rb
index 61829c18..b2c9fe29 100644
--- a/lib/crimson-falcon/models/domain_api_remediation_ids.rb
+++ b/lib/crimson-falcon/models/domain_api_remediation_ids.rb
@@ -32,6 +32,7 @@
module Falcon
class DomainAPIRemediationIDs
+ # Refers to a remediation unique identifier that points to remediation details addressing this vulnerability
attr_accessor :ids
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_api_remediation_v2.rb b/lib/crimson-falcon/models/domain_api_remediation_v2.rb
index a8815ab5..e19a8cf8 100644
--- a/lib/crimson-falcon/models/domain_api_remediation_v2.rb
+++ b/lib/crimson-falcon/models/domain_api_remediation_v2.rb
@@ -32,16 +32,22 @@
module Falcon
class DomainAPIRemediationV2
+ # Expanded description of the remediation
attr_accessor :action
+ # Refers to an unique identifier for a given remediation
attr_accessor :id
+ # Link to the remediation page for the vendor
attr_accessor :link
+ # Relevant reference for the remediation that can be used to get additional details for the remediation. For example, a KB number that needs to be installed for a KB_SECURITY_UPDATE
attr_accessor :reference
+ # Short description of the remediation
attr_accessor :title
+ # Link to the vendor advisory - Note: This field is populated if there are extra steps that are required to complete the remediation
attr_accessor :vendor_url
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_cve_details_facet_v2.rb b/lib/crimson-falcon/models/domain_api_vulnerability_cve_details_facet_v2.rb
index d20b1752..c682bb83 100644
--- a/lib/crimson-falcon/models/domain_api_vulnerability_cve_details_facet_v2.rb
+++ b/lib/crimson-falcon/models/domain_api_vulnerability_cve_details_facet_v2.rb
@@ -32,38 +32,53 @@
module Falcon
class DomainAPIVulnerabilityCVEDetailsFacetV2
+ # Contains a list of actors that are known for exploiting this vulnerability ot in the wild
attr_accessor :actors
+ # The base score for a Common Vulnerability Enumeration (CVE) is a numerical value that represents the intrinsic severity and impact of a security vulnerability.
attr_accessor :base_score
attr_accessor :cisa_info
+ # Refers to description of the vulnerability
attr_accessor :description
+ # Exploit status refers to the current state or availability of known exploits for a specific vulnerability, indicating whether there are known techniques or tools to leverage the vulnerability in an attack.
attr_accessor :exploit_status
+ # Represents a numerical value that indicates the relative ease or difficulty for an attacker to exploit a vulnerability
attr_accessor :exploitability_score
+ # Expert.AI score on the vulnerability
attr_accessor :exprt_rating
attr_accessor :id
+ # Refers to a numerical value that represents the potential impact or severity of a vulnerability when it is successfully exploited
attr_accessor :impact_score
+ # Vulnerability name
attr_accessor :name
+ # Refers to a point in time when the vulnerability has been disclosed
attr_accessor :published_date
+ # Refers to one or more references with more details about the vulnerability
attr_accessor :references
+ # Remediation level indicates the required effort to mitigate a security vulnerability, ranging from official fixes to unavailable remedies
attr_accessor :remediation_level
+ # Severity refers to the level of impact or potential harm caused by a security vulnerability. It is often assessed using metrics such as the CVSS base score, which takes into account factors such as exploitability, impact on confidentiality, integrity, and availability, and other relevant parameters to determine the severity level of a vulnerability.
attr_accessor :severity
+ # Corresponds to a point in time when Spotlight offered support for detecting a specific vulnerability
attr_accessor :spotlight_published_date
+ # Refers to the vector of attack or the specific method or path through which an attacker can exploit a vulnerability
attr_accessor :vector
+ # Refers to one or more URLs that points to vendor advisories
attr_accessor :vendor_advisory
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_cvecisa_info.rb b/lib/crimson-falcon/models/domain_api_vulnerability_cvecisa_info.rb
index 8c17cab9..5e260d87 100644
--- a/lib/crimson-falcon/models/domain_api_vulnerability_cvecisa_info.rb
+++ b/lib/crimson-falcon/models/domain_api_vulnerability_cvecisa_info.rb
@@ -32,8 +32,10 @@
module Falcon
class DomainAPIVulnerabilityCVECISAInfo
+ # Refers to the deadline or target date set by the Cybersecurity and Infrastructure Security Agency (CISA) for addressing or mitigating a Critical Infrastructure Security Advisory Key (CISAK) vulnerability
attr_accessor :due_date
+ # Refers to the designation of a vulnerability as a Critical Infrastructure Security Advisory Key (CISAK) by the Cybersecurity and Infrastructure Security Agency (CISA), indicating its significance and potential impact on critical infrastructure systems and operations
attr_accessor :is_cisa_kev
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_data_provider_v1.rb b/lib/crimson-falcon/models/domain_api_vulnerability_data_provider_v1.rb
new file mode 100644
index 00000000..32e0c94f
--- /dev/null
+++ b/lib/crimson-falcon/models/domain_api_vulnerability_data_provider_v1.rb
@@ -0,0 +1,277 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class DomainAPIVulnerabilityDataProviderV1
+ # Ports that the vulnerability affects
+ attr_accessor :ports
+
+ # Label for the provider
+ attr_accessor :provider
+
+ # Rating provided by the vulnerability provider
+ attr_accessor :rating
+
+ # Time when the detection occurred
+ attr_accessor :scan_time
+
+ # Scanner ID of the vulnerability provider
+ attr_accessor :scanner_id
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'ports' => :'ports',
+ :'provider' => :'provider',
+ :'rating' => :'rating',
+ :'scan_time' => :'scan_time',
+ :'scanner_id' => :'scanner_id'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'ports' => :'Array',
+ :'provider' => :'String',
+ :'rating' => :'String',
+ :'scan_time' => :'String',
+ :'scanner_id' => :'String'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainAPIVulnerabilityDataProviderV1` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainAPIVulnerabilityDataProviderV1`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'ports')
+ if (value = attributes[:'ports']).is_a?(Array)
+ self.ports = value
+ end
+ end
+
+ if attributes.key?(:'provider')
+ self.provider = attributes[:'provider']
+ end
+
+ if attributes.key?(:'rating')
+ self.rating = attributes[:'rating']
+ end
+
+ if attributes.key?(:'scan_time')
+ self.scan_time = attributes[:'scan_time']
+ end
+
+ if attributes.key?(:'scanner_id')
+ self.scanner_id = attributes[:'scanner_id']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ ports == o.ports &&
+ provider == o.provider &&
+ rating == o.rating &&
+ scan_time == o.scan_time &&
+ scanner_id == o.scanner_id
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [ports, provider, rating, scan_time, scanner_id].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_extended_app_v2.rb b/lib/crimson-falcon/models/domain_api_vulnerability_extended_app_v2.rb
index 08068f4e..63afb042 100644
--- a/lib/crimson-falcon/models/domain_api_vulnerability_extended_app_v2.rb
+++ b/lib/crimson-falcon/models/domain_api_vulnerability_extended_app_v2.rb
@@ -38,6 +38,7 @@ class DomainAPIVulnerabilityExtendedAppV2
attr_accessor :remediation
+ # Contains vulnerability status for a particular product - can differentiate in cases where a vulnerability is detected for multiple products
attr_accessor :sub_status
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_host_facet_v2.rb b/lib/crimson-falcon/models/domain_api_vulnerability_host_facet_v2.rb
index 7e0cf017..68d6bff6 100644
--- a/lib/crimson-falcon/models/domain_api_vulnerability_host_facet_v2.rb
+++ b/lib/crimson-falcon/models/domain_api_vulnerability_host_facet_v2.rb
@@ -32,49 +32,78 @@
module Falcon
class DomainAPIVulnerabilityHostFacetV2
+ # Refers to how critical an asset has been evaluated to be
attr_accessor :asset_criticality
+ # Refers to one or more roles that have been assigned to the assets
attr_accessor :asset_roles
+ # A unique identifier assigned by entity graph
+ attr_accessor :entity_graph_id
+
+ # Refers to a logic grouping of assets
attr_accessor :groups
+ # A timestamp corresponding to the last day when we detected activity coming from an asset
attr_accessor :host_last_seen_timestamp
+ # Refers to the hostname used by the asset on which the vulnerability was detected
attr_accessor :hostname
+ # Refers to a unique identifier assigned to an asset
attr_accessor :instance_id
+ # Refers to the level of exposure an asset has to the internet
attr_accessor :internet_exposure
+ # Refers to the local IP used by the asset on which the vulnerability was detected
attr_accessor :local_ip
+ # The machine domain of an asset is the network identity within a network infrastructure
attr_accessor :machine_domain
+ # Name of the entity that is managing the asset
+ attr_accessor :managed_by
+
+ # Refers to the specific build or version number of an operating system, indicating a particular release or revision of the operating system
attr_accessor :os_build
+ # Refers to the operating system version used by the asset on which the vulnerability was detected
attr_accessor :os_version
+ # Refers to the specific organizational grouping or container within an Active Directory (AD) or directory service where the host is located or categorized.
attr_accessor :ou
+ # Refers to the name or designation of the specific software platform or operating system on which the asset is running
attr_accessor :platform
+ # Refers to the descriptive label or category that identifies the type or edition of the operating system product installed on the asset
attr_accessor :product_type_desc
+ # Refers to a company, organization, or entity that offers or provided this specific asset
attr_accessor :service_provider
+ # Refers to the unique identifier associated with a service provider account, typically used in cloud computing or managed service environments
attr_accessor :service_provider_account_id
+ # Refers to the name or label assigned to the physical or logical location within a network infrastructure where the host is situated
attr_accessor :site_name
+ # Refers to the company or organization that designed and produced the hardware system or device
attr_accessor :system_manufacturer
+ # Refers to a logical grouping of assets via tags
attr_accessor :tags
+ # zero or more unique identifiers assigned by third party entities which provided data for the asset
+ attr_accessor :third_party_asset_ids
+
# Attribute mapping from ruby-style variable name to JSON key.
def self.attribute_map
{
:'asset_criticality' => :'asset_criticality',
:'asset_roles' => :'asset_roles',
+ :'entity_graph_id' => :'entity_graph_id',
:'groups' => :'groups',
:'host_last_seen_timestamp' => :'host_last_seen_timestamp',
:'hostname' => :'hostname',
@@ -82,6 +111,7 @@ def self.attribute_map
:'internet_exposure' => :'internet_exposure',
:'local_ip' => :'local_ip',
:'machine_domain' => :'machine_domain',
+ :'managed_by' => :'managed_by',
:'os_build' => :'os_build',
:'os_version' => :'os_version',
:'ou' => :'ou',
@@ -91,7 +121,8 @@ def self.attribute_map
:'service_provider_account_id' => :'service_provider_account_id',
:'site_name' => :'site_name',
:'system_manufacturer' => :'system_manufacturer',
- :'tags' => :'tags'
+ :'tags' => :'tags',
+ :'third_party_asset_ids' => :'third_party_asset_ids'
}
end
@@ -105,6 +136,7 @@ def self.openapi_types
{
:'asset_criticality' => :'String',
:'asset_roles' => :'Array',
+ :'entity_graph_id' => :'String',
:'groups' => :'Array',
:'host_last_seen_timestamp' => :'String',
:'hostname' => :'String',
@@ -112,6 +144,7 @@ def self.openapi_types
:'internet_exposure' => :'String',
:'local_ip' => :'String',
:'machine_domain' => :'String',
+ :'managed_by' => :'String',
:'os_build' => :'String',
:'os_version' => :'String',
:'ou' => :'String',
@@ -121,7 +154,8 @@ def self.openapi_types
:'service_provider_account_id' => :'String',
:'site_name' => :'String',
:'system_manufacturer' => :'String',
- :'tags' => :'Array'
+ :'tags' => :'Array',
+ :'third_party_asset_ids' => :'Array'
}
end
@@ -156,6 +190,10 @@ def initialize(attributes = {})
end
end
+ if attributes.key?(:'entity_graph_id')
+ self.entity_graph_id = attributes[:'entity_graph_id']
+ end
+
if attributes.key?(:'groups')
if (value = attributes[:'groups']).is_a?(Array)
self.groups = value
@@ -186,6 +224,10 @@ def initialize(attributes = {})
self.machine_domain = attributes[:'machine_domain']
end
+ if attributes.key?(:'managed_by')
+ self.managed_by = attributes[:'managed_by']
+ end
+
if attributes.key?(:'os_build')
self.os_build = attributes[:'os_build']
end
@@ -227,6 +269,12 @@ def initialize(attributes = {})
self.tags = value
end
end
+
+ if attributes.key?(:'third_party_asset_ids')
+ if (value = attributes[:'third_party_asset_ids']).is_a?(Array)
+ self.third_party_asset_ids = value
+ end
+ end
end
# Show invalid properties with the reasons. Usually used together with valid?
@@ -284,6 +332,7 @@ def ==(o)
self.class == o.class &&
asset_criticality == o.asset_criticality &&
asset_roles == o.asset_roles &&
+ entity_graph_id == o.entity_graph_id &&
groups == o.groups &&
host_last_seen_timestamp == o.host_last_seen_timestamp &&
hostname == o.hostname &&
@@ -291,6 +340,7 @@ def ==(o)
internet_exposure == o.internet_exposure &&
local_ip == o.local_ip &&
machine_domain == o.machine_domain &&
+ managed_by == o.managed_by &&
os_build == o.os_build &&
os_version == o.os_version &&
ou == o.ou &&
@@ -300,7 +350,8 @@ def ==(o)
service_provider_account_id == o.service_provider_account_id &&
site_name == o.site_name &&
system_manufacturer == o.system_manufacturer &&
- tags == o.tags
+ tags == o.tags &&
+ third_party_asset_ids == o.third_party_asset_ids
end
# @see the `==` method
@@ -312,7 +363,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [asset_criticality, asset_roles, groups, host_last_seen_timestamp, hostname, instance_id, internet_exposure, local_ip, machine_domain, os_build, os_version, ou, platform, product_type_desc, service_provider, service_provider_account_id, site_name, system_manufacturer, tags].hash
+ [asset_criticality, asset_roles, entity_graph_id, groups, host_last_seen_timestamp, hostname, instance_id, internet_exposure, local_ip, machine_domain, managed_by, os_build, os_version, ou, platform, product_type_desc, service_provider, service_provider_account_id, site_name, system_manufacturer, tags, third_party_asset_ids].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_remediation_facet_v2.rb b/lib/crimson-falcon/models/domain_api_vulnerability_remediation_facet_v2.rb
index cc8c4ffb..3ef8d72d 100644
--- a/lib/crimson-falcon/models/domain_api_vulnerability_remediation_facet_v2.rb
+++ b/lib/crimson-falcon/models/domain_api_vulnerability_remediation_facet_v2.rb
@@ -32,8 +32,10 @@
module Falcon
class DomainAPIVulnerabilityRemediationFacetV2
+ # Contains the actual remediation data
attr_accessor :entities
+ # Refers to a remediation unique identifier that points to remediation details addressing this vulnerability
attr_accessor :ids
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_suppression_info_v2.rb b/lib/crimson-falcon/models/domain_api_vulnerability_suppression_info_v2.rb
index 47b713ab..291e9c11 100644
--- a/lib/crimson-falcon/models/domain_api_vulnerability_suppression_info_v2.rb
+++ b/lib/crimson-falcon/models/domain_api_vulnerability_suppression_info_v2.rb
@@ -32,8 +32,10 @@
module Falcon
class DomainAPIVulnerabilitySuppressionInfoV2
+ # Indicates if a vulnerability has been suppressed or not
attr_accessor :is_suppressed
+ # Indicates what is the rule ID for which a vulnerability has been suppressed
attr_accessor :reason
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_api_vulnerability_v2.rb b/lib/crimson-falcon/models/domain_api_vulnerability_v2.rb
index 692b7a19..4b34a1f5 100644
--- a/lib/crimson-falcon/models/domain_api_vulnerability_v2.rb
+++ b/lib/crimson-falcon/models/domain_api_vulnerability_v2.rb
@@ -32,32 +32,52 @@
module Falcon
class DomainAPIVulnerabilityV2
+ # Asset ID for which the vulnerability has been detected. For managed assets it can correspond to the sensor ID, for unmanaged assets can be a stand alone ID
attr_accessor :aid
attr_accessor :app
+ # Provide details related to the products for which a the vulnerability has been detected
attr_accessor :apps
+ # Contains the customer identifier associated with the asset for which the vulnerability has been detected
attr_accessor :cid
+ # A timestamp corresponding to the point in time when the vulnerability has no longer been detected (eg: it got fixed)
attr_accessor :closed_timestamp
+ # A timestamp corresponding to the point in time when the vulnerability has been created (detected) in our system
attr_accessor :created_timestamp
attr_accessor :cve
+ # Contains information about the vulnerability data providers of this entity
+ attr_accessor :data_providers
+
attr_accessor :host_info
+ # Vulnerability unique ID
attr_accessor :id
+ # Contains ports that the vulnerability affects
+ attr_accessor :ports
+
attr_accessor :remediation
+ # Current status of a vulnerability (open, closed, reopen)
attr_accessor :status
attr_accessor :suppression_info
+ # A timestamp corresponding to the point in time when a vulnerability's information or status have been updated
attr_accessor :updated_timestamp
+ # Dynamic label that contains the CVE ID if applicable, otherwise the vulnerability metadata ID or label from the provider
+ attr_accessor :vulnerability_id
+
+ # Unique identifier for the vulnerability metadata
+ attr_accessor :vulnerability_metadata_id
+
# Attribute mapping from ruby-style variable name to JSON key.
def self.attribute_map
{
@@ -68,12 +88,16 @@ def self.attribute_map
:'closed_timestamp' => :'closed_timestamp',
:'created_timestamp' => :'created_timestamp',
:'cve' => :'cve',
+ :'data_providers' => :'data_providers',
:'host_info' => :'host_info',
:'id' => :'id',
+ :'ports' => :'ports',
:'remediation' => :'remediation',
:'status' => :'status',
:'suppression_info' => :'suppression_info',
- :'updated_timestamp' => :'updated_timestamp'
+ :'updated_timestamp' => :'updated_timestamp',
+ :'vulnerability_id' => :'vulnerability_id',
+ :'vulnerability_metadata_id' => :'vulnerability_metadata_id'
}
end
@@ -92,12 +116,16 @@ def self.openapi_types
:'closed_timestamp' => :'String',
:'created_timestamp' => :'String',
:'cve' => :'DomainAPIVulnerabilityCVEDetailsFacetV2',
+ :'data_providers' => :'Array',
:'host_info' => :'DomainAPIVulnerabilityHostFacetV2',
:'id' => :'String',
+ :'ports' => :'Array',
:'remediation' => :'DomainAPIVulnerabilityRemediationFacetV2',
:'status' => :'String',
:'suppression_info' => :'DomainAPIVulnerabilitySuppressionInfoV2',
- :'updated_timestamp' => :'String'
+ :'updated_timestamp' => :'String',
+ :'vulnerability_id' => :'String',
+ :'vulnerability_metadata_id' => :'String'
}
end
@@ -152,6 +180,12 @@ def initialize(attributes = {})
self.cve = attributes[:'cve']
end
+ if attributes.key?(:'data_providers')
+ if (value = attributes[:'data_providers']).is_a?(Array)
+ self.data_providers = value
+ end
+ end
+
if attributes.key?(:'host_info')
self.host_info = attributes[:'host_info']
end
@@ -160,6 +194,12 @@ def initialize(attributes = {})
self.id = attributes[:'id']
end
+ if attributes.key?(:'ports')
+ if (value = attributes[:'ports']).is_a?(Array)
+ self.ports = value
+ end
+ end
+
if attributes.key?(:'remediation')
self.remediation = attributes[:'remediation']
end
@@ -175,6 +215,14 @@ def initialize(attributes = {})
if attributes.key?(:'updated_timestamp')
self.updated_timestamp = attributes[:'updated_timestamp']
end
+
+ if attributes.key?(:'vulnerability_id')
+ self.vulnerability_id = attributes[:'vulnerability_id']
+ end
+
+ if attributes.key?(:'vulnerability_metadata_id')
+ self.vulnerability_metadata_id = attributes[:'vulnerability_metadata_id']
+ end
end
# Show invalid properties with the reasons. Usually used together with valid?
@@ -232,12 +280,16 @@ def ==(o)
closed_timestamp == o.closed_timestamp &&
created_timestamp == o.created_timestamp &&
cve == o.cve &&
+ data_providers == o.data_providers &&
host_info == o.host_info &&
id == o.id &&
+ ports == o.ports &&
remediation == o.remediation &&
status == o.status &&
suppression_info == o.suppression_info &&
- updated_timestamp == o.updated_timestamp
+ updated_timestamp == o.updated_timestamp &&
+ vulnerability_id == o.vulnerability_id &&
+ vulnerability_metadata_id == o.vulnerability_metadata_id
end
# @see the `==` method
@@ -249,7 +301,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [aid, app, apps, cid, closed_timestamp, created_timestamp, cve, host_info, id, remediation, status, suppression_info, updated_timestamp].hash
+ [aid, app, apps, cid, closed_timestamp, created_timestamp, cve, data_providers, host_info, id, ports, remediation, status, suppression_info, updated_timestamp, vulnerability_id, vulnerability_metadata_id].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_aws_account_v2.rb b/lib/crimson-falcon/models/domain_aws_account_v2.rb
index 32254191..1891291e 100644
--- a/lib/crimson-falcon/models/domain_aws_account_v2.rb
+++ b/lib/crimson-falcon/models/domain_aws_account_v2.rb
@@ -43,6 +43,9 @@ class DomainAWSAccountV2
# 12 digit AWS provided unique identifier for the account.
attr_accessor :account_id
+ # AWS account name
+ attr_accessor :account_name
+
attr_accessor :account_type
attr_accessor :active_regions
@@ -63,6 +66,8 @@ class DomainAWSAccountV2
attr_accessor :cid
+ attr_accessor :cloud_scopes
+
attr_accessor :cloudformation_url
attr_accessor :conditions
@@ -73,6 +78,8 @@ class DomainAWSAccountV2
attr_accessor :d4c_migrated
+ attr_accessor :environment
+
attr_accessor :eventbus_name
# ID assigned for use with cross account IAM role access.
@@ -122,6 +129,7 @@ def self.attribute_map
:'id' => :'ID',
:'updated_at' => :'UpdatedAt',
:'account_id' => :'account_id',
+ :'account_name' => :'account_name',
:'account_type' => :'account_type',
:'active_regions' => :'active_regions',
:'aws_cloudtrail_bucket_name' => :'aws_cloudtrail_bucket_name',
@@ -130,11 +138,13 @@ def self.attribute_map
:'aws_permissions_status' => :'aws_permissions_status',
:'behavior_assessment_enabled' => :'behavior_assessment_enabled',
:'cid' => :'cid',
+ :'cloud_scopes' => :'cloud_scopes',
:'cloudformation_url' => :'cloudformation_url',
:'conditions' => :'conditions',
:'cspm_enabled' => :'cspm_enabled',
:'d4c' => :'d4c',
:'d4c_migrated' => :'d4c_migrated',
+ :'environment' => :'environment',
:'eventbus_name' => :'eventbus_name',
:'external_id' => :'external_id',
:'iam_role_arn' => :'iam_role_arn',
@@ -169,6 +179,7 @@ def self.openapi_types
:'id' => :'Integer',
:'updated_at' => :'Time',
:'account_id' => :'String',
+ :'account_name' => :'String',
:'account_type' => :'String',
:'active_regions' => :'Array',
:'aws_cloudtrail_bucket_name' => :'String',
@@ -177,11 +188,13 @@ def self.openapi_types
:'aws_permissions_status' => :'Array',
:'behavior_assessment_enabled' => :'Boolean',
:'cid' => :'String',
+ :'cloud_scopes' => :'Array',
:'cloudformation_url' => :'String',
:'conditions' => :'Array',
:'cspm_enabled' => :'Boolean',
:'d4c' => :'DomainAWSD4CAccountV1',
:'d4c_migrated' => :'Boolean',
+ :'environment' => :'String',
:'eventbus_name' => :'String',
:'external_id' => :'String',
:'iam_role_arn' => :'String',
@@ -244,6 +257,10 @@ def initialize(attributes = {})
self.account_id = attributes[:'account_id']
end
+ if attributes.key?(:'account_name')
+ self.account_name = attributes[:'account_name']
+ end
+
if attributes.key?(:'account_type')
self.account_type = attributes[:'account_type']
end
@@ -280,6 +297,12 @@ def initialize(attributes = {})
self.cid = attributes[:'cid']
end
+ if attributes.key?(:'cloud_scopes')
+ if (value = attributes[:'cloud_scopes']).is_a?(Array)
+ self.cloud_scopes = value
+ end
+ end
+
if attributes.key?(:'cloudformation_url')
self.cloudformation_url = attributes[:'cloudformation_url']
end
@@ -302,6 +325,10 @@ def initialize(attributes = {})
self.d4c_migrated = attributes[:'d4c_migrated']
end
+ if attributes.key?(:'environment')
+ self.environment = attributes[:'environment']
+ end
+
if attributes.key?(:'eventbus_name')
self.eventbus_name = attributes[:'eventbus_name']
end
@@ -433,6 +460,7 @@ def ==(o)
id == o.id &&
updated_at == o.updated_at &&
account_id == o.account_id &&
+ account_name == o.account_name &&
account_type == o.account_type &&
active_regions == o.active_regions &&
aws_cloudtrail_bucket_name == o.aws_cloudtrail_bucket_name &&
@@ -441,11 +469,13 @@ def ==(o)
aws_permissions_status == o.aws_permissions_status &&
behavior_assessment_enabled == o.behavior_assessment_enabled &&
cid == o.cid &&
+ cloud_scopes == o.cloud_scopes &&
cloudformation_url == o.cloudformation_url &&
conditions == o.conditions &&
cspm_enabled == o.cspm_enabled &&
d4c == o.d4c &&
d4c_migrated == o.d4c_migrated &&
+ environment == o.environment &&
eventbus_name == o.eventbus_name &&
external_id == o.external_id &&
iam_role_arn == o.iam_role_arn &&
@@ -475,7 +505,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [created_at, deleted_at, id, updated_at, account_id, account_type, active_regions, aws_cloudtrail_bucket_name, aws_cloudtrail_region, aws_eventbus_arn, aws_permissions_status, behavior_assessment_enabled, cid, cloudformation_url, conditions, cspm_enabled, d4c, d4c_migrated, eventbus_name, external_id, iam_role_arn, intermediate_role_arn, is_custom_rolename, is_master, organization_id, remediation_cloudformation_url, remediation_region, remediation_tou_accepted, root_account_id, root_iam_role, secondary_role_arn, sensor_management_enabled, settings, status, use_existing_cloudtrail, valid].hash
+ [created_at, deleted_at, id, updated_at, account_id, account_name, account_type, active_regions, aws_cloudtrail_bucket_name, aws_cloudtrail_region, aws_eventbus_arn, aws_permissions_status, behavior_assessment_enabled, cid, cloud_scopes, cloudformation_url, conditions, cspm_enabled, d4c, d4c_migrated, environment, eventbus_name, external_id, iam_role_arn, intermediate_role_arn, is_custom_rolename, is_master, organization_id, remediation_cloudformation_url, remediation_region, remediation_tou_accepted, root_account_id, root_iam_role, secondary_role_arn, sensor_management_enabled, settings, status, use_existing_cloudtrail, valid].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_base_api_vulnerability_v2.rb b/lib/crimson-falcon/models/domain_base_api_vulnerability_v2.rb
index cba18350..75f06ee9 100644
--- a/lib/crimson-falcon/models/domain_base_api_vulnerability_v2.rb
+++ b/lib/crimson-falcon/models/domain_base_api_vulnerability_v2.rb
@@ -32,32 +32,52 @@
module Falcon
class DomainBaseAPIVulnerabilityV2
+ # Asset ID for which the vulnerability has been detected. For managed assets it can correspond to the sensor ID, for unmanaged assets can be a stand alone ID
attr_accessor :aid
attr_accessor :app
+ # Provide details related to the products for which a the vulnerability has been detected
attr_accessor :apps
+ # Contains the customer identifier associated with the asset for which the vulnerability has been detected
attr_accessor :cid
+ # A timestamp corresponding to the point in time when the vulnerability has no longer been detected (eg: it got fixed)
attr_accessor :closed_timestamp
+ # A timestamp corresponding to the point in time when the vulnerability has been created (detected) in our system
attr_accessor :created_timestamp
attr_accessor :cve
+ # Contains information about the vulnerability data providers of this entity
+ attr_accessor :data_providers
+
attr_accessor :host_info
+ # Vulnerability unique ID
attr_accessor :id
+ # Contains ports that the vulnerability affects
+ attr_accessor :ports
+
attr_accessor :remediation
+ # Current status of a vulnerability (open, closed, reopen)
attr_accessor :status
attr_accessor :suppression_info
+ # A timestamp corresponding to the point in time when a vulnerability's information or status have been updated
attr_accessor :updated_timestamp
+ # Dynamic label that contains the CVE ID if applicable, otherwise the vulnerability metadata ID or label from the provider
+ attr_accessor :vulnerability_id
+
+ # Unique identifier for the vulnerability metadata
+ attr_accessor :vulnerability_metadata_id
+
# Attribute mapping from ruby-style variable name to JSON key.
def self.attribute_map
{
@@ -68,12 +88,16 @@ def self.attribute_map
:'closed_timestamp' => :'closed_timestamp',
:'created_timestamp' => :'created_timestamp',
:'cve' => :'cve',
+ :'data_providers' => :'data_providers',
:'host_info' => :'host_info',
:'id' => :'id',
+ :'ports' => :'ports',
:'remediation' => :'remediation',
:'status' => :'status',
:'suppression_info' => :'suppression_info',
- :'updated_timestamp' => :'updated_timestamp'
+ :'updated_timestamp' => :'updated_timestamp',
+ :'vulnerability_id' => :'vulnerability_id',
+ :'vulnerability_metadata_id' => :'vulnerability_metadata_id'
}
end
@@ -92,12 +116,16 @@ def self.openapi_types
:'closed_timestamp' => :'String',
:'created_timestamp' => :'String',
:'cve' => :'DomainAPIVulnerabilityCVEDetailsFacetV2',
+ :'data_providers' => :'Array',
:'host_info' => :'DomainAPIVulnerabilityHostFacetV2',
:'id' => :'String',
+ :'ports' => :'Array',
:'remediation' => :'DomainAPIVulnerabilityRemediationFacetV2',
:'status' => :'String',
:'suppression_info' => :'DomainAPIVulnerabilitySuppressionInfoV2',
- :'updated_timestamp' => :'String'
+ :'updated_timestamp' => :'String',
+ :'vulnerability_id' => :'String',
+ :'vulnerability_metadata_id' => :'String'
}
end
@@ -152,6 +180,12 @@ def initialize(attributes = {})
self.cve = attributes[:'cve']
end
+ if attributes.key?(:'data_providers')
+ if (value = attributes[:'data_providers']).is_a?(Array)
+ self.data_providers = value
+ end
+ end
+
if attributes.key?(:'host_info')
self.host_info = attributes[:'host_info']
end
@@ -160,6 +194,12 @@ def initialize(attributes = {})
self.id = attributes[:'id']
end
+ if attributes.key?(:'ports')
+ if (value = attributes[:'ports']).is_a?(Array)
+ self.ports = value
+ end
+ end
+
if attributes.key?(:'remediation')
self.remediation = attributes[:'remediation']
end
@@ -175,6 +215,14 @@ def initialize(attributes = {})
if attributes.key?(:'updated_timestamp')
self.updated_timestamp = attributes[:'updated_timestamp']
end
+
+ if attributes.key?(:'vulnerability_id')
+ self.vulnerability_id = attributes[:'vulnerability_id']
+ end
+
+ if attributes.key?(:'vulnerability_metadata_id')
+ self.vulnerability_metadata_id = attributes[:'vulnerability_metadata_id']
+ end
end
# Show invalid properties with the reasons. Usually used together with valid?
@@ -232,12 +280,16 @@ def ==(o)
closed_timestamp == o.closed_timestamp &&
created_timestamp == o.created_timestamp &&
cve == o.cve &&
+ data_providers == o.data_providers &&
host_info == o.host_info &&
id == o.id &&
+ ports == o.ports &&
remediation == o.remediation &&
status == o.status &&
suppression_info == o.suppression_info &&
- updated_timestamp == o.updated_timestamp
+ updated_timestamp == o.updated_timestamp &&
+ vulnerability_id == o.vulnerability_id &&
+ vulnerability_metadata_id == o.vulnerability_metadata_id
end
# @see the `==` method
@@ -249,7 +301,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [aid, app, apps, cid, closed_timestamp, created_timestamp, cve, host_info, id, remediation, status, suppression_info, updated_timestamp].hash
+ [aid, app, apps, cid, closed_timestamp, created_timestamp, cve, data_providers, host_info, id, ports, remediation, status, suppression_info, updated_timestamp, vulnerability_id, vulnerability_metadata_id].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_behavior.rb b/lib/crimson-falcon/models/domain_behavior.rb
index c4f8c318..ecc1a85e 100644
--- a/lib/crimson-falcon/models/domain_behavior.rb
+++ b/lib/crimson-falcon/models/domain_behavior.rb
@@ -34,6 +34,8 @@ module Falcon
class DomainBehavior
attr_accessor :aid
+ attr_accessor :alert_ids
+
attr_accessor :behavior_id
attr_accessor :cid
@@ -90,6 +92,7 @@ class DomainBehavior
def self.attribute_map
{
:'aid' => :'aid',
+ :'alert_ids' => :'alert_ids',
:'behavior_id' => :'behavior_id',
:'cid' => :'cid',
:'cmdline' => :'cmdline',
@@ -128,6 +131,7 @@ def self.acceptable_attributes
def self.openapi_types
{
:'aid' => :'String',
+ :'alert_ids' => :'Array',
:'behavior_id' => :'String',
:'cid' => :'String',
:'cmdline' => :'String',
@@ -182,6 +186,12 @@ def initialize(attributes = {})
self.aid = attributes[:'aid']
end
+ if attributes.key?(:'alert_ids')
+ if (value = attributes[:'alert_ids']).is_a?(Array)
+ self.alert_ids = value
+ end
+ end
+
if attributes.key?(:'behavior_id')
self.behavior_id = attributes[:'behavior_id']
end
@@ -325,6 +335,7 @@ def ==(o)
return true if self.equal?(o)
self.class == o.class &&
aid == o.aid &&
+ alert_ids == o.alert_ids &&
behavior_id == o.behavior_id &&
cid == o.cid &&
cmdline == o.cmdline &&
@@ -362,7 +373,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [aid, behavior_id, cid, cmdline, compound_tto, detection_ids, display_name, domain, exclusion_type, filepath, incident_id, incident_ids, ioc_source, ioc_type, ioc_value, objective, pattern_disposition, pattern_disposition_details, pattern_id, sha256, tactic, tactic_id, technique, technique_id, template_instance_id, timestamp, user_name].hash
+ [aid, alert_ids, behavior_id, cid, cmdline, compound_tto, detection_ids, display_name, domain, exclusion_type, filepath, incident_id, incident_ids, ioc_source, ioc_type, ioc_value, objective, pattern_disposition, pattern_disposition_details, pattern_id, sha256, tactic, tactic_id, technique, technique_id, template_instance_id, timestamp, user_name].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_cid_group.rb b/lib/crimson-falcon/models/domain_cid_group.rb
index 84189351..7c11f883 100644
--- a/lib/crimson-falcon/models/domain_cid_group.rb
+++ b/lib/crimson-falcon/models/domain_cid_group.rb
@@ -32,8 +32,6 @@
module Falcon
class DomainCIDGroup
- attr_accessor :cid
-
attr_accessor :cid_group_id
attr_accessor :description
@@ -43,7 +41,6 @@ class DomainCIDGroup
# Attribute mapping from ruby-style variable name to JSON key.
def self.attribute_map
{
- :'cid' => :'cid',
:'cid_group_id' => :'cid_group_id',
:'description' => :'description',
:'name' => :'name'
@@ -58,7 +55,6 @@ def self.acceptable_attributes
# Attribute type mapping.
def self.openapi_types
{
- :'cid' => :'String',
:'cid_group_id' => :'String',
:'description' => :'String',
:'name' => :'String'
@@ -86,10 +82,6 @@ def initialize(attributes = {})
h[k.to_sym] = v
}
- if attributes.key?(:'cid')
- self.cid = attributes[:'cid']
- end
-
if attributes.key?(:'cid_group_id')
self.cid_group_id = attributes[:'cid_group_id']
end
@@ -107,8 +99,8 @@ def initialize(attributes = {})
# @return Array for valid properties with the reasons
def list_invalid_properties
invalid_properties = Array.new
- if @description.nil?
- invalid_properties.push('invalid value for "description", description cannot be nil.')
+ if @cid_group_id.nil?
+ invalid_properties.push('invalid value for "cid_group_id", cid_group_id cannot be nil.')
end
if @name.nil?
@@ -121,7 +113,7 @@ def list_invalid_properties
# Check to see if the all the properties in the model are valid
# @return true if the model is valid
def valid?
- return false if @description.nil?
+ return false if @cid_group_id.nil?
return false if @name.nil?
true
end
@@ -131,7 +123,6 @@ def valid?
def ==(o)
return true if self.equal?(o)
self.class == o.class &&
- cid == o.cid &&
cid_group_id == o.cid_group_id &&
description == o.description &&
name == o.name
@@ -146,7 +137,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [cid, cid_group_id, description, name].hash
+ [cid_group_id, description, name].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_cid_policy_assignments.rb b/lib/crimson-falcon/models/domain_cid_policy_assignments.rb
index b8d5f673..87d681a0 100644
--- a/lib/crimson-falcon/models/domain_cid_policy_assignments.rb
+++ b/lib/crimson-falcon/models/domain_cid_policy_assignments.rb
@@ -40,6 +40,8 @@ class DomainCIDPolicyAssignments
attr_accessor :cis_benchmark
+ attr_accessor :cisa_benchmark
+
attr_accessor :cloud_asset_type
attr_accessor :cloud_asset_type_id
@@ -60,6 +62,8 @@ class DomainCIDPolicyAssignments
attr_accessor :is_remediable
+ attr_accessor :iso_benchmark
+
attr_accessor :name
attr_accessor :nist_benchmark
@@ -87,6 +91,7 @@ def self.attribute_map
:'attack_types' => :'attack_types',
:'cid' => :'cid',
:'cis_benchmark' => :'cis_benchmark',
+ :'cisa_benchmark' => :'cisa_benchmark',
:'cloud_asset_type' => :'cloud_asset_type',
:'cloud_asset_type_id' => :'cloud_asset_type_id',
:'cloud_provider' => :'cloud_provider',
@@ -97,6 +102,7 @@ def self.attribute_map
:'default_severity' => :'default_severity',
:'fql_policy' => :'fql_policy',
:'is_remediable' => :'is_remediable',
+ :'iso_benchmark' => :'iso_benchmark',
:'name' => :'name',
:'nist_benchmark' => :'nist_benchmark',
:'pci_benchmark' => :'pci_benchmark',
@@ -122,6 +128,7 @@ def self.openapi_types
:'attack_types' => :'Array',
:'cid' => :'String',
:'cis_benchmark' => :'Array',
+ :'cisa_benchmark' => :'Array',
:'cloud_asset_type' => :'String',
:'cloud_asset_type_id' => :'Integer',
:'cloud_provider' => :'String',
@@ -132,6 +139,7 @@ def self.openapi_types
:'default_severity' => :'String',
:'fql_policy' => :'String',
:'is_remediable' => :'Boolean',
+ :'iso_benchmark' => :'Array',
:'name' => :'String',
:'nist_benchmark' => :'Array',
:'pci_benchmark' => :'Array',
@@ -186,6 +194,12 @@ def initialize(attributes = {})
end
end
+ if attributes.key?(:'cisa_benchmark')
+ if (value = attributes[:'cisa_benchmark']).is_a?(Array)
+ self.cisa_benchmark = value
+ end
+ end
+
if attributes.key?(:'cloud_asset_type')
self.cloud_asset_type = attributes[:'cloud_asset_type']
end
@@ -226,6 +240,12 @@ def initialize(attributes = {})
self.is_remediable = attributes[:'is_remediable']
end
+ if attributes.key?(:'iso_benchmark')
+ if (value = attributes[:'iso_benchmark']).is_a?(Array)
+ self.iso_benchmark = value
+ end
+ end
+
if attributes.key?(:'name')
self.name = attributes[:'name']
end
@@ -302,6 +322,7 @@ def ==(o)
attack_types == o.attack_types &&
cid == o.cid &&
cis_benchmark == o.cis_benchmark &&
+ cisa_benchmark == o.cisa_benchmark &&
cloud_asset_type == o.cloud_asset_type &&
cloud_asset_type_id == o.cloud_asset_type_id &&
cloud_provider == o.cloud_provider &&
@@ -312,6 +333,7 @@ def ==(o)
default_severity == o.default_severity &&
fql_policy == o.fql_policy &&
is_remediable == o.is_remediable &&
+ iso_benchmark == o.iso_benchmark &&
name == o.name &&
nist_benchmark == o.nist_benchmark &&
pci_benchmark == o.pci_benchmark &&
@@ -333,7 +355,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [account_scope, attack_types, cid, cis_benchmark, cloud_asset_type, cloud_asset_type_id, cloud_provider, cloud_service, cloud_service_friendly, cloud_service_subtype, created_at, default_severity, fql_policy, is_remediable, name, nist_benchmark, pci_benchmark, policy_id, policy_settings, policy_timestamp, policy_type, remediation_summary, soc2_benchmark, updated_at].hash
+ [account_scope, attack_types, cid, cis_benchmark, cisa_benchmark, cloud_asset_type, cloud_asset_type_id, cloud_provider, cloud_service, cloud_service_friendly, cloud_service_subtype, created_at, default_severity, fql_policy, is_remediable, iso_benchmark, name, nist_benchmark, pci_benchmark, policy_id, policy_settings, policy_timestamp, policy_type, remediation_summary, soc2_benchmark, updated_at].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_cloud_accounts.rb b/lib/crimson-falcon/models/domain_cloud_accounts.rb
new file mode 100644
index 00000000..c40557c6
--- /dev/null
+++ b/lib/crimson-falcon/models/domain_cloud_accounts.rb
@@ -0,0 +1,245 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class DomainCloudAccounts
+ attr_accessor :ids
+
+ attr_accessor :provider
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'ids' => :'ids',
+ :'provider' => :'provider'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'ids' => :'Array',
+ :'provider' => :'String'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainCloudAccounts` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainCloudAccounts`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'ids')
+ if (value = attributes[:'ids']).is_a?(Array)
+ self.ids = value
+ end
+ end
+
+ if attributes.key?(:'provider')
+ self.provider = attributes[:'provider']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ ids == o.ids &&
+ provider == o.provider
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [ids, provider].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/domain_cloud_scope.rb b/lib/crimson-falcon/models/domain_cloud_scope.rb
new file mode 100644
index 00000000..a556abdb
--- /dev/null
+++ b/lib/crimson-falcon/models/domain_cloud_scope.rb
@@ -0,0 +1,319 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class DomainCloudScope
+ attr_accessor :accounts
+
+ attr_accessor :business_impact
+
+ attr_accessor :business_unit
+
+ attr_accessor :cid
+
+ attr_accessor :created_at
+
+ attr_accessor :description
+
+ attr_accessor :id
+
+ attr_accessor :name
+
+ attr_accessor :owners
+
+ attr_accessor :total_accounts
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'accounts' => :'accounts',
+ :'business_impact' => :'business_impact',
+ :'business_unit' => :'business_unit',
+ :'cid' => :'cid',
+ :'created_at' => :'created_at',
+ :'description' => :'description',
+ :'id' => :'id',
+ :'name' => :'name',
+ :'owners' => :'owners',
+ :'total_accounts' => :'total_accounts'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'accounts' => :'Array',
+ :'business_impact' => :'String',
+ :'business_unit' => :'String',
+ :'cid' => :'String',
+ :'created_at' => :'Time',
+ :'description' => :'String',
+ :'id' => :'Integer',
+ :'name' => :'String',
+ :'owners' => :'Array',
+ :'total_accounts' => :'Integer'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainCloudScope` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainCloudScope`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'accounts')
+ if (value = attributes[:'accounts']).is_a?(Array)
+ self.accounts = value
+ end
+ end
+
+ if attributes.key?(:'business_impact')
+ self.business_impact = attributes[:'business_impact']
+ end
+
+ if attributes.key?(:'business_unit')
+ self.business_unit = attributes[:'business_unit']
+ end
+
+ if attributes.key?(:'cid')
+ self.cid = attributes[:'cid']
+ end
+
+ if attributes.key?(:'created_at')
+ self.created_at = attributes[:'created_at']
+ end
+
+ if attributes.key?(:'description')
+ self.description = attributes[:'description']
+ end
+
+ if attributes.key?(:'id')
+ self.id = attributes[:'id']
+ end
+
+ if attributes.key?(:'name')
+ self.name = attributes[:'name']
+ end
+
+ if attributes.key?(:'owners')
+ if (value = attributes[:'owners']).is_a?(Array)
+ self.owners = value
+ end
+ end
+
+ if attributes.key?(:'total_accounts')
+ self.total_accounts = attributes[:'total_accounts']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ accounts == o.accounts &&
+ business_impact == o.business_impact &&
+ business_unit == o.business_unit &&
+ cid == o.cid &&
+ created_at == o.created_at &&
+ description == o.description &&
+ id == o.id &&
+ name == o.name &&
+ owners == o.owners &&
+ total_accounts == o.total_accounts
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [accounts, business_impact, business_unit, cid, created_at, description, id, name, owners, total_accounts].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/domain_discover_api_host.rb b/lib/crimson-falcon/models/domain_discover_api_host.rb
index 3c3cf7e8..24e2ef8d 100644
--- a/lib/crimson-falcon/models/domain_discover_api_host.rb
+++ b/lib/crimson-falcon/models/domain_discover_api_host.rb
@@ -47,7 +47,7 @@ class DomainDiscoverAPIHost
# The agent ID of the Falcon sensor installed on the asset.
attr_accessor :aid
- # List of asset roles (computed or given by the user)
+ # The asset role or roles currently assigned to the asset either automatically or by a user (Jump host, Highly connected, Highly active, Server by behavior, DHCP server, DNS server, FTP server, SSH server, or Web server).
attr_accessor :asset_roles
# The first and last name of the person who is assigned to this asset.
@@ -92,6 +92,9 @@ class DomainDiscoverAPIHost
# The cloud provider assigned identifier of the cloud account the instance is located in.
attr_accessor :cloud_account_id
+ # The id of the cloud instance.
+ attr_accessor :cloud_instance_id
+
# The cloud provider environment the instance is located in (AWS/Azure/GCP).
attr_accessor :cloud_provider
@@ -104,9 +107,12 @@ class DomainDiscoverAPIHost
# The cloud provider assigned identifier of the instance.
attr_accessor :cloud_resource_id
- # List of computed asset roles
+ # The asset role or roles assigned to the asset automatically (Jump host, Highly connected, Highly active, Server by behavior, DHCP server, DNS server, FTP server, SSH server, or Web server).
attr_accessor :computed_asset_roles
+ # Whether the asset is exposed to the internet as determined automatically (Yes, No, or Unknown).
+ attr_accessor :computed_internet_exposure
+
# The level of confidence that the asset is a corporate asset (25 = low confidence, 50 = medium confidence, 75 = high confidence).
attr_accessor :confidence
@@ -122,12 +128,21 @@ class DomainDiscoverAPIHost
# The time the asset was created in Active Directory, according to LDAP info.
attr_accessor :creation_timestamp
- # Asset criticality
+ # The criticality level of the asset (Critical, High, Noncritical, or Unassigned)
attr_accessor :criticality
- # The ID of the criticality rule that last matched on this host
+ # The description the user entered when manually assigning a criticality level
+ attr_accessor :criticality_description
+
+ # The ID of the criticality rule that has most recently applied to the asset.
attr_accessor :criticality_rule_id
+ # The date and time the criticality level was manually assigned
+ attr_accessor :criticality_timestamp
+
+ # The username of the account that manually assigned the criticality level
+ attr_accessor :criticality_username
+
# The last seen local IPv4 address of the asset.
attr_accessor :current_local_ip
@@ -149,6 +164,9 @@ class DomainDiscoverAPIHost
# The number of sources that discovered the asset.
attr_accessor :discoverer_count
+ # The hostnames of the sources that discovered the asset.
+ attr_accessor :discoverer_hostnames
+
# The platform names of the sources that discovered the asset.
attr_accessor :discoverer_platform_names
@@ -209,12 +227,24 @@ class DomainDiscoverAPIHost
# Whether the asset is exposed to the internet (Yes or Unknown).
attr_accessor :internet_exposure
+ # The description the user entered when manually assigning a internet exposure level
+ attr_accessor :internet_exposure_description
+
+ # The date and time the internet exposure level was manually assigned
+ attr_accessor :internet_exposure_timestamp
+
+ # The username of the account that manually assigned the internet exposure level
+ attr_accessor :internet_exposure_username
+
# For Linux and Mac hosts: the major version, minor version, and patch version of the kernel for the asset. For Windows hosts: the build number of the asset.
attr_accessor :kernel_version
# The agent ID of the Falcon sensor installed on the source that most recently discovered the asset.
attr_accessor :last_discoverer_aid
+ # The hostname of the last source that discovered the asset.
+ attr_accessor :last_discoverer_hostname
+
# The most recent time the asset was seen in your environment.
attr_accessor :last_seen_timestamp
@@ -277,12 +307,15 @@ class DomainDiscoverAPIHost
# The organizational unit of the asset.
attr_accessor :ou
- # True if the user has override asset roles computed automatically
+ # Whether a user overrode automatically assigned asset roles to manually assign a role to the asset (true or false).
attr_accessor :override_asset_roles
- # True if the host should not be evaluated against the criticality rules
+ # Whether a user overrode a criticality rule to manually assign a criticality level on the asset (true or false).
attr_accessor :override_criticality_rules
+ # Whether a user overrode the automatically assigned internet exposure (True or False).
+ attr_accessor :override_internet_exposure
+
# The first and last name of the person who owns this asset.
attr_accessor :owned_by
@@ -377,18 +410,23 @@ def self.attribute_map
:'city' => :'city',
:'classification' => :'classification',
:'cloud_account_id' => :'cloud_account_id',
+ :'cloud_instance_id' => :'cloud_instance_id',
:'cloud_provider' => :'cloud_provider',
:'cloud_region' => :'cloud_region',
:'cloud_registered' => :'cloud_registered',
:'cloud_resource_id' => :'cloud_resource_id',
:'computed_asset_roles' => :'computed_asset_roles',
+ :'computed_internet_exposure' => :'computed_internet_exposure',
:'confidence' => :'confidence',
:'country' => :'country',
:'cpu_manufacturer' => :'cpu_manufacturer',
:'cpu_processor_name' => :'cpu_processor_name',
:'creation_timestamp' => :'creation_timestamp',
:'criticality' => :'criticality',
+ :'criticality_description' => :'criticality_description',
:'criticality_rule_id' => :'criticality_rule_id',
+ :'criticality_timestamp' => :'criticality_timestamp',
+ :'criticality_username' => :'criticality_username',
:'current_local_ip' => :'current_local_ip',
:'data_providers' => :'data_providers',
:'data_providers_count' => :'data_providers_count',
@@ -396,6 +434,7 @@ def self.attribute_map
:'descriptions' => :'descriptions',
:'discoverer_aids' => :'discoverer_aids',
:'discoverer_count' => :'discoverer_count',
+ :'discoverer_hostnames' => :'discoverer_hostnames',
:'discoverer_platform_names' => :'discoverer_platform_names',
:'discoverer_product_type_descs' => :'discoverer_product_type_descs',
:'discoverer_tags' => :'discoverer_tags',
@@ -416,8 +455,12 @@ def self.attribute_map
:'hostname' => :'hostname',
:'id' => :'id',
:'internet_exposure' => :'internet_exposure',
+ :'internet_exposure_description' => :'internet_exposure_description',
+ :'internet_exposure_timestamp' => :'internet_exposure_timestamp',
+ :'internet_exposure_username' => :'internet_exposure_username',
:'kernel_version' => :'kernel_version',
:'last_discoverer_aid' => :'last_discoverer_aid',
+ :'last_discoverer_hostname' => :'last_discoverer_hostname',
:'last_seen_timestamp' => :'last_seen_timestamp',
:'local_ip_addresses' => :'local_ip_addresses',
:'local_ips_count' => :'local_ips_count',
@@ -441,6 +484,7 @@ def self.attribute_map
:'ou' => :'ou',
:'override_asset_roles' => :'override_asset_roles',
:'override_criticality_rules' => :'override_criticality_rules',
+ :'override_internet_exposure' => :'override_internet_exposure',
:'owned_by' => :'owned_by',
:'physical_core_count' => :'physical_core_count',
:'platform_name' => :'platform_name',
@@ -496,18 +540,23 @@ def self.openapi_types
:'city' => :'String',
:'classification' => :'String',
:'cloud_account_id' => :'String',
+ :'cloud_instance_id' => :'String',
:'cloud_provider' => :'String',
:'cloud_region' => :'String',
:'cloud_registered' => :'Boolean',
:'cloud_resource_id' => :'String',
:'computed_asset_roles' => :'Array',
+ :'computed_internet_exposure' => :'String',
:'confidence' => :'Integer',
:'country' => :'String',
:'cpu_manufacturer' => :'String',
:'cpu_processor_name' => :'String',
:'creation_timestamp' => :'String',
:'criticality' => :'String',
+ :'criticality_description' => :'String',
:'criticality_rule_id' => :'String',
+ :'criticality_timestamp' => :'String',
+ :'criticality_username' => :'String',
:'current_local_ip' => :'String',
:'data_providers' => :'Array',
:'data_providers_count' => :'Integer',
@@ -515,6 +564,7 @@ def self.openapi_types
:'descriptions' => :'Array',
:'discoverer_aids' => :'Array',
:'discoverer_count' => :'Integer',
+ :'discoverer_hostnames' => :'Array',
:'discoverer_platform_names' => :'Array',
:'discoverer_product_type_descs' => :'Array',
:'discoverer_tags' => :'Array',
@@ -535,8 +585,12 @@ def self.openapi_types
:'hostname' => :'String',
:'id' => :'String',
:'internet_exposure' => :'String',
+ :'internet_exposure_description' => :'String',
+ :'internet_exposure_timestamp' => :'String',
+ :'internet_exposure_username' => :'String',
:'kernel_version' => :'String',
:'last_discoverer_aid' => :'String',
+ :'last_discoverer_hostname' => :'String',
:'last_seen_timestamp' => :'String',
:'local_ip_addresses' => :'Array',
:'local_ips_count' => :'Integer',
@@ -560,6 +614,7 @@ def self.openapi_types
:'ou' => :'String',
:'override_asset_roles' => :'Boolean',
:'override_criticality_rules' => :'Boolean',
+ :'override_internet_exposure' => :'Boolean',
:'owned_by' => :'String',
:'physical_core_count' => :'Integer',
:'platform_name' => :'String',
@@ -692,6 +747,10 @@ def initialize(attributes = {})
self.cloud_account_id = attributes[:'cloud_account_id']
end
+ if attributes.key?(:'cloud_instance_id')
+ self.cloud_instance_id = attributes[:'cloud_instance_id']
+ end
+
if attributes.key?(:'cloud_provider')
self.cloud_provider = attributes[:'cloud_provider']
end
@@ -714,6 +773,10 @@ def initialize(attributes = {})
end
end
+ if attributes.key?(:'computed_internet_exposure')
+ self.computed_internet_exposure = attributes[:'computed_internet_exposure']
+ end
+
if attributes.key?(:'confidence')
self.confidence = attributes[:'confidence']
end
@@ -738,10 +801,22 @@ def initialize(attributes = {})
self.criticality = attributes[:'criticality']
end
+ if attributes.key?(:'criticality_description')
+ self.criticality_description = attributes[:'criticality_description']
+ end
+
if attributes.key?(:'criticality_rule_id')
self.criticality_rule_id = attributes[:'criticality_rule_id']
end
+ if attributes.key?(:'criticality_timestamp')
+ self.criticality_timestamp = attributes[:'criticality_timestamp']
+ end
+
+ if attributes.key?(:'criticality_username')
+ self.criticality_username = attributes[:'criticality_username']
+ end
+
if attributes.key?(:'current_local_ip')
self.current_local_ip = attributes[:'current_local_ip']
end
@@ -776,6 +851,12 @@ def initialize(attributes = {})
self.discoverer_count = attributes[:'discoverer_count']
end
+ if attributes.key?(:'discoverer_hostnames')
+ if (value = attributes[:'discoverer_hostnames']).is_a?(Array)
+ self.discoverer_hostnames = value
+ end
+ end
+
if attributes.key?(:'discoverer_platform_names')
if (value = attributes[:'discoverer_platform_names']).is_a?(Array)
self.discoverer_platform_names = value
@@ -872,6 +953,18 @@ def initialize(attributes = {})
self.internet_exposure = attributes[:'internet_exposure']
end
+ if attributes.key?(:'internet_exposure_description')
+ self.internet_exposure_description = attributes[:'internet_exposure_description']
+ end
+
+ if attributes.key?(:'internet_exposure_timestamp')
+ self.internet_exposure_timestamp = attributes[:'internet_exposure_timestamp']
+ end
+
+ if attributes.key?(:'internet_exposure_username')
+ self.internet_exposure_username = attributes[:'internet_exposure_username']
+ end
+
if attributes.key?(:'kernel_version')
self.kernel_version = attributes[:'kernel_version']
end
@@ -880,6 +973,10 @@ def initialize(attributes = {})
self.last_discoverer_aid = attributes[:'last_discoverer_aid']
end
+ if attributes.key?(:'last_discoverer_hostname')
+ self.last_discoverer_hostname = attributes[:'last_discoverer_hostname']
+ end
+
if attributes.key?(:'last_seen_timestamp')
self.last_seen_timestamp = attributes[:'last_seen_timestamp']
end
@@ -980,6 +1077,10 @@ def initialize(attributes = {})
self.override_criticality_rules = attributes[:'override_criticality_rules']
end
+ if attributes.key?(:'override_internet_exposure')
+ self.override_internet_exposure = attributes[:'override_internet_exposure']
+ end
+
if attributes.key?(:'owned_by')
self.owned_by = attributes[:'owned_by']
end
@@ -1129,18 +1230,23 @@ def ==(o)
city == o.city &&
classification == o.classification &&
cloud_account_id == o.cloud_account_id &&
+ cloud_instance_id == o.cloud_instance_id &&
cloud_provider == o.cloud_provider &&
cloud_region == o.cloud_region &&
cloud_registered == o.cloud_registered &&
cloud_resource_id == o.cloud_resource_id &&
computed_asset_roles == o.computed_asset_roles &&
+ computed_internet_exposure == o.computed_internet_exposure &&
confidence == o.confidence &&
country == o.country &&
cpu_manufacturer == o.cpu_manufacturer &&
cpu_processor_name == o.cpu_processor_name &&
creation_timestamp == o.creation_timestamp &&
criticality == o.criticality &&
+ criticality_description == o.criticality_description &&
criticality_rule_id == o.criticality_rule_id &&
+ criticality_timestamp == o.criticality_timestamp &&
+ criticality_username == o.criticality_username &&
current_local_ip == o.current_local_ip &&
data_providers == o.data_providers &&
data_providers_count == o.data_providers_count &&
@@ -1148,6 +1254,7 @@ def ==(o)
descriptions == o.descriptions &&
discoverer_aids == o.discoverer_aids &&
discoverer_count == o.discoverer_count &&
+ discoverer_hostnames == o.discoverer_hostnames &&
discoverer_platform_names == o.discoverer_platform_names &&
discoverer_product_type_descs == o.discoverer_product_type_descs &&
discoverer_tags == o.discoverer_tags &&
@@ -1168,8 +1275,12 @@ def ==(o)
hostname == o.hostname &&
id == o.id &&
internet_exposure == o.internet_exposure &&
+ internet_exposure_description == o.internet_exposure_description &&
+ internet_exposure_timestamp == o.internet_exposure_timestamp &&
+ internet_exposure_username == o.internet_exposure_username &&
kernel_version == o.kernel_version &&
last_discoverer_aid == o.last_discoverer_aid &&
+ last_discoverer_hostname == o.last_discoverer_hostname &&
last_seen_timestamp == o.last_seen_timestamp &&
local_ip_addresses == o.local_ip_addresses &&
local_ips_count == o.local_ips_count &&
@@ -1193,6 +1304,7 @@ def ==(o)
ou == o.ou &&
override_asset_roles == o.override_asset_roles &&
override_criticality_rules == o.override_criticality_rules &&
+ override_internet_exposure == o.override_internet_exposure &&
owned_by == o.owned_by &&
physical_core_count == o.physical_core_count &&
platform_name == o.platform_name &&
@@ -1228,7 +1340,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [account_enabled, active_discovery, ad_user_account_control, agent_version, aid, asset_roles, assigned_to, available_disk_space, available_disk_space_pct, average_memory_usage, average_memory_usage_pct, average_processor_usage, bios_hashes_data, bios_id, bios_manufacturer, bios_version, cid, city, classification, cloud_account_id, cloud_provider, cloud_region, cloud_registered, cloud_resource_id, computed_asset_roles, confidence, country, cpu_manufacturer, cpu_processor_name, creation_timestamp, criticality, criticality_rule_id, current_local_ip, data_providers, data_providers_count, department, descriptions, discoverer_aids, discoverer_count, discoverer_platform_names, discoverer_product_type_descs, discoverer_tags, discovering_by, disk_sizes, email, encrypted_drives, encrypted_drives_count, encryption_status, entity_type, external_ip, field_metadata, first_discoverer_aid, first_seen_timestamp, form_factor, fqdn, groups, hostname, id, internet_exposure, kernel_version, last_discoverer_aid, last_seen_timestamp, local_ip_addresses, local_ips_count, location, logical_core_count, mac_addresses, machine_domain, managed_by, max_memory_usage, max_memory_usage_pct, max_processor_usage, mount_storage_info, network_interfaces, number_of_disk_drives, object_guid, object_sid, os_is_eol, os_security, os_service_pack, os_version, ou, override_asset_roles, override_criticality_rules, owned_by, physical_core_count, platform_name, processor_package_count, product_type, product_type_desc, reduced_functionality_mode, servicenow_id, site_name, state, system_manufacturer, system_product_name, system_serial_number, tags, tenableio_id, total_bios_files, total_disk_space, total_memory, triage, unencrypted_drives, unencrypted_drives_count, used_disk_space, used_disk_space_pct, used_for].hash
+ [account_enabled, active_discovery, ad_user_account_control, agent_version, aid, asset_roles, assigned_to, available_disk_space, available_disk_space_pct, average_memory_usage, average_memory_usage_pct, average_processor_usage, bios_hashes_data, bios_id, bios_manufacturer, bios_version, cid, city, classification, cloud_account_id, cloud_instance_id, cloud_provider, cloud_region, cloud_registered, cloud_resource_id, computed_asset_roles, computed_internet_exposure, confidence, country, cpu_manufacturer, cpu_processor_name, creation_timestamp, criticality, criticality_description, criticality_rule_id, criticality_timestamp, criticality_username, current_local_ip, data_providers, data_providers_count, department, descriptions, discoverer_aids, discoverer_count, discoverer_hostnames, discoverer_platform_names, discoverer_product_type_descs, discoverer_tags, discovering_by, disk_sizes, email, encrypted_drives, encrypted_drives_count, encryption_status, entity_type, external_ip, field_metadata, first_discoverer_aid, first_seen_timestamp, form_factor, fqdn, groups, hostname, id, internet_exposure, internet_exposure_description, internet_exposure_timestamp, internet_exposure_username, kernel_version, last_discoverer_aid, last_discoverer_hostname, last_seen_timestamp, local_ip_addresses, local_ips_count, location, logical_core_count, mac_addresses, machine_domain, managed_by, max_memory_usage, max_memory_usage_pct, max_processor_usage, mount_storage_info, network_interfaces, number_of_disk_drives, object_guid, object_sid, os_is_eol, os_security, os_service_pack, os_version, ou, override_asset_roles, override_criticality_rules, override_internet_exposure, owned_by, physical_core_count, platform_name, processor_package_count, product_type, product_type_desc, reduced_functionality_mode, servicenow_id, site_name, state, system_manufacturer, system_product_name, system_serial_number, tags, tenableio_id, total_bios_files, total_disk_space, total_memory, triage, unencrypted_drives, unencrypted_drives_count, used_disk_space, used_disk_space_pct, used_for].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_discover_apiio_t_host.rb b/lib/crimson-falcon/models/domain_discover_apiio_t_host.rb
index e7259a83..5cbf221b 100644
--- a/lib/crimson-falcon/models/domain_discover_apiio_t_host.rb
+++ b/lib/crimson-falcon/models/domain_discover_apiio_t_host.rb
@@ -108,6 +108,9 @@ class DomainDiscoverAPIIoTHost
# The number of sources that discovered the asset.
attr_accessor :discoverer_count
+ # A list of agent IDs of the Falcon sensors installed on the source hosts that discovered the asset via ICS Asset discovery mechanism
+ attr_accessor :discoverer_ics_collector_ids
+
# The product type descriptions of the sources that discovered the asset.
attr_accessor :discoverer_product_type_descs
@@ -322,6 +325,7 @@ def self.attribute_map
:'device_slots' => :'device_slots',
:'device_type' => :'device_type',
:'discoverer_count' => :'discoverer_count',
+ :'discoverer_ics_collector_ids' => :'discoverer_ics_collector_ids',
:'discoverer_product_type_descs' => :'discoverer_product_type_descs',
:'disk_sizes' => :'disk_sizes',
:'encrypted_drives' => :'encrypted_drives',
@@ -420,6 +424,7 @@ def self.openapi_types
:'device_slots' => :'Array',
:'device_type' => :'String',
:'discoverer_count' => :'Integer',
+ :'discoverer_ics_collector_ids' => :'Array',
:'discoverer_product_type_descs' => :'Array',
:'disk_sizes' => :'Array',
:'encrypted_drives' => :'Array',
@@ -610,6 +615,12 @@ def initialize(attributes = {})
self.discoverer_count = attributes[:'discoverer_count']
end
+ if attributes.key?(:'discoverer_ics_collector_ids')
+ if (value = attributes[:'discoverer_ics_collector_ids']).is_a?(Array)
+ self.discoverer_ics_collector_ids = value
+ end
+ end
+
if attributes.key?(:'discoverer_product_type_descs')
if (value = attributes[:'discoverer_product_type_descs']).is_a?(Array)
self.discoverer_product_type_descs = value
@@ -938,6 +949,7 @@ def ==(o)
device_slots == o.device_slots &&
device_type == o.device_type &&
discoverer_count == o.discoverer_count &&
+ discoverer_ics_collector_ids == o.discoverer_ics_collector_ids &&
discoverer_product_type_descs == o.discoverer_product_type_descs &&
disk_sizes == o.disk_sizes &&
encrypted_drives == o.encrypted_drives &&
@@ -1011,7 +1023,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [agent_version, aid, available_disk_space, average_memory_usage, average_processor_usage, bios_id, bios_manufacturer, bios_version, business_criticality, cid, city, claroty_id, confidence, country, cpu_processor_name, credential_guard_status, current_local_ip, data_providers, data_providers_count, device_class, device_family, device_guard_status, device_slots, device_type, discoverer_count, discoverer_product_type_descs, disk_sizes, encrypted_drives, encrypted_drives_count, encryption_status, entity_type, external_ip, field_metadata, first_seen_timestamp, groups, hostname, ics_id, id, internet_exposure, iommu_protection_status, kernel_dma_protection_status, kernel_version, last_discoverer_ics_collector_id, last_seen_timestamp, local_ip_addresses, local_ips_count, logical_core_count, mac_addresses, machine_domain, max_memory_usage, max_processor_usage, memory_total, mount_storage_info, network_id, network_interfaces, number_of_disk_drives, os_is_eol, os_version, ou, physical_core_count, platform_name, processor_package_count, product_type, product_type_desc, protocols, purdue_level, reduced_functionality_mode, secure_boot_enabled_status, secure_boot_requested_status, secure_memory_overwrite_requested_status, site_name, subnet, system_guard_status, system_manufacturer, system_product_name, system_serial_number, tags, total_bios_files, total_disk_space, uefi_memory_protection_status, unencrypted_drives, unencrypted_drives_count, used_disk_space, virtual_zone, virtualization_based_security_status, vlan, xdome_id].hash
+ [agent_version, aid, available_disk_space, average_memory_usage, average_processor_usage, bios_id, bios_manufacturer, bios_version, business_criticality, cid, city, claroty_id, confidence, country, cpu_processor_name, credential_guard_status, current_local_ip, data_providers, data_providers_count, device_class, device_family, device_guard_status, device_slots, device_type, discoverer_count, discoverer_ics_collector_ids, discoverer_product_type_descs, disk_sizes, encrypted_drives, encrypted_drives_count, encryption_status, entity_type, external_ip, field_metadata, first_seen_timestamp, groups, hostname, ics_id, id, internet_exposure, iommu_protection_status, kernel_dma_protection_status, kernel_version, last_discoverer_ics_collector_id, last_seen_timestamp, local_ip_addresses, local_ips_count, logical_core_count, mac_addresses, machine_domain, max_memory_usage, max_processor_usage, memory_total, mount_storage_info, network_id, network_interfaces, number_of_disk_drives, os_is_eol, os_version, ou, physical_core_count, platform_name, processor_package_count, product_type, product_type_desc, protocols, purdue_level, reduced_functionality_mode, secure_boot_enabled_status, secure_boot_requested_status, secure_memory_overwrite_requested_status, site_name, subnet, system_guard_status, system_manufacturer, system_product_name, system_serial_number, tags, total_bios_files, total_disk_space, uefi_memory_protection_status, unencrypted_drives, unencrypted_drives_count, used_disk_space, virtual_zone, virtualization_based_security_status, vlan, xdome_id].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_discover_params.rb b/lib/crimson-falcon/models/domain_discover_params.rb
index 7a5dfbc6..c741d960 100644
--- a/lib/crimson-falcon/models/domain_discover_params.rb
+++ b/lib/crimson-falcon/models/domain_discover_params.rb
@@ -32,14 +32,20 @@
module Falcon
class DomainDiscoverParams
+ attr_accessor :application_filters
+
attr_accessor :application_group_id
+ attr_accessor :application_vendors
+
attr_accessor :requirement_criteria
# Attribute mapping from ruby-style variable name to JSON key.
def self.attribute_map
{
+ :'application_filters' => :'application_filters',
:'application_group_id' => :'application_group_id',
+ :'application_vendors' => :'application_vendors',
:'requirement_criteria' => :'requirement_criteria'
}
end
@@ -52,7 +58,9 @@ def self.acceptable_attributes
# Attribute type mapping.
def self.openapi_types
{
+ :'application_filters' => :'String',
:'application_group_id' => :'String',
+ :'application_vendors' => :'String',
:'requirement_criteria' => :'String'
}
end
@@ -78,10 +86,18 @@ def initialize(attributes = {})
h[k.to_sym] = v
}
+ if attributes.key?(:'application_filters')
+ self.application_filters = attributes[:'application_filters']
+ end
+
if attributes.key?(:'application_group_id')
self.application_group_id = attributes[:'application_group_id']
end
+ if attributes.key?(:'application_vendors')
+ self.application_vendors = attributes[:'application_vendors']
+ end
+
if attributes.key?(:'requirement_criteria')
self.requirement_criteria = attributes[:'requirement_criteria']
end
@@ -91,10 +107,18 @@ def initialize(attributes = {})
# @return Array for valid properties with the reasons
def list_invalid_properties
invalid_properties = Array.new
+ if @application_filters.nil?
+ invalid_properties.push('invalid value for "application_filters", application_filters cannot be nil.')
+ end
+
if @application_group_id.nil?
invalid_properties.push('invalid value for "application_group_id", application_group_id cannot be nil.')
end
+ if @application_vendors.nil?
+ invalid_properties.push('invalid value for "application_vendors", application_vendors cannot be nil.')
+ end
+
if @requirement_criteria.nil?
invalid_properties.push('invalid value for "requirement_criteria", requirement_criteria cannot be nil.')
end
@@ -105,7 +129,9 @@ def list_invalid_properties
# Check to see if the all the properties in the model are valid
# @return true if the model is valid
def valid?
+ return false if @application_filters.nil?
return false if @application_group_id.nil?
+ return false if @application_vendors.nil?
return false if @requirement_criteria.nil?
true
end
@@ -115,7 +141,9 @@ def valid?
def ==(o)
return true if self.equal?(o)
self.class == o.class &&
+ application_filters == o.application_filters &&
application_group_id == o.application_group_id &&
+ application_vendors == o.application_vendors &&
requirement_criteria == o.requirement_criteria
end
@@ -128,7 +156,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [application_group_id, requirement_criteria].hash
+ [application_filters, application_group_id, application_vendors, requirement_criteria].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_e_crime_kill_chain.rb b/lib/crimson-falcon/models/domain_e_crime_kill_chain.rb
index 71c59fad..0893d475 100644
--- a/lib/crimson-falcon/models/domain_e_crime_kill_chain.rb
+++ b/lib/crimson-falcon/models/domain_e_crime_kill_chain.rb
@@ -32,44 +32,64 @@
module Falcon
class DomainECrimeKillChain
+ # Free form text describing attribution of the ecrime actor
attr_accessor :attribution
+ # Free form text describing actor's crimes
attr_accessor :crimes
+ # Free form text describing ecrime actor's customers and affiliates
attr_accessor :customers
+ # Comma separated values of vulnerabilities by CVE codes that are exploited by actor
attr_accessor :exploitation
+ # Free form text describing ecrime actor's marketing campaigns and advertisement
attr_accessor :marketing
+ # Legacy field, not used and empty
attr_accessor :monetization
+ # Rich text version of the attribution field
attr_accessor :rich_text_attribution
+ # Rich text version of the crimes field
attr_accessor :rich_text_crimes
+ # Rich text version of the customers field
attr_accessor :rich_text_customers
+ # Rich text version of the exploitation field
attr_accessor :rich_text_exploitation
+ # Rich text version of the marketing field
attr_accessor :rich_text_marketing
+ # Legacy field, not used and empty
attr_accessor :rich_text_monetization
+ # Rich text version of the services_offered field
attr_accessor :rich_text_services_offered
+ # Rich text version of the services_used field
attr_accessor :rich_text_services_used
+ # Rich text version of the technical_tradecraft field
attr_accessor :rich_text_technical_tradecraft
+ # Rich text version of the victims field
attr_accessor :rich_text_victims
+ # Free form text describing ecrime actor's services offered and monetized
attr_accessor :services_offered
+ # Free form text describing ecrime actor's used services provided by other actors or groups
attr_accessor :services_used
+ # Free form text describing methods and descriptions of techniques used by actor
attr_accessor :technical_tradecraft
+ # Free form text describing victims or their characteristics of the ecrime actor
attr_accessor :victims
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_entity.rb b/lib/crimson-falcon/models/domain_entity.rb
index 91b02ee3..0f8ada4b 100644
--- a/lib/crimson-falcon/models/domain_entity.rb
+++ b/lib/crimson-falcon/models/domain_entity.rb
@@ -32,12 +32,16 @@
module Falcon
class DomainEntity
+ # numerical id ensuring data integrity
attr_accessor :id
+ # name of the entity
attr_accessor :name
+ # search and url friendly value, usually lowercase representation of value with spaces replaced with dashes, except for countries where 2 letters codes are used
attr_accessor :slug
+ # string value of the generic entity which is searchable and filterable
attr_accessor :value
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_gcp_account_v1.rb b/lib/crimson-falcon/models/domain_gcp_account_v1.rb
index 704f5810..77ea872a 100644
--- a/lib/crimson-falcon/models/domain_gcp_account_v1.rb
+++ b/lib/crimson-falcon/models/domain_gcp_account_v1.rb
@@ -42,11 +42,15 @@ class DomainGCPAccountV1
attr_accessor :cid
+ attr_accessor :cloud_scopes
+
attr_accessor :cspm_enabled
# GCP Display Name
attr_accessor :display_name
+ attr_accessor :environment
+
# GCP folder ID
attr_accessor :folder_id
@@ -91,8 +95,10 @@ def self.attribute_map
:'id' => :'ID',
:'updated_at' => :'UpdatedAt',
:'cid' => :'cid',
+ :'cloud_scopes' => :'cloud_scopes',
:'cspm_enabled' => :'cspm_enabled',
:'display_name' => :'display_name',
+ :'environment' => :'environment',
:'folder_id' => :'folder_id',
:'folder_name' => :'folder_name',
:'gcp_permissions_status' => :'gcp_permissions_status',
@@ -122,8 +128,10 @@ def self.openapi_types
:'id' => :'Integer',
:'updated_at' => :'Time',
:'cid' => :'String',
+ :'cloud_scopes' => :'Array',
:'cspm_enabled' => :'Boolean',
:'display_name' => :'String',
+ :'environment' => :'String',
:'folder_id' => :'String',
:'folder_name' => :'String',
:'gcp_permissions_status' => :'Array',
@@ -181,6 +189,12 @@ def initialize(attributes = {})
self.cid = attributes[:'cid']
end
+ if attributes.key?(:'cloud_scopes')
+ if (value = attributes[:'cloud_scopes']).is_a?(Array)
+ self.cloud_scopes = value
+ end
+ end
+
if attributes.key?(:'cspm_enabled')
self.cspm_enabled = attributes[:'cspm_enabled']
end
@@ -189,6 +203,10 @@ def initialize(attributes = {})
self.display_name = attributes[:'display_name']
end
+ if attributes.key?(:'environment')
+ self.environment = attributes[:'environment']
+ end
+
if attributes.key?(:'folder_id')
self.folder_id = attributes[:'folder_id']
end
@@ -307,8 +325,10 @@ def ==(o)
id == o.id &&
updated_at == o.updated_at &&
cid == o.cid &&
+ cloud_scopes == o.cloud_scopes &&
cspm_enabled == o.cspm_enabled &&
display_name == o.display_name &&
+ environment == o.environment &&
folder_id == o.folder_id &&
folder_name == o.folder_name &&
gcp_permissions_status == o.gcp_permissions_status &&
@@ -333,7 +353,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [created_at, deleted_at, id, updated_at, cid, cspm_enabled, display_name, folder_id, folder_name, gcp_permissions_status, organization_id, organization_name, parent_id, parent_type, project_id, service_account_client_email, service_account_client_id, service_account_id, service_account_private_key_id, status].hash
+ [created_at, deleted_at, id, updated_at, cid, cloud_scopes, cspm_enabled, display_name, environment, folder_id, folder_name, gcp_permissions_status, organization_id, organization_name, parent_id, parent_type, project_id, service_account_client_email, service_account_client_id, service_account_id, service_account_private_key_id, status].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_kill_chain.rb b/lib/crimson-falcon/models/domain_kill_chain.rb
index 1a478892..f8e8b306 100644
--- a/lib/crimson-falcon/models/domain_kill_chain.rb
+++ b/lib/crimson-falcon/models/domain_kill_chain.rb
@@ -32,36 +32,52 @@
module Falcon
class DomainKillChain
+ # Free form text describing actions and objectives of the actor
attr_accessor :actions_and_objectives
+ # Free form text describing methods and tools used to communicate with and control an infected machine or network
attr_accessor :command_and_control
+ # Free form text describing malware delivery by actor
attr_accessor :delivery
+ # Comma separated values of vulnerabilities by CVE codes that are exploited by actor
attr_accessor :exploitation
+ # Free form text describing actor's malware installation on the asset
attr_accessor :installation
+ # Legacy field, not used and empty
attr_accessor :objectives
+ # Free form text describing how targets are researched, identified and selected
attr_accessor :reconnaissance
+ # Rich free form text describing actions and objectives of the actor
attr_accessor :rich_text_actions_and_objectives
+ # Rich free form text describing methods and tools used to communicate with and control an infected machine or network
attr_accessor :rich_text_command_and_control
+ # Rich free form text describing malware delivery by actor
attr_accessor :rich_text_delivery
+ # Rich text comma separated values of vulnerabilities by CVE codes that are exploited by actor
attr_accessor :rich_text_exploitation
+ # Rich free form text describing actor's malware installation on the asset
attr_accessor :rich_text_installation
+ # Legacy field, not used and empty
attr_accessor :rich_text_objectives
+ # Rich free form text describing how targets are researched, identified and selected
attr_accessor :rich_text_reconnaissance
+ # Rich free form text describing weaponization of the threat/malware (couples exploit with backdoor into deliverable payload)
attr_accessor :rich_text_weaponization
+ # Free form text describing weaponization of the threat/malware (couples exploit with backdoor into deliverable payload)
attr_accessor :weaponization
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_matched_breach_summary_v1.rb b/lib/crimson-falcon/models/domain_matched_breach_summary_v1.rb
index ea9e6b48..36b2f5c8 100644
--- a/lib/crimson-falcon/models/domain_matched_breach_summary_v1.rb
+++ b/lib/crimson-falcon/models/domain_matched_breach_summary_v1.rb
@@ -60,6 +60,10 @@ class DomainMatchedBreachSummaryV1
# Metadata regarding the file(s) where exposed data records where found.
attr_accessor :files
+ attr_accessor :idp_send_date
+
+ attr_accessor :idp_send_status
+
# The name of the breach
attr_accessor :name
@@ -82,6 +86,8 @@ def self.attribute_map
:'exposure_date' => :'exposure_date',
:'fields' => :'fields',
:'files' => :'files',
+ :'idp_send_date' => :'idp_send_date',
+ :'idp_send_status' => :'idp_send_status',
:'name' => :'name',
:'obtained_by' => :'obtained_by',
:'url' => :'url'
@@ -106,6 +112,8 @@ def self.openapi_types
:'exposure_date' => :'Time',
:'fields' => :'Array',
:'files' => :'Array',
+ :'idp_send_date' => :'Time',
+ :'idp_send_status' => :'String',
:'name' => :'String',
:'obtained_by' => :'String',
:'url' => :'String'
@@ -181,6 +189,14 @@ def initialize(attributes = {})
end
end
+ if attributes.key?(:'idp_send_date')
+ self.idp_send_date = attributes[:'idp_send_date']
+ end
+
+ if attributes.key?(:'idp_send_status')
+ self.idp_send_status = attributes[:'idp_send_status']
+ end
+
if attributes.key?(:'name')
self.name = attributes[:'name']
end
@@ -237,6 +253,8 @@ def ==(o)
exposure_date == o.exposure_date &&
fields == o.fields &&
files == o.files &&
+ idp_send_date == o.idp_send_date &&
+ idp_send_status == o.idp_send_status &&
name == o.name &&
obtained_by == o.obtained_by &&
url == o.url
@@ -251,7 +269,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [community_name, confidence_level, credentials_domains, credentials_ips, description, event_date, event_id, exposure_date, fields, files, name, obtained_by, url].hash
+ [community_name, confidence_level, credentials_domains, credentials_ips, description, event_date, event_id, exposure_date, fields, files, idp_send_date, idp_send_status, name, obtained_by, url].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_meta_info.rb b/lib/crimson-falcon/models/domain_meta_info.rb
index 06708a87..db4d2301 100644
--- a/lib/crimson-falcon/models/domain_meta_info.rb
+++ b/lib/crimson-falcon/models/domain_meta_info.rb
@@ -32,21 +32,15 @@
module Falcon
class DomainMetaInfo
- attr_accessor :pagination
+ attr_accessor :msa_meta_info
- attr_accessor :powered_by
-
- attr_accessor :query_time
-
- attr_accessor :trace_id
+ attr_accessor :quota
# Attribute mapping from ruby-style variable name to JSON key.
def self.attribute_map
{
- :'pagination' => :'pagination',
- :'powered_by' => :'powered_by',
- :'query_time' => :'query_time',
- :'trace_id' => :'trace_id'
+ :'msa_meta_info' => :'MsaMetaInfo',
+ :'quota' => :'quota'
}
end
@@ -58,10 +52,8 @@ def self.acceptable_attributes
# Attribute type mapping.
def self.openapi_types
{
- :'pagination' => :'DomainAssessmentPaging',
- :'powered_by' => :'String',
- :'query_time' => :'Float',
- :'trace_id' => :'String'
+ :'msa_meta_info' => :'MsaspecMetaInfo',
+ :'quota' => :'DomainQuota'
}
end
@@ -86,20 +78,12 @@ def initialize(attributes = {})
h[k.to_sym] = v
}
- if attributes.key?(:'pagination')
- self.pagination = attributes[:'pagination']
- end
-
- if attributes.key?(:'powered_by')
- self.powered_by = attributes[:'powered_by']
+ if attributes.key?(:'msa_meta_info')
+ self.msa_meta_info = attributes[:'msa_meta_info']
end
- if attributes.key?(:'query_time')
- self.query_time = attributes[:'query_time']
- end
-
- if attributes.key?(:'trace_id')
- self.trace_id = attributes[:'trace_id']
+ if attributes.key?(:'quota')
+ self.quota = attributes[:'quota']
end
end
@@ -107,12 +91,8 @@ def initialize(attributes = {})
# @return Array for valid properties with the reasons
def list_invalid_properties
invalid_properties = Array.new
- if @query_time.nil?
- invalid_properties.push('invalid value for "query_time", query_time cannot be nil.')
- end
-
- if @trace_id.nil?
- invalid_properties.push('invalid value for "trace_id", trace_id cannot be nil.')
+ if @msa_meta_info.nil?
+ invalid_properties.push('invalid value for "msa_meta_info", msa_meta_info cannot be nil.')
end
invalid_properties
@@ -121,8 +101,7 @@ def list_invalid_properties
# Check to see if the all the properties in the model are valid
# @return true if the model is valid
def valid?
- return false if @query_time.nil?
- return false if @trace_id.nil?
+ return false if @msa_meta_info.nil?
true
end
@@ -131,10 +110,8 @@ def valid?
def ==(o)
return true if self.equal?(o)
self.class == o.class &&
- pagination == o.pagination &&
- powered_by == o.powered_by &&
- query_time == o.query_time &&
- trace_id == o.trace_id
+ msa_meta_info == o.msa_meta_info &&
+ quota == o.quota
end
# @see the `==` method
@@ -146,7 +123,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [pagination, powered_by, query_time, trace_id].hash
+ [msa_meta_info, quota].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_msa_meta_info.rb b/lib/crimson-falcon/models/domain_msa_meta_info.rb
new file mode 100644
index 00000000..a94c2673
--- /dev/null
+++ b/lib/crimson-falcon/models/domain_msa_meta_info.rb
@@ -0,0 +1,248 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class DomainMsaMetaInfo
+ attr_accessor :pagination
+
+ attr_accessor :query_time
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'pagination' => :'pagination',
+ :'query_time' => :'queryTime'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'pagination' => :'MsaspecPaging',
+ :'query_time' => :'Float'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainMsaMetaInfo` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainMsaMetaInfo`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'pagination')
+ self.pagination = attributes[:'pagination']
+ end
+
+ if attributes.key?(:'query_time')
+ self.query_time = attributes[:'query_time']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ if @query_time.nil?
+ invalid_properties.push('invalid value for "query_time", query_time cannot be nil.')
+ end
+
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ return false if @query_time.nil?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ pagination == o.pagination &&
+ query_time == o.query_time
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [pagination, query_time].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/domain_news_document.rb b/lib/crimson-falcon/models/domain_news_document.rb
index 7fe79be2..e86fb78b 100644
--- a/lib/crimson-falcon/models/domain_news_document.rb
+++ b/lib/crimson-falcon/models/domain_news_document.rb
@@ -32,42 +32,59 @@
module Falcon
class DomainNewsDocument
+ # legacy field, not used
attr_accessor :active
+ # Actors mentioned, related or referenced in the news/report
attr_accessor :actors
+ # News attachment, containing either pdf url or feeds zip and/or gzip archive
attr_accessor :attachments
+ # Date of the news document creation, unix timestampt
attr_accessor :created_date
+ # Full report description, extracted from the document
attr_accessor :description
+ # internal property used for permissions check of access, not returned or explicitly filterable
attr_accessor :entitlements
+ # Integer ID of the News document
attr_accessor :id
attr_accessor :image
+ # Date of the news document last modification, unix timestampt
attr_accessor :last_modified_date
+ # News mentioned motivation or motivation of related actors and malware families
attr_accessor :motivations
+ # News title
attr_accessor :name
+ # internal field, not used
attr_accessor :notify_users
+ # Rich text description with markup
attr_accessor :rich_text_description
+ # Short description of the report content
attr_accessor :short_description
+ # News title in a url friendly way, which is title in lowercase and special characters including space replaced with dash
attr_accessor :slug
attr_accessor :sub_type
+ # News tags, which contains MITRE, Vulnerability community identifiers, capabilities, malware family name, customer target, activity cluster, notable event, geopolitical issue
attr_accessor :tags
+ # News mentioned target countries or related actor's target countries
attr_accessor :target_countries
+ # News mentioned target industries or related actor's target industries
attr_accessor :target_industries
attr_accessor :thumbnail
@@ -76,6 +93,7 @@ class DomainNewsDocument
attr_accessor :type
+ # URL of the news document where it can be accessed in the Falcon Portal
attr_accessor :url
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_news_response.rb b/lib/crimson-falcon/models/domain_news_response.rb
index 9463f2a6..d4dbc568 100644
--- a/lib/crimson-falcon/models/domain_news_response.rb
+++ b/lib/crimson-falcon/models/domain_news_response.rb
@@ -32,6 +32,7 @@
module Falcon
class DomainNewsResponse
+ # Array of API Errors
attr_accessor :errors
attr_accessor :meta
diff --git a/lib/crimson-falcon/models/domain_notification_v1.rb b/lib/crimson-falcon/models/domain_notification_v1.rb
index 4f90b0f4..4d920134 100644
--- a/lib/crimson-falcon/models/domain_notification_v1.rb
+++ b/lib/crimson-falcon/models/domain_notification_v1.rb
@@ -75,6 +75,8 @@ class DomainNotificationV1
# Type of the item which matched the rule: `post`, `reply`, `botnet_config`, `breach`, etc.
attr_accessor :item_type
+ attr_accessor :logs
+
# ID of the raw intel item that matched the rule
attr_accessor :raw_intel_id
@@ -119,6 +121,7 @@ def self.attribute_map
:'item_site' => :'item_site',
:'item_site_id' => :'item_site_id',
:'item_type' => :'item_type',
+ :'logs' => :'logs',
:'raw_intel_id' => :'raw_intel_id',
:'rule_id' => :'rule_id',
:'rule_name' => :'rule_name',
@@ -154,6 +157,7 @@ def self.openapi_types
:'item_site' => :'String',
:'item_site_id' => :'String',
:'item_type' => :'String',
+ :'logs' => :'Array',
:'raw_intel_id' => :'String',
:'rule_id' => :'String',
:'rule_name' => :'String',
@@ -249,6 +253,12 @@ def initialize(attributes = {})
self.item_type = attributes[:'item_type']
end
+ if attributes.key?(:'logs')
+ if (value = attributes[:'logs']).is_a?(Array)
+ self.logs = value
+ end
+ end
+
if attributes.key?(:'raw_intel_id')
self.raw_intel_id = attributes[:'raw_intel_id']
end
@@ -384,6 +394,7 @@ def ==(o)
item_site == o.item_site &&
item_site_id == o.item_site_id &&
item_type == o.item_type &&
+ logs == o.logs &&
raw_intel_id == o.raw_intel_id &&
rule_id == o.rule_id &&
rule_name == o.rule_name &&
@@ -404,7 +415,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [assigned_to_uid, assigned_to_username, assigned_to_uuid, breach_summary, cid, created_date, highlights, id, item_author, item_author_id, item_date, item_id, item_site, item_site_id, item_type, raw_intel_id, rule_id, rule_name, rule_priority, rule_topic, source_category, status, typosquatting, updated_date].hash
+ [assigned_to_uid, assigned_to_username, assigned_to_uuid, breach_summary, cid, created_date, highlights, id, item_author, item_author_id, item_date, item_id, item_site, item_site_id, item_type, logs, raw_intel_id, rule_id, rule_name, rule_priority, rule_topic, source_category, status, typosquatting, updated_date].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_policy_info.rb b/lib/crimson-falcon/models/domain_policy_info.rb
index fae29b7a..bdb8d1f7 100644
--- a/lib/crimson-falcon/models/domain_policy_info.rb
+++ b/lib/crimson-falcon/models/domain_policy_info.rb
@@ -56,6 +56,8 @@ class DomainPolicyInfo
attr_accessor :cis_benchmark_ids
+ attr_accessor :cisa_benchmark_ids
+
attr_accessor :cli_command
attr_accessor :cloud_asset_type
@@ -90,6 +92,8 @@ class DomainPolicyInfo
attr_accessor :is_remediable
+ attr_accessor :iso_benchmark_ids
+
attr_accessor :mitre_attack_cloud_matrix
attr_accessor :mitre_attack_cloud_subtype
@@ -145,6 +149,7 @@ def self.attribute_map
:'attack_tool_command' => :'attack_tool_command',
:'attack_types' => :'attack_types',
:'cis_benchmark_ids' => :'cis_benchmark_ids',
+ :'cisa_benchmark_ids' => :'cisa_benchmark_ids',
:'cli_command' => :'cli_command',
:'cloud_asset_type' => :'cloud_asset_type',
:'cloud_document' => :'cloud_document',
@@ -162,6 +167,7 @@ def self.attribute_map
:'internal_only' => :'internal_only',
:'is_enabled' => :'is_enabled',
:'is_remediable' => :'is_remediable',
+ :'iso_benchmark_ids' => :'iso_benchmark_ids',
:'mitre_attack_cloud_matrix' => :'mitre_attack_cloud_matrix',
:'mitre_attack_cloud_subtype' => :'mitre_attack_cloud_subtype',
:'nist_benchmark_ids' => :'nist_benchmark_ids',
@@ -205,6 +211,7 @@ def self.openapi_types
:'attack_tool_command' => :'String',
:'attack_types' => :'Array',
:'cis_benchmark_ids' => :'Array',
+ :'cisa_benchmark_ids' => :'Array',
:'cli_command' => :'String',
:'cloud_asset_type' => :'String',
:'cloud_document' => :'String',
@@ -222,6 +229,7 @@ def self.openapi_types
:'internal_only' => :'Boolean',
:'is_enabled' => :'Boolean',
:'is_remediable' => :'Boolean',
+ :'iso_benchmark_ids' => :'Array',
:'mitre_attack_cloud_matrix' => :'String',
:'mitre_attack_cloud_subtype' => :'String',
:'nist_benchmark_ids' => :'Array',
@@ -318,6 +326,12 @@ def initialize(attributes = {})
end
end
+ if attributes.key?(:'cisa_benchmark_ids')
+ if (value = attributes[:'cisa_benchmark_ids']).is_a?(Array)
+ self.cisa_benchmark_ids = value
+ end
+ end
+
if attributes.key?(:'cli_command')
self.cli_command = attributes[:'cli_command']
end
@@ -386,6 +400,12 @@ def initialize(attributes = {})
self.is_remediable = attributes[:'is_remediable']
end
+ if attributes.key?(:'iso_benchmark_ids')
+ if (value = attributes[:'iso_benchmark_ids']).is_a?(Array)
+ self.iso_benchmark_ids = value
+ end
+ end
+
if attributes.key?(:'mitre_attack_cloud_matrix')
self.mitre_attack_cloud_matrix = attributes[:'mitre_attack_cloud_matrix']
end
@@ -538,6 +558,7 @@ def ==(o)
attack_tool_command == o.attack_tool_command &&
attack_types == o.attack_types &&
cis_benchmark_ids == o.cis_benchmark_ids &&
+ cisa_benchmark_ids == o.cisa_benchmark_ids &&
cli_command == o.cli_command &&
cloud_asset_type == o.cloud_asset_type &&
cloud_document == o.cloud_document &&
@@ -555,6 +576,7 @@ def ==(o)
internal_only == o.internal_only &&
is_enabled == o.is_enabled &&
is_remediable == o.is_remediable &&
+ iso_benchmark_ids == o.iso_benchmark_ids &&
mitre_attack_cloud_matrix == o.mitre_attack_cloud_matrix &&
mitre_attack_cloud_subtype == o.mitre_attack_cloud_subtype &&
nist_benchmark_ids == o.nist_benchmark_ids &&
@@ -586,7 +608,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [created_at, deleted_at, id, updated_at, account_scope, alert_logic, api_command, asset_type_id, attack_tool, attack_tool_command, attack_types, cis_benchmark_ids, cli_command, cloud_asset_type, cloud_document, cloud_platform, cloud_platform_type, cloud_service, cloud_service_friendly, cloud_service_subtype, cloud_service_type, confidence, default_severity, description, event_type, fql_policy, internal_only, is_enabled, is_remediable, mitre_attack_cloud_matrix, mitre_attack_cloud_subtype, nist_benchmark_ids, pci_benchmark_ids, policy_confidence_score, policy_fail_query, policy_pass_query, policy_remediation, policy_severity, policy_severity_score, policy_statement, policy_type, remediation_summary, soc2_benchmark_ids, tactic, tactic_id, tactic_url, technique, technique_id, technique_url].hash
+ [created_at, deleted_at, id, updated_at, account_scope, alert_logic, api_command, asset_type_id, attack_tool, attack_tool_command, attack_types, cis_benchmark_ids, cisa_benchmark_ids, cli_command, cloud_asset_type, cloud_document, cloud_platform, cloud_platform_type, cloud_service, cloud_service_friendly, cloud_service_subtype, cloud_service_type, confidence, default_severity, description, event_type, fql_policy, internal_only, is_enabled, is_remediable, iso_benchmark_ids, mitre_attack_cloud_matrix, mitre_attack_cloud_subtype, nist_benchmark_ids, pci_benchmark_ids, policy_confidence_score, policy_fail_query, policy_pass_query, policy_remediation, policy_severity, policy_severity_score, policy_statement, policy_type, remediation_summary, soc2_benchmark_ids, tactic, tactic_id, tactic_url, technique, technique_id, technique_url].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_query_mitre_attacks_response.rb b/lib/crimson-falcon/models/domain_query_mitre_attacks_response.rb
new file mode 100644
index 00000000..59e59f52
--- /dev/null
+++ b/lib/crimson-falcon/models/domain_query_mitre_attacks_response.rb
@@ -0,0 +1,273 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class DomainQueryMitreAttacksResponse
+ # Array of API Errors
+ attr_accessor :errors
+
+ attr_accessor :meta
+
+ # Actor's MITRE attack (Tactic and Technique) ids, represents a concatenation of actors slug, tactic id and technique id (optional) concatenated by underscore, example: fancy-bear_TA0011_T1071'
+ attr_accessor :resources
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'errors' => :'errors',
+ :'meta' => :'meta',
+ :'resources' => :'resources'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'errors' => :'Array',
+ :'meta' => :'MsaspecMetaInfo',
+ :'resources' => :'Array'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DomainQueryMitreAttacksResponse` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DomainQueryMitreAttacksResponse`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'errors')
+ if (value = attributes[:'errors']).is_a?(Array)
+ self.errors = value
+ end
+ end
+
+ if attributes.key?(:'meta')
+ self.meta = attributes[:'meta']
+ end
+
+ if attributes.key?(:'resources')
+ if (value = attributes[:'resources']).is_a?(Array)
+ self.resources = value
+ end
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ if @errors.nil?
+ invalid_properties.push('invalid value for "errors", errors cannot be nil.')
+ end
+
+ if @meta.nil?
+ invalid_properties.push('invalid value for "meta", meta cannot be nil.')
+ end
+
+ if @resources.nil?
+ invalid_properties.push('invalid value for "resources", resources cannot be nil.')
+ end
+
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ return false if @errors.nil?
+ return false if @meta.nil?
+ return false if @resources.nil?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ errors == o.errors &&
+ meta == o.meta &&
+ resources == o.resources
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [errors, meta, resources].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/domain_query_response.rb b/lib/crimson-falcon/models/domain_query_response.rb
index bcad9b12..856b84d6 100644
--- a/lib/crimson-falcon/models/domain_query_response.rb
+++ b/lib/crimson-falcon/models/domain_query_response.rb
@@ -55,8 +55,8 @@ def self.acceptable_attributes
# Attribute type mapping.
def self.openapi_types
{
- :'errors' => :'Array',
- :'meta' => :'MsaspecMetaInfo',
+ :'errors' => :'Array',
+ :'meta' => :'DomainMsaMetaInfo',
:'resources' => :'Array'
}
end
@@ -103,10 +103,6 @@ def initialize(attributes = {})
# @return Array for valid properties with the reasons
def list_invalid_properties
invalid_properties = Array.new
- if @errors.nil?
- invalid_properties.push('invalid value for "errors", errors cannot be nil.')
- end
-
if @meta.nil?
invalid_properties.push('invalid value for "meta", meta cannot be nil.')
end
@@ -121,7 +117,6 @@ def list_invalid_properties
# Check to see if the all the properties in the model are valid
# @return true if the model is valid
def valid?
- return false if @errors.nil?
return false if @meta.nil?
return false if @resources.nil?
true
diff --git a/lib/crimson-falcon/models/domain_rule.rb b/lib/crimson-falcon/models/domain_rule.rb
index 16ba4f9b..d4f89a75 100644
--- a/lib/crimson-falcon/models/domain_rule.rb
+++ b/lib/crimson-falcon/models/domain_rule.rb
@@ -32,41 +32,36 @@
module Falcon
class DomainRule
- # The categories associated with the rule
- attr_accessor :categories
-
- # UTC timestamp when rule was created
attr_accessor :created_date
- # The ID of the customer
- attr_accessor :customer_id
+ attr_accessor :description
- # The ID of the rule
attr_accessor :id
- # The name of the rule
+ attr_accessor :last_modified_date
+
attr_accessor :name
- # The type of the rule
- attr_accessor :rule_type
+ attr_accessor :rich_text_description
+
+ attr_accessor :short_description
- # UTC timestamp when rule was last updated
- attr_accessor :updated_date
+ attr_accessor :tags
- # The value of the rule
- attr_accessor :value
+ attr_accessor :type
# Attribute mapping from ruby-style variable name to JSON key.
def self.attribute_map
{
- :'categories' => :'categories',
:'created_date' => :'created_date',
- :'customer_id' => :'customer_id',
+ :'description' => :'description',
:'id' => :'id',
+ :'last_modified_date' => :'last_modified_date',
:'name' => :'name',
- :'rule_type' => :'rule_type',
- :'updated_date' => :'updated_date',
- :'value' => :'value'
+ :'rich_text_description' => :'rich_text_description',
+ :'short_description' => :'short_description',
+ :'tags' => :'tags',
+ :'type' => :'type'
}
end
@@ -78,14 +73,15 @@ def self.acceptable_attributes
# Attribute type mapping.
def self.openapi_types
{
- :'categories' => :'Array',
- :'created_date' => :'String',
- :'customer_id' => :'String',
- :'id' => :'String',
+ :'created_date' => :'Integer',
+ :'description' => :'String',
+ :'id' => :'Integer',
+ :'last_modified_date' => :'Integer',
:'name' => :'String',
- :'rule_type' => :'String',
- :'updated_date' => :'String',
- :'value' => :'String'
+ :'rich_text_description' => :'String',
+ :'short_description' => :'String',
+ :'tags' => :'Array',
+ :'type' => :'String'
}
end
@@ -110,38 +106,42 @@ def initialize(attributes = {})
h[k.to_sym] = v
}
- if attributes.key?(:'categories')
- if (value = attributes[:'categories']).is_a?(Array)
- self.categories = value
- end
- end
-
if attributes.key?(:'created_date')
self.created_date = attributes[:'created_date']
end
- if attributes.key?(:'customer_id')
- self.customer_id = attributes[:'customer_id']
+ if attributes.key?(:'description')
+ self.description = attributes[:'description']
end
if attributes.key?(:'id')
self.id = attributes[:'id']
end
+ if attributes.key?(:'last_modified_date')
+ self.last_modified_date = attributes[:'last_modified_date']
+ end
+
if attributes.key?(:'name')
self.name = attributes[:'name']
end
- if attributes.key?(:'rule_type')
- self.rule_type = attributes[:'rule_type']
+ if attributes.key?(:'rich_text_description')
+ self.rich_text_description = attributes[:'rich_text_description']
end
- if attributes.key?(:'updated_date')
- self.updated_date = attributes[:'updated_date']
+ if attributes.key?(:'short_description')
+ self.short_description = attributes[:'short_description']
end
- if attributes.key?(:'value')
- self.value = attributes[:'value']
+ if attributes.key?(:'tags')
+ if (value = attributes[:'tags']).is_a?(Array)
+ self.tags = value
+ end
+ end
+
+ if attributes.key?(:'type')
+ self.type = attributes[:'type']
end
end
@@ -149,36 +149,40 @@ def initialize(attributes = {})
# @return Array for valid properties with the reasons
def list_invalid_properties
invalid_properties = Array.new
- if @categories.nil?
- invalid_properties.push('invalid value for "categories", categories cannot be nil.')
- end
-
if @created_date.nil?
invalid_properties.push('invalid value for "created_date", created_date cannot be nil.')
end
- if @customer_id.nil?
- invalid_properties.push('invalid value for "customer_id", customer_id cannot be nil.')
+ if @description.nil?
+ invalid_properties.push('invalid value for "description", description cannot be nil.')
end
if @id.nil?
invalid_properties.push('invalid value for "id", id cannot be nil.')
end
+ if @last_modified_date.nil?
+ invalid_properties.push('invalid value for "last_modified_date", last_modified_date cannot be nil.')
+ end
+
if @name.nil?
invalid_properties.push('invalid value for "name", name cannot be nil.')
end
- if @rule_type.nil?
- invalid_properties.push('invalid value for "rule_type", rule_type cannot be nil.')
+ if @rich_text_description.nil?
+ invalid_properties.push('invalid value for "rich_text_description", rich_text_description cannot be nil.')
+ end
+
+ if @short_description.nil?
+ invalid_properties.push('invalid value for "short_description", short_description cannot be nil.')
end
- if @updated_date.nil?
- invalid_properties.push('invalid value for "updated_date", updated_date cannot be nil.')
+ if @tags.nil?
+ invalid_properties.push('invalid value for "tags", tags cannot be nil.')
end
- if @value.nil?
- invalid_properties.push('invalid value for "value", value cannot be nil.')
+ if @type.nil?
+ invalid_properties.push('invalid value for "type", type cannot be nil.')
end
invalid_properties
@@ -187,14 +191,15 @@ def list_invalid_properties
# Check to see if the all the properties in the model are valid
# @return true if the model is valid
def valid?
- return false if @categories.nil?
return false if @created_date.nil?
- return false if @customer_id.nil?
+ return false if @description.nil?
return false if @id.nil?
+ return false if @last_modified_date.nil?
return false if @name.nil?
- return false if @rule_type.nil?
- return false if @updated_date.nil?
- return false if @value.nil?
+ return false if @rich_text_description.nil?
+ return false if @short_description.nil?
+ return false if @tags.nil?
+ return false if @type.nil?
true
end
@@ -203,14 +208,15 @@ def valid?
def ==(o)
return true if self.equal?(o)
self.class == o.class &&
- categories == o.categories &&
created_date == o.created_date &&
- customer_id == o.customer_id &&
+ description == o.description &&
id == o.id &&
+ last_modified_date == o.last_modified_date &&
name == o.name &&
- rule_type == o.rule_type &&
- updated_date == o.updated_date &&
- value == o.value
+ rich_text_description == o.rich_text_description &&
+ short_description == o.short_description &&
+ tags == o.tags &&
+ type == o.type
end
# @see the `==` method
@@ -222,7 +228,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [categories, created_date, customer_id, id, name, rule_type, updated_date, value].hash
+ [created_date, description, id, last_modified_date, name, rich_text_description, short_description, tags, type].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_update_notification_request_v1.rb b/lib/crimson-falcon/models/domain_update_notification_request_v1.rb
index baccb898..8ca083fd 100644
--- a/lib/crimson-falcon/models/domain_update_notification_request_v1.rb
+++ b/lib/crimson-falcon/models/domain_update_notification_request_v1.rb
@@ -38,6 +38,10 @@ class DomainUpdateNotificationRequestV1
# The ID of the notifications
attr_accessor :id
+ attr_accessor :idp_send_status
+
+ attr_accessor :message
+
# The notification status. This can be one of: `new`, `in-progress`, `closed-false-positive`, `closed-true-positive`.
attr_accessor :status
@@ -46,6 +50,8 @@ def self.attribute_map
{
:'assigned_to_uuid' => :'assigned_to_uuid',
:'id' => :'id',
+ :'idp_send_status' => :'idp_send_status',
+ :'message' => :'message',
:'status' => :'status'
}
end
@@ -60,6 +66,8 @@ def self.openapi_types
{
:'assigned_to_uuid' => :'String',
:'id' => :'String',
+ :'idp_send_status' => :'String',
+ :'message' => :'String',
:'status' => :'String'
}
end
@@ -93,6 +101,14 @@ def initialize(attributes = {})
self.id = attributes[:'id']
end
+ if attributes.key?(:'idp_send_status')
+ self.idp_send_status = attributes[:'idp_send_status']
+ end
+
+ if attributes.key?(:'message')
+ self.message = attributes[:'message']
+ end
+
if attributes.key?(:'status')
self.status = attributes[:'status']
end
@@ -110,6 +126,14 @@ def list_invalid_properties
invalid_properties.push('invalid value for "id", id cannot be nil.')
end
+ if @idp_send_status.nil?
+ invalid_properties.push('invalid value for "idp_send_status", idp_send_status cannot be nil.')
+ end
+
+ if @message.nil?
+ invalid_properties.push('invalid value for "message", message cannot be nil.')
+ end
+
if @status.nil?
invalid_properties.push('invalid value for "status", status cannot be nil.')
end
@@ -122,6 +146,8 @@ def list_invalid_properties
def valid?
return false if @assigned_to_uuid.nil?
return false if @id.nil?
+ return false if @idp_send_status.nil?
+ return false if @message.nil?
return false if @status.nil?
true
end
@@ -133,6 +159,8 @@ def ==(o)
self.class == o.class &&
assigned_to_uuid == o.assigned_to_uuid &&
id == o.id &&
+ idp_send_status == o.idp_send_status &&
+ message == o.message &&
status == o.status
end
@@ -145,7 +173,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [assigned_to_uuid, id, status].hash
+ [assigned_to_uuid, id, idp_send_status, message, status].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/domain_user_action.rb b/lib/crimson-falcon/models/domain_user_action.rb
index 6a6b4083..c4125a08 100644
--- a/lib/crimson-falcon/models/domain_user_action.rb
+++ b/lib/crimson-falcon/models/domain_user_action.rb
@@ -116,12 +116,17 @@ def initialize(attributes = {})
# @return Array for valid properties with the reasons
def list_invalid_properties
invalid_properties = Array.new
+ if @action_name.nil?
+ invalid_properties.push('invalid value for "action_name", action_name cannot be nil.')
+ end
+
invalid_properties
end
# Check to see if the all the properties in the model are valid
# @return true if the model is valid
def valid?
+ return false if @action_name.nil?
action_name_validator = EnumAttributeValidator.new('String', ["reset_password", "reset_2fa"])
return false unless action_name_validator.valid?(@action_name)
true
diff --git a/lib/crimson-falcon/models/domain_user_action_request.rb b/lib/crimson-falcon/models/domain_user_action_request.rb
index 2faf0a4a..f3020753 100644
--- a/lib/crimson-falcon/models/domain_user_action_request.rb
+++ b/lib/crimson-falcon/models/domain_user_action_request.rb
@@ -31,7 +31,7 @@
require 'time'
module Falcon
- # ID(s) of users the action are to applied to
+ # ID(s) of users the action(s) are to applied to
class DomainUserActionRequest
attr_accessor :action
diff --git a/lib/crimson-falcon/models/domain_vulnerability.rb b/lib/crimson-falcon/models/domain_vulnerability.rb
index cb490a62..060d2a9f 100644
--- a/lib/crimson-falcon/models/domain_vulnerability.rb
+++ b/lib/crimson-falcon/models/domain_vulnerability.rb
@@ -32,32 +32,46 @@
module Falcon
class DomainVulnerability
+ # List of products affected by vulnerability, specifying product and vendor
attr_accessor :affected_products
+ # Vulnerability community identifiers, which is usually populated for the most popular vulnerabilities
attr_accessor :community_identifiers
+ # CVE ID number with four or more digits in the sequence number portion of the ID, examples: CVE-1999-0067, CVE-2014-12345, CVE-2016-7654321
attr_accessor :cve
+ # Vulnerability severity score, according to Common Vulnerability Scoring System V2
attr_accessor :cvss_v2_base
+ # Vulnerability severity score, according to Common Vulnerability Scoring System V3
attr_accessor :cvss_v3_base
+ # Text description of the vulnerability
attr_accessor :description
+ # Exploit status of vulnerability, one of: unproven, available, easilyaccessible, activelyused
attr_accessor :exploit_status
+ # legacy field, not populated
attr_accessor :name
+ # Date when the vulnerability was published
attr_accessor :publish_date
+ # Threat actors that exploits vulnerability
attr_accessor :related_actors
+ # Related finished Intelligence Reports to vulnerability, which usually describes the exploitation or attacks using those
attr_accessor :related_reports
+ # Malware Families (threats) that are known to be related to the vulnerability
attr_accessor :related_threats
+ # Severity of the vulnerability, can be empty or one of: LOW, MEDIUM, HIGH, CRITICAL
attr_accessor :severity
+ # Date when the vulnerability was last time updated in the CrowdStrike's database
attr_accessor :updated_timestamp
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_vulnerability_actor.rb b/lib/crimson-falcon/models/domain_vulnerability_actor.rb
index 4a341457..b2da7872 100644
--- a/lib/crimson-falcon/models/domain_vulnerability_actor.rb
+++ b/lib/crimson-falcon/models/domain_vulnerability_actor.rb
@@ -32,8 +32,10 @@
module Falcon
class DomainVulnerabilityActor
+ # Actor internal ID, consisting of it's name with spaces removed
attr_accessor :id
+ # Actor name, composed of 2 uppercase words
attr_accessor :name
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_vulnerability_affected_product.rb b/lib/crimson-falcon/models/domain_vulnerability_affected_product.rb
index e1e50391..d3d44710 100644
--- a/lib/crimson-falcon/models/domain_vulnerability_affected_product.rb
+++ b/lib/crimson-falcon/models/domain_vulnerability_affected_product.rb
@@ -32,8 +32,10 @@
module Falcon
class DomainVulnerabilityAffectedProduct
+ # Lowercase product name that vulnerability affects
attr_accessor :product
+ # Lowercase vendor name that develops or provides the affected product
attr_accessor :vendor
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_vulnerability_related_threat.rb b/lib/crimson-falcon/models/domain_vulnerability_related_threat.rb
index 87246533..aca3f425 100644
--- a/lib/crimson-falcon/models/domain_vulnerability_related_threat.rb
+++ b/lib/crimson-falcon/models/domain_vulnerability_related_threat.rb
@@ -32,8 +32,10 @@
module Falcon
class DomainVulnerabilityRelatedThreat
+ # List of malware family or threat capabilities
attr_accessor :capabilities
+ # Malware Family or Threat Name
attr_accessor :name
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_vulnerability_report.rb b/lib/crimson-falcon/models/domain_vulnerability_report.rb
index cac9d45b..19d5d140 100644
--- a/lib/crimson-falcon/models/domain_vulnerability_report.rb
+++ b/lib/crimson-falcon/models/domain_vulnerability_report.rb
@@ -32,8 +32,10 @@
module Falcon
class DomainVulnerabilityReport
+ # Report serial ID, composed of 2 parts separated with dash, example: CSA-20000, CSIT-220000
attr_accessor :serial_id
+ # legacy, not populated field
attr_accessor :title
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/domain_vulnerability_response.rb b/lib/crimson-falcon/models/domain_vulnerability_response.rb
index e4dc89a1..48ff3676 100644
--- a/lib/crimson-falcon/models/domain_vulnerability_response.rb
+++ b/lib/crimson-falcon/models/domain_vulnerability_response.rb
@@ -32,10 +32,12 @@
module Falcon
class DomainVulnerabilityResponse
+ # Array of API Errors
attr_accessor :errors
attr_accessor :meta
+ # Array of Vulnerability documents that were requested
attr_accessor :resources
# Attribute mapping from ruby-style variable name to JSON key.
diff --git a/lib/crimson-falcon/models/falconx_amsi_call.rb b/lib/crimson-falcon/models/falconx_amsi_call.rb
index c54a25ec..eb15302d 100644
--- a/lib/crimson-falcon/models/falconx_amsi_call.rb
+++ b/lib/crimson-falcon/models/falconx_amsi_call.rb
@@ -32,11 +32,17 @@
module Falcon
class FalconxAMSICall
+ attr_accessor :app_name
+
+ attr_accessor :filename
+
attr_accessor :raw_script_content
# Attribute mapping from ruby-style variable name to JSON key.
def self.attribute_map
{
+ :'app_name' => :'app_name',
+ :'filename' => :'filename',
:'raw_script_content' => :'raw_script_content'
}
end
@@ -49,6 +55,8 @@ def self.acceptable_attributes
# Attribute type mapping.
def self.openapi_types
{
+ :'app_name' => :'String',
+ :'filename' => :'String',
:'raw_script_content' => :'String'
}
end
@@ -74,6 +82,14 @@ def initialize(attributes = {})
h[k.to_sym] = v
}
+ if attributes.key?(:'app_name')
+ self.app_name = attributes[:'app_name']
+ end
+
+ if attributes.key?(:'filename')
+ self.filename = attributes[:'filename']
+ end
+
if attributes.key?(:'raw_script_content')
self.raw_script_content = attributes[:'raw_script_content']
end
@@ -97,6 +113,8 @@ def valid?
def ==(o)
return true if self.equal?(o)
self.class == o.class &&
+ app_name == o.app_name &&
+ filename == o.filename &&
raw_script_content == o.raw_script_content
end
@@ -109,7 +127,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [raw_script_content].hash
+ [app_name, filename, raw_script_content].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/falconx_certificate.rb b/lib/crimson-falcon/models/falconx_certificate.rb
new file mode 100644
index 00000000..5f5f4fb1
--- /dev/null
+++ b/lib/crimson-falcon/models/falconx_certificate.rb
@@ -0,0 +1,288 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class FalconxCertificate
+ attr_accessor :issuer
+
+ attr_accessor :md5
+
+ attr_accessor :owner
+
+ attr_accessor :serial_number
+
+ attr_accessor :sha1
+
+ attr_accessor :valid_from
+
+ attr_accessor :valid_until
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'issuer' => :'issuer',
+ :'md5' => :'md5',
+ :'owner' => :'owner',
+ :'serial_number' => :'serial_number',
+ :'sha1' => :'sha1',
+ :'valid_from' => :'valid_from',
+ :'valid_until' => :'valid_until'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'issuer' => :'String',
+ :'md5' => :'String',
+ :'owner' => :'String',
+ :'serial_number' => :'String',
+ :'sha1' => :'String',
+ :'valid_from' => :'Time',
+ :'valid_until' => :'Time'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::FalconxCertificate` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::FalconxCertificate`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'issuer')
+ self.issuer = attributes[:'issuer']
+ end
+
+ if attributes.key?(:'md5')
+ self.md5 = attributes[:'md5']
+ end
+
+ if attributes.key?(:'owner')
+ self.owner = attributes[:'owner']
+ end
+
+ if attributes.key?(:'serial_number')
+ self.serial_number = attributes[:'serial_number']
+ end
+
+ if attributes.key?(:'sha1')
+ self.sha1 = attributes[:'sha1']
+ end
+
+ if attributes.key?(:'valid_from')
+ self.valid_from = attributes[:'valid_from']
+ end
+
+ if attributes.key?(:'valid_until')
+ self.valid_until = attributes[:'valid_until']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ issuer == o.issuer &&
+ md5 == o.md5 &&
+ owner == o.owner &&
+ serial_number == o.serial_number &&
+ sha1 == o.sha1 &&
+ valid_from == o.valid_from &&
+ valid_until == o.valid_until
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [issuer, md5, owner, serial_number, sha1, valid_from, valid_until].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/falconx_file_data_directory.rb b/lib/crimson-falcon/models/falconx_file_data_directory.rb
new file mode 100644
index 00000000..3a4af3bf
--- /dev/null
+++ b/lib/crimson-falcon/models/falconx_file_data_directory.rb
@@ -0,0 +1,261 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class FalconxFileDataDirectory
+ attr_accessor :is_in_section
+
+ attr_accessor :name
+
+ attr_accessor :virtual_address
+
+ attr_accessor :virtual_size
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'is_in_section' => :'is_in_section',
+ :'name' => :'name',
+ :'virtual_address' => :'virtual_address',
+ :'virtual_size' => :'virtual_size'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'is_in_section' => :'String',
+ :'name' => :'String',
+ :'virtual_address' => :'String',
+ :'virtual_size' => :'String'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::FalconxFileDataDirectory` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::FalconxFileDataDirectory`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'is_in_section')
+ self.is_in_section = attributes[:'is_in_section']
+ end
+
+ if attributes.key?(:'name')
+ self.name = attributes[:'name']
+ end
+
+ if attributes.key?(:'virtual_address')
+ self.virtual_address = attributes[:'virtual_address']
+ end
+
+ if attributes.key?(:'virtual_size')
+ self.virtual_size = attributes[:'virtual_size']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ is_in_section == o.is_in_section &&
+ name == o.name &&
+ virtual_address == o.virtual_address &&
+ virtual_size == o.virtual_size
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [is_in_section, name, virtual_address, virtual_size].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/falconx_file_resource.rb b/lib/crimson-falcon/models/falconx_file_resource.rb
new file mode 100644
index 00000000..5fab943c
--- /dev/null
+++ b/lib/crimson-falcon/models/falconx_file_resource.rb
@@ -0,0 +1,270 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class FalconxFileResource
+ attr_accessor :language
+
+ attr_accessor :name
+
+ attr_accessor :rva
+
+ attr_accessor :size
+
+ attr_accessor :type
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'language' => :'language',
+ :'name' => :'name',
+ :'rva' => :'rva',
+ :'size' => :'size',
+ :'type' => :'type'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'language' => :'String',
+ :'name' => :'String',
+ :'rva' => :'String',
+ :'size' => :'String',
+ :'type' => :'String'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::FalconxFileResource` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::FalconxFileResource`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'language')
+ self.language = attributes[:'language']
+ end
+
+ if attributes.key?(:'name')
+ self.name = attributes[:'name']
+ end
+
+ if attributes.key?(:'rva')
+ self.rva = attributes[:'rva']
+ end
+
+ if attributes.key?(:'size')
+ self.size = attributes[:'size']
+ end
+
+ if attributes.key?(:'type')
+ self.type = attributes[:'type']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ language == o.language &&
+ name == o.name &&
+ rva == o.rva &&
+ size == o.size &&
+ type == o.type
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [language, name, rva, size, type].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/threatgraph_crawl_edges_request.rb b/lib/crimson-falcon/models/falconx_file_section.rb
similarity index 73%
rename from lib/crimson-falcon/models/threatgraph_crawl_edges_request.rb
rename to lib/crimson-falcon/models/falconx_file_section.rb
index 1d2beb5a..bd90231e 100644
--- a/lib/crimson-falcon/models/threatgraph_crawl_edges_request.rb
+++ b/lib/crimson-falcon/models/falconx_file_section.rb
@@ -31,28 +31,31 @@
require 'time'
module Falcon
- class ThreatgraphCrawlEdgesRequest
- attr_accessor :edge_direction
+ class FalconxFileSection
+ attr_accessor :characteristics
- attr_accessor :edge_type
+ attr_accessor :entropy
- attr_accessor :limit
+ attr_accessor :md5
- attr_accessor :next_requests
+ attr_accessor :name
- attr_accessor :scope
+ attr_accessor :raw_size
- attr_accessor :sort_descending
+ attr_accessor :virtual_address
+
+ attr_accessor :virtual_size
# Attribute mapping from ruby-style variable name to JSON key.
def self.attribute_map
{
- :'edge_direction' => :'edge_direction',
- :'edge_type' => :'edge_type',
- :'limit' => :'limit',
- :'next_requests' => :'next_requests',
- :'scope' => :'scope',
- :'sort_descending' => :'sort_descending'
+ :'characteristics' => :'characteristics',
+ :'entropy' => :'entropy',
+ :'md5' => :'md5',
+ :'name' => :'name',
+ :'raw_size' => :'raw_size',
+ :'virtual_address' => :'virtual_address',
+ :'virtual_size' => :'virtual_size'
}
end
@@ -64,12 +67,13 @@ def self.acceptable_attributes
# Attribute type mapping.
def self.openapi_types
{
- :'edge_direction' => :'String',
- :'edge_type' => :'String',
- :'limit' => :'Integer',
- :'next_requests' => :'Array',
- :'scope' => :'String',
- :'sort_descending' => :'Boolean'
+ :'characteristics' => :'Array',
+ :'entropy' => :'Float',
+ :'md5' => :'String',
+ :'name' => :'String',
+ :'raw_size' => :'String',
+ :'virtual_address' => :'String',
+ :'virtual_size' => :'String'
}
end
@@ -83,41 +87,45 @@ def self.openapi_nullable
# @param [Hash] attributes Model attributes in the form of hash
def initialize(attributes = {})
if (!attributes.is_a?(Hash))
- fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ThreatgraphCrawlEdgesRequest` initialize method"
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::FalconxFileSection` initialize method"
end
# check to see if the attribute exists and convert string to symbol for hash key
attributes = attributes.each_with_object({}) { |(k, v), h|
if (!self.class.attribute_map.key?(k.to_sym))
- fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ThreatgraphCrawlEdgesRequest`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::FalconxFileSection`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
end
h[k.to_sym] = v
}
- if attributes.key?(:'edge_direction')
- self.edge_direction = attributes[:'edge_direction']
+ if attributes.key?(:'characteristics')
+ if (value = attributes[:'characteristics']).is_a?(Array)
+ self.characteristics = value
+ end
end
- if attributes.key?(:'edge_type')
- self.edge_type = attributes[:'edge_type']
+ if attributes.key?(:'entropy')
+ self.entropy = attributes[:'entropy']
end
- if attributes.key?(:'limit')
- self.limit = attributes[:'limit']
+ if attributes.key?(:'md5')
+ self.md5 = attributes[:'md5']
end
- if attributes.key?(:'next_requests')
- if (value = attributes[:'next_requests']).is_a?(Array)
- self.next_requests = value
- end
+ if attributes.key?(:'name')
+ self.name = attributes[:'name']
end
- if attributes.key?(:'scope')
- self.scope = attributes[:'scope']
+ if attributes.key?(:'raw_size')
+ self.raw_size = attributes[:'raw_size']
end
- if attributes.key?(:'sort_descending')
- self.sort_descending = attributes[:'sort_descending']
+ if attributes.key?(:'virtual_address')
+ self.virtual_address = attributes[:'virtual_address']
+ end
+
+ if attributes.key?(:'virtual_size')
+ self.virtual_size = attributes[:'virtual_size']
end
end
@@ -125,32 +133,12 @@ def initialize(attributes = {})
# @return Array for valid properties with the reasons
def list_invalid_properties
invalid_properties = Array.new
- if @edge_direction.nil?
- invalid_properties.push('invalid value for "edge_direction", edge_direction cannot be nil.')
- end
-
- if @edge_type.nil?
- invalid_properties.push('invalid value for "edge_type", edge_type cannot be nil.')
- end
-
- if @limit.nil?
- invalid_properties.push('invalid value for "limit", limit cannot be nil.')
- end
-
- if @scope.nil?
- invalid_properties.push('invalid value for "scope", scope cannot be nil.')
- end
-
invalid_properties
end
# Check to see if the all the properties in the model are valid
# @return true if the model is valid
def valid?
- return false if @edge_direction.nil?
- return false if @edge_type.nil?
- return false if @limit.nil?
- return false if @scope.nil?
true
end
@@ -159,12 +147,13 @@ def valid?
def ==(o)
return true if self.equal?(o)
self.class == o.class &&
- edge_direction == o.edge_direction &&
- edge_type == o.edge_type &&
- limit == o.limit &&
- next_requests == o.next_requests &&
- scope == o.scope &&
- sort_descending == o.sort_descending
+ characteristics == o.characteristics &&
+ entropy == o.entropy &&
+ md5 == o.md5 &&
+ name == o.name &&
+ raw_size == o.raw_size &&
+ virtual_address == o.virtual_address &&
+ virtual_size == o.virtual_size
end
# @see the `==` method
@@ -176,7 +165,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [edge_direction, edge_type, limit, next_requests, scope, sort_descending].hash
+ [characteristics, entropy, md5, name, raw_size, virtual_address, virtual_size].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/falconx_module.rb b/lib/crimson-falcon/models/falconx_module.rb
new file mode 100644
index 00000000..f2e99821
--- /dev/null
+++ b/lib/crimson-falcon/models/falconx_module.rb
@@ -0,0 +1,243 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class FalconxModule
+ attr_accessor :base
+
+ attr_accessor :path
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'base' => :'base',
+ :'path' => :'path'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'base' => :'String',
+ :'path' => :'String'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::FalconxModule` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::FalconxModule`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'base')
+ self.base = attributes[:'base']
+ end
+
+ if attributes.key?(:'path')
+ self.path = attributes[:'path']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ base == o.base &&
+ path == o.path
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [base, path].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/falconx_process.rb b/lib/crimson-falcon/models/falconx_process.rb
index 1ac6e581..36e2941b 100644
--- a/lib/crimson-falcon/models/falconx_process.rb
+++ b/lib/crimson-falcon/models/falconx_process.rb
@@ -42,6 +42,8 @@ class FalconxProcess
attr_accessor :icon_artifact_id
+ attr_accessor :modules
+
attr_accessor :mutants
attr_accessor :name
@@ -72,6 +74,7 @@ def self.attribute_map
:'file_accesses' => :'file_accesses',
:'handles' => :'handles',
:'icon_artifact_id' => :'icon_artifact_id',
+ :'modules' => :'modules',
:'mutants' => :'mutants',
:'name' => :'name',
:'normalized_path' => :'normalized_path',
@@ -99,6 +102,7 @@ def self.openapi_types
:'file_accesses' => :'Array',
:'handles' => :'Array',
:'icon_artifact_id' => :'String',
+ :'modules' => :'Array',
:'mutants' => :'Array',
:'name' => :'String',
:'normalized_path' => :'String',
@@ -160,6 +164,12 @@ def initialize(attributes = {})
self.icon_artifact_id = attributes[:'icon_artifact_id']
end
+ if attributes.key?(:'modules')
+ if (value = attributes[:'modules']).is_a?(Array)
+ self.modules = value
+ end
+ end
+
if attributes.key?(:'mutants')
if (value = attributes[:'mutants']).is_a?(Array)
self.mutants = value
@@ -238,6 +248,7 @@ def ==(o)
file_accesses == o.file_accesses &&
handles == o.handles &&
icon_artifact_id == o.icon_artifact_id &&
+ modules == o.modules &&
mutants == o.mutants &&
name == o.name &&
normalized_path == o.normalized_path &&
@@ -260,7 +271,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [amsi_calls, command_line, file_accesses, handles, icon_artifact_id, mutants, name, normalized_path, parent_uid, pid, process_flags, registry, script_calls, sha256, streams, uid].hash
+ [amsi_calls, command_line, file_accesses, handles, icon_artifact_id, modules, mutants, name, normalized_path, parent_uid, pid, process_flags, registry, script_calls, sha256, streams, uid].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/falconx_sandbox_parameters_v1.rb b/lib/crimson-falcon/models/falconx_sandbox_parameters_v1.rb
index 6cc34c53..6aba794f 100644
--- a/lib/crimson-falcon/models/falconx_sandbox_parameters_v1.rb
+++ b/lib/crimson-falcon/models/falconx_sandbox_parameters_v1.rb
@@ -32,6 +32,8 @@
module Falcon
class FalconxSandboxParametersV1
+ attr_accessor :interactivity
+
attr_accessor :action_script
attr_accessor :command_line
@@ -57,6 +59,7 @@ class FalconxSandboxParametersV1
# Attribute mapping from ruby-style variable name to JSON key.
def self.attribute_map
{
+ :'interactivity' => :'Interactivity',
:'action_script' => :'action_script',
:'command_line' => :'command_line',
:'document_password' => :'document_password',
@@ -79,6 +82,7 @@ def self.acceptable_attributes
# Attribute type mapping.
def self.openapi_types
{
+ :'interactivity' => :'Boolean',
:'action_script' => :'String',
:'command_line' => :'String',
:'document_password' => :'String',
@@ -114,6 +118,10 @@ def initialize(attributes = {})
h[k.to_sym] = v
}
+ if attributes.key?(:'interactivity')
+ self.interactivity = attributes[:'interactivity']
+ end
+
if attributes.key?(:'action_script')
self.action_script = attributes[:'action_script']
end
@@ -163,12 +171,17 @@ def initialize(attributes = {})
# @return Array for valid properties with the reasons
def list_invalid_properties
invalid_properties = Array.new
+ if @interactivity.nil?
+ invalid_properties.push('invalid value for "interactivity", interactivity cannot be nil.')
+ end
+
invalid_properties
end
# Check to see if the all the properties in the model are valid
# @return true if the model is valid
def valid?
+ return false if @interactivity.nil?
true
end
@@ -177,6 +190,7 @@ def valid?
def ==(o)
return true if self.equal?(o)
self.class == o.class &&
+ interactivity == o.interactivity &&
action_script == o.action_script &&
command_line == o.command_line &&
document_password == o.document_password &&
@@ -199,7 +213,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [action_script, command_line, document_password, enable_tor, environment_id, network_settings, sha256, submit_name, system_date, system_time, url].hash
+ [interactivity, action_script, command_line, document_password, enable_tor, environment_id, network_settings, sha256, submit_name, system_date, system_time, url].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/falconx_sandbox_report_v1.rb b/lib/crimson-falcon/models/falconx_sandbox_report_v1.rb
index e5c88e3b..2205383d 100644
--- a/lib/crimson-falcon/models/falconx_sandbox_report_v1.rb
+++ b/lib/crimson-falcon/models/falconx_sandbox_report_v1.rb
@@ -34,14 +34,28 @@ module Falcon
class FalconxSandboxReportV1
attr_accessor :architecture
+ attr_accessor :certificates
+
+ attr_accessor :certificates_validation_message
+
attr_accessor :classification
attr_accessor :classification_tags
attr_accessor :contacted_hosts
+ attr_accessor :dll_characteristics
+
attr_accessor :dns_requests
+ attr_accessor :entrypoint
+
+ attr_accessor :entrypoint_preview_count
+
+ attr_accessor :entrypoint_preview_instructions
+
+ attr_accessor :entrypoint_section
+
attr_accessor :environment_description
attr_accessor :environment_id
@@ -58,10 +72,16 @@ class FalconxSandboxReportV1
attr_accessor :extracted_interesting_strings
+ attr_accessor :file_data_directories
+
attr_accessor :file_imports
attr_accessor :file_metadata
+ attr_accessor :file_resources
+
+ attr_accessor :file_sections
+
attr_accessor :file_size
attr_accessor :file_type
@@ -70,6 +90,12 @@ class FalconxSandboxReportV1
attr_accessor :http_requests
+ attr_accessor :icon
+
+ attr_accessor :image_base
+
+ attr_accessor :image_file_characteristics
+
attr_accessor :incidents
attr_accessor :intelligence_mitre_attacks
@@ -78,6 +104,12 @@ class FalconxSandboxReportV1
attr_accessor :ioc_report_strict_artifact_id
+ attr_accessor :is_certificates_valid
+
+ attr_accessor :language
+
+ attr_accessor :major_os_version
+
attr_accessor :memory_dumps
attr_accessor :memory_dumps_artifact_id
@@ -86,6 +118,8 @@ class FalconxSandboxReportV1
attr_accessor :memory_strings_artifact_id
+ attr_accessor :minor_os_version
+
attr_accessor :mitre_attacks
attr_accessor :network_settings
@@ -110,6 +144,8 @@ class FalconxSandboxReportV1
attr_accessor :submit_url
+ attr_accessor :subsystem
+
attr_accessor :suricata_alerts
attr_accessor :target_url
@@ -122,6 +158,8 @@ class FalconxSandboxReportV1
attr_accessor :version_info
+ attr_accessor :visualization
+
attr_accessor :windows_version_bitness
attr_accessor :windows_version_edition
@@ -136,10 +174,17 @@ class FalconxSandboxReportV1
def self.attribute_map
{
:'architecture' => :'architecture',
+ :'certificates' => :'certificates',
+ :'certificates_validation_message' => :'certificates_validation_message',
:'classification' => :'classification',
:'classification_tags' => :'classification_tags',
:'contacted_hosts' => :'contacted_hosts',
+ :'dll_characteristics' => :'dll_characteristics',
:'dns_requests' => :'dns_requests',
+ :'entrypoint' => :'entrypoint',
+ :'entrypoint_preview_count' => :'entrypoint_preview_count',
+ :'entrypoint_preview_instructions' => :'entrypoint_preview_instructions',
+ :'entrypoint_section' => :'entrypoint_section',
:'environment_description' => :'environment_description',
:'environment_id' => :'environment_id',
:'error_message' => :'error_message',
@@ -148,20 +193,30 @@ def self.attribute_map
:'exact_deep_hash' => :'exact_deep_hash',
:'extracted_files' => :'extracted_files',
:'extracted_interesting_strings' => :'extracted_interesting_strings',
+ :'file_data_directories' => :'file_data_directories',
:'file_imports' => :'file_imports',
:'file_metadata' => :'file_metadata',
+ :'file_resources' => :'file_resources',
+ :'file_sections' => :'file_sections',
:'file_size' => :'file_size',
:'file_type' => :'file_type',
:'file_type_short' => :'file_type_short',
:'http_requests' => :'http_requests',
+ :'icon' => :'icon',
+ :'image_base' => :'image_base',
+ :'image_file_characteristics' => :'image_file_characteristics',
:'incidents' => :'incidents',
:'intelligence_mitre_attacks' => :'intelligence_mitre_attacks',
:'ioc_report_broad_artifact_id' => :'ioc_report_broad_artifact_id',
:'ioc_report_strict_artifact_id' => :'ioc_report_strict_artifact_id',
+ :'is_certificates_valid' => :'is_certificates_valid',
+ :'language' => :'language',
+ :'major_os_version' => :'major_os_version',
:'memory_dumps' => :'memory_dumps',
:'memory_dumps_artifact_id' => :'memory_dumps_artifact_id',
:'memory_forensics' => :'memory_forensics',
:'memory_strings_artifact_id' => :'memory_strings_artifact_id',
+ :'minor_os_version' => :'minor_os_version',
:'mitre_attacks' => :'mitre_attacks',
:'network_settings' => :'network_settings',
:'packer' => :'packer',
@@ -174,12 +229,14 @@ def self.attribute_map
:'submission_type' => :'submission_type',
:'submit_name' => :'submit_name',
:'submit_url' => :'submit_url',
+ :'subsystem' => :'subsystem',
:'suricata_alerts' => :'suricata_alerts',
:'target_url' => :'target_url',
:'threat_score' => :'threat_score',
:'urls' => :'urls',
:'verdict' => :'verdict',
:'version_info' => :'version_info',
+ :'visualization' => :'visualization',
:'windows_version_bitness' => :'windows_version_bitness',
:'windows_version_edition' => :'windows_version_edition',
:'windows_version_name' => :'windows_version_name',
@@ -197,10 +254,17 @@ def self.acceptable_attributes
def self.openapi_types
{
:'architecture' => :'String',
+ :'certificates' => :'Array',
+ :'certificates_validation_message' => :'String',
:'classification' => :'Array',
:'classification_tags' => :'Array',
:'contacted_hosts' => :'Array',
+ :'dll_characteristics' => :'Array',
:'dns_requests' => :'Array',
+ :'entrypoint' => :'String',
+ :'entrypoint_preview_count' => :'Integer',
+ :'entrypoint_preview_instructions' => :'Array',
+ :'entrypoint_section' => :'String',
:'environment_description' => :'String',
:'environment_id' => :'Integer',
:'error_message' => :'String',
@@ -209,20 +273,30 @@ def self.openapi_types
:'exact_deep_hash' => :'String',
:'extracted_files' => :'Array',
:'extracted_interesting_strings' => :'Array',
+ :'file_data_directories' => :'Array',
:'file_imports' => :'Array',
:'file_metadata' => :'FalconxFileMetadata',
+ :'file_resources' => :'Array',
+ :'file_sections' => :'Array',
:'file_size' => :'Integer',
:'file_type' => :'String',
:'file_type_short' => :'Array',
:'http_requests' => :'Array',
+ :'icon' => :'String',
+ :'image_base' => :'String',
+ :'image_file_characteristics' => :'Array',
:'incidents' => :'Array',
:'intelligence_mitre_attacks' => :'Array',
:'ioc_report_broad_artifact_id' => :'String',
:'ioc_report_strict_artifact_id' => :'String',
+ :'is_certificates_valid' => :'Boolean',
+ :'language' => :'String',
+ :'major_os_version' => :'Integer',
:'memory_dumps' => :'Array',
:'memory_dumps_artifact_id' => :'String',
:'memory_forensics' => :'Array',
:'memory_strings_artifact_id' => :'String',
+ :'minor_os_version' => :'Integer',
:'mitre_attacks' => :'Array',
:'network_settings' => :'String',
:'packer' => :'String',
@@ -235,12 +309,14 @@ def self.openapi_types
:'submission_type' => :'String',
:'submit_name' => :'String',
:'submit_url' => :'String',
+ :'subsystem' => :'String',
:'suricata_alerts' => :'Array',
:'target_url' => :'String',
:'threat_score' => :'Integer',
:'urls' => :'Array',
:'verdict' => :'String',
:'version_info' => :'Array',
+ :'visualization' => :'String',
:'windows_version_bitness' => :'Integer',
:'windows_version_edition' => :'String',
:'windows_version_name' => :'String',
@@ -274,6 +350,16 @@ def initialize(attributes = {})
self.architecture = attributes[:'architecture']
end
+ if attributes.key?(:'certificates')
+ if (value = attributes[:'certificates']).is_a?(Array)
+ self.certificates = value
+ end
+ end
+
+ if attributes.key?(:'certificates_validation_message')
+ self.certificates_validation_message = attributes[:'certificates_validation_message']
+ end
+
if attributes.key?(:'classification')
if (value = attributes[:'classification']).is_a?(Array)
self.classification = value
@@ -292,12 +378,36 @@ def initialize(attributes = {})
end
end
+ if attributes.key?(:'dll_characteristics')
+ if (value = attributes[:'dll_characteristics']).is_a?(Array)
+ self.dll_characteristics = value
+ end
+ end
+
if attributes.key?(:'dns_requests')
if (value = attributes[:'dns_requests']).is_a?(Array)
self.dns_requests = value
end
end
+ if attributes.key?(:'entrypoint')
+ self.entrypoint = attributes[:'entrypoint']
+ end
+
+ if attributes.key?(:'entrypoint_preview_count')
+ self.entrypoint_preview_count = attributes[:'entrypoint_preview_count']
+ end
+
+ if attributes.key?(:'entrypoint_preview_instructions')
+ if (value = attributes[:'entrypoint_preview_instructions']).is_a?(Array)
+ self.entrypoint_preview_instructions = value
+ end
+ end
+
+ if attributes.key?(:'entrypoint_section')
+ self.entrypoint_section = attributes[:'entrypoint_section']
+ end
+
if attributes.key?(:'environment_description')
self.environment_description = attributes[:'environment_description']
end
@@ -334,6 +444,12 @@ def initialize(attributes = {})
end
end
+ if attributes.key?(:'file_data_directories')
+ if (value = attributes[:'file_data_directories']).is_a?(Array)
+ self.file_data_directories = value
+ end
+ end
+
if attributes.key?(:'file_imports')
if (value = attributes[:'file_imports']).is_a?(Array)
self.file_imports = value
@@ -344,6 +460,18 @@ def initialize(attributes = {})
self.file_metadata = attributes[:'file_metadata']
end
+ if attributes.key?(:'file_resources')
+ if (value = attributes[:'file_resources']).is_a?(Array)
+ self.file_resources = value
+ end
+ end
+
+ if attributes.key?(:'file_sections')
+ if (value = attributes[:'file_sections']).is_a?(Array)
+ self.file_sections = value
+ end
+ end
+
if attributes.key?(:'file_size')
self.file_size = attributes[:'file_size']
end
@@ -364,6 +492,20 @@ def initialize(attributes = {})
end
end
+ if attributes.key?(:'icon')
+ self.icon = attributes[:'icon']
+ end
+
+ if attributes.key?(:'image_base')
+ self.image_base = attributes[:'image_base']
+ end
+
+ if attributes.key?(:'image_file_characteristics')
+ if (value = attributes[:'image_file_characteristics']).is_a?(Array)
+ self.image_file_characteristics = value
+ end
+ end
+
if attributes.key?(:'incidents')
if (value = attributes[:'incidents']).is_a?(Array)
self.incidents = value
@@ -384,6 +526,18 @@ def initialize(attributes = {})
self.ioc_report_strict_artifact_id = attributes[:'ioc_report_strict_artifact_id']
end
+ if attributes.key?(:'is_certificates_valid')
+ self.is_certificates_valid = attributes[:'is_certificates_valid']
+ end
+
+ if attributes.key?(:'language')
+ self.language = attributes[:'language']
+ end
+
+ if attributes.key?(:'major_os_version')
+ self.major_os_version = attributes[:'major_os_version']
+ end
+
if attributes.key?(:'memory_dumps')
if (value = attributes[:'memory_dumps']).is_a?(Array)
self.memory_dumps = value
@@ -404,6 +558,10 @@ def initialize(attributes = {})
self.memory_strings_artifact_id = attributes[:'memory_strings_artifact_id']
end
+ if attributes.key?(:'minor_os_version')
+ self.minor_os_version = attributes[:'minor_os_version']
+ end
+
if attributes.key?(:'mitre_attacks')
if (value = attributes[:'mitre_attacks']).is_a?(Array)
self.mitre_attacks = value
@@ -462,6 +620,10 @@ def initialize(attributes = {})
self.submit_url = attributes[:'submit_url']
end
+ if attributes.key?(:'subsystem')
+ self.subsystem = attributes[:'subsystem']
+ end
+
if attributes.key?(:'suricata_alerts')
if (value = attributes[:'suricata_alerts']).is_a?(Array)
self.suricata_alerts = value
@@ -492,6 +654,10 @@ def initialize(attributes = {})
end
end
+ if attributes.key?(:'visualization')
+ self.visualization = attributes[:'visualization']
+ end
+
if attributes.key?(:'windows_version_bitness')
self.windows_version_bitness = attributes[:'windows_version_bitness']
end
@@ -517,12 +683,17 @@ def initialize(attributes = {})
# @return Array for valid properties with the reasons
def list_invalid_properties
invalid_properties = Array.new
+ if @is_certificates_valid.nil?
+ invalid_properties.push('invalid value for "is_certificates_valid", is_certificates_valid cannot be nil.')
+ end
+
invalid_properties
end
# Check to see if the all the properties in the model are valid
# @return true if the model is valid
def valid?
+ return false if @is_certificates_valid.nil?
true
end
@@ -532,10 +703,17 @@ def ==(o)
return true if self.equal?(o)
self.class == o.class &&
architecture == o.architecture &&
+ certificates == o.certificates &&
+ certificates_validation_message == o.certificates_validation_message &&
classification == o.classification &&
classification_tags == o.classification_tags &&
contacted_hosts == o.contacted_hosts &&
+ dll_characteristics == o.dll_characteristics &&
dns_requests == o.dns_requests &&
+ entrypoint == o.entrypoint &&
+ entrypoint_preview_count == o.entrypoint_preview_count &&
+ entrypoint_preview_instructions == o.entrypoint_preview_instructions &&
+ entrypoint_section == o.entrypoint_section &&
environment_description == o.environment_description &&
environment_id == o.environment_id &&
error_message == o.error_message &&
@@ -544,20 +722,30 @@ def ==(o)
exact_deep_hash == o.exact_deep_hash &&
extracted_files == o.extracted_files &&
extracted_interesting_strings == o.extracted_interesting_strings &&
+ file_data_directories == o.file_data_directories &&
file_imports == o.file_imports &&
file_metadata == o.file_metadata &&
+ file_resources == o.file_resources &&
+ file_sections == o.file_sections &&
file_size == o.file_size &&
file_type == o.file_type &&
file_type_short == o.file_type_short &&
http_requests == o.http_requests &&
+ icon == o.icon &&
+ image_base == o.image_base &&
+ image_file_characteristics == o.image_file_characteristics &&
incidents == o.incidents &&
intelligence_mitre_attacks == o.intelligence_mitre_attacks &&
ioc_report_broad_artifact_id == o.ioc_report_broad_artifact_id &&
ioc_report_strict_artifact_id == o.ioc_report_strict_artifact_id &&
+ is_certificates_valid == o.is_certificates_valid &&
+ language == o.language &&
+ major_os_version == o.major_os_version &&
memory_dumps == o.memory_dumps &&
memory_dumps_artifact_id == o.memory_dumps_artifact_id &&
memory_forensics == o.memory_forensics &&
memory_strings_artifact_id == o.memory_strings_artifact_id &&
+ minor_os_version == o.minor_os_version &&
mitre_attacks == o.mitre_attacks &&
network_settings == o.network_settings &&
packer == o.packer &&
@@ -570,12 +758,14 @@ def ==(o)
submission_type == o.submission_type &&
submit_name == o.submit_name &&
submit_url == o.submit_url &&
+ subsystem == o.subsystem &&
suricata_alerts == o.suricata_alerts &&
target_url == o.target_url &&
threat_score == o.threat_score &&
urls == o.urls &&
verdict == o.verdict &&
version_info == o.version_info &&
+ visualization == o.visualization &&
windows_version_bitness == o.windows_version_bitness &&
windows_version_edition == o.windows_version_edition &&
windows_version_name == o.windows_version_name &&
@@ -592,7 +782,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [architecture, classification, classification_tags, contacted_hosts, dns_requests, environment_description, environment_id, error_message, error_origin, error_type, exact_deep_hash, extracted_files, extracted_interesting_strings, file_imports, file_metadata, file_size, file_type, file_type_short, http_requests, incidents, intelligence_mitre_attacks, ioc_report_broad_artifact_id, ioc_report_strict_artifact_id, memory_dumps, memory_dumps_artifact_id, memory_forensics, memory_strings_artifact_id, mitre_attacks, network_settings, packer, pcap_report_artifact_id, processes, sample_flags, screenshots_artifact_ids, sha256, signatures, submission_type, submit_name, submit_url, suricata_alerts, target_url, threat_score, urls, verdict, version_info, windows_version_bitness, windows_version_edition, windows_version_name, windows_version_service_pack, windows_version_version].hash
+ [architecture, certificates, certificates_validation_message, classification, classification_tags, contacted_hosts, dll_characteristics, dns_requests, entrypoint, entrypoint_preview_count, entrypoint_preview_instructions, entrypoint_section, environment_description, environment_id, error_message, error_origin, error_type, exact_deep_hash, extracted_files, extracted_interesting_strings, file_data_directories, file_imports, file_metadata, file_resources, file_sections, file_size, file_type, file_type_short, http_requests, icon, image_base, image_file_characteristics, incidents, intelligence_mitre_attacks, ioc_report_broad_artifact_id, ioc_report_strict_artifact_id, is_certificates_valid, language, major_os_version, memory_dumps, memory_dumps_artifact_id, memory_forensics, memory_strings_artifact_id, minor_os_version, mitre_attacks, network_settings, packer, pcap_report_artifact_id, processes, sample_flags, screenshots_artifact_ids, sha256, signatures, submission_type, submit_name, submit_url, subsystem, suricata_alerts, target_url, threat_score, urls, verdict, version_info, visualization, windows_version_bitness, windows_version_edition, windows_version_name, windows_version_service_pack, windows_version_version].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/fwmgr_firewall_match_event_response.rb b/lib/crimson-falcon/models/fwmgr_firewall_match_event_response.rb
index aa32d989..d0b22461 100644
--- a/lib/crimson-falcon/models/fwmgr_firewall_match_event_response.rb
+++ b/lib/crimson-falcon/models/fwmgr_firewall_match_event_response.rb
@@ -40,6 +40,8 @@ class FwmgrFirewallMatchEventResponse
attr_accessor :connection_direction
+ attr_accessor :domain_name_list
+
attr_accessor :event_type
attr_accessor :flags
@@ -107,6 +109,7 @@ def self.attribute_map
:'cid' => :'cid',
:'command_line' => :'command_line',
:'connection_direction' => :'connection_direction',
+ :'domain_name_list' => :'domain_name_list',
:'event_type' => :'event_type',
:'flags' => :'flags',
:'hidden' => :'hidden',
@@ -152,6 +155,7 @@ def self.openapi_types
:'cid' => :'String',
:'command_line' => :'String',
:'connection_direction' => :'String',
+ :'domain_name_list' => :'String',
:'event_type' => :'String',
:'flags' => :'FwmgrFirewallFlags',
:'hidden' => :'Boolean',
@@ -222,6 +226,10 @@ def initialize(attributes = {})
self.connection_direction = attributes[:'connection_direction']
end
+ if attributes.key?(:'domain_name_list')
+ self.domain_name_list = attributes[:'domain_name_list']
+ end
+
if attributes.key?(:'event_type')
self.event_type = attributes[:'event_type']
end
@@ -363,6 +371,10 @@ def list_invalid_properties
invalid_properties.push('invalid value for "connection_direction", connection_direction cannot be nil.')
end
+ if @domain_name_list.nil?
+ invalid_properties.push('invalid value for "domain_name_list", domain_name_list cannot be nil.')
+ end
+
if @event_type.nil?
invalid_properties.push('invalid value for "event_type", event_type cannot be nil.')
end
@@ -493,6 +505,7 @@ def valid?
return false if @cid.nil?
return false if @command_line.nil?
return false if @connection_direction.nil?
+ return false if @domain_name_list.nil?
return false if @event_type.nil?
return false if @flags.nil?
return false if @hidden.nil?
@@ -535,6 +548,7 @@ def ==(o)
cid == o.cid &&
command_line == o.command_line &&
connection_direction == o.connection_direction &&
+ domain_name_list == o.domain_name_list &&
event_type == o.event_type &&
flags == o.flags &&
hidden == o.hidden &&
@@ -576,7 +590,7 @@ def eql?(o)
# Calculates hash code according to all attributes.
# @return [Integer] Hash code
def hash
- [aid, cid, command_line, connection_direction, event_type, flags, hidden, host_name, icmp_code, icmp_type, id, image_file_name, ipv, local_address, local_port, match_count, match_count_since_last_event, network_profile, pid, platform, policy_id, policy_name, protocol, remote_address, remote_port, rule_action, rule_description, rule_family_id, rule_group_name, rule_id, rule_name, status, timestamp, tree_id].hash
+ [aid, cid, command_line, connection_direction, domain_name_list, event_type, flags, hidden, host_name, icmp_code, icmp_type, id, image_file_name, ipv, local_address, local_port, match_count, match_count_since_last_event, network_profile, pid, platform, policy_id, policy_name, protocol, remote_address, remote_port, rule_action, rule_description, rule_family_id, rule_group_name, rule_id, rule_name, status, timestamp, tree_id].hash
end
# Builds the object from hash
diff --git a/lib/crimson-falcon/models/images_ext_combined_images_response.rb b/lib/crimson-falcon/models/images_ext_combined_images_response.rb
new file mode 100644
index 00000000..21a0d044
--- /dev/null
+++ b/lib/crimson-falcon/models/images_ext_combined_images_response.rb
@@ -0,0 +1,266 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class ImagesExtCombinedImagesResponse
+ attr_accessor :errors
+
+ attr_accessor :meta
+
+ attr_accessor :resources
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'errors' => :'errors',
+ :'meta' => :'meta',
+ :'resources' => :'resources'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'errors' => :'Array',
+ :'meta' => :'MsaspecMetaInfo',
+ :'resources' => :'Array'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ImagesExtCombinedImagesResponse` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ImagesExtCombinedImagesResponse`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'errors')
+ if (value = attributes[:'errors']).is_a?(Array)
+ self.errors = value
+ end
+ end
+
+ if attributes.key?(:'meta')
+ self.meta = attributes[:'meta']
+ end
+
+ if attributes.key?(:'resources')
+ if (value = attributes[:'resources']).is_a?(Array)
+ self.resources = value
+ end
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ if @meta.nil?
+ invalid_properties.push('invalid value for "meta", meta cannot be nil.')
+ end
+
+ if @resources.nil?
+ invalid_properties.push('invalid value for "resources", resources cannot be nil.')
+ end
+
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ return false if @meta.nil?
+ return false if @resources.nil?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ errors == o.errors &&
+ meta == o.meta &&
+ resources == o.resources
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [errors, meta, resources].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/internal_sensor_status.rb b/lib/crimson-falcon/models/internal_sensor_status.rb
new file mode 100644
index 00000000..7362c1d4
--- /dev/null
+++ b/lib/crimson-falcon/models/internal_sensor_status.rb
@@ -0,0 +1,325 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class InternalSensorStatus
+ attr_accessor :agent_version
+
+ attr_accessor :cid
+
+ attr_accessor :device_id
+
+ attr_accessor :hostname
+
+ attr_accessor :idp_policy_id
+
+ attr_accessor :idp_policy_name
+
+ attr_accessor :local_ip
+
+ attr_accessor :machine_domain
+
+ attr_accessor :os_version
+
+ attr_accessor :ti_enabled
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'agent_version' => :'agent_version',
+ :'cid' => :'cid',
+ :'device_id' => :'device_id',
+ :'hostname' => :'hostname',
+ :'idp_policy_id' => :'idp_policy_id',
+ :'idp_policy_name' => :'idp_policy_name',
+ :'local_ip' => :'local_ip',
+ :'machine_domain' => :'machine_domain',
+ :'os_version' => :'os_version',
+ :'ti_enabled' => :'ti_enabled'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'agent_version' => :'String',
+ :'cid' => :'String',
+ :'device_id' => :'String',
+ :'hostname' => :'String',
+ :'idp_policy_id' => :'String',
+ :'idp_policy_name' => :'String',
+ :'local_ip' => :'String',
+ :'machine_domain' => :'String',
+ :'os_version' => :'String',
+ :'ti_enabled' => :'String'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::InternalSensorStatus` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::InternalSensorStatus`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'agent_version')
+ self.agent_version = attributes[:'agent_version']
+ end
+
+ if attributes.key?(:'cid')
+ self.cid = attributes[:'cid']
+ end
+
+ if attributes.key?(:'device_id')
+ self.device_id = attributes[:'device_id']
+ end
+
+ if attributes.key?(:'hostname')
+ self.hostname = attributes[:'hostname']
+ end
+
+ if attributes.key?(:'idp_policy_id')
+ self.idp_policy_id = attributes[:'idp_policy_id']
+ end
+
+ if attributes.key?(:'idp_policy_name')
+ self.idp_policy_name = attributes[:'idp_policy_name']
+ end
+
+ if attributes.key?(:'local_ip')
+ self.local_ip = attributes[:'local_ip']
+ end
+
+ if attributes.key?(:'machine_domain')
+ self.machine_domain = attributes[:'machine_domain']
+ end
+
+ if attributes.key?(:'os_version')
+ self.os_version = attributes[:'os_version']
+ end
+
+ if attributes.key?(:'ti_enabled')
+ self.ti_enabled = attributes[:'ti_enabled']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ if @cid.nil?
+ invalid_properties.push('invalid value for "cid", cid cannot be nil.')
+ end
+
+ if @device_id.nil?
+ invalid_properties.push('invalid value for "device_id", device_id cannot be nil.')
+ end
+
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ return false if @cid.nil?
+ return false if @device_id.nil?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ agent_version == o.agent_version &&
+ cid == o.cid &&
+ device_id == o.device_id &&
+ hostname == o.hostname &&
+ idp_policy_id == o.idp_policy_id &&
+ idp_policy_name == o.idp_policy_name &&
+ local_ip == o.local_ip &&
+ machine_domain == o.machine_domain &&
+ os_version == o.os_version &&
+ ti_enabled == o.ti_enabled
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [agent_version, cid, device_id, hostname, idp_policy_id, idp_policy_name, local_ip, machine_domain, os_version, ti_enabled].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/models_credentials.rb b/lib/crimson-falcon/models/models_credentials.rb
new file mode 100644
index 00000000..370faa7a
--- /dev/null
+++ b/lib/crimson-falcon/models/models_credentials.rb
@@ -0,0 +1,239 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class ModelsCredentials
+ attr_accessor :token
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'token' => :'token'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'token' => :'String'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ModelsCredentials` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ModelsCredentials`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'token')
+ self.token = attributes[:'token']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ if @token.nil?
+ invalid_properties.push('invalid value for "token", token cannot be nil.')
+ end
+
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ return false if @token.nil?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ token == o.token
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [token].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/models_ext_api_image_combined.rb b/lib/crimson-falcon/models/models_ext_api_image_combined.rb
new file mode 100644
index 00000000..52a42b7d
--- /dev/null
+++ b/lib/crimson-falcon/models/models_ext_api_image_combined.rb
@@ -0,0 +1,491 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class ModelsExtAPIImageCombined
+ attr_accessor :base_os
+
+ attr_accessor :cid
+
+ attr_accessor :containers
+
+ attr_accessor :detections
+
+ attr_accessor :first_seen
+
+ attr_accessor :highest_detection_severity
+
+ attr_accessor :highest_vulnerability_severity
+
+ attr_accessor :image_digest
+
+ attr_accessor :image_id
+
+ attr_accessor :last_seen
+
+ attr_accessor :layers_with_vulnerabilities
+
+ attr_accessor :packages
+
+ attr_accessor :registry
+
+ attr_accessor :report_url_by_id_and_digest
+
+ attr_accessor :report_url_by_repo_and_tag
+
+ attr_accessor :repository
+
+ attr_accessor :tag
+
+ attr_accessor :vulnerabilities
+
+ attr_accessor :warning
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'base_os' => :'base_os',
+ :'cid' => :'cid',
+ :'containers' => :'containers',
+ :'detections' => :'detections',
+ :'first_seen' => :'first_seen',
+ :'highest_detection_severity' => :'highest_detection_severity',
+ :'highest_vulnerability_severity' => :'highest_vulnerability_severity',
+ :'image_digest' => :'image_digest',
+ :'image_id' => :'image_id',
+ :'last_seen' => :'last_seen',
+ :'layers_with_vulnerabilities' => :'layers_with_vulnerabilities',
+ :'packages' => :'packages',
+ :'registry' => :'registry',
+ :'report_url_by_id_and_digest' => :'report_url_by_id_and_digest',
+ :'report_url_by_repo_and_tag' => :'report_url_by_repo_and_tag',
+ :'repository' => :'repository',
+ :'tag' => :'tag',
+ :'vulnerabilities' => :'vulnerabilities',
+ :'warning' => :'warning'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'base_os' => :'String',
+ :'cid' => :'String',
+ :'containers' => :'Integer',
+ :'detections' => :'Integer',
+ :'first_seen' => :'String',
+ :'highest_detection_severity' => :'String',
+ :'highest_vulnerability_severity' => :'String',
+ :'image_digest' => :'String',
+ :'image_id' => :'String',
+ :'last_seen' => :'String',
+ :'layers_with_vulnerabilities' => :'Integer',
+ :'packages' => :'Integer',
+ :'registry' => :'String',
+ :'report_url_by_id_and_digest' => :'String',
+ :'report_url_by_repo_and_tag' => :'String',
+ :'repository' => :'String',
+ :'tag' => :'String',
+ :'vulnerabilities' => :'Integer',
+ :'warning' => :'Integer'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ModelsExtAPIImageCombined` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ModelsExtAPIImageCombined`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'base_os')
+ self.base_os = attributes[:'base_os']
+ end
+
+ if attributes.key?(:'cid')
+ self.cid = attributes[:'cid']
+ end
+
+ if attributes.key?(:'containers')
+ self.containers = attributes[:'containers']
+ end
+
+ if attributes.key?(:'detections')
+ self.detections = attributes[:'detections']
+ end
+
+ if attributes.key?(:'first_seen')
+ self.first_seen = attributes[:'first_seen']
+ end
+
+ if attributes.key?(:'highest_detection_severity')
+ self.highest_detection_severity = attributes[:'highest_detection_severity']
+ end
+
+ if attributes.key?(:'highest_vulnerability_severity')
+ self.highest_vulnerability_severity = attributes[:'highest_vulnerability_severity']
+ end
+
+ if attributes.key?(:'image_digest')
+ self.image_digest = attributes[:'image_digest']
+ end
+
+ if attributes.key?(:'image_id')
+ self.image_id = attributes[:'image_id']
+ end
+
+ if attributes.key?(:'last_seen')
+ self.last_seen = attributes[:'last_seen']
+ end
+
+ if attributes.key?(:'layers_with_vulnerabilities')
+ self.layers_with_vulnerabilities = attributes[:'layers_with_vulnerabilities']
+ end
+
+ if attributes.key?(:'packages')
+ self.packages = attributes[:'packages']
+ end
+
+ if attributes.key?(:'registry')
+ self.registry = attributes[:'registry']
+ end
+
+ if attributes.key?(:'report_url_by_id_and_digest')
+ self.report_url_by_id_and_digest = attributes[:'report_url_by_id_and_digest']
+ end
+
+ if attributes.key?(:'report_url_by_repo_and_tag')
+ self.report_url_by_repo_and_tag = attributes[:'report_url_by_repo_and_tag']
+ end
+
+ if attributes.key?(:'repository')
+ self.repository = attributes[:'repository']
+ end
+
+ if attributes.key?(:'tag')
+ self.tag = attributes[:'tag']
+ end
+
+ if attributes.key?(:'vulnerabilities')
+ self.vulnerabilities = attributes[:'vulnerabilities']
+ end
+
+ if attributes.key?(:'warning')
+ self.warning = attributes[:'warning']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ if @base_os.nil?
+ invalid_properties.push('invalid value for "base_os", base_os cannot be nil.')
+ end
+
+ if @cid.nil?
+ invalid_properties.push('invalid value for "cid", cid cannot be nil.')
+ end
+
+ if @containers.nil?
+ invalid_properties.push('invalid value for "containers", containers cannot be nil.')
+ end
+
+ if @detections.nil?
+ invalid_properties.push('invalid value for "detections", detections cannot be nil.')
+ end
+
+ if @first_seen.nil?
+ invalid_properties.push('invalid value for "first_seen", first_seen cannot be nil.')
+ end
+
+ if @highest_detection_severity.nil?
+ invalid_properties.push('invalid value for "highest_detection_severity", highest_detection_severity cannot be nil.')
+ end
+
+ if @highest_vulnerability_severity.nil?
+ invalid_properties.push('invalid value for "highest_vulnerability_severity", highest_vulnerability_severity cannot be nil.')
+ end
+
+ if @image_digest.nil?
+ invalid_properties.push('invalid value for "image_digest", image_digest cannot be nil.')
+ end
+
+ if @image_id.nil?
+ invalid_properties.push('invalid value for "image_id", image_id cannot be nil.')
+ end
+
+ if @last_seen.nil?
+ invalid_properties.push('invalid value for "last_seen", last_seen cannot be nil.')
+ end
+
+ if @layers_with_vulnerabilities.nil?
+ invalid_properties.push('invalid value for "layers_with_vulnerabilities", layers_with_vulnerabilities cannot be nil.')
+ end
+
+ if @packages.nil?
+ invalid_properties.push('invalid value for "packages", packages cannot be nil.')
+ end
+
+ if @registry.nil?
+ invalid_properties.push('invalid value for "registry", registry cannot be nil.')
+ end
+
+ if @report_url_by_id_and_digest.nil?
+ invalid_properties.push('invalid value for "report_url_by_id_and_digest", report_url_by_id_and_digest cannot be nil.')
+ end
+
+ if @report_url_by_repo_and_tag.nil?
+ invalid_properties.push('invalid value for "report_url_by_repo_and_tag", report_url_by_repo_and_tag cannot be nil.')
+ end
+
+ if @repository.nil?
+ invalid_properties.push('invalid value for "repository", repository cannot be nil.')
+ end
+
+ if @tag.nil?
+ invalid_properties.push('invalid value for "tag", tag cannot be nil.')
+ end
+
+ if @vulnerabilities.nil?
+ invalid_properties.push('invalid value for "vulnerabilities", vulnerabilities cannot be nil.')
+ end
+
+ if @warning.nil?
+ invalid_properties.push('invalid value for "warning", warning cannot be nil.')
+ end
+
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ return false if @base_os.nil?
+ return false if @cid.nil?
+ return false if @containers.nil?
+ return false if @detections.nil?
+ return false if @first_seen.nil?
+ return false if @highest_detection_severity.nil?
+ return false if @highest_vulnerability_severity.nil?
+ return false if @image_digest.nil?
+ return false if @image_id.nil?
+ return false if @last_seen.nil?
+ return false if @layers_with_vulnerabilities.nil?
+ return false if @packages.nil?
+ return false if @registry.nil?
+ return false if @report_url_by_id_and_digest.nil?
+ return false if @report_url_by_repo_and_tag.nil?
+ return false if @repository.nil?
+ return false if @tag.nil?
+ return false if @vulnerabilities.nil?
+ return false if @warning.nil?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ base_os == o.base_os &&
+ cid == o.cid &&
+ containers == o.containers &&
+ detections == o.detections &&
+ first_seen == o.first_seen &&
+ highest_detection_severity == o.highest_detection_severity &&
+ highest_vulnerability_severity == o.highest_vulnerability_severity &&
+ image_digest == o.image_digest &&
+ image_id == o.image_id &&
+ last_seen == o.last_seen &&
+ layers_with_vulnerabilities == o.layers_with_vulnerabilities &&
+ packages == o.packages &&
+ registry == o.registry &&
+ report_url_by_id_and_digest == o.report_url_by_id_and_digest &&
+ report_url_by_repo_and_tag == o.report_url_by_repo_and_tag &&
+ repository == o.repository &&
+ tag == o.tag &&
+ vulnerabilities == o.vulnerabilities &&
+ warning == o.warning
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [base_os, cid, containers, detections, first_seen, highest_detection_severity, highest_vulnerability_severity, image_digest, image_id, last_seen, layers_with_vulnerabilities, packages, registry, report_url_by_id_and_digest, report_url_by_repo_and_tag, repository, tag, vulnerabilities, warning].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?.+)>\z/
+ inner_type = Regexp.last_match[:inner_type]
+ value.map { |v| _deserialize(inner_type, v) }
+ when /\AHash<(?.+?), (?.+)>\z/
+ k_type = Regexp.last_match[:k_type]
+ v_type = Regexp.last_match[:v_type]
+ {}.tap do |hash|
+ value.each do |k, v|
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
+ end
+ end
+ else # model
+ # models (e.g. Pet) or oneOf
+ klass = Falcon.const_get(type)
+ klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
+ end
+ end
+
+ # Returns the string representation of the object
+ # @return [String] String presentation of the object
+ def to_s
+ to_hash.to_s
+ end
+
+ # to_body is an alias to to_hash (backward compatibility)
+ # @return [Hash] Returns the object in the form of hash
+ def to_body
+ to_hash
+ end
+
+ # Returns the object in the form of hash
+ # @return [Hash] Returns the object in the form of hash
+ def to_hash
+ hash = {}
+ self.class.attribute_map.each_pair do |attr, param|
+ value = self.send(attr)
+ if value.nil?
+ is_nullable = self.class.openapi_nullable.include?(attr)
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+ end
+
+ hash[param] = _to_hash(value)
+ end
+ hash
+ end
+
+ # Outputs non-array value in the form of hash
+ # For object, use to_hash. Otherwise, just return the value
+ # @param [Object] value Any valid value
+ # @return [Hash] Returns the value in the form of hash
+ def _to_hash(value)
+ if value.is_a?(Array)
+ value.compact.map { |v| _to_hash(v) }
+ elsif value.is_a?(Hash)
+ {}.tap do |hash|
+ value.each { |k, v| hash[k] = _to_hash(v) }
+ end
+ elsif value.respond_to? :to_hash
+ value.to_hash
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/lib/crimson-falcon/models/models_job_meta_data.rb b/lib/crimson-falcon/models/models_job_meta_data.rb
new file mode 100644
index 00000000..aeb606e5
--- /dev/null
+++ b/lib/crimson-falcon/models/models_job_meta_data.rb
@@ -0,0 +1,337 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'date'
+require 'time'
+
+module Falcon
+ class ModelsJobMetaData
+ attr_accessor :cloud_provider
+
+ attr_accessor :instance_id
+
+ attr_accessor :job_end_time
+
+ attr_accessor :job_id
+
+ attr_accessor :job_start_time
+
+ attr_accessor :message
+
+ attr_accessor :scanner_version
+
+ attr_accessor :status
+
+ # Attribute mapping from ruby-style variable name to JSON key.
+ def self.attribute_map
+ {
+ :'cloud_provider' => :'cloud_provider',
+ :'instance_id' => :'instance_id',
+ :'job_end_time' => :'job_end_time',
+ :'job_id' => :'job_id',
+ :'job_start_time' => :'job_start_time',
+ :'message' => :'message',
+ :'scanner_version' => :'scanner_version',
+ :'status' => :'status'
+ }
+ end
+
+ # Returns all the JSON keys this model knows about
+ def self.acceptable_attributes
+ attribute_map.values
+ end
+
+ # Attribute type mapping.
+ def self.openapi_types
+ {
+ :'cloud_provider' => :'String',
+ :'instance_id' => :'String',
+ :'job_end_time' => :'Time',
+ :'job_id' => :'String',
+ :'job_start_time' => :'Time',
+ :'message' => :'String',
+ :'scanner_version' => :'String',
+ :'status' => :'String'
+ }
+ end
+
+ # List of attributes with nullable: true
+ def self.openapi_nullable
+ Set.new([
+ ])
+ end
+
+ # Initializes the object
+ # @param [Hash] attributes Model attributes in the form of hash
+ def initialize(attributes = {})
+ if (!attributes.is_a?(Hash))
+ fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::ModelsJobMetaData` initialize method"
+ end
+
+ # check to see if the attribute exists and convert string to symbol for hash key
+ attributes = attributes.each_with_object({}) { |(k, v), h|
+ if (!self.class.attribute_map.key?(k.to_sym))
+ fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::ModelsJobMetaData`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
+ end
+ h[k.to_sym] = v
+ }
+
+ if attributes.key?(:'cloud_provider')
+ self.cloud_provider = attributes[:'cloud_provider']
+ end
+
+ if attributes.key?(:'instance_id')
+ self.instance_id = attributes[:'instance_id']
+ end
+
+ if attributes.key?(:'job_end_time')
+ self.job_end_time = attributes[:'job_end_time']
+ end
+
+ if attributes.key?(:'job_id')
+ self.job_id = attributes[:'job_id']
+ end
+
+ if attributes.key?(:'job_start_time')
+ self.job_start_time = attributes[:'job_start_time']
+ end
+
+ if attributes.key?(:'message')
+ self.message = attributes[:'message']
+ end
+
+ if attributes.key?(:'scanner_version')
+ self.scanner_version = attributes[:'scanner_version']
+ end
+
+ if attributes.key?(:'status')
+ self.status = attributes[:'status']
+ end
+ end
+
+ # Show invalid properties with the reasons. Usually used together with valid?
+ # @return Array for valid properties with the reasons
+ def list_invalid_properties
+ invalid_properties = Array.new
+ if @cloud_provider.nil?
+ invalid_properties.push('invalid value for "cloud_provider", cloud_provider cannot be nil.')
+ end
+
+ if @instance_id.nil?
+ invalid_properties.push('invalid value for "instance_id", instance_id cannot be nil.')
+ end
+
+ if @job_end_time.nil?
+ invalid_properties.push('invalid value for "job_end_time", job_end_time cannot be nil.')
+ end
+
+ if @job_id.nil?
+ invalid_properties.push('invalid value for "job_id", job_id cannot be nil.')
+ end
+
+ if @job_start_time.nil?
+ invalid_properties.push('invalid value for "job_start_time", job_start_time cannot be nil.')
+ end
+
+ if @message.nil?
+ invalid_properties.push('invalid value for "message", message cannot be nil.')
+ end
+
+ if @scanner_version.nil?
+ invalid_properties.push('invalid value for "scanner_version", scanner_version cannot be nil.')
+ end
+
+ if @status.nil?
+ invalid_properties.push('invalid value for "status", status cannot be nil.')
+ end
+
+ invalid_properties
+ end
+
+ # Check to see if the all the properties in the model are valid
+ # @return true if the model is valid
+ def valid?
+ return false if @cloud_provider.nil?
+ return false if @instance_id.nil?
+ return false if @job_end_time.nil?
+ return false if @job_id.nil?
+ return false if @job_start_time.nil?
+ return false if @message.nil?
+ return false if @scanner_version.nil?
+ return false if @status.nil?
+ true
+ end
+
+ # Checks equality by comparing each attribute.
+ # @param [Object] Object to be compared
+ def ==(o)
+ return true if self.equal?(o)
+ self.class == o.class &&
+ cloud_provider == o.cloud_provider &&
+ instance_id == o.instance_id &&
+ job_end_time == o.job_end_time &&
+ job_id == o.job_id &&
+ job_start_time == o.job_start_time &&
+ message == o.message &&
+ scanner_version == o.scanner_version &&
+ status == o.status
+ end
+
+ # @see the `==` method
+ # @param [Object] Object to be compared
+ def eql?(o)
+ self == o
+ end
+
+ # Calculates hash code according to all attributes.
+ # @return [Integer] Hash code
+ def hash
+ [cloud_provider, instance_id, job_end_time, job_id, job_start_time, message, scanner_version, status].hash
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def self.build_from_hash(attributes)
+ new.build_from_hash(attributes)
+ end
+
+ # Builds the object from hash
+ # @param [Hash] attributes Model attributes in the form of hash
+ # @return [Object] Returns the model itself
+ def build_from_hash(attributes)
+ return nil unless attributes.is_a?(Hash)
+ attributes = attributes.transform_keys(&:to_sym)
+ self.class.openapi_types.each_pair do |key, type|
+ if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
+ self.send("#{key}=", nil)
+ elsif type =~ /\AArray<(.*)>/i
+ # check to ensure the input is an array given that the attribute
+ # is documented as an array but the input is not
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
+ end
+ elsif !attributes[self.class.attribute_map[key]].nil?
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
+ end
+ end
+
+ self
+ end
+
+ # Deserializes the data based on type
+ # @param string type Data type
+ # @param string value Value to be deserialized
+ # @return [Object] Deserialized data
+ def _deserialize(type, value)
+ case type.to_sym
+ when :Time
+ Time.parse(value)
+ when :Date
+ Date.parse(value)
+ when :String
+ value.to_s
+ when :Integer
+ value.to_i
+ when :Float
+ value.to_f
+ when :Boolean
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
+ true
+ else
+ false
+ end
+ when :Object
+ # generic object (usually a Hash), return directly
+ value
+ when /\AArray<(?