From 82bdc9251a7dd51b19f61356b333889f5de7e7af Mon Sep 17 00:00:00 2001 From: Josh Lang Date: Tue, 17 Sep 2024 13:54:58 -0600 Subject: [PATCH 1/6] added new Falcon client --- .gitignore | 2 + README.md | 32 + package-lock.json | 476 ++++++++++++- package.json | 6 +- src/.DS_Store | Bin 0 -> 6148 bytes src/_endpoints/alerts.ts | 57 ++ src/_endpoints/cloud_connect_aws.ts | 111 +++ src/_endpoints/cloud_snapshots.ts | 17 + src/_endpoints/cspm_registration.ts | 649 ++++++++++++++++++ src/_endpoints/custom_ioa.ts | 244 +++++++ src/_endpoints/custom_storage.ts | 254 +++++++ src/_endpoints/d4c_registration.ts | 318 +++++++++ src/_endpoints/detects.ts | 118 ++++ src/_endpoints/device_control_policies.ts | 169 +++++ src/_endpoints/discover.ts | 181 +++++ src/_endpoints/event_streams.ts | 37 + src/_endpoints/falcon_complete_dashboard.ts | 214 ++++++ src/_endpoints/falcon_container.ts | 124 ++++ src/_endpoints/falconx_sandbox.ts | 217 ++++++ src/_endpoints/fdr.ts | 69 ++ src/_endpoints/filevantage.ts | 359 ++++++++++ src/_endpoints/firewall_management.ts | 462 +++++++++++++ src/_endpoints/firewall_policies.ts | 170 +++++ src/_endpoints/foundry_logscale.ts | 143 ++++ src/_endpoints/host_group.ts | 290 ++++++++ src/_endpoints/hosts.ts | 317 +++++++++ src/_endpoints/identity_protection.ts | 44 ++ src/_endpoints/incidents.ts | 96 +++ src/_endpoints/installation_tokens.ts | 105 +++ src/_endpoints/intel.ts | 439 ++++++++++++ src/_endpoints/ioa_exclusions.ts | 65 ++ src/_endpoints/ioc.ts | 212 ++++++ src/_endpoints/iocs.ts | 182 +++++ src/_endpoints/kubernetes_protection.ts | 370 ++++++++++ src/_endpoints/malquery.ts | 71 ++ src/_endpoints/message_center.ts | 117 ++++ src/_endpoints/ml_exclusions.ts | 65 ++ src/_endpoints/mobile_enrollment.ts | 23 + src/_endpoints/mssp.ts | 421 ++++++++++++ src/_endpoints/oauth2.ts | 36 + src/_endpoints/ods.ts | 204 ++++++ src/_endpoints/overwatch_dashboard.ts | 37 + src/_endpoints/prevention_policies.ts | 163 +++++ src/_endpoints/quarantine.ts | 59 ++ src/_endpoints/quick_scan.ts | 49 ++ src/_endpoints/real_time_response.ts | 320 +++++++++ src/_endpoints/real_time_response_admin.ts | 268 ++++++++ src/_endpoints/real_time_response_audit.ts | 36 + src/_endpoints/recon.ts | 303 ++++++++ src/_endpoints/report_executions.ts | 55 ++ src/_endpoints/response_policies.ts | 163 +++++ src/_endpoints/sample_uploads.ts | 186 +++++ src/_endpoints/scheduled_reports.ts | 48 ++ src/_endpoints/sensor_download.ts | 67 ++ src/_endpoints/sensor_update_policies.ts | 275 ++++++++ .../sensor_visibility_exclusions.ts | 65 ++ src/_endpoints/spotlight_evaluation_logic.ts | 61 ++ src/_endpoints/spotlight_vulnerabilities.ts | 96 +++ src/_endpoints/tailored_intelligence.ts | 75 ++ src/_endpoints/user_management.ts | 258 +++++++ src/_endpoints/workflows.ts | 75 ++ src/_endpoints/zero_trust_assessment.ts | 123 ++++ src/endpoints.ts | 119 ++++ src/falcon.ts | 136 ++++ src/index.ts | 1 + 65 files changed, 10515 insertions(+), 9 deletions(-) create mode 100644 src/.DS_Store create mode 100644 src/_endpoints/alerts.ts create mode 100644 src/_endpoints/cloud_connect_aws.ts create mode 100644 src/_endpoints/cloud_snapshots.ts create mode 100644 src/_endpoints/cspm_registration.ts create mode 100644 src/_endpoints/custom_ioa.ts create mode 100644 src/_endpoints/custom_storage.ts create mode 100644 src/_endpoints/d4c_registration.ts create mode 100644 src/_endpoints/detects.ts create mode 100644 src/_endpoints/device_control_policies.ts create mode 100644 src/_endpoints/discover.ts create mode 100644 src/_endpoints/event_streams.ts create mode 100644 src/_endpoints/falcon_complete_dashboard.ts create mode 100644 src/_endpoints/falcon_container.ts create mode 100644 src/_endpoints/falconx_sandbox.ts create mode 100644 src/_endpoints/fdr.ts create mode 100644 src/_endpoints/filevantage.ts create mode 100644 src/_endpoints/firewall_management.ts create mode 100644 src/_endpoints/firewall_policies.ts create mode 100644 src/_endpoints/foundry_logscale.ts create mode 100644 src/_endpoints/host_group.ts create mode 100644 src/_endpoints/hosts.ts create mode 100644 src/_endpoints/identity_protection.ts create mode 100644 src/_endpoints/incidents.ts create mode 100644 src/_endpoints/installation_tokens.ts create mode 100644 src/_endpoints/intel.ts create mode 100644 src/_endpoints/ioa_exclusions.ts create mode 100644 src/_endpoints/ioc.ts create mode 100644 src/_endpoints/iocs.ts create mode 100644 src/_endpoints/kubernetes_protection.ts create mode 100644 src/_endpoints/malquery.ts create mode 100644 src/_endpoints/message_center.ts create mode 100644 src/_endpoints/ml_exclusions.ts create mode 100644 src/_endpoints/mobile_enrollment.ts create mode 100644 src/_endpoints/mssp.ts create mode 100644 src/_endpoints/oauth2.ts create mode 100644 src/_endpoints/ods.ts create mode 100644 src/_endpoints/overwatch_dashboard.ts create mode 100644 src/_endpoints/prevention_policies.ts create mode 100644 src/_endpoints/quarantine.ts create mode 100644 src/_endpoints/quick_scan.ts create mode 100644 src/_endpoints/real_time_response.ts create mode 100644 src/_endpoints/real_time_response_admin.ts create mode 100644 src/_endpoints/real_time_response_audit.ts create mode 100644 src/_endpoints/recon.ts create mode 100644 src/_endpoints/report_executions.ts create mode 100644 src/_endpoints/response_policies.ts create mode 100644 src/_endpoints/sample_uploads.ts create mode 100644 src/_endpoints/scheduled_reports.ts create mode 100644 src/_endpoints/sensor_download.ts create mode 100644 src/_endpoints/sensor_update_policies.ts create mode 100644 src/_endpoints/sensor_visibility_exclusions.ts create mode 100644 src/_endpoints/spotlight_evaluation_logic.ts create mode 100644 src/_endpoints/spotlight_vulnerabilities.ts create mode 100644 src/_endpoints/tailored_intelligence.ts create mode 100644 src/_endpoints/user_management.ts create mode 100644 src/_endpoints/workflows.ts create mode 100644 src/_endpoints/zero_trust_assessment.ts create mode 100644 src/endpoints.ts create mode 100644 src/falcon.ts diff --git a/.gitignore b/.gitignore index a5504506..a59a1bfe 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,7 @@ /node_modules/ /specs/* !/specs/transformation.* +/src/tests/* +/src/test.ts typings *.js diff --git a/README.md b/README.md index c8704bd9..51a1aad9 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,10 @@ npm install crowdstrike-falcon ## Exemplary use +With falconjs, there are two ways to call CrowdStrike API service collections. You can use the FalconClient object, which has always been available, or you can use the new Falcon object, which behaves like the API Harness, or UberClass, from FalconPy. + +### FalconClient + ```typescript import { FalconClient, FalconErrorExplain } from "crowdstrike-falcon"; @@ -37,6 +41,34 @@ await client.sensorDownload console.log("my CCID: ", value); }); ``` +## Falcon +when using request body properties: +```js +const commandName = "GetDetectSummaries" +const body = { ids: ["123", "456", "789"]} +const args = { commandName: commandName, body: body } +try { + detDetails = await falcon.command(args) + return detDetails +} catch (error) { + console.log(error) + return +} +``` + +when using query params: +```js +const commandName = "getAssessmentsByScoreV1" +const params = { filter: "score:<=75"} +const args = { commandName: commandName, params: params } +try { + ztaDetails = await falcon.command(args) + return ztaDetails +} catch(error) { + console.log(error) + return +} +``` ## Documentation diff --git a/package-lock.json b/package-lock.json index 2aed4e0a..97cb51da 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,13 +1,16 @@ { "name": "crowdstrike-falcon", - "version": "0.2.4", + "version": "0.3.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "crowdstrike-falcon", - "version": "0.2.4", + "version": "0.3.0", "license": "MIT", + "dependencies": { + "axios": "^1.7.7" + }, "devDependencies": { "@types/node": "^18.14.2", "@typescript-eslint/eslint-plugin": "^5.54.0", @@ -17,9 +20,23 @@ "eslint": "^8.35.0", "eslint-config-google": "^0.14.0", "prettier": "^2.8.4", + "ts-node": "^10.9.2", "typescript": "^4.9.5" } }, + "node_modules/@cspotcode/source-map-support": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/trace-mapping": "0.3.9" + }, + "engines": { + "node": ">=12" + } + }, "node_modules/@esbuild/android-arm": { "version": "0.17.10", "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.17.10.tgz", @@ -437,6 +454,34 @@ "integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==", "dev": true }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.0.tgz", + "integrity": "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.9", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/resolve-uri": "^3.0.3", + "@jridgewell/sourcemap-codec": "^1.4.10" + } + }, "node_modules/@nodelib/fs.scandir": { "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", @@ -472,6 +517,34 @@ "node": ">= 8" } }, + "node_modules/@tsconfig/node10": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", + "integrity": "sha512-DcRjDCujK/kCk/cUe8Xz8ZSpm8mS3mNNpta+jGCA6USEDfktlNvm1+IuZ9eTcDbNk41BHwpHHeW+N1lKCz4zOw==", + "dev": true, + "license": "MIT" + }, + "node_modules/@tsconfig/node12": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==", + "dev": true, + "license": "MIT" + }, + "node_modules/@tsconfig/node14": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==", + "dev": true, + "license": "MIT" + }, + "node_modules/@tsconfig/node16": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==", + "dev": true, + "license": "MIT" + }, "node_modules/@types/json-schema": { "version": "7.0.11", "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.11.tgz", @@ -679,10 +752,11 @@ } }, "node_modules/acorn": { - "version": "8.8.2", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.2.tgz", - "integrity": "sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==", + "version": "8.12.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.12.1.tgz", + "integrity": "sha512-tcpGyI9zbizT9JbV6oYE477V6mTlXvvi0T0G3SNIYE2apm/G5huBa1+K89VGeovbg+jycCrfhl3ADxErOuO6Jg==", "dev": true, + "license": "MIT", "bin": { "acorn": "bin/acorn" }, @@ -699,6 +773,19 @@ "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" } }, + "node_modules/acorn-walk": { + "version": "8.3.4", + "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.4.tgz", + "integrity": "sha512-ueEepnujpqee2o5aIYnvHU6C0A42MNdsIDeqy5BydrkuC5R1ZuUFnm27EeFJGoEHJQgn3uleRvmTXaJgfXbt4g==", + "dev": true, + "license": "MIT", + "dependencies": { + "acorn": "^8.11.0" + }, + "engines": { + "node": ">=0.4.0" + } + }, "node_modules/ajv": { "version": "6.12.6", "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", @@ -739,6 +826,13 @@ "url": "https://github.com/chalk/ansi-styles?sponsor=1" } }, + "node_modules/arg": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==", + "dev": true, + "license": "MIT" + }, "node_modules/argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", @@ -754,6 +848,23 @@ "node": ">=8" } }, + "node_modules/asynckit": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", + "license": "MIT" + }, + "node_modules/axios": { + "version": "1.7.7", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.7.tgz", + "integrity": "sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==", + "license": "MIT", + "dependencies": { + "follow-redirects": "^1.15.6", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" + } + }, "node_modules/balanced-match": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", @@ -825,12 +936,31 @@ "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", "dev": true }, + "node_modules/combined-stream": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "license": "MIT", + "dependencies": { + "delayed-stream": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, "node_modules/concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", "dev": true }, + "node_modules/create-require": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==", + "dev": true, + "license": "MIT" + }, "node_modules/cross-fetch": { "version": "3.1.5", "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", @@ -877,6 +1007,25 @@ "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==", "dev": true }, + "node_modules/delayed-stream": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", + "license": "MIT", + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/diff": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.3.1" + } + }, "node_modules/dir-glob": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", @@ -1281,6 +1430,40 @@ "integrity": "sha512-8/sOawo8tJ4QOBX8YlQBMxL8+RLZfxMQOif9o0KUKTNTjMYElWPE0r/m5VNFxTRd0NSw8qSy8dajrwX4RYI1Hw==", "dev": true }, + "node_modules/follow-redirects": { + "version": "1.15.9", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz", + "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "license": "MIT", + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } + }, + "node_modules/form-data": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", + "license": "MIT", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" + } + }, "node_modules/fs.realpath": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", @@ -1540,6 +1723,13 @@ "node": ">=10" } }, + "node_modules/make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==", + "dev": true, + "license": "ISC" + }, "node_modules/merge2": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", @@ -1562,6 +1752,27 @@ "node": ">=8.6" } }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, "node_modules/minimatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", @@ -1752,6 +1963,12 @@ "url": "https://github.com/prettier/prettier?sponsor=1" } }, + "node_modules/proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", + "license": "MIT" + }, "node_modules/punycode": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.0.tgz", @@ -1955,6 +2172,50 @@ "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=", "dev": true }, + "node_modules/ts-node": { + "version": "10.9.2", + "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@cspotcode/source-map-support": "^0.8.0", + "@tsconfig/node10": "^1.0.7", + "@tsconfig/node12": "^1.0.7", + "@tsconfig/node14": "^1.0.0", + "@tsconfig/node16": "^1.0.2", + "acorn": "^8.4.1", + "acorn-walk": "^8.1.1", + "arg": "^4.1.0", + "create-require": "^1.1.0", + "diff": "^4.0.1", + "make-error": "^1.1.1", + "v8-compile-cache-lib": "^3.0.1", + "yn": "3.1.1" + }, + "bin": { + "ts-node": "dist/bin.js", + "ts-node-cwd": "dist/bin-cwd.js", + "ts-node-esm": "dist/bin-esm.js", + "ts-node-script": "dist/bin-script.js", + "ts-node-transpile-only": "dist/bin-transpile.js", + "ts-script": "dist/bin-script-deprecated.js" + }, + "peerDependencies": { + "@swc/core": ">=1.2.50", + "@swc/wasm": ">=1.2.50", + "@types/node": "*", + "typescript": ">=2.7" + }, + "peerDependenciesMeta": { + "@swc/core": { + "optional": true + }, + "@swc/wasm": { + "optional": true + } + } + }, "node_modules/tslib": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", @@ -2022,6 +2283,13 @@ "punycode": "^2.1.0" } }, + "node_modules/v8-compile-cache-lib": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==", + "dev": true, + "license": "MIT" + }, "node_modules/webidl-conversions": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", @@ -2074,6 +2342,16 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", "dev": true }, + "node_modules/yn": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, "node_modules/yocto-queue": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", @@ -2088,6 +2366,15 @@ } }, "dependencies": { + "@cspotcode/source-map-support": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==", + "dev": true, + "requires": { + "@jridgewell/trace-mapping": "0.3.9" + } + }, "@esbuild/android-arm": { "version": "0.17.10", "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.17.10.tgz", @@ -2288,6 +2575,28 @@ "integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==", "dev": true }, + "@jridgewell/resolve-uri": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "dev": true + }, + "@jridgewell/sourcemap-codec": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.0.tgz", + "integrity": "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ==", + "dev": true + }, + "@jridgewell/trace-mapping": { + "version": "0.3.9", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==", + "dev": true, + "requires": { + "@jridgewell/resolve-uri": "^3.0.3", + "@jridgewell/sourcemap-codec": "^1.4.10" + } + }, "@nodelib/fs.scandir": { "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", @@ -2314,6 +2623,30 @@ "fastq": "^1.6.0" } }, + "@tsconfig/node10": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", + "integrity": "sha512-DcRjDCujK/kCk/cUe8Xz8ZSpm8mS3mNNpta+jGCA6USEDfktlNvm1+IuZ9eTcDbNk41BHwpHHeW+N1lKCz4zOw==", + "dev": true + }, + "@tsconfig/node12": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==", + "dev": true + }, + "@tsconfig/node14": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==", + "dev": true + }, + "@tsconfig/node16": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==", + "dev": true + }, "@types/json-schema": { "version": "7.0.11", "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.11.tgz", @@ -2432,9 +2765,9 @@ } }, "acorn": { - "version": "8.8.2", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.2.tgz", - "integrity": "sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==", + "version": "8.12.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.12.1.tgz", + "integrity": "sha512-tcpGyI9zbizT9JbV6oYE477V6mTlXvvi0T0G3SNIYE2apm/G5huBa1+K89VGeovbg+jycCrfhl3ADxErOuO6Jg==", "dev": true }, "acorn-jsx": { @@ -2444,6 +2777,15 @@ "dev": true, "requires": {} }, + "acorn-walk": { + "version": "8.3.4", + "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.4.tgz", + "integrity": "sha512-ueEepnujpqee2o5aIYnvHU6C0A42MNdsIDeqy5BydrkuC5R1ZuUFnm27EeFJGoEHJQgn3uleRvmTXaJgfXbt4g==", + "dev": true, + "requires": { + "acorn": "^8.11.0" + } + }, "ajv": { "version": "6.12.6", "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", @@ -2471,6 +2813,12 @@ "color-convert": "^2.0.1" } }, + "arg": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==", + "dev": true + }, "argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", @@ -2483,6 +2831,21 @@ "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", "dev": true }, + "asynckit": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" + }, + "axios": { + "version": "1.7.7", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.7.tgz", + "integrity": "sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==", + "requires": { + "follow-redirects": "^1.15.6", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" + } + }, "balanced-match": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", @@ -2539,12 +2902,26 @@ "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", "dev": true }, + "combined-stream": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "requires": { + "delayed-stream": "~1.0.0" + } + }, "concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", "dev": true }, + "create-require": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==", + "dev": true + }, "cross-fetch": { "version": "3.1.5", "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", @@ -2580,6 +2957,17 @@ "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==", "dev": true }, + "delayed-stream": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==" + }, + "diff": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==", + "dev": true + }, "dir-glob": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", @@ -2892,6 +3280,21 @@ "integrity": "sha512-8/sOawo8tJ4QOBX8YlQBMxL8+RLZfxMQOif9o0KUKTNTjMYElWPE0r/m5VNFxTRd0NSw8qSy8dajrwX4RYI1Hw==", "dev": true }, + "follow-redirects": { + "version": "1.15.9", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz", + "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==" + }, + "form-data": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", + "requires": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" + } + }, "fs.realpath": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", @@ -3088,6 +3491,12 @@ "yallist": "^4.0.0" } }, + "make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==", + "dev": true + }, "merge2": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", @@ -3104,6 +3513,19 @@ "picomatch": "^2.2.3" } }, + "mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==" + }, + "mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "requires": { + "mime-db": "1.52.0" + } + }, "minimatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", @@ -3232,6 +3654,11 @@ "integrity": "sha512-vIS4Rlc2FNh0BySk3Wkd6xmwxB0FpOndW5fisM5H8hsZSxU2VWVB5CWIkIjWvrHjIhxk2g3bfMKM87zNTrZddw==", "dev": true }, + "proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + }, "punycode": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.0.tgz", @@ -3355,6 +3782,27 @@ "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=", "dev": true }, + "ts-node": { + "version": "10.9.2", + "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==", + "dev": true, + "requires": { + "@cspotcode/source-map-support": "^0.8.0", + "@tsconfig/node10": "^1.0.7", + "@tsconfig/node12": "^1.0.7", + "@tsconfig/node14": "^1.0.0", + "@tsconfig/node16": "^1.0.2", + "acorn": "^8.4.1", + "acorn-walk": "^8.1.1", + "arg": "^4.1.0", + "create-require": "^1.1.0", + "diff": "^4.0.1", + "make-error": "^1.1.1", + "v8-compile-cache-lib": "^3.0.1", + "yn": "3.1.1" + } + }, "tslib": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", @@ -3400,6 +3848,12 @@ "punycode": "^2.1.0" } }, + "v8-compile-cache-lib": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==", + "dev": true + }, "webidl-conversions": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", @@ -3443,6 +3897,12 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", "dev": true }, + "yn": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==", + "dev": true + }, "yocto-queue": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", diff --git a/package.json b/package.json index 153ed569..2f630bad 100644 --- a/package.json +++ b/package.json @@ -12,6 +12,7 @@ "eslint": "^8.35.0", "eslint-config-google": "^0.14.0", "prettier": "^2.8.4", + "ts-node": "^10.9.2", "typescript": "^4.9.5" }, "main": "./dist/index.js", @@ -49,5 +50,8 @@ "bugs": { "url": "https://github.com/crowdstrike/falconjs/issues" }, - "homepage": "https://github.com/crowdstrike/falconjs#readme" + "homepage": "https://github.com/crowdstrike/falconjs#readme", + "dependencies": { + "axios": "^1.7.7" + } } diff --git a/src/.DS_Store b/src/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..3b42e6d517e08d222e241b8ff49707f33a3efd35 GIT binary patch literal 6148 zcmeHKyG{c^3>-s>2%3~B_ZRqsRTRD;9{@#AgoG}LSAA8!E1$;rAw+bcprAox$(~)W zXHPf9`3%5T@7o(-0bovd#KFVV{M>zF7nLz0op(HAk4Fr6!|SB_e8Ra`xWfZk+wc63 z&CBq#A9i{7d9t!nKnh3!DIf);z^@hX-bI`ggSdf}LubXW}^R!_E?P%NI#`&*R5dZMBf zkOHR)T;_J+{r{H!!~B0r(oPCUfq$id&DNXsimz0?b@FoFYa9KZ?lnic8`nW$h;~ej icFc{p<7E_OUGp{1d*PTEbmoIj)X#wHB9j7tt-vQwP8Grc literal 0 HcmV?d00001 diff --git a/src/_endpoints/alerts.ts b/src/_endpoints/alerts.ts new file mode 100644 index 00000000..12c4fc80 --- /dev/null +++ b/src/_endpoints/alerts.ts @@ -0,0 +1,57 @@ +/** + * contains all method definitions for API: alerts + * consumed and interpreted by Falcon.command(...) + */ +export var _alerts_endpoints: Array = [ + ["PostAggregatesAlertsV1", "POST", "/alerts/aggregates/alerts/v1", "retrieves aggregates for Alerts across all CIDs", "alerts", [{ + "description": "request body takes a list of aggregation query requests", + "name": "body", + "in": "body", + "required": 1 + }]], + ["PostEntitiesAlertsV1", "POST", "/alerts/entities/alerts/v1", "retrieves all Alerts given their ids", "alerts", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["PatchEntitiesAlertsV1", "PATCH", "/alerts/entities/alerts/v1", "Perform actions on detections identified by detection ID(s) in request.\nEach action has a name and a description which describes what the action does.\n\nremove_tag - remove a tag from 1 or more detection(s)\nassign_to_user_id - assign 1 or more detection(s) to a user identified by user id (eg: user1@example.com)\nunassign - unassign an previously assigned user from 1 or more detection(s). The value passed to this action is ignored.\nnew_behavior_processed - adds a newly processed behavior to 1 or more detection(s)\nupdate_status - update status for 1 or more detection(s)\nassign_to_uuid - assign 1 or more detection(s) to a user identified by UUID\nadd_tag - add a tag to 1 or more detection(s)\nremove_tags_by_prefix - remove tags with given prefix from 1 or more detection(s)\nappend_comment - appends new comment to existing comments\nassign_to_name - assign 1 or more detection(s) to a user identified by user name\nshow_in_ui - shows 1 or more detection(s) on UI if set to true, hides otherwise. an empty/nil value is also valid\nskip_side_effects - internal only command to skip side effects during Beta phase\n", "alerts", [{ + "description": "request body takes a list of action parameter request that is applied against all \"ids\" provided", + "name": "body", + "in": "body", + "required": 1 + }]], + ["PatchEntitiesAlertsV2", "PATCH", "/alerts/entities/alerts/v2", "Perform actions on detections identified by detection ID(s) in request.\nEach action has a name and a description which describes what the action does.\n\nremove_tag - remove a tag from 1 or more detection(s)\nassign_to_user_id - assign 1 or more detection(s) to a user identified by user id (eg: user1@example.com)\nunassign - unassign an previously assigned user from 1 or more detection(s). The value passed to this action is ignored.\nnew_behavior_processed - adds a newly processed behavior to 1 or more detection(s)\nupdate_status - update status for 1 or more detection(s)\nassign_to_uuid - assign 1 or more detection(s) to a user identified by UUID\nadd_tag - add a tag to 1 or more detection(s)\nremove_tags_by_prefix - remove tags with given prefix from 1 or more detection(s)\nappend_comment - appends new comment to existing comments\nassign_to_name - assign 1 or more detection(s) to a user identified by user name\nshow_in_ui - shows 1 or more detection(s) on UI if set to true, hides otherwise. an empty/nil value is also valid\nskip_side_effects - internal only command to skip side effects during Beta phase\n", "alerts", [{ + "description": "request body takes a list of action parameter request that is applied against all \"ids\" provided", + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetQueriesAlertsV1", "GET", "/alerts/queries/alerts/v1", "retrieves all Alerts ids that match a given query", "alerts", [{ + "type": "integer", + "description": "The first detection to return, where `0` is the latest detection. Use with the `offset` parameter to manage pagination of results.", + "name": "offset", + "in": "query" + }, { + "maximum": 10000, + "minimum": 0, + "type": "integer", + "description": "The maximum number of detections to return in this response (default: 100; max: 10000). Use with the `offset` parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort detections in either `asc` (ascending) or `desc` (descending) order. For example: `status|asc` or `status|desc`.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter detections using a query in Falcon Query Language (FQL). An asterisk wildcard `*` includes all results. \n\nThe full list of valid filter options is extensive. Review it in our [documentation inside the Falcon console](https://falcon.crowdstrike.com/documentation/45/falcon-query-language-fql).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Search all detection metadata for the provided string", + "name": "q", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/cloud_connect_aws.ts b/src/_endpoints/cloud_connect_aws.ts new file mode 100644 index 00000000..e7e7befe --- /dev/null +++ b/src/_endpoints/cloud_connect_aws.ts @@ -0,0 +1,111 @@ +/** + * contains all method definitions for API: cloud connect aws + * consumed and interpreted by Falcon.command(...) + */ +export var _cloud_connect_aws_endpoints: Array = [ + ["QueryAWSAccounts", "GET", "/cloud-connect-aws/combined/accounts/v1", "Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria", "cloud_connect_aws", [{ + "maxLength": 1000, + "minLength": 1, + "type": "integer", + "default": 100, + "description": "The maximum records to return. [1-1000]. Defaults to 100.", + "name": "limit", + "in": "query" + }, { + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by (e.g. alias.desc or state.asc)", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }]], + ["GetAWSSettings", "GET", "/cloud-connect-aws/combined/settings/v1", "Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts", "cloud_connect_aws", []], + ["GetAWSAccounts", "GET", "/cloud-connect-aws/entities/accounts/v1", "Retrieve a set of AWS Accounts by specifying their IDs", "cloud_connect_aws", [{ + "maxItems": 5000, + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "IDs of accounts to retrieve details", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["ProvisionAWSAccounts", "POST", "/cloud-connect-aws/entities/accounts/v1", "Provision AWS Accounts by specifying details about the accounts to provision", "cloud_connect_aws", [{ + "enum": ["cloudformation", "manual"], + "type": "string", + "default": "manual", + "description": "Mode for provisioning. Allowed values are `manual` or `cloudformation`. Defaults to manual if not defined.", + "name": "mode", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["UpdateAWSAccounts", "PATCH", "/cloud-connect-aws/entities/accounts/v1", "Update AWS Accounts by specifying the ID of the account and details to update", "cloud_connect_aws", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["DeleteAWSAccounts", "DELETE", "/cloud-connect-aws/entities/accounts/v1", "Delete a set of AWS Accounts by specifying their IDs", "cloud_connect_aws", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "IDs of accounts to remove", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["CreateOrUpdateAWSSettings", "POST", "/cloud-connect-aws/entities/settings/v1", "Create or update Global Settings which are applicable to all provisioned AWS accounts", "cloud_connect_aws", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["VerifyAWSAccountAccess", "POST", "/cloud-connect-aws/entities/verify-account-access/v1", "Performs an Access Verification check on the specified AWS Account IDs", "cloud_connect_aws", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "IDs of accounts to verify access on", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["QueryAWSAccountsForIDs", "GET", "/cloud-connect-aws/queries/accounts/v1", "Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria", "cloud_connect_aws", [{ + "maxLength": 1000, + "minLength": 1, + "type": "integer", + "default": 100, + "description": "The maximum records to return. [1-1000]. Defaults to 100.", + "name": "limit", + "in": "query" + }, { + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by (e.g. alias.desc or state.asc)", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/cloud_snapshots.ts b/src/_endpoints/cloud_snapshots.ts new file mode 100644 index 00000000..c1280fc8 --- /dev/null +++ b/src/_endpoints/cloud_snapshots.ts @@ -0,0 +1,17 @@ +/** + * contains all method definitions for API: cloud snapshots + * consumed and interpreted by Falcon.command(...) + */ +export var _cloud_snapshots_endpoints: Array = [ + ["CreateInventory", "POST", "/snapshots/entities/inventories/v1", "Create inventory from data received from snapshot", "inventories", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetCredentialsMixin0", "GET", "/snapshots/entities/image-registry-credentials/v1", "Gets the registry credentials", "provision", []], + ["RegisterCspmSnapshotAccount", "POST", "/snapshots/entities/accounts/v1", "Register customer cloud account for snapshot scanning", "registration", [{ + "name": "body", + "in": "body", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/cspm_registration.ts b/src/_endpoints/cspm_registration.ts new file mode 100644 index 00000000..01be7b4d --- /dev/null +++ b/src/_endpoints/cspm_registration.ts @@ -0,0 +1,649 @@ +/** + * contains all method definitions for API: cspm registration + * consumed and interpreted by Falcon.command(...) + */ +export var _cspm_registration_endpoints: Array = [ + ["GetCSPMAwsAccount", "GET", "/cloud-connect-cspm-aws/entities/account/v1", "Returns information about the current status of an AWS account.", "cspm_registration", [{ + "maxLength": 4, + "minLength": 3, + "pattern": "^(full|dry)$", + "type": "string", + "description": "Type of scan, dry or full, to perform on selected accounts", + "name": "scan-type", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "AWS account IDs", + "name": "ids", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "AWS IAM role ARNs", + "name": "iam_role_arns", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "AWS organization IDs", + "name": "organization-ids", + "in": "query" + }, { + "pattern": "^(provisioned|operational)$", + "type": "string", + "description": "Account status to filter results by.", + "name": "status", + "in": "query" + }, { + "maxLength": 3, + "minLength": 1, + "type": "integer", + "default": 100, + "description": "The maximum records to return. Defaults to 100.", + "name": "limit", + "in": "query" + }, { + "pattern": "^(true|false)$", + "enum": ["false", "true"], + "type": "string", + "description": "Only return migrated d4c accounts", + "name": "migrated", + "in": "query" + }, { + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "enum": ["organization"], + "type": "string", + "description": "Field to group by.", + "name": "group_by", + "in": "query" + }]], + ["CreateCSPMAwsAccount", "POST", "/cloud-connect-cspm-aws/entities/account/v1", "Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.", "cspm_registration", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["PatchCSPMAwsAccount", "PATCH", "/cloud-connect-cspm-aws/entities/account/v1", "Patches a existing account in our system for a customer.", "cspm_registration", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["DeleteCSPMAwsAccount", "DELETE", "/cloud-connect-cspm-aws/entities/account/v1", "Deletes an existing AWS account or organization in our system.", "cspm_registration", [{ + "type": "array", + "items": { + "maxLength": 12, + "minLength": 12, + "type": "string" + }, + "collectionFormat": "multi", + "description": "AWS account IDs to remove", + "name": "ids", + "in": "query" + }, { + "type": "array", + "items": { + "pattern": "^o-[0-9a-z]{10,32}$", + "type": "string" + }, + "collectionFormat": "multi", + "description": "AWS organization IDs to remove", + "name": "organization-ids", + "in": "query" + }]], + ["GetCSPMAwsConsoleSetupURLs", "GET", "/cloud-connect-cspm-aws/entities/console-setup-urls/v1", "Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.", "cspm_registration", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "AWS account IDs", + "name": "ids", + "in": "query" + }, { + "pattern": "^(true|false)$", + "enum": ["false", "true"], + "type": "string", + "name": "use_existing_cloudtrail", + "in": "query" + }, { + "pattern": "^[0-9a-z-]{2,}$", + "type": "string", + "description": "Region", + "name": "region", + "in": "query" + }]], + ["GetCSPMAwsAccountScriptsAttachment", "GET", "/cloud-connect-cspm-aws/entities/user-scripts-download/v1", "Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.", "cspm_registration", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "AWS account IDs", + "name": "ids", + "in": "query" + }]], + ["GetCSPMAzureAccount", "GET", "/cloud-connect-cspm-azure/entities/account/v1", "Return information about Azure account registration", "cspm_registration", [{ + "type": "array", + "items": { + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-z-]{36}$", + "type": "string" + }, + "collectionFormat": "multi", + "description": "SubscriptionIDs of accounts to select for this status operation. If this is empty then all accounts are returned.", + "name": "ids", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Tenant ids to filter azure accounts", + "name": "tenant_ids", + "in": "query" + }, { + "maxLength": 4, + "minLength": 3, + "pattern": "^(full|dry)$", + "type": "string", + "description": "Type of scan, dry or full, to perform on selected accounts", + "name": "scan-type", + "in": "query" + }, { + "pattern": "^(provisioned|operational)$", + "type": "string", + "description": "Account status to filter results by.", + "name": "status", + "in": "query" + }, { + "maxLength": 3, + "minLength": 1, + "type": "integer", + "default": 100, + "description": "The maximum records to return. Defaults to 100.", + "name": "limit", + "in": "query" + }, { + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }]], + ["CreateCSPMAzureAccount", "POST", "/cloud-connect-cspm-azure/entities/account/v1", "Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.", "cspm_registration", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["DeleteCSPMAzureAccount", "DELETE", "/cloud-connect-cspm-azure/entities/account/v1", "Deletes an Azure subscription from the system.", "cspm_registration", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Azure subscription IDs to remove", + "name": "ids", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Tenant ids to remove", + "name": "tenant_ids", + "in": "query" + }, { + "maxLength": 5, + "minLength": 4, + "pattern": "^(true|false)$", + "type": "string", + "name": "retain_tenant", + "in": "query" + }]], + ["UpdateCSPMAzureAccountClientID", "PATCH", "/cloud-connect-cspm-azure/entities/client-id/v1", "Update an Azure service account in our system by with the user-created client_id created with the public key we've provided", "cspm_registration", [{ + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-z-]{36}$", + "type": "string", + "description": "ClientID to use for the Service Principal associated with the customer's Azure account", + "name": "id", + "in": "query", + "required": 1 + }, { + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-z-]{36}$", + "type": "string", + "description": "Tenant ID to update client ID for. Required if multiple tenants are registered.", + "name": "tenant-id", + "in": "query" + }]], + ["UpdateCSPMAzureTenantDefaultSubscriptionID", "PATCH", "/cloud-connect-cspm-azure/entities/default-subscription-id/v1", "Update an Azure default subscription_id in our system for given tenant_id", "cspm_registration", [{ + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-z-]{36}$", + "type": "string", + "description": "Tenant ID to update client ID for. Required if multiple tenants are registered.", + "name": "tenant-id", + "in": "query" + }, { + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-z-]{36}$", + "type": "string", + "description": "Default Subscription ID to patch for all subscriptions belonged to a tenant.", + "name": "subscription_id", + "in": "query", + "required": 1 + }]], + ["AzureDownloadCertificate", "GET", "/cloud-connect-cspm-azure/entities/download-certificate/v1", "Returns JSON object(s) that contain the base64 encoded certificate for a service principal.", "cspm_registration", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Azure Tenant ID", + "name": "tenant_id", + "in": "query", + "required": 1 + }, { + "type": "boolean", + "default": 0, + "description": "Setting to true will invalidate the current certificate and generate a new certificate", + "name": "refresh", + "in": "query" + }, { + "maxLength": 2, + "minLength": 1, + "pattern": "^[0-9]{1,2}$", + "type": "string", + "description": "Years the certificate should be valid (only used when refresh=true)", + "name": "years_valid", + "in": "query" + }]], + ["GetCSPMAzureUserScriptsAttachment", "GET", "/cloud-connect-cspm-azure/entities/user-scripts-download/v1", "Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment", "cspm_registration", [{ + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-z-]{36}$", + "type": "string", + "description": "Tenant ID to generate script for. Defaults to most recently registered tenant.", + "name": "tenant-id", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Subscription IDs to generate script for. Defaults to all.", + "name": "subscription_ids", + "in": "query" + }, { + "pattern": "^(commercial|gov)$", + "enum": ["commercial", "gov"], + "type": "string", + "name": "account_type", + "in": "query" + }, { + "type": "string", + "description": "Template to be rendered", + "name": "template", + "in": "query" + }]], + ["GetBehaviorDetections", "GET", "/detects/entities/ioa/v1", "Get list of detected behaviors", "cspm_registration", [{ + "pattern": "^(aws|azure)$", + "enum": ["aws", "azure"], + "type": "string", + "description": "Cloud Provider (e.g.: aws|azure)", + "name": "cloud_provider", + "in": "query" + }, { + "enum": ["ACM", "ACR", "Any", "App Engine", "AppService", "BigQuery", "Cloud Load Balancing", "Cloud Logging", "Cloud SQL", "Cloud Storage", "CloudFormation", "CloudTrail", "CloudWatch Logs", "Cloudfront", "Compute Engine", "Config", "Disk", "DynamoDB", "EBS", "EC2", "ECR", "EFS", "EKS", "ELB", "EMR", "Elasticache", "GuardDuty", "IAM", "Identity", "KMS", "KeyVault", "Kinesis", "Kubernetes", "Lambda", "LoadBalancer", "Monitor", "NLB/ALB", "NetworkSecurityGroup", "PostgreSQL", "RDS", "Redshift", "S3", "SES", "SNS", "SQLDatabase", "SQLServer", "SQS", "SSM", "Serverless Application Repository", "StorageAccount", "Subscriptions", "VPC", "VirtualMachine", "VirtualNetwork"], + "type": "string", + "description": "Cloud Service (e.g. EC2 | EBS | S3)", + "name": "service", + "in": "query" + }, { + "type": "string", + "description": "Cloud Account ID (e.g.: AWS accountID, Azure subscriptionID)", + "name": "account_id", + "in": "query" + }, { + "type": "string", + "description": "AWS Account ID", + "name": "aws_account_id", + "in": "query" + }, { + "type": "string", + "description": "Azure Subscription ID", + "name": "azure_subscription_id", + "in": "query" + }, { + "type": "string", + "description": "Azure Tenant ID", + "name": "azure_tenant_id", + "in": "query" + }, { + "enum": ["closed", "open"], + "type": "string", + "description": "State (e.g.: open | closed)", + "name": "state", + "in": "query" + }, { + "type": "string", + "description": "Filter to get all events after this date, in format RFC3339 : e.g. 2006-01-02T15:04:05Z07:00", + "name": "date_time_since", + "in": "query" + }, { + "type": "string", + "default": "24h", + "description": "Filter events using a duration string (e.g. 24h)", + "name": "since", + "in": "query" + }, { + "enum": ["Critical", "High", "Informational", "Medium"], + "type": "string", + "description": "Policy Severity", + "name": "severity", + "in": "query" + }, { + "type": "string", + "description": "String to get next page of results, is associated with a previous execution of GetBehaviorDetections. Must include all filters from previous execution.", + "name": "next_token", + "in": "query" + }, { + "pattern": "^\\d+$", + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Resource ID", + "name": "resource_id", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Resource UUID", + "name": "resource_uuid", + "in": "query" + }]], + ["GetConfigurationDetections", "GET", "/detects/entities/iom/v1", "Get list of active misconfigurations", "cspm_registration", [{ + "enum": ["aws", "azure", "gcp"], + "type": "string", + "description": "Cloud Provider (e.g.: aws|azure|gcp)", + "name": "cloud_provider", + "in": "query" + }, { + "type": "string", + "description": "AWS account ID or GCP Project Number or Azure subscription ID", + "name": "account_id", + "in": "query" + }, { + "type": "string", + "description": "Azure Subscription ID", + "name": "azure_subscription_id", + "in": "query" + }, { + "type": "string", + "description": "Azure Tenant ID", + "name": "azure_tenant_id", + "in": "query" + }, { + "enum": ["all", "new", "reoccurring"], + "type": "string", + "description": "Status (e.g.: new|reoccurring|all)", + "name": "status", + "in": "query" + }, { + "pattern": "^[0-9a-z-]{2,}$", + "type": "string", + "description": "Cloud Provider Region", + "name": "region", + "in": "query" + }, { + "enum": ["High", "Informational", "Medium"], + "type": "string", + "description": "Severity (e.g.: High | Medium | Informational)", + "name": "severity", + "in": "query" + }, { + "enum": ["ACM", "ACR", "Any", "App Engine", "AppService", "BigQuery", "Cloud Load Balancing", "Cloud Logging", "Cloud SQL", "Cloud Storage", "CloudFormation", "CloudTrail", "CloudWatch Logs", "Cloudfront", "Compute Engine", "Config", "Disk", "DynamoDB", "EBS", "EC2", "ECR", "EFS", "EKS", "ELB", "EMR", "Elasticache", "GuardDuty", "IAM", "Identity", "KMS", "KeyVault", "Kinesis", "Kubernetes", "Lambda", "LoadBalancer", "Monitor", "NLB/ALB", "NetworkSecurityGroup", "PostgreSQL", "RDS", "Redshift", "S3", "SES", "SNS", "SQLDatabase", "SQLServer", "SQS", "SSM", "Serverless Application Repository", "StorageAccount", "Subscriptions", "VPC", "VirtualMachine", "VirtualNetwork"], + "type": "string", + "description": "Cloud Service (e.g.: EBS|EC2|S3 etc.)", + "name": "service", + "in": "query" + }, { + "type": "string", + "description": "String to get next page of results, is associated with a previous execution of GetConfigurationDetections. Cannot be combined with any filter except limit.", + "name": "next_token", + "in": "query" + }, { + "pattern": "^\\d+$", + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }]], + ["GetConfigurationDetectionEntities", "GET", "/detects/entities/iom/v2", "Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections.", "cspm_registration", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "detection ids", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetConfigurationDetectionIDsV2", "GET", "/detects/queries/iom/v2", "Get list of active misconfiguration ids - including custom policy detections in addition to default policy detections.", "cspm_registration", [{ + "type": "string", + "description": "use_current_scan_ids - *use this to get records for latest scans*\naccount_name\naccount_id\nagent_id\nattack_types\nazure_subscription_id\ncloud_provider\ncloud_service_keyword\ncustom_policy_id\nis_managed\npolicy_id\npolicy_type\nresource_id\nregion\nstatus\nscan_time\nseverity\nseverity_string\n", + "name": "filter", + "in": "query" + }, { + "type": "string", + "default": "timestamp|desc", + "description": "account_name\naccount_id\nattack_types\nazure_subscription_id\ncloud_provider\ncloud_service_keyword\nstatus\nis_managed\npolicy_id\npolicy_type\nresource_id\nregion\nscan_time\nseverity\nseverity_string\ntimestamp", + "name": "sort", + "in": "query" + }, { + "maximum": 1000, + "minimum": 0, + "type": "integer", + "default": 500, + "description": "The max number of detections to return", + "name": "limit", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "Offset returned detections", + "name": "offset", + "in": "query" + }]], + ["GetIOAEvents", "GET", "/ioa/entities/events/v1", "For CSPM IOA events, gets list of IOA events.", "cspm_registration", [{ + "pattern": "^\\d+$", + "type": "string", + "description": "Policy ID", + "name": "policy_id", + "in": "query", + "required": 1 + }, { + "pattern": "^(aws|azure|gcp)$", + "type": "string", + "description": "Cloud Provider (e.g.: aws|azure|gcp)", + "name": "cloud_provider", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Cloud account ID (e.g.: AWS accountID, Azure subscriptionID)", + "name": "account_id", + "in": "query" + }, { + "type": "string", + "description": "AWS accountID", + "name": "aws_account_id", + "in": "query" + }, { + "type": "string", + "description": "Azure subscription ID", + "name": "azure_subscription_id", + "in": "query" + }, { + "type": "string", + "description": "Azure tenant ID", + "name": "azure_tenant_id", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "user IDs", + "name": "user_ids", + "in": "query" + }, { + "type": "string", + "description": "state", + "name": "state", + "in": "query" + }, { + "type": "integer", + "description": "Starting index of overall result set from which to return events.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }]], + ["GetIOAUsers", "GET", "/ioa/entities/users/v1", "For CSPM IOA users, gets list of IOA users.", "cspm_registration", [{ + "pattern": "^\\d+$", + "type": "string", + "description": "Policy ID", + "name": "policy_id", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "state", + "name": "state", + "in": "query" + }, { + "pattern": "^(aws|azure|gcp)$", + "type": "string", + "description": "Cloud Provider (e.g.: aws|azure|gcp)", + "name": "cloud_provider", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Cloud account ID (e.g.: AWS accountID, Azure subscriptionID)", + "name": "account_id", + "in": "query" + }, { + "type": "string", + "description": "AWS accountID", + "name": "aws_account_id", + "in": "query" + }, { + "type": "string", + "description": "Azure subscription ID", + "name": "azure_subscription_id", + "in": "query" + }, { + "type": "string", + "description": "Azure tenant ID", + "name": "azure_tenant_id", + "in": "query" + }]], + ["GetCSPMPolicy", "GET", "/settings/entities/policy-details/v1", "Given a policy ID, returns detailed policy information.", "cspm_registration", [{ + "pattern": "\\d{*}", + "type": "string", + "description": "Policy ID", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetCSPMPoliciesDetails", "GET", "/settings/entities/policy-details/v2", "Given an array of policy IDs, returns detailed policies information.", "cspm_registration", [{ + "type": "array", + "items": { + "type": "integer" + }, + "collectionFormat": "multi", + "description": "Policy IDs", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetCSPMPolicySettings", "GET", "/settings/entities/policy/v1", "Returns information about current policy settings.", "cspm_registration", [{ + "enum": ["ACM", "ACR", "AppService", "CloudFormation", "CloudTrail", "CloudWatch Logs", "Cloudfront", "Config", "Disk", "DynamoDB", "EBS", "EC2", "ECR", "EFS", "EKS", "ELB", "EMR", "Elasticache", "GuardDuty", "IAM", "Identity", "KMS", "KeyVault", "Kinesis", "Kubernetes", "Lambda", "LoadBalancer", "Monitor", "NLB/ALB", "NetworkSecurityGroup", "PostgreSQL", "RDS", "Redshift", "S3", "SES", "SNS", "SQLDatabase", "SQLServer", "SQS", "SSM", "Serverless Application Repository", "StorageAccount", "Subscriptions", "VirtualMachine", "VirtualNetwork"], + "type": "string", + "description": "Service type to filter policy settings by.", + "name": "service", + "in": "query" + }, { + "pattern": "^\\d+$", + "type": "string", + "description": "Policy ID", + "name": "policy-id", + "in": "query" + }, { + "pattern": "^(aws|azure|gcp)$", + "enum": ["aws", "azure", "gcp"], + "type": "string", + "description": "Cloud Platform (e.g.: aws|azure|gcp)", + "name": "cloud-platform", + "in": "query" + }]], + ["UpdateCSPMPolicySettings", "PATCH", "/settings/entities/policy/v1", "Updates a policy setting - can be used to override policy severity or to disable a policy entirely.", "cspm_registration", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetCSPMScanSchedule", "GET", "/settings/scan-schedule/v1", "Returns scan schedule configuration for one or more cloud platforms.", "cspm_registration", [{ + "type": "array", + "items": { + "maxLength": 5, + "minLength": 3, + "pattern": "^(aws|azure|gcp)$", + "type": "string" + }, + "collectionFormat": "multi", + "description": "Cloud Platform", + "name": "cloud-platform", + "in": "query" + }]], + ["UpdateCSPMScanSchedule", "POST", "/settings/scan-schedule/v1", "Updates scan schedule configuration for one or more cloud platforms.", "cspm_registration", [{ + "name": "body", + "in": "body", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/custom_ioa.ts b/src/_endpoints/custom_ioa.ts new file mode 100644 index 00000000..80693293 --- /dev/null +++ b/src/_endpoints/custom_ioa.ts @@ -0,0 +1,244 @@ +/** + * contains all method definitions for API: custom ioa + * consumed and interpreted by Falcon.command(...) + */ +export var _custom_ioa_endpoints: Array = [ + ["get_patterns", "GET", "/ioarules/entities/pattern-severities/v1", "Get pattern severities by ID.", "custom_ioa", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the entities", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["get_platformsMixin0", "GET", "/ioarules/entities/platforms/v1", "Get platforms by ID.", "custom_ioa", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the entities", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["get_rule_groupsMixin0", "GET", "/ioarules/entities/rule-groups/v1", "Get rule groups by ID.", "custom_ioa", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the entities", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["create_rule_groupMixin0", "POST", "/ioarules/entities/rule-groups/v1", "Create a rule group for a platform with a name and an optional description. Returns the rule group.", "custom_ioa", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["update_rule_groupMixin0", "PATCH", "/ioarules/entities/rule-groups/v1", "Update a rule group. The following properties can be modified: name, description, enabled.", "custom_ioa", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["delete_rule_groupsMixin0", "DELETE", "/ioarules/entities/rule-groups/v1", "Delete rule groups by ID.", "custom_ioa", [{ + "type": "string", + "description": "Explains why the entity is being deleted", + "name": "comment", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the entities", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["get_rule_types", "GET", "/ioarules/entities/rule-types/v1", "Get rule types by ID.", "custom_ioa", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the entities", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["get_rules_get", "POST", "/ioarules/entities/rules/GET/v1", "Get rules by ID and optionally version in the following format: `ID[:version]`.", "custom_ioa", [{ + "description": "The \"ids\" field contains a list of the rules to retrieve.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["get_rulesMixin0", "GET", "/ioarules/entities/rules/v1", "Get rules by ID and optionally version in the following format: `ID[:version]`. The max number of IDs is constrained by URL size.", "custom_ioa", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the entities", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["create_rule", "POST", "/ioarules/entities/rules/v1", "Create a rule within a rule group. Returns the rule.", "custom_ioa", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["update_rules", "PATCH", "/ioarules/entities/rules/v1", "Update rules within a rule group. Return the updated rules.", "custom_ioa", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["delete_rules", "DELETE", "/ioarules/entities/rules/v1", "Delete rules from a rule group by ID.", "custom_ioa", [{ + "type": "string", + "description": "The parent rule group", + "name": "rule_group_id", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Explains why the entity is being deleted", + "name": "comment", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the entities", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["validate", "POST", "/ioarules/entities/rules/validate/v1", "Validates field values and checks for matches if a test string is provided.", "custom_ioa", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["query_patterns", "GET", "/ioarules/queries/pattern-severities/v1", "Get all pattern severity IDs.", "custom_ioa", [{ + "type": "string", + "description": "Starting index of overall result set from which to return IDs", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of IDs to return", + "name": "limit", + "in": "query" + }]], + ["query_platformsMixin0", "GET", "/ioarules/queries/platforms/v1", "Get all platform IDs.", "custom_ioa", [{ + "type": "string", + "description": "Starting index of overall result set from which to return IDs", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of IDs to return", + "name": "limit", + "in": "query" + }]], + ["query_rule_groups_full", "GET", "/ioarules/queries/rule-groups-full/v1", "Find all rule groups matching the query with optional filter.", "custom_ioa", [{ + "enum": ["created_by", "created_on", "enabled", "modified_by", "modified_on", "name"], + "type": "string", + "description": "Possible order by fields: {created_by, created_on, modified_by, modified_on, enabled, name}", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match query criteria, which includes all the filter string fields", + "name": "q", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return IDs", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of IDs to return", + "name": "limit", + "in": "query" + }]], + ["query_rule_groupsMixin0", "GET", "/ioarules/queries/rule-groups/v1", "Finds all rule group IDs matching the query with optional filter.", "custom_ioa", [{ + "enum": ["created_by", "created_on", "enabled", "modified_by", "modified_on", "name"], + "type": "string", + "description": "Possible order by fields: {created_by, created_on, modified_by, modified_on, enabled, name}", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match query criteria, which includes all the filter string fields", + "name": "q", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return IDs", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of IDs to return", + "name": "limit", + "in": "query" + }]], + ["query_rule_types", "GET", "/ioarules/queries/rule-types/v1", "Get all rule type IDs.", "custom_ioa", [{ + "type": "string", + "description": "Starting index of overall result set from which to return IDs", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of IDs to return", + "name": "limit", + "in": "query" + }]], + ["query_rulesMixin0", "GET", "/ioarules/queries/rules/v1", "Finds all rule IDs matching the query with optional filter.", "custom_ioa", [{ + "enum": ["rules.created_by", "rules.created_on", "rules.current_version.action_label", "rules.current_version.description", "rules.current_version.modified_by", "rules.current_version.modified_on", "rules.current_version.name", "rules.current_version.pattern_severity", "rules.enabled", "rules.ruletype_name"], + "type": "string", + "description": "Possible order by fields: {rules.ruletype_name, rules.enabled, rules.created_by, rules.current_version.name, rules.current_version.modified_by, rules.created_on, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on}", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match query criteria, which includes all the filter string fields", + "name": "q", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return IDs", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of IDs to return", + "name": "limit", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/custom_storage.ts b/src/_endpoints/custom_storage.ts new file mode 100644 index 00000000..5a37e534 --- /dev/null +++ b/src/_endpoints/custom_storage.ts @@ -0,0 +1,254 @@ +/** + * contains all method definitions for API: custom storage + * consumed and interpreted by Falcon.command(...) + */ +export var _custom_storage_endpoints: Array = [ + ["ListObjects", "GET", "/customobjects/v1/collections/{collection_name}/objects", "List the object keys in the specified collection in alphabetical order", "custom_storage", [{ + "maxLength": 32, + "minLength": 32, + "type": "string", + "description": "The id of the app the collection belongs to. This will map to the namespace of the collection", + "name": "X-CS-APP-ID", + "in": "header" + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The name of the collection", + "name": "collection_name", + "in": "path", + "required": 1 + }, { + "maxLength": 1000, + "minLength": 1, + "type": "string", + "description": "The end key to end listing to", + "name": "end", + "in": "query", + "allowEmptyValue": 1 + }, { + "type": "integer", + "description": "The limit of results to return", + "name": "limit", + "in": "query", + "allowEmptyValue": 1 + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The name of the namespace the collection belongs to", + "name": "X-CS-ADB-NAMESPACE", + "in": "header", + "required": 1 + }, { + "maxLength": 1000, + "minLength": 1, + "type": "string", + "description": "The start key to start listing from", + "name": "start", + "in": "query", + "allowEmptyValue": 1 + }]], + ["SearchObjects", "POST", "/customobjects/v1/collections/{collection_name}/objects", "Search for objects that match the specified filter criteria (returns metadata, not actual objects)", "custom_storage", [{ + "maxLength": 32, + "minLength": 32, + "type": "string", + "description": "The id of the app the collection belongs to. This will map to the namespace of the collection", + "name": "X-CS-APP-ID", + "in": "header" + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The name of the collection", + "name": "collection_name", + "in": "path", + "required": 1 + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The filter to limit the returned results.", + "name": "filter", + "in": "query", + "required": 1 + }, { + "type": "integer", + "description": "The limit of results to return", + "name": "limit", + "in": "query", + "allowEmptyValue": 1 + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The name of the namespace the collection belongs to", + "name": "X-CS-ADB-NAMESPACE", + "in": "header", + "required": 1 + }, { + "type": "integer", + "description": "The offset of results to return", + "name": "offset", + "in": "query", + "allowEmptyValue": 1 + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The sort order for the returned results.", + "name": "sort", + "in": "query" + }]], + ["GetObject", "GET", "/customobjects/v1/collections/{collection_name}/objects/{object_key}", "Get the bytes for the specified object", "custom_storage", [{ + "maxLength": 32, + "minLength": 32, + "type": "string", + "description": "The id of the app the collection belongs to. This will map to the namespace of the collection", + "name": "X-CS-APP-ID", + "in": "header" + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The name of the collection", + "name": "collection_name", + "in": "path", + "required": 1 + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The name of the namespace the collection belongs to", + "name": "X-CS-ADB-NAMESPACE", + "in": "header", + "required": 1 + }, { + "maxLength": 1000, + "minLength": 1, + "type": "string", + "description": "The object key", + "name": "object_key", + "in": "path", + "required": 1 + }]], + ["PutObject", "PUT", "/customobjects/v1/collections/{collection_name}/objects/{object_key}", "Put the specified new object at the given key or overwrite an existing object at the given key", "custom_storage", [{ + "name": "body", + "in": "body", + "required": 1 + }, { + "maxLength": 32, + "minLength": 32, + "type": "string", + "description": "The id of the app the collection belongs to. This will map to the namespace of the collection", + "name": "X-CS-APP-ID", + "in": "header" + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The name of the collection", + "name": "collection_name", + "in": "path", + "required": 1 + }, { + "type": "boolean", + "description": "If false, run the operation as normal. If true, validate that the request *would* succeed, but don't execute it.", + "name": "dry_run", + "in": "query", + "allowEmptyValue": 1 + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The name of the namespace the collection belongs to", + "name": "X-CS-ADB-NAMESPACE", + "in": "header", + "required": 1 + }, { + "maxLength": 1000, + "minLength": 1, + "type": "string", + "description": "The object key", + "name": "object_key", + "in": "path", + "required": 1 + }, { + "minLength": 1, + "type": "string", + "description": "The version of the collection schema", + "name": "schema_version", + "in": "query", + "required": 1 + }]], + ["DeleteObject", "DELETE", "/customobjects/v1/collections/{collection_name}/objects/{object_key}", "Delete the specified object", "custom_storage", [{ + "maxLength": 32, + "minLength": 32, + "type": "string", + "description": "The id of the app the collection belongs to. This will map to the namespace of the collection", + "name": "X-CS-APP-ID", + "in": "header" + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The name of the collection", + "name": "collection_name", + "in": "path", + "required": 1 + }, { + "type": "boolean", + "description": "If false, run the operation as normal. If true, validate that the request *would* succeed, but don't execute it.", + "name": "dry_run", + "in": "query", + "allowEmptyValue": 1 + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The name of the namespace the collection belongs to", + "name": "X-CS-ADB-NAMESPACE", + "in": "header", + "required": 1 + }, { + "maxLength": 1000, + "minLength": 1, + "type": "string", + "description": "The object key", + "name": "object_key", + "in": "path", + "required": 1 + }]], + ["GetObjectMetadata", "GET", "/customobjects/v1/collections/{collection_name}/objects/{object_key}/metadata", "Get the metadata for the specified object", "custom_storage", [{ + "maxLength": 32, + "minLength": 32, + "type": "string", + "description": "The id of the app the collection belongs to. This will map to the namespace of the collection", + "name": "X-CS-APP-ID", + "in": "header" + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The name of the collection", + "name": "collection_name", + "in": "path", + "required": 1 + }, { + "maxLength": 255, + "minLength": 1, + "type": "string", + "description": "The name of the namespace the collection belongs to", + "name": "X-CS-ADB-NAMESPACE", + "in": "header", + "required": 1 + }, { + "maxLength": 1000, + "minLength": 1, + "type": "string", + "description": "The object key", + "name": "object_key", + "in": "path", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/d4c_registration.ts b/src/_endpoints/d4c_registration.ts new file mode 100644 index 00000000..fd900ed0 --- /dev/null +++ b/src/_endpoints/d4c_registration.ts @@ -0,0 +1,318 @@ +/** + * contains all method definitions for API: d4c registration + * consumed and interpreted by Falcon.command(...) + */ +export var _d4c_registration_endpoints: Array = [ + ["GetD4CAwsAccount", "GET", "/cloud-connect-aws/entities/account/v2", "Returns information about the current status of an AWS account.", "d4c_registration", [{ + "maxLength": 4, + "minLength": 3, + "pattern": "^(full|dry)$", + "type": "string", + "description": "Type of scan, dry or full, to perform on selected accounts", + "name": "scan-type", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "AWS account IDs", + "name": "ids", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "AWS organization IDs", + "name": "organization-ids", + "in": "query" + }, { + "pattern": "^(provisioned|operational)$", + "type": "string", + "description": "Account status to filter results by.", + "name": "status", + "in": "query" + }, { + "maxLength": 3, + "minLength": 1, + "type": "integer", + "default": 100, + "description": "The maximum records to return. Defaults to 100.", + "name": "limit", + "in": "query" + }, { + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "pattern": "^(true|false)$", + "enum": ["false", "true"], + "type": "string", + "description": "Only return migrated d4c accounts", + "name": "migrated", + "in": "query" + }]], + ["CreateD4CAwsAccount", "POST", "/cloud-connect-aws/entities/account/v2", "Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.", "d4c_registration", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["DeleteD4CAwsAccount", "DELETE", "/cloud-connect-aws/entities/account/v2", "Deletes an existing AWS account or organization in our system.", "d4c_registration", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "AWS account IDs to remove", + "name": "ids", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "AWS organization IDs to remove", + "name": "organization-ids", + "in": "query" + }]], + ["GetD4CAwsConsoleSetupURLs", "GET", "/cloud-connect-aws/entities/console-setup-urls/v1", "Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.", "d4c_registration", [{ + "pattern": "^[0-9a-z-]{2,}$", + "type": "string", + "description": "Region", + "name": "region", + "in": "query" + }]], + ["GetD4CAWSAccountScriptsAttachment", "GET", "/cloud-connect-aws/entities/user-scripts-download/v1", "Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.", "d4c_registration", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "AWS account IDs", + "name": "ids", + "in": "query" + }]], + ["GetDiscoverCloudAzureAccount", "GET", "/cloud-connect-azure/entities/account/v1", "Return information about Azure account registration", "d4c_registration", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "SubscriptionIDs of accounts to select for this status operation. If this is empty then all accounts are returned.", + "name": "ids", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Tenant ids to filter azure accounts", + "name": "tenant_ids", + "in": "query" + }, { + "maxLength": 4, + "minLength": 3, + "pattern": "^(full|dry)$", + "type": "string", + "description": "Type of scan, dry or full, to perform on selected accounts", + "name": "scan-type", + "in": "query" + }, { + "pattern": "^(provisioned|operational)$", + "type": "string", + "description": "Account status to filter results by.", + "name": "status", + "in": "query" + }, { + "maxLength": 3, + "minLength": 1, + "type": "integer", + "default": 100, + "description": "The maximum records to return. Defaults to 100.", + "name": "limit", + "in": "query" + }, { + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }]], + ["CreateDiscoverCloudAzureAccount", "POST", "/cloud-connect-azure/entities/account/v1", "Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.", "d4c_registration", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["UpdateDiscoverCloudAzureAccountClientID", "PATCH", "/cloud-connect-azure/entities/client-id/v1", "Update an Azure service account in our system by with the user-created client_id created with the public key we've provided", "d4c_registration", [{ + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-z-]{36}$", + "type": "string", + "description": "ClientID to use for the Service Principal associated with the customer's Azure account", + "name": "id", + "in": "query", + "required": 1 + }, { + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-z-]{36}$", + "type": "string", + "description": "Object ID to use for the Service Principal associated with the customer's Azure account", + "name": "object_id", + "in": "query" + }, { + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-z-]{36}$", + "type": "string", + "description": "Tenant ID to update client ID for. Required if multiple tenants are registered.", + "name": "tenant-id", + "in": "query" + }]], + ["DiscoverCloudAzureDownloadCertificate", "GET", "/cloud-connect-azure/entities/download-certificate/v1", "Returns JSON object(s) that contain the base64 encoded certificate for a service principal.", "d4c_registration", [{ + "type": "array", + "items": { + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-z-]{36}$", + "type": "string" + }, + "collectionFormat": "multi", + "description": "Azure Tenant ID", + "name": "tenant_id", + "in": "query", + "required": 1 + }, { + "type": "boolean", + "default": 0, + "description": "Setting to true will invalidate the current certificate and generate a new certificate", + "name": "refresh", + "in": "query" + }, { + "maxLength": 2, + "minLength": 1, + "pattern": "^[0-9]{1,2}$", + "type": "string", + "description": "Years the certificate should be valid (only used when refresh=true)", + "name": "years_valid", + "in": "query" + }]], + ["GetDiscoverCloudAzureTenantIDs", "GET", "/cloud-connect-azure/entities/tenant-id/v1", "Return available tenant ids for discover for cloud", "d4c_registration", []], + ["GetDiscoverCloudAzureUserScriptsAttachment", "GET", "/cloud-connect-azure/entities/user-scripts-download/v1", "Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment", "d4c_registration", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Azure Tenant ID", + "name": "tenant-id", + "in": "query", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Azure Subscription ID", + "name": "subscription_ids", + "in": "query" + }, { + "type": "string", + "description": "Template to be rendered", + "name": "template", + "in": "query" + }]], + ["GetDiscoverCloudAzureUserScripts", "GET", "/cloud-connect-azure/entities/user-scripts/v1", "Return a script for customer to run in their cloud environment to grant us access to their Azure environment", "d4c_registration", []], + ["GetD4CCGPAccount", "GET", "/cloud-connect-gcp/entities/account/v1", "Returns information about the current status of an GCP account.", "d4c_registration", [{ + "enum": ["Folder", "Organization", "Project"], + "type": "string", + "description": "GCP Hierarchy Parent Type, organization/folder/project", + "name": "parent_type", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Hierarchical Resource IDs of accounts", + "name": "ids", + "in": "query" + }, { + "enum": ["dry", "full"], + "type": "string", + "description": "Type of scan, dry or full, to perform on selected accounts", + "name": "scan-type", + "in": "query" + }, { + "enum": ["operational", "provisioned"], + "type": "string", + "description": "Account status to filter results by.", + "name": "status", + "in": "query" + }, { + "maxLength": 3, + "minLength": 1, + "type": "integer", + "default": 100, + "description": "The maximum records to return. Defaults to 100.", + "name": "limit", + "in": "query" + }, { + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "type": "string", + "description": "Order fields in ascending or descending order. Ex: parent_type|asc.", + "name": "sort", + "in": "query" + }]], + ["CreateD4CGCPAccount", "POST", "/cloud-connect-gcp/entities/account/v1", "Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.", "d4c_registration", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetCSPMGCPUserScriptsAttachment", "GET", "/cloud-connect-gcp/entities/user-scripts-download/v1", "Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment", "d4c_registration", []], + ["GetD4CGCPUserScripts", "GET", "/cloud-connect-gcp/entities/user-scripts/v1", "Return a script for customer to run in their cloud environment to grant us access to their GCP environment", "d4c_registration", [{ + "enum": ["Folder", "Organization", "Project"], + "type": "string", + "description": "GCP Hierarchy Parent Type, organization/folder/project", + "name": "parent_type", + "in": "query" + }]], + ["GetHorizonD4CScripts", "GET", "/settings-discover/entities/gen/scripts/v1", "Returns static install scripts for Horizon.", "d4c_registration", [{ + "pattern": "^(true|false)$", + "enum": ["false", "true"], + "type": "string", + "description": "Get static script for single account", + "name": "single_account", + "in": "query" + }, { + "pattern": "^o-[0-9a-z]{10,32}$", + "type": "string", + "description": "AWS organization ID", + "name": "organization-id", + "in": "query" + }, { + "pattern": "^(true|false)$", + "enum": ["false", "true"], + "type": "string", + "name": "delete", + "in": "query" + }, { + "pattern": "^(commercial|gov)$", + "enum": ["commercial", "gov"], + "type": "string", + "description": "Account type (e.g.: commercial,gov) Only applicable when registering AWS commercial account in a Gov environment", + "name": "account_type", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/detects.ts b/src/_endpoints/detects.ts new file mode 100644 index 00000000..ac8891d7 --- /dev/null +++ b/src/_endpoints/detects.ts @@ -0,0 +1,118 @@ +/** + * contains all method definitions for API: detects + * consumed and interpreted by Falcon.command(...) + */ +export var _detects_endpoints: Array = [ + [ + "GetAggregateDetects", + "POST", + "/detects/aggregates/detects/GET/v1", + "Get detect aggregates as specified via json in request body.", + "detects", + [ + { + "description": "Query criteria and settings", + "name": "body", + "in": "body", + "required": 1 + } + ] + ], + [ + "UpdateDetectsByIdsV2", + "PATCH", + "/detects/entities/detects/v2", + "Modify the state, assignee, and visibility of detections", + "detects", + [ + { + "description": "This endpoint modifies attributes (state and assignee) of detections. \n\n" + + "This endpoint accepts a query formatted as a JSON array of key-value pairs. " + + "You can update one or more attributes one or more detections with a single request.\n\n" + + "**`assigned_to_uuid` values**\n\nA user ID, such as `1234567891234567891`\n\n**`ids` values**\n\n" + + "One or more detection IDs, which you can find with the `/detects/queries/detects/v1` endpoint, " + + "the Falcon console, or the Streaming API.\n\n**`show_in_ui` values**\n\n- `true`: " + + "This detection is displayed in Falcon\n- `false`: This detection is not displayed in Falcon. " + + "Most commonly used together with the `status` key's `false_positive` value.\n\n**`status` " + + "values**\n\n- `new`\n- `in_progress`\n- `true_positive`\n- `false_positive`\n- `ignored`\n\n**`comment` " + + "values**\nOptional comment to add to the detection. Comments are displayed with the detection in " + + "Falcon and usually used to provide context or notes for other Falcon users. " + + "A detection can have multiple comments over time.", + "name": "body", + "in": "body", + "required": 1 + } + ] + ], + [ + "GetDetectSummaries", + "POST", + "/detects/entities/summaries/GET/v1", + "View information about detections", + "detects", + [ + { + "description": "View key attributes of detections, including the associated host, " + + "[disposition](https://falcon.crowdstrike.com/support/documentation/2/query-api-reference#patterndispositionvalue), " + + "objective/tactic/technique, adversary, and more. Specify one or more detection IDs (max 1000 per request). " + + "Find detection IDs with the `/detects/queries/detects/v1` endpoint, the Falcon console, or the Streaming API.", + "name": "body", + "in": "body", + "required": 1 + } + ] + ], + [ + "QueryDetects", + "GET", + "/detects/queries/detects/v1", + "Search for detection IDs that match a given query", + "detects", + [ + { + "type": "integer", + "description": "The first detection to return, where `0` is the latest detection. Use with the `limit` " + + "parameter to manage pagination of results.", + "name": "offset", + "in": "query" + }, + { + "maximum": 9999, + "minimum": 0, + "type": "integer", + "description": "The maximum number of detections to return in this response (default: 9999; max: 9999). " + + "Use with the `offset` parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, + { + "type": "string", + "description": "Sort detections using these options:\n\n- `first_behavior`: Timestamp of the first " + + "behavior associated with this detection\n- `last_behavior`: Timestamp of the last behavior associated " + + "with this detection\n- `max_severity`: Highest severity of the behaviors associated with this detection\n" + + "- `max_confidence`: Highest confidence of the behaviors associated with this detection\n- `adversary_id`: " + + "ID of the adversary associated with this detection, if any\n- `devices.hostname`: Hostname of the host " + + "where this detection was detected\n\nSort either `asc` (ascending) or `desc` (descending). " + + "For example: `last_behavior|asc`", + "name": "sort", + "in": "query" + }, + { + "type": "string", + "description": "Filter detections using a query in Falcon Query Language (FQL) An asterisk wildcard `*` " + + "includes all results. \n\nCommon filter options include:\n\n- `status`\n- `device.device_id`\n" + + "- `max_severity`\n\nThe full list of valid filter options is extensive. " + + "Review it in our [documentation inside the Falcon console]" + + "(https://falcon.crowdstrike.com/documentation/45/falcon-query-language-fql).", + "name": "filter", + "in": "query" + }, + { + "type": "string", + "description": "Search all detection metadata for the provided string", + "name": "q", + "in": "query" + } + ] + ] +] \ No newline at end of file diff --git a/src/_endpoints/device_control_policies.ts b/src/_endpoints/device_control_policies.ts new file mode 100644 index 00000000..2ae07f24 --- /dev/null +++ b/src/_endpoints/device_control_policies.ts @@ -0,0 +1,169 @@ +/** + * contains all method definitions for API: device control policies + * consumed and interpreted by Falcon.command(...) + */ +export var _device_control_policies_endpoints: Array = [ + ["queryCombinedDeviceControlPolicyMembers", "GET", "/policy/combined/device-control-members/v1", "Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", "device_control_policies", [{ + "type": "string", + "description": "The ID of the Device Control Policy to search for members of", + "name": "id", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["queryCombinedDeviceControlPolicies", "GET", "/policy/combined/device-control/v1", "Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policies which match the filter criteria", "device_control_policies", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["getDefaultDeviceControlPolicies", "GET", "/policy/entities/default-device-control/v1", "Retrieve the configuration for a Default Device Control Policy", "device_control_policies", []], + ["updateDefaultDeviceControlPolicies", "PATCH", "/policy/entities/default-device-control/v1", "Update the configuration for a Default Device Control Policy", "device_control_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["performDeviceControlPoliciesAction", "POST", "/policy/entities/device-control-actions/v1", "Perform the specified action on the Device Control Policies specified in the request", "device_control_policies", [{ + "enum": ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], + "type": "string", + "description": "The action to perform", + "name": "action_name", + "in": "query", + "required": 1 + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["setDeviceControlPoliciesPrecedence", "POST", "/policy/entities/device-control-precedence/v1", "Sets the precedence of Device Control Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence", "device_control_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["getDeviceControlPolicies", "GET", "/policy/entities/device-control/v1", "Retrieve a set of Device Control Policies by specifying their IDs", "device_control_policies", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the Device Control Policies to return", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["createDeviceControlPolicies", "POST", "/policy/entities/device-control/v1", "Create Device Control Policies by specifying details about the policy to create", "device_control_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["updateDeviceControlPolicies", "PATCH", "/policy/entities/device-control/v1", "Update Device Control Policies by specifying the ID of the policy and details to update", "device_control_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteDeviceControlPolicies", "DELETE", "/policy/entities/device-control/v1", "Delete a set of Device Control Policies by specifying their IDs", "device_control_policies", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the Device Control Policies to delete", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["queryDeviceControlPolicyMembers", "GET", "/policy/queries/device-control-members/v1", "Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria", "device_control_policies", [{ + "type": "string", + "description": "The ID of the Device Control Policy to search for members of", + "name": "id", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["queryDeviceControlPolicies", "GET", "/policy/queries/device-control/v1", "Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policy IDs which match the filter criteria", "device_control_policies", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/discover.ts b/src/_endpoints/discover.ts new file mode 100644 index 00000000..b8e15fed --- /dev/null +++ b/src/_endpoints/discover.ts @@ -0,0 +1,181 @@ +/** + * contains all method definitions for API: discover + * consumed and interpreted by Falcon.command(...) + */ +export var _discover_endpoints: Array = [ + ["get_accounts", "GET", "/discover/entities/accounts/v1", "Get details on accounts by providing one or more IDs.", "discover", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more account IDs (max: 100). Find account IDs with GET `/discover/queries/accounts/v1`", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["get_applications", "GET", "/discover/entities/applications/v1", "Get details on applications by providing one or more IDs.", "discover", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of applications to retrieve. (Min: 1, Max: 100)", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["get_hosts", "GET", "/discover/entities/hosts/v1", "Get details on assets by providing one or more IDs.", "discover", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more asset IDs (max: 100). Find asset IDs with GET `/discover/queries/hosts/v1`", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["get_logins", "GET", "/discover/entities/logins/v1", "Get details on logins by providing one or more IDs.", "discover", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more login IDs (max: 100). Find login IDs with GET `/discover/queries/logins/v1`", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["query_accounts", "GET", "/discover/queries/accounts/v1", "Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of account IDs which match the filter criteria.", "discover", [{ + "minimum": 0, + "type": "integer", + "description": "An offset used with the `limit` parameter to manage pagination of results. On your first request, don\u2019t provide an `offset`. On subsequent requests, provide the `offset` from the previous response to continue from that place in the results.", + "name": "offset", + "in": "query" + }, { + "maximum": 100, + "minimum": 1, + "type": "integer", + "description": "The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort accounts by their properties. A single sort field is allowed. Common sort options include:\n\n
  • username|asc
  • last_failed_login_timestamp|desc
", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter accounts using an FQL query. Common filter options include:\n\n
  • account_type:'Local'
  • admin_privileges:'Yes'
  • first_seen_timestamp:<'now-7d'
  • last_successful_login_type:'Terminal server'
", + "name": "filter", + "in": "query" + }]], + ["query_applications", "GET", "/discover/queries/applications/v1", "Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria.", "discover", [{ + "minimum": 0, + "type": "integer", + "description": "The index of the starting resource.", + "name": "offset", + "in": "query" + }, { + "maximum": 100, + "minimum": 1, + "type": "integer", + "description": "The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort accounts by their properties. A single sort field is allowed. Common sort options include:\n\n
  • username|asc
  • last_failed_login_timestamp|desc
", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter accounts using an FQL query. Common filter options include:\n\n
  • account_type:'Local'
  • admin_privileges:'Yes'
  • first_seen_timestamp:<'now-7d'
  • last_successful_login_type:'Terminal server'
", + "name": "filter", + "in": "query" + }]], + ["query_hosts", "GET", "/discover/queries/hosts/v1", "Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.", "discover", [{ + "minimum": 0, + "type": "integer", + "description": "An offset used with the `limit` parameter to manage pagination of results. On your first request, don\u2019t provide an `offset`. On subsequent requests, provide the `offset` from the previous response to continue from that place in the results.", + "name": "offset", + "in": "query" + }, { + "maximum": 100, + "minimum": 1, + "type": "integer", + "description": "The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort assets by their properties. A single sort field is allowed. Common sort options include:\n\n
  • hostname|asc
  • product_type_desc|desc
", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter assets using an FQL query. Common filter options include:\n\n
  • entity_type:'managed'
  • product_type_desc:'Workstation'
  • platform_name:'Windows'
  • last_seen_timestamp:>'now-7d'
", + "name": "filter", + "in": "query" + }]], + ["query_logins", "GET", "/discover/queries/logins/v1", "Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of login IDs which match the filter criteria.", "discover", [{ + "minimum": 0, + "type": "integer", + "description": "An offset used with the `limit` parameter to manage pagination of results. On your first request, don\u2019t provide an `offset`. On subsequent requests, provide the `offset` from the previous response to continue from that place in the results.", + "name": "offset", + "in": "query" + }, { + "maximum": 100, + "minimum": 1, + "type": "integer", + "description": "The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort assets by their properties. A single sort field is allowed. Common sort options include:\n\n
  • hostname|asc
  • product_type_desc|desc
", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter assets using an FQL query. Common filter options include:\n\n
  • entity_type:'managed'
  • product_type_desc:'Workstation'
  • platform_name:'Windows'
  • last_seen_timestamp:>'now-7d'
", + "name": "filter", + "in": "query" + }]], + ["get_iot_hosts", "GET", "/discover/entities/iot-hosts/v1", "Get details on IoT assets by providing one or more IDs.", "discover_iot", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more asset IDs (max: 100). Find asset IDs with GET `/discover/queries/iot-hosts/v1`", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["query_iot_hosts", "GET", "/discover/queries/iot-hosts/v1", "Search for IoT assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.", "discover_iot", [{ + "minimum": 0, + "type": "integer", + "description": "An offset used with the `limit` parameter to manage pagination of results. On your first request, don\u2019t provide an `offset`. On subsequent requests, provide the `offset` from the previous response to continue from that place in the results.", + "name": "offset", + "in": "query" + }, { + "maximum": 100, + "minimum": 1, + "type": "integer", + "description": "The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort assets by their properties. A single sort field is allowed. Common sort options include:\n\n
  • hostname|asc
  • product_type_desc|desc
", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter assets using an FQL query. Common filter options include:\n\n
  • entity_type:'managed'
  • product_type_desc:'Workstation'
  • platform_name:'Windows'
  • last_seen_timestamp:>'now-7d'
", + "name": "filter", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/event_streams.ts b/src/_endpoints/event_streams.ts new file mode 100644 index 00000000..a748fff4 --- /dev/null +++ b/src/_endpoints/event_streams.ts @@ -0,0 +1,37 @@ +/** + * contains all method definitions for API: event streams + * consumed and interpreted by Falcon.command(...) + */ +export var _event_streams_endpoints: Array = [ + ["refreshActiveStreamSession", "POST", "/sensors/entities/datafeed-actions/v1/{}", "Refresh an active event stream. Use the URL shown in a GET /sensors/entities/datafeed/v2 response.", "event_streams", [{ + "type": "string", + "description": "Action name. Allowed value is refresh_active_stream_session.", + "name": "action_name", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Label that identifies your connection. Max: 32 alphanumeric characters (a-z, A-Z, 0-9).", + "name": "appId", + "in": "query", + "required": 1 + }, { + "type": "integer", + "description": "Partition to request data for.", + "name": "partition", + "in": "path", + "required": 1 + }]], + ["listAvailableStreamsOAuth2", "GET", "/sensors/entities/datafeed/v2", "Discover all event streams in your environment", "event_streams", [{ + "type": "string", + "description": "Label that identifies your connection. Max: 32 alphanumeric characters (a-z, A-Z, 0-9).", + "name": "appId", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Format for streaming events. Valid values: json, flatjson", + "name": "format", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/falcon_complete_dashboard.ts b/src/_endpoints/falcon_complete_dashboard.ts new file mode 100644 index 00000000..3b9377e2 --- /dev/null +++ b/src/_endpoints/falcon_complete_dashboard.ts @@ -0,0 +1,214 @@ +/** + * contains all method definitions for API: falcon complete dashboard + * consumed and interpreted by Falcon.command(...) + */ +export var _falcon_complete_dashboard_endpoints: Array = [ + ["AggregateAlerts", "POST", "/falcon-complete-dashboards/aggregates/alerts/GET/v1", "Retrieve aggregate alerts values based on the matched filter", "falcon_complete_dashboard", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["AggregateAllowList", "POST", "/falcon-complete-dashboards/aggregates/allowlist/GET/v1", "Retrieve aggregate allowlist ticket values based on the matched filter", "falcon_complete_dashboard", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["AggregateBlockList", "POST", "/falcon-complete-dashboards/aggregates/blocklist/GET/v1", "Retrieve aggregate blocklist ticket values based on the matched filter", "falcon_complete_dashboard", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["AggregateDetections", "POST", "/falcon-complete-dashboards/aggregates/detects/GET/v1", "Retrieve aggregate detection values based on the matched filter", "falcon_complete_dashboard", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["AggregateDeviceCountCollection", "POST", "/falcon-complete-dashboards/aggregates/devicecount-collections/GET/v1", "Retrieve aggregate host/devices count based on the matched filter", "falcon_complete_dashboard", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["AggregateEscalations", "POST", "/falcon-complete-dashboards/aggregates/escalations/GET/v1", "Retrieve aggregate escalation ticket values based on the matched filter", "falcon_complete_dashboard", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["AggregateFCIncidents", "POST", "/falcon-complete-dashboards/aggregates/incidents/GET/v1", "Retrieve aggregate incident values based on the matched filter", "falcon_complete_dashboard", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["AggregateRemediations", "POST", "/falcon-complete-dashboards/aggregates/remediations/GET/v1", "Retrieve aggregate remediation ticket values based on the matched filter", "falcon_complete_dashboard", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["QueryAlertIdsByFilter", "GET", "/falcon-complete-dashboards/queries/alerts/v1", "Retrieve Alerts Ids that match the provided FQL filter criteria with scrolling enabled", "falcon_complete_dashboard", [{ + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation](https://falconpy.io/Usage/Falcon-Query-Language).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }]], + ["QueryAllowListFilter", "GET", "/falcon-complete-dashboards/queries/allowlist/v1", "Retrieve allowlist tickets that match the provided filter criteria with scrolling enabled", "falcon_complete_dashboard", [{ + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }]], + ["QueryBlockListFilter", "GET", "/falcon-complete-dashboards/queries/blocklist/v1", "Retrieve block listtickets that match the provided filter criteria with scrolling enabled", "falcon_complete_dashboard", [{ + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }]], + ["QueryDetectionIdsByFilter", "GET", "/falcon-complete-dashboards/queries/detects/v1", "Retrieve DetectionsIds that match the provided FQL filter, criteria with scrolling enabled", "falcon_complete_dashboard", [{ + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }]], + ["GetDeviceCountCollectionQueriesByFilter", "GET", "/falcon-complete-dashboards/queries/devicecount-collections/v1", "Retrieve device count collection Ids that match the provided FQL filter, criteria with scrolling enabled", "falcon_complete_dashboard", [{ + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }]], + ["QueryEscalationsFilter", "GET", "/falcon-complete-dashboards/queries/escalations/v1", "Retrieve escalation tickets that match the provided filter criteria with scrolling enabled", "falcon_complete_dashboard", [{ + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }]], + ["QueryIncidentIdsByFilter", "GET", "/falcon-complete-dashboards/queries/incidents/v1", "Retrieve incidents that match the provided filter criteria with scrolling enabled", "falcon_complete_dashboard", [{ + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }]], + ["QueryRemediationsFilter", "GET", "/falcon-complete-dashboards/queries/remediations/v1", "Retrieve remediation tickets that match the provided filter criteria with scrolling enabled", "falcon_complete_dashboard", [{ + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/falcon_container.ts b/src/_endpoints/falcon_container.ts new file mode 100644 index 00000000..c6890097 --- /dev/null +++ b/src/_endpoints/falcon_container.ts @@ -0,0 +1,124 @@ +/** + * contains all method definitions for API: falcon container + * consumed and interpreted by Falcon.command(...) + */ +export var _falcon_container_endpoints: Array = [ + ["GetCredentials", "GET", "/container-security/entities/image-registry-credentials/v1", "Gets the registry credentials", "falcon_container", []], + ["GetCombinedImages", "GET", "/container-security/combined/image-assessment/images/v1", "Get image assessment results by providing an FQL filter and paging details", "falcon_container_image", [{ + "type": "string", + "description": "Filter images using a query in Falcon Query Language (FQL). Supported filters: container_running_status, cve_id, first_seen, registry, repository, tag, vulnerability_severity", + "name": "filter", + "in": "query" + }, { + "type": "integer", + "description": "The upper-bound on the number of records to retrieve [1-100]", + "name": "limit", + "in": "query" + }, { + "type": "integer", + "description": "The offset from where to begin.", + "name": "offset", + "in": "query" + }, { + "type": "string", + "description": "The fields to sort the records on. Supported columns: [first_seen registry repository tag vulnerability_severity]", + "name": "sort", + "in": "query" + }]], + ["ReadImageVulnerabilities", "POST", "/image-assessment/combined/vulnerability-lookups/v1", "Retrieve known vulnerabilities for the provided image", "falcon_container_cli", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetImageAssessmentReport", "GET", "/reports", "Retrieves the Assessment report for the Image ID provided.", "falcon_container", [{ + "type": "string", + "description": "The hash digest for the image.", + "name": "digest", + "in": "query", + "required": 0 + }, { + "type": "string", + "description": "The image ID.", + "name": "image_id", + "in": "query", + "required": 0 + }, { + "type": "string", + "description": "The repository the image resides within.", + "name": "repository", + "in": "query", + "required": 0 + }, { + "type": "string", + "description": "The image tag.", + "name": "tag", + "in": "query", + "required": 0 + }]], + ["DeleteImageDetails", "DELETE", "/images/{}", "Delete Images by ids.", "falcon_container", [{ + "type": "string", + "description": "The ID of the image to be deleted.", + "name": "image_id", + "in": "path", + "required": 1 + }]], + ["ImageMatchesPolicy", "GET", "/policy-checks", "After an image scan, use this operation to see if any images match a policy. If deny is true, the policy suggestion is that you do not deploy the image in your environment.", "falcon_container", [{ + "type": "string", + "description": "The repository the image resides within.", + "name": "repository", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The image tag.", + "name": "tag", + "in": "query", + "required": 1 + }]], + ["ReadRegistryEntities", "GET", "/container-security/queries/registries/v1", "Retrieve registry entities identified by the customer ID.", "falcon_container_image", [{ + "type": "string", + "description": "Starting index of result set from which to return IDs.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of IDs to return.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Order by fields.", + "name": "sort", + "in": "query" + }]], + ["CreateRegistryEntities", "POST", "/container-security/entities/registries/v1", "Create a registry entity using the provided details.", "falcon_container_image", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["DeleteRegistryEntities", "DELETE", "/container-security/entities/registries/v1", "Delete the registry entity identified by the entity UUID.", "falcon_container_image", [{ + "type": "string", + "description": "Registry entity UUID.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["UpdateRegistryEntities", "PATCH", "/container-security/entities/registries/v1", "Update the registry entity, as identified by the entity UUID, using the provided details.", "falcon_container_image", [{ + "type": "string", + "description": "Registry entity UUID.", + "name": "id", + "in": "query", + "required": 1 + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["ReadRegistryEntitiesByUUID", "GET", "/container-security/entities/registries/v1", "Retrieve the registry entity identified by the entity UUID.", "falcon_container_image", [{ + "type": "string", + "description": "Registry entity UUID.", + "name": "ids", + "in": "query", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/falconx_sandbox.ts b/src/_endpoints/falconx_sandbox.ts new file mode 100644 index 00000000..c400cf80 --- /dev/null +++ b/src/_endpoints/falconx_sandbox.ts @@ -0,0 +1,217 @@ +/** + * contains all method definitions for API: falconx sandbox + * consumed and interpreted by Falcon.command(...) + */ +export var _falconx_sandbox_endpoints: Array = [ + ["GetArtifacts", "GET", "/falconx/entities/artifacts/v1", "Download IOC packs, PCAP files, and other analysis artifacts.", "falconx_sandbox", [{ + "type": "string", + "description": "ID of an artifact, such as an IOC pack, PCAP file, or actor image. Find an artifact ID in a report or summary.", + "name": "id", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The name given to your downloaded file.", + "name": "name", + "in": "query" + }, { + "type": "string", + "description": "Format used to compress your downloaded file. Currently, you must provide the value `gzip`, the only valid format.", + "name": "Accept-Encoding", + "in": "header" + }]], + ["GetMemoryDumpExtractedStrings", "GET", "/falconx/entities/memory-dump/extracted-strings/v1", "Get extracted strings from a memory dump", "falconx_sandbox", [{ + "type": "string", + "description": "Extracted strings id", + "name": "id", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The name given to your downloaded file.", + "name": "name", + "in": "query" + }, { + "type": "string", + "description": "Format used to compress your downloaded file. Currently, you must provide the value `gzip`, the only valid format.", + "name": "Accept-Encoding", + "in": "header" + }]], + ["GetMemoryDumpHexDump", "GET", "/falconx/entities/memory-dump/hex-dump/v1", "Get hex view of a memory dump", "falconx_sandbox", [{ + "type": "string", + "description": "Hex dump id", + "name": "id", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The name given to your downloaded file.", + "name": "name", + "in": "query" + }, { + "type": "string", + "description": "Format used to compress your downloaded file. Currently, you must provide the value `gzip`, the only valid format.", + "name": "Accept-Encoding", + "in": "header" + }]], + ["GetMemoryDump", "GET", "/falconx/entities/memory-dump/v1", "Get memory dump content, as binary", "falconx_sandbox", [{ + "type": "string", + "description": "Memory dump id", + "name": "id", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The name given to your downloaded file.", + "name": "name", + "in": "query" + }, { + "type": "string", + "description": "Format used to compress your downloaded file. Currently, you must provide the value `gzip`, the only valid format.", + "name": "Accept-Encoding", + "in": "header" + }]], + ["GetSummaryReports", "GET", "/falconx/entities/report-summaries/v1", "Get a short summary version of a sandbox report.", "falconx_sandbox", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "ID of a summary. Find a summary ID from the response when submitting a malware sample or search with `/falconx/queries/reports/v1`.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetReports", "GET", "/falconx/entities/reports/v1", "Get a full sandbox report.", "falconx_sandbox", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "ID of a report. Find a report ID from the response when submitting a malware sample or search with `/falconx/queries/reports/v1`.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["DeleteReport", "DELETE", "/falconx/entities/reports/v1", "Delete report based on the report ID. Operation can be checked for success by polling for the report ID on the report-summaries endpoint.", "falconx_sandbox", [{ + "type": "string", + "description": "ID of a report.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetSubmissions", "GET", "/falconx/entities/submissions/v1", "Check the status of a sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.", "falconx_sandbox", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "ID of a submitted malware sample. Find a submission ID from the response when submitting a malware sample or search with `/falconx/queries/submissions/v1`.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["Submit", "POST", "/falconx/entities/submissions/v1", "Submit an uploaded file or a URL for sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.", "falconx_sandbox", [{ + "description": "Submit either a URL or a sample SHA256 for sandbox analysis. The sample file must have been previously uploaded through `/samples/entities/samples/v2`. You must specify a JSON object that includes the `falconx.SubmissionParametersV1` key/value pairs shown below.\n\n**`environment_id`**: Specifies the sandbox environment used for analysis. Values:\n\n- `300`: Linux Ubuntu 16.04, 64-bit\n- `200`: Android (static analysis)\n- `160`: Windows 10, 64-bit\n- `110`: Windows 7, 64-bit\n- `100`: Windows 7, 32-bit\n\n**`sha256`** ID of the sample, which is a SHA256 hash value. Find a sample ID from the response when uploading a malware sample or search with `/falconx/queries/submissions/v1`.The `url` parameter must be unset if `sha256` is used.\n\n**`url`** A web page or file URL. It can be HTTP(S) or FTP. The `sha256` parameter must be unset if `url` is used.\n\n**`action_script`** (optional): Runtime script for sandbox analysis. Values:\n\n- `default`\n- `default_maxantievasion`\n- `default_randomfiles`\n- `default_randomtheme`\n- `default_openie`\n\n**`command_line`** (optional): Command line script passed to the submitted file at runtime. Max length: 2048 characters\n\n**`document_password`** (optional): Auto-filled for Adobe or Office files that prompt for a password. Max length: 32 characters\n\n**`enable_tor`** (optional): If `true`, sandbox analysis routes network traffic via TOR. Default: `false`.\n\n**`submit_name`** (optional): Name of the malware sample that's used for file type detection and analysis\n\n**`system_date`** (optional): Set a custom date in the format `yyyy-MM-dd` for the sandbox environment\n\n**`system_time`** (optional): Set a custom time in the format `HH:mm` for the sandbox environment.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["QueryReports", "GET", "/falconx/queries/reports/v1", "Find sandbox reports by providing an FQL filter and paging details. Returns a set of report IDs that match your criteria.", "falconx_sandbox", [{ + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "The offset to start retrieving reports from.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Maximum number of report IDs to return. Max: 5000.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort order: `asc` or `desc`.", + "name": "sort", + "in": "query" + }]], + ["QuerySubmissions", "GET", "/falconx/queries/submissions/v1", "Find submission IDs for uploaded files by providing an FQL filter and paging details. Returns a set of submission IDs that match your criteria.", "falconx_sandbox", [{ + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "The offset to start retrieving submissions from.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Maximum number of submission IDs to return. Max: 5000.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort order: `asc` or `desc`.", + "name": "sort", + "in": "query" + }]], + ["GetSampleV2", "GET", "/samples/entities/samples/v2", "Retrieves the file associated with the given ID (SHA256)", "falconx_sandbox", [{ + "type": "string", + "description": "The file SHA256.", + "name": "ids", + "in": "query", + "required": 1 + }, { + "type": "boolean", + "default": 0, + "description": "Flag whether the sample should be zipped and password protected with pass='infected'", + "name": "password_protected", + "in": "query" + }]], + ["UploadSampleV2", "POST", "/samples/entities/samples/v2", "Upload a file for sandbox analysis. After uploading, use `/falconx/entities/submissions/v1` to start analyzing the file.", "falconx_sandbox", [{ + "description": "Content of the uploaded sample in binary format. For example, use `--data-binary @$FILE_PATH` when using cURL. Max file size: 100 MB.\n\nAccepted file formats:\n\n- Portable executables: `.exe`, `.scr`, `.pif`, `.dll`, `.com`, `.cpl`, etc.\n- Office documents: `.doc`, `.docx`, `.ppt`, `.pps`, `.pptx`, `.ppsx`, `.xls`, `.xlsx`, `.rtf`, `.pub`\n- PDF\n- APK\n- Executable JAR\n- Windows script component: `.sct`\n- Windows shortcut: `.lnk`\n- Windows help: `.chm`\n- HTML application: `.hta`\n- Windows script file: `.wsf`\n- Javascript: `.js`\n- Visual Basic: `.vbs`, `.vbe`\n- Shockwave Flash: `.swf`\n- Perl: `.pl`\n- Powershell: `.ps1`, `.psd1`, `.psm1`\n- Scalable vector graphics: `.svg`\n- Python: `.py`\n- Linux ELF executables\n- Email files: MIME RFC 822 `.eml`, Outlook `.msg`.", + "name": "body", + "in": "body", + "required": 1 + }, { + "type": "file", + "description": "The binary file.", + "name": "upfile", + "in": "formData", + "required": 1 + }, { + "type": "string", + "description": "Name of the file.", + "name": "file_name", + "in": "formData", + "required": 1 + }, { + "type": "string", + "description": "A descriptive comment to identify the file for other users.", + "name": "comment", + "in": "formData" + }, { + "type": "boolean", + "default": 1, + "description": "Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console.\n\n- `true`: File is only shown to users within your customer account\n- `false`: File can be seen by other CrowdStrike customers \n\nDefault: `true`.", + "name": "is_confidential", + "in": "formData" + }]], + ["DeleteSampleV2", "DELETE", "/samples/entities/samples/v2", "Removes a sample, including file, meta and submissions from the collection", "falconx_sandbox", [{ + "type": "string", + "description": "The file SHA256.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["QuerySampleV1", "POST", "/samples/queries/samples/GET/v1", "Retrieves a list with sha256 of samples that exist and customer has rights to access them, maximum number of accepted items is 200", "falconx_sandbox", [{ + "description": "Pass a list of sha256s to check if the exist. It will be returned the list of existing hashes.", + "name": "body", + "in": "body", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/fdr.ts b/src/_endpoints/fdr.ts new file mode 100644 index 00000000..7ccafbdc --- /dev/null +++ b/src/_endpoints/fdr.ts @@ -0,0 +1,69 @@ +/** + * contains all method definitions for API: fdr + * consumed and interpreted by Falcon.command(...) + */ +export var _fdr_endpoints: Array = [ + ["fdrschema_combined_event_get", "GET", "/fdr/combined/schema-members/v1", "Fetch combined schema", "event_schema", []], + ["fdrschema_entities_event_get", "GET", "/fdr/entities/schema-events/v1", "Fetch event schema by ID", "event_schema", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Specify feed IDs to fetch", + "name": "ids", + "in": "query" + }]], + ["fdrschema_queries_event_get", "GET", "/fdr/queries/schema-events/v1", "Get list of event IDs given a particular query.", "event_schema", [{ + "type": "integer", + "description": "Limit of the data", + "name": "limit", + "in": "query" + }, { + "type": "integer", + "description": "Offset into the data", + "name": "offset", + "in": "query" + }, { + "type": "string", + "description": "FQL filter of the data", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Sort the data", + "name": "sort", + "in": "query" + }]], + ["fdrschema_entities_field_get", "GET", "/fdr/entities/schema-fields/v1", "Fetch field schema by ID", "field_schema", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Specify feed IDs to fetch", + "name": "ids", + "in": "query" + }]], + ["fdrschema_queries_field_get", "GET", "/fdr/queries/schema-fields/v1", "Get list of field IDs given a particular query.", "field_schema", [{ + "type": "integer", + "description": "Limit of the data", + "name": "limit", + "in": "query" + }, { + "type": "integer", + "description": "Offset into the data", + "name": "offset", + "in": "query" + }, { + "type": "string", + "description": "FQL filter of the data", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Sort the data", + "name": "sort", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/filevantage.ts b/src/_endpoints/filevantage.ts new file mode 100644 index 00000000..c38efa2c --- /dev/null +++ b/src/_endpoints/filevantage.ts @@ -0,0 +1,359 @@ +/** + * contains all method definitions for API: filevantage + * consumed and interpreted by Falcon.command(...) + */ +export var _filevantage_endpoints: Array = [ + ["getChanges", "GET", "/filevantage/entities/changes/v2", "Retrieve information on changes", "filevantage", [{ + "maxItems": 500, + "minItems": 1, + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more change ids in the form of `ids=ID1&ids=ID2`. The maximum number of ids that can be requested at once is `500`.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["updatePolicyHostGroups", "PATCH", "/filevantage/entities/policies-host-groups/v1", "Manage host groups assigned to a policy.", "filevantage", [{ + "type": "string", + "description": "The id of the policy for which to perform the action.", + "name": "policy_id", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The action to perform with the provided ids, must be one of: `assign` or `unassign`.", + "name": "action", + "in": "query", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more host group ids in the form of `ids=ID1&ids=ID2`", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["updatePolicyPrecedence", "PATCH", "/filevantage/entities/policies-precedence/v1", "Updates the policy precedence for all policies of a specific type.", "filevantage", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Precedence of the policies for the provided type in the form of `ids=ID1&ids=ID2`", + "name": "ids", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The policy type for which to set the precedence order, must be one of `Windows`, `Linux` or `Mac`.", + "name": "type", + "in": "query", + "required": 1 + }]], + ["updatePolicyRuleGroups", "PATCH", "/filevantage/entities/policies-rule-groups/v1", "Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.", "filevantage", [{ + "type": "string", + "description": "The id of the policy for which to perform the action.", + "name": "policy_id", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The action to perform with the provided ids, must be one of: `assign`, `unassign`, or `precedence`.", + "name": "action", + "in": "query", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more rule group ids in the form of ids=ID1&ids=ID2. Note, for the precedence action, precedence is controlled by the order of the ids as they are specified in the request.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["getPolicies", "GET", "/filevantage/entities/policies/v1", "Retrieves the configuration for 1 or more policies.", "filevantage", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more (up to 500) policy ids in the form of `ids=ID1&ids=ID2`", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["createPolicies", "POST", "/filevantage/entities/policies/v1", "Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.", "filevantage", [{ + "description": "Create a new policy.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `platform` must be one of `Windows`, `Linux`, or `Mac`\n\n Rule and host group assignment and policy precedence setting is performed via their respective patch end-points.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["updatePolicies", "PATCH", "/filevantage/entities/policies/v1", "Updates the general information of the provided policy.", "filevantage", [{ + "description": "Enables updates to the following fields for an existing policy. \n\n * `id` of the policy to update.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `platform` may not be modified after the policy is created.\n\n * `enabled` must be one of `true` or `false`.\n\n Rule and host group assignment and policy precedence setting is performed via their respective patch end-points.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["deletePolicies", "DELETE", "/filevantage/entities/policies/v1", "Deletes 1 or more policies.", "filevantage", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more (up to 500) policy ids in the form of `ids=ID1&ids=ID2`", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["getScheduledExclusions", "GET", "/filevantage/entities/policy-scheduled-exclusions/v1", "Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.", "filevantage", [{ + "type": "string", + "description": "The id of the policy to retrieve the scheduled exclusion configurations.", + "name": "policy_id", + "in": "query", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more (up to 500) scheduled exclusion ids in the form of `ids=ID1&ids=ID2`.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["createScheduledExclusions", "POST", "/filevantage/entities/policy-scheduled-exclusions/v1", "Creates a new scheduled exclusion configuration for the provided policy id.", "filevantage", [{ + "description": "Create a new scheduled exclusion configuration for the specified policy.\n\n \n\n * `policy_id` to add the scheduled exclusion to.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `users` can be between 0 and 500 characters representing a comma separated list of user to exclude their changes.\n\n * admin* excludes changes made by all usernames that begin with admin. Falon GLOB syntax is supported.\n\n * `processes` can be between 0 and 500 characters representing a comma separated list of processes to exclude their changes.\n\n * **\\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location.\n\n * `schedule_start` must be provided to indicate the start of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339.\n\n * `schedule_end` optionally provided to indicate the end of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["updateScheduledExclusions", "PATCH", "/filevantage/entities/policy-scheduled-exclusions/v1", "Updates the provided scheduled exclusion configuration within the provided policy.", "filevantage", [{ + "description": "Update an existing scheduled exclusion for the specified policy.\n\n \n\n * `id` representing the scheduled exclusion to update.\n\n * `policy_id` which the scheduled exclusion is assigned.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `users` can be between 0 and 500 characters representing a comma separated list of user to exclude their changes.\n\n * admin* excludes changes made by all usernames that begin with admin. Falon GLOB syntax is supported.\n\n * `processes` can be between 0 and 500 characters representing a comma separated list of processes to exclude their changes.\n\n * **\\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location.\n\n * `schedule_start` must be provided to indicate the start of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339.\n\n * `schedule_end` optionally provided to indicate the end of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteScheduledExclusions", "DELETE", "/filevantage/entities/policy-scheduled-exclusions/v1", "Deletes 1 or more scheduled exclusions from the provided policy id.", "filevantage", [{ + "type": "string", + "description": "ID of the policy to delete the scheduled exclusions from.", + "name": "policy_id", + "in": "query", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more (up to 500) scheduled exclusion ids in the form of `ids=ID1&ids=ID2`.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["updateRuleGroupPrecedence", "PATCH", "/filevantage/entities/rule-groups-rule-precedence/v1", "Updates the rule precedence for all rules in the identified rule group.", "filevantage", [{ + "type": "string", + "description": "Rule group from which to set the precedence.", + "name": "rule_group_id", + "in": "query", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["getRules", "GET", "/filevantage/entities/rule-groups-rules/v1", "Retrieves the configuration for 1 or more rules.", "filevantage", [{ + "type": "string", + "description": "Rule group from which to retrieve the rule configuration.", + "name": "rule_group_id", + "in": "query", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more (up to 500) rule ids in the form of `ids=ID1&ids=ID2`.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["createRules", "POST", "/filevantage/entities/rule-groups-rules/v1", "Creates a new rule configuration within the specified rule group.", "filevantage", [{ + "description": "Create a new rule configuration for the specified rule group.\n\n * `id` is not supported for creation of a rule, the new id of the created rule will be included in the response.\n\n * `rule_group_id` to add the new rule configuration.\n\n * `description` can be between 0 and 500 characters.\n\n * `path` representing the file system or registry path to monitor.\n\n * must be between 1 and 250 characters. \n\n * All paths must end with the path separator, e.g. c:\\windows\\ /usr/bin/ \n\n * `severity` to categorize change events produced by this rule; must be one of: `Low`, `Medium`, `High` or `Critical`\n\n * `depth` below the base path to monitor; must be one of: `1`, `2`, `3`, `4`, `5` or `ANY`\n\n * `precedence` - is not supported for creation of a rule, new rules will be added last in precedence order.will result this rule being placed before that existing rule.\n\nFalcon GLOB syntax is supported for the following 6 properties. Allowed rule group configuration is based on the type of rule group the rule group is added to.\n\n * `include` represents the files, directories, registry keys, or registry values that will be monitored. \n\n * `exclude` represents the files, directories, registry keys, or registry values that will `NOT` be monitored. \n\n * `include_users` represents the changes performed by specific users that will be monitored (`macOS` is not supported at this time).\n\n * `exclude_users` represents the changes performed by specific users that will `NOT` be monitored (`macOS` is not supported at this time).\n\n * `include_processes` represents the changes performed by specific processes that will be monitored (`macOS` is not supported at this time).\n\n * `exclude_users` represents the changes performed by specific processes that will be `NOT` monitored (`macOS` is not supported at this time).\n\nFile system directory monitoring:\n\n * `watch_delete_directory_changes`\n\n * `watch_create_directory_changes`\n\n * `watch_rename_directory_changes`\n\n * `watch_attributes_directory_changes` (`macOS` is not supported at this time)\n\n * `watch_permissions_directory_changes` (`macOS` is not supported at this time)\n\nFile system file monitoring:\n\n * `watch_rename_file_changes`\n\n * `watch_write_file_changes`\n\n * `watch_create_file_changes`\n\n * `watch_delete_file_changes`\n\n * `watch_attributes_file_changes` (`macOS` is not supported at this time)\n\n * `watch_permissions_file_changes` (`macOS` is not supported at this time)\n\nWindows registry key and value monitoring: \n\n * `watch_create_key_changes`\n\n * `watch_delete_key_changes`\n\n * `watch_rename_key_changes`\n\n * `watch_set_value_changes`\n\n * `watch_delete_value_changes`\n\n * `watch_create_file_changes`", + "name": "body", + "in": "body", + "required": 1 + }]], + ["updateRules", "PATCH", "/filevantage/entities/rule-groups-rules/v1", "Updates the provided rule configuration within the specified rule group.", "filevantage", [{ + "description": "Update the rule configuration for the specified rule ID and group.\n\n * `id` of the rule to update.\n\n * `rule_group_id` that contains the rule configuration.\n\n * `description` can be between 0 and 500 characters.\n\n * `path` representing the file system or registry path to monitor.\n\n * must be between 1 and 250 characters. \n\n * All paths must end with the path separator, e.g. c:\\windows\\ /usr/bin/ \n\n * `severity` to categorize change events produced by this rule; must be one of: `Low`, `Medium`, `High` or `Critical`\n\n * `depth` below the base path to monitor; must be one of: `1`, `2`, `3`, `4`, `5` or `ANY`\n\n * `precedence` is the order in which rules will be evaluated starting with 1. Specifying a precedence value that is already set for another rule in the group will result this rule being placed before that existing rule.\n\nFalcon GLOB syntax is supported for the following 6 properties. Allowed rule group configuration is based on the type of rule group the rule group is added to.\n\n * `include` represents the files, directories, registry keys, or registry values that will be monitored. \n\n * `exclude` represents the files, directories, registry keys, or registry values that will `NOT` be monitored. \n\n * `include_users` represents the changes performed by specific users that will be monitored (`macOS` is not supported at this time).\n\n * `exclude_users` represents the changes performed by specific users that will `NOT` be monitored (`macOS` is not supported at this time).\n\n * `include_processes` represents the changes performed by specific processes that will be monitored (`macOS` is not supported at this time).\n\n * `exclude_users` represents the changes performed by specific processes that will be `NOT` monitored (`macOS` is not supported at this time).\n\nFile system directory monitoring:\n\n * `watch_delete_directory_changes`\n\n * `watch_create_directory_changes`\n\n * `watch_rename_directory_changes`\n\n * `watch_attributes_directory_changes` (`macOS` is not supported at this time)\n\n * `watch_permissions_directory_changes` (`macOS` is not supported at this time)\n\nFile system file monitoring:\n\n * `watch_rename_file_changes`\n\n * `watch_write_file_changes`\n\n * `watch_create_file_changes`\n\n * `watch_delete_file_changes`\n\n * `watch_attributes_file_changes` (`macOS` is not supported at this time)\n\n * `watch_permissions_file_changes` (`macOS` is not supported at this time)\n\nWindows registry key and value monitoring: \n\n * `watch_create_key_changes`\n\n * `watch_delete_key_changes`\n\n * `watch_rename_key_changes`\n\n * `watch_set_value_changes`\n\n * `watch_delete_value_changes`\n\n * `watch_create_file_changes`", + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteRules", "DELETE", "/filevantage/entities/rule-groups-rules/v1", "Deletes 1 or more rules from the specified rule group.", "filevantage", [{ + "type": "string", + "description": "The id of the rule group from which the rules will be deleted.", + "name": "rule_group_id", + "in": "query", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more (up to 500) rule ids in the form of `ids=ID1&ids=ID2`", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["getRuleGroups", "GET", "/filevantage/entities/rule-groups/v1", "Retrieves the rule group details for 1 or more rule groups.", "filevantage", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["createRuleGroups", "POST", "/filevantage/entities/rule-groups/v1", "Creates a new rule group of the specified type.", "filevantage", [{ + "description": "Create a new rule group of a specific type.\n\n * `name` must be between 1 and 100 characters.\n\n * `type` must be one of `WindowsFiles`, `WindowsRegistry`, `LinuxFiles` or `MacFiles`.\n\n * `description` can be between 0 and 500 characters.\n\n Note: rules are added/removed from rule groups using their dedicated end-points.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["updateRuleGroups", "PATCH", "/filevantage/entities/rule-groups/v1", "Updates the provided rule group.", "filevantage", [{ + "description": "Enables updates to the following fields for an existing rule group. \n\n * `id` of the rule group to update.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `type` may not be modified after the rule group is created.\n\n Note: rules are added/removed from rule groups using their dedicated end-points.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteRuleGroups", "DELETE", "/filevantage/entities/rule-groups/v1", "Deletes 1 or more rule groups ", "filevantage", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["queryChanges", "GET", "/filevantage/queries/changes/v2", "Returns one or more change IDs", "filevantage", [{ + "minimum": 0, + "type": "integer", + "description": "The first change index to return in the response. If not provided it will default to '0'. Use with the `limit` parameter to manage pagination of results.", + "name": "offset", + "in": "query" + }, { + "maximum": 500, + "type": "integer", + "description": "The maximum number of changes to return in the response (default: 100; max: 500). Use with the `offset` parameter to manage pagination of results", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort changes using options like:\n\n- `action_timestamp` (timestamp of the change occurrence) \n\n Sort either `asc` (ascending) or `desc` (descending). For example: `action_timestamp|asc`.\nThe full list of allowed sorting options can be reviewed in our API documentation.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter changes using a query in Falcon Query Language (FQL). \n\nCommon filter options include:\n\n - `host.host_name`\n - `action_timestamp`\n\n The full list of allowed filter parameters can be reviewed in our API documentation.", + "name": "filter", + "in": "query" + }]], + ["highVolumeQueryChanges", "GET", "/filevantage/queries/changes/v3", "Returns 1 or more change ids", "filevantage", [{ + "type": "string", + "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request don't provide a value for the `after` token. On subsequent requests provide the `after` token value from the previous response to continue pagination from where you left. If the response returns an empty `after` token it means there are no more results to return.", + "name": "after", + "in": "query" + }, { + "maximum": 5000, + "type": "integer", + "default": 100, + "description": "The maximum number of ids to return. Defaults to `100` if not specified. The maximum number of results that can be returned in a single call is `5000`.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "default": "action_timestamp|desc", + "description": "Sort results using options like:\n\n- `action_timestamp` (timestamp of the change occurrence) \n\nSort either `asc` (ascending) or `desc` (descending). For example: `action_timestamp|asc`. Defaults to `action_timestamp|desc` no value is specified.\nThe full list of allowed sorting options can be reviewed in our API documentation.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter changes using a query in Falcon Query Language (FQL). \n\nCommon filter options include:\n\n - `host.name`\n - `action_timestamp`\n\n The full list of allowed filter parameters can be reviewed in our API documentation.", + "name": "filter", + "in": "query" + }]], + ["queryPolicies", "GET", "/filevantage/queries/policies/v1", "Retrieve the ids of all policies that are assigned the provided policy type.", "filevantage", [{ + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from. Defaults to 0 if not specified.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort the returned ids based on one of the following properties:\n\n`precedence`, `created_timestamp` or `modified_timestamp`\n\n Sort either `asc` (ascending) or `desc` (descending); for example: `precedence|asc`.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "The types of policies to retrieve.\n\n Allowed values are: `Windows`, `Linux` or `Mac`.", + "name": "type", + "in": "query", + "required": 1 + }]], + ["queryScheduledExclusions", "GET", "/filevantage/queries/policy-scheduled-exclusions/v1", "Retrieve the ids of all scheduled exclusions contained within the provided policy id.", "filevantage", [{ + "type": "string", + "description": "The id of the policy from which to retrieve the scheduled exclusion ids.", + "name": "policy_id", + "in": "query", + "required": 1 + }]], + ["queryRuleGroups", "GET", "/filevantage/queries/rule-groups/v1", "Retrieve the ids of all rule groups that are of the provided rule group type.", "filevantage", [{ + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from. Defaults to 0 if not specified.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort the returned ids based on one of the following properties:\n\n `created_timestamp` or `modified_timestamp`\n\n Sort either `asc` (ascending) or `desc` (descending); for example: `created_timestamp|asc`.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "The rule group type to retrieve the ids of.\n\n Allowed values are: `WindowsFiles`, `WindowsRegistry`, `LinuxFiles` or `MacFiles`.", + "name": "type", + "in": "query", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/firewall_management.ts b/src/_endpoints/firewall_management.ts new file mode 100644 index 00000000..cc731155 --- /dev/null +++ b/src/_endpoints/firewall_management.ts @@ -0,0 +1,462 @@ +/** + * contains all method definitions for API: firewall management + * consumed and interpreted by Falcon.command(...) + */ +export var _firewall_management_endpoints: Array = [ + ["aggregate_events", "POST", "/fwmgr/aggregates/events/GET/v1", "Aggregate events for customer", "firewall_management", [{ + "description": "Query criteria and settings", + "name": "body", + "in": "body", + "required": 1 + }]], + ["aggregate_policy_rules", "POST", "/fwmgr/aggregates/policy-rules/GET/v1", "Aggregate rules within a policy for customer", "firewall_management", [{ + "description": "Query criteria and settings", + "name": "body", + "in": "body", + "required": 1 + }]], + ["aggregate_rule_groups", "POST", "/fwmgr/aggregates/rule-groups/GET/v1", "Aggregate rule groups for customer", "firewall_management", [{ + "description": "Query criteria and settings", + "name": "body", + "in": "body", + "required": 1 + }]], + ["aggregate_rules", "POST", "/fwmgr/aggregates/rules/GET/v1", "Aggregate rules for customer", "firewall_management", [{ + "description": "Query criteria and settings", + "name": "body", + "in": "body", + "required": 1 + }]], + ["get_events", "GET", "/fwmgr/entities/events/v1", "Get events entities by ID and optionally version", "firewall_management", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The events to retrieve, identified by ID", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["get_firewall_fields", "GET", "/fwmgr/entities/firewall-fields/v1", "Get the firewall field specifications by ID", "firewall_management", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the rule types to retrieve", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["get_network_locations_details", "GET", "/fwmgr/entities/network-locations-details/v1", "Get network locations entities by ID", "firewall_management", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The events to retrieve, identified by ID", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["update_network_locations_metadata", "POST", "/fwmgr/entities/network-locations-metadata/v1", "Updates the network locations metadata such as polling_intervals for the cid", "firewall_management", [{ + "type": "string", + "description": "Audit log comment for this action", + "name": "comment", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["update_network_locations_precedence", "POST", "/fwmgr/entities/network-locations-precedence/v1", "Updates the network locations precedence according to the list of ids provided.", "firewall_management", [{ + "type": "string", + "description": "Audit log comment for this action", + "name": "comment", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["get_network_locations", "GET", "/fwmgr/entities/network-locations/v1", "Get a summary of network locations entities by ID", "firewall_management", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The events to retrieve, identified by ID", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["create_network_locations", "POST", "/fwmgr/entities/network-locations/v1", "Create new network locations provided, and return the ID.", "firewall_management", [{ + "type": "string", + "description": "A network location ID from which to copy location. If this is provided then the body of the request is ignored.", + "name": "clone_id", + "in": "query" + }, { + "type": "boolean", + "description": "A boolean to determine whether the cloned location needs to be added to the same firewall rules that original location is added to.", + "name": "add_fw_rules", + "in": "query" + }, { + "type": "string", + "description": "Audit log comment for this action", + "name": "comment", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["update_network_locations", "PATCH", "/fwmgr/entities/network-locations/v1", "Updates the network locations provided, and return the ID.", "firewall_management", [{ + "type": "string", + "description": "Audit log comment for this action", + "name": "comment", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["upsert_network_locations", "PUT", "/fwmgr/entities/network-locations/v1", "Updates the network locations provided, and return the ID.", "firewall_management", [{ + "type": "string", + "description": "Audit log comment for this action", + "name": "comment", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["delete_network_locations", "DELETE", "/fwmgr/entities/network-locations/v1", "Delete network location entities by ID.", "firewall_management", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the network locations to be deleted", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["get_platforms", "GET", "/fwmgr/entities/platforms/v1", "Get platforms by ID, e.g., windows or mac or droid", "firewall_management", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the platforms to retrieve", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["get_policy_containers", "GET", "/fwmgr/entities/policies/v1", "Get policy container entities by policy ID", "firewall_management", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The policy container(s) to retrieve, identified by policy ID", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["update_policy_container_v1", "PUT", "/fwmgr/entities/policies/v1", "Update an identified policy container. WARNING: This endpoint is deprecated in favor of v2, using this endpoint could disable your local logging setting.", "firewall_management", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["update_policy_container", "PUT", "/fwmgr/entities/policies/v2", "Update an identified policy container, including local logging functionality.", "firewall_management", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["get_rule_groups", "GET", "/fwmgr/entities/rule-groups/v1", "Get rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order.", "firewall_management", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the rule groups to retrieve", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["create_rule_group", "POST", "/fwmgr/entities/rule-groups/v1", "Create new rule group on a platform for a customer with a name and description, and return the ID", "firewall_management", [{ + "type": "string", + "description": "A rule group ID from which to copy rules. If this is provided then the 'rules' property of the body is ignored.", + "name": "clone_id", + "in": "query" + }, { + "type": "string", + "description": "If this flag is set to true then the rules will be cloned from the clone_id from the CrowdStrike Firewall Rule Groups Library.", + "name": "library", + "in": "query" + }, { + "type": "string", + "description": "Audit log comment for this action", + "name": "comment", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["update_rule_group", "PATCH", "/fwmgr/entities/rule-groups/v1", "Update name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules", "firewall_management", [{ + "type": "string", + "description": "Audit log comment for this action", + "name": "comment", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["delete_rule_groups", "DELETE", "/fwmgr/entities/rule-groups/v1", "Delete rule group entities by ID", "firewall_management", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the rule groups to be deleted", + "name": "ids", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Audit log comment for this action", + "name": "comment", + "in": "query" + }]], + ["create_rule_group_validation", "POST", "/fwmgr/entities/rule-groups/validation/v1", "Validates the request of creating a new rule group on a platform for a customer with a name and description", "firewall_management", [{ + "type": "string", + "description": "A rule group ID from which to copy rules. If this is provided then the 'rules' property of the body is ignored.", + "name": "clone_id", + "in": "query" + }, { + "type": "string", + "description": "If this flag is set to true then the rules will be cloned from the clone_id from the CrowdStrike Firewall Rule Groups Library.", + "name": "library", + "in": "query" + }, { + "type": "string", + "description": "Audit log comment for this action", + "name": "comment", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["update_rule_group_validation", "PATCH", "/fwmgr/entities/rule-groups/validation/v1", "Validates the request of updating name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules", "firewall_management", [{ + "type": "string", + "description": "Audit log comment for this action", + "name": "comment", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["get_rules", "GET", "/fwmgr/entities/rules/v1", "Get rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string)", "firewall_management", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The rules to retrieve, identified by ID", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["validate_filepath_pattern", "POST", "/fwmgr/entities/rules/validate-filepath/v1", "Validates that the test pattern matches the executable filepath glob pattern.", "firewall_management", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["query_events", "GET", "/fwmgr/queries/events/v1", "Find all event IDs matching the query with filter", "firewall_management", [{ + "type": "string", + "description": "Possible order by fields: ", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match query criteria, which includes all the filter string fields, plus TODO", + "name": "q", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "string", + "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + "name": "after", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }]], + ["query_firewall_fields", "GET", "/fwmgr/queries/firewall-fields/v1", "Get the firewall field specification IDs for the provided platform", "firewall_management", [{ + "type": "string", + "description": "Get fields configuration for this platform", + "name": "platform_id", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }]], + ["query_network_locations", "GET", "/fwmgr/queries/network-locations/v1", "Get a list of network location IDs", "firewall_management", [{ + "type": "string", + "description": "Possible order by fields: ", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters. Filter term criteria: name", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match query criteria, which includes all the filter string fields", + "name": "q", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "string", + "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + "name": "after", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }]], + ["query_platforms", "GET", "/fwmgr/queries/platforms/v1", "Get the list of platform names", "firewall_management", [{ + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }]], + ["query_policy_rules", "GET", "/fwmgr/queries/policy-rules/v1", "Find all firewall rule IDs matching the query with filter, and return them in precedence order", "firewall_management", [{ + "type": "string", + "description": "The ID of the policy container within which to query", + "name": "id", + "in": "query" + }, { + "type": "string", + "description": "Possible order by fields: ", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match query criteria, which includes all the filter string fields, plus TODO", + "name": "q", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }]], + ["query_rule_groups", "GET", "/fwmgr/queries/rule-groups/v1", "Find all rule group IDs matching the query with filter", "firewall_management", [{ + "type": "string", + "description": "Possible order by fields: ", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match query criteria, which includes all the filter string fields, plus TODO", + "name": "q", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "string", + "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + "name": "after", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }]], + ["query_rules", "GET", "/fwmgr/queries/rules/v1", "Find all rule IDs matching the query with filter", "firewall_management", [{ + "type": "string", + "description": "Possible order by fields: ", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match query criteria, which includes all the filter string fields, plus TODO", + "name": "q", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "string", + "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + "name": "after", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/firewall_policies.ts b/src/_endpoints/firewall_policies.ts new file mode 100644 index 00000000..5c615287 --- /dev/null +++ b/src/_endpoints/firewall_policies.ts @@ -0,0 +1,170 @@ +/** + * contains all method definitions for API: firewall policies + * consumed and interpreted by Falcon.command(...) + */ +export var _firewall_policies_endpoints: Array = [ + ["queryCombinedFirewallPolicyMembers", "GET", "/policy/combined/firewall-members/v1", "Search for members of a Firewall Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", "firewall_policies", [{ + "type": "string", + "description": "The ID of the Firewall Policy to search for members of", + "name": "id", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["queryCombinedFirewallPolicies", "GET", "/policy/combined/firewall/v1", "Search for Firewall Policies in your environment by providing an FQL filter and paging details. Returns a set of Firewall Policies which match the filter criteria", "firewall_policies", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["performFirewallPoliciesAction", "POST", "/policy/entities/firewall-actions/v1", "Perform the specified action on the Firewall Policies specified in the request", "firewall_policies", [{ + "enum": ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], + "type": "string", + "description": "The action to perform", + "name": "action_name", + "in": "query", + "required": 1 + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["setFirewallPoliciesPrecedence", "POST", "/policy/entities/firewall-precedence/v1", "Sets the precedence of Firewall Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence", "firewall_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["getFirewallPolicies", "GET", "/policy/entities/firewall/v1", "Retrieve a set of Firewall Policies by specifying their IDs", "firewall_policies", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the Firewall Policies to return", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["createFirewallPolicies", "POST", "/policy/entities/firewall/v1", "Create Firewall Policies by specifying details about the policy to create", "firewall_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }, { + "maxLength": 32, + "minLength": 32, + "type": "string", + "description": "The policy ID to be cloned from", + "name": "clone_id", + "in": "query" + }]], + ["updateFirewallPolicies", "PATCH", "/policy/entities/firewall/v1", "Update Firewall Policies by specifying the ID of the policy and details to update", "firewall_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteFirewallPolicies", "DELETE", "/policy/entities/firewall/v1", "Delete a set of Firewall Policies by specifying their IDs", "firewall_policies", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the Firewall Policies to delete", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["queryFirewallPolicyMembers", "GET", "/policy/queries/firewall-members/v1", "Search for members of a Firewall Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria", "firewall_policies", [{ + "type": "string", + "description": "The ID of the Firewall Policy to search for members of", + "name": "id", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["queryFirewallPolicies", "GET", "/policy/queries/firewall/v1", "Search for Firewall Policies in your environment by providing an FQL filter and paging details. Returns a set of Firewall Policy IDs which match the filter criteria", "firewall_policies", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/foundry_logscale.ts b/src/_endpoints/foundry_logscale.ts new file mode 100644 index 00000000..df45e144 --- /dev/null +++ b/src/_endpoints/foundry_logscale.ts @@ -0,0 +1,143 @@ +/** + * contains all method definitions for API: foundry logscale + * consumed and interpreted by Falcon.command(...) + */ +export var _foundry_logscale_endpoints: Array = [ + ["ListReposV1", "GET", "/loggingapi/combined/repos/v1", "Lists available repositories and views", "foundry_logscale", []], + ["IngestDataV1", "POST", "/loggingapi/entities/data-ingestion/ingest/v1", "Ingest data into the application repository", "foundry_logscale", [{ + "type": "file", + "description": "Data file to ingest", + "name": "data_file", + "in": "formData", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "description": "Custom tag for ingested data in the form tag:value", + "name": "tag", + "in": "formData" + }, { + "type": "string", + "description": "Tag the data with the specified source", + "name": "tag_source", + "in": "formData" + }, { + "type": "boolean", + "default": 0, + "description": "Tag the data with test-ingest", + "name": "test_data", + "in": "formData" + }]], + ["CreateSavedSearchesDynamicExecuteV1", "POST", "/loggingapi/entities/saved-searches/execute-dynamic/v1", "Execute a dynamic saved search", "foundry_logscale", [{ + "type": "boolean", + "default": 0, + "description": "Include generated schemas in the response", + "name": "include_schema_generation", + "in": "query" + }, { + "type": "boolean", + "default": 0, + "description": "Include test data when executing searches", + "name": "include_test_data", + "in": "query" + }, { + "type": "boolean", + "default": 0, + "description": "Whether to include metadata in the response", + "name": "metadata", + "in": "query" + }, { + "enum": ["sync", "async"], + "type": "string", + "description": "Mode to execute the query under.", + "name": "mode", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetSavedSearchesExecuteV1", "GET", "/loggingapi/entities/saved-searches/execute/v1", "Get the results of a saved search", "foundry_logscale", [{ + "type": "string", + "description": "Job ID for a previously executed async query", + "name": "job_id", + "in": "query", + "required": 1 + }, { + "minimum": 0, + "type": "string", + "description": "Maximum number of records to return.", + "name": "limit", + "in": "query" + }, { + "type": "boolean", + "default": 0, + "description": "Whether to include metadata in the response", + "name": "metadata", + "in": "query" + }, { + "minimum": 0, + "type": "string", + "description": "Starting pagination offset of records to return.", + "name": "offset", + "in": "query" + }, { + "pattern": "v?([0-9]+)(\\.[0-9]+)?(\\.[0-9]+)?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?", + "type": "string", + "description": "Version of resource being created", + "name": "version", + "in": "query" + }]], + ["CreateSavedSearchesExecuteV1", "POST", "/loggingapi/entities/saved-searches/execute/v1", "Execute a saved search", "foundry_logscale", [{ + "type": "boolean", + "default": 0, + "description": "Whether to include search field details", + "name": "detailed", + "in": "query" + }, { + "type": "boolean", + "default": 0, + "description": "Include test data when executing searches", + "name": "include_test_data", + "in": "query" + }, { + "type": "boolean", + "default": 0, + "description": "Whether to include metadata in the response", + "name": "metadata", + "in": "query" + }, { + "enum": ["sync", "async", "async_offload"], + "type": "string", + "description": "Mode to execute the query under. If provided, takes precedence over the mode provided in the body.", + "name": "mode", + "in": "query" + }, { + "pattern": "v?([0-9]+)(\\.[0-9]+)?(\\.[0-9]+)?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?", + "type": "string", + "description": "Version of resource being created", + "name": "version", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["CreateSavedSearchesIngestV1", "POST", "/loggingapi/entities/saved-searches/ingest/v1", "Populate a saved search", "foundry_logscale", []], + ["GetSavedSearchesJobResultsDownloadV1", "GET", "/loggingapi/entities/saved-searches/job-results-download/v1", "Get the results of a saved search as a file", "foundry_logscale", [{ + "type": "string", + "description": "Job ID for a previously executed async query", + "name": "job_id", + "in": "query", + "required": 1 + }, { + "enum": ["json", "csv"], + "type": "string", + "description": "Result Format", + "name": "result_format", + "in": "query" + }]], + ["ListViewV1", "GET", "/loggingapi/entities/views/v1", "List views", "foundry_logscale", []] +]; \ No newline at end of file diff --git a/src/_endpoints/host_group.ts b/src/_endpoints/host_group.ts new file mode 100644 index 00000000..58a3c0db --- /dev/null +++ b/src/_endpoints/host_group.ts @@ -0,0 +1,290 @@ +export var _host_group_endpoints: Array = [ + [ + "queryCombinedGroupMembers", + "GET", + "/devices/combined/host-group-members/v1", + "Search for members of a Host Group in your environment by providing an FQL filter " + + "and paging details. Returns a set of host details which match the filter criteria", + "host_group", + [ + { + "type": "string", + "description": "The ID of the Host Group to search for members of", + "name": "id", + "in": "query" + }, + { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, + { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, + { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, + { + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + } + ] + ], + [ + "queryCombinedHostGroups", + "GET", + "/devices/combined/host-groups/v1", + "Search for Host Groups in your environment by providing an FQL filter and paging details. " + + "Returns a set of Host Groups which match the filter criteria", + "host_group", + [ + { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, + { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, + { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, + { + "enum": [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "group_type.asc", + "group_type.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc" + ], + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + } + ] + ], + [ + "performGroupAction", + "POST", + "/devices/entities/host-group-actions/v1", + "Perform the specified action on the Host Groups specified in the request", + "host_group", + [ + { + "enum": [ + "add-hosts", + "remove-hosts" + ], + "type": "string", + "description": "The action to perform", + "name": "action_name", + "in": "query", + "required": 1 + }, + { + "type": "boolean", + "default": 0, + "description": "Bool to disable hostname check on add-member", + "name": "disable_hostname_check", + "in": "query" + }, + { + "name": "body", + "in": "body", + "required": 1 + } + ] + ], + [ + "getHostGroups", + "GET", + "/devices/entities/host-groups/v1", + "Retrieve a set of Host Groups by specifying their IDs", + "host_group", + [ + { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the Host Groups to return", + "name": "ids", + "in": "query", + "required": 1 + } + ] + ], + [ + "createHostGroups", + "POST", + "/devices/entities/host-groups/v1", + "Create Host Groups by specifying details about the group to create", + "host_group", + [ + { + "name": "body", + "in": "body", + "required": 1 + } + ] + ], + [ + "updateHostGroups", + "PATCH", + "/devices/entities/host-groups/v1", + "Update Host Groups by specifying the ID of the group and details to update", + "host_group", + [ + { + "name": "body", + "in": "body", + "required": 1 + } + ] + ], + [ + "deleteHostGroups", + "DELETE", + "/devices/entities/host-groups/v1", + "Delete a set of Host Groups by specifying their IDs", + "host_group", + [ + { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the Host Groups to delete", + "name": "ids", + "in": "query", + "required": 1 + } + ] + ], + [ + "queryGroupMembers", + "GET", + "/devices/queries/host-group-members/v1", + "Search for members of a Host Group in your environment by providing an FQL filter and paging details. " + + "Returns a set of Agent IDs which match the filter criteria", + "host_group", + [ + { + "type": "string", + "description": "The ID of the Host Group to search for members of", + "name": "id", + "in": "query" + }, + { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, + { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, + { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, + { + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + } + ] + ], + [ + "queryHostGroups", + "GET", + "/devices/queries/host-groups/v1", + "Search for Host Groups in your environment by providing an FQL filter and paging details. " + + "Returns a set of Host Group IDs which match the filter criteria", + "host_group", + [ + { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, + { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, + { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, + { + "enum": [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "group_type.asc", + "group_type.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc" + ], + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + } + ] + ] + ] \ No newline at end of file diff --git a/src/_endpoints/hosts.ts b/src/_endpoints/hosts.ts new file mode 100644 index 00000000..756953b5 --- /dev/null +++ b/src/_endpoints/hosts.ts @@ -0,0 +1,317 @@ +/** + * contains all method definitions for API: hosts + * consumed and interpreted by Falcon.command(...) + */ +export var _hosts_endpoints: Array = [ + [ + "QueryDeviceLoginHistory", + "POST", + "/devices/combined/devices/login-history/v1", + "Retrieve details about recent login sessions for a set of devices.", + "hosts", + [ + { + "name": "body", + "in": "body", + "required": 1 + } + ] + ], + [ + "QueryGetNetworkAddressHistoryV1", + "POST", + "/devices/combined/devices/network-address-history/v1", + "Retrieve history of IP and MAC addresses of devices.", + "hosts", + [ + { + "name": "body", + "in": "body", + "required": 1 + } + ] + ], + [ + "PerformActionV2", + "POST", + "/devices/entities/devices-actions/v2", + "Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host.", + "hosts", + [ + { + "type": "string", + "description": `pecify one of these actions:\n\n- "contain" - + This action contains the host, which stops any network communications to + locations other than the CrowdStrike cloud and IPs specified in your [containment policy] + (https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#containmentpolicy) + \n- "lift_containment": This action lifts containment on the host, which returns its network + communications to normal\n- "hide_host": This action will delete a host. After the host is deleted, + no new detections for that host will be reported via UI or APIs\n- "unhide_host": + This action will restore a host. Detection reporting will resume after the host is restored`, + "name": "action_name", + "in": "query", + "required": 1 + }, + { + "description": "The host agent ID (AID) of the host you want to contain. " + + "Get an agent ID from a detection, the Falcon console, or the Streaming API.\n\n" + + "Provide the ID in JSON format with the key `ids` and the value in square brackets, " + + "such as: \n\n`\"ids\": [\"123456789\"]`", + "name": "body", + "in": "body", + "required": 1 + } + ] + ], + [ + "UpdateDeviceTags", + "PATCH", + "/devices/entities/devices/tags/v1", + "Append or remove one or more Falcon Grouping Tags on one or more hosts.", + "hosts", + [ + { + "name": "body", + "in": "body", + "required": 1 + } + ] + ], + [ + "GetDeviceDetails", + "POST", + "/devices/entities/devices/v2", + "Get details on one or more hosts by providing host IDs in a POST body. Supports up to a maximum 5000 IDs.", + "hosts", + [ + { + "name": "body", + "in": "body", + "required": 1 + } + ] + ], + [ + "GetDeviceDetailsV1", + "GET", + "/devices/entities/devices/v1", + "Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs " + + "(AIDs) from the /devices/queries/devices/v1 endpoint, the Falcon console or the Streaming API", + "hosts", + [ + { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The host agentIDs used to get details on", + "name": "ids", + "in": "query", + "required": 1 + } + ] + ], + [ + "GetDeviceDetailsV2", + "GET", + "/devices/entities/devices/v2", + "Get details on one or more hosts by providing host IDs as a query parameter. Supports up to a maximum 100 IDs.", + "hosts", + [ + { + "maxItems": 100, + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The host agentIDs used to get details on", + "name": "ids", + "in": "query", + "required": 1 + } + ] + ], + [ + "PostDeviceDetailsV2", + "POST", + "/devices/entities/devices/v2", + "Get details on one or more hosts by providing host IDs in a POST body. Supports up to a maximum 5000 IDs.", + "hosts", + [ + { + "name": "body", + "in": "body", + "required": 1 + } + ] + ], + [ + "entities_perform_action", + "POST", + "/devices/entities/group-actions/v1", + "Performs the specified action on the provided prevention policy IDs.", + "hosts", + [ + { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The group ids to act on", + "name": "ids", + "in": "query", + "required": 1 + }, + { + "enum": [ + "add_group_member", + "remove_all", + "remove_group_member" + ], + "type": "string", + "description": "The action to perform.", + "name": "action_name", + "in": "query", + "required": 1 + }, + { + "type": "boolean", + "default": 0, + "description": "Bool to disable hostname check on add-member", + "name": "disable_hostname_check", + "in": "query" + }, + { + "name": "body", + "in": "body", + "required": 1 + } + ] + ], + [ + "GetOnlineState_V1", + "GET", + "/devices/entities/online-state/v1", + "Get the online status for one or more hosts by specifying each host’s unique ID. " + + "Successful requests return an HTTP 200 response and the status for each host identified " + + "by a `state` of `online`, `offline`, or `unknown` for each host, identified by host `id`." + + "\n\nMake a `GET` request to `/devices/queries/devices/v1` to get a list of host IDs.", + "hosts", + [ + { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The unique ID of the host to get the online status of.", + "name": "ids", + "in": "query", + "required": 1 + } + ] + ], + [ + "QueryHiddenDevices", + "GET", + "/devices/queries/devices-hidden/v1", + "Retrieve hidden hosts that match the provided filter criteria.", + "hosts", + [ + { + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, + { + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, + { + "type": "string", + "description": "The property to sort by (e.g. status.desc or hostname.asc)", + "name": "sort", + "in": "query" + }, + { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + } + ] + ], + [ + "QueryDevicesByFilterScroll", + "GET", + "/devices/queries/devices-scroll/v1", + "Search for hosts in your environment by platform, hostname, IP, and other criteria with " + + "continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit)", + "hosts", + [ + { + "type": "string", + "description": "The offset to page from, for the next result set", + "name": "offset", + "in": "query" + }, + { + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, + { + "type": "string", + "description": "The property to sort by (e.g. status.desc or hostname.asc)", + "name": "sort", + "in": "query" + }, + { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + } + ] + ], + [ + "QueryDevicesByFilter", + "GET", + "/devices/queries/devices/v1", + "Search for hosts in your environment by platform, hostname, IP, and other criteria.", + "hosts", + [ + { + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, + { + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, + { + "type": "string", + "description": "The property to sort by (e.g. status.desc or hostname.asc)", + "name": "sort", + "in": "query" + }, + { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + } + ] + ] +] \ No newline at end of file diff --git a/src/_endpoints/identity_protection.ts b/src/_endpoints/identity_protection.ts new file mode 100644 index 00000000..b832a752 --- /dev/null +++ b/src/_endpoints/identity_protection.ts @@ -0,0 +1,44 @@ +/** + * contains all method definitions for API: identity protection + * consumed and interpreted by Falcon.command(...) + */ +export var _identity_protection_endpoints: Array = [ + ["api_preempt_proxy_post_graphql", "POST", "/identity-protection/combined/graphql/v1", "Identity Protection GraphQL API. Allows to retrieve entities, timeline activities, identity-based incidents and security assessment. Allows to perform actions on entities and identity-based incidents.", "identity_protection", [{ + "type": "string", + "description": "Authorization Header", + "name": "Authorization", + "in": "header", + "required": 1 + }]], + ["GetSensorAggregates", "POST", "/identity-protection/aggregates/devices/GET/v1", "Get sensor aggregates as specified via json in request body.", "identity_entities", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetSensorDetails", "POST", "/identity-protection/entities/devices/GET/v1", "Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs.", "identity_entities", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["QuerySensorsByFilter", "GET", "/identity-protection/queries/devices/v1", "Search for sensors in your environment by hostname, IP, and other criteria.", "identity_entities", [{ + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum records to return. [1-200]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by (e.g. status.desc or hostname.asc)", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/incidents.ts b/src/_endpoints/incidents.ts new file mode 100644 index 00000000..9462abfb --- /dev/null +++ b/src/_endpoints/incidents.ts @@ -0,0 +1,96 @@ +export var _incidents_endpoints: Array = [ + ["CrowdScore", "GET", "/incidents/combined/crowdscores/v1", "Query environment wide CrowdScore and return the entity data", "incidents", [{ + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "integer", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum records to return. [1-2500]", + "name": "limit", + "in": "query" + }, { + "enum": '["adjusted_score.asc", "adjusted_score.desc", "score.asc", "score.desc", "timestamp.asc", "timestamp.desc"]', + "type": "string", + "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", + "name": "sort", + "in": "query" + }]], + ["GetBehaviors", "POST", "/incidents/entities/behaviors/GET/v1", "Get details on behaviors by providing behavior IDs", "incidents", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["PerformIncidentAction", "POST", "/incidents/entities/incident-actions/v1", "Perform a set of actions on one or more incidents, such as adding tags or comments or updating the incident name or description", "incidents", [{ + "type": "boolean", + "default": 0, + "description": "If true, update assigned-to-uuid and or status of detections associated with the incident(s). Defaults to false", + "name": "update_detects", + "in": "query" + }, { + "type": "boolean", + "default": 0, + "description": "If true and update-detects is true, the assigned-to-uuid or status for ALL detections associated with the incident(s) will be overwritten. If false, only detects that have default values for assigned-to-uuid and/or status will be updated. Defaults to false. Ignored if 'update-detects' is missing or false.", + "name": "overwrite_detects", + "in": "query" + }, { + "description": "Incident Update request body containing minimum 1 and maximum 5000 Incident ID(s) and action param(s) to be performed action against.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetIncidents", "POST", "/incidents/entities/incidents/GET/v1", "Get details on incidents by providing incident IDs", "incidents", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["QueryBehaviors", "GET", "/incidents/queries/behaviors/v1", "Search for behaviors by providing an FQL filter, sorting, and paging details", "incidents", [{ + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "integer", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "enum": '["alert_ids.asc", "alert_ids.desc", "cmdline.asc", "cmdline.desc", "detection_ids.asc", "detection_ids.desc", "display_name.asc", "display_name.desc", "domain.asc", "domain.desc", "filepath.asc", "filepath.desc", "timestamp.asc", "timestamp.desc"]', + "type": "string", + "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", + "name": "sort", + "in": "query" + }]], + ["QueryIncidents", "GET", "/incidents/queries/incidents/v1", "Search for incidents by providing an FQL filter, sorting, and paging details", "incidents", [{ + "enum": '["assigned_to.asc", "assigned_to.desc", "assigned_to_name.asc", "assigned_to_name.desc", "end.asc", "end.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "sort_score.asc", "sort_score.desc", "start.asc", "start.desc", "state.asc", "state.desc", "status.asc", "status.desc"]', + "type": "string", + "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "integer", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/installation_tokens.ts b/src/_endpoints/installation_tokens.ts new file mode 100644 index 00000000..8b2eb00b --- /dev/null +++ b/src/_endpoints/installation_tokens.ts @@ -0,0 +1,105 @@ +/** + * contains all method definitions for API: installation tokens + * consumed and interpreted by Falcon.command(...) + */ +export var _installation_tokens_endpoints: Array = [ + ["audit_events_read", "GET", "/installation-tokens/entities/audit-events/v1", "Gets the details of one or more audit events by id.", "installation_tokens", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "IDs of audit events to retrieve details for", + "name": "ids", + "in": "query" + }]], + ["customer_settings_read", "GET", "/installation-tokens/entities/customer-settings/v1", "Check current installation token settings.", "installation_tokens", []], + ["tokens_read", "GET", "/installation-tokens/entities/tokens/v1", "Gets the details of one or more tokens by id.", "installation_tokens", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "IDs of tokens to retrieve details for", + "name": "ids", + "in": "query" + }]], + ["tokens_create", "POST", "/installation-tokens/entities/tokens/v1", "Creates a token.", "installation_tokens", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["tokens_update", "PATCH", "/installation-tokens/entities/tokens/v1", "Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.", "installation_tokens", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "The token ids to update.", + "name": "ids", + "in": "query", + "required": 1 + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["tokens_delete", "DELETE", "/installation-tokens/entities/tokens/v1", "Deletes a token immediately. To revoke a token, use PATCH /installation-tokens/entities/tokens/v1 instead.", "installation_tokens", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "The token ids to delete.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["audit_events_query", "GET", "/installation-tokens/queries/audit-events/v1", "Search for audit events by providing an FQL filter and paging details.", "installation_tokens", [{ + "type": "integer", + "description": "The offset to start retrieving records from.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum records to return. [1-1000]. Defaults to 50.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by (e.g. timestamp.desc).", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results (e.g., `action:'token_create'`).", + "name": "filter", + "in": "query" + }]], + ["tokens_query", "GET", "/installation-tokens/queries/tokens/v1", "Search for tokens by providing an FQL filter and paging details.", "installation_tokens", [{ + "type": "integer", + "description": "The offset to start retrieving records from.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum records to return. [1-1000]. Defaults to 50.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by (e.g. created_timestamp.desc).", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results (e.g., `status:'valid'`).", + "name": "filter", + "in": "query" + }]], + ["customer_settings_update", "PATCH", "/installation-tokens/entities/customer-settings/v1", "Update installation token settings.", "installation_tokens_settings", [{ + "name": "body", + "in": "body", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/intel.ts b/src/_endpoints/intel.ts new file mode 100644 index 00000000..06dc9e00 --- /dev/null +++ b/src/_endpoints/intel.ts @@ -0,0 +1,439 @@ +/** + * contains all method definitions for API: intel + * consumed and interpreted by Falcon.command(...) + */ +export var _intel_endpoints: Array = [ + ["QueryIntelActorEntities", "GET", "/intel/combined/actors/v1", "Get info about actors that match provided FQL filters.", "intel", [{ + "type": "integer", + "description": "Set the starting row number to return actors from. Defaults to 0.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Set the number of actors to return. The value must be between 1 and 5000.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Order fields in ascending or descending order.\n\nEx: created_date|asc.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\nactors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Perform a generic substring search across all fields.", + "name": "q", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:\n\n\\_\\_\\\\_\\_.\n\nEx: slug \\_\\_full\\_\\_.\n\nDefaults to \\_\\_basic\\_\\_.", + "name": "fields", + "in": "query" + }]], + ["QueryIntelIndicatorEntities", "GET", "/intel/combined/indicators/v1", "Get info about indicators that match provided FQL filters.", "intel", [{ + "type": "integer", + "description": "Set the starting row number to return indicators from. Defaults to 0.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Set the number of indicators to return. The number must be between 1 and 50000", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Order fields in ascending or descending order.\n\nEx: published_date|asc.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\n_marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Perform a generic substring search across all fields.", + "name": "q", + "in": "query" + }, { + "type": "boolean", + "description": "If true, include both published and deleted indicators in the response. Defaults to false.", + "name": "include_deleted", + "in": "query" + }, { + "type": "boolean", + "description": "If true, include related indicators in the response. Defaults to true.", + "name": "include_relations", + "in": "query" + }]], + ["QueryIntelReportEntities", "GET", "/intel/combined/reports/v1", "Get info about reports that match provided FQL filters.", "intel", [{ + "type": "integer", + "description": "Set the starting row number to return reports from. Defaults to 0.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Set the number of reports to return. The value must be between 1 and 5000.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Order fields in ascending or descending order. Ex: created_date|asc.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\nactors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Perform a generic substring search across all fields.", + "name": "q", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:\n\n\\_\\_\\\\_\\_.\n\nEx: slug \\_\\_full\\_\\_.\n\nDefaults to \\_\\_basic\\_\\_.", + "name": "fields", + "in": "query" + }]], + ["GetIntelActorEntities", "GET", "/intel/entities/actors/v1", "Retrieve specific actors using their actor IDs.", "intel", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the actors you want to retrieve.", + "name": "ids", + "in": "query", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:\n\n\\_\\_\\\\_\\_.\n\nEx: slug \\_\\_full\\_\\_.\n\nDefaults to \\_\\_basic\\_\\_.", + "name": "fields", + "in": "query" + }]], + ["GetIntelIndicatorEntities", "POST", "/intel/entities/indicators/GET/v1", "Retrieve specific indicators using their indicator IDs.", "intel", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetMitreReport", "GET", "/intel/entities/mitre-reports/v1", "Export Mitre ATT&CK information for a given actor.", "intel", [{ + "type": "string", + "description": "Actor ID(derived from the actor's name)", + "name": "actor_id", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Supported report formats: CSV or JSON", + "name": "format", + "in": "query", + "required": 1 + }]], + ["PostMitreAttacks", "POST", "/intel/entities/mitre/v1", "Retrieves report and observable IDs associated with the given actor and attacks", "intel", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetIntelReportPDF", "GET", "/intel/entities/report-files/v1", "Return a Report PDF attachment", "intel", [{ + "type": "string", + "description": "The ID of the report you want to download as a PDF.", + "name": "id", + "in": "query" + }, { + "type": "string", + "description": "The ID of the report you want to download as a PDF. This parameter is used only if no id parameter given.", + "name": "ids", + "in": "query" + }]], + ["GetIntelReportEntities", "GET", "/intel/entities/reports/v1", "Retrieve specific reports using their report IDs.", "intel", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the reports you want to retrieve.", + "name": "ids", + "in": "query", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:\n\n\\_\\_\\\\_\\_.\n\nEx: slug \\_\\_full\\_\\_.\n\nDefaults to \\_\\_basic\\_\\_.", + "name": "fields", + "in": "query" + }]], + ["GetIntelRuleFile", "GET", "/intel/entities/rules-files/v1", "Download earlier rule sets.", "intel", [{ + "type": "string", + "description": "Choose the format you want the rule set in.", + "name": "Accept", + "in": "header" + }, { + "type": "integer", + "description": "The ID of the rule set.", + "name": "id", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip.", + "name": "format", + "in": "query" + }]], + ["GetLatestIntelRuleFile", "GET", "/intel/entities/rules-latest-files/v1", "Download the latest rule set.", "intel", [{ + "type": "string", + "description": "Choose the format you want the rule set in.", + "name": "Accept", + "in": "header" + }, { + "type": "string", + "description": "Download the latest rule set only if it doesn't have an ETag matching the given ones.", + "name": "If-None-Match", + "in": "header" + }, { + "type": "string", + "description": "Download the latest rule set only if the rule was modified after this date. http, ANSIC and RFC850 formats accepted", + "name": "If-Modified-Since", + "in": "header" + }, { + "type": "string", + "description": "The rule news report type. Accepted values:\n\nsnort-suricata-master\n\nsnort-suricata-update\n\nsnort-suricata-changelog\n\nyara-master\n\nyara-update\n\nyara-changelog\n\ncommon-event-format\n\nnetwitness", + "name": "type", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip.", + "name": "format", + "in": "query" + }]], + ["GetIntelRuleEntities", "GET", "/intel/entities/rules/v1", "Retrieve details for rule sets for the specified ids.", "intel", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The ids of rules to return.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetVulnerabilities", "POST", "/intel/entities/vulnerabilities/GET/v1", "Get vulnerabilities", "intel", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["QueryIntelActorIds", "GET", "/intel/queries/actors/v1", "Get actor IDs that match provided FQL filters.", "intel", [{ + "type": "integer", + "description": "Set the starting row number to return actors IDs from. Defaults to 0.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Set the number of actor IDs to return. The value must be between 1 and 5000.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Order fields in ascending or descending order.\n\nEx: created_date|asc.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\nactors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Perform a generic substring search across all fields.", + "name": "q", + "in": "query" + }]], + ["QueryIntelIndicatorIds", "GET", "/intel/queries/indicators/v1", "Get indicators IDs that match provided FQL filters.", "intel", [{ + "type": "integer", + "description": "Set the starting row number to return indicator IDs from. Defaults to 0.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Set the number of indicator IDs to return. The number must be between 1 and 50000", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Order fields in ascending or descending order.\n\nEx: published_date|asc.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\n_marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Perform a generic substring search across all fields.", + "name": "q", + "in": "query" + }, { + "type": "boolean", + "description": "If true, include both published and deleted indicators in the response. Defaults to false.", + "name": "include_deleted", + "in": "query" + }, { + "type": "boolean", + "description": "If true, include related indicators in the response. Defaults to true.", + "name": "include_relations", + "in": "query" + }]], + ["QueryMitreAttacks", "GET", "/intel/queries/mitre/v1", "Gets MITRE tactics and techniques for the given actor", "intel", [{ + "type": "string", + "description": "The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed", + "name": "id", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed", + "name": "ids", + "in": "query" + }]], + ["QueryIntelReportIds", "GET", "/intel/queries/reports/v1", "Get report IDs that match provided FQL filters.", "intel", [{ + "type": "integer", + "description": "Set the starting row number to return report IDs from. Defaults to 0.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Set the number of report IDs to return. The value must be between 1 and 5000.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Order fields in ascending or descending order.\n\nEx: created_date|asc.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\nactors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, arget_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Perform a generic substring search across all fields.", + "name": "q", + "in": "query" + }]], + ["QueryIntelRuleIds", "GET", "/intel/queries/rules/v1", "Search for rule IDs that match provided filter criteria.", "intel", [{ + "type": "integer", + "description": "Set the starting row number to return reports from. Defaults to 0.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The number of rule IDs to return. Defaults to 10.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Order fields in ascending or descending order.\n\nEx: created_date|asc.", + "name": "sort", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Search by rule title.", + "name": "name", + "in": "query" + }, { + "type": "string", + "description": "The rule news report type. Accepted values:\n\nsnort-suricata-master\n\nsnort-suricata-update\n\nsnort-suricata-changelog\n\nyara-master\n\nyara-update\n\nyara-changelog\n\ncommon-event-format\n\nnetwitness", + "name": "type", + "in": "query", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Substring match on description field.", + "name": "description", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Search for rule tags.", + "name": "tags", + "in": "query" + }, { + "type": "integer", + "description": "Filter results to those created on or after a certain date.", + "name": "min_created_date", + "in": "query" + }, { + "type": "string", + "description": "Filter results to those created on or before a certain date.", + "name": "max_created_date", + "in": "query" + }, { + "type": "string", + "description": "Perform a generic substring search across all fields.", + "name": "q", + "in": "query" + }]], + ["QueryVulnerabilities", "GET", "/intel/queries/vulnerabilities/v1", "Get vulnerabilities IDs", "intel", [{ + "type": "string", + "description": "Starting index of result set from which to return IDs.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of IDs to return.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Order by fields.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match phrase_prefix query criteria; included fields: _all (all filter string fields indexed).", + "name": "q", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/ioa_exclusions.ts b/src/_endpoints/ioa_exclusions.ts new file mode 100644 index 00000000..e5262757 --- /dev/null +++ b/src/_endpoints/ioa_exclusions.ts @@ -0,0 +1,65 @@ +/** + * contains all method definitions for API: ioa exclusions + * consumed and interpreted by Falcon.command(...) + */ +export var _ioa_exclusions_endpoints: Array = [ + ["getIOAExclusionsV1", "GET", "/policy/entities/ioa-exclusions/v1", "Get a set of IOA Exclusions by specifying their IDs", "ioa_exclusions", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The ids of the exclusions to retrieve", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["createIOAExclusionsV1", "POST", "/policy/entities/ioa-exclusions/v1", "Create the IOA exclusions", "ioa_exclusions", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["updateIOAExclusionsV1", "PATCH", "/policy/entities/ioa-exclusions/v1", "Update the IOA exclusions", "ioa_exclusions", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteIOAExclusionsV1", "DELETE", "/policy/entities/ioa-exclusions/v1", "Delete the IOA exclusions by id", "ioa_exclusions", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The ids of the exclusions to delete", + "name": "ids", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Explains why this exclusions was deleted", + "name": "comment", + "in": "query" + }]], + ["queryIOAExclusionsV1", "GET", "/policy/queries/ioa-exclusions/v1", "Search for IOA exclusions.", "ioa_exclusions", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results.", + "name": "filter", + "in": "query" + }, { + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "enum": ["applied_globally.asc", "applied_globally.desc", "created_by.asc", "created_by.desc", "created_on.asc", "created_on.desc", "last_modified.asc", "last_modified.desc", "modified_by.asc", "modified_by.desc", "name.asc", "name.desc", "pattern_id.asc", "pattern_id.desc", "pattern_name.asc", "pattern_name.desc"], + "type": "string", + "description": "The sort expression that should be used to sort the results.", + "name": "sort", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/ioc.ts b/src/_endpoints/ioc.ts new file mode 100644 index 00000000..b1822511 --- /dev/null +++ b/src/_endpoints/ioc.ts @@ -0,0 +1,212 @@ +/** + * contains all method definitions for API: ioc + * consumed and interpreted by Falcon.command(...) + */ +export var _ioc_endpoints: Array = [ + ["indicator_aggregate_v1", "POST", "/iocs/aggregates/indicators/v1", "Get Indicators aggregates as specified via json in the request body.", "ioc", [{ + "type": "string", + "description": "The filter to narrow down the aggregation data", + "name": "filter", + "in": "query" + }, { + "type": "boolean", + "description": "The filter for returning either only indicators for the request customer or its MSSP parents", + "name": "from_parent", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["indicator_combined_v1", "GET", "/iocs/combined/indicator/v1", "Get Combined for Indicators.", "ioc", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results.", + "name": "filter", + "in": "query" + }, { + "type": "integer", + "description": "The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum records to return.", + "name": "limit", + "in": "query" + }, { + "enum": ["action", "applied_globally", "metadata.av_hits", "metadata.company_name.raw", "created_by", "created_on", "expiration", "expired", "metadata.filename.raw", "modified_by", "modified_on", "metadata.original_filename.raw", "metadata.product_name.raw", "metadata.product_version", "severity_number", "source", "type", "value"], + "type": "string", + "description": "The sort expression that should be used to sort the results.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an 'after' token. On subsequent requests, provide the 'after' token from the previous response to continue from that place in the results. To access more than 10k indicators, use the 'after' parameter instead of 'offset'.", + "name": "after", + "in": "query" + }, { + "type": "boolean", + "description": "The filter for returning either only indicators for the request customer or its MSSP parents", + "name": "from_parent", + "in": "query" + }]], + ["action_get_v1", "GET", "/iocs/entities/actions/v1", "Get Actions by ids.", "ioc", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The ids of the Actions to retrieve", + "name": "ids", + "in": "query" + }]], + ["GetIndicatorsReport", "POST", "/iocs/entities/indicators-reports/v1", "Launch an indicators report creation job", "ioc", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["indicator_get_v1", "GET", "/iocs/entities/indicators/v1", "Get Indicators by ids.", "ioc", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The ids of the Indicators to retrieve", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["indicator_create_v1", "POST", "/iocs/entities/indicators/v1", "Create Indicators.", "ioc", [{ + "type": "boolean", + "description": "Whether to submit to retrodetects", + "name": "retrodetects", + "in": "query" + }, { + "type": "boolean", + "default": 0, + "description": "Set to true to ignore warnings and add all IOCs", + "name": "ignore_warnings", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["indicator_update_v1", "PATCH", "/iocs/entities/indicators/v1", "Update Indicators.", "ioc", [{ + "type": "boolean", + "description": "Whether to submit to retrodetects", + "name": "retrodetects", + "in": "query" + }, { + "type": "boolean", + "default": 0, + "description": "Set to true to ignore warnings and add all IOCs", + "name": "ignore_warnings", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["indicator_delete_v1", "DELETE", "/iocs/entities/indicators/v1", "Delete Indicators by ids.", "ioc", [{ + "type": "string", + "description": "The FQL expression to delete Indicators in bulk. If both 'filter' and 'ids' are provided, then filter takes precedence and ignores ids.", + "name": "filter", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The ids of the Indicators to delete. If both 'filter' and 'ids' are provided, then filter takes precedence and ignores ids", + "name": "ids", + "in": "query" + }, { + "type": "string", + "description": "The comment why these indicators were deleted", + "name": "comment", + "in": "query" + }, { + "type": "boolean", + "description": "The filter for returning either only indicators for the request customer or its MSSP parents", + "name": "from_parent", + "in": "query" + }]], + ["action_query_v1", "GET", "/iocs/queries/actions/v1", "Query Actions.", "ioc", [{ + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }]], + ["indicator_search_v1", "GET", "/iocs/queries/indicators/v1", "Search for Indicators.", "ioc", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results.", + "name": "filter", + "in": "query" + }, { + "type": "integer", + "description": "The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum records to return.", + "name": "limit", + "in": "query" + }, { + "enum": ["action", "applied_globally", "metadata.av_hits", "metadata.company_name.raw", "created_by", "created_on", "expiration", "expired", "metadata.filename.raw", "modified_by", "modified_on", "metadata.original_filename.raw", "metadata.product_name.raw", "metadata.product_version", "severity_number", "source", "type", "value"], + "type": "string", + "description": "The sort expression that should be used to sort the results.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an 'after' token. On subsequent requests, provide the 'after' token from the previous response to continue from that place in the results. To access more than 10k indicators, use the 'after' parameter instead of 'offset'.", + "name": "after", + "in": "query" + }, { + "type": "boolean", + "description": "The filter for returning either only indicators for the request customer or its MSSP parents", + "name": "from_parent", + "in": "query" + }]], + ["ioc_type_query_v1", "GET", "/iocs/queries/ioc-types/v1", "Query IOC Types.", "ioc", [{ + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }]], + ["platform_query_v1", "GET", "/iocs/queries/platforms/v1", "Query Platforms.", "ioc", [{ + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }]], + ["severity_query_v1", "GET", "/iocs/queries/severities/v1", "Query Severities.", "ioc", [{ + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/iocs.ts b/src/_endpoints/iocs.ts new file mode 100644 index 00000000..e7277803 --- /dev/null +++ b/src/_endpoints/iocs.ts @@ -0,0 +1,182 @@ +/** + * contains all method definitions for API: iocs + * consumed and interpreted by Falcon.command(...) + */ +export var _iocs_endpoints: Array = [ + ["DevicesCount", "GET", "/indicators/aggregates/devices-count/v1", "Number of hosts in your customer account that have observed a given custom IOC", "iocs", [{ + "type": "string", + "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + "name": "type", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The string representation of the indicator", + "name": "value", + "in": "query", + "required": 1 + }]], + ["GetIOC", "GET", "/indicators/entities/iocs/v1", "Get an IOC by providing a type and value. *** Deprecated - Use the new IOC Management endpoint (GET /iocs/entities/indicators/v1). ***", "iocs", [{ + "type": "string", + "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + "name": "type", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The string representation of the indicator", + "name": "value", + "in": "query", + "required": 1 + }]], + ["CreateIOC", "POST", "/indicators/entities/iocs/v1", "Create a new IOC. *** Deprecated - Use the new IOC Management endpoint (POST /iocs/entities/indicators/v1). ***", "iocs", [{ + "description": "Create a new IOC by providing a JSON object that includes these key/value pairs:\n\n**type** (required): The type of the indicator. Valid values:\n\n- sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\n- md5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\n- domain: A domain name. Length - min: 1, max: 200.\n\n- ipv4: An IPv4 address. Must be a valid IP address.\n\n- ipv6: An IPv6 address. Must be a valid IP address.\n\n**value** (required): The string representation of the indicator.\n\n**policy** (required): Action to take when a host observes the custom IOC. Values:\n\n- detect: Enable detections for this custom IOC\n\n- none: Disable detections for this custom IOC\n\n**share_level** (optional): Visibility of this custom IOC. All custom IOCs are visible only within your customer account, so only one value is valid:\n\n- red\n\n**expiration_days** (optional): Number of days this custom IOC is active. Only applies for the types `domain`, `ipv4`, and `ipv6`.\n\n**source** (optional): The source where this indicator originated. This can be used for tracking where this indicator was defined. Limit 200 characters.\n\n**description** (optional): Descriptive label for this custom IOC", + "name": "body", + "in": "body", + "required": 1 + }]], + ["UpdateIOC", "PATCH", "/indicators/entities/iocs/v1", "Update an IOC by providing a type and value. *** Deprecated - Use the new IOC Management endpoint (PATCH /iocs/entities/indicators/v1). ***", "iocs", [{ + "name": "body", + "in": "body", + "required": 1 + }, { + "type": "string", + "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + "name": "type", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The string representation of the indicator", + "name": "value", + "in": "query", + "required": 1 + }]], + ["DeleteIOC", "DELETE", "/indicators/entities/iocs/v1", "Delete an IOC by providing a type and value. *** Deprecated - Use the new IOC Management endpoint (DELETE /iocs/entities/indicators/v1). ***", "iocs", [{ + "type": "string", + "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + "name": "type", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The string representation of the indicator", + "name": "value", + "in": "query", + "required": 1 + }]], + ["DevicesRanOn", "GET", "/indicators/queries/devices/v1", "Find hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v1", "iocs", [{ + "type": "string", + "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + "name": "type", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The string representation of the indicator", + "name": "value", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The first process to return, where 0 is the latest offset. Use with the offset parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.", + "name": "offset", + "in": "query" + }]], + ["QueryIOCs", "GET", "/indicators/queries/iocs/v1", "Search the custom IOCs in your customer account. *** Deprecated - Use the new IOC Management endpoint (GET /iocs/queries/indicators/v1). ***", "iocs", [{ + "type": "string", + "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + "name": "types", + "in": "query" + }, { + "type": "string", + "description": "The string representation of the indicator", + "name": "values", + "in": "query" + }, { + "type": "string", + "description": "Find custom IOCs created after this time (RFC-3339 timestamp)", + "name": "from.expiration_timestamp", + "in": "query" + }, { + "type": "string", + "description": "Find custom IOCs created before this time (RFC-3339 timestamp)", + "name": "to.expiration_timestamp", + "in": "query" + }, { + "type": "string", + "description": "\\ndetect: Find custom IOCs that produce notifications\\n\\nnone: Find custom IOCs the particular indicator has been detected on a host. This is equivalent to turning the indicator off.\n", + "name": "policies", + "in": "query" + }, { + "type": "string", + "description": "The source where this indicator originated. This can be used for tracking where this indicator was defined. Limit 200 characters.", + "name": "sources", + "in": "query" + }, { + "type": "string", + "description": "The level at which the indicator will be shared. Currently only red share level (not shared) is supported, indicating that the IOC isn't shared with other FH customers.", + "name": "share_levels", + "in": "query" + }, { + "type": "string", + "description": "created_by", + "name": "created_by", + "in": "query" + }, { + "type": "string", + "description": "The user or API client who deleted the custom IOC", + "name": "deleted_by", + "in": "query" + }, { + "type": "string", + "description": "\ntrue: Include deleted IOCs\n\nfalse: Don't include deleted IOCs (default)\n", + "name": "include_deleted", + "in": "query" + }]], + ["ProcessesRanOn", "GET", "/indicators/queries/processes/v1", "Search for processes associated with a custom IOC", "iocs", [{ + "type": "string", + "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + "name": "type", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The string representation of the indicator", + "name": "value", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Specify a host's ID to return only processes from that host. Get a host's ID from GET /devices/queries/devices/v1, the Falcon console, or the Streaming API.", + "name": "device_id", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "The first process to return, where 0 is the latest offset. Use with the offset parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.", + "name": "offset", + "in": "query" + }]], + ["entities_processes", "GET", "/processes/entities/processes/v1", "For the provided ProcessID retrieve the process details", "iocs", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "ProcessID for the running process you want to lookup", + "name": "ids", + "in": "query", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/kubernetes_protection.ts b/src/_endpoints/kubernetes_protection.ts new file mode 100644 index 00000000..07839e74 --- /dev/null +++ b/src/_endpoints/kubernetes_protection.ts @@ -0,0 +1,370 @@ +/** + * contains all method definitions for API: kubernetes protection + * consumed and interpreted by Falcon.command(...) + */ +export var _kubernetes_protection_endpoints: Array = [ + ["GetAWSAccountsMixin0", "GET", "/kubernetes-protection/entities/accounts/aws/v1", "Provides a list of AWS accounts.", "kubernetes_protection", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "AWS Account IDs", + "name": "ids", + "in": "query" + }, { + "pattern": "^(true|false)$", + "enum": ["false", "true"], + "type": "string", + "description": "Filter by whether an account originates from Horizon or not", + "name": "is_horizon_acct", + "in": "query" + }, { + "pattern": "^(provisioned|operational)$", + "enum": ["operational", "provisioned"], + "type": "string", + "description": "Filter by account status", + "name": "status", + "in": "query" + }, { + "maximum": 1000, + "minimum": 0, + "type": "integer", + "description": "Limit returned accounts", + "name": "limit", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "Offset returned accounts", + "name": "offset", + "in": "query" + }]], + ["CreateAWSAccount", "POST", "/kubernetes-protection/entities/accounts/aws/v1", "Creates a new AWS account in our system for a customer and generates the installation script", "kubernetes_protection", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["UpdateAWSAccount", "PATCH", "/kubernetes-protection/entities/accounts/aws/v1", "Updates the AWS account per the query parameters provided", "kubernetes_protection", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "AWS Account ID", + "name": "ids", + "in": "query", + "required": 1 + }, { + "pattern": "^[a-z\\d-]+$", + "type": "string", + "description": "Default Region for Account Automation", + "name": "region", + "in": "query" + }]], + ["DeleteAWSAccountsMixin0", "DELETE", "/kubernetes-protection/entities/accounts/aws/v1", "Delete AWS accounts.", "kubernetes_protection", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "AWS Account IDs", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["ListAzureAccounts", "GET", "/kubernetes-protection/entities/accounts/azure/v1", "Provides the azure subscriptions registered to Kubernetes Protection", "kubernetes_protection", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Azure Tenant IDs", + "name": "ids", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Azure Subscription IDs", + "name": "subscription_id", + "in": "query" + }, { + "pattern": "^(provisioned|operational)$", + "enum": ["operational", "provisioned"], + "type": "string", + "description": "Filter by account status", + "name": "status", + "in": "query" + }, { + "pattern": "^(true|false)$", + "enum": ["false", "true"], + "type": "string", + "description": "Filter by whether an account originates from Horizon or not", + "name": "is_horizon_acct", + "in": "query" + }, { + "maximum": 1000, + "minimum": 0, + "type": "integer", + "description": "Limit returned accounts", + "name": "limit", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "Offset returned accounts", + "name": "offset", + "in": "query" + }]], + ["CreateAzureSubscription", "POST", "/kubernetes-protection/entities/accounts/azure/v1", "Creates a new Azure Subscription in our system", "kubernetes_protection", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["DeleteAzureSubscription", "DELETE", "/kubernetes-protection/entities/accounts/azure/v1", "Deletes a new Azure Subscription in our system", "kubernetes_protection", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Azure Subscription IDs", + "name": "ids", + "in": "query" + }]], + ["GetLocations", "GET", "/kubernetes-protection/entities/cloud-locations/v1", "Provides the cloud locations acknowledged by the Kubernetes Protection service", "kubernetes_protection", [{ + "enum": ["aws", "azure", "gcp"], + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Cloud Provider", + "name": "clouds", + "in": "query" + }]], + ["GetCombinedCloudClusters", "GET", "/kubernetes-protection/entities/cloud_cluster/v1", "Returns a combined list of provisioned cloud accounts and known kubernetes clusters", "kubernetes_protection", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Cloud location", + "name": "locations", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Cloud Account IDs", + "name": "ids", + "in": "query" + }, { + "enum": ["aks", "eks"], + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Cluster Service", + "name": "cluster_service", + "in": "query" + }, { + "enum": ["Not Installed", "Running", "Stopped"], + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Cluster Status", + "name": "cluster_status", + "in": "query" + }, { + "maximum": 1000, + "minimum": 0, + "type": "integer", + "description": "Limit returned accounts", + "name": "limit", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "Offset returned accounts", + "name": "offset", + "in": "query" + }]], + ["GetAzureTenantConfig", "GET", "/kubernetes-protection/entities/config/azure/v1", "Gets the Azure tenant Config", "kubernetes_protection", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Azure Tenant IDs", + "name": "ids", + "in": "query" + }, { + "maximum": 1000, + "minimum": 0, + "type": "integer", + "description": "Limit returned accounts", + "name": "limit", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "Offset returned accounts", + "name": "offset", + "in": "query" + }]], + ["GetStaticScripts", "GET", "/kubernetes-protection/entities/gen/scripts/v1", "Gets static bash scripts that are used during registration", "kubernetes_protection", []], + ["GetHelmValuesYaml", "GET", "/kubernetes-protection/entities/integration/agent/v1", "Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart", "kubernetes_protection", [{ + "type": "string", + "description": "Cluster name. For EKS it will be cluster ARN.", + "name": "cluster_name", + "in": "query", + "required": 1 + }, { + "type": "boolean", + "description": "Set to true if the cluster is not managed by a cloud provider, false if it is.", + "name": "is_self_managed_cluster", + "in": "query" + }]], + ["RegenerateAPIKey", "POST", "/kubernetes-protection/entities/integration/api-key/v1", "Regenerate API key for docker registry integrations", "kubernetes_protection", []], + ["GetClusters", "GET", "/kubernetes-protection/entities/kubernetes/clusters/v1", "Provides the clusters acknowledged by the Kubernetes Protection service", "kubernetes_protection", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Cluster name. For EKS it will be cluster ARN.", + "name": "cluster_names", + "in": "query" + }, { + "enum": ["Not Installed", "Running", "Stopped"], + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Cluster Status", + "name": "status", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Cluster Account id. For EKS it will be AWS account ID.", + "name": "account_ids", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Cloud location", + "name": "locations", + "in": "query" + }, { + "enum": ["aks", "eks"], + "type": "string", + "description": "Cluster Service", + "name": "cluster_service", + "in": "query" + }, { + "maximum": 1000, + "minimum": 0, + "type": "integer", + "description": "Limit returned accounts", + "name": "limit", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "Offset returned accounts", + "name": "offset", + "in": "query" + }]], + ["TriggerScan", "POST", "/kubernetes-protection/entities/scan/trigger/v1", "Triggers a dry run or a full scan of a customer's kubernetes footprint", "kubernetes_protection", [{ + "pattern": "^(dry-run|full|cluster-refresh)$", + "enum": ["cluster-refresh", "dry-run", "full"], + "type": "string", + "default": "dry-run", + "description": "Scan Type to do", + "name": "scan_type", + "in": "query", + "required": 1 + }]], + ["PatchAzureServicePrincipal", "PATCH", "/kubernetes-protection/entities/service-principal/azure/v1", "Adds the client ID for the given tenant ID to our system", "kubernetes_protection", [{ + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$", + "type": "string", + "description": "Azure Tenant ID", + "name": "id", + "in": "query", + "required": 1 + }, { + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$", + "type": "string", + "description": "Azure Client ID", + "name": "client_id", + "in": "query", + "required": 1 + }]], + ["GetAzureTenantIDs", "GET", "/kubernetes-protection/entities/tenants/azure/v1", "Provides all the azure subscriptions and tenants", "kubernetes_protection", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Azure Tenant IDs", + "name": "ids", + "in": "query" + }, { + "enum": ["Not Installed", "Running", "Stopped"], + "type": "string", + "description": "Cluster Status", + "name": "status", + "in": "query" + }, { + "maximum": 1000, + "minimum": 0, + "type": "integer", + "description": "Limit returned accounts", + "name": "limit", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "Offset returned accounts", + "name": "offset", + "in": "query" + }]], + ["GetAzureInstallScript", "GET", "/kubernetes-protection/entities/user-script/azure/v1", "Provides the script to run for a given tenant id and subscription IDs", "kubernetes_protection", [{ + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$", + "type": "string", + "description": "Azure Tenant ID", + "name": "id", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Azure Subscription IDs", + "name": "subscription_id", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/malquery.ts b/src/_endpoints/malquery.ts new file mode 100644 index 00000000..1d2f2342 --- /dev/null +++ b/src/_endpoints/malquery.ts @@ -0,0 +1,71 @@ +/** + * contains all method definitions for API: malquery + * consumed and interpreted by Falcon.command(...) + */ +export var _malquery_endpoints: Array = [ + ["GetMalQueryQuotasV1", "GET", "/malquery/aggregates/quotas/v1", "Get information about search and download quotas in your environment", "malquery", []], + ["PostMalQueryFuzzySearchV1", "POST", "/malquery/combined/fuzzy-search/v1", "Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity.", "malquery", [{ + "description": "Fuzzy search parameters. See model for more details.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetMalQueryDownloadV1", "GET", "/malquery/entities/download-files/v1", "Download a file indexed by MalQuery. Specify the file using its SHA256. Only one file is supported at this time", "malquery", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "The file SHA256.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetMalQueryMetadataV1", "GET", "/malquery/entities/metadata/v1", "Retrieve indexed files metadata by their hash", "malquery", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "The file SHA256.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetMalQueryRequestV1", "GET", "/malquery/entities/requests/v1", "Check the status and results of an asynchronous request, such as hunt or exact-search. Supports a single request id at this time.", "malquery", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Identifier of a MalQuery request", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetMalQueryEntitiesSamplesFetchV1", "GET", "/malquery/entities/samples-fetch/v1", "Fetch a zip archive with password 'infected' containing the samples. Call this once the /entities/samples-multidownload request has finished processing", "malquery", [{ + "type": "string", + "description": "Multidownload job id", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["PostMalQueryEntitiesSamplesMultidownloadV1", "POST", "/malquery/entities/samples-multidownload/v1", "Schedule samples for download. Use the result id with the /request endpoint to check if the download is ready after which you can call the /entities/samples-fetch to get the zip", "malquery", [{ + "description": "Download request. See model for more details.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["PostMalQueryExactSearchV1", "POST", "/malquery/queries/exact-search/v1", "Search Falcon MalQuery for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. You can filter results on criteria such as file type, file size and first seen date. Returns a request id which can be used with the /request endpoint", "malquery", [{ + "description": "Exact search parameters. See model for more details.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["PostMalQueryHuntV1", "POST", "/malquery/queries/hunt/v1", "Schedule a YARA-based search for execution. Returns a request id which can be used with the /request endpoint", "malquery", [{ + "description": "Hunt parameters. See model for more details.", + "name": "body", + "in": "body", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/message_center.ts b/src/_endpoints/message_center.ts new file mode 100644 index 00000000..655f70b9 --- /dev/null +++ b/src/_endpoints/message_center.ts @@ -0,0 +1,117 @@ +/** + * contains all method definitions for API: message center + * consumed and interpreted by Falcon.command(...) + */ +export var _message_center_endpoints: Array = [ + ["AggregateCases", "POST", "/message-center/aggregates/cases/GET/v1", "Retrieve aggregate case values based on the matched filter", "message_center", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetCaseActivityByIds", "POST", "/message-center/entities/case-activities/GET/v1", "Retrieve activities for given id's", "message_center", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["CaseAddActivity", "POST", "/message-center/entities/case-activity/v1", "Add an activity to case. Only activities of type comment are allowed via API", "message_center", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["CaseDownloadAttachment", "GET", "/message-center/entities/case-attachment/v1", "retrieves an attachment for the case, given the attachment id", "message_center", [{ + "type": "string", + "description": "attachment ID", + "name": "id", + "in": "query", + "required": 1 + }]], + ["CaseAddAttachment", "POST", "/message-center/entities/case-attachment/v1", "Upload an attachment for the case.", "message_center", [{ + "type": "string", + "description": "Case ID", + "name": "case_id", + "in": "formData", + "required": 1 + }, { + "type": "string", + "description": "User UUID", + "name": "user_uuid", + "in": "formData", + "required": 1 + }, { + "type": "file", + "description": "File Body", + "name": "file", + "in": "formData", + "required": 1 + }]], + ["CreateCase", "POST", "/message-center/entities/case/v1", "create a new case", "message_center", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["UpdateCase", "PATCH", "/message-center/entities/case/v1", "update an existing case", "message_center", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["CreateCaseV2", "POST", "/message-center/entities/case/v2", "create a new case", "message_center", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetCaseEntitiesByIDs", "POST", "/message-center/entities/cases/GET/v1", "Retrieve message center cases", "message_center", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["QueryActivityByCaseID", "GET", "/message-center/queries/case-activities/v1", "Retrieve activities id's for a case", "message_center", [{ + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "enum": ["activity.created_time.asc", "activity.created_time.desc", "activity.type.asc", "activity.type.desc"], + "type": "string", + "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "string", + "description": "Case ID", + "name": "case_id", + "in": "query", + "required": 1 + }]], + ["QueryCasesIdsByFilter", "GET", "/message-center/queries/cases/v1", "Retrieve case id's that match the provided filter criteria", "message_center", [{ + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "enum": ["case.created_time.asc", "case.created_time.desc", "case.id.asc", "case.id.desc", "case.last_modified_time.asc", "case.last_modified_time.desc", "case.status.asc", "case.status.desc", "case.type.asc", "case.type.desc"], + "type": "string", + "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/ml_exclusions.ts b/src/_endpoints/ml_exclusions.ts new file mode 100644 index 00000000..755b3b9c --- /dev/null +++ b/src/_endpoints/ml_exclusions.ts @@ -0,0 +1,65 @@ +/** + * contains all method definitions for API: ml exclusions + * consumed and interpreted by Falcon.command(...) + */ +export var _ml_exclusions_endpoints: Array = [ + ["getMLExclusionsV1", "GET", "/policy/entities/ml-exclusions/v1", "Get a set of ML Exclusions by specifying their IDs", "ml_exclusions", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The ids of the exclusions to retrieve", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["createMLExclusionsV1", "POST", "/policy/entities/ml-exclusions/v1", "Create the ML exclusions", "ml_exclusions", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["updateMLExclusionsV1", "PATCH", "/policy/entities/ml-exclusions/v1", "Update the ML exclusions", "ml_exclusions", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteMLExclusionsV1", "DELETE", "/policy/entities/ml-exclusions/v1", "Delete the ML exclusions by id", "ml_exclusions", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The ids of the exclusions to delete", + "name": "ids", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Explains why this exclusions was deleted", + "name": "comment", + "in": "query" + }]], + ["queryMLExclusionsV1", "GET", "/policy/queries/ml-exclusions/v1", "Search for ML exclusions.", "ml_exclusions", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results.", + "name": "filter", + "in": "query" + }, { + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "enum": ["applied_globally.asc", "applied_globally.desc", "created_by.asc", "created_by.desc", "created_on.asc", "created_on.desc", "last_modified.asc", "last_modified.desc", "modified_by.asc", "modified_by.desc", "value.asc", "value.desc"], + "type": "string", + "description": "The sort expression that should be used to sort the results.", + "name": "sort", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/mobile_enrollment.ts b/src/_endpoints/mobile_enrollment.ts new file mode 100644 index 00000000..eaf38208 --- /dev/null +++ b/src/_endpoints/mobile_enrollment.ts @@ -0,0 +1,23 @@ +/** + * contains all method definitions for API: mobile enrollment + * consumed and interpreted by Falcon.command(...) + */ +export var _mobile_enrollment_endpoints: Array = [ + ["RequestDeviceEnrollmentV3", "POST", "/enrollments/entities/details/v3", "Trigger on-boarding process for a mobile device", "mobile_enrollment", [{ + "enum": ["enroll", "re-enroll"], + "type": "string", + "description": "Action to perform", + "name": "action_name", + "in": "query", + "allowEmptyValue": 1 + }, { + "type": "string", + "description": "FQL filter", + "name": "filter", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/mssp.ts b/src/_endpoints/mssp.ts new file mode 100644 index 00000000..32aa8f27 --- /dev/null +++ b/src/_endpoints/mssp.ts @@ -0,0 +1,421 @@ +/** + * contains all method definitions for API: mssp + * consumed and interpreted by Falcon.command(...) + */ +export var _mssp_endpoints: Array = [ + ["getChildrenV2", "POST", "/mssp/entities/children/GET/v2", "Get link to child customer by child CID(s)", "mssp", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["getChildren", "GET", "/mssp/entities/children/v1", "Get link to child customer by child CID(s)", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "CID of a child customer", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["getCIDGroupMembersByV1", "GET", "/mssp/entities/cid-group-members/v1", "Deprecated: Please use getCIDGroupMembersBy. Get CID group members by CID group ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "CID group IDs to search for", + "name": "cid_group_ids", + "in": "query", + "required": 1 + }]], + ["addCIDGroupMembers", "POST", "/mssp/entities/cid-group-members/v1", "Add new CID group member.", "mssp", [{ + "description": "Both 'cid_group_id' and 'cids' fields are required.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteCIDGroupMembersV1", "DELETE", "/mssp/entities/cid-group-members/v1", "Deprecated: Please use deleteCIDGroupMembersV2.", "mssp", [{ + "description": "Both 'cid_group_id' and 'cids' fields are required.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["getCIDGroupMembersBy", "GET", "/mssp/entities/cid-group-members/v2", "Get CID group members by CID Group ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "CID group IDs search for", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["getCIDGroupMembersByV2", "GET", "/mssp/entities/cid-group-members/v2", "Get CID group members by CID Group ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "CID group IDs search for", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["deleteCIDGroupMembers", "DELETE", "/mssp/entities/cid-group-members/v2", "Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group.", "mssp", [{ + "description": "Both 'cid_group_id' and 'cids' fields are required.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteCIDGroupMembersV2", "DELETE", "/mssp/entities/cid-group-members/v2", "Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group.", "mssp", [{ + "description": "Both 'cid_group_id' and 'cids' fields are required.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["getCIDGroupByIdV1", "GET", "/mssp/entities/cid-groups/v1", "Deprecated: Please use getCIDGroupById. Get CID groups by ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "CID group IDs to be searched on", + "name": "cid_group_ids", + "in": "query", + "required": 1 + }]], + ["createCIDGroups", "POST", "/mssp/entities/cid-groups/v1", "Create new CID groups. Name is a required field but description is an optional field. Maximum 500 CID groups allowed.", "mssp", [{ + "description": "Only 'name' and/or 'description' fields are required. Remaining are assigned by the system.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["updateCIDGroups", "PATCH", "/mssp/entities/cid-groups/v1", "Update existing CID Group(s). CID Group ID is expected for each CID Group definition provided in request body. Name is a required field but description is an optional field. Empty description will override existing value. CID Group member(s) remain unaffected.", "mssp", [{ + "description": "'cid_group_id' field is required to identify the CID group to update along with 'name' and/or 'description' fields to be updated.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteCIDGroups", "DELETE", "/mssp/entities/cid-groups/v1", "Delete CID groups by ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "CID group ids to delete", + "name": "cid_group_ids", + "in": "query", + "required": 1 + }]], + ["getCIDGroupById", "GET", "/mssp/entities/cid-groups/v2", "Get CID Groups by ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "CID group IDs to search for", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["getCIDGroupByIdV2", "GET", "/mssp/entities/cid-groups/v2", "Get CID Groups by ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "CID group IDs to search for", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["getRolesByID", "GET", "/mssp/entities/mssp-roles/v1", "Get link between user group and CID group by ID. Link ID is a string consisting of multiple components, but should be treated as opaque. MSSP Role assignment is of the format :.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Link ID is a string consisting of multiple components, but should be treated as opaque. MSSP Role assignment is of the format :", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["addRole", "POST", "/mssp/entities/mssp-roles/v1", "Create a link between user group and CID group, with zero or more additional roles. The call does not replace any existing link between them. User group ID and CID group ID have to be specified in request. ", "mssp", [{ + "description": "'user_group_id', 'cid_group_id' and 'role_ids' fields are required. Remaining are populated by system.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["deletedRoles", "DELETE", "/mssp/entities/mssp-roles/v1", "Delete links or additional roles between user groups and CID groups. User group ID and CID group ID have to be specified in request. Only specified roles are removed if specified in request payload, else association between User Group and CID group is dissolved completely (if no roles specified).", "mssp", [{ + "description": "'user_group_id' and 'cid_group_id' fields are required. 'role_ids' field is optional. Remaining fields are ignored.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["getUserGroupMembersByIDV1", "GET", "/mssp/entities/user-group-members/v1", "Deprecated: Please use getUserGroupMembersByID. Get user group members by user group ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "User group IDs to search for", + "name": "user_group_ids", + "in": "query", + "required": 1 + }]], + ["addUserGroupMembers", "POST", "/mssp/entities/user-group-members/v1", "Add new user group member. Maximum 500 members allowed per user group.", "mssp", [{ + "description": "Both 'user_group_id' and 'user_uuids' fields are required.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteUserGroupMembers", "DELETE", "/mssp/entities/user-group-members/v1", "Delete user group members entry.", "mssp", [{ + "description": "Both 'user_group_id' and 'user_uuids' fields are required.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["getUserGroupMembersByID", "GET", "/mssp/entities/user-group-members/v2", "Get user group members by user group ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "User group IDs to search for", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["getUserGroupMembersByIDV2", "GET", "/mssp/entities/user-group-members/v2", "Get user group members by user group ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "User group IDs to search for", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["getUserGroupsByIDV1", "GET", "/mssp/entities/user-groups/v1", "Deprecated: Please use getUserGroupsByID. Get user groups by ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "User Group IDs to search for", + "name": "user_group_ids", + "in": "query", + "required": 1 + }]], + ["createUserGroups", "POST", "/mssp/entities/user-groups/v1", "Create new user groups. Name is a required field but description is an optional field. Maximum 500 user groups allowed per customer.", "mssp", [{ + "description": "Only 'name' and/or 'description' fields are required. Remaining are assigned by the system.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["updateUserGroups", "PATCH", "/mssp/entities/user-groups/v1", "Update existing user group(s). User group ID is expected for each user group definition provided in request body. Name is a required field but description is an optional field. Empty description will override existing value. User group member(s) remain unaffected.", "mssp", [{ + "description": "'user_group_id' field is required to identify the user group to update along with 'name' and/or 'description' fields to be updated.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteUserGroups", "DELETE", "/mssp/entities/user-groups/v1", "Delete user groups by ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "User group IDs to delete", + "name": "user_group_ids", + "in": "query", + "required": 1 + }]], + ["getUserGroupsByID", "GET", "/mssp/entities/user-groups/v2", "Get user groups by ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "User group IDs to search for", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["getUserGroupsByIDV2", "GET", "/mssp/entities/user-groups/v2", "Get user groups by ID.", "mssp", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "User group IDs to search for", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["queryChildren", "GET", "/mssp/queries/children/v1", "Query for customers linked as children", "mssp", [{ + "type": "string", + "description": "Filter using a query in Falcon Query Language (FQL). Supported filters: cid", + "name": "filter", + "in": "query" + }, { + "enum": ["last_modified_timestamp|asc", "last_modified_timestamp|desc"], + "type": "string", + "default": "last_modified_timestamp|desc", + "description": "The sort expression used to sort the results", + "name": "sort", + "in": "query" + }, { + "type": "integer", + "default": 0, + "description": "Starting index of overall result set from which to return ids", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "default": 10, + "description": "Number of ids to return", + "name": "limit", + "in": "query" + }]], + ["queryCIDGroupMembers", "GET", "/mssp/queries/cid-group-members/v1", "Query a CID groups members by associated CID.", "mssp", [{ + "type": "string", + "description": "CID to lookup associated CID group ID", + "name": "cid", + "in": "query", + "required": 1 + }, { + "enum": ["last_modified_timestamp|asc", "last_modified_timestamp|desc"], + "type": "string", + "default": "last_modified_timestamp|desc", + "description": "The sort expression used to sort the results", + "name": "sort", + "in": "query" + }, { + "type": "integer", + "default": 0, + "description": "Starting index of overall result set from which to return id", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "default": 10, + "description": "Maximum number of results to return", + "name": "limit", + "in": "query" + }]], + ["queryCIDGroups", "GET", "/mssp/queries/cid-groups/v1", "Query CID groups.", "mssp", [{ + "type": "string", + "description": "Name to lookup groups for", + "name": "name", + "in": "query" + }, { + "enum": ["last_modified_timestamp|asc", "last_modified_timestamp|desc", "name|asc", "name|desc"], + "type": "string", + "default": "name|asc", + "description": "The sort expression used to sort the results", + "name": "sort", + "in": "query" + }, { + "type": "integer", + "default": 0, + "description": "Starting index of overall result set from which to return ids", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "default": 10, + "description": "Maximum number of results to return", + "name": "limit", + "in": "query" + }]], + ["queryRoles", "GET", "/mssp/queries/mssp-roles/v1", "Query links between user groups and CID groups. At least one of CID group ID or user group ID should also be provided. Role ID is optional.", "mssp", [{ + "type": "string", + "description": "User group ID to fetch MSSP role for", + "name": "user_group_id", + "in": "query" + }, { + "type": "string", + "description": "CID group ID to fetch MSSP role for", + "name": "cid_group_id", + "in": "query" + }, { + "type": "string", + "description": "Role ID to fetch MSSP role for", + "name": "role_id", + "in": "query" + }, { + "enum": ["last_modified_timestamp|asc", "last_modified_timestamp|desc"], + "type": "string", + "default": "last_modified_timestamp|desc", + "description": "The sort expression used to sort the results", + "name": "sort", + "in": "query" + }, { + "type": "integer", + "default": 0, + "description": "Starting index of overall result set from which to return ids", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "default": 10, + "description": "Maximum number of results to return", + "name": "limit", + "in": "query" + }]], + ["queryUserGroupMembers", "GET", "/mssp/queries/user-group-members/v1", "Query user group member by user UUID.", "mssp", [{ + "type": "string", + "description": "User UUID to lookup associated user group ID", + "name": "user_uuid", + "in": "query", + "required": 1 + }, { + "enum": ["last_modified_timestamp|asc", "last_modified_timestamp|desc"], + "type": "string", + "default": "last_modified_timestamp|desc", + "description": "The sort expression used to sort the results", + "name": "sort", + "in": "query" + }, { + "type": "integer", + "default": 0, + "description": "Starting index of overall result set from which to return ids", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "default": 10, + "description": "Number of ids to return", + "name": "limit", + "in": "query" + }]], + ["queryUserGroups", "GET", "/mssp/queries/user-groups/v1", "Query user groups.", "mssp", [{ + "type": "string", + "description": "Name to lookup groups for", + "name": "name", + "in": "query" + }, { + "enum": ["last_modified_timestamp|asc", "last_modified_timestamp|desc", "name|asc", "name|desc"], + "type": "string", + "default": "name|asc", + "description": "The sort expression used to sort the results", + "name": "sort", + "in": "query" + }, { + "type": "integer", + "default": 0, + "description": "Starting index of overall result set from which to return ids", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "default": 10, + "description": "Maximum number of results to return", + "name": "limit", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/oauth2.ts b/src/_endpoints/oauth2.ts new file mode 100644 index 00000000..1a6fc1e4 --- /dev/null +++ b/src/_endpoints/oauth2.ts @@ -0,0 +1,36 @@ +/** + * contains all method definitions for API: oauth2 + * consumed and interpreted by Falcon.command(...) + */ +export var _oauth2_endpoints: Array = [ + ["oauth2RevokeToken", "POST", "/oauth2/revoke", "Revoke a previously issued OAuth2 access token before the end of its standard 30-minute lifespan.", "oauth2", [{ + "type": "string", + "description": "The OAuth2 client ID you are revoking the token for.", + "name": "client_id", + "in": "formData" + }, { + "type": "string", + "description": "The OAuth2 access token you want to revoke.\n\nInclude your API client ID and secret in basic auth format (`Authorization: basic `) in your request header.", + "name": "token", + "in": "formData", + "required": 1 + }]], + ["oauth2AccessToken", "POST", "/oauth2/token", "Generate an OAuth2 access token", "oauth2", [{ + "type": "string", + "description": "The API client ID to authenticate your API requests. For information on generating API clients, see [API documentation inside Falcon](https://falcon.crowdstrike.com/support/documentation/1/crowdstrike-api-introduction-for-developers).", + "name": "client_id", + "in": "formData", + "required": 1 + }, { + "type": "string", + "description": "The API client secret to authenticate your API requests. For information on generating API clients, see [API documentation inside Falcon](https://falcon.crowdstrike.com/support/documentation/1/crowdstrike-api-introduction-for-developers).", + "name": "client_secret", + "in": "formData", + "required": 1 + }, { + "type": "string", + "description": "For MSSP Master CIDs, optionally lock the token to act on behalf of this member CID", + "name": "member_cid", + "in": "formData" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/ods.ts b/src/_endpoints/ods.ts new file mode 100644 index 00000000..36566188 --- /dev/null +++ b/src/_endpoints/ods.ts @@ -0,0 +1,204 @@ +/** + * contains all method definitions for API: ods + * consumed and interpreted by Falcon.command(...) + */ +export var _ods_endpoints: Array = [ + ["aggregate_query_scan_host_metadata", "POST", "/ods/aggregates/scan-hosts/v1", "Get aggregates on ODS scan-hosts data.", "ods", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["aggregate_scans", "POST", "/ods/aggregates/scans/v1", "Get aggregates on ODS scan data.", "ods", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["aggregate_scheduled_scans", "POST", "/ods/aggregates/scheduled-scans/v1", "Get aggregates on ODS scheduled-scan data.", "ods", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["get_malicious_files_by_ids", "GET", "/ods/entities/malicious-files/v1", "Get malicious files by ids.", "ods", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The scan IDs to retrieve the scan entities", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["cancel_scans", "POST", "/ods/entities/scan-control-actions/cancel/v1", "Cancel ODS scans for the given scan ids.", "ods", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["get_scan_host_metadata_by_ids", "GET", "/ods/entities/scan-hosts/v1", "Get scan hosts by ids.", "ods", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The scan IDs to retrieve the scan entities", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["get_scans_by_scan_ids", "GET", "/ods/entities/scans/v1", "Get Scans by IDs.", "ods", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The scan IDs to retrieve the scan entities", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["create_scan", "POST", "/ods/entities/scans/v1", "Create ODS scan and start or schedule scan for the given scan request.", "ods", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["get_scheduled_scans_by_scan_ids", "GET", "/ods/entities/scheduled-scans/v1", "Get ScheduledScans by IDs.", "ods", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The scan IDs to retrieve the scan entities", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["schedule_scan", "POST", "/ods/entities/scheduled-scans/v1", "Create ODS scan and start or schedule scan for the given scan request.", "ods", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["delete_scheduled_scans", "DELETE", "/ods/entities/scheduled-scans/v1", "Delete ODS scheduled-scans for the given scheduled-scan ids.", "ods", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The scan IDs to retrieve the scan entities", + "name": "ids", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "A FQL compatible query string.", + "name": "filter", + "in": "query" + }]], + ["query_malicious_files", "GET", "/ods/queries/malicious-files/v1", "Query malicious files.", "ods", [{ + "type": "string", + "description": "A FQL compatible query string. Terms: [id cid scan_id host_id host_scan_id filepath filename hash pattern_id severity quarantined last_updated]", + "name": "filter", + "in": "query", + "allowEmptyValue": 1 + }, { + "type": "integer", + "default": 0, + "description": "Index of the starting resource", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "default": 500, + "description": "The max number of resources to return", + "name": "limit", + "in": "query" + }, { + "enum": ["id|asc", "id|desc", "scan_id|asc", "scan_id|desc", "host_id|asc", "host_id|desc", "host_scan_id|asc", "host_scan_id|desc", "filename|asc", "filename|desc", "hash|asc", "hash|desc", "pattern_id|asc", "pattern_id|desc", "severity|asc", "severity|desc", "last_updated|asc", "last_updated|desc"], + "type": "string", + "default": "last_updated|desc", + "description": "The property to sort on, followed by a |, followed by the sort direction, either \"asc\" or \"desc\"", + "name": "sort", + "in": "query", + "allowEmptyValue": 1 + }]], + ["query_scan_host_metadata", "GET", "/ods/queries/scan-hosts/v1", "Query scan hosts.", "ods", [{ + "type": "string", + "description": "A FQL compatible query string. Terms: [id cid profile_id host_id scan_id host_scan_id filecount.scanned filecount.malicious filecount.quarantined filecount.skipped affected_hosts_count status severity completed_on started_on last_updated]", + "name": "filter", + "in": "query", + "allowEmptyValue": 1 + }, { + "type": "integer", + "default": 0, + "description": "Index of the starting resource", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "default": 500, + "description": "The max number of resources to return", + "name": "limit", + "in": "query" + }, { + "enum": ["id|asc", "id|desc", "scan_id|asc", "scan_id|desc", "host_id|asc", "host_id|desc", "filecount.scanned|asc", "filecount.scanned|desc", "filecount.malicious|asc", "filecount.malicious|desc", "filecount.quarantined|asc", "filecount.quarantined|desc", "filecount.skipped|asc", "filecount.skipped|desc", "status|asc", "status|desc", "severity|asc", "severity|desc", "started_on|asc", "started_on|desc", "completed_on|asc", "completed_on|desc", "last_updated|asc", "last_updated|desc"], + "type": "string", + "default": "last_updated|desc", + "description": "The property to sort on, followed by a |, followed by the sort direction, either \"asc\" or \"desc\"", + "name": "sort", + "in": "query", + "allowEmptyValue": 1 + }]], + ["query_scans", "GET", "/ods/queries/scans/v1", "Query Scans.", "ods", [{ + "type": "string", + "description": "A FQL compatible query string. Terms: [id cid profile_id description.keyword initiated_from filecount.scanned filecount.malicious filecount.quarantined filecount.skipped affected_hosts_count status severity scan_started_on scan_completed_on created_on created_by last_updated]", + "name": "filter", + "in": "query", + "allowEmptyValue": 1 + }, { + "type": "integer", + "default": 0, + "description": "Index of the starting resource", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "default": 500, + "description": "The max number of resources to return", + "name": "limit", + "in": "query" + }, { + "enum": ["id|asc", "id|desc", "initiated_from|asc", "initiated_from|desc", "description.keyword|asc", "description.keyword|desc", "filecount.scanned|asc", "filecount.scanned|desc", "filecount.malicious|asc", "filecount.malicious|desc", "filecount.quarantined|asc", "filecount.quarantined|desc", "filecount.skipped|asc", "filecount.skipped|desc", "affected_hosts_count|asc", "affected_hosts_count|desc", "status|asc", "status|desc", "severity|asc", "severity|desc", "scan_started_on|asc", "scan_started_on|desc", "scan_completed_on|asc", "scan_completed_on|desc", "created_on|asc", "created_on|desc", "created_by|asc", "created_by|desc", "last_updated|asc", "last_updated|desc"], + "type": "string", + "default": "created_on|desc", + "description": "The property to sort on, followed by a |, followed by the sort direction, either \"asc\" or \"desc\"", + "name": "sort", + "in": "query", + "allowEmptyValue": 1 + }]], + ["query_scheduled_scans", "GET", "/ods/queries/scheduled-scans/v1", "Query ScheduledScans.", "ods", [{ + "type": "string", + "description": "A FQL compatible query string. Terms: [id cid description initiated_from status schedule.start_timestamp schedule.Interval created_on created_by last_updated deleted]", + "name": "filter", + "in": "query", + "allowEmptyValue": 1 + }, { + "type": "integer", + "default": 0, + "description": "Index of the starting resource", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "default": 500, + "description": "The max number of resources to return", + "name": "limit", + "in": "query" + }, { + "enum": ["id|asc", "id|desc", "description.keyword|asc", "description.keyword|desc", "status|asc", "status|desc", "schedule.start_timestamp|asc", "schedule.start_timestamp|desc", "schedule.interval|asc", "schedule.interval|desc", "created_on|asc", "created_on|desc", "created_by|asc", "created_by|desc", "last_updated|asc", "last_updated|desc"], + "type": "string", + "default": "schedule.start_timestamp|desc", + "description": "The property to sort on, followed by a |, followed by the sort direction, either \"asc\" or \"desc\"", + "name": "sort", + "in": "query", + "allowEmptyValue": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/overwatch_dashboard.ts b/src/_endpoints/overwatch_dashboard.ts new file mode 100644 index 00000000..1aae59cb --- /dev/null +++ b/src/_endpoints/overwatch_dashboard.ts @@ -0,0 +1,37 @@ +/** + * contains all method definitions for API: overwatch dashboard + * consumed and interpreted by Falcon.command(...) + */ +export var _overwatch_dashboard_endpoints: Array = [ + ["AggregatesDetectionsGlobalCounts", "GET", "/overwatch-dashboards/aggregates/detections-global-counts/v1", "Get the total number of detections pushed across all customers", "overwatch_dashboard", [{ + "type": "string", + "description": "An FQL filter string", + "name": "filter", + "in": "query", + "required": 1 + }]], + ["AggregatesEventsCollections", "POST", "/overwatch-dashboards/aggregates/events-collections/GET/v1", "Get OverWatch detection event collection info by providing an aggregate query", "overwatch_dashboard", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["AggregatesEvents", "POST", "/overwatch-dashboards/aggregates/events/GET/v1", "Get aggregate OverWatch detection event info by providing an aggregate query", "overwatch_dashboard", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["AggregatesIncidentsGlobalCounts", "GET", "/overwatch-dashboards/aggregates/incidents-global-counts/v1", "Get the total number of incidents pushed across all customers", "overwatch_dashboard", [{ + "type": "string", + "description": "An FQL filter string", + "name": "filter", + "in": "query", + "required": 1 + }]], + ["AggregatesOWEventsGlobalCounts", "GET", "/overwatch-dashboards/aggregates/ow-events-global-counts/v1", "Get the total number of OverWatch events across all customers", "overwatch_dashboard", [{ + "type": "string", + "description": "An FQL filter string", + "name": "filter", + "in": "query", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/prevention_policies.ts b/src/_endpoints/prevention_policies.ts new file mode 100644 index 00000000..c788d90c --- /dev/null +++ b/src/_endpoints/prevention_policies.ts @@ -0,0 +1,163 @@ +/** + * contains all method definitions for API: prevention policies + * consumed and interpreted by Falcon.command(...) + */ +export var _prevention_policies_endpoints: Array = [ + ["queryCombinedPreventionPolicyMembers", "GET", "/policy/combined/prevention-members/v1", "Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", "prevention_policies", [{ + "type": "string", + "description": "The ID of the Prevention Policy to search for members of", + "name": "id", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["queryCombinedPreventionPolicies", "GET", "/policy/combined/prevention/v1", "Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria", "prevention_policies", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["performPreventionPoliciesAction", "POST", "/policy/entities/prevention-actions/v1", "Perform the specified action on the Prevention Policies specified in the request", "prevention_policies", [{ + "enum": ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], + "type": "string", + "description": "The action to perform", + "name": "action_name", + "in": "query", + "required": 1 + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["setPreventionPoliciesPrecedence", "POST", "/policy/entities/prevention-precedence/v1", "Sets the precedence of Prevention Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence", "prevention_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["getPreventionPolicies", "GET", "/policy/entities/prevention/v1", "Retrieve a set of Prevention Policies by specifying their IDs", "prevention_policies", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the Prevention Policies to return", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["createPreventionPolicies", "POST", "/policy/entities/prevention/v1", "Create Prevention Policies by specifying details about the policy to create", "prevention_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["updatePreventionPolicies", "PATCH", "/policy/entities/prevention/v1", "Update Prevention Policies by specifying the ID of the policy and details to update", "prevention_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["deletePreventionPolicies", "DELETE", "/policy/entities/prevention/v1", "Delete a set of Prevention Policies by specifying their IDs", "prevention_policies", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the Prevention Policies to delete", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["queryPreventionPolicyMembers", "GET", "/policy/queries/prevention-members/v1", "Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria", "prevention_policies", [{ + "type": "string", + "description": "The ID of the Prevention Policy to search for members of", + "name": "id", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["queryPreventionPolicies", "GET", "/policy/queries/prevention/v1", "Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria", "prevention_policies", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/quarantine.ts b/src/_endpoints/quarantine.ts new file mode 100644 index 00000000..8b9c84e7 --- /dev/null +++ b/src/_endpoints/quarantine.ts @@ -0,0 +1,59 @@ +/** + * contains all method definitions for API: quarantine + * consumed and interpreted by Falcon.command(...) + */ +export var _quarantine_endpoints: Array = [ + ["ActionUpdateCount", "GET", "/quarantine/aggregates/action-update-count/v1", "Returns count of potentially affected quarantined files for each action.", "quarantine", [{ + "type": "string", + "description": "FQL specifying filter parameters.", + "name": "filter", + "in": "query", + "required": 1 + }]], + ["GetAggregateFiles", "POST", "/quarantine/aggregates/quarantined-files/GET/v1", "Get quarantine file aggregates as specified via json in request body.", "quarantine", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetQuarantineFiles", "POST", "/quarantine/entities/quarantined-files/GET/v1", "Get quarantine file metadata for specified ids.", "quarantine", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["UpdateQuarantinedDetectsByIds", "PATCH", "/quarantine/entities/quarantined-files/v1", "Apply action by quarantine file ids", "quarantine", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["QueryQuarantineFiles", "GET", "/quarantine/queries/quarantined-files/v1", "Get quarantine file ids that match the provided filter criteria.", "quarantine", [{ + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Possible order by fields: hostname, username, date_updated, date_created, paths.path, state, paths.state. Ex: 'date_created|asc'.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters. Special value '*' means to not filter on anything. Filter term criteria: status, adversary_id, device.device_id, device.country, device.hostname, behaviors.behavior_id, behaviors.ioc_type, behaviors.ioc_value, behaviors.username, behaviors.tree_root_hash. Filter range criteria:, max_severity, max_confidence, first_behavior, last_behavior.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match phrase_prefix query criteria; included fields: _all (all filter string fields), sha256, state, paths.path, paths.state, hostname, username, date_updated, date_created.", + "name": "q", + "in": "query" + }]], + ["UpdateQfByQuery", "PATCH", "/quarantine/queries/quarantined-files/v1", "Apply quarantine file actions by query.", "quarantine", [{ + "name": "body", + "in": "body", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/quick_scan.ts b/src/_endpoints/quick_scan.ts new file mode 100644 index 00000000..31c86864 --- /dev/null +++ b/src/_endpoints/quick_scan.ts @@ -0,0 +1,49 @@ +/** + * contains all method definitions for API: quick scan + * consumed and interpreted by Falcon.command(...) + */ +export var _quick_scan_endpoints: Array = [ + ["GetScansAggregates", "POST", "/scanner/aggregates/scans/GET/v1", "Get scans aggregations as specified via json in request body.", "quick_scan", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetScans", "GET", "/scanner/entities/scans/v1", "Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute", "quick_scan", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "ID of a submitted scan", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["ScanSamples", "POST", "/scanner/entities/scans/v1", "Submit a volume of files for ml scanning. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute", "quick_scan", [{ + "description": "Submit a batch of SHA256s for ml scanning. The samples must have been previously uploaded through `/samples/entities/samples/v3`", + "name": "body", + "in": "body", + "required": 1 + }]], + ["QuerySubmissionsMixin0", "GET", "/scanner/queries/scans/v1", "Find IDs for submitted scans by providing an FQL filter and paging details. Returns a set of volume IDs that match your criteria.", "quick_scan", [{ + "type": "string", + "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "The offset to start retrieving submissions from.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Maximum number of volume IDs to return. Max: 5000.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort order: `asc` or `desc`.", + "name": "sort", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/real_time_response.ts b/src/_endpoints/real_time_response.ts new file mode 100644 index 00000000..6819090a --- /dev/null +++ b/src/_endpoints/real_time_response.ts @@ -0,0 +1,320 @@ +/** + * contains all method definitions for API: real time response + * consumed and interpreted by Falcon.command(...) + */ +export var _real_time_response_endpoints: Array = [ + ["RTR_AggregateSessions", "POST", "/real-time-response/aggregates/sessions/GET/v1", "Get aggregates on session data.", "real_time_response", [{ + "description": "Supported aggregations: \n- `term`\n- `date_range`\n\nSupported aggregation members:\n\n**`date_ranges`** If peforming a date range query specify the **`from`** and **`to`** date ranges. These can be in common date formats like `2019-07-18` or `now`\n**`field`** Term you want to aggregate on. If doing a `date_range` query, this is the date field you want to apply the date ranges to\n**`filter`** Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).\n**`name`** Name of the aggregation\n**`size`** Size limit to apply to the queries.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["BatchActiveResponderCmd", "POST", "/real-time-response/combined/batch-active-responder-command/v1", "Batch executes a RTR active-responder command across the hosts mapped to the given batch ID.", "real_time_response", [{ + "type": "integer", + "default": 30, + "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + "name": "timeout", + "in": "query" + }, { + "type": "string", + "default": "30s", + "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + "name": "timeout_duration", + "in": "query" + }, { + "type": "string", + "default": "tiny bit less than overall request timeout", + "description": "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", + "name": "host_timeout_duration", + "in": "query" + }, { + "description": "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `cp`\n- `encrypt`\n- `env`\n- `eventlog`\n- `filehash`\n- `get`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `kill`\n- `ls`\n- `map`\n- `memdump`\n- `mkdir`\n- `mount`\n- `mv`\n- `netstat`\n- `ps`\n- `reg query`\n- `reg set`\n- `reg delete`\n- `reg load`\n- `reg unload`\n- `restart`\n- `rm`\n- `runscript`\n- `shutdown`\n- `unmap`\n- `update history`\n- `update install`\n- `update list`\n- `update query`\n- `xmemdump`\n- `zip`\n\n**`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands.\n**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`command_string`** Full command string for the command. For example `get some_file.txt`\n**`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["BatchCmd", "POST", "/real-time-response/combined/batch-command/v1", "Batch executes a RTR read-only command across the hosts mapped to the given batch ID.", "real_time_response", [{ + "type": "integer", + "default": 30, + "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + "name": "timeout", + "in": "query" + }, { + "type": "string", + "default": "30s", + "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + "name": "timeout_duration", + "in": "query" + }, { + "type": "string", + "default": "tiny bit less than overall request timeout", + "description": "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", + "name": "host_timeout_duration", + "in": "query" + }, { + "description": "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `env`\n- `eventlog`\n- `filehash`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `ls`\n- `mount`\n- `netstat`\n- `ps`\n- `reg query`\n\n**`base_command`** read-only command type we are going to execute, for example: `ls` or `cd`. Refer to the RTR documentation for the full list of commands.\n**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`command_string`** Full command string for the command. For example `cd C:\\some_directory`\n**`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["BatchGetCmdStatus", "GET", "/real-time-response/combined/batch-get-command/v1", "Retrieves the status of the specified batch get command. Will return successful files when they are finished processing.", "real_time_response", [{ + "type": "integer", + "default": 30, + "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + "name": "timeout", + "in": "query" + }, { + "type": "string", + "default": "30s", + "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + "name": "timeout_duration", + "in": "query" + }, { + "type": "string", + "description": "Batch Get Command Request ID received from `/real-time-response/combined/get-command/v1`", + "name": "batch_get_cmd_req_id", + "in": "query", + "required": 1 + }]], + ["BatchGetCmd", "POST", "/real-time-response/combined/batch-get-command/v1", "Batch executes `get` command across hosts to retrieve files. After this call is made `GET /real-time-response/combined/batch-get-command/v1` is used to query for the results.", "real_time_response", [{ + "type": "integer", + "default": 30, + "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + "name": "timeout", + "in": "query" + }, { + "type": "string", + "default": "30s", + "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + "name": "timeout_duration", + "in": "query" + }, { + "type": "string", + "default": "tiny bit less than overall request timeout", + "description": "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", + "name": "host_timeout_duration", + "in": "query" + }, { + "description": "**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`file_path`** Full path to the file that is to be retrieved from each host in the batch.\n**`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["BatchInitSessions", "POST", "/real-time-response/combined/batch-init-session/v1", "Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host.", "real_time_response", [{ + "type": "integer", + "default": 30, + "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + "name": "timeout", + "in": "query" + }, { + "type": "string", + "default": "30s", + "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + "name": "timeout_duration", + "in": "query" + }, { + "type": "string", + "default": "tiny bit less than overall request timeout", + "description": "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", + "name": "host_timeout_duration", + "in": "query" + }, { + "description": "**`host_ids`** List of host agent ID's to initialize a RTR session on\n**`existing_batch_id`** Optional batch ID. Use an existing batch ID if you want to initialize new hosts and add them to the existing batch", + "name": "body", + "in": "body", + "required": 1 + }]], + ["BatchRefreshSessions", "POST", "/real-time-response/combined/batch-refresh-session/v1", "Batch refresh a RTR session on multiple hosts. RTR sessions will expire after 10 minutes unless refreshed.", "real_time_response", [{ + "type": "integer", + "default": 30, + "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + "name": "timeout", + "in": "query" + }, { + "type": "string", + "default": "30s", + "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + "name": "timeout_duration", + "in": "query" + }, { + "description": "**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`hosts_to_remove`** Hosts to remove from the batch session. Heartbeats will no longer happen on these hosts and the sessions will expire.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["RTR_CheckActiveResponderCommandStatus", "GET", "/real-time-response/entities/active-responder-command/v1", "Get status of an executed active-responder command on a single host.", "real_time_response", [{ + "type": "string", + "description": "Cloud Request ID of the executed command to query", + "name": "cloud_request_id", + "in": "query", + "required": 1 + }, { + "type": "integer", + "default": 0, + "description": "Sequence ID that we want to retrieve. Command responses are chunked across sequences", + "name": "sequence_id", + "in": "query", + "required": 1 + }]], + ["RTR_ExecuteActiveResponderCommand", "POST", "/real-time-response/entities/active-responder-command/v1", "Execute an active responder command on a single host.", "real_time_response", [{ + "description": "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `cp`\n- `encrypt`\n- `env`\n- `eventlog`\n- `filehash`\n- `get`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `kill`\n- `ls`\n- `map`\n- `memdump`\n- `mkdir`\n- `mount`\n- `mv`\n- `netstat`\n- `ps`\n- `reg query`\n- `reg set`\n- `reg delete`\n- `reg load`\n- `reg unload`\n- `restart`\n- `rm`\n- `runscript`\n- `shutdown`\n- `unmap`\n- `update history`\n- `update install`\n- `update list`\n- `update query`\n- `xmemdump`\n- `zip`\n\nRequired values. The rest of the fields are unused.\n**`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands.\n**`command_string`** Full command string for the command. For example `get some_file.txt`\n**`session_id`** RTR session ID to run the command on", + "name": "body", + "in": "body", + "required": 1 + }]], + ["RTR_CheckCommandStatus", "GET", "/real-time-response/entities/command/v1", "Get status of an executed command on a single host.", "real_time_response", [{ + "type": "string", + "description": "Cloud Request ID of the executed command to query", + "name": "cloud_request_id", + "in": "query", + "required": 1 + }, { + "type": "integer", + "default": 0, + "description": "Sequence ID that we want to retrieve. Command responses are chunked across sequences", + "name": "sequence_id", + "in": "query", + "required": 1 + }]], + ["RTR_ExecuteCommand", "POST", "/real-time-response/entities/command/v1", "Execute a command on a single host.", "real_time_response", [{ + "description": "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `env`\n- `eventlog`\n- `filehash`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `ls`\n- `mount`\n- `netstat`\n- `ps`\n- `reg query`\n\nRequired values. The rest of the fields are unused.\n**`base_command`** read-only command type we are going to execute, for example: `ls` or `cd`. Refer to the RTR documentation for the full list of commands.\n**`command_string`** Full command string for the command. For example `cd C:\\some_directory`\n**`session_id`** RTR session ID to run the command on", + "name": "body", + "in": "body", + "required": 1 + }]], + ["RTR_GetExtractedFileContents", "GET", "/real-time-response/entities/extracted-file-contents/v1", "Get RTR extracted file contents for specified session and sha256.", "real_time_response", [{ + "type": "string", + "description": "RTR Session id", + "name": "session_id", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Extracted SHA256 (e.g. 'efa256a96af3b556cd3fc9d8b1cf587d72807d7805ced441e8149fc279db422b')", + "name": "sha256", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Filename to use for the archive name and the file within the archive.", + "name": "filename", + "in": "query" + }]], + ["RTR_ListFiles", "GET", "/real-time-response/entities/file/v1", "Get a list of files for the specified RTR session.", "real_time_response", [{ + "type": "string", + "description": "RTR Session id", + "name": "session_id", + "in": "query", + "required": 1 + }]], + ["RTR_DeleteFile", "DELETE", "/real-time-response/entities/file/v1", "Delete a RTR session file.", "real_time_response", [{ + "type": "string", + "description": "RTR Session file id", + "name": "ids", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "RTR Session id", + "name": "session_id", + "in": "query", + "required": 1 + }]], + ["RTR_ListFilesV2", "GET", "/real-time-response/entities/file/v2", "Get a list of files for the specified RTR session.", "real_time_response", [{ + "type": "string", + "description": "RTR Session id", + "name": "session_id", + "in": "query", + "required": 1 + }]], + ["RTR_DeleteFileV2", "DELETE", "/real-time-response/entities/file/v2", "Delete a RTR session file.", "real_time_response", [{ + "type": "string", + "description": "RTR Session file id", + "name": "ids", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "RTR Session id", + "name": "session_id", + "in": "query", + "required": 1 + }]], + ["RTR_ListQueuedSessions", "POST", "/real-time-response/entities/queued-sessions/GET/v1", "Get queued session metadata by session ID.", "real_time_response", [{ + "description": "**`ids`** List of RTR sessions to retrieve. RTR will only return the sessions that were created by the calling user", + "name": "body", + "in": "body", + "required": 1 + }]], + ["RTR_DeleteQueuedSession", "DELETE", "/real-time-response/entities/queued-sessions/command/v1", "Delete a queued session command", "real_time_response", [{ + "type": "string", + "description": "RTR Session id", + "name": "session_id", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Cloud Request ID of the executed command to query", + "name": "cloud_request_id", + "in": "query", + "required": 1 + }]], + ["RTR_PulseSession", "POST", "/real-time-response/entities/refresh-session/v1", "Refresh a session timeout on a single host.", "real_time_response", [{ + "description": "**`device_id`** The host agent ID to refresh the RTR session on. RTR will retrieve an existing session for the calling user on this host", + "name": "body", + "in": "body", + "required": 1 + }]], + ["RTR_ListSessions", "POST", "/real-time-response/entities/sessions/GET/v1", "Get session metadata by session id.", "real_time_response", [{ + "description": "**`ids`** List of RTR sessions to retrieve. RTR will only return the sessions that were created by the calling user", + "name": "body", + "in": "body", + "required": 1 + }]], + ["RTR_InitSession", "POST", "/real-time-response/entities/sessions/v1", "Initialize a new session with the RTR cloud.", "real_time_response", [{ + "type": "integer", + "default": 30, + "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + "name": "timeout", + "in": "query" + }, { + "type": "string", + "default": "30s", + "description": "Timeout duration for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + "name": "timeout_duration", + "in": "query" + }, { + "description": "**`device_id`** The host agent ID to initialize the RTR session on. RTR will retrieve an existing session for the calling user on this host\n**`queue_offline`** If we should queue this session if the host is offline. Any commands run against an offline-queued session will be queued up and executed when the host comes online.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["RTR_DeleteSession", "DELETE", "/real-time-response/entities/sessions/v1", "Delete a session.", "real_time_response", [{ + "type": "string", + "description": "RTR Session id", + "name": "session_id", + "in": "query", + "required": 1 + }]], + ["RTR_ListAllSessions", "GET", "/real-time-response/queries/sessions/v1", "Get a list of session_ids.", "real_time_response", [{ + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort by spec. Ex: 'date_created|asc'.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).\u00a0\u201cuser_id\u201d can accept a special value \u2018@me\u2019 which will restrict results to records with current user\u2019s ID.", + "name": "filter", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/real_time_response_admin.ts b/src/_endpoints/real_time_response_admin.ts new file mode 100644 index 00000000..13952e77 --- /dev/null +++ b/src/_endpoints/real_time_response_admin.ts @@ -0,0 +1,268 @@ +/** + * contains all method definitions for API: real time response admin + * consumed and interpreted by Falcon.command(...) + */ +export var _real_time_response_admin_endpoints: Array = [ + ["BatchAdminCmd", "POST", "/real-time-response/combined/batch-admin-command/v1", "Batch executes a RTR administrator command across the hosts mapped to the given batch ID.", "real_time_response_admin", [{ + "type": "integer", + "default": 30, + "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + "name": "timeout", + "in": "query" + }, { + "type": "string", + "default": "30s", + "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + "name": "timeout_duration", + "in": "query" + }, { + "type": "string", + "default": "tiny bit less than overall request timeout", + "description": "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", + "name": "host_timeout_duration", + "in": "query" + }, { + "description": "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `cp`\n- `encrypt`\n- `env`\n- `eventlog`\n- `filehash`\n- `get`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `kill`\n- `ls`\n- `map`\n- `memdump`\n- `mkdir`\n- `mount`\n- `mv`\n- `netstat`\n- `ps`\n- `put`\n- `reg query`\n- `reg set`\n- `reg delete`\n- `reg load`\n- `reg unload`\n- `restart`\n- `rm`\n- `run`\n- `runscript`\n- `shutdown`\n- `unmap`\n- `update history`\n- `update install`\n- `update list`\n- `update query`\n- `xmemdump`\n- `zip`\n\n**`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands.\n**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`command_string`** Full command string for the command. For example `get some_file.txt`\n**`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["RTR_CheckAdminCommandStatus", "GET", "/real-time-response/entities/admin-command/v1", "Get status of an executed RTR administrator command on a single host.", "real_time_response_admin", [{ + "type": "string", + "description": "Cloud Request ID of the executed command to query", + "name": "cloud_request_id", + "in": "query", + "required": 1 + }, { + "type": "integer", + "default": 0, + "description": "Sequence ID that we want to retrieve. Command responses are chunked across sequences", + "name": "sequence_id", + "in": "query", + "required": 1 + }]], + ["RTR_ExecuteAdminCommand", "POST", "/real-time-response/entities/admin-command/v1", "Execute a RTR administrator command on a single host.", "real_time_response_admin", [{ + "description": "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `cp`\n- `encrypt`\n- `env`\n- `eventlog`\n- `filehash`\n- `get`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `kill`\n- `ls`\n- `map`\n- `memdump`\n- `mkdir`\n- `mount`\n- `mv`\n- `netstat`\n- `ps`\n- `put`\n- `reg query`\n- `reg set`\n- `reg delete`\n- `reg load`\n- `reg unload`\n- `restart`\n- `rm`\n- `run`\n- `runscript`\n- `shutdown`\n- `unmap`\n- `update history`\n- `update install`\n- `update list`\n- `update query`\n- `xmemdump`\n- `zip`\n\nRequired values. The rest of the fields are unused.\n**`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands.\n**`command_string`** Full command string for the command. For example `get some_file.txt`\n**`session_id`** RTR session ID to run the command on", + "name": "body", + "in": "body", + "required": 1 + }]], + ["RTR_GetPut_Files", "GET", "/real-time-response/entities/put-files/v1", "Get put-files based on the ID's given. These are used for the RTR `put` command.", "real_time_response_admin", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "File IDs", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["RTR_CreatePut_Files", "POST", "/real-time-response/entities/put-files/v1", "Upload a new put-file to use for the RTR `put` command.", "real_time_response_admin", [{ + "type": "file", + "description": "put-file to upload", + "name": "file", + "in": "formData", + "required": 1 + }, { + "type": "string", + "description": "File description", + "name": "description", + "in": "formData", + "required": 1 + }, { + "type": "string", + "description": "File name (if different than actual file name)", + "name": "name", + "in": "formData" + }, { + "maxLength": 4096, + "type": "string", + "description": "The audit log comment", + "name": "comments_for_audit_log", + "in": "formData" + }]], + ["RTR_DeletePut_Files", "DELETE", "/real-time-response/entities/put-files/v1", "Delete a put-file based on the ID given. Can only delete one file at a time.", "real_time_response_admin", [{ + "type": "string", + "description": "File id", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["RTR_GetPut_FilesV2", "GET", "/real-time-response/entities/put-files/v2", "Get put-files based on the ID's given. These are used for the RTR `put` command.", "real_time_response_admin", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "File IDs", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["RTR_GetScripts", "GET", "/real-time-response/entities/scripts/v1", "Get custom-scripts based on the ID's given. These are used for the RTR `runscript` command.", "real_time_response_admin", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "File IDs", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["RTR_CreateScripts", "POST", "/real-time-response/entities/scripts/v1", "Upload a new custom-script to use for the RTR `runscript` command.", "real_time_response_admin", [{ + "type": "file", + "description": "custom-script file to upload. These should be powershell scripts.", + "name": "file", + "in": "formData" + }, { + "type": "string", + "description": "File description", + "name": "description", + "in": "formData", + "required": 1 + }, { + "type": "string", + "description": "File name (if different than actual file name)", + "name": "name", + "in": "formData" + }, { + "maxLength": 4096, + "type": "string", + "description": "The audit log comment", + "name": "comments_for_audit_log", + "in": "formData" + }, { + "type": "string", + "default": "none", + "description": "Permission for the custom-script. Valid permission values: \n - `private`, usable by only the user who uploaded it \n - `group`, usable by all RTR Admins \n - `public`, usable by all active-responders and RTR admins", + "name": "permission_type", + "in": "formData", + "required": 1 + }, { + "type": "string", + "description": "The script text that you want to use to upload", + "name": "content", + "in": "formData" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "x-cs-exposures": ["public"], + "description": "Platforms for the file. Currently supports: windows, mac, linux, . If no platform is provided, it will default to 'windows'", + "name": "platform", + "in": "formData" + }]], + ["RTR_UpdateScripts", "PATCH", "/real-time-response/entities/scripts/v1", "Upload a new scripts to replace an existing one.", "real_time_response_admin", [{ + "type": "string", + "description": "ID to update", + "name": "id", + "in": "formData", + "required": 1 + }, { + "type": "file", + "description": "custom-script file to upload. These should be powershell scripts.", + "name": "file", + "in": "formData" + }, { + "type": "string", + "description": "File description", + "name": "description", + "in": "formData" + }, { + "type": "string", + "description": "File name (if different than actual file name)", + "name": "name", + "in": "formData" + }, { + "maxLength": 4096, + "type": "string", + "description": "The audit log comment", + "name": "comments_for_audit_log", + "in": "formData" + }, { + "type": "string", + "default": "none", + "description": "Permission for the custom-script. Valid permission values: \n - `private`, usable by only the user who uploaded it \n - `group`, usable by all RTR Admins \n - `public`, usable by all active-responders and RTR admins", + "name": "permission_type", + "in": "formData" + }, { + "type": "string", + "description": "The script text that you want to use to upload", + "name": "content", + "in": "formData" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "x-cs-exposures": ["public"], + "description": "Platforms for the file. Currently supports: windows, mac, ", + "name": "platform", + "in": "formData" + }]], + ["RTR_DeleteScripts", "DELETE", "/real-time-response/entities/scripts/v1", "Delete a custom-script based on the ID given. Can only delete one script at a time.", "real_time_response_admin", [{ + "type": "string", + "description": "File id", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["RTR_GetScriptsV2", "GET", "/real-time-response/entities/scripts/v2", "Get custom-scripts based on the ID's given. These are used for the RTR `runscript` command.", "real_time_response_admin", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "File IDs", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["RTR_ListPut_Files", "GET", "/real-time-response/queries/put-files/v1", "Get a list of put-file ID's that are available to the user for the `put` command.", "real_time_response_admin", [{ + "type": "string", + "description": "Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort by spec. Ex: 'created_at|asc'.", + "name": "sort", + "in": "query" + }]], + ["RTR_ListScripts", "GET", "/real-time-response/queries/scripts/v1", "Get a list of custom-script ID's that are available to the user for the `runscript` command.", "real_time_response_admin", [{ + "type": "string", + "description": "Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort by spec. Ex: 'created_at|asc'.", + "name": "sort", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/real_time_response_audit.ts b/src/_endpoints/real_time_response_audit.ts new file mode 100644 index 00000000..1a5661a1 --- /dev/null +++ b/src/_endpoints/real_time_response_audit.ts @@ -0,0 +1,36 @@ +/** + * contains all method definitions for API: real time response audit + * consumed and interpreted by Falcon.command(...) + */ +export var _real_time_response_audit_endpoints: Array = [ + ["RTRAuditSessions", "GET", "/real-time-response-audit/combined/sessions/v1", "Get all the RTR sessions created for a customer in a specified duration", "real_time_response_audit", [{ + "type": "string", + "description": "Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + "name": "filter", + "in": "query" + }, { + "enum": ["created_at", "updated_at", "deleted_at"], + "type": "string", + "description": "how to sort the session IDs. e.g. sort=created_at|desc will sort the results based on createdAt in descending order", + "name": "sort", + "in": "query" + }, { + "maximum": 1000, + "minimum": 1, + "type": "string", + "description": "number of sessions to be returned", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "offset value to be used for paginated results", + "name": "offset", + "in": "query" + }, { + "type": "boolean", + "default": 0, + "description": "get sessions with command info included; by default sessions are returned without command info which include cloud_request_ids and logs fields", + "name": "with_command_info", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/recon.ts b/src/_endpoints/recon.ts new file mode 100644 index 00000000..bea6a042 --- /dev/null +++ b/src/_endpoints/recon.ts @@ -0,0 +1,303 @@ +/** + * contains all method definitions for API: recon + * consumed and interpreted by Falcon.command(...) + */ +export var _recon_endpoints: Array = [ + ["AggregateNotificationsExposedDataRecordsV1", "POST", "/recon/aggregates/notifications-exposed-data-records/GET/v1", "Get notification exposed data record aggregates as specified via JSON in request body. The valid aggregation fields are: [notification_id created_date rule.id rule.name rule.topic source_category site author]", "recon", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["AggregateNotificationsV1", "POST", "/recon/aggregates/notifications/GET/v1", "Get notification aggregates as specified via JSON in request body.", "recon", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["PreviewRuleV1", "POST", "/recon/aggregates/rules-preview/GET/v1", "Preview rules notification count and distribution. This will return aggregations on: channel, count, site.", "recon", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetActionsV1", "GET", "/recon/entities/actions/v1", "Get actions based on their IDs. IDs can be retrieved using the GET /queries/actions/v1 endpoint.", "recon", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Action IDs.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["CreateActionsV1", "POST", "/recon/entities/actions/v1", "Create actions for a monitoring rule. Accepts a list of actions that will be attached to the monitoring rule.", "recon", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["UpdateActionV1", "PATCH", "/recon/entities/actions/v1", "Update an action for a monitoring rule.", "recon", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["DeleteActionV1", "DELETE", "/recon/entities/actions/v1", "Delete an action from a monitoring rule based on the action ID.", "recon", [{ + "type": "string", + "description": "ID of the action.", + "name": "id", + "in": "query", + "required": 1 + }]], + ["GetFileContentForExportJobsV1", "GET", "/recon/entities/export-files/v1", "Download the file associated with a job ID.", "recon", [{ + "type": "string", + "description": "Export Job ID.", + "name": "id", + "in": "query", + "required": 1 + }]], + ["GetExportJobsV1", "GET", "/recon/entities/exports/v1", "Get the status of export jobs based on their IDs. Export jobs can be launched by calling POST /entities/exports/v1. When a job is complete, use the job ID to download the file(s) associated with it using GET entities/export-files/v1.", "recon", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Export Job IDs.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["CreateExportJobsV1", "POST", "/recon/entities/exports/v1", "Launch asynchronous export job. Use the job ID to poll the status of the job using GET /entities/exports/v1.", "recon", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["DeleteExportJobsV1", "DELETE", "/recon/entities/exports/v1", "Delete export jobs (and their associated file(s)) based on their IDs.", "recon", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Export Job IDs.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetNotificationsDetailedTranslatedV1", "GET", "/recon/entities/notifications-detailed-translated/v1", "Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match. This endpoint will return translated notification content. The only target language available is English. A single notification can be translated per request", "recon", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Notification IDs.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetNotificationsDetailedV1", "GET", "/recon/entities/notifications-detailed/v1", "Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match.", "recon", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Notification IDs.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetNotificationsExposedDataRecordsV1", "GET", "/recon/entities/notifications-exposed-data-records/v1", "Get notifications exposed data records based on their IDs. IDs can be retrieved using the GET /queries/notifications-exposed-data-records/v1 endpoint. The associate notification can be fetched using the /entities/notifications/v* endpoints", "recon", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Notification exposed records IDs.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetNotificationsTranslatedV1", "GET", "/recon/entities/notifications-translated/v1", "Get notifications based on their IDs. IDs can be retrieved using the GET /queries/notifications/v1 endpoint. This endpoint will return translated notification content. The only target language available is English.", "recon", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Notification IDs.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetNotificationsV1", "GET", "/recon/entities/notifications/v1", "Get notifications based on their IDs. IDs can be retrieved using the GET /queries/notifications/v1 endpoint.", "recon", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Notification IDs.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["UpdateNotificationsV1", "PATCH", "/recon/entities/notifications/v1", "Update notification status or assignee. Accepts bulk requests", "recon", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["DeleteNotificationsV1", "DELETE", "/recon/entities/notifications/v1", "Delete notifications based on IDs. Notifications cannot be recovered after they are deleted.", "recon", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Notifications IDs.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetRulesV1", "GET", "/recon/entities/rules/v1", "Get monitoring rules rules by provided IDs.", "recon", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "IDs of rules.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["CreateRulesV1", "POST", "/recon/entities/rules/v1", "Create monitoring rules.", "recon", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["UpdateRulesV1", "PATCH", "/recon/entities/rules/v1", "Update monitoring rules.", "recon", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["DeleteRulesV1", "DELETE", "/recon/entities/rules/v1", "Delete monitoring rules.", "recon", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "IDs of rules.", + "name": "ids", + "in": "query", + "required": 1 + }, { + "type": "boolean", + "description": "Whether we should delete the notifications generated by this rule or not", + "name": "notificationsDeletionRequested", + "in": "query" + }]], + ["QueryActionsV1", "GET", "/recon/queries/actions/v1", "Query actions based on provided criteria. Use the IDs from this response to get the action entities on GET /entities/actions/v1.", "recon", [{ + "type": "integer", + "description": "Starting index of overall result set from which to return IDs.", + "name": "offset", + "in": "query" + }, { + "maximum": 500, + "minimum": 1, + "type": "integer", + "description": "Number of IDs to return. Offset + limit should NOT be above 10K.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Possible order by fields: created_timestamp, updated_timestamp. Ex: 'updated_timestamp|desc'.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query to filter actions by. Possible filter properties are: [id cid user_uuid rule_id type frequency recipients status created_timestamp updated_timestamp]", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Free text search across all indexed fields", + "name": "q", + "in": "query" + }]], + ["QueryNotificationsExposedDataRecordsV1", "GET", "/recon/queries/notifications-exposed-data-records/v1", "Query notifications exposed data records based on provided criteria. Use the IDs from this response to get the notification +entities on GET /entities/notifications-exposed-data-records/v1", "recon", [{ + "type": "integer", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "maximum": 500, + "minimum": 1, + "type": "integer", + "description": "Number of IDs to return. Offset + limit should NOT be above 10K.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Possible order by fields: created_date, updated_date. Ex: 'updated_date|desc'.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query to filter notifications by. Possible filter properties are: [id cid user_uuid created_date exposure_date rule.id rule.name rule.topic notification_id source_category site site_id author author_id user_id user_name impacted_url impacted_domain impacted_ip email email_domain hash_type display_name full_name user_ip phone_number company job_position file.name file.complete_data_set file.download_urls location.postal_code location.city location.state location.federal_district location.federal_admin_region location.country_code social.twitter_id social.facebook_id social.vk_id social.vk_token social.aim_id social.icq_id social.msn_id social.instagram_id social.skype_id financial.credit_card financial.bank_account financial.crypto_currency_addresses login_id _all]", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Free text search across all indexed fields.", + "name": "q", + "in": "query" + }]], + ["QueryNotificationsV1", "GET", "/recon/queries/notifications/v1", "Query notifications based on provided criteria. Use the IDs from this response to get the notification +entities on GET /entities/notifications/v1, GET /entities/notifications-detailed/v1, +GET /entities/notifications-translated/v1 or GET /entities/notifications-detailed-translated/v1.", "recon", [{ + "type": "integer", + "description": "Starting index of overall result set from which to return IDs.", + "name": "offset", + "in": "query" + }, { + "maximum": 500, + "minimum": 1, + "type": "integer", + "description": "Number of IDs to return. Offset + limit should NOT be above 10K.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Possible order by fields: `created_date`, `updated_date`. Ex: `updated_date|desc`.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query to filter notifications by. Possible filter properties are: `typosquatting.parent_domain.unicode_format`, `typosquatting.id`, `typosquatting.base_domain.whois.name_servers`, `rule_id`, `item_site`, `typosquatting.base_domain.is_registered`, `assigned_to_uuid`, `rule_priority`, `typosquatting.base_domain.punycode_format`, `typosquatting.base_domain.id`, `rule_name`, `typosquatting.unicode_format`, `rule_topic`, `item_type`, `typosquatting.base_domain.whois.registrant.email`, `cid`, `status`, `typosquatting.base_domain.whois.registrar.name`, `typosquatting.base_domain.whois.registrar.status`, `typosquatting.base_domain.whois.registrant.org`, `typosquatting.parent_domain.id`, `typosquatting.base_domain.unicode_format`, `updated_date`, `typosquatting.base_domain.whois.registrant.name`, `created_date`, `typosquatting.punycode_format`, `typosquatting.parent_domain.punycode_format`, `id`, `user_uuid`", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Free text search across all indexed fields.", + "name": "q", + "in": "query" + }]], + ["QueryRulesV1", "GET", "/recon/queries/rules/v1", "Query monitoring rules based on provided criteria. Use the IDs from this response to fetch the rules on /entities/rules/v1.", "recon", [{ + "type": "integer", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "maximum": 500, + "minimum": 1, + "type": "integer", + "description": "Number of IDs to return. Offset + limit should NOT be above 10K.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Possible order by fields: created_timestamp, last_updated_timestamp. Ex: 'last_updated_timestamp|desc'.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query to filter rules by. Possible filter properties are: [id cid user_uuid topic priority permissions filter status created_timestamp last_updated_timestamp]", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Free text search across all indexed fields.", + "name": "q", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/report_executions.ts b/src/_endpoints/report_executions.ts new file mode 100644 index 00000000..126c703c --- /dev/null +++ b/src/_endpoints/report_executions.ts @@ -0,0 +1,55 @@ +/** + * contains all method definitions for API: report executions + * consumed and interpreted by Falcon.command(...) + */ +export var _report_executions_endpoints: Array = [ + ["report_executions_download_get", "GET", "/reports/entities/report-executions-download/v1", "Get report entity download", "report_executions", [{ + "type": "string", + "description": "The report_execution id to download", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["report_executions_retry", "POST", "/reports/entities/report-executions-retry/v1", "This endpoint will be used to retry report executions", "report_executions", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["report_executions_get", "GET", "/reports/entities/report-executions/v1", "Retrieve report details for the provided report IDs.", "report_executions", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The report_execution id to get details about.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["report_executions_query", "GET", "/reports/queries/report-executions/v1", "Find all report execution IDs matching the query with filter", "report_executions", [{ + "type": "string", + "description": "Possible order by fields: created_on, last_updated_on", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters. Filter term criteria: type, scheduled_report_id, status.Filter range criteria: created_on, last_updated_on, expiration_on; use any common date format,such as '2010-05-15T14:55:21.892315096Z'.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match query criteria, which includes all the filter string fields", + "name": "q", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/response_policies.ts b/src/_endpoints/response_policies.ts new file mode 100644 index 00000000..c69cbce6 --- /dev/null +++ b/src/_endpoints/response_policies.ts @@ -0,0 +1,163 @@ +/** + * contains all method definitions for API: response policies + * consumed and interpreted by Falcon.command(...) + */ +export var _response_policies_endpoints: Array = [ + ["queryCombinedRTResponsePolicyMembers", "GET", "/policy/combined/response-members/v1", "Search for members of a Response policy in your environment by providing an FQL filter and paging details.Returns a set of host details which match the filter criteria", "response_policies", [{ + "type": "string", + "description": "The ID of the Response policy to search for members of", + "name": "id", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["queryCombinedRTResponsePolicies", "GET", "/policy/combined/response/v1", "Search for Response Policies in your environment by providing an FQL filter and paging details.Returns a set of Response Policies which match the filter criteria", "response_policies", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["performRTResponsePoliciesAction", "POST", "/policy/entities/response-actions/v1", "Perform the specified action on the Response Policies specified in the request", "response_policies", [{ + "enum": ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], + "type": "string", + "description": "The action to perform", + "name": "action_name", + "in": "query", + "required": 1 + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["setRTResponsePoliciesPrecedence", "POST", "/policy/entities/response-precedence/v1", "Sets the precedence of Response Policies based on the order of IDs specified in the request.The first ID specified will have the highest precedence and the last ID specified will have the lowest.You must specify all non-Default Policies for a platform when updating precedence", "response_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["getRTResponsePolicies", "GET", "/policy/entities/response/v1", "Retrieve a set of Response Policies by specifying their IDs", "response_policies", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the RTR Policies to return", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["createRTResponsePolicies", "POST", "/policy/entities/response/v1", "Create Response Policies by specifying details about the policy to create", "response_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["updateRTResponsePolicies", "PATCH", "/policy/entities/response/v1", "Update Response Policies by specifying the ID of the policy and details to update", "response_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteRTResponsePolicies", "DELETE", "/policy/entities/response/v1", "Delete a set of Response Policies by specifying their IDs", "response_policies", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the Response Policies to delete", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["queryRTResponsePolicyMembers", "GET", "/policy/queries/response-members/v1", "Search for members of a Response policy in your environment by providing an FQL filter and paging details.Returns a set of Agent IDs which match the filter criteria", "response_policies", [{ + "type": "string", + "description": "The ID of the Response policy to search for members of", + "name": "id", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["queryRTResponsePolicies", "GET", "/policy/queries/response/v1", "Search for Response Policies in your environment by providing an FQL filter with sort and/or paging details.This returns a set of Response Policy IDs that match the given criteria.", "response_policies", [{ + "type": "string", + "description": "The filter expression that should be used to determine the results.", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset of the first record to retrieve from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum number of records to return [1-5000]", + "name": "limit", + "in": "query" + }, { + "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], + "type": "string", + "description": "The property to sort results by", + "name": "sort", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/sample_uploads.ts b/src/_endpoints/sample_uploads.ts new file mode 100644 index 00000000..a34c57d9 --- /dev/null +++ b/src/_endpoints/sample_uploads.ts @@ -0,0 +1,186 @@ +/** + * contains all method definitions for API: sample uploads + * consumed and interpreted by Falcon.command(...) + */ +export var _sample_uploads_endpoints: Array = [ + ["ArchiveListV1", "GET", "/archives/entities/archive-files/v1", "Retrieves the archives files in chunks.", "sample_uploads", [{ + "type": "string", + "description": "The archive SHA256.", + "name": "id", + "in": "query", + "required": 1 + }, { + "type": "integer", + "default": 100, + "description": "Max number of files to retrieve.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Offset from where to get files.", + "name": "offset", + "in": "query" + }]], + ["ArchiveGetV1", "GET", "/archives/entities/archives/v1", "Retrieves the archives upload operation statuses. Status `done` means that archive was processed successfully. Status `error` means that archive was not processed successfully.", "sample_uploads", [{ + "type": "string", + "description": "The archive SHA256.", + "name": "id", + "in": "query", + "required": 1 + }, { + "type": "boolean", + "default": 0, + "description": "If `true` includes processed archive files in response.", + "name": "include_files", + "in": "query" + }]], + ["ArchiveUploadV1", "POST", "/archives/entities/archives/v1", "Uploads an archive and extracts files list from it. Operation is asynchronous use the ListArchivesV1 operation to check the status. After uploading, use the ExtractionCreateV1 operation to copy the file to internal storage making it available for content analysis. This method is deprecated in favor of ArchiveUploadV2.", "sample_uploads", [{ + "description": "Content of the uploaded archive in binary format. Max file size: 100 MB.\n\nAccepted file formats:\n\n- Portable executables: `.zip`, `.7z`.", + "name": "body", + "in": "body", + "required": 1 + }, { + "type": "string", + "description": "Name of the archive.", + "name": "name", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Archive password.", + "name": "password", + "in": "query" + }, { + "type": "boolean", + "default": 1, + "description": "Defines visibility of this file, either via the API or the Falcon console. - `true`: File is only shown to users within your customer account - `false`: File can be seen by other CrowdStrike customers. Default: `true`.", + "name": "is_confidential", + "in": "query" + }, { + "type": "string", + "description": "A descriptive comment to identify the file for other users.", + "name": "comment", + "in": "query" + }]], + ["ArchiveDeleteV1", "DELETE", "/archives/entities/archives/v1", "Delete an archive that was uploaded previously", "sample_uploads", [{ + "type": "string", + "description": "The archive SHA256.", + "name": "id", + "in": "query", + "required": 1 + }]], + ["ArchiveUploadV2", "POST", "/archives/entities/archives/v2", "Uploads an archive and extracts files list from it. Operation is asynchronous use `/archives/entities/archives/v1` to check the status. After uploading, use `/archives/entities/extractions/v1` to copy the file to internal storage making it available for content analysis.", "sample_uploads", [{ + "type": "file", + "description": "Content of the uploaded archive. For example, use `--form file=@$FILE_PATH` when using cURL.", + "name": "file", + "in": "formData", + "required": 1 + }, { + "type": "string", + "description": "Archive password. For example, use `--form password=` when using cURL.", + "name": "password", + "in": "formData" + }, { + "type": "string", + "description": "Name of the archive. For example, use `--form name=` when using cURL.", + "name": "name", + "in": "formData", + "required": 1 + }, { + "type": "boolean", + "default": 1, + "description": "Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console. For example, use `--form is_confidential=` when using cURL.\n\n- `true`: File is only shown to users within your customer account\n- `false`: File can be seen by other CrowdStrike customers \n\nDefault: `true`.", + "name": "is_confidential", + "in": "formData" + }, { + "type": "string", + "description": "A descriptive comment to identify the file for other users. For example, use `--form comment=` when using cURL.", + "name": "comment", + "in": "formData" + }]], + ["ExtractionListV1", "GET", "/archives/entities/extraction-files/v1", "Retrieves the files extractions in chunks. Status `done` means that all files were processed successfully. Status `error` means that at least one of the file could not be processed.", "sample_uploads", [{ + "type": "string", + "description": "The extraction operation ID.", + "name": "id", + "in": "query", + "required": 1 + }, { + "type": "integer", + "default": 0, + "description": "Max number of file extractions to retrieve.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Offset from where to get file extractions.", + "name": "offset", + "in": "query" + }]], + ["ExtractionGetV1", "GET", "/archives/entities/extractions/v1", "Retrieves the files extraction operation statuses. Status `done` means that all files were processed successfully. Status `error` means that at least one of the file could not be processed.", "sample_uploads", [{ + "type": "string", + "description": "The extraction operation ID.", + "name": "id", + "in": "query", + "required": 1 + }, { + "type": "boolean", + "default": 0, + "description": "If `true` includes processed archive files in response.", + "name": "include_files", + "in": "query" + }]], + ["ExtractionCreateV1", "POST", "/archives/entities/extractions/v1", "Extracts files from an uploaded archive and copies them to internal storage making it available for content analysis.", "sample_uploads", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["GetSampleV3", "GET", "/samples/entities/samples/v3", "Retrieves the file associated with the given ID (SHA256)", "sample_uploads", [{ + "type": "string", + "description": "The file SHA256.", + "name": "ids", + "in": "query", + "required": 1 + }, { + "type": "boolean", + "default": 0, + "description": "Flag whether the sample should be zipped and password protected with pass='infected'", + "name": "password_protected", + "in": "query" + }]], + ["UploadSampleV3", "POST", "/samples/entities/samples/v3", "Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint.", "sample_uploads", [{ + "description": "Content of the uploaded sample in binary format. For example, use `--data-binary @$FILE_PATH` when using cURL. Max file size: 100 MB.\n\nAccepted file formats:\n\n- Portable executables: `.exe`, `.scr`, `.pif`, `.dll`, `.com`, `.cpl`, etc.\n- Office documents: `.doc`, `.docx`, `.ppt`, `.pps`, `.pptx`, `.ppsx`, `.xls`, `.xlsx`, `.rtf`, `.pub`\n- PDF\n- APK\n- Executable JAR\n- Windows script component: `.sct`\n- Windows shortcut: `.lnk`\n- Windows help: `.chm`\n- HTML application: `.hta`\n- Windows script file: `.wsf`\n- Javascript: `.js`\n- Visual Basic: `.vbs`, `.vbe`\n- Shockwave Flash: `.swf`\n- Perl: `.pl`\n- Powershell: `.ps1`, `.psd1`, `.psm1`\n- Scalable vector graphics: `.svg`\n- Python: `.py`\n- Linux ELF executables\n- Email files: MIME RFC 822 `.eml`, Outlook `.msg`.", + "name": "body", + "in": "body", + "required": 1 + }, { + "type": "file", + "description": "The binary file.", + "name": "upfile", + "in": "formData", + "required": 1 + }, { + "type": "string", + "description": "Name of the file.", + "name": "file_name", + "in": "formData", + "required": 1 + }, { + "type": "string", + "description": "A descriptive comment to identify the file for other users.", + "name": "comment", + "in": "formData" + }, { + "type": "boolean", + "default": 1, + "description": "Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console.\n\n- `true`: File is only shown to users within your customer account\n- `false`: File can be seen by other CrowdStrike customers \n\nDefault: `true`.", + "name": "is_confidential", + "in": "formData" + }]], + ["DeleteSampleV3", "DELETE", "/samples/entities/samples/v3", "Removes a sample, including file, meta and submissions from the collection", "sample_uploads", [{ + "type": "string", + "description": "The file SHA256.", + "name": "ids", + "in": "query", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/scheduled_reports.ts b/src/_endpoints/scheduled_reports.ts new file mode 100644 index 00000000..9e398dc6 --- /dev/null +++ b/src/_endpoints/scheduled_reports.ts @@ -0,0 +1,48 @@ +/** + * contains all method definitions for API: scheduled reports + * consumed and interpreted by Falcon.command(...) + */ +export var _scheduled_reports_endpoints: Array = [ + ["scheduled_reports_launch", "POST", "/reports/entities/scheduled-reports/execution/v1", "Launch scheduled reports executions for the provided report IDs.", "scheduled_reports", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["scheduled_reports_get", "GET", "/reports/entities/scheduled-reports/v1", "Retrieve scheduled reports for the provided report IDs.", "scheduled_reports", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The scheduled_report id to get details about.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["scheduled_reports_query", "GET", "/reports/queries/scheduled-reports/v1", "Find all report IDs matching the query with filter", "scheduled_reports", [{ + "type": "string", + "description": "Possible order by fields: created_on, last_updated_on, last_execution_on, next_execution_on", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters. Filter term criteria: type,trigger_reference, recipients, user_uuid, cid, trigger_params.metadata.Filter range criteria: created_on, modified_on; use any common date format,such as '2010-05-15T14:55:21.892315096Z'.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match query criteria, which includes all the filter string fields", + "name": "q", + "in": "query" + }, { + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/sensor_download.ts b/src/_endpoints/sensor_download.ts new file mode 100644 index 00000000..f3f8a655 --- /dev/null +++ b/src/_endpoints/sensor_download.ts @@ -0,0 +1,67 @@ +/** + * contains all method definitions for API: sensor download + * consumed and interpreted by Falcon.command(...) + */ +export var _sensor_download_endpoints: Array = [ + ["GetCombinedSensorInstallersByQuery", "GET", "/sensors/combined/installers/v1", "Get sensor installer details by provided query", "sensor_download", [{ + "type": "integer", + "description": "The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort items using their properties. Common sort options include:\n\n
  • version|asc
  • release_date|desc
", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results.\n\nCommon filter options include:\n
  • platform:\"windows\"
  • version:>\"5.2\"
", + "name": "filter", + "in": "query" + }]], + ["DownloadSensorInstallerById", "GET", "/sensors/entities/download-installer/v1", "Download sensor installer by SHA256 ID", "sensor_download", [{ + "type": "string", + "description": "SHA256 of the installer to download", + "name": "id", + "in": "query", + "required": 1 + }]], + ["GetSensorInstallersEntities", "GET", "/sensors/entities/installers/v1", "Get sensor installer details by provided SHA256 IDs", "sensor_download", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the installers", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetSensorInstallersCCIDByQuery", "GET", "/sensors/queries/installers/ccid/v1", "Get CCID to use with sensor installers", "sensor_download", []], + ["GetSensorInstallersByQuery", "GET", "/sensors/queries/installers/v1", "Get sensor installer IDs by provided query", "sensor_download", [{ + "type": "integer", + "description": "The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort items using their properties. Common sort options include:\n\n
  • version|asc
  • release_date|desc
", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results.\n\nCommon filter options include:\n
  • platform:\"windows\"
  • version:>\"5.2\"
", + "name": "filter", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/sensor_update_policies.ts b/src/_endpoints/sensor_update_policies.ts new file mode 100644 index 00000000..213c3a0a --- /dev/null +++ b/src/_endpoints/sensor_update_policies.ts @@ -0,0 +1,275 @@ +/** + * contains all method definitions for API: sensor update policies + * consumed and interpreted by Falcon.command(...) + */ +export var _sensor_update_policies_endpoints: Array = [ + ["revealUninstallToken", "POST", "/policy/combined/reveal-uninstall-token/v1", "Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id'", "sensor_update_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["queryCombinedSensorUpdateBuilds", "GET", "/policy/combined/sensor-update-builds/v1", "Retrieve available builds for use with Sensor Update Policies", "sensor_update_policies", [{ + "enum": ["linux", "linuxarm64", "mac", "windows", "zlinux"], + "type": "string", + "description": "The platform to return builds for", + "name": "platform", + "in": "query" + }, { + "enum": ["early_adopter", "prod"], + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "The stages to return builds for", + "name": "stage", + "in": "query" + }]], + ["queryCombinedSensorUpdateKernels", "GET", "/policy/combined/sensor-update-kernels/v1", "Retrieve kernel compatibility info for Sensor Update Builds", "sensor_update_policies", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 500, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }]], + ["queryCombinedSensorUpdatePolicyMembers", "GET", "/policy/combined/sensor-update-members/v1", "Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", "sensor_update_policies", [{ + "type": "string", + "description": "The ID of the Sensor Update Policy to search for members of", + "name": "id", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["queryCombinedSensorUpdatePolicies", "GET", "/policy/combined/sensor-update/v1", "Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria", "sensor_update_policies", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["queryCombinedSensorUpdatePoliciesV2", "GET", "/policy/combined/sensor-update/v2", "Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria", "sensor_update_policies", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["performSensorUpdatePoliciesAction", "POST", "/policy/entities/sensor-update-actions/v1", "Perform the specified action on the Sensor Update Policies specified in the request", "sensor_update_policies", [{ + "enum": ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], + "type": "string", + "description": "The action to perform", + "name": "action_name", + "in": "query", + "required": 1 + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["setSensorUpdatePoliciesPrecedence", "POST", "/policy/entities/sensor-update-precedence/v1", "Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence", "sensor_update_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["getSensorUpdatePolicies", "GET", "/policy/entities/sensor-update/v1", "Retrieve a set of Sensor Update Policies by specifying their IDs", "sensor_update_policies", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the Sensor Update Policies to return", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["createSensorUpdatePolicies", "POST", "/policy/entities/sensor-update/v1", "Create Sensor Update Policies by specifying details about the policy to create", "sensor_update_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["updateSensorUpdatePolicies", "PATCH", "/policy/entities/sensor-update/v1", "Update Sensor Update Policies by specifying the ID of the policy and details to update", "sensor_update_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteSensorUpdatePolicies", "DELETE", "/policy/entities/sensor-update/v1", "Delete a set of Sensor Update Policies by specifying their IDs", "sensor_update_policies", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the Sensor Update Policies to delete", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["getSensorUpdatePoliciesV2", "GET", "/policy/entities/sensor-update/v2", "Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs", "sensor_update_policies", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The IDs of the Sensor Update Policies to return", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["createSensorUpdatePoliciesV2", "POST", "/policy/entities/sensor-update/v2", "Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection", "sensor_update_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["updateSensorUpdatePoliciesV2", "PATCH", "/policy/entities/sensor-update/v2", "Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection", "sensor_update_policies", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["querySensorUpdateKernelsDistinct", "GET", "/policy/queries/sensor-update-kernels/{}/v1", "Retrieve kernel compatibility info for Sensor Update Builds", "sensor_update_policies", [{ + "type": "string", + "description": "The field name to get distinct values for", + "name": "distinct-field", + "in": "path", + "required": 1 + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 500, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }]], + ["querySensorUpdatePolicyMembers", "GET", "/policy/queries/sensor-update-members/v1", "Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria", "sensor_update_policies", [{ + "type": "string", + "description": "The ID of the Sensor Update Policy to search for members of", + "name": "id", + "in": "query" + }, { + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["querySensorUpdatePolicies", "GET", "/policy/queries/sensor-update/v1", "Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria", "sensor_update_policies", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The maximum records to return. [1-5000]", + "name": "limit", + "in": "query" + }, { + "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], + "type": "string", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/sensor_visibility_exclusions.ts b/src/_endpoints/sensor_visibility_exclusions.ts new file mode 100644 index 00000000..b70137b6 --- /dev/null +++ b/src/_endpoints/sensor_visibility_exclusions.ts @@ -0,0 +1,65 @@ +/** + * contains all method definitions for API: sensor visibility exclusions + * consumed and interpreted by Falcon.command(...) + */ +export var _sensor_visibility_exclusions_endpoints: Array = [ + ["getSensorVisibilityExclusionsV1", "GET", "/policy/entities/sv-exclusions/v1", "Get a set of Sensor Visibility Exclusions by specifying their IDs", "sensor_visibility_exclusions", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The ids of the exclusions to retrieve", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["createSVExclusionsV1", "POST", "/policy/entities/sv-exclusions/v1", "Create the sensor visibility exclusions", "sensor_visibility_exclusions", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["updateSensorVisibilityExclusionsV1", "PATCH", "/policy/entities/sv-exclusions/v1", "Update the sensor visibility exclusions", "sensor_visibility_exclusions", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteSensorVisibilityExclusionsV1", "DELETE", "/policy/entities/sv-exclusions/v1", "Delete the sensor visibility exclusions by id", "sensor_visibility_exclusions", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "The ids of the exclusions to delete", + "name": "ids", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Explains why this exclusions was deleted", + "name": "comment", + "in": "query" + }]], + ["querySensorVisibilityExclusionsV1", "GET", "/policy/queries/sv-exclusions/v1", "Search for sensor visibility exclusions.", "sensor_visibility_exclusions", [{ + "type": "string", + "description": "The filter expression that should be used to limit the results.", + "name": "filter", + "in": "query" + }, { + "type": "integer", + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "enum": ["applied_globally.asc", "applied_globally.desc", "created_by.asc", "created_by.desc", "created_on.asc", "created_on.desc", "last_modified.asc", "last_modified.desc", "modified_by.asc", "modified_by.desc", "value.asc", "value.desc"], + "type": "string", + "description": "The sort expression that should be used to sort the results.", + "name": "sort", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/spotlight_evaluation_logic.ts b/src/_endpoints/spotlight_evaluation_logic.ts new file mode 100644 index 00000000..64740e07 --- /dev/null +++ b/src/_endpoints/spotlight_evaluation_logic.ts @@ -0,0 +1,61 @@ +/** + * contains all method definitions for API: spotlight evaluation logic + * consumed and interpreted by Falcon.command(...) + */ +export var _spotlight_evaluation_logic_endpoints: Array = [ + ["combinedQueryEvaluationLogic", "GET", "/spotlight/combined/evaluation-logic/v1", "Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.", "spotlight_evaluation_logic", [{ + "type": "string", + "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + "name": "after", + "in": "query" + }, { + "type": "integer", + "description": "Maximum number of entities to return.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters.", + "name": "filter", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Sort evaluation logic by their properties.", + "name": "sort", + "in": "query" + }]], + ["getEvaluationLogic", "GET", "/spotlight/entities/evaluation-logic/v1", "Get details on evaluation logic items by providing one or more IDs.", "spotlight_evaluation_logic", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more evaluation logic IDs.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["queryEvaluationLogic", "GET", "/spotlight/queries/evaluation-logic/v1", "Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria.", "spotlight_evaluation_logic", [{ + "type": "string", + "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + "name": "after", + "in": "query" + }, { + "type": "integer", + "description": "Maximum number of entities to return.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters.", + "name": "filter", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Sort evaluation logic by their properties.", + "name": "sort", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/spotlight_vulnerabilities.ts b/src/_endpoints/spotlight_vulnerabilities.ts new file mode 100644 index 00000000..c598d0c7 --- /dev/null +++ b/src/_endpoints/spotlight_vulnerabilities.ts @@ -0,0 +1,96 @@ +/** + * contains all method definitions for API: spotlight vulnerabilities + * consumed and interpreted by Falcon.command(...) + */ +export var _spotlight_vulnerabilities_endpoints: Array = [ + ["combinedQueryVulnerabilities", "GET", "/spotlight/combined/vulnerabilities/v1", "Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria", "spotlight_vulnerabilities", [{ + "type": "string", + "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + "name": "after", + "in": "query" + }, { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort vulnerabilities by their properties. Common sort options include:\n\n
  • created_timestamp|desc
  • closed_timestamp|asc
", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. \n\nCommon filter options include:\n\n
  • created_timestamp:>'2019-11-25T22:36:12Z'
  • closed_timestamp:>'2019-11-25T22:36:12Z'
  • aid:'8e7656b27d8c49a34a1af416424d6231'
", + "name": "filter", + "in": "query", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Select various details blocks to be returned for each vulnerability entity. Supported values:\n\n
  • host_info
  • remediation
  • cve
  • evaluation_logic
", + "name": "facet", + "in": "query" + }]], + ["getRemediationsV2", "GET", "/spotlight/entities/remediations/v2", "Get details on remediation by providing one or more IDs", "spotlight_vulnerabilities", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more remediation IDs", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["getVulnerabilities", "GET", "/spotlight/entities/vulnerabilities/v2", "Get details on vulnerabilities by providing one or more IDs", "spotlight_vulnerabilities", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more vulnerability IDs (max: 400). Find vulnerability IDs with GET /spotlight/queries/vulnerabilities/v1", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["queryVulnerabilities", "GET", "/spotlight/queries/vulnerabilities/v1", "Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria", "spotlight_vulnerabilities", [{ + "type": "string", + "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + "name": "after", + "in": "query" + }, { + "maximum": 400, + "minimum": 1, + "type": "integer", + "description": "The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Sort vulnerabilities by their properties. Common sort options include:\n\n
  • created_timestamp|desc
  • closed_timestamp|asc
", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. \n\nCommon filter options include:\n\n
  • created_timestamp:>'2019-11-25T22:36:12Z'
  • closed_timestamp:>'2019-11-25T22:36:12Z'
  • aid:'8e7656b27d8c49a34a1af416424d6231'
", + "name": "filter", + "in": "query", + "required": 1 + }]], + ["getRemediations", "GET", "/spotlight/entities/remediations/v2", "Get details on remediations by providing one or more IDs", "spotlight_vulnerabilities", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more remediation IDs (max: 400).", + "name": "ids", + "in": "query", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/tailored_intelligence.ts b/src/_endpoints/tailored_intelligence.ts new file mode 100644 index 00000000..ac6d0f68 --- /dev/null +++ b/src/_endpoints/tailored_intelligence.ts @@ -0,0 +1,75 @@ +/** + * contains all method definitions for API: tailored intelligence + * consumed and interpreted by Falcon.command(...) + */ +export var _tailored_intelligence_endpoints: Array = [ + ["GetEventsBody", "GET", "/ti/events/entities/events-full-body/v2", "Get event body for the provided event ID", "tailored_intelligence", [{ + "type": "string", + "description": "Return the event body for event id.", + "name": "id", + "in": "query", + "required": 1 + }]], + ["GetEventsEntities", "POST", "/ti/events/entities/events/GET/v2", "Get events entities for specified ids.", "tailored_intelligence", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["QueryEvents", "GET", "/ti/events/queries/events/v2", "Get events ids that match the provided filter criteria.", "tailored_intelligence", [{ + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Possible order by fields: source_type, created_date, updated_date. Ex: 'updated_date|desc'.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters. Special value '*' means to not filter on anything.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match phrase_prefix query criteria; included fields: _all (all filter string fields indexed).", + "name": "q", + "in": "query" + }]], + ["GetRulesEntities", "POST", "/ti/rules/entities/rules/GET/v2", "Get rules entities for specified ids.", "tailored_intelligence", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["QueryRules", "GET", "/ti/rules/queries/rules/v2", "Get rules ids that match the provided filter criteria.", "tailored_intelligence", [{ + "type": "string", + "description": "Starting index of overall result set from which to return ids.", + "name": "offset", + "in": "query" + }, { + "type": "integer", + "description": "Number of ids to return.", + "name": "limit", + "in": "query" + }, { + "type": "string", + "description": "Possible order by fields: name, value, rule_type, customer_id, created_date, updated_date. Ex: 'updated_date|asc'.", + "name": "sort", + "in": "query" + }, { + "type": "string", + "description": "FQL query specifying the filter parameters. Special value '*' means to not filter on anything.", + "name": "filter", + "in": "query" + }, { + "type": "string", + "description": "Match phrase_prefix query criteria; included fields: _all (all filter string fields indexed).", + "name": "q", + "in": "query" + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/user_management.ts b/src/_endpoints/user_management.ts new file mode 100644 index 00000000..d46235ee --- /dev/null +++ b/src/_endpoints/user_management.ts @@ -0,0 +1,258 @@ +/** + * contains all method definitions for API: user management + * consumed and interpreted by Falcon.command(...) + */ +export var _user_management_endpoints: Array = [ + ["combinedUserRolesV1", "GET", "/user-management/combined/user-roles/v1", "Get User Grant(s). This endpoint lists both direct as well as flight control grants between a User and a Customer.", "user_management", [{ + "type": "string", + "description": "User UUID to get available roles for.", + "name": "user_uuid", + "in": "query", + "required": 1 + }, { + "type": "string", + "description": "Customer ID to get grants for. Empty CID would result in Role IDs for user against current CID in view.", + "name": "cid", + "in": "query" + }, { + "type": "boolean", + "default": 0, + "description": "Specifies if to request direct Only role grants or all role grants between user and CID (specified in query params)", + "name": "direct_only", + "in": "query" + }, { + "type": "string", + "description": "Filter using a query in Falcon Query Language (FQL). Supported filters: role_id, role_name", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "default": 0, + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 500, + "minimum": 1, + "type": "integer", + "default": 100, + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "enum": ["cid|asc", "cid|desc", "role_name|asc", "role_name|desc", "type|asc", "type|desc"], + "type": "string", + "default": "role_name|asc", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["entitiesRolesV1", "GET", "/user-management/entities/roles/v1", "Get info about a role", "user_management", [{ + "type": "string", + "description": "Customer ID to get available roles for. Empty CID would result in Role IDs for current CID in view.", + "name": "cid", + "in": "query" + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "ID of a role. Find a role ID from `/user-management/queries/roles/v1`.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["userActionV1", "POST", "/user-management/entities/user-actions/v1", "Apply actions to one or more User. Available action names: reset_2fa, reset_password. User UUIDs can be provided in `ids` param as part of request payload.", "user_management", [{ + "description": "User UUIDs and Action Name params are required. Allowed values for Action Name param includes 'reset_2fa' and 'reset_password'", + "name": "body", + "in": "body", + "required": 1 + }]], + ["userRolesActionV1", "POST", "/user-management/entities/user-role-actions/v1", "Grant or Revoke one or more role(s) to a user against a CID.", "user_management", [{ + "description": "All fields including CID, RoleID(s), User UUID and Action are required. Allowed values for Action param include 'grant' and 'revoke'.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["retrieveUsersGETV1", "POST", "/user-management/entities/users/GET/v1", "Get info about users including their name, UID and CID by providing user UUIDs", "user_management", [{ + "description": "Maximum of 5000 User UUIDs can be specified per request.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["createUserV1", "POST", "/user-management/entities/users/v1", "Create a new user. After creating a user, assign one or more roles with POST '/user-management/entities/user-role-actions/v1'", "user_management", [{ + "type": "boolean", + "default": 0, + "description": "Validate of user is allowed, but do not create user.", + "name": "validate_only", + "in": "query" + }, { + "description": "Attributes for this user. `uid` (required) is the user's email address, which is their username in Falcon.\n\nOptional attributes:\n\n
  • `firstName`
  • `lastName`
  • `password`
\n\nAs a best practice, we recommend omitting `password`. If single sign-on is enabled for your customer account, the `password` attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no `password`. The user should use the activation email to set their own password.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["updateUserV1", "PATCH", "/user-management/entities/users/v1", "Modify an existing user's first or last name.", "user_management", [{ + "type": "string", + "description": "user uuid", + "name": "user_uuid", + "in": "query", + "required": 1 + }, { + "description": "Both firstName and lastName have to specified.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["deleteUserV1", "DELETE", "/user-management/entities/users/v1", "Delete a user permanently.", "user_management", [{ + "type": "string", + "description": "User UUID.", + "name": "user_uuid", + "in": "query", + "required": 1 + }]], + ["queriesRolesV1", "GET", "/user-management/queries/roles/v1", "Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to `/user-management/entities/roles/v1`.", "user_management", [{ + "type": "string", + "description": "Customer ID to get available roles for. Empty CID would result in Role IDs for current CID in view.", + "name": "cid", + "in": "query" + }, { + "type": "string", + "description": "User UUID to get available roles for. Empty User UUID would returns all roles IDs available for customer.", + "name": "user_uuid", + "in": "query" + }, { + "type": "string", + "default": "grant", + "description": "Actionable purpose of the query", + "name": "action", + "in": "query" + }]], + ["queryUserV1", "GET", "/user-management/queries/users/v1", "List user IDs for all users in your customer account. For more information on each user, provide the user ID to `/user-management/entities/users/GET/v1`.", "user_management", [{ + "type": "string", + "description": "Filter using a query in Falcon Query Language (FQL). Supported filters: assigned_cids, cid, first_name, last_name, name, uid", + "name": "filter", + "in": "query" + }, { + "minimum": 0, + "type": "integer", + "default": 0, + "description": "The offset to start retrieving records from", + "name": "offset", + "in": "query" + }, { + "maximum": 500, + "minimum": 1, + "type": "integer", + "default": 100, + "description": "The maximum records to return. [1-500]", + "name": "limit", + "in": "query" + }, { + "enum": ["cid_name|asc", "cid_name|desc", "created_at|asc", "created_at|desc", "first_name|asc", "first_name|desc", "last_login_at|asc", "last_login_at|desc", "last_name|asc", "last_name|desc", "name|asc", "name|desc", "uid|asc", "uid|desc"], + "type": "string", + "default": "uid|asc", + "description": "The property to sort by", + "name": "sort", + "in": "query" + }]], + ["GetRoles", "GET", "/user-roles/entities/user-roles/v1", "Deprecated : Please use entitiesRolesV1. Get info about a role", "user_management", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "ID of a role. Find a role ID from `/customer/queries/roles/v1` or `/users/queries/roles/v1`.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GrantUserRoleIds", "POST", "/user-roles/entities/user-roles/v1", "Deprecated : Please use userRolesActionV1. Assign one or more roles to a user", "user_management", [{ + "type": "string", + "description": "ID of a user. Find a user's ID from `/users/entities/user/v1`.", + "name": "user_uuid", + "in": "query", + "required": 1 + }, { + "description": "Role ID(s) of the role you want to assign", + "name": "body", + "in": "body", + "required": 1 + }]], + ["RevokeUserRoleIds", "DELETE", "/user-roles/entities/user-roles/v1", "Deprecated : Please use userRolesActionV1. Revoke one or more roles from a user", "user_management", [{ + "type": "string", + "description": "ID of a user. Find a user's ID from `/users/entities/user/v1`.", + "name": "user_uuid", + "in": "query", + "required": 1 + }, { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more role IDs to revoke. Find a role's ID from `/users/queries/roles/v1`.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["GetAvailableRoleIds", "GET", "/user-roles/queries/user-role-ids-by-cid/v1", "Deprecated : Please use queriesRolesV1. Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to `/customer/entities/roles/v1`.", "user_management", []], + ["GetUserRoleIds", "GET", "/user-roles/queries/user-role-ids-by-user-uuid/v1", "Deprecated : Please use combinedUserRolesV1. Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to `/customer/entities/roles/v1`.", "user_management", [{ + "type": "string", + "description": "ID of a user. Find a user's ID from `/users/entities/user/v1`.", + "name": "user_uuid", + "in": "query", + "required": 1 + }]], + ["RetrieveUser", "GET", "/users/entities/users/v1", "Deprecated : Please use retrieveUsersGETV1. Get info about a user", "user_management", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "ID of a user. Find a user's ID from `/users/entities/user/v1`.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["CreateUser", "POST", "/users/entities/users/v1", "Deprecated : Please use createUserV1. Create a new user. After creating a user, assign one or more roles with POST /user-roles/entities/user-roles/v1", "user_management", [{ + "description": "Attributes for this user. `uid` (required) is the user's email address, which is their username in Falcon.\n\nOptional attributes:\n\n
  • `firstName`
  • `lastName`
  • `password`
\n\nAs a best practice, we recommend omitting `password`. If single sign-on is enabled for your customer account, the `password` attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no `password`. The user should use the activation email to set their own password.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["UpdateUser", "PATCH", "/users/entities/users/v1", "Deprecated : Please use updateUserV1. Modify an existing user's first or last name", "user_management", [{ + "type": "string", + "description": "ID of a user. Find a user's ID from `/users/entities/user/v1`.", + "name": "user_uuid", + "in": "query", + "required": 1 + }, { + "description": "Attributes for this user. All attributes (shown below) are optional.", + "name": "body", + "in": "body", + "required": 1 + }]], + ["DeleteUser", "DELETE", "/users/entities/users/v1", "Deprecated : Please use deleteUserV1. Delete a user permanently", "user_management", [{ + "type": "string", + "description": "ID of a user. Find a user's ID from `/users/entities/user/v1`.", + "name": "user_uuid", + "in": "query", + "required": 1 + }]], + ["RetrieveEmailsByCID", "GET", "/users/queries/emails-by-cid/v1", "Deprecated : Please use retrieveUsersGETV1. List the usernames (usually an email address) for all users in your customer account", "user_management", []], + ["RetrieveUserUUIDsByCID", "GET", "/users/queries/user-uuids-by-cid/v1", "Deprecated : Please use queryUserV1. List user IDs for all users in your customer account. For more information on each user, provide the user ID to `/users/entities/user/v1`.", "user_management", []], + ["RetrieveUserUUID", "GET", "/users/queries/user-uuids-by-email/v1", "Deprecated : Please use queryUserV1. Get a user's ID by providing a username (usually an email address)", "user_management", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "A username. This is usually the user's email address, but may vary based on your configuration.", + "name": "uid", + "in": "query", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/workflows.ts b/src/_endpoints/workflows.ts new file mode 100644 index 00000000..b6e754b1 --- /dev/null +++ b/src/_endpoints/workflows.ts @@ -0,0 +1,75 @@ +/** + * contains all method definitions for API: workflows + * consumed and interpreted by Falcon.command(...) + */ +export var _workflows_endpoints: Array = [ + ["WorkflowExecute", "POST", "/workflows/entities/execute/v1", "Executes an on-demand Workflow, the body is JSON used to trigger the execution, the response the execution ID(s)", "workflows", [{ + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "Definition ID to execute, either a name or an ID can be specified.", + "name": "definition_id", + "in": "query" + }, { + "type": "string", + "description": "Workflow name to execute, either a name or an ID can be specified.", + "name": "name", + "in": "query" + }, { + "type": "string", + "description": "Key used to help deduplicate executions, if unset a new UUID is used", + "name": "key", + "in": "query" + }, { + "type": "integer", + "description": "Used to record the execution depth to help limit execution loops when a workflow triggers another. The maximum depth is 4.", + "name": "depth", + "in": "query" + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["WorkflowExecutionsAction", "POST", "/workflows/entities/execution-actions/v1", "Allows a user to resume/retry a failed workflow execution.", "workflows", [{ + "enum": ["resume"], + "type": "string", + "description": "Specify one of these actions:\n\n- `resume`: resume/retry the workflow execution(s) specified in ids", + "name": "action_name", + "in": "query", + "required": 1 + }, { + "name": "body", + "in": "body", + "required": 1 + }]], + ["WorkflowExecutionResults", "GET", "/workflows/entities/execution-results/v1", "Get execution result of a given execution", "workflows", [{ + "maxItems": 500, + "minItems": 1, + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "csv", + "description": "workflow execution id to return results for.", + "name": "ids", + "in": "query", + "required": 1 + }]], + ["WorkflowSystemDefinitionsDeProvision", "POST", "/workflows/system-definitions/deprovision/v1", "Deprovisions a system definition that was previously provisioned on the target CID", "workflows", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["WorkflowSystemDefinitionsPromote", "POST", "/workflows/system-definitions/promote/v1", "Promotes a version of a system definition on a customer. The customer must already have been provisioned. This allows the callerto apply an updated template version to a specific cid and expects all parameters to be supplied. If the template supports multi-instancethe customer scope definition ID must be supplied to determine which customer workflow should be updated.", "workflows", [{ + "name": "body", + "in": "body", + "required": 1 + }]], + ["WorkflowSystemDefinitionsProvision", "POST", "/workflows/system-definitions/provision/v1", "Provisions a system definition onto the target CID by using the template and provided parameters", "workflows", [{ + "name": "body", + "in": "body", + "required": 1 + }]] +]; \ No newline at end of file diff --git a/src/_endpoints/zero_trust_assessment.ts b/src/_endpoints/zero_trust_assessment.ts new file mode 100644 index 00000000..b8cb70dd --- /dev/null +++ b/src/_endpoints/zero_trust_assessment.ts @@ -0,0 +1,123 @@ +export var _zero_trust_assessment_endpoints: Array = [ + [ + "getAssessmentV1", + "GET", + "/zero-trust-assessment/entities/assessments/v1", + "Get Zero Trust Assessment data for one or more hosts by providing agent IDs (AID) and a customer ID (CID).", + "zero_trust_assessment", + [ + { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "One or more agent IDs, which you can find in the data.zta file, or the Falcon console.", + "name": "ids", + "in": "query", + "required": 1, + } + ], + ], + [ + "getAuditV1", + "GET", + "/zero-trust-assessment/entities/audit/v1", + "Get the Zero Trust Assessment audit report for one customer ID (CID).", + "zero_trust_assessment", + [] + ], + [ + "getAssessmentsByScoreV1", + "GET", + "/zero-trust-assessment/queries/assessments/v1", + "Get Zero Trust Assessment data for one or more hosts by providing a customer ID (CID) and a range of scores.", + "zero_trust_assessment", + [ + { + "type": "string", + "description": "FQL query specifying the filter score.", + "name": "filter", + "in": "query", + "required": 1 + }, + { + "type": "integer", + "description": "The number of scores to return in this response (min: 1, max: 1000, default: 100). " + + "Use with the `after` parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, + { + "type": "string", + "description": "A pagination token used with the `limit` parameter to manage pagination of results. " + + "On your first request, don't provide an `after` token. On subsequent requests, provide the `after` " + + "token from the previous response to continue from that place in the results.", + "name": "after", + "in": "query" + }, + { + "type": "string", + "default": "score", + "description": "Sort accounts by their properties. A single sort field is allowed. " + + "Defaults to ascending. Supported sort option include:\n\n
  • score|desc
  • score|asc
", + "name": "sort", + "in": "query" + } + ] + ], + [ + "getCombinedAssessmentsQuery", + "GET", + "/configuration-assessment/combined/assessments/v1", + "Search for assessments in your environment by providing an FQL filter and paging details. " + + "Returns a set of HostFinding entities which match the filter criteria", + "public_assessments", + [ + { + "type": "string", + "description": "A pagination token used with the `limit` parameter to manage pagination of results. " + + "On your first request, don't provide an `after` token. On subsequent requests, provide the `after` " + + "token from the previous response to continue from that place in the results.", + "name": "after", + "in": "query" + }, + { + "maximum": 5000, + "minimum": 1, + "type": "integer", + "description": "The number of items to return in this response (default: 100, max: 5000). " + + "Use with the after parameter to manage pagination of results.", + "name": "limit", + "in": "query" + }, + { + "type": "string", + "description": "Sort assessment by their properties. Common sort options include:\n\n" + + "
  • created_timestamp|desc
  • updated_timestamp|asc
", + "name": "sort", + "in": "query" + }, + { + "type": "string", + "description": "Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. " + + "\n\nCommon filter options include:\n\n
  • created_timestamp:>'2019-11-25T22:36:12Z'
    • " + + "
  • updated_timestamp:>'2019-11-25T22:36:12Z'
  • aid:'8e7656b27d8c49a34a1af416424d6231'
", + "name": "filter", + "in": "query", + "required": 1 + }, + { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "Select various details blocks to be returned for each assessment entity. " + + "Supported values:\n\n
  • host
  • finding.rule
", + "name": "facet", + "in": "query" + } + ] + ] +] \ No newline at end of file diff --git a/src/endpoints.ts b/src/endpoints.ts new file mode 100644 index 00000000..0f3c60c0 --- /dev/null +++ b/src/endpoints.ts @@ -0,0 +1,119 @@ +import { _hosts_endpoints } from "./_endpoints/hosts" +import { _detects_endpoints } from "./_endpoints/detects" +import { _zero_trust_assessment_endpoints } from "./_endpoints/zero_trust_assessment" +import { _host_group_endpoints } from "./_endpoints/host_group" +import { _report_executions_endpoints } from "./_endpoints/report_executions" +import { _sample_uploads_endpoints } from "./_endpoints/sample_uploads" +import { _mobile_enrollment_endpoints } from "./_endpoints/mobile_enrollment" +import { _malquery_endpoints } from "./_endpoints/malquery" +import { _device_control_policies_endpoints } from "./_endpoints/device_control_policies" +import { _iocs_endpoints } from "./_endpoints/iocs" +import { _falconx_sandbox_endpoints } from "./_endpoints/falconx_sandbox" +import { _identity_protection_endpoints } from "./_endpoints/identity_protection" +import { _falcon_container_endpoints } from "./_endpoints/falcon_container" +import { _firewall_policies_endpoints } from "./_endpoints/firewall_policies" +import { _scheduled_reports_endpoints } from "./_endpoints/scheduled_reports" +import { _cspm_registration_endpoints } from "./_endpoints/cspm_registration" +import { _spotlight_vulnerabilities_endpoints } from "./_endpoints/spotlight_vulnerabilities" +import { _ioc_endpoints } from "./_endpoints/ioc" +import { _sensor_visibility_exclusions_endpoints } from "./_endpoints/sensor_visibility_exclusions" +import { _real_time_response_audit_endpoints } from "./_endpoints/real_time_response_audit" +import { _prevention_policies_endpoints } from "./_endpoints/prevention_policies" +import { _ods_endpoints } from "./_endpoints/ods" +import { _mssp_endpoints } from "./_endpoints/mssp" +import { _message_center_endpoints } from "./_endpoints/message_center" +import { _cloud_snapshots_endpoints } from "./_endpoints/cloud_snapshots" +import { _discover_endpoints } from "./_endpoints/discover" +import { _ioa_exclusions_endpoints } from "./_endpoints/ioa_exclusions" +import { _custom_storage_endpoints } from "./_endpoints/custom_storage" +import { _intel_endpoints } from "./_endpoints/intel" +import { _installation_tokens_endpoints } from "./_endpoints/installation_tokens" +import { _ml_exclusions_endpoints } from "./_endpoints/ml_exclusions" +import { _recon_endpoints } from "./_endpoints/recon" +import { _foundry_logscale_endpoints } from "./_endpoints/foundry_logscale" +import { _response_policies_endpoints } from "./_endpoints/response_policies" +import { _real_time_response_endpoints } from "./_endpoints/real_time_response" +import { _kubernetes_protection_endpoints } from "./_endpoints/kubernetes_protection" +import { _sensor_update_policies_endpoints } from "./_endpoints/sensor_update_policies" +import { _falcon_complete_dashboard_endpoints } from "./_endpoints/falcon_complete_dashboard" +import { _incidents_endpoints } from "./_endpoints/incidents" +import { _tailored_intelligence_endpoints } from "./_endpoints/tailored_intelligence" +import { _quick_scan_endpoints } from "./_endpoints/quick_scan" +import { _d4c_registration_endpoints } from "./_endpoints/d4c_registration" +import { _oauth2_endpoints } from "./_endpoints/oauth2" +import { _user_management_endpoints } from "./_endpoints/user_management" +import { _fdr_endpoints } from "./_endpoints/fdr" +import { _cloud_connect_aws_endpoints } from "./_endpoints/cloud_connect_aws" +import { _spotlight_evaluation_logic_endpoints } from "./_endpoints/spotlight_evaluation_logic" +import { _quarantine_endpoints } from "./_endpoints/quarantine" +import { _custom_ioa_endpoints } from "./_endpoints/custom_ioa" +import { _filevantage_endpoints } from "./_endpoints/filevantage" +import { _sensor_download_endpoints } from "./_endpoints/sensor_download" +import { _workflows_endpoints } from "./_endpoints/workflows" +import { _firewall_management_endpoints } from "./_endpoints/firewall_management" +import { _event_streams_endpoints } from "./_endpoints/event_streams" +import { _overwatch_dashboard_endpoints } from "./_endpoints/overwatch_dashboard" +import { _real_time_response_admin_endpoints } from "./_endpoints/real_time_response_admin" +import { _alerts_endpoints } from "./_endpoints/alerts" + +/** aggregates ./endpoints into one array for Falcon.command(...) */ +export var api_endpoints: Array = [ + _hosts_endpoints + .concat(_detects_endpoints) + .concat(_zero_trust_assessment_endpoints) + .concat(_host_group_endpoints) + .concat(_report_executions_endpoints) + .concat(_sample_uploads_endpoints) + .concat(_mobile_enrollment_endpoints) + .concat(_malquery_endpoints) + .concat(_device_control_policies_endpoints) + .concat(_iocs_endpoints) + .concat(_falconx_sandbox_endpoints) + .concat(_identity_protection_endpoints) + .concat(_falcon_container_endpoints) + .concat(_firewall_policies_endpoints) + .concat(_scheduled_reports_endpoints) + .concat(_cspm_registration_endpoints) + .concat(_spotlight_vulnerabilities_endpoints) + .concat(_ioc_endpoints) + .concat(_sensor_visibility_exclusions_endpoints) + .concat(_real_time_response_audit_endpoints) + .concat(_prevention_policies_endpoints) + .concat(_ods_endpoints) + .concat(_mssp_endpoints) + .concat(_message_center_endpoints) + .concat(_cloud_snapshots_endpoints) + .concat(_discover_endpoints) + .concat(_ioa_exclusions_endpoints) + .concat(_custom_storage_endpoints) + .concat(_intel_endpoints) + .concat(_installation_tokens_endpoints) + .concat(_ml_exclusions_endpoints) + .concat(_recon_endpoints) + .concat(_foundry_logscale_endpoints) + .concat(_response_policies_endpoints) + .concat(_real_time_response_endpoints) + .concat(_kubernetes_protection_endpoints) + .concat(_sensor_update_policies_endpoints) + .concat(_falcon_complete_dashboard_endpoints) + .concat(_incidents_endpoints) + .concat(_tailored_intelligence_endpoints) + .concat(_quick_scan_endpoints) + .concat(_d4c_registration_endpoints) + .concat(_oauth2_endpoints) + .concat(_user_management_endpoints) + .concat(_fdr_endpoints) + .concat(_cloud_connect_aws_endpoints) + .concat(_spotlight_evaluation_logic_endpoints) + .concat(_quarantine_endpoints) + .concat(_custom_ioa_endpoints) + .concat(_filevantage_endpoints) + .concat(_sensor_download_endpoints) + .concat(_workflows_endpoints) + .concat(_firewall_management_endpoints) + .concat(_event_streams_endpoints) + .concat(_overwatch_dashboard_endpoints) + .concat(_real_time_response_admin_endpoints) + .concat(_alerts_endpoints) +] + diff --git a/src/falcon.ts b/src/falcon.ts new file mode 100644 index 00000000..858302ab --- /dev/null +++ b/src/falcon.ts @@ -0,0 +1,136 @@ +import axios, { Axios } from "axios"; +import { api_endpoints } from "./endpoints" + +/** + * defines and enforces formatting arguments for Falcon.command(...) + * + * @interface CommandArguments + * @member {string} commandName + * @member {object} params + * @member {object} body + * @member {any} [propName] + * @member {string} header + */ +interface CommandArguments { + commandName: string, + params?: object, + body?: object, + header?: string, + [propName: string]: any +} + +/** + * allows user to interact with Falcon API + * modeled after FalconPy's Uber-Class/API Harness + * https://github.com/CrowdStrike/falconpy/wiki/Basic-Uber-Class-usage + */ +export class Falcon { + baseUrl: string; + clientId: string; + clientSecret: string; + userAgent: string; + token: string; + endpoints: Array>; + + /** + * instantiates an instance of the Falcon class + * + * @constructor + * @memberof Falcon + * @param {string} baseUrl base URL of user's Falcon API client + * @param {string} clientId client ID of user's Falcon API client + * @param {string} clientSecret client Secret of user's Falcon API client + * @param {string} userAgent value to be used for outgoing requests' HTTP header: User-Agent + */ + constructor(baseUrl: string, clientId: string, clientSecret: string, userAgent: string) { + userAgent = "FalconJS" + userAgent; + this.baseUrl = baseUrl; + this.clientId = clientId; + this.clientSecret = clientSecret; + this.userAgent = userAgent; + this.token = ""; + this.endpoints = Array.from(api_endpoints[0]); + } + + /** + * handles procedures necessary for initializing Falcon class + * GETs OAuth2 token from Falcon API authentication endpoint + * + * @memberof Falcon + */ + async init() { + const authUrl = this.baseUrl + "/oauth2/token" + const requestData = { + client_id: this.clientId, + client_secret: this.clientSecret + } + const response = await axios.post(authUrl, requestData, { + headers: { + 'Content-Type': 'application/x-www-form-urlencoded' + } + }); + console.log(response.data["access_token"]) + this.token = response.data["access_token"] + } + + /** + * used to initialize an instance of the Falcon class + * aggregates helper function execution and + * initiates factory pattern to build properly configured API client + * + * @memberof Falcon + * @param {string} baseUrl base URL of user's Falcon API client + * @param {string} clientId client ID of user's Falcon API client + * @param {string} clientSecret client Secret of user's Falcon API client + * @param {string} userAgent value to be used for outgoing requests' HTTP header: User-Agent + * @return {Promise} new instance of the Falcon class + */ + static async build(baseUrl: string, clientId: string, clientSecret: string, userAgent: string): Promise { + const f = new Falcon(baseUrl, clientId, clientSecret, userAgent); + await f.init(); + return f; + } + + /** helper function for printing Token @memberof Falcon */ + public printToken() { + console.log(this.token) + } + + /** + * performs an arbitrary request to the Falcon API + * + * @memberof Falcon + * @param {CommandArguments} args arguments for API method - request params or body + * @return {Promise} response data + */ + public async command(args: CommandArguments): Promise { + let cmd = args["commandName"] + let params = args["params"] + let body = args["body"] + for (let i of this.endpoints) { + if (i[0] == cmd) { + let url = this.baseUrl + i[2] + let method = i[1].toLowerCase() + let p = params ? params : null + let b = body ? body : null + var headers: { [key: string]: string } + headers = { + 'Content-Type': 'application/json', + 'Authorization': 'Bearer ' + this.token, + } + let response = await axios({ + method: method, + url: url, + data: b, + params: p, + headers: headers, + paramsSerializer: { indexes: null } + + }); + if (cmd=="getAssessmentV1")console.log(response) + return response["data"]["resources"] + + } + } + } +} \ No newline at end of file diff --git a/src/index.ts b/src/index.ts index 138f359a..e529102b 100644 --- a/src/index.ts +++ b/src/index.ts @@ -8,3 +8,4 @@ export * from "./client"; export * from "./error"; export * from "./event_stream"; export * from "./FalconCloud"; +export * from "./falcon" \ No newline at end of file From 37c29bdb83f38b162918e026a7ede498f9498772 Mon Sep 17 00:00:00 2001 From: Josh Lang Date: Tue, 17 Sep 2024 13:55:26 -0600 Subject: [PATCH 2/6] 0.3.1 --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 97cb51da..fca7a221 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "crowdstrike-falcon", - "version": "0.3.0", + "version": "0.3.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "crowdstrike-falcon", - "version": "0.3.0", + "version": "0.3.1", "license": "MIT", "dependencies": { "axios": "^1.7.7" diff --git a/package.json b/package.json index 2f630bad..5e5d0179 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "crowdstrike-falcon", - "version": "0.3.0", + "version": "0.3.1", "description": "CrowdStrike Falcon API library for browser and node", "sideEffects": false, "devDependencies": { From 90112905d7bfcdf84b149ee7eddb1961d523dfc9 Mon Sep 17 00:00:00 2001 From: Josh Lang Date: Tue, 17 Sep 2024 14:03:47 -0600 Subject: [PATCH 3/6] 0.3.2 --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index fca7a221..3966c2f7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "crowdstrike-falcon", - "version": "0.3.1", + "version": "0.3.2", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "crowdstrike-falcon", - "version": "0.3.1", + "version": "0.3.2", "license": "MIT", "dependencies": { "axios": "^1.7.7" diff --git a/package.json b/package.json index 5e5d0179..ce4c9137 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "crowdstrike-falcon", - "version": "0.3.1", + "version": "0.3.2", "description": "CrowdStrike Falcon API library for browser and node", "sideEffects": false, "devDependencies": { From c48d04e58396fb3ea48f717e54662c7dfe396cee Mon Sep 17 00:00:00 2001 From: Josh Lang Date: Tue, 24 Sep 2024 14:24:22 -0600 Subject: [PATCH 4/6] fixed linting errors --- README.md | 7 ++---- src/_endpoints/alerts.ts | 2 +- src/_endpoints/cloud_connect_aws.ts | 2 +- src/_endpoints/cloud_snapshots.ts | 2 +- src/_endpoints/cspm_registration.ts | 2 +- src/_endpoints/custom_ioa.ts | 2 +- src/_endpoints/custom_storage.ts | 2 +- src/_endpoints/d4c_registration.ts | 2 +- src/_endpoints/detects.ts | 2 +- src/_endpoints/device_control_policies.ts | 2 +- src/_endpoints/discover.ts | 2 +- src/_endpoints/event_streams.ts | 2 +- src/_endpoints/falcon_complete_dashboard.ts | 2 +- src/_endpoints/falcon_container.ts | 2 +- src/_endpoints/falconx_sandbox.ts | 6 ++--- src/_endpoints/fdr.ts | 2 +- src/_endpoints/filevantage.ts | 2 +- src/_endpoints/firewall_management.ts | 2 +- src/_endpoints/firewall_policies.ts | 2 +- src/_endpoints/foundry_logscale.ts | 2 +- src/_endpoints/host_group.ts | 2 +- src/_endpoints/hosts.ts | 4 ++-- src/_endpoints/identity_protection.ts | 2 +- src/_endpoints/incidents.ts | 2 +- src/_endpoints/installation_tokens.ts | 2 +- src/_endpoints/intel.ts | 2 +- src/_endpoints/ioa_exclusions.ts | 2 +- src/_endpoints/ioc.ts | 2 +- src/_endpoints/iocs.ts | 2 +- src/_endpoints/kubernetes_protection.ts | 2 +- src/_endpoints/malquery.ts | 2 +- src/_endpoints/message_center.ts | 2 +- src/_endpoints/ml_exclusions.ts | 2 +- src/_endpoints/mobile_enrollment.ts | 2 +- src/_endpoints/mssp.ts | 2 +- src/_endpoints/oauth2.ts | 2 +- src/_endpoints/ods.ts | 2 +- src/_endpoints/overwatch_dashboard.ts | 2 +- src/_endpoints/prevention_policies.ts | 2 +- src/_endpoints/quarantine.ts | 2 +- src/_endpoints/quick_scan.ts | 2 +- src/_endpoints/real_time_response.ts | 2 +- src/_endpoints/real_time_response_admin.ts | 2 +- src/_endpoints/real_time_response_audit.ts | 2 +- src/_endpoints/recon.ts | 2 +- src/_endpoints/report_executions.ts | 2 +- src/_endpoints/response_policies.ts | 2 +- src/_endpoints/sample_uploads.ts | 2 +- src/_endpoints/scheduled_reports.ts | 2 +- src/_endpoints/sensor_download.ts | 2 +- src/_endpoints/sensor_update_policies.ts | 2 +- .../sensor_visibility_exclusions.ts | 2 +- src/_endpoints/spotlight_evaluation_logic.ts | 2 +- src/_endpoints/spotlight_vulnerabilities.ts | 4 ++-- src/_endpoints/tailored_intelligence.ts | 2 +- src/_endpoints/user_management.ts | 4 ++-- src/_endpoints/workflows.ts | 2 +- src/_endpoints/zero_trust_assessment.ts | 4 ++-- src/endpoints.ts | 2 +- src/falcon.ts | 24 +++++++++---------- 60 files changed, 77 insertions(+), 82 deletions(-) diff --git a/README.md b/README.md index 51a1aad9..b4337049 100644 --- a/README.md +++ b/README.md @@ -44,11 +44,9 @@ await client.sensorDownload ## Falcon when using request body properties: ```js -const commandName = "GetDetectSummaries" const body = { ids: ["123", "456", "789"]} -const args = { commandName: commandName, body: body } try { - detDetails = await falcon.command(args) + detDetails = await falcon.command("GetDetectSummaries", body) return detDetails } catch (error) { console.log(error) @@ -58,9 +56,8 @@ try { when using query params: ```js -const commandName = "getAssessmentsByScoreV1" const params = { filter: "score:<=75"} -const args = { commandName: commandName, params: params } +const args = {"getAssessmentsByScoreV1", params } try { ztaDetails = await falcon.command(args) return ztaDetails diff --git a/src/_endpoints/alerts.ts b/src/_endpoints/alerts.ts index 12c4fc80..52c47493 100644 --- a/src/_endpoints/alerts.ts +++ b/src/_endpoints/alerts.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: alerts * consumed and interpreted by Falcon.command(...) */ -export var _alerts_endpoints: Array = [ +export const _alerts_endpoints: Array = [ ["PostAggregatesAlertsV1", "POST", "/alerts/aggregates/alerts/v1", "retrieves aggregates for Alerts across all CIDs", "alerts", [{ "description": "request body takes a list of aggregation query requests", "name": "body", diff --git a/src/_endpoints/cloud_connect_aws.ts b/src/_endpoints/cloud_connect_aws.ts index e7e7befe..78d31864 100644 --- a/src/_endpoints/cloud_connect_aws.ts +++ b/src/_endpoints/cloud_connect_aws.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: cloud connect aws * consumed and interpreted by Falcon.command(...) */ -export var _cloud_connect_aws_endpoints: Array = [ +export const _cloud_connect_aws_endpoints: Array = [ ["QueryAWSAccounts", "GET", "/cloud-connect-aws/combined/accounts/v1", "Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria", "cloud_connect_aws", [{ "maxLength": 1000, "minLength": 1, diff --git a/src/_endpoints/cloud_snapshots.ts b/src/_endpoints/cloud_snapshots.ts index c1280fc8..83b98f42 100644 --- a/src/_endpoints/cloud_snapshots.ts +++ b/src/_endpoints/cloud_snapshots.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: cloud snapshots * consumed and interpreted by Falcon.command(...) */ -export var _cloud_snapshots_endpoints: Array = [ +export const _cloud_snapshots_endpoints: Array = [ ["CreateInventory", "POST", "/snapshots/entities/inventories/v1", "Create inventory from data received from snapshot", "inventories", [{ "name": "body", "in": "body", diff --git a/src/_endpoints/cspm_registration.ts b/src/_endpoints/cspm_registration.ts index 01be7b4d..96691c6e 100644 --- a/src/_endpoints/cspm_registration.ts +++ b/src/_endpoints/cspm_registration.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: cspm registration * consumed and interpreted by Falcon.command(...) */ -export var _cspm_registration_endpoints: Array = [ +export const _cspm_registration_endpoints: Array = [ ["GetCSPMAwsAccount", "GET", "/cloud-connect-cspm-aws/entities/account/v1", "Returns information about the current status of an AWS account.", "cspm_registration", [{ "maxLength": 4, "minLength": 3, diff --git a/src/_endpoints/custom_ioa.ts b/src/_endpoints/custom_ioa.ts index 80693293..26e7b2aa 100644 --- a/src/_endpoints/custom_ioa.ts +++ b/src/_endpoints/custom_ioa.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: custom ioa * consumed and interpreted by Falcon.command(...) */ -export var _custom_ioa_endpoints: Array = [ +export const _custom_ioa_endpoints: Array = [ ["get_patterns", "GET", "/ioarules/entities/pattern-severities/v1", "Get pattern severities by ID.", "custom_ioa", [{ "type": "array", "items": { diff --git a/src/_endpoints/custom_storage.ts b/src/_endpoints/custom_storage.ts index 5a37e534..b1e4da64 100644 --- a/src/_endpoints/custom_storage.ts +++ b/src/_endpoints/custom_storage.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: custom storage * consumed and interpreted by Falcon.command(...) */ -export var _custom_storage_endpoints: Array = [ +export const _custom_storage_endpoints: Array = [ ["ListObjects", "GET", "/customobjects/v1/collections/{collection_name}/objects", "List the object keys in the specified collection in alphabetical order", "custom_storage", [{ "maxLength": 32, "minLength": 32, diff --git a/src/_endpoints/d4c_registration.ts b/src/_endpoints/d4c_registration.ts index fd900ed0..0e229477 100644 --- a/src/_endpoints/d4c_registration.ts +++ b/src/_endpoints/d4c_registration.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: d4c registration * consumed and interpreted by Falcon.command(...) */ -export var _d4c_registration_endpoints: Array = [ +export const _d4c_registration_endpoints: Array = [ ["GetD4CAwsAccount", "GET", "/cloud-connect-aws/entities/account/v2", "Returns information about the current status of an AWS account.", "d4c_registration", [{ "maxLength": 4, "minLength": 3, diff --git a/src/_endpoints/detects.ts b/src/_endpoints/detects.ts index ac8891d7..90e7ae60 100644 --- a/src/_endpoints/detects.ts +++ b/src/_endpoints/detects.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: detects * consumed and interpreted by Falcon.command(...) */ -export var _detects_endpoints: Array = [ +export const _detects_endpoints: Array = [ [ "GetAggregateDetects", "POST", diff --git a/src/_endpoints/device_control_policies.ts b/src/_endpoints/device_control_policies.ts index 2ae07f24..25273254 100644 --- a/src/_endpoints/device_control_policies.ts +++ b/src/_endpoints/device_control_policies.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: device control policies * consumed and interpreted by Falcon.command(...) */ -export var _device_control_policies_endpoints: Array = [ +export const _device_control_policies_endpoints: Array = [ ["queryCombinedDeviceControlPolicyMembers", "GET", "/policy/combined/device-control-members/v1", "Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", "device_control_policies", [{ "type": "string", "description": "The ID of the Device Control Policy to search for members of", diff --git a/src/_endpoints/discover.ts b/src/_endpoints/discover.ts index b8e15fed..66a52af2 100644 --- a/src/_endpoints/discover.ts +++ b/src/_endpoints/discover.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: discover * consumed and interpreted by Falcon.command(...) */ -export var _discover_endpoints: Array = [ +export const _discover_endpoints: Array = [ ["get_accounts", "GET", "/discover/entities/accounts/v1", "Get details on accounts by providing one or more IDs.", "discover", [{ "type": "array", "items": { diff --git a/src/_endpoints/event_streams.ts b/src/_endpoints/event_streams.ts index a748fff4..393e219f 100644 --- a/src/_endpoints/event_streams.ts +++ b/src/_endpoints/event_streams.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: event streams * consumed and interpreted by Falcon.command(...) */ -export var _event_streams_endpoints: Array = [ +export const _event_streams_endpoints: Array = [ ["refreshActiveStreamSession", "POST", "/sensors/entities/datafeed-actions/v1/{}", "Refresh an active event stream. Use the URL shown in a GET /sensors/entities/datafeed/v2 response.", "event_streams", [{ "type": "string", "description": "Action name. Allowed value is refresh_active_stream_session.", diff --git a/src/_endpoints/falcon_complete_dashboard.ts b/src/_endpoints/falcon_complete_dashboard.ts index 3b9377e2..35eb303f 100644 --- a/src/_endpoints/falcon_complete_dashboard.ts +++ b/src/_endpoints/falcon_complete_dashboard.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: falcon complete dashboard * consumed and interpreted by Falcon.command(...) */ -export var _falcon_complete_dashboard_endpoints: Array = [ +export const _falcon_complete_dashboard_endpoints: Array = [ ["AggregateAlerts", "POST", "/falcon-complete-dashboards/aggregates/alerts/GET/v1", "Retrieve aggregate alerts values based on the matched filter", "falcon_complete_dashboard", [{ "name": "body", "in": "body", diff --git a/src/_endpoints/falcon_container.ts b/src/_endpoints/falcon_container.ts index c6890097..40018c14 100644 --- a/src/_endpoints/falcon_container.ts +++ b/src/_endpoints/falcon_container.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: falcon container * consumed and interpreted by Falcon.command(...) */ -export var _falcon_container_endpoints: Array = [ +export const _falcon_container_endpoints: Array = [ ["GetCredentials", "GET", "/container-security/entities/image-registry-credentials/v1", "Gets the registry credentials", "falcon_container", []], ["GetCombinedImages", "GET", "/container-security/combined/image-assessment/images/v1", "Get image assessment results by providing an FQL filter and paging details", "falcon_container_image", [{ "type": "string", diff --git a/src/_endpoints/falconx_sandbox.ts b/src/_endpoints/falconx_sandbox.ts index c400cf80..2fa067cb 100644 --- a/src/_endpoints/falconx_sandbox.ts +++ b/src/_endpoints/falconx_sandbox.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: falconx sandbox * consumed and interpreted by Falcon.command(...) */ -export var _falconx_sandbox_endpoints: Array = [ +export const _falconx_sandbox_endpoints: Array = [ ["GetArtifacts", "GET", "/falconx/entities/artifacts/v1", "Download IOC packs, PCAP files, and other analysis artifacts.", "falconx_sandbox", [{ "type": "string", "description": "ID of an artifact, such as an IOC pack, PCAP file, or actor image. Find an artifact ID in a report or summary.", @@ -100,7 +100,7 @@ export var _falconx_sandbox_endpoints: Array = [ "in": "query", "required": 1 }]], - ["GetSubmissions", "GET", "/falconx/entities/submissions/v1", "Check the status of a sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.", "falconx_sandbox", [{ + ["GetSubmissions", "GET", "/falconx/entities/submissions/v1", "Check the status of a sandbox analysis. Time required for analysis consties but is usually less than 15 minutes.", "falconx_sandbox", [{ "type": "array", "items": { "type": "string" @@ -111,7 +111,7 @@ export var _falconx_sandbox_endpoints: Array = [ "in": "query", "required": 1 }]], - ["Submit", "POST", "/falconx/entities/submissions/v1", "Submit an uploaded file or a URL for sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.", "falconx_sandbox", [{ + ["Submit", "POST", "/falconx/entities/submissions/v1", "Submit an uploaded file or a URL for sandbox analysis. Time required for analysis consties but is usually less than 15 minutes.", "falconx_sandbox", [{ "description": "Submit either a URL or a sample SHA256 for sandbox analysis. The sample file must have been previously uploaded through `/samples/entities/samples/v2`. You must specify a JSON object that includes the `falconx.SubmissionParametersV1` key/value pairs shown below.\n\n**`environment_id`**: Specifies the sandbox environment used for analysis. Values:\n\n- `300`: Linux Ubuntu 16.04, 64-bit\n- `200`: Android (static analysis)\n- `160`: Windows 10, 64-bit\n- `110`: Windows 7, 64-bit\n- `100`: Windows 7, 32-bit\n\n**`sha256`** ID of the sample, which is a SHA256 hash value. Find a sample ID from the response when uploading a malware sample or search with `/falconx/queries/submissions/v1`.The `url` parameter must be unset if `sha256` is used.\n\n**`url`** A web page or file URL. It can be HTTP(S) or FTP. The `sha256` parameter must be unset if `url` is used.\n\n**`action_script`** (optional): Runtime script for sandbox analysis. Values:\n\n- `default`\n- `default_maxantievasion`\n- `default_randomfiles`\n- `default_randomtheme`\n- `default_openie`\n\n**`command_line`** (optional): Command line script passed to the submitted file at runtime. Max length: 2048 characters\n\n**`document_password`** (optional): Auto-filled for Adobe or Office files that prompt for a password. Max length: 32 characters\n\n**`enable_tor`** (optional): If `true`, sandbox analysis routes network traffic via TOR. Default: `false`.\n\n**`submit_name`** (optional): Name of the malware sample that's used for file type detection and analysis\n\n**`system_date`** (optional): Set a custom date in the format `yyyy-MM-dd` for the sandbox environment\n\n**`system_time`** (optional): Set a custom time in the format `HH:mm` for the sandbox environment.", "name": "body", "in": "body", diff --git a/src/_endpoints/fdr.ts b/src/_endpoints/fdr.ts index 7ccafbdc..e6979dc4 100644 --- a/src/_endpoints/fdr.ts +++ b/src/_endpoints/fdr.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: fdr * consumed and interpreted by Falcon.command(...) */ -export var _fdr_endpoints: Array = [ +export const _fdr_endpoints: Array = [ ["fdrschema_combined_event_get", "GET", "/fdr/combined/schema-members/v1", "Fetch combined schema", "event_schema", []], ["fdrschema_entities_event_get", "GET", "/fdr/entities/schema-events/v1", "Fetch event schema by ID", "event_schema", [{ "type": "array", diff --git a/src/_endpoints/filevantage.ts b/src/_endpoints/filevantage.ts index c38efa2c..507ed9a1 100644 --- a/src/_endpoints/filevantage.ts +++ b/src/_endpoints/filevantage.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: filevantage * consumed and interpreted by Falcon.command(...) */ -export var _filevantage_endpoints: Array = [ +export const _filevantage_endpoints: Array = [ ["getChanges", "GET", "/filevantage/entities/changes/v2", "Retrieve information on changes", "filevantage", [{ "maxItems": 500, "minItems": 1, diff --git a/src/_endpoints/firewall_management.ts b/src/_endpoints/firewall_management.ts index cc731155..46a6b6ed 100644 --- a/src/_endpoints/firewall_management.ts +++ b/src/_endpoints/firewall_management.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: firewall management * consumed and interpreted by Falcon.command(...) */ -export var _firewall_management_endpoints: Array = [ +export const _firewall_management_endpoints: Array = [ ["aggregate_events", "POST", "/fwmgr/aggregates/events/GET/v1", "Aggregate events for customer", "firewall_management", [{ "description": "Query criteria and settings", "name": "body", diff --git a/src/_endpoints/firewall_policies.ts b/src/_endpoints/firewall_policies.ts index 5c615287..9e55bd27 100644 --- a/src/_endpoints/firewall_policies.ts +++ b/src/_endpoints/firewall_policies.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: firewall policies * consumed and interpreted by Falcon.command(...) */ -export var _firewall_policies_endpoints: Array = [ +export const _firewall_policies_endpoints: Array = [ ["queryCombinedFirewallPolicyMembers", "GET", "/policy/combined/firewall-members/v1", "Search for members of a Firewall Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", "firewall_policies", [{ "type": "string", "description": "The ID of the Firewall Policy to search for members of", diff --git a/src/_endpoints/foundry_logscale.ts b/src/_endpoints/foundry_logscale.ts index df45e144..b195c19c 100644 --- a/src/_endpoints/foundry_logscale.ts +++ b/src/_endpoints/foundry_logscale.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: foundry logscale * consumed and interpreted by Falcon.command(...) */ -export var _foundry_logscale_endpoints: Array = [ +export const _foundry_logscale_endpoints: Array = [ ["ListReposV1", "GET", "/loggingapi/combined/repos/v1", "Lists available repositories and views", "foundry_logscale", []], ["IngestDataV1", "POST", "/loggingapi/entities/data-ingestion/ingest/v1", "Ingest data into the application repository", "foundry_logscale", [{ "type": "file", diff --git a/src/_endpoints/host_group.ts b/src/_endpoints/host_group.ts index 58a3c0db..faaaab89 100644 --- a/src/_endpoints/host_group.ts +++ b/src/_endpoints/host_group.ts @@ -1,4 +1,4 @@ -export var _host_group_endpoints: Array = [ +export const _host_group_endpoints: Array = [ [ "queryCombinedGroupMembers", "GET", diff --git a/src/_endpoints/hosts.ts b/src/_endpoints/hosts.ts index 756953b5..264e5516 100644 --- a/src/_endpoints/hosts.ts +++ b/src/_endpoints/hosts.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: hosts * consumed and interpreted by Falcon.command(...) */ -export var _hosts_endpoints: Array = [ +export const _hosts_endpoints: Array = [ [ "QueryDeviceLoginHistory", "POST", @@ -35,7 +35,7 @@ export var _hosts_endpoints: Array = [ "PerformActionV2", "POST", "/devices/entities/devices-actions/v2", - "Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host.", + "Take constious actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host.", "hosts", [ { diff --git a/src/_endpoints/identity_protection.ts b/src/_endpoints/identity_protection.ts index b832a752..755fca33 100644 --- a/src/_endpoints/identity_protection.ts +++ b/src/_endpoints/identity_protection.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: identity protection * consumed and interpreted by Falcon.command(...) */ -export var _identity_protection_endpoints: Array = [ +export const _identity_protection_endpoints: Array = [ ["api_preempt_proxy_post_graphql", "POST", "/identity-protection/combined/graphql/v1", "Identity Protection GraphQL API. Allows to retrieve entities, timeline activities, identity-based incidents and security assessment. Allows to perform actions on entities and identity-based incidents.", "identity_protection", [{ "type": "string", "description": "Authorization Header", diff --git a/src/_endpoints/incidents.ts b/src/_endpoints/incidents.ts index 9462abfb..4de17125 100644 --- a/src/_endpoints/incidents.ts +++ b/src/_endpoints/incidents.ts @@ -1,4 +1,4 @@ -export var _incidents_endpoints: Array = [ +export const _incidents_endpoints: Array = [ ["CrowdScore", "GET", "/incidents/combined/crowdscores/v1", "Query environment wide CrowdScore and return the entity data", "incidents", [{ "type": "string", "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", diff --git a/src/_endpoints/installation_tokens.ts b/src/_endpoints/installation_tokens.ts index 8b2eb00b..987335ae 100644 --- a/src/_endpoints/installation_tokens.ts +++ b/src/_endpoints/installation_tokens.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: installation tokens * consumed and interpreted by Falcon.command(...) */ -export var _installation_tokens_endpoints: Array = [ +export const _installation_tokens_endpoints: Array = [ ["audit_events_read", "GET", "/installation-tokens/entities/audit-events/v1", "Gets the details of one or more audit events by id.", "installation_tokens", [{ "type": "array", "items": { diff --git a/src/_endpoints/intel.ts b/src/_endpoints/intel.ts index 06dc9e00..e8367c77 100644 --- a/src/_endpoints/intel.ts +++ b/src/_endpoints/intel.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: intel * consumed and interpreted by Falcon.command(...) */ -export var _intel_endpoints: Array = [ +export const _intel_endpoints: Array = [ ["QueryIntelActorEntities", "GET", "/intel/combined/actors/v1", "Get info about actors that match provided FQL filters.", "intel", [{ "type": "integer", "description": "Set the starting row number to return actors from. Defaults to 0.", diff --git a/src/_endpoints/ioa_exclusions.ts b/src/_endpoints/ioa_exclusions.ts index e5262757..e2234245 100644 --- a/src/_endpoints/ioa_exclusions.ts +++ b/src/_endpoints/ioa_exclusions.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: ioa exclusions * consumed and interpreted by Falcon.command(...) */ -export var _ioa_exclusions_endpoints: Array = [ +export const _ioa_exclusions_endpoints: Array = [ ["getIOAExclusionsV1", "GET", "/policy/entities/ioa-exclusions/v1", "Get a set of IOA Exclusions by specifying their IDs", "ioa_exclusions", [{ "type": "array", "items": { diff --git a/src/_endpoints/ioc.ts b/src/_endpoints/ioc.ts index b1822511..b93c94d0 100644 --- a/src/_endpoints/ioc.ts +++ b/src/_endpoints/ioc.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: ioc * consumed and interpreted by Falcon.command(...) */ -export var _ioc_endpoints: Array = [ +export const _ioc_endpoints: Array = [ ["indicator_aggregate_v1", "POST", "/iocs/aggregates/indicators/v1", "Get Indicators aggregates as specified via json in the request body.", "ioc", [{ "type": "string", "description": "The filter to narrow down the aggregation data", diff --git a/src/_endpoints/iocs.ts b/src/_endpoints/iocs.ts index e7277803..adc1ea3f 100644 --- a/src/_endpoints/iocs.ts +++ b/src/_endpoints/iocs.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: iocs * consumed and interpreted by Falcon.command(...) */ -export var _iocs_endpoints: Array = [ +export const _iocs_endpoints: Array = [ ["DevicesCount", "GET", "/indicators/aggregates/devices-count/v1", "Number of hosts in your customer account that have observed a given custom IOC", "iocs", [{ "type": "string", "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", diff --git a/src/_endpoints/kubernetes_protection.ts b/src/_endpoints/kubernetes_protection.ts index 07839e74..ceb98d5d 100644 --- a/src/_endpoints/kubernetes_protection.ts +++ b/src/_endpoints/kubernetes_protection.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: kubernetes protection * consumed and interpreted by Falcon.command(...) */ -export var _kubernetes_protection_endpoints: Array = [ +export const _kubernetes_protection_endpoints: Array = [ ["GetAWSAccountsMixin0", "GET", "/kubernetes-protection/entities/accounts/aws/v1", "Provides a list of AWS accounts.", "kubernetes_protection", [{ "type": "array", "items": { diff --git a/src/_endpoints/malquery.ts b/src/_endpoints/malquery.ts index 1d2f2342..91139ce2 100644 --- a/src/_endpoints/malquery.ts +++ b/src/_endpoints/malquery.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: malquery * consumed and interpreted by Falcon.command(...) */ -export var _malquery_endpoints: Array = [ +export const _malquery_endpoints: Array = [ ["GetMalQueryQuotasV1", "GET", "/malquery/aggregates/quotas/v1", "Get information about search and download quotas in your environment", "malquery", []], ["PostMalQueryFuzzySearchV1", "POST", "/malquery/combined/fuzzy-search/v1", "Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity.", "malquery", [{ "description": "Fuzzy search parameters. See model for more details.", diff --git a/src/_endpoints/message_center.ts b/src/_endpoints/message_center.ts index 655f70b9..309ff28a 100644 --- a/src/_endpoints/message_center.ts +++ b/src/_endpoints/message_center.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: message center * consumed and interpreted by Falcon.command(...) */ -export var _message_center_endpoints: Array = [ +export const _message_center_endpoints: Array = [ ["AggregateCases", "POST", "/message-center/aggregates/cases/GET/v1", "Retrieve aggregate case values based on the matched filter", "message_center", [{ "name": "body", "in": "body", diff --git a/src/_endpoints/ml_exclusions.ts b/src/_endpoints/ml_exclusions.ts index 755b3b9c..7e4e81b6 100644 --- a/src/_endpoints/ml_exclusions.ts +++ b/src/_endpoints/ml_exclusions.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: ml exclusions * consumed and interpreted by Falcon.command(...) */ -export var _ml_exclusions_endpoints: Array = [ +export const _ml_exclusions_endpoints: Array = [ ["getMLExclusionsV1", "GET", "/policy/entities/ml-exclusions/v1", "Get a set of ML Exclusions by specifying their IDs", "ml_exclusions", [{ "type": "array", "items": { diff --git a/src/_endpoints/mobile_enrollment.ts b/src/_endpoints/mobile_enrollment.ts index eaf38208..8b270253 100644 --- a/src/_endpoints/mobile_enrollment.ts +++ b/src/_endpoints/mobile_enrollment.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: mobile enrollment * consumed and interpreted by Falcon.command(...) */ -export var _mobile_enrollment_endpoints: Array = [ +export const _mobile_enrollment_endpoints: Array = [ ["RequestDeviceEnrollmentV3", "POST", "/enrollments/entities/details/v3", "Trigger on-boarding process for a mobile device", "mobile_enrollment", [{ "enum": ["enroll", "re-enroll"], "type": "string", diff --git a/src/_endpoints/mssp.ts b/src/_endpoints/mssp.ts index 32aa8f27..ffceb5de 100644 --- a/src/_endpoints/mssp.ts +++ b/src/_endpoints/mssp.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: mssp * consumed and interpreted by Falcon.command(...) */ -export var _mssp_endpoints: Array = [ +export const _mssp_endpoints: Array = [ ["getChildrenV2", "POST", "/mssp/entities/children/GET/v2", "Get link to child customer by child CID(s)", "mssp", [{ "name": "body", "in": "body", diff --git a/src/_endpoints/oauth2.ts b/src/_endpoints/oauth2.ts index 1a6fc1e4..c79994ae 100644 --- a/src/_endpoints/oauth2.ts +++ b/src/_endpoints/oauth2.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: oauth2 * consumed and interpreted by Falcon.command(...) */ -export var _oauth2_endpoints: Array = [ +export const _oauth2_endpoints: Array = [ ["oauth2RevokeToken", "POST", "/oauth2/revoke", "Revoke a previously issued OAuth2 access token before the end of its standard 30-minute lifespan.", "oauth2", [{ "type": "string", "description": "The OAuth2 client ID you are revoking the token for.", diff --git a/src/_endpoints/ods.ts b/src/_endpoints/ods.ts index 36566188..9362e12c 100644 --- a/src/_endpoints/ods.ts +++ b/src/_endpoints/ods.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: ods * consumed and interpreted by Falcon.command(...) */ -export var _ods_endpoints: Array = [ +export const _ods_endpoints: Array = [ ["aggregate_query_scan_host_metadata", "POST", "/ods/aggregates/scan-hosts/v1", "Get aggregates on ODS scan-hosts data.", "ods", [{ "name": "body", "in": "body", diff --git a/src/_endpoints/overwatch_dashboard.ts b/src/_endpoints/overwatch_dashboard.ts index 1aae59cb..4a9be09f 100644 --- a/src/_endpoints/overwatch_dashboard.ts +++ b/src/_endpoints/overwatch_dashboard.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: overwatch dashboard * consumed and interpreted by Falcon.command(...) */ -export var _overwatch_dashboard_endpoints: Array = [ +export const _overwatch_dashboard_endpoints: Array = [ ["AggregatesDetectionsGlobalCounts", "GET", "/overwatch-dashboards/aggregates/detections-global-counts/v1", "Get the total number of detections pushed across all customers", "overwatch_dashboard", [{ "type": "string", "description": "An FQL filter string", diff --git a/src/_endpoints/prevention_policies.ts b/src/_endpoints/prevention_policies.ts index c788d90c..ee3d3153 100644 --- a/src/_endpoints/prevention_policies.ts +++ b/src/_endpoints/prevention_policies.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: prevention policies * consumed and interpreted by Falcon.command(...) */ -export var _prevention_policies_endpoints: Array = [ +export const _prevention_policies_endpoints: Array = [ ["queryCombinedPreventionPolicyMembers", "GET", "/policy/combined/prevention-members/v1", "Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", "prevention_policies", [{ "type": "string", "description": "The ID of the Prevention Policy to search for members of", diff --git a/src/_endpoints/quarantine.ts b/src/_endpoints/quarantine.ts index 8b9c84e7..4caabd3c 100644 --- a/src/_endpoints/quarantine.ts +++ b/src/_endpoints/quarantine.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: quarantine * consumed and interpreted by Falcon.command(...) */ -export var _quarantine_endpoints: Array = [ +export const _quarantine_endpoints: Array = [ ["ActionUpdateCount", "GET", "/quarantine/aggregates/action-update-count/v1", "Returns count of potentially affected quarantined files for each action.", "quarantine", [{ "type": "string", "description": "FQL specifying filter parameters.", diff --git a/src/_endpoints/quick_scan.ts b/src/_endpoints/quick_scan.ts index 31c86864..c0be145d 100644 --- a/src/_endpoints/quick_scan.ts +++ b/src/_endpoints/quick_scan.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: quick scan * consumed and interpreted by Falcon.command(...) */ -export var _quick_scan_endpoints: Array = [ +export const _quick_scan_endpoints: Array = [ ["GetScansAggregates", "POST", "/scanner/aggregates/scans/GET/v1", "Get scans aggregations as specified via json in request body.", "quick_scan", [{ "name": "body", "in": "body", diff --git a/src/_endpoints/real_time_response.ts b/src/_endpoints/real_time_response.ts index 6819090a..986ad2fd 100644 --- a/src/_endpoints/real_time_response.ts +++ b/src/_endpoints/real_time_response.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: real time response * consumed and interpreted by Falcon.command(...) */ -export var _real_time_response_endpoints: Array = [ +export const _real_time_response_endpoints: Array = [ ["RTR_AggregateSessions", "POST", "/real-time-response/aggregates/sessions/GET/v1", "Get aggregates on session data.", "real_time_response", [{ "description": "Supported aggregations: \n- `term`\n- `date_range`\n\nSupported aggregation members:\n\n**`date_ranges`** If peforming a date range query specify the **`from`** and **`to`** date ranges. These can be in common date formats like `2019-07-18` or `now`\n**`field`** Term you want to aggregate on. If doing a `date_range` query, this is the date field you want to apply the date ranges to\n**`filter`** Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).\n**`name`** Name of the aggregation\n**`size`** Size limit to apply to the queries.", "name": "body", diff --git a/src/_endpoints/real_time_response_admin.ts b/src/_endpoints/real_time_response_admin.ts index 13952e77..d8f81857 100644 --- a/src/_endpoints/real_time_response_admin.ts +++ b/src/_endpoints/real_time_response_admin.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: real time response admin * consumed and interpreted by Falcon.command(...) */ -export var _real_time_response_admin_endpoints: Array = [ +export const _real_time_response_admin_endpoints: Array = [ ["BatchAdminCmd", "POST", "/real-time-response/combined/batch-admin-command/v1", "Batch executes a RTR administrator command across the hosts mapped to the given batch ID.", "real_time_response_admin", [{ "type": "integer", "default": 30, diff --git a/src/_endpoints/real_time_response_audit.ts b/src/_endpoints/real_time_response_audit.ts index 1a5661a1..517c8243 100644 --- a/src/_endpoints/real_time_response_audit.ts +++ b/src/_endpoints/real_time_response_audit.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: real time response audit * consumed and interpreted by Falcon.command(...) */ -export var _real_time_response_audit_endpoints: Array = [ +export const _real_time_response_audit_endpoints: Array = [ ["RTRAuditSessions", "GET", "/real-time-response-audit/combined/sessions/v1", "Get all the RTR sessions created for a customer in a specified duration", "real_time_response_audit", [{ "type": "string", "description": "Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", diff --git a/src/_endpoints/recon.ts b/src/_endpoints/recon.ts index bea6a042..5e6b1cfd 100644 --- a/src/_endpoints/recon.ts +++ b/src/_endpoints/recon.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: recon * consumed and interpreted by Falcon.command(...) */ -export var _recon_endpoints: Array = [ +export const _recon_endpoints: Array = [ ["AggregateNotificationsExposedDataRecordsV1", "POST", "/recon/aggregates/notifications-exposed-data-records/GET/v1", "Get notification exposed data record aggregates as specified via JSON in request body. The valid aggregation fields are: [notification_id created_date rule.id rule.name rule.topic source_category site author]", "recon", [{ "name": "body", "in": "body", diff --git a/src/_endpoints/report_executions.ts b/src/_endpoints/report_executions.ts index 126c703c..12d8cf76 100644 --- a/src/_endpoints/report_executions.ts +++ b/src/_endpoints/report_executions.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: report executions * consumed and interpreted by Falcon.command(...) */ -export var _report_executions_endpoints: Array = [ +export const _report_executions_endpoints: Array = [ ["report_executions_download_get", "GET", "/reports/entities/report-executions-download/v1", "Get report entity download", "report_executions", [{ "type": "string", "description": "The report_execution id to download", diff --git a/src/_endpoints/response_policies.ts b/src/_endpoints/response_policies.ts index c69cbce6..bd20573f 100644 --- a/src/_endpoints/response_policies.ts +++ b/src/_endpoints/response_policies.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: response policies * consumed and interpreted by Falcon.command(...) */ -export var _response_policies_endpoints: Array = [ +export const _response_policies_endpoints: Array = [ ["queryCombinedRTResponsePolicyMembers", "GET", "/policy/combined/response-members/v1", "Search for members of a Response policy in your environment by providing an FQL filter and paging details.Returns a set of host details which match the filter criteria", "response_policies", [{ "type": "string", "description": "The ID of the Response policy to search for members of", diff --git a/src/_endpoints/sample_uploads.ts b/src/_endpoints/sample_uploads.ts index a34c57d9..96ee419d 100644 --- a/src/_endpoints/sample_uploads.ts +++ b/src/_endpoints/sample_uploads.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: sample uploads * consumed and interpreted by Falcon.command(...) */ -export var _sample_uploads_endpoints: Array = [ +export const _sample_uploads_endpoints: Array = [ ["ArchiveListV1", "GET", "/archives/entities/archive-files/v1", "Retrieves the archives files in chunks.", "sample_uploads", [{ "type": "string", "description": "The archive SHA256.", diff --git a/src/_endpoints/scheduled_reports.ts b/src/_endpoints/scheduled_reports.ts index 9e398dc6..d37d1bd3 100644 --- a/src/_endpoints/scheduled_reports.ts +++ b/src/_endpoints/scheduled_reports.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: scheduled reports * consumed and interpreted by Falcon.command(...) */ -export var _scheduled_reports_endpoints: Array = [ +export const _scheduled_reports_endpoints: Array = [ ["scheduled_reports_launch", "POST", "/reports/entities/scheduled-reports/execution/v1", "Launch scheduled reports executions for the provided report IDs.", "scheduled_reports", [{ "name": "body", "in": "body", diff --git a/src/_endpoints/sensor_download.ts b/src/_endpoints/sensor_download.ts index f3f8a655..d82b7ab2 100644 --- a/src/_endpoints/sensor_download.ts +++ b/src/_endpoints/sensor_download.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: sensor download * consumed and interpreted by Falcon.command(...) */ -export var _sensor_download_endpoints: Array = [ +export const _sensor_download_endpoints: Array = [ ["GetCombinedSensorInstallersByQuery", "GET", "/sensors/combined/installers/v1", "Get sensor installer details by provided query", "sensor_download", [{ "type": "integer", "description": "The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results.", diff --git a/src/_endpoints/sensor_update_policies.ts b/src/_endpoints/sensor_update_policies.ts index 213c3a0a..03184aef 100644 --- a/src/_endpoints/sensor_update_policies.ts +++ b/src/_endpoints/sensor_update_policies.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: sensor update policies * consumed and interpreted by Falcon.command(...) */ -export var _sensor_update_policies_endpoints: Array = [ +export const _sensor_update_policies_endpoints: Array = [ ["revealUninstallToken", "POST", "/policy/combined/reveal-uninstall-token/v1", "Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id'", "sensor_update_policies", [{ "name": "body", "in": "body", diff --git a/src/_endpoints/sensor_visibility_exclusions.ts b/src/_endpoints/sensor_visibility_exclusions.ts index b70137b6..fd6119c6 100644 --- a/src/_endpoints/sensor_visibility_exclusions.ts +++ b/src/_endpoints/sensor_visibility_exclusions.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: sensor visibility exclusions * consumed and interpreted by Falcon.command(...) */ -export var _sensor_visibility_exclusions_endpoints: Array = [ +export const _sensor_visibility_exclusions_endpoints: Array = [ ["getSensorVisibilityExclusionsV1", "GET", "/policy/entities/sv-exclusions/v1", "Get a set of Sensor Visibility Exclusions by specifying their IDs", "sensor_visibility_exclusions", [{ "type": "array", "items": { diff --git a/src/_endpoints/spotlight_evaluation_logic.ts b/src/_endpoints/spotlight_evaluation_logic.ts index 64740e07..2a5e7c04 100644 --- a/src/_endpoints/spotlight_evaluation_logic.ts +++ b/src/_endpoints/spotlight_evaluation_logic.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: spotlight evaluation logic * consumed and interpreted by Falcon.command(...) */ -export var _spotlight_evaluation_logic_endpoints: Array = [ +export const _spotlight_evaluation_logic_endpoints: Array = [ ["combinedQueryEvaluationLogic", "GET", "/spotlight/combined/evaluation-logic/v1", "Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.", "spotlight_evaluation_logic", [{ "type": "string", "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", diff --git a/src/_endpoints/spotlight_vulnerabilities.ts b/src/_endpoints/spotlight_vulnerabilities.ts index c598d0c7..165009f2 100644 --- a/src/_endpoints/spotlight_vulnerabilities.ts +++ b/src/_endpoints/spotlight_vulnerabilities.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: spotlight vulnerabilities * consumed and interpreted by Falcon.command(...) */ -export var _spotlight_vulnerabilities_endpoints: Array = [ +export const _spotlight_vulnerabilities_endpoints: Array = [ ["combinedQueryVulnerabilities", "GET", "/spotlight/combined/vulnerabilities/v1", "Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria", "spotlight_vulnerabilities", [{ "type": "string", "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", @@ -32,7 +32,7 @@ export var _spotlight_vulnerabilities_endpoints: Array = [ "type": "string" }, "collectionFormat": "multi", - "description": "Select various details blocks to be returned for each vulnerability entity. Supported values:\n\n
  • host_info
  • remediation
  • cve
  • evaluation_logic
", + "description": "Select constious details blocks to be returned for each vulnerability entity. Supported values:\n\n
  • host_info
  • remediation
  • cve
  • evaluation_logic
", "name": "facet", "in": "query" }]], diff --git a/src/_endpoints/tailored_intelligence.ts b/src/_endpoints/tailored_intelligence.ts index ac6d0f68..5d01a542 100644 --- a/src/_endpoints/tailored_intelligence.ts +++ b/src/_endpoints/tailored_intelligence.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: tailored intelligence * consumed and interpreted by Falcon.command(...) */ -export var _tailored_intelligence_endpoints: Array = [ +export const _tailored_intelligence_endpoints: Array = [ ["GetEventsBody", "GET", "/ti/events/entities/events-full-body/v2", "Get event body for the provided event ID", "tailored_intelligence", [{ "type": "string", "description": "Return the event body for event id.", diff --git a/src/_endpoints/user_management.ts b/src/_endpoints/user_management.ts index d46235ee..b19dfc65 100644 --- a/src/_endpoints/user_management.ts +++ b/src/_endpoints/user_management.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: user management * consumed and interpreted by Falcon.command(...) */ -export var _user_management_endpoints: Array = [ +export const _user_management_endpoints: Array = [ ["combinedUserRolesV1", "GET", "/user-management/combined/user-roles/v1", "Get User Grant(s). This endpoint lists both direct as well as flight control grants between a User and a Customer.", "user_management", [{ "type": "string", "description": "User UUID to get available roles for.", @@ -250,7 +250,7 @@ export var _user_management_endpoints: Array = [ "type": "string" }, "collectionFormat": "multi", - "description": "A username. This is usually the user's email address, but may vary based on your configuration.", + "description": "A username. This is usually the user's email address, but may consty based on your configuration.", "name": "uid", "in": "query", "required": 1 diff --git a/src/_endpoints/workflows.ts b/src/_endpoints/workflows.ts index b6e754b1..7ea861b3 100644 --- a/src/_endpoints/workflows.ts +++ b/src/_endpoints/workflows.ts @@ -2,7 +2,7 @@ * contains all method definitions for API: workflows * consumed and interpreted by Falcon.command(...) */ -export var _workflows_endpoints: Array = [ +export const _workflows_endpoints: Array = [ ["WorkflowExecute", "POST", "/workflows/entities/execute/v1", "Executes an on-demand Workflow, the body is JSON used to trigger the execution, the response the execution ID(s)", "workflows", [{ "type": "array", "items": { diff --git a/src/_endpoints/zero_trust_assessment.ts b/src/_endpoints/zero_trust_assessment.ts index b8cb70dd..5fef6007 100644 --- a/src/_endpoints/zero_trust_assessment.ts +++ b/src/_endpoints/zero_trust_assessment.ts @@ -1,4 +1,4 @@ -export var _zero_trust_assessment_endpoints: Array = [ +export const _zero_trust_assessment_endpoints: Array = [ [ "getAssessmentV1", "GET", @@ -113,7 +113,7 @@ export var _zero_trust_assessment_endpoints: Array = [ "type": "string" }, "collectionFormat": "multi", - "description": "Select various details blocks to be returned for each assessment entity. " + + "description": "Select constious details blocks to be returned for each assessment entity. " + "Supported values:\n\n
  • host
  • finding.rule
", "name": "facet", "in": "query" diff --git a/src/endpoints.ts b/src/endpoints.ts index 0f3c60c0..f4e9f679 100644 --- a/src/endpoints.ts +++ b/src/endpoints.ts @@ -57,7 +57,7 @@ import { _real_time_response_admin_endpoints } from "./_endpoints/real_time_resp import { _alerts_endpoints } from "./_endpoints/alerts" /** aggregates ./endpoints into one array for Falcon.command(...) */ -export var api_endpoints: Array = [ +export const api_endpoints: Array = [ _hosts_endpoints .concat(_detects_endpoints) .concat(_zero_trust_assessment_endpoints) diff --git a/src/falcon.ts b/src/falcon.ts index 858302ab..8b79b178 100644 --- a/src/falcon.ts +++ b/src/falcon.ts @@ -1,4 +1,4 @@ -import axios, { Axios } from "axios"; +import axios from "axios"; import { api_endpoints } from "./endpoints" /** @@ -104,21 +104,20 @@ export class Falcon { * @return {Promise} response data */ public async command(args: CommandArguments): Promise { - let cmd = args["commandName"] - let params = args["params"] - let body = args["body"] - for (let i of this.endpoints) { + const cmd = args["commandName"] + const params = args["params"] + const body = args["body"] + for (const i of this.endpoints) { if (i[0] == cmd) { - let url = this.baseUrl + i[2] - let method = i[1].toLowerCase() - let p = params ? params : null - let b = body ? body : null - var headers: { [key: string]: string } - headers = { + const url = this.baseUrl + i[2] + const method = i[1].toLowerCase() + const p = params ? params : null + const b = body ? body : null + const headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer ' + this.token, } - let response = await axios({ + const response = await axios({ method: method, url: url, data: b, @@ -127,7 +126,6 @@ export class Falcon { paramsSerializer: { indexes: null } }); - if (cmd=="getAssessmentV1")console.log(response) return response["data"]["resources"] } From 8e743ae878105dcced5600960a3d050e5ec18a07 Mon Sep 17 00:00:00 2001 From: Josh Lang Date: Tue, 24 Sep 2024 14:33:32 -0600 Subject: [PATCH 5/6] fixed formatting issues --- src/_endpoints/alerts.ts | 154 +- src/_endpoints/cloud_connect_aws.ts | 289 ++- src/_endpoints/cloud_snapshots.ts | 40 +- src/_endpoints/cspm_registration.ts | 1738 +++++++++++------ src/_endpoints/custom_ioa.ts | 682 ++++--- src/_endpoints/custom_storage.ts | 579 +++--- src/_endpoints/d4c_registration.ts | 791 +++++--- src/_endpoints/detects.ts | 224 +-- src/_endpoints/device_control_policies.ts | 474 +++-- src/_endpoints/discover.ts | 468 +++-- src/_endpoints/event_streams.ts | 85 +- src/_endpoints/falcon_complete_dashboard.ts | 594 ++++-- src/_endpoints/falcon_container.ts | 337 ++-- src/_endpoints/falconx_sandbox.ts | 583 ++++-- src/_endpoints/fdr.ts | 168 +- src/_endpoints/filevantage.ts | 980 ++++++---- src/_endpoints/firewall_management.ts | 1263 +++++++----- src/_endpoints/firewall_policies.ts | 470 +++-- src/_endpoints/foundry_logscale.ts | 334 ++-- src/_endpoints/host_group.ts | 537 +++-- src/_endpoints/hosts.ts | 581 +++--- src/_endpoints/identity_protection.ts | 117 +- src/_endpoints/incidents.ts | 259 ++- src/_endpoints/installation_tokens.ts | 277 ++- src/_endpoints/intel.ts | 1105 +++++++---- src/_endpoints/ioa_exclusions.ts | 186 +- src/_endpoints/ioc.ts | 594 ++++-- src/_endpoints/iocs.ts | 465 +++-- src/_endpoints/kubernetes_protection.ts | 899 +++++---- src/_endpoints/malquery.ts | 202 +- src/_endpoints/message_center.ts | 343 ++-- src/_endpoints/ml_exclusions.ts | 182 +- src/_endpoints/mobile_enrollment.ts | 47 +- src/_endpoints/mssp.ts | 1167 +++++++---- src/_endpoints/oauth2.ts | 86 +- src/_endpoints/ods.ts | 640 ++++-- src/_endpoints/overwatch_dashboard.ts | 109 +- src/_endpoints/prevention_policies.ts | 455 +++-- src/_endpoints/quarantine.ts | 168 +- src/_endpoints/quick_scan.ts | 128 +- src/_endpoints/real_time_response.ts | 879 ++++++--- src/_endpoints/real_time_response_admin.ts | 685 ++++--- src/_endpoints/real_time_response_audit.ts | 76 +- src/_endpoints/recon.ts | 849 +++++--- src/_endpoints/report_executions.ts | 141 +- src/_endpoints/response_policies.ts | 455 +++-- src/_endpoints/sample_uploads.ts | 484 +++-- src/_endpoints/scheduled_reports.ts | 118 +- src/_endpoints/sensor_download.ts | 166 +- src/_endpoints/sensor_update_policies.ts | 777 +++++--- .../sensor_visibility_exclusions.ts | 182 +- src/_endpoints/spotlight_evaluation_logic.ts | 147 +- src/_endpoints/spotlight_vulnerabilities.ts | 239 ++- src/_endpoints/tailored_intelligence.ts | 193 +- src/_endpoints/user_management.ts | 732 ++++--- src/_endpoints/workflows.ts | 199 +- src/_endpoints/zero_trust_assessment.ts | 227 ++- src/endpoints.ts | 119 +- src/falcon.ts | 106 +- src/index.ts | 2 +- 60 files changed, 16038 insertions(+), 9538 deletions(-) diff --git a/src/_endpoints/alerts.ts b/src/_endpoints/alerts.ts index 52c47493..65e9b91b 100644 --- a/src/_endpoints/alerts.ts +++ b/src/_endpoints/alerts.ts @@ -3,55 +3,105 @@ * consumed and interpreted by Falcon.command(...) */ export const _alerts_endpoints: Array = [ - ["PostAggregatesAlertsV1", "POST", "/alerts/aggregates/alerts/v1", "retrieves aggregates for Alerts across all CIDs", "alerts", [{ - "description": "request body takes a list of aggregation query requests", - "name": "body", - "in": "body", - "required": 1 - }]], - ["PostEntitiesAlertsV1", "POST", "/alerts/entities/alerts/v1", "retrieves all Alerts given their ids", "alerts", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["PatchEntitiesAlertsV1", "PATCH", "/alerts/entities/alerts/v1", "Perform actions on detections identified by detection ID(s) in request.\nEach action has a name and a description which describes what the action does.\n\nremove_tag - remove a tag from 1 or more detection(s)\nassign_to_user_id - assign 1 or more detection(s) to a user identified by user id (eg: user1@example.com)\nunassign - unassign an previously assigned user from 1 or more detection(s). The value passed to this action is ignored.\nnew_behavior_processed - adds a newly processed behavior to 1 or more detection(s)\nupdate_status - update status for 1 or more detection(s)\nassign_to_uuid - assign 1 or more detection(s) to a user identified by UUID\nadd_tag - add a tag to 1 or more detection(s)\nremove_tags_by_prefix - remove tags with given prefix from 1 or more detection(s)\nappend_comment - appends new comment to existing comments\nassign_to_name - assign 1 or more detection(s) to a user identified by user name\nshow_in_ui - shows 1 or more detection(s) on UI if set to true, hides otherwise. an empty/nil value is also valid\nskip_side_effects - internal only command to skip side effects during Beta phase\n", "alerts", [{ - "description": "request body takes a list of action parameter request that is applied against all \"ids\" provided", - "name": "body", - "in": "body", - "required": 1 - }]], - ["PatchEntitiesAlertsV2", "PATCH", "/alerts/entities/alerts/v2", "Perform actions on detections identified by detection ID(s) in request.\nEach action has a name and a description which describes what the action does.\n\nremove_tag - remove a tag from 1 or more detection(s)\nassign_to_user_id - assign 1 or more detection(s) to a user identified by user id (eg: user1@example.com)\nunassign - unassign an previously assigned user from 1 or more detection(s). The value passed to this action is ignored.\nnew_behavior_processed - adds a newly processed behavior to 1 or more detection(s)\nupdate_status - update status for 1 or more detection(s)\nassign_to_uuid - assign 1 or more detection(s) to a user identified by UUID\nadd_tag - add a tag to 1 or more detection(s)\nremove_tags_by_prefix - remove tags with given prefix from 1 or more detection(s)\nappend_comment - appends new comment to existing comments\nassign_to_name - assign 1 or more detection(s) to a user identified by user name\nshow_in_ui - shows 1 or more detection(s) on UI if set to true, hides otherwise. an empty/nil value is also valid\nskip_side_effects - internal only command to skip side effects during Beta phase\n", "alerts", [{ - "description": "request body takes a list of action parameter request that is applied against all \"ids\" provided", - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetQueriesAlertsV1", "GET", "/alerts/queries/alerts/v1", "retrieves all Alerts ids that match a given query", "alerts", [{ - "type": "integer", - "description": "The first detection to return, where `0` is the latest detection. Use with the `offset` parameter to manage pagination of results.", - "name": "offset", - "in": "query" - }, { - "maximum": 10000, - "minimum": 0, - "type": "integer", - "description": "The maximum number of detections to return in this response (default: 100; max: 10000). Use with the `offset` parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort detections in either `asc` (ascending) or `desc` (descending) order. For example: `status|asc` or `status|desc`.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter detections using a query in Falcon Query Language (FQL). An asterisk wildcard `*` includes all results. \n\nThe full list of valid filter options is extensive. Review it in our [documentation inside the Falcon console](https://falcon.crowdstrike.com/documentation/45/falcon-query-language-fql).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Search all detection metadata for the provided string", - "name": "q", - "in": "query" - }]] -]; \ No newline at end of file + [ + "PostAggregatesAlertsV1", + "POST", + "/alerts/aggregates/alerts/v1", + "retrieves aggregates for Alerts across all CIDs", + "alerts", + [ + { + description: "request body takes a list of aggregation query requests", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "PostEntitiesAlertsV1", + "POST", + "/alerts/entities/alerts/v1", + "retrieves all Alerts given their ids", + "alerts", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "PatchEntitiesAlertsV1", + "PATCH", + "/alerts/entities/alerts/v1", + "Perform actions on detections identified by detection ID(s) in request.\nEach action has a name and a description which describes what the action does.\n\nremove_tag - remove a tag from 1 or more detection(s)\nassign_to_user_id - assign 1 or more detection(s) to a user identified by user id (eg: user1@example.com)\nunassign - unassign an previously assigned user from 1 or more detection(s). The value passed to this action is ignored.\nnew_behavior_processed - adds a newly processed behavior to 1 or more detection(s)\nupdate_status - update status for 1 or more detection(s)\nassign_to_uuid - assign 1 or more detection(s) to a user identified by UUID\nadd_tag - add a tag to 1 or more detection(s)\nremove_tags_by_prefix - remove tags with given prefix from 1 or more detection(s)\nappend_comment - appends new comment to existing comments\nassign_to_name - assign 1 or more detection(s) to a user identified by user name\nshow_in_ui - shows 1 or more detection(s) on UI if set to true, hides otherwise. an empty/nil value is also valid\nskip_side_effects - internal only command to skip side effects during Beta phase\n", + "alerts", + [ + { + description: 'request body takes a list of action parameter request that is applied against all "ids" provided', + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "PatchEntitiesAlertsV2", + "PATCH", + "/alerts/entities/alerts/v2", + "Perform actions on detections identified by detection ID(s) in request.\nEach action has a name and a description which describes what the action does.\n\nremove_tag - remove a tag from 1 or more detection(s)\nassign_to_user_id - assign 1 or more detection(s) to a user identified by user id (eg: user1@example.com)\nunassign - unassign an previously assigned user from 1 or more detection(s). The value passed to this action is ignored.\nnew_behavior_processed - adds a newly processed behavior to 1 or more detection(s)\nupdate_status - update status for 1 or more detection(s)\nassign_to_uuid - assign 1 or more detection(s) to a user identified by UUID\nadd_tag - add a tag to 1 or more detection(s)\nremove_tags_by_prefix - remove tags with given prefix from 1 or more detection(s)\nappend_comment - appends new comment to existing comments\nassign_to_name - assign 1 or more detection(s) to a user identified by user name\nshow_in_ui - shows 1 or more detection(s) on UI if set to true, hides otherwise. an empty/nil value is also valid\nskip_side_effects - internal only command to skip side effects during Beta phase\n", + "alerts", + [ + { + description: 'request body takes a list of action parameter request that is applied against all "ids" provided', + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetQueriesAlertsV1", + "GET", + "/alerts/queries/alerts/v1", + "retrieves all Alerts ids that match a given query", + "alerts", + [ + { + type: "integer", + description: "The first detection to return, where `0` is the latest detection. Use with the `offset` parameter to manage pagination of results.", + name: "offset", + in: "query", + }, + { + maximum: 10000, + minimum: 0, + type: "integer", + description: "The maximum number of detections to return in this response (default: 100; max: 10000). Use with the `offset` parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort detections in either `asc` (ascending) or `desc` (descending) order. For example: `status|asc` or `status|desc`.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter detections using a query in Falcon Query Language (FQL). An asterisk wildcard `*` includes all results. \n\nThe full list of valid filter options is extensive. Review it in our [documentation inside the Falcon console](https://falcon.crowdstrike.com/documentation/45/falcon-query-language-fql).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Search all detection metadata for the provided string", + name: "q", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/cloud_connect_aws.ts b/src/_endpoints/cloud_connect_aws.ts index 78d31864..eac092be 100644 --- a/src/_endpoints/cloud_connect_aws.ts +++ b/src/_endpoints/cloud_connect_aws.ts @@ -3,109 +3,188 @@ * consumed and interpreted by Falcon.command(...) */ export const _cloud_connect_aws_endpoints: Array = [ - ["QueryAWSAccounts", "GET", "/cloud-connect-aws/combined/accounts/v1", "Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria", "cloud_connect_aws", [{ - "maxLength": 1000, - "minLength": 1, - "type": "integer", - "default": 100, - "description": "The maximum records to return. [1-1000]. Defaults to 100.", - "name": "limit", - "in": "query" - }, { - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by (e.g. alias.desc or state.asc)", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }]], + [ + "QueryAWSAccounts", + "GET", + "/cloud-connect-aws/combined/accounts/v1", + "Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria", + "cloud_connect_aws", + [ + { + maxLength: 1000, + minLength: 1, + type: "integer", + default: 100, + description: "The maximum records to return. [1-1000]. Defaults to 100.", + name: "limit", + in: "query", + }, + { + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + type: "string", + description: "The property to sort by (e.g. alias.desc or state.asc)", + name: "sort", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + ], + ], ["GetAWSSettings", "GET", "/cloud-connect-aws/combined/settings/v1", "Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts", "cloud_connect_aws", []], - ["GetAWSAccounts", "GET", "/cloud-connect-aws/entities/accounts/v1", "Retrieve a set of AWS Accounts by specifying their IDs", "cloud_connect_aws", [{ - "maxItems": 5000, - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "IDs of accounts to retrieve details", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["ProvisionAWSAccounts", "POST", "/cloud-connect-aws/entities/accounts/v1", "Provision AWS Accounts by specifying details about the accounts to provision", "cloud_connect_aws", [{ - "enum": ["cloudformation", "manual"], - "type": "string", - "default": "manual", - "description": "Mode for provisioning. Allowed values are `manual` or `cloudformation`. Defaults to manual if not defined.", - "name": "mode", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["UpdateAWSAccounts", "PATCH", "/cloud-connect-aws/entities/accounts/v1", "Update AWS Accounts by specifying the ID of the account and details to update", "cloud_connect_aws", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["DeleteAWSAccounts", "DELETE", "/cloud-connect-aws/entities/accounts/v1", "Delete a set of AWS Accounts by specifying their IDs", "cloud_connect_aws", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "IDs of accounts to remove", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["CreateOrUpdateAWSSettings", "POST", "/cloud-connect-aws/entities/settings/v1", "Create or update Global Settings which are applicable to all provisioned AWS accounts", "cloud_connect_aws", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["VerifyAWSAccountAccess", "POST", "/cloud-connect-aws/entities/verify-account-access/v1", "Performs an Access Verification check on the specified AWS Account IDs", "cloud_connect_aws", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "IDs of accounts to verify access on", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["QueryAWSAccountsForIDs", "GET", "/cloud-connect-aws/queries/accounts/v1", "Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria", "cloud_connect_aws", [{ - "maxLength": 1000, - "minLength": 1, - "type": "integer", - "default": 100, - "description": "The maximum records to return. [1-1000]. Defaults to 100.", - "name": "limit", - "in": "query" - }, { - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by (e.g. alias.desc or state.asc)", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }]] -]; \ No newline at end of file + [ + "GetAWSAccounts", + "GET", + "/cloud-connect-aws/entities/accounts/v1", + "Retrieve a set of AWS Accounts by specifying their IDs", + "cloud_connect_aws", + [ + { + maxItems: 5000, + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "IDs of accounts to retrieve details", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "ProvisionAWSAccounts", + "POST", + "/cloud-connect-aws/entities/accounts/v1", + "Provision AWS Accounts by specifying details about the accounts to provision", + "cloud_connect_aws", + [ + { + enum: ["cloudformation", "manual"], + type: "string", + default: "manual", + description: "Mode for provisioning. Allowed values are `manual` or `cloudformation`. Defaults to manual if not defined.", + name: "mode", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "UpdateAWSAccounts", + "PATCH", + "/cloud-connect-aws/entities/accounts/v1", + "Update AWS Accounts by specifying the ID of the account and details to update", + "cloud_connect_aws", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "DeleteAWSAccounts", + "DELETE", + "/cloud-connect-aws/entities/accounts/v1", + "Delete a set of AWS Accounts by specifying their IDs", + "cloud_connect_aws", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "IDs of accounts to remove", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "CreateOrUpdateAWSSettings", + "POST", + "/cloud-connect-aws/entities/settings/v1", + "Create or update Global Settings which are applicable to all provisioned AWS accounts", + "cloud_connect_aws", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "VerifyAWSAccountAccess", + "POST", + "/cloud-connect-aws/entities/verify-account-access/v1", + "Performs an Access Verification check on the specified AWS Account IDs", + "cloud_connect_aws", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "IDs of accounts to verify access on", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "QueryAWSAccountsForIDs", + "GET", + "/cloud-connect-aws/queries/accounts/v1", + "Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria", + "cloud_connect_aws", + [ + { + maxLength: 1000, + minLength: 1, + type: "integer", + default: 100, + description: "The maximum records to return. [1-1000]. Defaults to 100.", + name: "limit", + in: "query", + }, + { + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + type: "string", + description: "The property to sort by (e.g. alias.desc or state.asc)", + name: "sort", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/cloud_snapshots.ts b/src/_endpoints/cloud_snapshots.ts index 83b98f42..54c2cd3c 100644 --- a/src/_endpoints/cloud_snapshots.ts +++ b/src/_endpoints/cloud_snapshots.ts @@ -3,15 +3,33 @@ * consumed and interpreted by Falcon.command(...) */ export const _cloud_snapshots_endpoints: Array = [ - ["CreateInventory", "POST", "/snapshots/entities/inventories/v1", "Create inventory from data received from snapshot", "inventories", [{ - "name": "body", - "in": "body", - "required": 1 - }]], + [ + "CreateInventory", + "POST", + "/snapshots/entities/inventories/v1", + "Create inventory from data received from snapshot", + "inventories", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], ["GetCredentialsMixin0", "GET", "/snapshots/entities/image-registry-credentials/v1", "Gets the registry credentials", "provision", []], - ["RegisterCspmSnapshotAccount", "POST", "/snapshots/entities/accounts/v1", "Register customer cloud account for snapshot scanning", "registration", [{ - "name": "body", - "in": "body", - "required": 1 - }]] -]; \ No newline at end of file + [ + "RegisterCspmSnapshotAccount", + "POST", + "/snapshots/entities/accounts/v1", + "Register customer cloud account for snapshot scanning", + "registration", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/cspm_registration.ts b/src/_endpoints/cspm_registration.ts index 96691c6e..0a8e1fcb 100644 --- a/src/_endpoints/cspm_registration.ts +++ b/src/_endpoints/cspm_registration.ts @@ -3,647 +3,1097 @@ * consumed and interpreted by Falcon.command(...) */ export const _cspm_registration_endpoints: Array = [ - ["GetCSPMAwsAccount", "GET", "/cloud-connect-cspm-aws/entities/account/v1", "Returns information about the current status of an AWS account.", "cspm_registration", [{ - "maxLength": 4, - "minLength": 3, - "pattern": "^(full|dry)$", - "type": "string", - "description": "Type of scan, dry or full, to perform on selected accounts", - "name": "scan-type", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "AWS account IDs", - "name": "ids", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "AWS IAM role ARNs", - "name": "iam_role_arns", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "AWS organization IDs", - "name": "organization-ids", - "in": "query" - }, { - "pattern": "^(provisioned|operational)$", - "type": "string", - "description": "Account status to filter results by.", - "name": "status", - "in": "query" - }, { - "maxLength": 3, - "minLength": 1, - "type": "integer", - "default": 100, - "description": "The maximum records to return. Defaults to 100.", - "name": "limit", - "in": "query" - }, { - "pattern": "^(true|false)$", - "enum": ["false", "true"], - "type": "string", - "description": "Only return migrated d4c accounts", - "name": "migrated", - "in": "query" - }, { - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "enum": ["organization"], - "type": "string", - "description": "Field to group by.", - "name": "group_by", - "in": "query" - }]], - ["CreateCSPMAwsAccount", "POST", "/cloud-connect-cspm-aws/entities/account/v1", "Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.", "cspm_registration", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["PatchCSPMAwsAccount", "PATCH", "/cloud-connect-cspm-aws/entities/account/v1", "Patches a existing account in our system for a customer.", "cspm_registration", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["DeleteCSPMAwsAccount", "DELETE", "/cloud-connect-cspm-aws/entities/account/v1", "Deletes an existing AWS account or organization in our system.", "cspm_registration", [{ - "type": "array", - "items": { - "maxLength": 12, - "minLength": 12, - "type": "string" - }, - "collectionFormat": "multi", - "description": "AWS account IDs to remove", - "name": "ids", - "in": "query" - }, { - "type": "array", - "items": { - "pattern": "^o-[0-9a-z]{10,32}$", - "type": "string" - }, - "collectionFormat": "multi", - "description": "AWS organization IDs to remove", - "name": "organization-ids", - "in": "query" - }]], - ["GetCSPMAwsConsoleSetupURLs", "GET", "/cloud-connect-cspm-aws/entities/console-setup-urls/v1", "Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.", "cspm_registration", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "AWS account IDs", - "name": "ids", - "in": "query" - }, { - "pattern": "^(true|false)$", - "enum": ["false", "true"], - "type": "string", - "name": "use_existing_cloudtrail", - "in": "query" - }, { - "pattern": "^[0-9a-z-]{2,}$", - "type": "string", - "description": "Region", - "name": "region", - "in": "query" - }]], - ["GetCSPMAwsAccountScriptsAttachment", "GET", "/cloud-connect-cspm-aws/entities/user-scripts-download/v1", "Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.", "cspm_registration", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "AWS account IDs", - "name": "ids", - "in": "query" - }]], - ["GetCSPMAzureAccount", "GET", "/cloud-connect-cspm-azure/entities/account/v1", "Return information about Azure account registration", "cspm_registration", [{ - "type": "array", - "items": { - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-z-]{36}$", - "type": "string" - }, - "collectionFormat": "multi", - "description": "SubscriptionIDs of accounts to select for this status operation. If this is empty then all accounts are returned.", - "name": "ids", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Tenant ids to filter azure accounts", - "name": "tenant_ids", - "in": "query" - }, { - "maxLength": 4, - "minLength": 3, - "pattern": "^(full|dry)$", - "type": "string", - "description": "Type of scan, dry or full, to perform on selected accounts", - "name": "scan-type", - "in": "query" - }, { - "pattern": "^(provisioned|operational)$", - "type": "string", - "description": "Account status to filter results by.", - "name": "status", - "in": "query" - }, { - "maxLength": 3, - "minLength": 1, - "type": "integer", - "default": 100, - "description": "The maximum records to return. Defaults to 100.", - "name": "limit", - "in": "query" - }, { - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }]], - ["CreateCSPMAzureAccount", "POST", "/cloud-connect-cspm-azure/entities/account/v1", "Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.", "cspm_registration", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["DeleteCSPMAzureAccount", "DELETE", "/cloud-connect-cspm-azure/entities/account/v1", "Deletes an Azure subscription from the system.", "cspm_registration", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Azure subscription IDs to remove", - "name": "ids", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Tenant ids to remove", - "name": "tenant_ids", - "in": "query" - }, { - "maxLength": 5, - "minLength": 4, - "pattern": "^(true|false)$", - "type": "string", - "name": "retain_tenant", - "in": "query" - }]], - ["UpdateCSPMAzureAccountClientID", "PATCH", "/cloud-connect-cspm-azure/entities/client-id/v1", "Update an Azure service account in our system by with the user-created client_id created with the public key we've provided", "cspm_registration", [{ - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-z-]{36}$", - "type": "string", - "description": "ClientID to use for the Service Principal associated with the customer's Azure account", - "name": "id", - "in": "query", - "required": 1 - }, { - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-z-]{36}$", - "type": "string", - "description": "Tenant ID to update client ID for. Required if multiple tenants are registered.", - "name": "tenant-id", - "in": "query" - }]], - ["UpdateCSPMAzureTenantDefaultSubscriptionID", "PATCH", "/cloud-connect-cspm-azure/entities/default-subscription-id/v1", "Update an Azure default subscription_id in our system for given tenant_id", "cspm_registration", [{ - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-z-]{36}$", - "type": "string", - "description": "Tenant ID to update client ID for. Required if multiple tenants are registered.", - "name": "tenant-id", - "in": "query" - }, { - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-z-]{36}$", - "type": "string", - "description": "Default Subscription ID to patch for all subscriptions belonged to a tenant.", - "name": "subscription_id", - "in": "query", - "required": 1 - }]], - ["AzureDownloadCertificate", "GET", "/cloud-connect-cspm-azure/entities/download-certificate/v1", "Returns JSON object(s) that contain the base64 encoded certificate for a service principal.", "cspm_registration", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Azure Tenant ID", - "name": "tenant_id", - "in": "query", - "required": 1 - }, { - "type": "boolean", - "default": 0, - "description": "Setting to true will invalidate the current certificate and generate a new certificate", - "name": "refresh", - "in": "query" - }, { - "maxLength": 2, - "minLength": 1, - "pattern": "^[0-9]{1,2}$", - "type": "string", - "description": "Years the certificate should be valid (only used when refresh=true)", - "name": "years_valid", - "in": "query" - }]], - ["GetCSPMAzureUserScriptsAttachment", "GET", "/cloud-connect-cspm-azure/entities/user-scripts-download/v1", "Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment", "cspm_registration", [{ - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-z-]{36}$", - "type": "string", - "description": "Tenant ID to generate script for. Defaults to most recently registered tenant.", - "name": "tenant-id", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Subscription IDs to generate script for. Defaults to all.", - "name": "subscription_ids", - "in": "query" - }, { - "pattern": "^(commercial|gov)$", - "enum": ["commercial", "gov"], - "type": "string", - "name": "account_type", - "in": "query" - }, { - "type": "string", - "description": "Template to be rendered", - "name": "template", - "in": "query" - }]], - ["GetBehaviorDetections", "GET", "/detects/entities/ioa/v1", "Get list of detected behaviors", "cspm_registration", [{ - "pattern": "^(aws|azure)$", - "enum": ["aws", "azure"], - "type": "string", - "description": "Cloud Provider (e.g.: aws|azure)", - "name": "cloud_provider", - "in": "query" - }, { - "enum": ["ACM", "ACR", "Any", "App Engine", "AppService", "BigQuery", "Cloud Load Balancing", "Cloud Logging", "Cloud SQL", "Cloud Storage", "CloudFormation", "CloudTrail", "CloudWatch Logs", "Cloudfront", "Compute Engine", "Config", "Disk", "DynamoDB", "EBS", "EC2", "ECR", "EFS", "EKS", "ELB", "EMR", "Elasticache", "GuardDuty", "IAM", "Identity", "KMS", "KeyVault", "Kinesis", "Kubernetes", "Lambda", "LoadBalancer", "Monitor", "NLB/ALB", "NetworkSecurityGroup", "PostgreSQL", "RDS", "Redshift", "S3", "SES", "SNS", "SQLDatabase", "SQLServer", "SQS", "SSM", "Serverless Application Repository", "StorageAccount", "Subscriptions", "VPC", "VirtualMachine", "VirtualNetwork"], - "type": "string", - "description": "Cloud Service (e.g. EC2 | EBS | S3)", - "name": "service", - "in": "query" - }, { - "type": "string", - "description": "Cloud Account ID (e.g.: AWS accountID, Azure subscriptionID)", - "name": "account_id", - "in": "query" - }, { - "type": "string", - "description": "AWS Account ID", - "name": "aws_account_id", - "in": "query" - }, { - "type": "string", - "description": "Azure Subscription ID", - "name": "azure_subscription_id", - "in": "query" - }, { - "type": "string", - "description": "Azure Tenant ID", - "name": "azure_tenant_id", - "in": "query" - }, { - "enum": ["closed", "open"], - "type": "string", - "description": "State (e.g.: open | closed)", - "name": "state", - "in": "query" - }, { - "type": "string", - "description": "Filter to get all events after this date, in format RFC3339 : e.g. 2006-01-02T15:04:05Z07:00", - "name": "date_time_since", - "in": "query" - }, { - "type": "string", - "default": "24h", - "description": "Filter events using a duration string (e.g. 24h)", - "name": "since", - "in": "query" - }, { - "enum": ["Critical", "High", "Informational", "Medium"], - "type": "string", - "description": "Policy Severity", - "name": "severity", - "in": "query" - }, { - "type": "string", - "description": "String to get next page of results, is associated with a previous execution of GetBehaviorDetections. Must include all filters from previous execution.", - "name": "next_token", - "in": "query" - }, { - "pattern": "^\\d+$", - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Resource ID", - "name": "resource_id", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Resource UUID", - "name": "resource_uuid", - "in": "query" - }]], - ["GetConfigurationDetections", "GET", "/detects/entities/iom/v1", "Get list of active misconfigurations", "cspm_registration", [{ - "enum": ["aws", "azure", "gcp"], - "type": "string", - "description": "Cloud Provider (e.g.: aws|azure|gcp)", - "name": "cloud_provider", - "in": "query" - }, { - "type": "string", - "description": "AWS account ID or GCP Project Number or Azure subscription ID", - "name": "account_id", - "in": "query" - }, { - "type": "string", - "description": "Azure Subscription ID", - "name": "azure_subscription_id", - "in": "query" - }, { - "type": "string", - "description": "Azure Tenant ID", - "name": "azure_tenant_id", - "in": "query" - }, { - "enum": ["all", "new", "reoccurring"], - "type": "string", - "description": "Status (e.g.: new|reoccurring|all)", - "name": "status", - "in": "query" - }, { - "pattern": "^[0-9a-z-]{2,}$", - "type": "string", - "description": "Cloud Provider Region", - "name": "region", - "in": "query" - }, { - "enum": ["High", "Informational", "Medium"], - "type": "string", - "description": "Severity (e.g.: High | Medium | Informational)", - "name": "severity", - "in": "query" - }, { - "enum": ["ACM", "ACR", "Any", "App Engine", "AppService", "BigQuery", "Cloud Load Balancing", "Cloud Logging", "Cloud SQL", "Cloud Storage", "CloudFormation", "CloudTrail", "CloudWatch Logs", "Cloudfront", "Compute Engine", "Config", "Disk", "DynamoDB", "EBS", "EC2", "ECR", "EFS", "EKS", "ELB", "EMR", "Elasticache", "GuardDuty", "IAM", "Identity", "KMS", "KeyVault", "Kinesis", "Kubernetes", "Lambda", "LoadBalancer", "Monitor", "NLB/ALB", "NetworkSecurityGroup", "PostgreSQL", "RDS", "Redshift", "S3", "SES", "SNS", "SQLDatabase", "SQLServer", "SQS", "SSM", "Serverless Application Repository", "StorageAccount", "Subscriptions", "VPC", "VirtualMachine", "VirtualNetwork"], - "type": "string", - "description": "Cloud Service (e.g.: EBS|EC2|S3 etc.)", - "name": "service", - "in": "query" - }, { - "type": "string", - "description": "String to get next page of results, is associated with a previous execution of GetConfigurationDetections. Cannot be combined with any filter except limit.", - "name": "next_token", - "in": "query" - }, { - "pattern": "^\\d+$", - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }]], - ["GetConfigurationDetectionEntities", "GET", "/detects/entities/iom/v2", "Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections.", "cspm_registration", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "detection ids", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetConfigurationDetectionIDsV2", "GET", "/detects/queries/iom/v2", "Get list of active misconfiguration ids - including custom policy detections in addition to default policy detections.", "cspm_registration", [{ - "type": "string", - "description": "use_current_scan_ids - *use this to get records for latest scans*\naccount_name\naccount_id\nagent_id\nattack_types\nazure_subscription_id\ncloud_provider\ncloud_service_keyword\ncustom_policy_id\nis_managed\npolicy_id\npolicy_type\nresource_id\nregion\nstatus\nscan_time\nseverity\nseverity_string\n", - "name": "filter", - "in": "query" - }, { - "type": "string", - "default": "timestamp|desc", - "description": "account_name\naccount_id\nattack_types\nazure_subscription_id\ncloud_provider\ncloud_service_keyword\nstatus\nis_managed\npolicy_id\npolicy_type\nresource_id\nregion\nscan_time\nseverity\nseverity_string\ntimestamp", - "name": "sort", - "in": "query" - }, { - "maximum": 1000, - "minimum": 0, - "type": "integer", - "default": 500, - "description": "The max number of detections to return", - "name": "limit", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "Offset returned detections", - "name": "offset", - "in": "query" - }]], - ["GetIOAEvents", "GET", "/ioa/entities/events/v1", "For CSPM IOA events, gets list of IOA events.", "cspm_registration", [{ - "pattern": "^\\d+$", - "type": "string", - "description": "Policy ID", - "name": "policy_id", - "in": "query", - "required": 1 - }, { - "pattern": "^(aws|azure|gcp)$", - "type": "string", - "description": "Cloud Provider (e.g.: aws|azure|gcp)", - "name": "cloud_provider", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Cloud account ID (e.g.: AWS accountID, Azure subscriptionID)", - "name": "account_id", - "in": "query" - }, { - "type": "string", - "description": "AWS accountID", - "name": "aws_account_id", - "in": "query" - }, { - "type": "string", - "description": "Azure subscription ID", - "name": "azure_subscription_id", - "in": "query" - }, { - "type": "string", - "description": "Azure tenant ID", - "name": "azure_tenant_id", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "user IDs", - "name": "user_ids", - "in": "query" - }, { - "type": "string", - "description": "state", - "name": "state", - "in": "query" - }, { - "type": "integer", - "description": "Starting index of overall result set from which to return events.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }]], - ["GetIOAUsers", "GET", "/ioa/entities/users/v1", "For CSPM IOA users, gets list of IOA users.", "cspm_registration", [{ - "pattern": "^\\d+$", - "type": "string", - "description": "Policy ID", - "name": "policy_id", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "state", - "name": "state", - "in": "query" - }, { - "pattern": "^(aws|azure|gcp)$", - "type": "string", - "description": "Cloud Provider (e.g.: aws|azure|gcp)", - "name": "cloud_provider", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Cloud account ID (e.g.: AWS accountID, Azure subscriptionID)", - "name": "account_id", - "in": "query" - }, { - "type": "string", - "description": "AWS accountID", - "name": "aws_account_id", - "in": "query" - }, { - "type": "string", - "description": "Azure subscription ID", - "name": "azure_subscription_id", - "in": "query" - }, { - "type": "string", - "description": "Azure tenant ID", - "name": "azure_tenant_id", - "in": "query" - }]], - ["GetCSPMPolicy", "GET", "/settings/entities/policy-details/v1", "Given a policy ID, returns detailed policy information.", "cspm_registration", [{ - "pattern": "\\d{*}", - "type": "string", - "description": "Policy ID", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetCSPMPoliciesDetails", "GET", "/settings/entities/policy-details/v2", "Given an array of policy IDs, returns detailed policies information.", "cspm_registration", [{ - "type": "array", - "items": { - "type": "integer" - }, - "collectionFormat": "multi", - "description": "Policy IDs", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetCSPMPolicySettings", "GET", "/settings/entities/policy/v1", "Returns information about current policy settings.", "cspm_registration", [{ - "enum": ["ACM", "ACR", "AppService", "CloudFormation", "CloudTrail", "CloudWatch Logs", "Cloudfront", "Config", "Disk", "DynamoDB", "EBS", "EC2", "ECR", "EFS", "EKS", "ELB", "EMR", "Elasticache", "GuardDuty", "IAM", "Identity", "KMS", "KeyVault", "Kinesis", "Kubernetes", "Lambda", "LoadBalancer", "Monitor", "NLB/ALB", "NetworkSecurityGroup", "PostgreSQL", "RDS", "Redshift", "S3", "SES", "SNS", "SQLDatabase", "SQLServer", "SQS", "SSM", "Serverless Application Repository", "StorageAccount", "Subscriptions", "VirtualMachine", "VirtualNetwork"], - "type": "string", - "description": "Service type to filter policy settings by.", - "name": "service", - "in": "query" - }, { - "pattern": "^\\d+$", - "type": "string", - "description": "Policy ID", - "name": "policy-id", - "in": "query" - }, { - "pattern": "^(aws|azure|gcp)$", - "enum": ["aws", "azure", "gcp"], - "type": "string", - "description": "Cloud Platform (e.g.: aws|azure|gcp)", - "name": "cloud-platform", - "in": "query" - }]], - ["UpdateCSPMPolicySettings", "PATCH", "/settings/entities/policy/v1", "Updates a policy setting - can be used to override policy severity or to disable a policy entirely.", "cspm_registration", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetCSPMScanSchedule", "GET", "/settings/scan-schedule/v1", "Returns scan schedule configuration for one or more cloud platforms.", "cspm_registration", [{ - "type": "array", - "items": { - "maxLength": 5, - "minLength": 3, - "pattern": "^(aws|azure|gcp)$", - "type": "string" - }, - "collectionFormat": "multi", - "description": "Cloud Platform", - "name": "cloud-platform", - "in": "query" - }]], - ["UpdateCSPMScanSchedule", "POST", "/settings/scan-schedule/v1", "Updates scan schedule configuration for one or more cloud platforms.", "cspm_registration", [{ - "name": "body", - "in": "body", - "required": 1 - }]] -]; \ No newline at end of file + [ + "GetCSPMAwsAccount", + "GET", + "/cloud-connect-cspm-aws/entities/account/v1", + "Returns information about the current status of an AWS account.", + "cspm_registration", + [ + { + maxLength: 4, + minLength: 3, + pattern: "^(full|dry)$", + type: "string", + description: "Type of scan, dry or full, to perform on selected accounts", + name: "scan-type", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "AWS account IDs", + name: "ids", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "AWS IAM role ARNs", + name: "iam_role_arns", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "AWS organization IDs", + name: "organization-ids", + in: "query", + }, + { + pattern: "^(provisioned|operational)$", + type: "string", + description: "Account status to filter results by.", + name: "status", + in: "query", + }, + { + maxLength: 3, + minLength: 1, + type: "integer", + default: 100, + description: "The maximum records to return. Defaults to 100.", + name: "limit", + in: "query", + }, + { + pattern: "^(true|false)$", + enum: ["false", "true"], + type: "string", + description: "Only return migrated d4c accounts", + name: "migrated", + in: "query", + }, + { + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + enum: ["organization"], + type: "string", + description: "Field to group by.", + name: "group_by", + in: "query", + }, + ], + ], + [ + "CreateCSPMAwsAccount", + "POST", + "/cloud-connect-cspm-aws/entities/account/v1", + "Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.", + "cspm_registration", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "PatchCSPMAwsAccount", + "PATCH", + "/cloud-connect-cspm-aws/entities/account/v1", + "Patches a existing account in our system for a customer.", + "cspm_registration", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "DeleteCSPMAwsAccount", + "DELETE", + "/cloud-connect-cspm-aws/entities/account/v1", + "Deletes an existing AWS account or organization in our system.", + "cspm_registration", + [ + { + type: "array", + items: { + maxLength: 12, + minLength: 12, + type: "string", + }, + collectionFormat: "multi", + description: "AWS account IDs to remove", + name: "ids", + in: "query", + }, + { + type: "array", + items: { + pattern: "^o-[0-9a-z]{10,32}$", + type: "string", + }, + collectionFormat: "multi", + description: "AWS organization IDs to remove", + name: "organization-ids", + in: "query", + }, + ], + ], + [ + "GetCSPMAwsConsoleSetupURLs", + "GET", + "/cloud-connect-cspm-aws/entities/console-setup-urls/v1", + "Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.", + "cspm_registration", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "AWS account IDs", + name: "ids", + in: "query", + }, + { + pattern: "^(true|false)$", + enum: ["false", "true"], + type: "string", + name: "use_existing_cloudtrail", + in: "query", + }, + { + pattern: "^[0-9a-z-]{2,}$", + type: "string", + description: "Region", + name: "region", + in: "query", + }, + ], + ], + [ + "GetCSPMAwsAccountScriptsAttachment", + "GET", + "/cloud-connect-cspm-aws/entities/user-scripts-download/v1", + "Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.", + "cspm_registration", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "AWS account IDs", + name: "ids", + in: "query", + }, + ], + ], + [ + "GetCSPMAzureAccount", + "GET", + "/cloud-connect-cspm-azure/entities/account/v1", + "Return information about Azure account registration", + "cspm_registration", + [ + { + type: "array", + items: { + maxLength: 36, + minLength: 36, + pattern: "^[0-9a-z-]{36}$", + type: "string", + }, + collectionFormat: "multi", + description: "SubscriptionIDs of accounts to select for this status operation. If this is empty then all accounts are returned.", + name: "ids", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Tenant ids to filter azure accounts", + name: "tenant_ids", + in: "query", + }, + { + maxLength: 4, + minLength: 3, + pattern: "^(full|dry)$", + type: "string", + description: "Type of scan, dry or full, to perform on selected accounts", + name: "scan-type", + in: "query", + }, + { + pattern: "^(provisioned|operational)$", + type: "string", + description: "Account status to filter results by.", + name: "status", + in: "query", + }, + { + maxLength: 3, + minLength: 1, + type: "integer", + default: 100, + description: "The maximum records to return. Defaults to 100.", + name: "limit", + in: "query", + }, + { + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + ], + ], + [ + "CreateCSPMAzureAccount", + "POST", + "/cloud-connect-cspm-azure/entities/account/v1", + "Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.", + "cspm_registration", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "DeleteCSPMAzureAccount", + "DELETE", + "/cloud-connect-cspm-azure/entities/account/v1", + "Deletes an Azure subscription from the system.", + "cspm_registration", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Azure subscription IDs to remove", + name: "ids", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Tenant ids to remove", + name: "tenant_ids", + in: "query", + }, + { + maxLength: 5, + minLength: 4, + pattern: "^(true|false)$", + type: "string", + name: "retain_tenant", + in: "query", + }, + ], + ], + [ + "UpdateCSPMAzureAccountClientID", + "PATCH", + "/cloud-connect-cspm-azure/entities/client-id/v1", + "Update an Azure service account in our system by with the user-created client_id created with the public key we've provided", + "cspm_registration", + [ + { + maxLength: 36, + minLength: 36, + pattern: "^[0-9a-z-]{36}$", + type: "string", + description: "ClientID to use for the Service Principal associated with the customer's Azure account", + name: "id", + in: "query", + required: 1, + }, + { + maxLength: 36, + minLength: 36, + pattern: "^[0-9a-z-]{36}$", + type: "string", + description: "Tenant ID to update client ID for. Required if multiple tenants are registered.", + name: "tenant-id", + in: "query", + }, + ], + ], + [ + "UpdateCSPMAzureTenantDefaultSubscriptionID", + "PATCH", + "/cloud-connect-cspm-azure/entities/default-subscription-id/v1", + "Update an Azure default subscription_id in our system for given tenant_id", + "cspm_registration", + [ + { + maxLength: 36, + minLength: 36, + pattern: "^[0-9a-z-]{36}$", + type: "string", + description: "Tenant ID to update client ID for. Required if multiple tenants are registered.", + name: "tenant-id", + in: "query", + }, + { + maxLength: 36, + minLength: 36, + pattern: "^[0-9a-z-]{36}$", + type: "string", + description: "Default Subscription ID to patch for all subscriptions belonged to a tenant.", + name: "subscription_id", + in: "query", + required: 1, + }, + ], + ], + [ + "AzureDownloadCertificate", + "GET", + "/cloud-connect-cspm-azure/entities/download-certificate/v1", + "Returns JSON object(s) that contain the base64 encoded certificate for a service principal.", + "cspm_registration", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Azure Tenant ID", + name: "tenant_id", + in: "query", + required: 1, + }, + { + type: "boolean", + default: 0, + description: "Setting to true will invalidate the current certificate and generate a new certificate", + name: "refresh", + in: "query", + }, + { + maxLength: 2, + minLength: 1, + pattern: "^[0-9]{1,2}$", + type: "string", + description: "Years the certificate should be valid (only used when refresh=true)", + name: "years_valid", + in: "query", + }, + ], + ], + [ + "GetCSPMAzureUserScriptsAttachment", + "GET", + "/cloud-connect-cspm-azure/entities/user-scripts-download/v1", + "Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment", + "cspm_registration", + [ + { + maxLength: 36, + minLength: 36, + pattern: "^[0-9a-z-]{36}$", + type: "string", + description: "Tenant ID to generate script for. Defaults to most recently registered tenant.", + name: "tenant-id", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Subscription IDs to generate script for. Defaults to all.", + name: "subscription_ids", + in: "query", + }, + { + pattern: "^(commercial|gov)$", + enum: ["commercial", "gov"], + type: "string", + name: "account_type", + in: "query", + }, + { + type: "string", + description: "Template to be rendered", + name: "template", + in: "query", + }, + ], + ], + [ + "GetBehaviorDetections", + "GET", + "/detects/entities/ioa/v1", + "Get list of detected behaviors", + "cspm_registration", + [ + { + pattern: "^(aws|azure)$", + enum: ["aws", "azure"], + type: "string", + description: "Cloud Provider (e.g.: aws|azure)", + name: "cloud_provider", + in: "query", + }, + { + enum: [ + "ACM", + "ACR", + "Any", + "App Engine", + "AppService", + "BigQuery", + "Cloud Load Balancing", + "Cloud Logging", + "Cloud SQL", + "Cloud Storage", + "CloudFormation", + "CloudTrail", + "CloudWatch Logs", + "Cloudfront", + "Compute Engine", + "Config", + "Disk", + "DynamoDB", + "EBS", + "EC2", + "ECR", + "EFS", + "EKS", + "ELB", + "EMR", + "Elasticache", + "GuardDuty", + "IAM", + "Identity", + "KMS", + "KeyVault", + "Kinesis", + "Kubernetes", + "Lambda", + "LoadBalancer", + "Monitor", + "NLB/ALB", + "NetworkSecurityGroup", + "PostgreSQL", + "RDS", + "Redshift", + "S3", + "SES", + "SNS", + "SQLDatabase", + "SQLServer", + "SQS", + "SSM", + "Serverless Application Repository", + "StorageAccount", + "Subscriptions", + "VPC", + "VirtualMachine", + "VirtualNetwork", + ], + type: "string", + description: "Cloud Service (e.g. EC2 | EBS | S3)", + name: "service", + in: "query", + }, + { + type: "string", + description: "Cloud Account ID (e.g.: AWS accountID, Azure subscriptionID)", + name: "account_id", + in: "query", + }, + { + type: "string", + description: "AWS Account ID", + name: "aws_account_id", + in: "query", + }, + { + type: "string", + description: "Azure Subscription ID", + name: "azure_subscription_id", + in: "query", + }, + { + type: "string", + description: "Azure Tenant ID", + name: "azure_tenant_id", + in: "query", + }, + { + enum: ["closed", "open"], + type: "string", + description: "State (e.g.: open | closed)", + name: "state", + in: "query", + }, + { + type: "string", + description: "Filter to get all events after this date, in format RFC3339 : e.g. 2006-01-02T15:04:05Z07:00", + name: "date_time_since", + in: "query", + }, + { + type: "string", + default: "24h", + description: "Filter events using a duration string (e.g. 24h)", + name: "since", + in: "query", + }, + { + enum: ["Critical", "High", "Informational", "Medium"], + type: "string", + description: "Policy Severity", + name: "severity", + in: "query", + }, + { + type: "string", + description: "String to get next page of results, is associated with a previous execution of GetBehaviorDetections. Must include all filters from previous execution.", + name: "next_token", + in: "query", + }, + { + pattern: "^\\d+$", + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Resource ID", + name: "resource_id", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Resource UUID", + name: "resource_uuid", + in: "query", + }, + ], + ], + [ + "GetConfigurationDetections", + "GET", + "/detects/entities/iom/v1", + "Get list of active misconfigurations", + "cspm_registration", + [ + { + enum: ["aws", "azure", "gcp"], + type: "string", + description: "Cloud Provider (e.g.: aws|azure|gcp)", + name: "cloud_provider", + in: "query", + }, + { + type: "string", + description: "AWS account ID or GCP Project Number or Azure subscription ID", + name: "account_id", + in: "query", + }, + { + type: "string", + description: "Azure Subscription ID", + name: "azure_subscription_id", + in: "query", + }, + { + type: "string", + description: "Azure Tenant ID", + name: "azure_tenant_id", + in: "query", + }, + { + enum: ["all", "new", "reoccurring"], + type: "string", + description: "Status (e.g.: new|reoccurring|all)", + name: "status", + in: "query", + }, + { + pattern: "^[0-9a-z-]{2,}$", + type: "string", + description: "Cloud Provider Region", + name: "region", + in: "query", + }, + { + enum: ["High", "Informational", "Medium"], + type: "string", + description: "Severity (e.g.: High | Medium | Informational)", + name: "severity", + in: "query", + }, + { + enum: [ + "ACM", + "ACR", + "Any", + "App Engine", + "AppService", + "BigQuery", + "Cloud Load Balancing", + "Cloud Logging", + "Cloud SQL", + "Cloud Storage", + "CloudFormation", + "CloudTrail", + "CloudWatch Logs", + "Cloudfront", + "Compute Engine", + "Config", + "Disk", + "DynamoDB", + "EBS", + "EC2", + "ECR", + "EFS", + "EKS", + "ELB", + "EMR", + "Elasticache", + "GuardDuty", + "IAM", + "Identity", + "KMS", + "KeyVault", + "Kinesis", + "Kubernetes", + "Lambda", + "LoadBalancer", + "Monitor", + "NLB/ALB", + "NetworkSecurityGroup", + "PostgreSQL", + "RDS", + "Redshift", + "S3", + "SES", + "SNS", + "SQLDatabase", + "SQLServer", + "SQS", + "SSM", + "Serverless Application Repository", + "StorageAccount", + "Subscriptions", + "VPC", + "VirtualMachine", + "VirtualNetwork", + ], + type: "string", + description: "Cloud Service (e.g.: EBS|EC2|S3 etc.)", + name: "service", + in: "query", + }, + { + type: "string", + description: "String to get next page of results, is associated with a previous execution of GetConfigurationDetections. Cannot be combined with any filter except limit.", + name: "next_token", + in: "query", + }, + { + pattern: "^\\d+$", + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + ], + ], + [ + "GetConfigurationDetectionEntities", + "GET", + "/detects/entities/iom/v2", + "Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections.", + "cspm_registration", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "detection ids", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetConfigurationDetectionIDsV2", + "GET", + "/detects/queries/iom/v2", + "Get list of active misconfiguration ids - including custom policy detections in addition to default policy detections.", + "cspm_registration", + [ + { + type: "string", + description: + "use_current_scan_ids - *use this to get records for latest scans*\naccount_name\naccount_id\nagent_id\nattack_types\nazure_subscription_id\ncloud_provider\ncloud_service_keyword\ncustom_policy_id\nis_managed\npolicy_id\npolicy_type\nresource_id\nregion\nstatus\nscan_time\nseverity\nseverity_string\n", + name: "filter", + in: "query", + }, + { + type: "string", + default: "timestamp|desc", + description: + "account_name\naccount_id\nattack_types\nazure_subscription_id\ncloud_provider\ncloud_service_keyword\nstatus\nis_managed\npolicy_id\npolicy_type\nresource_id\nregion\nscan_time\nseverity\nseverity_string\ntimestamp", + name: "sort", + in: "query", + }, + { + maximum: 1000, + minimum: 0, + type: "integer", + default: 500, + description: "The max number of detections to return", + name: "limit", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "Offset returned detections", + name: "offset", + in: "query", + }, + ], + ], + [ + "GetIOAEvents", + "GET", + "/ioa/entities/events/v1", + "For CSPM IOA events, gets list of IOA events.", + "cspm_registration", + [ + { + pattern: "^\\d+$", + type: "string", + description: "Policy ID", + name: "policy_id", + in: "query", + required: 1, + }, + { + pattern: "^(aws|azure|gcp)$", + type: "string", + description: "Cloud Provider (e.g.: aws|azure|gcp)", + name: "cloud_provider", + in: "query", + required: 1, + }, + { + type: "string", + description: "Cloud account ID (e.g.: AWS accountID, Azure subscriptionID)", + name: "account_id", + in: "query", + }, + { + type: "string", + description: "AWS accountID", + name: "aws_account_id", + in: "query", + }, + { + type: "string", + description: "Azure subscription ID", + name: "azure_subscription_id", + in: "query", + }, + { + type: "string", + description: "Azure tenant ID", + name: "azure_tenant_id", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "user IDs", + name: "user_ids", + in: "query", + }, + { + type: "string", + description: "state", + name: "state", + in: "query", + }, + { + type: "integer", + description: "Starting index of overall result set from which to return events.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + ], + ], + [ + "GetIOAUsers", + "GET", + "/ioa/entities/users/v1", + "For CSPM IOA users, gets list of IOA users.", + "cspm_registration", + [ + { + pattern: "^\\d+$", + type: "string", + description: "Policy ID", + name: "policy_id", + in: "query", + required: 1, + }, + { + type: "string", + description: "state", + name: "state", + in: "query", + }, + { + pattern: "^(aws|azure|gcp)$", + type: "string", + description: "Cloud Provider (e.g.: aws|azure|gcp)", + name: "cloud_provider", + in: "query", + required: 1, + }, + { + type: "string", + description: "Cloud account ID (e.g.: AWS accountID, Azure subscriptionID)", + name: "account_id", + in: "query", + }, + { + type: "string", + description: "AWS accountID", + name: "aws_account_id", + in: "query", + }, + { + type: "string", + description: "Azure subscription ID", + name: "azure_subscription_id", + in: "query", + }, + { + type: "string", + description: "Azure tenant ID", + name: "azure_tenant_id", + in: "query", + }, + ], + ], + [ + "GetCSPMPolicy", + "GET", + "/settings/entities/policy-details/v1", + "Given a policy ID, returns detailed policy information.", + "cspm_registration", + [ + { + pattern: "\\d{*}", + type: "string", + description: "Policy ID", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetCSPMPoliciesDetails", + "GET", + "/settings/entities/policy-details/v2", + "Given an array of policy IDs, returns detailed policies information.", + "cspm_registration", + [ + { + type: "array", + items: { + type: "integer", + }, + collectionFormat: "multi", + description: "Policy IDs", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetCSPMPolicySettings", + "GET", + "/settings/entities/policy/v1", + "Returns information about current policy settings.", + "cspm_registration", + [ + { + enum: [ + "ACM", + "ACR", + "AppService", + "CloudFormation", + "CloudTrail", + "CloudWatch Logs", + "Cloudfront", + "Config", + "Disk", + "DynamoDB", + "EBS", + "EC2", + "ECR", + "EFS", + "EKS", + "ELB", + "EMR", + "Elasticache", + "GuardDuty", + "IAM", + "Identity", + "KMS", + "KeyVault", + "Kinesis", + "Kubernetes", + "Lambda", + "LoadBalancer", + "Monitor", + "NLB/ALB", + "NetworkSecurityGroup", + "PostgreSQL", + "RDS", + "Redshift", + "S3", + "SES", + "SNS", + "SQLDatabase", + "SQLServer", + "SQS", + "SSM", + "Serverless Application Repository", + "StorageAccount", + "Subscriptions", + "VirtualMachine", + "VirtualNetwork", + ], + type: "string", + description: "Service type to filter policy settings by.", + name: "service", + in: "query", + }, + { + pattern: "^\\d+$", + type: "string", + description: "Policy ID", + name: "policy-id", + in: "query", + }, + { + pattern: "^(aws|azure|gcp)$", + enum: ["aws", "azure", "gcp"], + type: "string", + description: "Cloud Platform (e.g.: aws|azure|gcp)", + name: "cloud-platform", + in: "query", + }, + ], + ], + [ + "UpdateCSPMPolicySettings", + "PATCH", + "/settings/entities/policy/v1", + "Updates a policy setting - can be used to override policy severity or to disable a policy entirely.", + "cspm_registration", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetCSPMScanSchedule", + "GET", + "/settings/scan-schedule/v1", + "Returns scan schedule configuration for one or more cloud platforms.", + "cspm_registration", + [ + { + type: "array", + items: { + maxLength: 5, + minLength: 3, + pattern: "^(aws|azure|gcp)$", + type: "string", + }, + collectionFormat: "multi", + description: "Cloud Platform", + name: "cloud-platform", + in: "query", + }, + ], + ], + [ + "UpdateCSPMScanSchedule", + "POST", + "/settings/scan-schedule/v1", + "Updates scan schedule configuration for one or more cloud platforms.", + "cspm_registration", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/custom_ioa.ts b/src/_endpoints/custom_ioa.ts index 26e7b2aa..50f77489 100644 --- a/src/_endpoints/custom_ioa.ts +++ b/src/_endpoints/custom_ioa.ts @@ -3,242 +3,446 @@ * consumed and interpreted by Falcon.command(...) */ export const _custom_ioa_endpoints: Array = [ - ["get_patterns", "GET", "/ioarules/entities/pattern-severities/v1", "Get pattern severities by ID.", "custom_ioa", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the entities", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["get_platformsMixin0", "GET", "/ioarules/entities/platforms/v1", "Get platforms by ID.", "custom_ioa", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the entities", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["get_rule_groupsMixin0", "GET", "/ioarules/entities/rule-groups/v1", "Get rule groups by ID.", "custom_ioa", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the entities", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["create_rule_groupMixin0", "POST", "/ioarules/entities/rule-groups/v1", "Create a rule group for a platform with a name and an optional description. Returns the rule group.", "custom_ioa", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["update_rule_groupMixin0", "PATCH", "/ioarules/entities/rule-groups/v1", "Update a rule group. The following properties can be modified: name, description, enabled.", "custom_ioa", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["delete_rule_groupsMixin0", "DELETE", "/ioarules/entities/rule-groups/v1", "Delete rule groups by ID.", "custom_ioa", [{ - "type": "string", - "description": "Explains why the entity is being deleted", - "name": "comment", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the entities", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["get_rule_types", "GET", "/ioarules/entities/rule-types/v1", "Get rule types by ID.", "custom_ioa", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the entities", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["get_rules_get", "POST", "/ioarules/entities/rules/GET/v1", "Get rules by ID and optionally version in the following format: `ID[:version]`.", "custom_ioa", [{ - "description": "The \"ids\" field contains a list of the rules to retrieve.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["get_rulesMixin0", "GET", "/ioarules/entities/rules/v1", "Get rules by ID and optionally version in the following format: `ID[:version]`. The max number of IDs is constrained by URL size.", "custom_ioa", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the entities", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["create_rule", "POST", "/ioarules/entities/rules/v1", "Create a rule within a rule group. Returns the rule.", "custom_ioa", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["update_rules", "PATCH", "/ioarules/entities/rules/v1", "Update rules within a rule group. Return the updated rules.", "custom_ioa", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["delete_rules", "DELETE", "/ioarules/entities/rules/v1", "Delete rules from a rule group by ID.", "custom_ioa", [{ - "type": "string", - "description": "The parent rule group", - "name": "rule_group_id", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Explains why the entity is being deleted", - "name": "comment", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the entities", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["validate", "POST", "/ioarules/entities/rules/validate/v1", "Validates field values and checks for matches if a test string is provided.", "custom_ioa", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["query_patterns", "GET", "/ioarules/queries/pattern-severities/v1", "Get all pattern severity IDs.", "custom_ioa", [{ - "type": "string", - "description": "Starting index of overall result set from which to return IDs", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of IDs to return", - "name": "limit", - "in": "query" - }]], - ["query_platformsMixin0", "GET", "/ioarules/queries/platforms/v1", "Get all platform IDs.", "custom_ioa", [{ - "type": "string", - "description": "Starting index of overall result set from which to return IDs", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of IDs to return", - "name": "limit", - "in": "query" - }]], - ["query_rule_groups_full", "GET", "/ioarules/queries/rule-groups-full/v1", "Find all rule groups matching the query with optional filter.", "custom_ioa", [{ - "enum": ["created_by", "created_on", "enabled", "modified_by", "modified_on", "name"], - "type": "string", - "description": "Possible order by fields: {created_by, created_on, modified_by, modified_on, enabled, name}", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match query criteria, which includes all the filter string fields", - "name": "q", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return IDs", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of IDs to return", - "name": "limit", - "in": "query" - }]], - ["query_rule_groupsMixin0", "GET", "/ioarules/queries/rule-groups/v1", "Finds all rule group IDs matching the query with optional filter.", "custom_ioa", [{ - "enum": ["created_by", "created_on", "enabled", "modified_by", "modified_on", "name"], - "type": "string", - "description": "Possible order by fields: {created_by, created_on, modified_by, modified_on, enabled, name}", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match query criteria, which includes all the filter string fields", - "name": "q", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return IDs", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of IDs to return", - "name": "limit", - "in": "query" - }]], - ["query_rule_types", "GET", "/ioarules/queries/rule-types/v1", "Get all rule type IDs.", "custom_ioa", [{ - "type": "string", - "description": "Starting index of overall result set from which to return IDs", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of IDs to return", - "name": "limit", - "in": "query" - }]], - ["query_rulesMixin0", "GET", "/ioarules/queries/rules/v1", "Finds all rule IDs matching the query with optional filter.", "custom_ioa", [{ - "enum": ["rules.created_by", "rules.created_on", "rules.current_version.action_label", "rules.current_version.description", "rules.current_version.modified_by", "rules.current_version.modified_on", "rules.current_version.name", "rules.current_version.pattern_severity", "rules.enabled", "rules.ruletype_name"], - "type": "string", - "description": "Possible order by fields: {rules.ruletype_name, rules.enabled, rules.created_by, rules.current_version.name, rules.current_version.modified_by, rules.created_on, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on}", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match query criteria, which includes all the filter string fields", - "name": "q", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return IDs", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of IDs to return", - "name": "limit", - "in": "query" - }]] -]; \ No newline at end of file + [ + "get_patterns", + "GET", + "/ioarules/entities/pattern-severities/v1", + "Get pattern severities by ID.", + "custom_ioa", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the entities", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "get_platformsMixin0", + "GET", + "/ioarules/entities/platforms/v1", + "Get platforms by ID.", + "custom_ioa", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the entities", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "get_rule_groupsMixin0", + "GET", + "/ioarules/entities/rule-groups/v1", + "Get rule groups by ID.", + "custom_ioa", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the entities", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "create_rule_groupMixin0", + "POST", + "/ioarules/entities/rule-groups/v1", + "Create a rule group for a platform with a name and an optional description. Returns the rule group.", + "custom_ioa", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "update_rule_groupMixin0", + "PATCH", + "/ioarules/entities/rule-groups/v1", + "Update a rule group. The following properties can be modified: name, description, enabled.", + "custom_ioa", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "delete_rule_groupsMixin0", + "DELETE", + "/ioarules/entities/rule-groups/v1", + "Delete rule groups by ID.", + "custom_ioa", + [ + { + type: "string", + description: "Explains why the entity is being deleted", + name: "comment", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the entities", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "get_rule_types", + "GET", + "/ioarules/entities/rule-types/v1", + "Get rule types by ID.", + "custom_ioa", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the entities", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "get_rules_get", + "POST", + "/ioarules/entities/rules/GET/v1", + "Get rules by ID and optionally version in the following format: `ID[:version]`.", + "custom_ioa", + [ + { + description: 'The "ids" field contains a list of the rules to retrieve.', + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "get_rulesMixin0", + "GET", + "/ioarules/entities/rules/v1", + "Get rules by ID and optionally version in the following format: `ID[:version]`. The max number of IDs is constrained by URL size.", + "custom_ioa", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the entities", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "create_rule", + "POST", + "/ioarules/entities/rules/v1", + "Create a rule within a rule group. Returns the rule.", + "custom_ioa", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "update_rules", + "PATCH", + "/ioarules/entities/rules/v1", + "Update rules within a rule group. Return the updated rules.", + "custom_ioa", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "delete_rules", + "DELETE", + "/ioarules/entities/rules/v1", + "Delete rules from a rule group by ID.", + "custom_ioa", + [ + { + type: "string", + description: "The parent rule group", + name: "rule_group_id", + in: "query", + required: 1, + }, + { + type: "string", + description: "Explains why the entity is being deleted", + name: "comment", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the entities", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "validate", + "POST", + "/ioarules/entities/rules/validate/v1", + "Validates field values and checks for matches if a test string is provided.", + "custom_ioa", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "query_patterns", + "GET", + "/ioarules/queries/pattern-severities/v1", + "Get all pattern severity IDs.", + "custom_ioa", + [ + { + type: "string", + description: "Starting index of overall result set from which to return IDs", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of IDs to return", + name: "limit", + in: "query", + }, + ], + ], + [ + "query_platformsMixin0", + "GET", + "/ioarules/queries/platforms/v1", + "Get all platform IDs.", + "custom_ioa", + [ + { + type: "string", + description: "Starting index of overall result set from which to return IDs", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of IDs to return", + name: "limit", + in: "query", + }, + ], + ], + [ + "query_rule_groups_full", + "GET", + "/ioarules/queries/rule-groups-full/v1", + "Find all rule groups matching the query with optional filter.", + "custom_ioa", + [ + { + enum: ["created_by", "created_on", "enabled", "modified_by", "modified_on", "name"], + type: "string", + description: "Possible order by fields: {created_by, created_on, modified_by, modified_on, enabled, name}", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Match query criteria, which includes all the filter string fields", + name: "q", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return IDs", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of IDs to return", + name: "limit", + in: "query", + }, + ], + ], + [ + "query_rule_groupsMixin0", + "GET", + "/ioarules/queries/rule-groups/v1", + "Finds all rule group IDs matching the query with optional filter.", + "custom_ioa", + [ + { + enum: ["created_by", "created_on", "enabled", "modified_by", "modified_on", "name"], + type: "string", + description: "Possible order by fields: {created_by, created_on, modified_by, modified_on, enabled, name}", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Match query criteria, which includes all the filter string fields", + name: "q", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return IDs", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of IDs to return", + name: "limit", + in: "query", + }, + ], + ], + [ + "query_rule_types", + "GET", + "/ioarules/queries/rule-types/v1", + "Get all rule type IDs.", + "custom_ioa", + [ + { + type: "string", + description: "Starting index of overall result set from which to return IDs", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of IDs to return", + name: "limit", + in: "query", + }, + ], + ], + [ + "query_rulesMixin0", + "GET", + "/ioarules/queries/rules/v1", + "Finds all rule IDs matching the query with optional filter.", + "custom_ioa", + [ + { + enum: [ + "rules.created_by", + "rules.created_on", + "rules.current_version.action_label", + "rules.current_version.description", + "rules.current_version.modified_by", + "rules.current_version.modified_on", + "rules.current_version.name", + "rules.current_version.pattern_severity", + "rules.enabled", + "rules.ruletype_name", + ], + type: "string", + description: + "Possible order by fields: {rules.ruletype_name, rules.enabled, rules.created_by, rules.current_version.name, rules.current_version.modified_by, rules.created_on, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on}", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Match query criteria, which includes all the filter string fields", + name: "q", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return IDs", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of IDs to return", + name: "limit", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/custom_storage.ts b/src/_endpoints/custom_storage.ts index b1e4da64..5c1dc442 100644 --- a/src/_endpoints/custom_storage.ts +++ b/src/_endpoints/custom_storage.ts @@ -3,252 +3,333 @@ * consumed and interpreted by Falcon.command(...) */ export const _custom_storage_endpoints: Array = [ - ["ListObjects", "GET", "/customobjects/v1/collections/{collection_name}/objects", "List the object keys in the specified collection in alphabetical order", "custom_storage", [{ - "maxLength": 32, - "minLength": 32, - "type": "string", - "description": "The id of the app the collection belongs to. This will map to the namespace of the collection", - "name": "X-CS-APP-ID", - "in": "header" - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The name of the collection", - "name": "collection_name", - "in": "path", - "required": 1 - }, { - "maxLength": 1000, - "minLength": 1, - "type": "string", - "description": "The end key to end listing to", - "name": "end", - "in": "query", - "allowEmptyValue": 1 - }, { - "type": "integer", - "description": "The limit of results to return", - "name": "limit", - "in": "query", - "allowEmptyValue": 1 - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The name of the namespace the collection belongs to", - "name": "X-CS-ADB-NAMESPACE", - "in": "header", - "required": 1 - }, { - "maxLength": 1000, - "minLength": 1, - "type": "string", - "description": "The start key to start listing from", - "name": "start", - "in": "query", - "allowEmptyValue": 1 - }]], - ["SearchObjects", "POST", "/customobjects/v1/collections/{collection_name}/objects", "Search for objects that match the specified filter criteria (returns metadata, not actual objects)", "custom_storage", [{ - "maxLength": 32, - "minLength": 32, - "type": "string", - "description": "The id of the app the collection belongs to. This will map to the namespace of the collection", - "name": "X-CS-APP-ID", - "in": "header" - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The name of the collection", - "name": "collection_name", - "in": "path", - "required": 1 - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The filter to limit the returned results.", - "name": "filter", - "in": "query", - "required": 1 - }, { - "type": "integer", - "description": "The limit of results to return", - "name": "limit", - "in": "query", - "allowEmptyValue": 1 - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The name of the namespace the collection belongs to", - "name": "X-CS-ADB-NAMESPACE", - "in": "header", - "required": 1 - }, { - "type": "integer", - "description": "The offset of results to return", - "name": "offset", - "in": "query", - "allowEmptyValue": 1 - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The sort order for the returned results.", - "name": "sort", - "in": "query" - }]], - ["GetObject", "GET", "/customobjects/v1/collections/{collection_name}/objects/{object_key}", "Get the bytes for the specified object", "custom_storage", [{ - "maxLength": 32, - "minLength": 32, - "type": "string", - "description": "The id of the app the collection belongs to. This will map to the namespace of the collection", - "name": "X-CS-APP-ID", - "in": "header" - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The name of the collection", - "name": "collection_name", - "in": "path", - "required": 1 - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The name of the namespace the collection belongs to", - "name": "X-CS-ADB-NAMESPACE", - "in": "header", - "required": 1 - }, { - "maxLength": 1000, - "minLength": 1, - "type": "string", - "description": "The object key", - "name": "object_key", - "in": "path", - "required": 1 - }]], - ["PutObject", "PUT", "/customobjects/v1/collections/{collection_name}/objects/{object_key}", "Put the specified new object at the given key or overwrite an existing object at the given key", "custom_storage", [{ - "name": "body", - "in": "body", - "required": 1 - }, { - "maxLength": 32, - "minLength": 32, - "type": "string", - "description": "The id of the app the collection belongs to. This will map to the namespace of the collection", - "name": "X-CS-APP-ID", - "in": "header" - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The name of the collection", - "name": "collection_name", - "in": "path", - "required": 1 - }, { - "type": "boolean", - "description": "If false, run the operation as normal. If true, validate that the request *would* succeed, but don't execute it.", - "name": "dry_run", - "in": "query", - "allowEmptyValue": 1 - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The name of the namespace the collection belongs to", - "name": "X-CS-ADB-NAMESPACE", - "in": "header", - "required": 1 - }, { - "maxLength": 1000, - "minLength": 1, - "type": "string", - "description": "The object key", - "name": "object_key", - "in": "path", - "required": 1 - }, { - "minLength": 1, - "type": "string", - "description": "The version of the collection schema", - "name": "schema_version", - "in": "query", - "required": 1 - }]], - ["DeleteObject", "DELETE", "/customobjects/v1/collections/{collection_name}/objects/{object_key}", "Delete the specified object", "custom_storage", [{ - "maxLength": 32, - "minLength": 32, - "type": "string", - "description": "The id of the app the collection belongs to. This will map to the namespace of the collection", - "name": "X-CS-APP-ID", - "in": "header" - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The name of the collection", - "name": "collection_name", - "in": "path", - "required": 1 - }, { - "type": "boolean", - "description": "If false, run the operation as normal. If true, validate that the request *would* succeed, but don't execute it.", - "name": "dry_run", - "in": "query", - "allowEmptyValue": 1 - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The name of the namespace the collection belongs to", - "name": "X-CS-ADB-NAMESPACE", - "in": "header", - "required": 1 - }, { - "maxLength": 1000, - "minLength": 1, - "type": "string", - "description": "The object key", - "name": "object_key", - "in": "path", - "required": 1 - }]], - ["GetObjectMetadata", "GET", "/customobjects/v1/collections/{collection_name}/objects/{object_key}/metadata", "Get the metadata for the specified object", "custom_storage", [{ - "maxLength": 32, - "minLength": 32, - "type": "string", - "description": "The id of the app the collection belongs to. This will map to the namespace of the collection", - "name": "X-CS-APP-ID", - "in": "header" - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The name of the collection", - "name": "collection_name", - "in": "path", - "required": 1 - }, { - "maxLength": 255, - "minLength": 1, - "type": "string", - "description": "The name of the namespace the collection belongs to", - "name": "X-CS-ADB-NAMESPACE", - "in": "header", - "required": 1 - }, { - "maxLength": 1000, - "minLength": 1, - "type": "string", - "description": "The object key", - "name": "object_key", - "in": "path", - "required": 1 - }]] -]; \ No newline at end of file + [ + "ListObjects", + "GET", + "/customobjects/v1/collections/{collection_name}/objects", + "List the object keys in the specified collection in alphabetical order", + "custom_storage", + [ + { + maxLength: 32, + minLength: 32, + type: "string", + description: "The id of the app the collection belongs to. This will map to the namespace of the collection", + name: "X-CS-APP-ID", + in: "header", + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The name of the collection", + name: "collection_name", + in: "path", + required: 1, + }, + { + maxLength: 1000, + minLength: 1, + type: "string", + description: "The end key to end listing to", + name: "end", + in: "query", + allowEmptyValue: 1, + }, + { + type: "integer", + description: "The limit of results to return", + name: "limit", + in: "query", + allowEmptyValue: 1, + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The name of the namespace the collection belongs to", + name: "X-CS-ADB-NAMESPACE", + in: "header", + required: 1, + }, + { + maxLength: 1000, + minLength: 1, + type: "string", + description: "The start key to start listing from", + name: "start", + in: "query", + allowEmptyValue: 1, + }, + ], + ], + [ + "SearchObjects", + "POST", + "/customobjects/v1/collections/{collection_name}/objects", + "Search for objects that match the specified filter criteria (returns metadata, not actual objects)", + "custom_storage", + [ + { + maxLength: 32, + minLength: 32, + type: "string", + description: "The id of the app the collection belongs to. This will map to the namespace of the collection", + name: "X-CS-APP-ID", + in: "header", + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The name of the collection", + name: "collection_name", + in: "path", + required: 1, + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The filter to limit the returned results.", + name: "filter", + in: "query", + required: 1, + }, + { + type: "integer", + description: "The limit of results to return", + name: "limit", + in: "query", + allowEmptyValue: 1, + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The name of the namespace the collection belongs to", + name: "X-CS-ADB-NAMESPACE", + in: "header", + required: 1, + }, + { + type: "integer", + description: "The offset of results to return", + name: "offset", + in: "query", + allowEmptyValue: 1, + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The sort order for the returned results.", + name: "sort", + in: "query", + }, + ], + ], + [ + "GetObject", + "GET", + "/customobjects/v1/collections/{collection_name}/objects/{object_key}", + "Get the bytes for the specified object", + "custom_storage", + [ + { + maxLength: 32, + minLength: 32, + type: "string", + description: "The id of the app the collection belongs to. This will map to the namespace of the collection", + name: "X-CS-APP-ID", + in: "header", + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The name of the collection", + name: "collection_name", + in: "path", + required: 1, + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The name of the namespace the collection belongs to", + name: "X-CS-ADB-NAMESPACE", + in: "header", + required: 1, + }, + { + maxLength: 1000, + minLength: 1, + type: "string", + description: "The object key", + name: "object_key", + in: "path", + required: 1, + }, + ], + ], + [ + "PutObject", + "PUT", + "/customobjects/v1/collections/{collection_name}/objects/{object_key}", + "Put the specified new object at the given key or overwrite an existing object at the given key", + "custom_storage", + [ + { + name: "body", + in: "body", + required: 1, + }, + { + maxLength: 32, + minLength: 32, + type: "string", + description: "The id of the app the collection belongs to. This will map to the namespace of the collection", + name: "X-CS-APP-ID", + in: "header", + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The name of the collection", + name: "collection_name", + in: "path", + required: 1, + }, + { + type: "boolean", + description: "If false, run the operation as normal. If true, validate that the request *would* succeed, but don't execute it.", + name: "dry_run", + in: "query", + allowEmptyValue: 1, + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The name of the namespace the collection belongs to", + name: "X-CS-ADB-NAMESPACE", + in: "header", + required: 1, + }, + { + maxLength: 1000, + minLength: 1, + type: "string", + description: "The object key", + name: "object_key", + in: "path", + required: 1, + }, + { + minLength: 1, + type: "string", + description: "The version of the collection schema", + name: "schema_version", + in: "query", + required: 1, + }, + ], + ], + [ + "DeleteObject", + "DELETE", + "/customobjects/v1/collections/{collection_name}/objects/{object_key}", + "Delete the specified object", + "custom_storage", + [ + { + maxLength: 32, + minLength: 32, + type: "string", + description: "The id of the app the collection belongs to. This will map to the namespace of the collection", + name: "X-CS-APP-ID", + in: "header", + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The name of the collection", + name: "collection_name", + in: "path", + required: 1, + }, + { + type: "boolean", + description: "If false, run the operation as normal. If true, validate that the request *would* succeed, but don't execute it.", + name: "dry_run", + in: "query", + allowEmptyValue: 1, + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The name of the namespace the collection belongs to", + name: "X-CS-ADB-NAMESPACE", + in: "header", + required: 1, + }, + { + maxLength: 1000, + minLength: 1, + type: "string", + description: "The object key", + name: "object_key", + in: "path", + required: 1, + }, + ], + ], + [ + "GetObjectMetadata", + "GET", + "/customobjects/v1/collections/{collection_name}/objects/{object_key}/metadata", + "Get the metadata for the specified object", + "custom_storage", + [ + { + maxLength: 32, + minLength: 32, + type: "string", + description: "The id of the app the collection belongs to. This will map to the namespace of the collection", + name: "X-CS-APP-ID", + in: "header", + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The name of the collection", + name: "collection_name", + in: "path", + required: 1, + }, + { + maxLength: 255, + minLength: 1, + type: "string", + description: "The name of the namespace the collection belongs to", + name: "X-CS-ADB-NAMESPACE", + in: "header", + required: 1, + }, + { + maxLength: 1000, + minLength: 1, + type: "string", + description: "The object key", + name: "object_key", + in: "path", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/d4c_registration.ts b/src/_endpoints/d4c_registration.ts index 0e229477..2f7bdec0 100644 --- a/src/_endpoints/d4c_registration.ts +++ b/src/_endpoints/d4c_registration.ts @@ -3,316 +3,483 @@ * consumed and interpreted by Falcon.command(...) */ export const _d4c_registration_endpoints: Array = [ - ["GetD4CAwsAccount", "GET", "/cloud-connect-aws/entities/account/v2", "Returns information about the current status of an AWS account.", "d4c_registration", [{ - "maxLength": 4, - "minLength": 3, - "pattern": "^(full|dry)$", - "type": "string", - "description": "Type of scan, dry or full, to perform on selected accounts", - "name": "scan-type", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "AWS account IDs", - "name": "ids", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "AWS organization IDs", - "name": "organization-ids", - "in": "query" - }, { - "pattern": "^(provisioned|operational)$", - "type": "string", - "description": "Account status to filter results by.", - "name": "status", - "in": "query" - }, { - "maxLength": 3, - "minLength": 1, - "type": "integer", - "default": 100, - "description": "The maximum records to return. Defaults to 100.", - "name": "limit", - "in": "query" - }, { - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "pattern": "^(true|false)$", - "enum": ["false", "true"], - "type": "string", - "description": "Only return migrated d4c accounts", - "name": "migrated", - "in": "query" - }]], - ["CreateD4CAwsAccount", "POST", "/cloud-connect-aws/entities/account/v2", "Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.", "d4c_registration", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["DeleteD4CAwsAccount", "DELETE", "/cloud-connect-aws/entities/account/v2", "Deletes an existing AWS account or organization in our system.", "d4c_registration", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "AWS account IDs to remove", - "name": "ids", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "AWS organization IDs to remove", - "name": "organization-ids", - "in": "query" - }]], - ["GetD4CAwsConsoleSetupURLs", "GET", "/cloud-connect-aws/entities/console-setup-urls/v1", "Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.", "d4c_registration", [{ - "pattern": "^[0-9a-z-]{2,}$", - "type": "string", - "description": "Region", - "name": "region", - "in": "query" - }]], - ["GetD4CAWSAccountScriptsAttachment", "GET", "/cloud-connect-aws/entities/user-scripts-download/v1", "Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.", "d4c_registration", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "AWS account IDs", - "name": "ids", - "in": "query" - }]], - ["GetDiscoverCloudAzureAccount", "GET", "/cloud-connect-azure/entities/account/v1", "Return information about Azure account registration", "d4c_registration", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "SubscriptionIDs of accounts to select for this status operation. If this is empty then all accounts are returned.", - "name": "ids", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Tenant ids to filter azure accounts", - "name": "tenant_ids", - "in": "query" - }, { - "maxLength": 4, - "minLength": 3, - "pattern": "^(full|dry)$", - "type": "string", - "description": "Type of scan, dry or full, to perform on selected accounts", - "name": "scan-type", - "in": "query" - }, { - "pattern": "^(provisioned|operational)$", - "type": "string", - "description": "Account status to filter results by.", - "name": "status", - "in": "query" - }, { - "maxLength": 3, - "minLength": 1, - "type": "integer", - "default": 100, - "description": "The maximum records to return. Defaults to 100.", - "name": "limit", - "in": "query" - }, { - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }]], - ["CreateDiscoverCloudAzureAccount", "POST", "/cloud-connect-azure/entities/account/v1", "Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.", "d4c_registration", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["UpdateDiscoverCloudAzureAccountClientID", "PATCH", "/cloud-connect-azure/entities/client-id/v1", "Update an Azure service account in our system by with the user-created client_id created with the public key we've provided", "d4c_registration", [{ - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-z-]{36}$", - "type": "string", - "description": "ClientID to use for the Service Principal associated with the customer's Azure account", - "name": "id", - "in": "query", - "required": 1 - }, { - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-z-]{36}$", - "type": "string", - "description": "Object ID to use for the Service Principal associated with the customer's Azure account", - "name": "object_id", - "in": "query" - }, { - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-z-]{36}$", - "type": "string", - "description": "Tenant ID to update client ID for. Required if multiple tenants are registered.", - "name": "tenant-id", - "in": "query" - }]], - ["DiscoverCloudAzureDownloadCertificate", "GET", "/cloud-connect-azure/entities/download-certificate/v1", "Returns JSON object(s) that contain the base64 encoded certificate for a service principal.", "d4c_registration", [{ - "type": "array", - "items": { - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9a-z-]{36}$", - "type": "string" - }, - "collectionFormat": "multi", - "description": "Azure Tenant ID", - "name": "tenant_id", - "in": "query", - "required": 1 - }, { - "type": "boolean", - "default": 0, - "description": "Setting to true will invalidate the current certificate and generate a new certificate", - "name": "refresh", - "in": "query" - }, { - "maxLength": 2, - "minLength": 1, - "pattern": "^[0-9]{1,2}$", - "type": "string", - "description": "Years the certificate should be valid (only used when refresh=true)", - "name": "years_valid", - "in": "query" - }]], + [ + "GetD4CAwsAccount", + "GET", + "/cloud-connect-aws/entities/account/v2", + "Returns information about the current status of an AWS account.", + "d4c_registration", + [ + { + maxLength: 4, + minLength: 3, + pattern: "^(full|dry)$", + type: "string", + description: "Type of scan, dry or full, to perform on selected accounts", + name: "scan-type", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "AWS account IDs", + name: "ids", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "AWS organization IDs", + name: "organization-ids", + in: "query", + }, + { + pattern: "^(provisioned|operational)$", + type: "string", + description: "Account status to filter results by.", + name: "status", + in: "query", + }, + { + maxLength: 3, + minLength: 1, + type: "integer", + default: 100, + description: "The maximum records to return. Defaults to 100.", + name: "limit", + in: "query", + }, + { + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + pattern: "^(true|false)$", + enum: ["false", "true"], + type: "string", + description: "Only return migrated d4c accounts", + name: "migrated", + in: "query", + }, + ], + ], + [ + "CreateD4CAwsAccount", + "POST", + "/cloud-connect-aws/entities/account/v2", + "Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.", + "d4c_registration", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "DeleteD4CAwsAccount", + "DELETE", + "/cloud-connect-aws/entities/account/v2", + "Deletes an existing AWS account or organization in our system.", + "d4c_registration", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "AWS account IDs to remove", + name: "ids", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "AWS organization IDs to remove", + name: "organization-ids", + in: "query", + }, + ], + ], + [ + "GetD4CAwsConsoleSetupURLs", + "GET", + "/cloud-connect-aws/entities/console-setup-urls/v1", + "Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.", + "d4c_registration", + [ + { + pattern: "^[0-9a-z-]{2,}$", + type: "string", + description: "Region", + name: "region", + in: "query", + }, + ], + ], + [ + "GetD4CAWSAccountScriptsAttachment", + "GET", + "/cloud-connect-aws/entities/user-scripts-download/v1", + "Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.", + "d4c_registration", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "AWS account IDs", + name: "ids", + in: "query", + }, + ], + ], + [ + "GetDiscoverCloudAzureAccount", + "GET", + "/cloud-connect-azure/entities/account/v1", + "Return information about Azure account registration", + "d4c_registration", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "SubscriptionIDs of accounts to select for this status operation. If this is empty then all accounts are returned.", + name: "ids", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Tenant ids to filter azure accounts", + name: "tenant_ids", + in: "query", + }, + { + maxLength: 4, + minLength: 3, + pattern: "^(full|dry)$", + type: "string", + description: "Type of scan, dry or full, to perform on selected accounts", + name: "scan-type", + in: "query", + }, + { + pattern: "^(provisioned|operational)$", + type: "string", + description: "Account status to filter results by.", + name: "status", + in: "query", + }, + { + maxLength: 3, + minLength: 1, + type: "integer", + default: 100, + description: "The maximum records to return. Defaults to 100.", + name: "limit", + in: "query", + }, + { + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + ], + ], + [ + "CreateDiscoverCloudAzureAccount", + "POST", + "/cloud-connect-azure/entities/account/v1", + "Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.", + "d4c_registration", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "UpdateDiscoverCloudAzureAccountClientID", + "PATCH", + "/cloud-connect-azure/entities/client-id/v1", + "Update an Azure service account in our system by with the user-created client_id created with the public key we've provided", + "d4c_registration", + [ + { + maxLength: 36, + minLength: 36, + pattern: "^[0-9a-z-]{36}$", + type: "string", + description: "ClientID to use for the Service Principal associated with the customer's Azure account", + name: "id", + in: "query", + required: 1, + }, + { + maxLength: 36, + minLength: 36, + pattern: "^[0-9a-z-]{36}$", + type: "string", + description: "Object ID to use for the Service Principal associated with the customer's Azure account", + name: "object_id", + in: "query", + }, + { + maxLength: 36, + minLength: 36, + pattern: "^[0-9a-z-]{36}$", + type: "string", + description: "Tenant ID to update client ID for. Required if multiple tenants are registered.", + name: "tenant-id", + in: "query", + }, + ], + ], + [ + "DiscoverCloudAzureDownloadCertificate", + "GET", + "/cloud-connect-azure/entities/download-certificate/v1", + "Returns JSON object(s) that contain the base64 encoded certificate for a service principal.", + "d4c_registration", + [ + { + type: "array", + items: { + maxLength: 36, + minLength: 36, + pattern: "^[0-9a-z-]{36}$", + type: "string", + }, + collectionFormat: "multi", + description: "Azure Tenant ID", + name: "tenant_id", + in: "query", + required: 1, + }, + { + type: "boolean", + default: 0, + description: "Setting to true will invalidate the current certificate and generate a new certificate", + name: "refresh", + in: "query", + }, + { + maxLength: 2, + minLength: 1, + pattern: "^[0-9]{1,2}$", + type: "string", + description: "Years the certificate should be valid (only used when refresh=true)", + name: "years_valid", + in: "query", + }, + ], + ], ["GetDiscoverCloudAzureTenantIDs", "GET", "/cloud-connect-azure/entities/tenant-id/v1", "Return available tenant ids for discover for cloud", "d4c_registration", []], - ["GetDiscoverCloudAzureUserScriptsAttachment", "GET", "/cloud-connect-azure/entities/user-scripts-download/v1", "Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment", "d4c_registration", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Azure Tenant ID", - "name": "tenant-id", - "in": "query", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Azure Subscription ID", - "name": "subscription_ids", - "in": "query" - }, { - "type": "string", - "description": "Template to be rendered", - "name": "template", - "in": "query" - }]], - ["GetDiscoverCloudAzureUserScripts", "GET", "/cloud-connect-azure/entities/user-scripts/v1", "Return a script for customer to run in their cloud environment to grant us access to their Azure environment", "d4c_registration", []], - ["GetD4CCGPAccount", "GET", "/cloud-connect-gcp/entities/account/v1", "Returns information about the current status of an GCP account.", "d4c_registration", [{ - "enum": ["Folder", "Organization", "Project"], - "type": "string", - "description": "GCP Hierarchy Parent Type, organization/folder/project", - "name": "parent_type", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Hierarchical Resource IDs of accounts", - "name": "ids", - "in": "query" - }, { - "enum": ["dry", "full"], - "type": "string", - "description": "Type of scan, dry or full, to perform on selected accounts", - "name": "scan-type", - "in": "query" - }, { - "enum": ["operational", "provisioned"], - "type": "string", - "description": "Account status to filter results by.", - "name": "status", - "in": "query" - }, { - "maxLength": 3, - "minLength": 1, - "type": "integer", - "default": 100, - "description": "The maximum records to return. Defaults to 100.", - "name": "limit", - "in": "query" - }, { - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "type": "string", - "description": "Order fields in ascending or descending order. Ex: parent_type|asc.", - "name": "sort", - "in": "query" - }]], - ["CreateD4CGCPAccount", "POST", "/cloud-connect-gcp/entities/account/v1", "Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.", "d4c_registration", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetCSPMGCPUserScriptsAttachment", "GET", "/cloud-connect-gcp/entities/user-scripts-download/v1", "Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment", "d4c_registration", []], - ["GetD4CGCPUserScripts", "GET", "/cloud-connect-gcp/entities/user-scripts/v1", "Return a script for customer to run in their cloud environment to grant us access to their GCP environment", "d4c_registration", [{ - "enum": ["Folder", "Organization", "Project"], - "type": "string", - "description": "GCP Hierarchy Parent Type, organization/folder/project", - "name": "parent_type", - "in": "query" - }]], - ["GetHorizonD4CScripts", "GET", "/settings-discover/entities/gen/scripts/v1", "Returns static install scripts for Horizon.", "d4c_registration", [{ - "pattern": "^(true|false)$", - "enum": ["false", "true"], - "type": "string", - "description": "Get static script for single account", - "name": "single_account", - "in": "query" - }, { - "pattern": "^o-[0-9a-z]{10,32}$", - "type": "string", - "description": "AWS organization ID", - "name": "organization-id", - "in": "query" - }, { - "pattern": "^(true|false)$", - "enum": ["false", "true"], - "type": "string", - "name": "delete", - "in": "query" - }, { - "pattern": "^(commercial|gov)$", - "enum": ["commercial", "gov"], - "type": "string", - "description": "Account type (e.g.: commercial,gov) Only applicable when registering AWS commercial account in a Gov environment", - "name": "account_type", - "in": "query" - }]] -]; \ No newline at end of file + [ + "GetDiscoverCloudAzureUserScriptsAttachment", + "GET", + "/cloud-connect-azure/entities/user-scripts-download/v1", + "Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment", + "d4c_registration", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Azure Tenant ID", + name: "tenant-id", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Azure Subscription ID", + name: "subscription_ids", + in: "query", + }, + { + type: "string", + description: "Template to be rendered", + name: "template", + in: "query", + }, + ], + ], + [ + "GetDiscoverCloudAzureUserScripts", + "GET", + "/cloud-connect-azure/entities/user-scripts/v1", + "Return a script for customer to run in their cloud environment to grant us access to their Azure environment", + "d4c_registration", + [], + ], + [ + "GetD4CCGPAccount", + "GET", + "/cloud-connect-gcp/entities/account/v1", + "Returns information about the current status of an GCP account.", + "d4c_registration", + [ + { + enum: ["Folder", "Organization", "Project"], + type: "string", + description: "GCP Hierarchy Parent Type, organization/folder/project", + name: "parent_type", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Hierarchical Resource IDs of accounts", + name: "ids", + in: "query", + }, + { + enum: ["dry", "full"], + type: "string", + description: "Type of scan, dry or full, to perform on selected accounts", + name: "scan-type", + in: "query", + }, + { + enum: ["operational", "provisioned"], + type: "string", + description: "Account status to filter results by.", + name: "status", + in: "query", + }, + { + maxLength: 3, + minLength: 1, + type: "integer", + default: 100, + description: "The maximum records to return. Defaults to 100.", + name: "limit", + in: "query", + }, + { + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + type: "string", + description: "Order fields in ascending or descending order. Ex: parent_type|asc.", + name: "sort", + in: "query", + }, + ], + ], + [ + "CreateD4CGCPAccount", + "POST", + "/cloud-connect-gcp/entities/account/v1", + "Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.", + "d4c_registration", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetCSPMGCPUserScriptsAttachment", + "GET", + "/cloud-connect-gcp/entities/user-scripts-download/v1", + "Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment", + "d4c_registration", + [], + ], + [ + "GetD4CGCPUserScripts", + "GET", + "/cloud-connect-gcp/entities/user-scripts/v1", + "Return a script for customer to run in their cloud environment to grant us access to their GCP environment", + "d4c_registration", + [ + { + enum: ["Folder", "Organization", "Project"], + type: "string", + description: "GCP Hierarchy Parent Type, organization/folder/project", + name: "parent_type", + in: "query", + }, + ], + ], + [ + "GetHorizonD4CScripts", + "GET", + "/settings-discover/entities/gen/scripts/v1", + "Returns static install scripts for Horizon.", + "d4c_registration", + [ + { + pattern: "^(true|false)$", + enum: ["false", "true"], + type: "string", + description: "Get static script for single account", + name: "single_account", + in: "query", + }, + { + pattern: "^o-[0-9a-z]{10,32}$", + type: "string", + description: "AWS organization ID", + name: "organization-id", + in: "query", + }, + { + pattern: "^(true|false)$", + enum: ["false", "true"], + type: "string", + name: "delete", + in: "query", + }, + { + pattern: "^(commercial|gov)$", + enum: ["commercial", "gov"], + type: "string", + description: "Account type (e.g.: commercial,gov) Only applicable when registering AWS commercial account in a Gov environment", + name: "account_type", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/detects.ts b/src/_endpoints/detects.ts index 90e7ae60..0b372198 100644 --- a/src/_endpoints/detects.ts +++ b/src/_endpoints/detects.ts @@ -1,118 +1,120 @@ /** - * contains all method definitions for API: detects - * consumed and interpreted by Falcon.command(...) + * contains all method definitions for API: detects + * consumed and interpreted by Falcon.command(...) */ export const _detects_endpoints: Array = [ - [ - "GetAggregateDetects", - "POST", - "/detects/aggregates/detects/GET/v1", - "Get detect aggregates as specified via json in request body.", - "detects", [ - { - "description": "Query criteria and settings", - "name": "body", - "in": "body", - "required": 1 - } - ] - ], - [ - "UpdateDetectsByIdsV2", - "PATCH", - "/detects/entities/detects/v2", - "Modify the state, assignee, and visibility of detections", - "detects", + "GetAggregateDetects", + "POST", + "/detects/aggregates/detects/GET/v1", + "Get detect aggregates as specified via json in request body.", + "detects", + [ + { + description: "Query criteria and settings", + name: "body", + in: "body", + required: 1, + }, + ], + ], [ - { - "description": "This endpoint modifies attributes (state and assignee) of detections. \n\n" + - "This endpoint accepts a query formatted as a JSON array of key-value pairs. " + - "You can update one or more attributes one or more detections with a single request.\n\n" + - "**`assigned_to_uuid` values**\n\nA user ID, such as `1234567891234567891`\n\n**`ids` values**\n\n" + - "One or more detection IDs, which you can find with the `/detects/queries/detects/v1` endpoint, " + - "the Falcon console, or the Streaming API.\n\n**`show_in_ui` values**\n\n- `true`: " + - "This detection is displayed in Falcon\n- `false`: This detection is not displayed in Falcon. " + - "Most commonly used together with the `status` key's `false_positive` value.\n\n**`status` " + - "values**\n\n- `new`\n- `in_progress`\n- `true_positive`\n- `false_positive`\n- `ignored`\n\n**`comment` " + - "values**\nOptional comment to add to the detection. Comments are displayed with the detection in " + - "Falcon and usually used to provide context or notes for other Falcon users. " + - "A detection can have multiple comments over time.", - "name": "body", - "in": "body", - "required": 1 - } - ] - ], - [ - "GetDetectSummaries", - "POST", - "/detects/entities/summaries/GET/v1", - "View information about detections", - "detects", + "UpdateDetectsByIdsV2", + "PATCH", + "/detects/entities/detects/v2", + "Modify the state, assignee, and visibility of detections", + "detects", + [ + { + description: + "This endpoint modifies attributes (state and assignee) of detections. \n\n" + + "This endpoint accepts a query formatted as a JSON array of key-value pairs. " + + "You can update one or more attributes one or more detections with a single request.\n\n" + + "**`assigned_to_uuid` values**\n\nA user ID, such as `1234567891234567891`\n\n**`ids` values**\n\n" + + "One or more detection IDs, which you can find with the `/detects/queries/detects/v1` endpoint, " + + "the Falcon console, or the Streaming API.\n\n**`show_in_ui` values**\n\n- `true`: " + + "This detection is displayed in Falcon\n- `false`: This detection is not displayed in Falcon. " + + "Most commonly used together with the `status` key's `false_positive` value.\n\n**`status` " + + "values**\n\n- `new`\n- `in_progress`\n- `true_positive`\n- `false_positive`\n- `ignored`\n\n**`comment` " + + "values**\nOptional comment to add to the detection. Comments are displayed with the detection in " + + "Falcon and usually used to provide context or notes for other Falcon users. " + + "A detection can have multiple comments over time.", + name: "body", + in: "body", + required: 1, + }, + ], + ], [ - { - "description": "View key attributes of detections, including the associated host, " + - "[disposition](https://falcon.crowdstrike.com/support/documentation/2/query-api-reference#patterndispositionvalue), " + - "objective/tactic/technique, adversary, and more. Specify one or more detection IDs (max 1000 per request). " + - "Find detection IDs with the `/detects/queries/detects/v1` endpoint, the Falcon console, or the Streaming API.", - "name": "body", - "in": "body", - "required": 1 - } - ] - ], - [ - "QueryDetects", - "GET", - "/detects/queries/detects/v1", - "Search for detection IDs that match a given query", - "detects", + "GetDetectSummaries", + "POST", + "/detects/entities/summaries/GET/v1", + "View information about detections", + "detects", + [ + { + description: + "View key attributes of detections, including the associated host, " + + "[disposition](https://falcon.crowdstrike.com/support/documentation/2/query-api-reference#patterndispositionvalue), " + + "objective/tactic/technique, adversary, and more. Specify one or more detection IDs (max 1000 per request). " + + "Find detection IDs with the `/detects/queries/detects/v1` endpoint, the Falcon console, or the Streaming API.", + name: "body", + in: "body", + required: 1, + }, + ], + ], [ - { - "type": "integer", - "description": "The first detection to return, where `0` is the latest detection. Use with the `limit` " + - "parameter to manage pagination of results.", - "name": "offset", - "in": "query" - }, - { - "maximum": 9999, - "minimum": 0, - "type": "integer", - "description": "The maximum number of detections to return in this response (default: 9999; max: 9999). " + - "Use with the `offset` parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, - { - "type": "string", - "description": "Sort detections using these options:\n\n- `first_behavior`: Timestamp of the first " + - "behavior associated with this detection\n- `last_behavior`: Timestamp of the last behavior associated " + - "with this detection\n- `max_severity`: Highest severity of the behaviors associated with this detection\n" + - "- `max_confidence`: Highest confidence of the behaviors associated with this detection\n- `adversary_id`: " + - "ID of the adversary associated with this detection, if any\n- `devices.hostname`: Hostname of the host " + - "where this detection was detected\n\nSort either `asc` (ascending) or `desc` (descending). " + - "For example: `last_behavior|asc`", - "name": "sort", - "in": "query" - }, - { - "type": "string", - "description": "Filter detections using a query in Falcon Query Language (FQL) An asterisk wildcard `*` " + - "includes all results. \n\nCommon filter options include:\n\n- `status`\n- `device.device_id`\n" + - "- `max_severity`\n\nThe full list of valid filter options is extensive. " + - "Review it in our [documentation inside the Falcon console]" + - "(https://falcon.crowdstrike.com/documentation/45/falcon-query-language-fql).", - "name": "filter", - "in": "query" - }, - { - "type": "string", - "description": "Search all detection metadata for the provided string", - "name": "q", - "in": "query" - } - ] - ] -] \ No newline at end of file + "QueryDetects", + "GET", + "/detects/queries/detects/v1", + "Search for detection IDs that match a given query", + "detects", + [ + { + type: "integer", + description: "The first detection to return, where `0` is the latest detection. Use with the `limit` " + "parameter to manage pagination of results.", + name: "offset", + in: "query", + }, + { + maximum: 9999, + minimum: 0, + type: "integer", + description: "The maximum number of detections to return in this response (default: 9999; max: 9999). " + "Use with the `offset` parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: + "Sort detections using these options:\n\n- `first_behavior`: Timestamp of the first " + + "behavior associated with this detection\n- `last_behavior`: Timestamp of the last behavior associated " + + "with this detection\n- `max_severity`: Highest severity of the behaviors associated with this detection\n" + + "- `max_confidence`: Highest confidence of the behaviors associated with this detection\n- `adversary_id`: " + + "ID of the adversary associated with this detection, if any\n- `devices.hostname`: Hostname of the host " + + "where this detection was detected\n\nSort either `asc` (ascending) or `desc` (descending). " + + "For example: `last_behavior|asc`", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter detections using a query in Falcon Query Language (FQL) An asterisk wildcard `*` " + + "includes all results. \n\nCommon filter options include:\n\n- `status`\n- `device.device_id`\n" + + "- `max_severity`\n\nThe full list of valid filter options is extensive. " + + "Review it in our [documentation inside the Falcon console]" + + "(https://falcon.crowdstrike.com/documentation/45/falcon-query-language-fql).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Search all detection metadata for the provided string", + name: "q", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/device_control_policies.ts b/src/_endpoints/device_control_policies.ts index 25273254..4bec10ec 100644 --- a/src/_endpoints/device_control_policies.ts +++ b/src/_endpoints/device_control_policies.ts @@ -3,167 +3,315 @@ * consumed and interpreted by Falcon.command(...) */ export const _device_control_policies_endpoints: Array = [ - ["queryCombinedDeviceControlPolicyMembers", "GET", "/policy/combined/device-control-members/v1", "Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", "device_control_policies", [{ - "type": "string", - "description": "The ID of the Device Control Policy to search for members of", - "name": "id", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["queryCombinedDeviceControlPolicies", "GET", "/policy/combined/device-control/v1", "Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policies which match the filter criteria", "device_control_policies", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], + [ + "queryCombinedDeviceControlPolicyMembers", + "GET", + "/policy/combined/device-control-members/v1", + "Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", + "device_control_policies", + [ + { + type: "string", + description: "The ID of the Device Control Policy to search for members of", + name: "id", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "queryCombinedDeviceControlPolicies", + "GET", + "/policy/combined/device-control/v1", + "Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policies which match the filter criteria", + "device_control_policies", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + enum: [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "enabled.asc", + "enabled.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc", + "platform_name.asc", + "platform_name.desc", + "precedence.asc", + "precedence.desc", + ], + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], ["getDefaultDeviceControlPolicies", "GET", "/policy/entities/default-device-control/v1", "Retrieve the configuration for a Default Device Control Policy", "device_control_policies", []], - ["updateDefaultDeviceControlPolicies", "PATCH", "/policy/entities/default-device-control/v1", "Update the configuration for a Default Device Control Policy", "device_control_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["performDeviceControlPoliciesAction", "POST", "/policy/entities/device-control-actions/v1", "Perform the specified action on the Device Control Policies specified in the request", "device_control_policies", [{ - "enum": ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], - "type": "string", - "description": "The action to perform", - "name": "action_name", - "in": "query", - "required": 1 - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["setDeviceControlPoliciesPrecedence", "POST", "/policy/entities/device-control-precedence/v1", "Sets the precedence of Device Control Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence", "device_control_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["getDeviceControlPolicies", "GET", "/policy/entities/device-control/v1", "Retrieve a set of Device Control Policies by specifying their IDs", "device_control_policies", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the Device Control Policies to return", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["createDeviceControlPolicies", "POST", "/policy/entities/device-control/v1", "Create Device Control Policies by specifying details about the policy to create", "device_control_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["updateDeviceControlPolicies", "PATCH", "/policy/entities/device-control/v1", "Update Device Control Policies by specifying the ID of the policy and details to update", "device_control_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteDeviceControlPolicies", "DELETE", "/policy/entities/device-control/v1", "Delete a set of Device Control Policies by specifying their IDs", "device_control_policies", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the Device Control Policies to delete", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["queryDeviceControlPolicyMembers", "GET", "/policy/queries/device-control-members/v1", "Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria", "device_control_policies", [{ - "type": "string", - "description": "The ID of the Device Control Policy to search for members of", - "name": "id", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["queryDeviceControlPolicies", "GET", "/policy/queries/device-control/v1", "Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policy IDs which match the filter criteria", "device_control_policies", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]] -]; \ No newline at end of file + [ + "updateDefaultDeviceControlPolicies", + "PATCH", + "/policy/entities/default-device-control/v1", + "Update the configuration for a Default Device Control Policy", + "device_control_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "performDeviceControlPoliciesAction", + "POST", + "/policy/entities/device-control-actions/v1", + "Perform the specified action on the Device Control Policies specified in the request", + "device_control_policies", + [ + { + enum: ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], + type: "string", + description: "The action to perform", + name: "action_name", + in: "query", + required: 1, + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "setDeviceControlPoliciesPrecedence", + "POST", + "/policy/entities/device-control-precedence/v1", + "Sets the precedence of Device Control Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence", + "device_control_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "getDeviceControlPolicies", + "GET", + "/policy/entities/device-control/v1", + "Retrieve a set of Device Control Policies by specifying their IDs", + "device_control_policies", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the Device Control Policies to return", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createDeviceControlPolicies", + "POST", + "/policy/entities/device-control/v1", + "Create Device Control Policies by specifying details about the policy to create", + "device_control_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updateDeviceControlPolicies", + "PATCH", + "/policy/entities/device-control/v1", + "Update Device Control Policies by specifying the ID of the policy and details to update", + "device_control_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteDeviceControlPolicies", + "DELETE", + "/policy/entities/device-control/v1", + "Delete a set of Device Control Policies by specifying their IDs", + "device_control_policies", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the Device Control Policies to delete", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "queryDeviceControlPolicyMembers", + "GET", + "/policy/queries/device-control-members/v1", + "Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria", + "device_control_policies", + [ + { + type: "string", + description: "The ID of the Device Control Policy to search for members of", + name: "id", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "queryDeviceControlPolicies", + "GET", + "/policy/queries/device-control/v1", + "Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policy IDs which match the filter criteria", + "device_control_policies", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + enum: [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "enabled.asc", + "enabled.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc", + "platform_name.asc", + "platform_name.desc", + "precedence.asc", + "precedence.desc", + ], + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/discover.ts b/src/_endpoints/discover.ts index 66a52af2..9812521e 100644 --- a/src/_endpoints/discover.ts +++ b/src/_endpoints/discover.ts @@ -3,179 +3,295 @@ * consumed and interpreted by Falcon.command(...) */ export const _discover_endpoints: Array = [ - ["get_accounts", "GET", "/discover/entities/accounts/v1", "Get details on accounts by providing one or more IDs.", "discover", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more account IDs (max: 100). Find account IDs with GET `/discover/queries/accounts/v1`", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["get_applications", "GET", "/discover/entities/applications/v1", "Get details on applications by providing one or more IDs.", "discover", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of applications to retrieve. (Min: 1, Max: 100)", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["get_hosts", "GET", "/discover/entities/hosts/v1", "Get details on assets by providing one or more IDs.", "discover", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more asset IDs (max: 100). Find asset IDs with GET `/discover/queries/hosts/v1`", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["get_logins", "GET", "/discover/entities/logins/v1", "Get details on logins by providing one or more IDs.", "discover", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more login IDs (max: 100). Find login IDs with GET `/discover/queries/logins/v1`", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["query_accounts", "GET", "/discover/queries/accounts/v1", "Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of account IDs which match the filter criteria.", "discover", [{ - "minimum": 0, - "type": "integer", - "description": "An offset used with the `limit` parameter to manage pagination of results. On your first request, don\u2019t provide an `offset`. On subsequent requests, provide the `offset` from the previous response to continue from that place in the results.", - "name": "offset", - "in": "query" - }, { - "maximum": 100, - "minimum": 1, - "type": "integer", - "description": "The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort accounts by their properties. A single sort field is allowed. Common sort options include:\n\n
  • username|asc
  • last_failed_login_timestamp|desc
", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter accounts using an FQL query. Common filter options include:\n\n
  • account_type:'Local'
  • admin_privileges:'Yes'
  • first_seen_timestamp:<'now-7d'
  • last_successful_login_type:'Terminal server'
", - "name": "filter", - "in": "query" - }]], - ["query_applications", "GET", "/discover/queries/applications/v1", "Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria.", "discover", [{ - "minimum": 0, - "type": "integer", - "description": "The index of the starting resource.", - "name": "offset", - "in": "query" - }, { - "maximum": 100, - "minimum": 1, - "type": "integer", - "description": "The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort accounts by their properties. A single sort field is allowed. Common sort options include:\n\n
  • username|asc
  • last_failed_login_timestamp|desc
", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter accounts using an FQL query. Common filter options include:\n\n
  • account_type:'Local'
  • admin_privileges:'Yes'
  • first_seen_timestamp:<'now-7d'
  • last_successful_login_type:'Terminal server'
", - "name": "filter", - "in": "query" - }]], - ["query_hosts", "GET", "/discover/queries/hosts/v1", "Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.", "discover", [{ - "minimum": 0, - "type": "integer", - "description": "An offset used with the `limit` parameter to manage pagination of results. On your first request, don\u2019t provide an `offset`. On subsequent requests, provide the `offset` from the previous response to continue from that place in the results.", - "name": "offset", - "in": "query" - }, { - "maximum": 100, - "minimum": 1, - "type": "integer", - "description": "The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort assets by their properties. A single sort field is allowed. Common sort options include:\n\n
  • hostname|asc
  • product_type_desc|desc
", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter assets using an FQL query. Common filter options include:\n\n
  • entity_type:'managed'
  • product_type_desc:'Workstation'
  • platform_name:'Windows'
  • last_seen_timestamp:>'now-7d'
", - "name": "filter", - "in": "query" - }]], - ["query_logins", "GET", "/discover/queries/logins/v1", "Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of login IDs which match the filter criteria.", "discover", [{ - "minimum": 0, - "type": "integer", - "description": "An offset used with the `limit` parameter to manage pagination of results. On your first request, don\u2019t provide an `offset`. On subsequent requests, provide the `offset` from the previous response to continue from that place in the results.", - "name": "offset", - "in": "query" - }, { - "maximum": 100, - "minimum": 1, - "type": "integer", - "description": "The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort assets by their properties. A single sort field is allowed. Common sort options include:\n\n
  • hostname|asc
  • product_type_desc|desc
", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter assets using an FQL query. Common filter options include:\n\n
  • entity_type:'managed'
  • product_type_desc:'Workstation'
  • platform_name:'Windows'
  • last_seen_timestamp:>'now-7d'
", - "name": "filter", - "in": "query" - }]], - ["get_iot_hosts", "GET", "/discover/entities/iot-hosts/v1", "Get details on IoT assets by providing one or more IDs.", "discover_iot", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more asset IDs (max: 100). Find asset IDs with GET `/discover/queries/iot-hosts/v1`", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["query_iot_hosts", "GET", "/discover/queries/iot-hosts/v1", "Search for IoT assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.", "discover_iot", [{ - "minimum": 0, - "type": "integer", - "description": "An offset used with the `limit` parameter to manage pagination of results. On your first request, don\u2019t provide an `offset`. On subsequent requests, provide the `offset` from the previous response to continue from that place in the results.", - "name": "offset", - "in": "query" - }, { - "maximum": 100, - "minimum": 1, - "type": "integer", - "description": "The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort assets by their properties. A single sort field is allowed. Common sort options include:\n\n
  • hostname|asc
  • product_type_desc|desc
", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter assets using an FQL query. Common filter options include:\n\n
  • entity_type:'managed'
  • product_type_desc:'Workstation'
  • platform_name:'Windows'
  • last_seen_timestamp:>'now-7d'
", - "name": "filter", - "in": "query" - }]] -]; \ No newline at end of file + [ + "get_accounts", + "GET", + "/discover/entities/accounts/v1", + "Get details on accounts by providing one or more IDs.", + "discover", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more account IDs (max: 100). Find account IDs with GET `/discover/queries/accounts/v1`", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "get_applications", + "GET", + "/discover/entities/applications/v1", + "Get details on applications by providing one or more IDs.", + "discover", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of applications to retrieve. (Min: 1, Max: 100)", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "get_hosts", + "GET", + "/discover/entities/hosts/v1", + "Get details on assets by providing one or more IDs.", + "discover", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more asset IDs (max: 100). Find asset IDs with GET `/discover/queries/hosts/v1`", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "get_logins", + "GET", + "/discover/entities/logins/v1", + "Get details on logins by providing one or more IDs.", + "discover", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more login IDs (max: 100). Find login IDs with GET `/discover/queries/logins/v1`", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "query_accounts", + "GET", + "/discover/queries/accounts/v1", + "Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of account IDs which match the filter criteria.", + "discover", + [ + { + minimum: 0, + type: "integer", + description: + "An offset used with the `limit` parameter to manage pagination of results. On your first request, don\u2019t provide an `offset`. On subsequent requests, provide the `offset` from the previous response to continue from that place in the results.", + name: "offset", + in: "query", + }, + { + maximum: 100, + minimum: 1, + type: "integer", + description: "The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: + "Sort accounts by their properties. A single sort field is allowed. Common sort options include:\n\n
  • username|asc
  • last_failed_login_timestamp|desc
", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter accounts using an FQL query. Common filter options include:\n\n
  • account_type:'Local'
  • admin_privileges:'Yes'
  • first_seen_timestamp:<'now-7d'
  • last_successful_login_type:'Terminal server'
", + name: "filter", + in: "query", + }, + ], + ], + [ + "query_applications", + "GET", + "/discover/queries/applications/v1", + "Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria.", + "discover", + [ + { + minimum: 0, + type: "integer", + description: "The index of the starting resource.", + name: "offset", + in: "query", + }, + { + maximum: 100, + minimum: 1, + type: "integer", + description: "The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: + "Sort accounts by their properties. A single sort field is allowed. Common sort options include:\n\n
  • username|asc
  • last_failed_login_timestamp|desc
", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter accounts using an FQL query. Common filter options include:\n\n
  • account_type:'Local'
  • admin_privileges:'Yes'
  • first_seen_timestamp:<'now-7d'
  • last_successful_login_type:'Terminal server'
", + name: "filter", + in: "query", + }, + ], + ], + [ + "query_hosts", + "GET", + "/discover/queries/hosts/v1", + "Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.", + "discover", + [ + { + minimum: 0, + type: "integer", + description: + "An offset used with the `limit` parameter to manage pagination of results. On your first request, don\u2019t provide an `offset`. On subsequent requests, provide the `offset` from the previous response to continue from that place in the results.", + name: "offset", + in: "query", + }, + { + maximum: 100, + minimum: 1, + type: "integer", + description: "The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort assets by their properties. A single sort field is allowed. Common sort options include:\n\n
  • hostname|asc
  • product_type_desc|desc
", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter assets using an FQL query. Common filter options include:\n\n
  • entity_type:'managed'
  • product_type_desc:'Workstation'
  • platform_name:'Windows'
  • last_seen_timestamp:>'now-7d'
", + name: "filter", + in: "query", + }, + ], + ], + [ + "query_logins", + "GET", + "/discover/queries/logins/v1", + "Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of login IDs which match the filter criteria.", + "discover", + [ + { + minimum: 0, + type: "integer", + description: + "An offset used with the `limit` parameter to manage pagination of results. On your first request, don\u2019t provide an `offset`. On subsequent requests, provide the `offset` from the previous response to continue from that place in the results.", + name: "offset", + in: "query", + }, + { + maximum: 100, + minimum: 1, + type: "integer", + description: "The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort assets by their properties. A single sort field is allowed. Common sort options include:\n\n
  • hostname|asc
  • product_type_desc|desc
", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter assets using an FQL query. Common filter options include:\n\n
  • entity_type:'managed'
  • product_type_desc:'Workstation'
  • platform_name:'Windows'
  • last_seen_timestamp:>'now-7d'
", + name: "filter", + in: "query", + }, + ], + ], + [ + "get_iot_hosts", + "GET", + "/discover/entities/iot-hosts/v1", + "Get details on IoT assets by providing one or more IDs.", + "discover_iot", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more asset IDs (max: 100). Find asset IDs with GET `/discover/queries/iot-hosts/v1`", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "query_iot_hosts", + "GET", + "/discover/queries/iot-hosts/v1", + "Search for IoT assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.", + "discover_iot", + [ + { + minimum: 0, + type: "integer", + description: + "An offset used with the `limit` parameter to manage pagination of results. On your first request, don\u2019t provide an `offset`. On subsequent requests, provide the `offset` from the previous response to continue from that place in the results.", + name: "offset", + in: "query", + }, + { + maximum: 100, + minimum: 1, + type: "integer", + description: "The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the `offset` parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort assets by their properties. A single sort field is allowed. Common sort options include:\n\n
  • hostname|asc
  • product_type_desc|desc
", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter assets using an FQL query. Common filter options include:\n\n
  • entity_type:'managed'
  • product_type_desc:'Workstation'
  • platform_name:'Windows'
  • last_seen_timestamp:>'now-7d'
", + name: "filter", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/event_streams.ts b/src/_endpoints/event_streams.ts index 393e219f..e726505b 100644 --- a/src/_endpoints/event_streams.ts +++ b/src/_endpoints/event_streams.ts @@ -3,35 +3,56 @@ * consumed and interpreted by Falcon.command(...) */ export const _event_streams_endpoints: Array = [ - ["refreshActiveStreamSession", "POST", "/sensors/entities/datafeed-actions/v1/{}", "Refresh an active event stream. Use the URL shown in a GET /sensors/entities/datafeed/v2 response.", "event_streams", [{ - "type": "string", - "description": "Action name. Allowed value is refresh_active_stream_session.", - "name": "action_name", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Label that identifies your connection. Max: 32 alphanumeric characters (a-z, A-Z, 0-9).", - "name": "appId", - "in": "query", - "required": 1 - }, { - "type": "integer", - "description": "Partition to request data for.", - "name": "partition", - "in": "path", - "required": 1 - }]], - ["listAvailableStreamsOAuth2", "GET", "/sensors/entities/datafeed/v2", "Discover all event streams in your environment", "event_streams", [{ - "type": "string", - "description": "Label that identifies your connection. Max: 32 alphanumeric characters (a-z, A-Z, 0-9).", - "name": "appId", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Format for streaming events. Valid values: json, flatjson", - "name": "format", - "in": "query" - }]] -]; \ No newline at end of file + [ + "refreshActiveStreamSession", + "POST", + "/sensors/entities/datafeed-actions/v1/{}", + "Refresh an active event stream. Use the URL shown in a GET /sensors/entities/datafeed/v2 response.", + "event_streams", + [ + { + type: "string", + description: "Action name. Allowed value is refresh_active_stream_session.", + name: "action_name", + in: "query", + required: 1, + }, + { + type: "string", + description: "Label that identifies your connection. Max: 32 alphanumeric characters (a-z, A-Z, 0-9).", + name: "appId", + in: "query", + required: 1, + }, + { + type: "integer", + description: "Partition to request data for.", + name: "partition", + in: "path", + required: 1, + }, + ], + ], + [ + "listAvailableStreamsOAuth2", + "GET", + "/sensors/entities/datafeed/v2", + "Discover all event streams in your environment", + "event_streams", + [ + { + type: "string", + description: "Label that identifies your connection. Max: 32 alphanumeric characters (a-z, A-Z, 0-9).", + name: "appId", + in: "query", + required: 1, + }, + { + type: "string", + description: "Format for streaming events. Valid values: json, flatjson", + name: "format", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/falcon_complete_dashboard.ts b/src/_endpoints/falcon_complete_dashboard.ts index 35eb303f..53cff3ec 100644 --- a/src/_endpoints/falcon_complete_dashboard.ts +++ b/src/_endpoints/falcon_complete_dashboard.ts @@ -3,212 +3,388 @@ * consumed and interpreted by Falcon.command(...) */ export const _falcon_complete_dashboard_endpoints: Array = [ - ["AggregateAlerts", "POST", "/falcon-complete-dashboards/aggregates/alerts/GET/v1", "Retrieve aggregate alerts values based on the matched filter", "falcon_complete_dashboard", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["AggregateAllowList", "POST", "/falcon-complete-dashboards/aggregates/allowlist/GET/v1", "Retrieve aggregate allowlist ticket values based on the matched filter", "falcon_complete_dashboard", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["AggregateBlockList", "POST", "/falcon-complete-dashboards/aggregates/blocklist/GET/v1", "Retrieve aggregate blocklist ticket values based on the matched filter", "falcon_complete_dashboard", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["AggregateDetections", "POST", "/falcon-complete-dashboards/aggregates/detects/GET/v1", "Retrieve aggregate detection values based on the matched filter", "falcon_complete_dashboard", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["AggregateDeviceCountCollection", "POST", "/falcon-complete-dashboards/aggregates/devicecount-collections/GET/v1", "Retrieve aggregate host/devices count based on the matched filter", "falcon_complete_dashboard", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["AggregateEscalations", "POST", "/falcon-complete-dashboards/aggregates/escalations/GET/v1", "Retrieve aggregate escalation ticket values based on the matched filter", "falcon_complete_dashboard", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["AggregateFCIncidents", "POST", "/falcon-complete-dashboards/aggregates/incidents/GET/v1", "Retrieve aggregate incident values based on the matched filter", "falcon_complete_dashboard", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["AggregateRemediations", "POST", "/falcon-complete-dashboards/aggregates/remediations/GET/v1", "Retrieve aggregate remediation ticket values based on the matched filter", "falcon_complete_dashboard", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["QueryAlertIdsByFilter", "GET", "/falcon-complete-dashboards/queries/alerts/v1", "Retrieve Alerts Ids that match the provided FQL filter criteria with scrolling enabled", "falcon_complete_dashboard", [{ - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation](https://falconpy.io/Usage/Falcon-Query-Language).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }]], - ["QueryAllowListFilter", "GET", "/falcon-complete-dashboards/queries/allowlist/v1", "Retrieve allowlist tickets that match the provided filter criteria with scrolling enabled", "falcon_complete_dashboard", [{ - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }]], - ["QueryBlockListFilter", "GET", "/falcon-complete-dashboards/queries/blocklist/v1", "Retrieve block listtickets that match the provided filter criteria with scrolling enabled", "falcon_complete_dashboard", [{ - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }]], - ["QueryDetectionIdsByFilter", "GET", "/falcon-complete-dashboards/queries/detects/v1", "Retrieve DetectionsIds that match the provided FQL filter, criteria with scrolling enabled", "falcon_complete_dashboard", [{ - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }]], - ["GetDeviceCountCollectionQueriesByFilter", "GET", "/falcon-complete-dashboards/queries/devicecount-collections/v1", "Retrieve device count collection Ids that match the provided FQL filter, criteria with scrolling enabled", "falcon_complete_dashboard", [{ - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }]], - ["QueryEscalationsFilter", "GET", "/falcon-complete-dashboards/queries/escalations/v1", "Retrieve escalation tickets that match the provided filter criteria with scrolling enabled", "falcon_complete_dashboard", [{ - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }]], - ["QueryIncidentIdsByFilter", "GET", "/falcon-complete-dashboards/queries/incidents/v1", "Retrieve incidents that match the provided filter criteria with scrolling enabled", "falcon_complete_dashboard", [{ - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }]], - ["QueryRemediationsFilter", "GET", "/falcon-complete-dashboards/queries/remediations/v1", "Retrieve remediation tickets that match the provided filter criteria with scrolling enabled", "falcon_complete_dashboard", [{ - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }]] -]; \ No newline at end of file + [ + "AggregateAlerts", + "POST", + "/falcon-complete-dashboards/aggregates/alerts/GET/v1", + "Retrieve aggregate alerts values based on the matched filter", + "falcon_complete_dashboard", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "AggregateAllowList", + "POST", + "/falcon-complete-dashboards/aggregates/allowlist/GET/v1", + "Retrieve aggregate allowlist ticket values based on the matched filter", + "falcon_complete_dashboard", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "AggregateBlockList", + "POST", + "/falcon-complete-dashboards/aggregates/blocklist/GET/v1", + "Retrieve aggregate blocklist ticket values based on the matched filter", + "falcon_complete_dashboard", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "AggregateDetections", + "POST", + "/falcon-complete-dashboards/aggregates/detects/GET/v1", + "Retrieve aggregate detection values based on the matched filter", + "falcon_complete_dashboard", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "AggregateDeviceCountCollection", + "POST", + "/falcon-complete-dashboards/aggregates/devicecount-collections/GET/v1", + "Retrieve aggregate host/devices count based on the matched filter", + "falcon_complete_dashboard", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "AggregateEscalations", + "POST", + "/falcon-complete-dashboards/aggregates/escalations/GET/v1", + "Retrieve aggregate escalation ticket values based on the matched filter", + "falcon_complete_dashboard", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "AggregateFCIncidents", + "POST", + "/falcon-complete-dashboards/aggregates/incidents/GET/v1", + "Retrieve aggregate incident values based on the matched filter", + "falcon_complete_dashboard", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "AggregateRemediations", + "POST", + "/falcon-complete-dashboards/aggregates/remediations/GET/v1", + "Retrieve aggregate remediation ticket values based on the matched filter", + "falcon_complete_dashboard", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "QueryAlertIdsByFilter", + "GET", + "/falcon-complete-dashboards/queries/alerts/v1", + "Retrieve Alerts Ids that match the provided FQL filter criteria with scrolling enabled", + "falcon_complete_dashboard", + [ + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + type: "string", + description: 'The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".', + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation](https://falconpy.io/Usage/Falcon-Query-Language).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + ], + ], + [ + "QueryAllowListFilter", + "GET", + "/falcon-complete-dashboards/queries/allowlist/v1", + "Retrieve allowlist tickets that match the provided filter criteria with scrolling enabled", + "falcon_complete_dashboard", + [ + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + type: "string", + description: 'The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".', + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + ], + ], + [ + "QueryBlockListFilter", + "GET", + "/falcon-complete-dashboards/queries/blocklist/v1", + "Retrieve block listtickets that match the provided filter criteria with scrolling enabled", + "falcon_complete_dashboard", + [ + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + type: "string", + description: 'The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".', + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + ], + ], + [ + "QueryDetectionIdsByFilter", + "GET", + "/falcon-complete-dashboards/queries/detects/v1", + "Retrieve DetectionsIds that match the provided FQL filter, criteria with scrolling enabled", + "falcon_complete_dashboard", + [ + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + type: "string", + description: 'The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".', + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + ], + ], + [ + "GetDeviceCountCollectionQueriesByFilter", + "GET", + "/falcon-complete-dashboards/queries/devicecount-collections/v1", + "Retrieve device count collection Ids that match the provided FQL filter, criteria with scrolling enabled", + "falcon_complete_dashboard", + [ + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + type: "string", + description: 'The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".', + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + ], + ], + [ + "QueryEscalationsFilter", + "GET", + "/falcon-complete-dashboards/queries/escalations/v1", + "Retrieve escalation tickets that match the provided filter criteria with scrolling enabled", + "falcon_complete_dashboard", + [ + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + type: "string", + description: 'The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".', + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + ], + ], + [ + "QueryIncidentIdsByFilter", + "GET", + "/falcon-complete-dashboards/queries/incidents/v1", + "Retrieve incidents that match the provided filter criteria with scrolling enabled", + "falcon_complete_dashboard", + [ + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + type: "string", + description: 'The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".', + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + ], + ], + [ + "QueryRemediationsFilter", + "GET", + "/falcon-complete-dashboards/queries/remediations/v1", + "Retrieve remediation tickets that match the provided filter criteria with scrolling enabled", + "falcon_complete_dashboard", + [ + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + type: "string", + description: 'The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".', + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/falcon_container.ts b/src/_endpoints/falcon_container.ts index 40018c14..b7510300 100644 --- a/src/_endpoints/falcon_container.ts +++ b/src/_endpoints/falcon_container.ts @@ -4,121 +4,222 @@ */ export const _falcon_container_endpoints: Array = [ ["GetCredentials", "GET", "/container-security/entities/image-registry-credentials/v1", "Gets the registry credentials", "falcon_container", []], - ["GetCombinedImages", "GET", "/container-security/combined/image-assessment/images/v1", "Get image assessment results by providing an FQL filter and paging details", "falcon_container_image", [{ - "type": "string", - "description": "Filter images using a query in Falcon Query Language (FQL). Supported filters: container_running_status, cve_id, first_seen, registry, repository, tag, vulnerability_severity", - "name": "filter", - "in": "query" - }, { - "type": "integer", - "description": "The upper-bound on the number of records to retrieve [1-100]", - "name": "limit", - "in": "query" - }, { - "type": "integer", - "description": "The offset from where to begin.", - "name": "offset", - "in": "query" - }, { - "type": "string", - "description": "The fields to sort the records on. Supported columns: [first_seen registry repository tag vulnerability_severity]", - "name": "sort", - "in": "query" - }]], - ["ReadImageVulnerabilities", "POST", "/image-assessment/combined/vulnerability-lookups/v1", "Retrieve known vulnerabilities for the provided image", "falcon_container_cli", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetImageAssessmentReport", "GET", "/reports", "Retrieves the Assessment report for the Image ID provided.", "falcon_container", [{ - "type": "string", - "description": "The hash digest for the image.", - "name": "digest", - "in": "query", - "required": 0 - }, { - "type": "string", - "description": "The image ID.", - "name": "image_id", - "in": "query", - "required": 0 - }, { - "type": "string", - "description": "The repository the image resides within.", - "name": "repository", - "in": "query", - "required": 0 - }, { - "type": "string", - "description": "The image tag.", - "name": "tag", - "in": "query", - "required": 0 - }]], - ["DeleteImageDetails", "DELETE", "/images/{}", "Delete Images by ids.", "falcon_container", [{ - "type": "string", - "description": "The ID of the image to be deleted.", - "name": "image_id", - "in": "path", - "required": 1 - }]], - ["ImageMatchesPolicy", "GET", "/policy-checks", "After an image scan, use this operation to see if any images match a policy. If deny is true, the policy suggestion is that you do not deploy the image in your environment.", "falcon_container", [{ - "type": "string", - "description": "The repository the image resides within.", - "name": "repository", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The image tag.", - "name": "tag", - "in": "query", - "required": 1 - }]], - ["ReadRegistryEntities", "GET", "/container-security/queries/registries/v1", "Retrieve registry entities identified by the customer ID.", "falcon_container_image", [{ - "type": "string", - "description": "Starting index of result set from which to return IDs.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of IDs to return.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Order by fields.", - "name": "sort", - "in": "query" - }]], - ["CreateRegistryEntities", "POST", "/container-security/entities/registries/v1", "Create a registry entity using the provided details.", "falcon_container_image", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["DeleteRegistryEntities", "DELETE", "/container-security/entities/registries/v1", "Delete the registry entity identified by the entity UUID.", "falcon_container_image", [{ - "type": "string", - "description": "Registry entity UUID.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["UpdateRegistryEntities", "PATCH", "/container-security/entities/registries/v1", "Update the registry entity, as identified by the entity UUID, using the provided details.", "falcon_container_image", [{ - "type": "string", - "description": "Registry entity UUID.", - "name": "id", - "in": "query", - "required": 1 - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["ReadRegistryEntitiesByUUID", "GET", "/container-security/entities/registries/v1", "Retrieve the registry entity identified by the entity UUID.", "falcon_container_image", [{ - "type": "string", - "description": "Registry entity UUID.", - "name": "ids", - "in": "query", - "required": 1 - }]] -]; \ No newline at end of file + [ + "GetCombinedImages", + "GET", + "/container-security/combined/image-assessment/images/v1", + "Get image assessment results by providing an FQL filter and paging details", + "falcon_container_image", + [ + { + type: "string", + description: + "Filter images using a query in Falcon Query Language (FQL). Supported filters: container_running_status, cve_id, first_seen, registry, repository, tag, vulnerability_severity", + name: "filter", + in: "query", + }, + { + type: "integer", + description: "The upper-bound on the number of records to retrieve [1-100]", + name: "limit", + in: "query", + }, + { + type: "integer", + description: "The offset from where to begin.", + name: "offset", + in: "query", + }, + { + type: "string", + description: "The fields to sort the records on. Supported columns: [first_seen registry repository tag vulnerability_severity]", + name: "sort", + in: "query", + }, + ], + ], + [ + "ReadImageVulnerabilities", + "POST", + "/image-assessment/combined/vulnerability-lookups/v1", + "Retrieve known vulnerabilities for the provided image", + "falcon_container_cli", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetImageAssessmentReport", + "GET", + "/reports", + "Retrieves the Assessment report for the Image ID provided.", + "falcon_container", + [ + { + type: "string", + description: "The hash digest for the image.", + name: "digest", + in: "query", + required: 0, + }, + { + type: "string", + description: "The image ID.", + name: "image_id", + in: "query", + required: 0, + }, + { + type: "string", + description: "The repository the image resides within.", + name: "repository", + in: "query", + required: 0, + }, + { + type: "string", + description: "The image tag.", + name: "tag", + in: "query", + required: 0, + }, + ], + ], + [ + "DeleteImageDetails", + "DELETE", + "/images/{}", + "Delete Images by ids.", + "falcon_container", + [ + { + type: "string", + description: "The ID of the image to be deleted.", + name: "image_id", + in: "path", + required: 1, + }, + ], + ], + [ + "ImageMatchesPolicy", + "GET", + "/policy-checks", + "After an image scan, use this operation to see if any images match a policy. If deny is true, the policy suggestion is that you do not deploy the image in your environment.", + "falcon_container", + [ + { + type: "string", + description: "The repository the image resides within.", + name: "repository", + in: "query", + required: 1, + }, + { + type: "string", + description: "The image tag.", + name: "tag", + in: "query", + required: 1, + }, + ], + ], + [ + "ReadRegistryEntities", + "GET", + "/container-security/queries/registries/v1", + "Retrieve registry entities identified by the customer ID.", + "falcon_container_image", + [ + { + type: "string", + description: "Starting index of result set from which to return IDs.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of IDs to return.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Order by fields.", + name: "sort", + in: "query", + }, + ], + ], + [ + "CreateRegistryEntities", + "POST", + "/container-security/entities/registries/v1", + "Create a registry entity using the provided details.", + "falcon_container_image", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "DeleteRegistryEntities", + "DELETE", + "/container-security/entities/registries/v1", + "Delete the registry entity identified by the entity UUID.", + "falcon_container_image", + [ + { + type: "string", + description: "Registry entity UUID.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "UpdateRegistryEntities", + "PATCH", + "/container-security/entities/registries/v1", + "Update the registry entity, as identified by the entity UUID, using the provided details.", + "falcon_container_image", + [ + { + type: "string", + description: "Registry entity UUID.", + name: "id", + in: "query", + required: 1, + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "ReadRegistryEntitiesByUUID", + "GET", + "/container-security/entities/registries/v1", + "Retrieve the registry entity identified by the entity UUID.", + "falcon_container_image", + [ + { + type: "string", + description: "Registry entity UUID.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/falconx_sandbox.ts b/src/_endpoints/falconx_sandbox.ts index 2fa067cb..b1aabdc6 100644 --- a/src/_endpoints/falconx_sandbox.ts +++ b/src/_endpoints/falconx_sandbox.ts @@ -3,215 +3,374 @@ * consumed and interpreted by Falcon.command(...) */ export const _falconx_sandbox_endpoints: Array = [ - ["GetArtifacts", "GET", "/falconx/entities/artifacts/v1", "Download IOC packs, PCAP files, and other analysis artifacts.", "falconx_sandbox", [{ - "type": "string", - "description": "ID of an artifact, such as an IOC pack, PCAP file, or actor image. Find an artifact ID in a report or summary.", - "name": "id", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The name given to your downloaded file.", - "name": "name", - "in": "query" - }, { - "type": "string", - "description": "Format used to compress your downloaded file. Currently, you must provide the value `gzip`, the only valid format.", - "name": "Accept-Encoding", - "in": "header" - }]], - ["GetMemoryDumpExtractedStrings", "GET", "/falconx/entities/memory-dump/extracted-strings/v1", "Get extracted strings from a memory dump", "falconx_sandbox", [{ - "type": "string", - "description": "Extracted strings id", - "name": "id", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The name given to your downloaded file.", - "name": "name", - "in": "query" - }, { - "type": "string", - "description": "Format used to compress your downloaded file. Currently, you must provide the value `gzip`, the only valid format.", - "name": "Accept-Encoding", - "in": "header" - }]], - ["GetMemoryDumpHexDump", "GET", "/falconx/entities/memory-dump/hex-dump/v1", "Get hex view of a memory dump", "falconx_sandbox", [{ - "type": "string", - "description": "Hex dump id", - "name": "id", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The name given to your downloaded file.", - "name": "name", - "in": "query" - }, { - "type": "string", - "description": "Format used to compress your downloaded file. Currently, you must provide the value `gzip`, the only valid format.", - "name": "Accept-Encoding", - "in": "header" - }]], - ["GetMemoryDump", "GET", "/falconx/entities/memory-dump/v1", "Get memory dump content, as binary", "falconx_sandbox", [{ - "type": "string", - "description": "Memory dump id", - "name": "id", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The name given to your downloaded file.", - "name": "name", - "in": "query" - }, { - "type": "string", - "description": "Format used to compress your downloaded file. Currently, you must provide the value `gzip`, the only valid format.", - "name": "Accept-Encoding", - "in": "header" - }]], - ["GetSummaryReports", "GET", "/falconx/entities/report-summaries/v1", "Get a short summary version of a sandbox report.", "falconx_sandbox", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "ID of a summary. Find a summary ID from the response when submitting a malware sample or search with `/falconx/queries/reports/v1`.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetReports", "GET", "/falconx/entities/reports/v1", "Get a full sandbox report.", "falconx_sandbox", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "ID of a report. Find a report ID from the response when submitting a malware sample or search with `/falconx/queries/reports/v1`.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["DeleteReport", "DELETE", "/falconx/entities/reports/v1", "Delete report based on the report ID. Operation can be checked for success by polling for the report ID on the report-summaries endpoint.", "falconx_sandbox", [{ - "type": "string", - "description": "ID of a report.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetSubmissions", "GET", "/falconx/entities/submissions/v1", "Check the status of a sandbox analysis. Time required for analysis consties but is usually less than 15 minutes.", "falconx_sandbox", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "ID of a submitted malware sample. Find a submission ID from the response when submitting a malware sample or search with `/falconx/queries/submissions/v1`.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["Submit", "POST", "/falconx/entities/submissions/v1", "Submit an uploaded file or a URL for sandbox analysis. Time required for analysis consties but is usually less than 15 minutes.", "falconx_sandbox", [{ - "description": "Submit either a URL or a sample SHA256 for sandbox analysis. The sample file must have been previously uploaded through `/samples/entities/samples/v2`. You must specify a JSON object that includes the `falconx.SubmissionParametersV1` key/value pairs shown below.\n\n**`environment_id`**: Specifies the sandbox environment used for analysis. Values:\n\n- `300`: Linux Ubuntu 16.04, 64-bit\n- `200`: Android (static analysis)\n- `160`: Windows 10, 64-bit\n- `110`: Windows 7, 64-bit\n- `100`: Windows 7, 32-bit\n\n**`sha256`** ID of the sample, which is a SHA256 hash value. Find a sample ID from the response when uploading a malware sample or search with `/falconx/queries/submissions/v1`.The `url` parameter must be unset if `sha256` is used.\n\n**`url`** A web page or file URL. It can be HTTP(S) or FTP. The `sha256` parameter must be unset if `url` is used.\n\n**`action_script`** (optional): Runtime script for sandbox analysis. Values:\n\n- `default`\n- `default_maxantievasion`\n- `default_randomfiles`\n- `default_randomtheme`\n- `default_openie`\n\n**`command_line`** (optional): Command line script passed to the submitted file at runtime. Max length: 2048 characters\n\n**`document_password`** (optional): Auto-filled for Adobe or Office files that prompt for a password. Max length: 32 characters\n\n**`enable_tor`** (optional): If `true`, sandbox analysis routes network traffic via TOR. Default: `false`.\n\n**`submit_name`** (optional): Name of the malware sample that's used for file type detection and analysis\n\n**`system_date`** (optional): Set a custom date in the format `yyyy-MM-dd` for the sandbox environment\n\n**`system_time`** (optional): Set a custom time in the format `HH:mm` for the sandbox environment.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["QueryReports", "GET", "/falconx/queries/reports/v1", "Find sandbox reports by providing an FQL filter and paging details. Returns a set of report IDs that match your criteria.", "falconx_sandbox", [{ - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "The offset to start retrieving reports from.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Maximum number of report IDs to return. Max: 5000.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort order: `asc` or `desc`.", - "name": "sort", - "in": "query" - }]], - ["QuerySubmissions", "GET", "/falconx/queries/submissions/v1", "Find submission IDs for uploaded files by providing an FQL filter and paging details. Returns a set of submission IDs that match your criteria.", "falconx_sandbox", [{ - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "The offset to start retrieving submissions from.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Maximum number of submission IDs to return. Max: 5000.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort order: `asc` or `desc`.", - "name": "sort", - "in": "query" - }]], - ["GetSampleV2", "GET", "/samples/entities/samples/v2", "Retrieves the file associated with the given ID (SHA256)", "falconx_sandbox", [{ - "type": "string", - "description": "The file SHA256.", - "name": "ids", - "in": "query", - "required": 1 - }, { - "type": "boolean", - "default": 0, - "description": "Flag whether the sample should be zipped and password protected with pass='infected'", - "name": "password_protected", - "in": "query" - }]], - ["UploadSampleV2", "POST", "/samples/entities/samples/v2", "Upload a file for sandbox analysis. After uploading, use `/falconx/entities/submissions/v1` to start analyzing the file.", "falconx_sandbox", [{ - "description": "Content of the uploaded sample in binary format. For example, use `--data-binary @$FILE_PATH` when using cURL. Max file size: 100 MB.\n\nAccepted file formats:\n\n- Portable executables: `.exe`, `.scr`, `.pif`, `.dll`, `.com`, `.cpl`, etc.\n- Office documents: `.doc`, `.docx`, `.ppt`, `.pps`, `.pptx`, `.ppsx`, `.xls`, `.xlsx`, `.rtf`, `.pub`\n- PDF\n- APK\n- Executable JAR\n- Windows script component: `.sct`\n- Windows shortcut: `.lnk`\n- Windows help: `.chm`\n- HTML application: `.hta`\n- Windows script file: `.wsf`\n- Javascript: `.js`\n- Visual Basic: `.vbs`, `.vbe`\n- Shockwave Flash: `.swf`\n- Perl: `.pl`\n- Powershell: `.ps1`, `.psd1`, `.psm1`\n- Scalable vector graphics: `.svg`\n- Python: `.py`\n- Linux ELF executables\n- Email files: MIME RFC 822 `.eml`, Outlook `.msg`.", - "name": "body", - "in": "body", - "required": 1 - }, { - "type": "file", - "description": "The binary file.", - "name": "upfile", - "in": "formData", - "required": 1 - }, { - "type": "string", - "description": "Name of the file.", - "name": "file_name", - "in": "formData", - "required": 1 - }, { - "type": "string", - "description": "A descriptive comment to identify the file for other users.", - "name": "comment", - "in": "formData" - }, { - "type": "boolean", - "default": 1, - "description": "Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console.\n\n- `true`: File is only shown to users within your customer account\n- `false`: File can be seen by other CrowdStrike customers \n\nDefault: `true`.", - "name": "is_confidential", - "in": "formData" - }]], - ["DeleteSampleV2", "DELETE", "/samples/entities/samples/v2", "Removes a sample, including file, meta and submissions from the collection", "falconx_sandbox", [{ - "type": "string", - "description": "The file SHA256.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["QuerySampleV1", "POST", "/samples/queries/samples/GET/v1", "Retrieves a list with sha256 of samples that exist and customer has rights to access them, maximum number of accepted items is 200", "falconx_sandbox", [{ - "description": "Pass a list of sha256s to check if the exist. It will be returned the list of existing hashes.", - "name": "body", - "in": "body", - "required": 1 - }]] -]; \ No newline at end of file + [ + "GetArtifacts", + "GET", + "/falconx/entities/artifacts/v1", + "Download IOC packs, PCAP files, and other analysis artifacts.", + "falconx_sandbox", + [ + { + type: "string", + description: "ID of an artifact, such as an IOC pack, PCAP file, or actor image. Find an artifact ID in a report or summary.", + name: "id", + in: "query", + required: 1, + }, + { + type: "string", + description: "The name given to your downloaded file.", + name: "name", + in: "query", + }, + { + type: "string", + description: "Format used to compress your downloaded file. Currently, you must provide the value `gzip`, the only valid format.", + name: "Accept-Encoding", + in: "header", + }, + ], + ], + [ + "GetMemoryDumpExtractedStrings", + "GET", + "/falconx/entities/memory-dump/extracted-strings/v1", + "Get extracted strings from a memory dump", + "falconx_sandbox", + [ + { + type: "string", + description: "Extracted strings id", + name: "id", + in: "query", + required: 1, + }, + { + type: "string", + description: "The name given to your downloaded file.", + name: "name", + in: "query", + }, + { + type: "string", + description: "Format used to compress your downloaded file. Currently, you must provide the value `gzip`, the only valid format.", + name: "Accept-Encoding", + in: "header", + }, + ], + ], + [ + "GetMemoryDumpHexDump", + "GET", + "/falconx/entities/memory-dump/hex-dump/v1", + "Get hex view of a memory dump", + "falconx_sandbox", + [ + { + type: "string", + description: "Hex dump id", + name: "id", + in: "query", + required: 1, + }, + { + type: "string", + description: "The name given to your downloaded file.", + name: "name", + in: "query", + }, + { + type: "string", + description: "Format used to compress your downloaded file. Currently, you must provide the value `gzip`, the only valid format.", + name: "Accept-Encoding", + in: "header", + }, + ], + ], + [ + "GetMemoryDump", + "GET", + "/falconx/entities/memory-dump/v1", + "Get memory dump content, as binary", + "falconx_sandbox", + [ + { + type: "string", + description: "Memory dump id", + name: "id", + in: "query", + required: 1, + }, + { + type: "string", + description: "The name given to your downloaded file.", + name: "name", + in: "query", + }, + { + type: "string", + description: "Format used to compress your downloaded file. Currently, you must provide the value `gzip`, the only valid format.", + name: "Accept-Encoding", + in: "header", + }, + ], + ], + [ + "GetSummaryReports", + "GET", + "/falconx/entities/report-summaries/v1", + "Get a short summary version of a sandbox report.", + "falconx_sandbox", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "ID of a summary. Find a summary ID from the response when submitting a malware sample or search with `/falconx/queries/reports/v1`.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetReports", + "GET", + "/falconx/entities/reports/v1", + "Get a full sandbox report.", + "falconx_sandbox", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "ID of a report. Find a report ID from the response when submitting a malware sample or search with `/falconx/queries/reports/v1`.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "DeleteReport", + "DELETE", + "/falconx/entities/reports/v1", + "Delete report based on the report ID. Operation can be checked for success by polling for the report ID on the report-summaries endpoint.", + "falconx_sandbox", + [ + { + type: "string", + description: "ID of a report.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetSubmissions", + "GET", + "/falconx/entities/submissions/v1", + "Check the status of a sandbox analysis. Time required for analysis consties but is usually less than 15 minutes.", + "falconx_sandbox", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "ID of a submitted malware sample. Find a submission ID from the response when submitting a malware sample or search with `/falconx/queries/submissions/v1`.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "Submit", + "POST", + "/falconx/entities/submissions/v1", + "Submit an uploaded file or a URL for sandbox analysis. Time required for analysis consties but is usually less than 15 minutes.", + "falconx_sandbox", + [ + { + description: + "Submit either a URL or a sample SHA256 for sandbox analysis. The sample file must have been previously uploaded through `/samples/entities/samples/v2`. You must specify a JSON object that includes the `falconx.SubmissionParametersV1` key/value pairs shown below.\n\n**`environment_id`**: Specifies the sandbox environment used for analysis. Values:\n\n- `300`: Linux Ubuntu 16.04, 64-bit\n- `200`: Android (static analysis)\n- `160`: Windows 10, 64-bit\n- `110`: Windows 7, 64-bit\n- `100`: Windows 7, 32-bit\n\n**`sha256`** ID of the sample, which is a SHA256 hash value. Find a sample ID from the response when uploading a malware sample or search with `/falconx/queries/submissions/v1`.The `url` parameter must be unset if `sha256` is used.\n\n**`url`** A web page or file URL. It can be HTTP(S) or FTP. The `sha256` parameter must be unset if `url` is used.\n\n**`action_script`** (optional): Runtime script for sandbox analysis. Values:\n\n- `default`\n- `default_maxantievasion`\n- `default_randomfiles`\n- `default_randomtheme`\n- `default_openie`\n\n**`command_line`** (optional): Command line script passed to the submitted file at runtime. Max length: 2048 characters\n\n**`document_password`** (optional): Auto-filled for Adobe or Office files that prompt for a password. Max length: 32 characters\n\n**`enable_tor`** (optional): If `true`, sandbox analysis routes network traffic via TOR. Default: `false`.\n\n**`submit_name`** (optional): Name of the malware sample that's used for file type detection and analysis\n\n**`system_date`** (optional): Set a custom date in the format `yyyy-MM-dd` for the sandbox environment\n\n**`system_time`** (optional): Set a custom time in the format `HH:mm` for the sandbox environment.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "QueryReports", + "GET", + "/falconx/queries/reports/v1", + "Find sandbox reports by providing an FQL filter and paging details. Returns a set of report IDs that match your criteria.", + "falconx_sandbox", + [ + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "The offset to start retrieving reports from.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Maximum number of report IDs to return. Max: 5000.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort order: `asc` or `desc`.", + name: "sort", + in: "query", + }, + ], + ], + [ + "QuerySubmissions", + "GET", + "/falconx/queries/submissions/v1", + "Find submission IDs for uploaded files by providing an FQL filter and paging details. Returns a set of submission IDs that match your criteria.", + "falconx_sandbox", + [ + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "The offset to start retrieving submissions from.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Maximum number of submission IDs to return. Max: 5000.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort order: `asc` or `desc`.", + name: "sort", + in: "query", + }, + ], + ], + [ + "GetSampleV2", + "GET", + "/samples/entities/samples/v2", + "Retrieves the file associated with the given ID (SHA256)", + "falconx_sandbox", + [ + { + type: "string", + description: "The file SHA256.", + name: "ids", + in: "query", + required: 1, + }, + { + type: "boolean", + default: 0, + description: "Flag whether the sample should be zipped and password protected with pass='infected'", + name: "password_protected", + in: "query", + }, + ], + ], + [ + "UploadSampleV2", + "POST", + "/samples/entities/samples/v2", + "Upload a file for sandbox analysis. After uploading, use `/falconx/entities/submissions/v1` to start analyzing the file.", + "falconx_sandbox", + [ + { + description: + "Content of the uploaded sample in binary format. For example, use `--data-binary @$FILE_PATH` when using cURL. Max file size: 100 MB.\n\nAccepted file formats:\n\n- Portable executables: `.exe`, `.scr`, `.pif`, `.dll`, `.com`, `.cpl`, etc.\n- Office documents: `.doc`, `.docx`, `.ppt`, `.pps`, `.pptx`, `.ppsx`, `.xls`, `.xlsx`, `.rtf`, `.pub`\n- PDF\n- APK\n- Executable JAR\n- Windows script component: `.sct`\n- Windows shortcut: `.lnk`\n- Windows help: `.chm`\n- HTML application: `.hta`\n- Windows script file: `.wsf`\n- Javascript: `.js`\n- Visual Basic: `.vbs`, `.vbe`\n- Shockwave Flash: `.swf`\n- Perl: `.pl`\n- Powershell: `.ps1`, `.psd1`, `.psm1`\n- Scalable vector graphics: `.svg`\n- Python: `.py`\n- Linux ELF executables\n- Email files: MIME RFC 822 `.eml`, Outlook `.msg`.", + name: "body", + in: "body", + required: 1, + }, + { + type: "file", + description: "The binary file.", + name: "upfile", + in: "formData", + required: 1, + }, + { + type: "string", + description: "Name of the file.", + name: "file_name", + in: "formData", + required: 1, + }, + { + type: "string", + description: "A descriptive comment to identify the file for other users.", + name: "comment", + in: "formData", + }, + { + type: "boolean", + default: 1, + description: + "Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console.\n\n- `true`: File is only shown to users within your customer account\n- `false`: File can be seen by other CrowdStrike customers \n\nDefault: `true`.", + name: "is_confidential", + in: "formData", + }, + ], + ], + [ + "DeleteSampleV2", + "DELETE", + "/samples/entities/samples/v2", + "Removes a sample, including file, meta and submissions from the collection", + "falconx_sandbox", + [ + { + type: "string", + description: "The file SHA256.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "QuerySampleV1", + "POST", + "/samples/queries/samples/GET/v1", + "Retrieves a list with sha256 of samples that exist and customer has rights to access them, maximum number of accepted items is 200", + "falconx_sandbox", + [ + { + description: "Pass a list of sha256s to check if the exist. It will be returned the list of existing hashes.", + name: "body", + in: "body", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/fdr.ts b/src/_endpoints/fdr.ts index e6979dc4..5c9b1fd1 100644 --- a/src/_endpoints/fdr.ts +++ b/src/_endpoints/fdr.ts @@ -4,66 +4,108 @@ */ export const _fdr_endpoints: Array = [ ["fdrschema_combined_event_get", "GET", "/fdr/combined/schema-members/v1", "Fetch combined schema", "event_schema", []], - ["fdrschema_entities_event_get", "GET", "/fdr/entities/schema-events/v1", "Fetch event schema by ID", "event_schema", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Specify feed IDs to fetch", - "name": "ids", - "in": "query" - }]], - ["fdrschema_queries_event_get", "GET", "/fdr/queries/schema-events/v1", "Get list of event IDs given a particular query.", "event_schema", [{ - "type": "integer", - "description": "Limit of the data", - "name": "limit", - "in": "query" - }, { - "type": "integer", - "description": "Offset into the data", - "name": "offset", - "in": "query" - }, { - "type": "string", - "description": "FQL filter of the data", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Sort the data", - "name": "sort", - "in": "query" - }]], - ["fdrschema_entities_field_get", "GET", "/fdr/entities/schema-fields/v1", "Fetch field schema by ID", "field_schema", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Specify feed IDs to fetch", - "name": "ids", - "in": "query" - }]], - ["fdrschema_queries_field_get", "GET", "/fdr/queries/schema-fields/v1", "Get list of field IDs given a particular query.", "field_schema", [{ - "type": "integer", - "description": "Limit of the data", - "name": "limit", - "in": "query" - }, { - "type": "integer", - "description": "Offset into the data", - "name": "offset", - "in": "query" - }, { - "type": "string", - "description": "FQL filter of the data", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Sort the data", - "name": "sort", - "in": "query" - }]] -]; \ No newline at end of file + [ + "fdrschema_entities_event_get", + "GET", + "/fdr/entities/schema-events/v1", + "Fetch event schema by ID", + "event_schema", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Specify feed IDs to fetch", + name: "ids", + in: "query", + }, + ], + ], + [ + "fdrschema_queries_event_get", + "GET", + "/fdr/queries/schema-events/v1", + "Get list of event IDs given a particular query.", + "event_schema", + [ + { + type: "integer", + description: "Limit of the data", + name: "limit", + in: "query", + }, + { + type: "integer", + description: "Offset into the data", + name: "offset", + in: "query", + }, + { + type: "string", + description: "FQL filter of the data", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Sort the data", + name: "sort", + in: "query", + }, + ], + ], + [ + "fdrschema_entities_field_get", + "GET", + "/fdr/entities/schema-fields/v1", + "Fetch field schema by ID", + "field_schema", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Specify feed IDs to fetch", + name: "ids", + in: "query", + }, + ], + ], + [ + "fdrschema_queries_field_get", + "GET", + "/fdr/queries/schema-fields/v1", + "Get list of field IDs given a particular query.", + "field_schema", + [ + { + type: "integer", + description: "Limit of the data", + name: "limit", + in: "query", + }, + { + type: "integer", + description: "Offset into the data", + name: "offset", + in: "query", + }, + { + type: "string", + description: "FQL filter of the data", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Sort the data", + name: "sort", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/filevantage.ts b/src/_endpoints/filevantage.ts index 507ed9a1..9c1ef240 100644 --- a/src/_endpoints/filevantage.ts +++ b/src/_endpoints/filevantage.ts @@ -3,357 +3,629 @@ * consumed and interpreted by Falcon.command(...) */ export const _filevantage_endpoints: Array = [ - ["getChanges", "GET", "/filevantage/entities/changes/v2", "Retrieve information on changes", "filevantage", [{ - "maxItems": 500, - "minItems": 1, - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more change ids in the form of `ids=ID1&ids=ID2`. The maximum number of ids that can be requested at once is `500`.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["updatePolicyHostGroups", "PATCH", "/filevantage/entities/policies-host-groups/v1", "Manage host groups assigned to a policy.", "filevantage", [{ - "type": "string", - "description": "The id of the policy for which to perform the action.", - "name": "policy_id", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The action to perform with the provided ids, must be one of: `assign` or `unassign`.", - "name": "action", - "in": "query", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more host group ids in the form of `ids=ID1&ids=ID2`", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["updatePolicyPrecedence", "PATCH", "/filevantage/entities/policies-precedence/v1", "Updates the policy precedence for all policies of a specific type.", "filevantage", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Precedence of the policies for the provided type in the form of `ids=ID1&ids=ID2`", - "name": "ids", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The policy type for which to set the precedence order, must be one of `Windows`, `Linux` or `Mac`.", - "name": "type", - "in": "query", - "required": 1 - }]], - ["updatePolicyRuleGroups", "PATCH", "/filevantage/entities/policies-rule-groups/v1", "Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.", "filevantage", [{ - "type": "string", - "description": "The id of the policy for which to perform the action.", - "name": "policy_id", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The action to perform with the provided ids, must be one of: `assign`, `unassign`, or `precedence`.", - "name": "action", - "in": "query", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more rule group ids in the form of ids=ID1&ids=ID2. Note, for the precedence action, precedence is controlled by the order of the ids as they are specified in the request.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["getPolicies", "GET", "/filevantage/entities/policies/v1", "Retrieves the configuration for 1 or more policies.", "filevantage", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more (up to 500) policy ids in the form of `ids=ID1&ids=ID2`", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["createPolicies", "POST", "/filevantage/entities/policies/v1", "Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.", "filevantage", [{ - "description": "Create a new policy.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `platform` must be one of `Windows`, `Linux`, or `Mac`\n\n Rule and host group assignment and policy precedence setting is performed via their respective patch end-points.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["updatePolicies", "PATCH", "/filevantage/entities/policies/v1", "Updates the general information of the provided policy.", "filevantage", [{ - "description": "Enables updates to the following fields for an existing policy. \n\n * `id` of the policy to update.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `platform` may not be modified after the policy is created.\n\n * `enabled` must be one of `true` or `false`.\n\n Rule and host group assignment and policy precedence setting is performed via their respective patch end-points.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["deletePolicies", "DELETE", "/filevantage/entities/policies/v1", "Deletes 1 or more policies.", "filevantage", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more (up to 500) policy ids in the form of `ids=ID1&ids=ID2`", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["getScheduledExclusions", "GET", "/filevantage/entities/policy-scheduled-exclusions/v1", "Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.", "filevantage", [{ - "type": "string", - "description": "The id of the policy to retrieve the scheduled exclusion configurations.", - "name": "policy_id", - "in": "query", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more (up to 500) scheduled exclusion ids in the form of `ids=ID1&ids=ID2`.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["createScheduledExclusions", "POST", "/filevantage/entities/policy-scheduled-exclusions/v1", "Creates a new scheduled exclusion configuration for the provided policy id.", "filevantage", [{ - "description": "Create a new scheduled exclusion configuration for the specified policy.\n\n \n\n * `policy_id` to add the scheduled exclusion to.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `users` can be between 0 and 500 characters representing a comma separated list of user to exclude their changes.\n\n * admin* excludes changes made by all usernames that begin with admin. Falon GLOB syntax is supported.\n\n * `processes` can be between 0 and 500 characters representing a comma separated list of processes to exclude their changes.\n\n * **\\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location.\n\n * `schedule_start` must be provided to indicate the start of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339.\n\n * `schedule_end` optionally provided to indicate the end of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["updateScheduledExclusions", "PATCH", "/filevantage/entities/policy-scheduled-exclusions/v1", "Updates the provided scheduled exclusion configuration within the provided policy.", "filevantage", [{ - "description": "Update an existing scheduled exclusion for the specified policy.\n\n \n\n * `id` representing the scheduled exclusion to update.\n\n * `policy_id` which the scheduled exclusion is assigned.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `users` can be between 0 and 500 characters representing a comma separated list of user to exclude their changes.\n\n * admin* excludes changes made by all usernames that begin with admin. Falon GLOB syntax is supported.\n\n * `processes` can be between 0 and 500 characters representing a comma separated list of processes to exclude their changes.\n\n * **\\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location.\n\n * `schedule_start` must be provided to indicate the start of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339.\n\n * `schedule_end` optionally provided to indicate the end of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteScheduledExclusions", "DELETE", "/filevantage/entities/policy-scheduled-exclusions/v1", "Deletes 1 or more scheduled exclusions from the provided policy id.", "filevantage", [{ - "type": "string", - "description": "ID of the policy to delete the scheduled exclusions from.", - "name": "policy_id", - "in": "query", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more (up to 500) scheduled exclusion ids in the form of `ids=ID1&ids=ID2`.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["updateRuleGroupPrecedence", "PATCH", "/filevantage/entities/rule-groups-rule-precedence/v1", "Updates the rule precedence for all rules in the identified rule group.", "filevantage", [{ - "type": "string", - "description": "Rule group from which to set the precedence.", - "name": "rule_group_id", - "in": "query", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["getRules", "GET", "/filevantage/entities/rule-groups-rules/v1", "Retrieves the configuration for 1 or more rules.", "filevantage", [{ - "type": "string", - "description": "Rule group from which to retrieve the rule configuration.", - "name": "rule_group_id", - "in": "query", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more (up to 500) rule ids in the form of `ids=ID1&ids=ID2`.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["createRules", "POST", "/filevantage/entities/rule-groups-rules/v1", "Creates a new rule configuration within the specified rule group.", "filevantage", [{ - "description": "Create a new rule configuration for the specified rule group.\n\n * `id` is not supported for creation of a rule, the new id of the created rule will be included in the response.\n\n * `rule_group_id` to add the new rule configuration.\n\n * `description` can be between 0 and 500 characters.\n\n * `path` representing the file system or registry path to monitor.\n\n * must be between 1 and 250 characters. \n\n * All paths must end with the path separator, e.g. c:\\windows\\ /usr/bin/ \n\n * `severity` to categorize change events produced by this rule; must be one of: `Low`, `Medium`, `High` or `Critical`\n\n * `depth` below the base path to monitor; must be one of: `1`, `2`, `3`, `4`, `5` or `ANY`\n\n * `precedence` - is not supported for creation of a rule, new rules will be added last in precedence order.will result this rule being placed before that existing rule.\n\nFalcon GLOB syntax is supported for the following 6 properties. Allowed rule group configuration is based on the type of rule group the rule group is added to.\n\n * `include` represents the files, directories, registry keys, or registry values that will be monitored. \n\n * `exclude` represents the files, directories, registry keys, or registry values that will `NOT` be monitored. \n\n * `include_users` represents the changes performed by specific users that will be monitored (`macOS` is not supported at this time).\n\n * `exclude_users` represents the changes performed by specific users that will `NOT` be monitored (`macOS` is not supported at this time).\n\n * `include_processes` represents the changes performed by specific processes that will be monitored (`macOS` is not supported at this time).\n\n * `exclude_users` represents the changes performed by specific processes that will be `NOT` monitored (`macOS` is not supported at this time).\n\nFile system directory monitoring:\n\n * `watch_delete_directory_changes`\n\n * `watch_create_directory_changes`\n\n * `watch_rename_directory_changes`\n\n * `watch_attributes_directory_changes` (`macOS` is not supported at this time)\n\n * `watch_permissions_directory_changes` (`macOS` is not supported at this time)\n\nFile system file monitoring:\n\n * `watch_rename_file_changes`\n\n * `watch_write_file_changes`\n\n * `watch_create_file_changes`\n\n * `watch_delete_file_changes`\n\n * `watch_attributes_file_changes` (`macOS` is not supported at this time)\n\n * `watch_permissions_file_changes` (`macOS` is not supported at this time)\n\nWindows registry key and value monitoring: \n\n * `watch_create_key_changes`\n\n * `watch_delete_key_changes`\n\n * `watch_rename_key_changes`\n\n * `watch_set_value_changes`\n\n * `watch_delete_value_changes`\n\n * `watch_create_file_changes`", - "name": "body", - "in": "body", - "required": 1 - }]], - ["updateRules", "PATCH", "/filevantage/entities/rule-groups-rules/v1", "Updates the provided rule configuration within the specified rule group.", "filevantage", [{ - "description": "Update the rule configuration for the specified rule ID and group.\n\n * `id` of the rule to update.\n\n * `rule_group_id` that contains the rule configuration.\n\n * `description` can be between 0 and 500 characters.\n\n * `path` representing the file system or registry path to monitor.\n\n * must be between 1 and 250 characters. \n\n * All paths must end with the path separator, e.g. c:\\windows\\ /usr/bin/ \n\n * `severity` to categorize change events produced by this rule; must be one of: `Low`, `Medium`, `High` or `Critical`\n\n * `depth` below the base path to monitor; must be one of: `1`, `2`, `3`, `4`, `5` or `ANY`\n\n * `precedence` is the order in which rules will be evaluated starting with 1. Specifying a precedence value that is already set for another rule in the group will result this rule being placed before that existing rule.\n\nFalcon GLOB syntax is supported for the following 6 properties. Allowed rule group configuration is based on the type of rule group the rule group is added to.\n\n * `include` represents the files, directories, registry keys, or registry values that will be monitored. \n\n * `exclude` represents the files, directories, registry keys, or registry values that will `NOT` be monitored. \n\n * `include_users` represents the changes performed by specific users that will be monitored (`macOS` is not supported at this time).\n\n * `exclude_users` represents the changes performed by specific users that will `NOT` be monitored (`macOS` is not supported at this time).\n\n * `include_processes` represents the changes performed by specific processes that will be monitored (`macOS` is not supported at this time).\n\n * `exclude_users` represents the changes performed by specific processes that will be `NOT` monitored (`macOS` is not supported at this time).\n\nFile system directory monitoring:\n\n * `watch_delete_directory_changes`\n\n * `watch_create_directory_changes`\n\n * `watch_rename_directory_changes`\n\n * `watch_attributes_directory_changes` (`macOS` is not supported at this time)\n\n * `watch_permissions_directory_changes` (`macOS` is not supported at this time)\n\nFile system file monitoring:\n\n * `watch_rename_file_changes`\n\n * `watch_write_file_changes`\n\n * `watch_create_file_changes`\n\n * `watch_delete_file_changes`\n\n * `watch_attributes_file_changes` (`macOS` is not supported at this time)\n\n * `watch_permissions_file_changes` (`macOS` is not supported at this time)\n\nWindows registry key and value monitoring: \n\n * `watch_create_key_changes`\n\n * `watch_delete_key_changes`\n\n * `watch_rename_key_changes`\n\n * `watch_set_value_changes`\n\n * `watch_delete_value_changes`\n\n * `watch_create_file_changes`", - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteRules", "DELETE", "/filevantage/entities/rule-groups-rules/v1", "Deletes 1 or more rules from the specified rule group.", "filevantage", [{ - "type": "string", - "description": "The id of the rule group from which the rules will be deleted.", - "name": "rule_group_id", - "in": "query", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more (up to 500) rule ids in the form of `ids=ID1&ids=ID2`", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["getRuleGroups", "GET", "/filevantage/entities/rule-groups/v1", "Retrieves the rule group details for 1 or more rule groups.", "filevantage", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["createRuleGroups", "POST", "/filevantage/entities/rule-groups/v1", "Creates a new rule group of the specified type.", "filevantage", [{ - "description": "Create a new rule group of a specific type.\n\n * `name` must be between 1 and 100 characters.\n\n * `type` must be one of `WindowsFiles`, `WindowsRegistry`, `LinuxFiles` or `MacFiles`.\n\n * `description` can be between 0 and 500 characters.\n\n Note: rules are added/removed from rule groups using their dedicated end-points.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["updateRuleGroups", "PATCH", "/filevantage/entities/rule-groups/v1", "Updates the provided rule group.", "filevantage", [{ - "description": "Enables updates to the following fields for an existing rule group. \n\n * `id` of the rule group to update.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `type` may not be modified after the rule group is created.\n\n Note: rules are added/removed from rule groups using their dedicated end-points.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteRuleGroups", "DELETE", "/filevantage/entities/rule-groups/v1", "Deletes 1 or more rule groups ", "filevantage", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["queryChanges", "GET", "/filevantage/queries/changes/v2", "Returns one or more change IDs", "filevantage", [{ - "minimum": 0, - "type": "integer", - "description": "The first change index to return in the response. If not provided it will default to '0'. Use with the `limit` parameter to manage pagination of results.", - "name": "offset", - "in": "query" - }, { - "maximum": 500, - "type": "integer", - "description": "The maximum number of changes to return in the response (default: 100; max: 500). Use with the `offset` parameter to manage pagination of results", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort changes using options like:\n\n- `action_timestamp` (timestamp of the change occurrence) \n\n Sort either `asc` (ascending) or `desc` (descending). For example: `action_timestamp|asc`.\nThe full list of allowed sorting options can be reviewed in our API documentation.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter changes using a query in Falcon Query Language (FQL). \n\nCommon filter options include:\n\n - `host.host_name`\n - `action_timestamp`\n\n The full list of allowed filter parameters can be reviewed in our API documentation.", - "name": "filter", - "in": "query" - }]], - ["highVolumeQueryChanges", "GET", "/filevantage/queries/changes/v3", "Returns 1 or more change ids", "filevantage", [{ - "type": "string", - "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request don't provide a value for the `after` token. On subsequent requests provide the `after` token value from the previous response to continue pagination from where you left. If the response returns an empty `after` token it means there are no more results to return.", - "name": "after", - "in": "query" - }, { - "maximum": 5000, - "type": "integer", - "default": 100, - "description": "The maximum number of ids to return. Defaults to `100` if not specified. The maximum number of results that can be returned in a single call is `5000`.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "default": "action_timestamp|desc", - "description": "Sort results using options like:\n\n- `action_timestamp` (timestamp of the change occurrence) \n\nSort either `asc` (ascending) or `desc` (descending). For example: `action_timestamp|asc`. Defaults to `action_timestamp|desc` no value is specified.\nThe full list of allowed sorting options can be reviewed in our API documentation.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter changes using a query in Falcon Query Language (FQL). \n\nCommon filter options include:\n\n - `host.name`\n - `action_timestamp`\n\n The full list of allowed filter parameters can be reviewed in our API documentation.", - "name": "filter", - "in": "query" - }]], - ["queryPolicies", "GET", "/filevantage/queries/policies/v1", "Retrieve the ids of all policies that are assigned the provided policy type.", "filevantage", [{ - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from. Defaults to 0 if not specified.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort the returned ids based on one of the following properties:\n\n`precedence`, `created_timestamp` or `modified_timestamp`\n\n Sort either `asc` (ascending) or `desc` (descending); for example: `precedence|asc`.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "The types of policies to retrieve.\n\n Allowed values are: `Windows`, `Linux` or `Mac`.", - "name": "type", - "in": "query", - "required": 1 - }]], - ["queryScheduledExclusions", "GET", "/filevantage/queries/policy-scheduled-exclusions/v1", "Retrieve the ids of all scheduled exclusions contained within the provided policy id.", "filevantage", [{ - "type": "string", - "description": "The id of the policy from which to retrieve the scheduled exclusion ids.", - "name": "policy_id", - "in": "query", - "required": 1 - }]], - ["queryRuleGroups", "GET", "/filevantage/queries/rule-groups/v1", "Retrieve the ids of all rule groups that are of the provided rule group type.", "filevantage", [{ - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from. Defaults to 0 if not specified.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort the returned ids based on one of the following properties:\n\n `created_timestamp` or `modified_timestamp`\n\n Sort either `asc` (ascending) or `desc` (descending); for example: `created_timestamp|asc`.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "The rule group type to retrieve the ids of.\n\n Allowed values are: `WindowsFiles`, `WindowsRegistry`, `LinuxFiles` or `MacFiles`.", - "name": "type", - "in": "query", - "required": 1 - }]] -]; \ No newline at end of file + [ + "getChanges", + "GET", + "/filevantage/entities/changes/v2", + "Retrieve information on changes", + "filevantage", + [ + { + maxItems: 500, + minItems: 1, + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more change ids in the form of `ids=ID1&ids=ID2`. The maximum number of ids that can be requested at once is `500`.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "updatePolicyHostGroups", + "PATCH", + "/filevantage/entities/policies-host-groups/v1", + "Manage host groups assigned to a policy.", + "filevantage", + [ + { + type: "string", + description: "The id of the policy for which to perform the action.", + name: "policy_id", + in: "query", + required: 1, + }, + { + type: "string", + description: "The action to perform with the provided ids, must be one of: `assign` or `unassign`.", + name: "action", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more host group ids in the form of `ids=ID1&ids=ID2`", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "updatePolicyPrecedence", + "PATCH", + "/filevantage/entities/policies-precedence/v1", + "Updates the policy precedence for all policies of a specific type.", + "filevantage", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Precedence of the policies for the provided type in the form of `ids=ID1&ids=ID2`", + name: "ids", + in: "query", + required: 1, + }, + { + type: "string", + description: "The policy type for which to set the precedence order, must be one of `Windows`, `Linux` or `Mac`.", + name: "type", + in: "query", + required: 1, + }, + ], + ], + [ + "updatePolicyRuleGroups", + "PATCH", + "/filevantage/entities/policies-rule-groups/v1", + "Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.", + "filevantage", + [ + { + type: "string", + description: "The id of the policy for which to perform the action.", + name: "policy_id", + in: "query", + required: 1, + }, + { + type: "string", + description: "The action to perform with the provided ids, must be one of: `assign`, `unassign`, or `precedence`.", + name: "action", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: + "One or more rule group ids in the form of ids=ID1&ids=ID2. Note, for the precedence action, precedence is controlled by the order of the ids as they are specified in the request.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getPolicies", + "GET", + "/filevantage/entities/policies/v1", + "Retrieves the configuration for 1 or more policies.", + "filevantage", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more (up to 500) policy ids in the form of `ids=ID1&ids=ID2`", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createPolicies", + "POST", + "/filevantage/entities/policies/v1", + "Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.", + "filevantage", + [ + { + description: + "Create a new policy.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `platform` must be one of `Windows`, `Linux`, or `Mac`\n\n Rule and host group assignment and policy precedence setting is performed via their respective patch end-points.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updatePolicies", + "PATCH", + "/filevantage/entities/policies/v1", + "Updates the general information of the provided policy.", + "filevantage", + [ + { + description: + "Enables updates to the following fields for an existing policy. \n\n * `id` of the policy to update.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `platform` may not be modified after the policy is created.\n\n * `enabled` must be one of `true` or `false`.\n\n Rule and host group assignment and policy precedence setting is performed via their respective patch end-points.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deletePolicies", + "DELETE", + "/filevantage/entities/policies/v1", + "Deletes 1 or more policies.", + "filevantage", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more (up to 500) policy ids in the form of `ids=ID1&ids=ID2`", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getScheduledExclusions", + "GET", + "/filevantage/entities/policy-scheduled-exclusions/v1", + "Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.", + "filevantage", + [ + { + type: "string", + description: "The id of the policy to retrieve the scheduled exclusion configurations.", + name: "policy_id", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more (up to 500) scheduled exclusion ids in the form of `ids=ID1&ids=ID2`.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createScheduledExclusions", + "POST", + "/filevantage/entities/policy-scheduled-exclusions/v1", + "Creates a new scheduled exclusion configuration for the provided policy id.", + "filevantage", + [ + { + description: + "Create a new scheduled exclusion configuration for the specified policy.\n\n \n\n * `policy_id` to add the scheduled exclusion to.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `users` can be between 0 and 500 characters representing a comma separated list of user to exclude their changes.\n\n * admin* excludes changes made by all usernames that begin with admin. Falon GLOB syntax is supported.\n\n * `processes` can be between 0 and 500 characters representing a comma separated list of processes to exclude their changes.\n\n * **\\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location.\n\n * `schedule_start` must be provided to indicate the start of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339.\n\n * `schedule_end` optionally provided to indicate the end of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updateScheduledExclusions", + "PATCH", + "/filevantage/entities/policy-scheduled-exclusions/v1", + "Updates the provided scheduled exclusion configuration within the provided policy.", + "filevantage", + [ + { + description: + "Update an existing scheduled exclusion for the specified policy.\n\n \n\n * `id` representing the scheduled exclusion to update.\n\n * `policy_id` which the scheduled exclusion is assigned.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `users` can be between 0 and 500 characters representing a comma separated list of user to exclude their changes.\n\n * admin* excludes changes made by all usernames that begin with admin. Falon GLOB syntax is supported.\n\n * `processes` can be between 0 and 500 characters representing a comma separated list of processes to exclude their changes.\n\n * **\\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location.\n\n * `schedule_start` must be provided to indicate the start of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339.\n\n * `schedule_end` optionally provided to indicate the end of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteScheduledExclusions", + "DELETE", + "/filevantage/entities/policy-scheduled-exclusions/v1", + "Deletes 1 or more scheduled exclusions from the provided policy id.", + "filevantage", + [ + { + type: "string", + description: "ID of the policy to delete the scheduled exclusions from.", + name: "policy_id", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more (up to 500) scheduled exclusion ids in the form of `ids=ID1&ids=ID2`.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "updateRuleGroupPrecedence", + "PATCH", + "/filevantage/entities/rule-groups-rule-precedence/v1", + "Updates the rule precedence for all rules in the identified rule group.", + "filevantage", + [ + { + type: "string", + description: "Rule group from which to set the precedence.", + name: "rule_group_id", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getRules", + "GET", + "/filevantage/entities/rule-groups-rules/v1", + "Retrieves the configuration for 1 or more rules.", + "filevantage", + [ + { + type: "string", + description: "Rule group from which to retrieve the rule configuration.", + name: "rule_group_id", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more (up to 500) rule ids in the form of `ids=ID1&ids=ID2`.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createRules", + "POST", + "/filevantage/entities/rule-groups-rules/v1", + "Creates a new rule configuration within the specified rule group.", + "filevantage", + [ + { + description: + "Create a new rule configuration for the specified rule group.\n\n * `id` is not supported for creation of a rule, the new id of the created rule will be included in the response.\n\n * `rule_group_id` to add the new rule configuration.\n\n * `description` can be between 0 and 500 characters.\n\n * `path` representing the file system or registry path to monitor.\n\n * must be between 1 and 250 characters. \n\n * All paths must end with the path separator, e.g. c:\\windows\\ /usr/bin/ \n\n * `severity` to categorize change events produced by this rule; must be one of: `Low`, `Medium`, `High` or `Critical`\n\n * `depth` below the base path to monitor; must be one of: `1`, `2`, `3`, `4`, `5` or `ANY`\n\n * `precedence` - is not supported for creation of a rule, new rules will be added last in precedence order.will result this rule being placed before that existing rule.\n\nFalcon GLOB syntax is supported for the following 6 properties. Allowed rule group configuration is based on the type of rule group the rule group is added to.\n\n * `include` represents the files, directories, registry keys, or registry values that will be monitored. \n\n * `exclude` represents the files, directories, registry keys, or registry values that will `NOT` be monitored. \n\n * `include_users` represents the changes performed by specific users that will be monitored (`macOS` is not supported at this time).\n\n * `exclude_users` represents the changes performed by specific users that will `NOT` be monitored (`macOS` is not supported at this time).\n\n * `include_processes` represents the changes performed by specific processes that will be monitored (`macOS` is not supported at this time).\n\n * `exclude_users` represents the changes performed by specific processes that will be `NOT` monitored (`macOS` is not supported at this time).\n\nFile system directory monitoring:\n\n * `watch_delete_directory_changes`\n\n * `watch_create_directory_changes`\n\n * `watch_rename_directory_changes`\n\n * `watch_attributes_directory_changes` (`macOS` is not supported at this time)\n\n * `watch_permissions_directory_changes` (`macOS` is not supported at this time)\n\nFile system file monitoring:\n\n * `watch_rename_file_changes`\n\n * `watch_write_file_changes`\n\n * `watch_create_file_changes`\n\n * `watch_delete_file_changes`\n\n * `watch_attributes_file_changes` (`macOS` is not supported at this time)\n\n * `watch_permissions_file_changes` (`macOS` is not supported at this time)\n\nWindows registry key and value monitoring: \n\n * `watch_create_key_changes`\n\n * `watch_delete_key_changes`\n\n * `watch_rename_key_changes`\n\n * `watch_set_value_changes`\n\n * `watch_delete_value_changes`\n\n * `watch_create_file_changes`", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updateRules", + "PATCH", + "/filevantage/entities/rule-groups-rules/v1", + "Updates the provided rule configuration within the specified rule group.", + "filevantage", + [ + { + description: + "Update the rule configuration for the specified rule ID and group.\n\n * `id` of the rule to update.\n\n * `rule_group_id` that contains the rule configuration.\n\n * `description` can be between 0 and 500 characters.\n\n * `path` representing the file system or registry path to monitor.\n\n * must be between 1 and 250 characters. \n\n * All paths must end with the path separator, e.g. c:\\windows\\ /usr/bin/ \n\n * `severity` to categorize change events produced by this rule; must be one of: `Low`, `Medium`, `High` or `Critical`\n\n * `depth` below the base path to monitor; must be one of: `1`, `2`, `3`, `4`, `5` or `ANY`\n\n * `precedence` is the order in which rules will be evaluated starting with 1. Specifying a precedence value that is already set for another rule in the group will result this rule being placed before that existing rule.\n\nFalcon GLOB syntax is supported for the following 6 properties. Allowed rule group configuration is based on the type of rule group the rule group is added to.\n\n * `include` represents the files, directories, registry keys, or registry values that will be monitored. \n\n * `exclude` represents the files, directories, registry keys, or registry values that will `NOT` be monitored. \n\n * `include_users` represents the changes performed by specific users that will be monitored (`macOS` is not supported at this time).\n\n * `exclude_users` represents the changes performed by specific users that will `NOT` be monitored (`macOS` is not supported at this time).\n\n * `include_processes` represents the changes performed by specific processes that will be monitored (`macOS` is not supported at this time).\n\n * `exclude_users` represents the changes performed by specific processes that will be `NOT` monitored (`macOS` is not supported at this time).\n\nFile system directory monitoring:\n\n * `watch_delete_directory_changes`\n\n * `watch_create_directory_changes`\n\n * `watch_rename_directory_changes`\n\n * `watch_attributes_directory_changes` (`macOS` is not supported at this time)\n\n * `watch_permissions_directory_changes` (`macOS` is not supported at this time)\n\nFile system file monitoring:\n\n * `watch_rename_file_changes`\n\n * `watch_write_file_changes`\n\n * `watch_create_file_changes`\n\n * `watch_delete_file_changes`\n\n * `watch_attributes_file_changes` (`macOS` is not supported at this time)\n\n * `watch_permissions_file_changes` (`macOS` is not supported at this time)\n\nWindows registry key and value monitoring: \n\n * `watch_create_key_changes`\n\n * `watch_delete_key_changes`\n\n * `watch_rename_key_changes`\n\n * `watch_set_value_changes`\n\n * `watch_delete_value_changes`\n\n * `watch_create_file_changes`", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteRules", + "DELETE", + "/filevantage/entities/rule-groups-rules/v1", + "Deletes 1 or more rules from the specified rule group.", + "filevantage", + [ + { + type: "string", + description: "The id of the rule group from which the rules will be deleted.", + name: "rule_group_id", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more (up to 500) rule ids in the form of `ids=ID1&ids=ID2`", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getRuleGroups", + "GET", + "/filevantage/entities/rule-groups/v1", + "Retrieves the rule group details for 1 or more rule groups.", + "filevantage", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createRuleGroups", + "POST", + "/filevantage/entities/rule-groups/v1", + "Creates a new rule group of the specified type.", + "filevantage", + [ + { + description: + "Create a new rule group of a specific type.\n\n * `name` must be between 1 and 100 characters.\n\n * `type` must be one of `WindowsFiles`, `WindowsRegistry`, `LinuxFiles` or `MacFiles`.\n\n * `description` can be between 0 and 500 characters.\n\n Note: rules are added/removed from rule groups using their dedicated end-points.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updateRuleGroups", + "PATCH", + "/filevantage/entities/rule-groups/v1", + "Updates the provided rule group.", + "filevantage", + [ + { + description: + "Enables updates to the following fields for an existing rule group. \n\n * `id` of the rule group to update.\n\n * `name` must be between 1 and 100 characters.\n\n * `description` can be between 0 and 500 characters.\n\n * `type` may not be modified after the rule group is created.\n\n Note: rules are added/removed from rule groups using their dedicated end-points.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteRuleGroups", + "DELETE", + "/filevantage/entities/rule-groups/v1", + "Deletes 1 or more rule groups ", + "filevantage", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "queryChanges", + "GET", + "/filevantage/queries/changes/v2", + "Returns one or more change IDs", + "filevantage", + [ + { + minimum: 0, + type: "integer", + description: "The first change index to return in the response. If not provided it will default to '0'. Use with the `limit` parameter to manage pagination of results.", + name: "offset", + in: "query", + }, + { + maximum: 500, + type: "integer", + description: "The maximum number of changes to return in the response (default: 100; max: 500). Use with the `offset` parameter to manage pagination of results", + name: "limit", + in: "query", + }, + { + type: "string", + description: + "Sort changes using options like:\n\n- `action_timestamp` (timestamp of the change occurrence) \n\n Sort either `asc` (ascending) or `desc` (descending). For example: `action_timestamp|asc`.\nThe full list of allowed sorting options can be reviewed in our API documentation.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter changes using a query in Falcon Query Language (FQL). \n\nCommon filter options include:\n\n - `host.host_name`\n - `action_timestamp`\n\n The full list of allowed filter parameters can be reviewed in our API documentation.", + name: "filter", + in: "query", + }, + ], + ], + [ + "highVolumeQueryChanges", + "GET", + "/filevantage/queries/changes/v3", + "Returns 1 or more change ids", + "filevantage", + [ + { + type: "string", + description: + "A pagination token used with the `limit` parameter to manage pagination of results. On your first request don't provide a value for the `after` token. On subsequent requests provide the `after` token value from the previous response to continue pagination from where you left. If the response returns an empty `after` token it means there are no more results to return.", + name: "after", + in: "query", + }, + { + maximum: 5000, + type: "integer", + default: 100, + description: "The maximum number of ids to return. Defaults to `100` if not specified. The maximum number of results that can be returned in a single call is `5000`.", + name: "limit", + in: "query", + }, + { + type: "string", + default: "action_timestamp|desc", + description: + "Sort results using options like:\n\n- `action_timestamp` (timestamp of the change occurrence) \n\nSort either `asc` (ascending) or `desc` (descending). For example: `action_timestamp|asc`. Defaults to `action_timestamp|desc` no value is specified.\nThe full list of allowed sorting options can be reviewed in our API documentation.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter changes using a query in Falcon Query Language (FQL). \n\nCommon filter options include:\n\n - `host.name`\n - `action_timestamp`\n\n The full list of allowed filter parameters can be reviewed in our API documentation.", + name: "filter", + in: "query", + }, + ], + ], + [ + "queryPolicies", + "GET", + "/filevantage/queries/policies/v1", + "Retrieve the ids of all policies that are assigned the provided policy type.", + "filevantage", + [ + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from. Defaults to 0 if not specified.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.", + name: "limit", + in: "query", + }, + { + type: "string", + description: + "Sort the returned ids based on one of the following properties:\n\n`precedence`, `created_timestamp` or `modified_timestamp`\n\n Sort either `asc` (ascending) or `desc` (descending); for example: `precedence|asc`.", + name: "sort", + in: "query", + }, + { + type: "string", + description: "The types of policies to retrieve.\n\n Allowed values are: `Windows`, `Linux` or `Mac`.", + name: "type", + in: "query", + required: 1, + }, + ], + ], + [ + "queryScheduledExclusions", + "GET", + "/filevantage/queries/policy-scheduled-exclusions/v1", + "Retrieve the ids of all scheduled exclusions contained within the provided policy id.", + "filevantage", + [ + { + type: "string", + description: "The id of the policy from which to retrieve the scheduled exclusion ids.", + name: "policy_id", + in: "query", + required: 1, + }, + ], + ], + [ + "queryRuleGroups", + "GET", + "/filevantage/queries/rule-groups/v1", + "Retrieve the ids of all rule groups that are of the provided rule group type.", + "filevantage", + [ + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from. Defaults to 0 if not specified.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.", + name: "limit", + in: "query", + }, + { + type: "string", + description: + "Sort the returned ids based on one of the following properties:\n\n `created_timestamp` or `modified_timestamp`\n\n Sort either `asc` (ascending) or `desc` (descending); for example: `created_timestamp|asc`.", + name: "sort", + in: "query", + }, + { + type: "string", + description: "The rule group type to retrieve the ids of.\n\n Allowed values are: `WindowsFiles`, `WindowsRegistry`, `LinuxFiles` or `MacFiles`.", + name: "type", + in: "query", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/firewall_management.ts b/src/_endpoints/firewall_management.ts index 46a6b6ed..a1b42cb4 100644 --- a/src/_endpoints/firewall_management.ts +++ b/src/_endpoints/firewall_management.ts @@ -3,460 +3,809 @@ * consumed and interpreted by Falcon.command(...) */ export const _firewall_management_endpoints: Array = [ - ["aggregate_events", "POST", "/fwmgr/aggregates/events/GET/v1", "Aggregate events for customer", "firewall_management", [{ - "description": "Query criteria and settings", - "name": "body", - "in": "body", - "required": 1 - }]], - ["aggregate_policy_rules", "POST", "/fwmgr/aggregates/policy-rules/GET/v1", "Aggregate rules within a policy for customer", "firewall_management", [{ - "description": "Query criteria and settings", - "name": "body", - "in": "body", - "required": 1 - }]], - ["aggregate_rule_groups", "POST", "/fwmgr/aggregates/rule-groups/GET/v1", "Aggregate rule groups for customer", "firewall_management", [{ - "description": "Query criteria and settings", - "name": "body", - "in": "body", - "required": 1 - }]], - ["aggregate_rules", "POST", "/fwmgr/aggregates/rules/GET/v1", "Aggregate rules for customer", "firewall_management", [{ - "description": "Query criteria and settings", - "name": "body", - "in": "body", - "required": 1 - }]], - ["get_events", "GET", "/fwmgr/entities/events/v1", "Get events entities by ID and optionally version", "firewall_management", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The events to retrieve, identified by ID", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["get_firewall_fields", "GET", "/fwmgr/entities/firewall-fields/v1", "Get the firewall field specifications by ID", "firewall_management", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the rule types to retrieve", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["get_network_locations_details", "GET", "/fwmgr/entities/network-locations-details/v1", "Get network locations entities by ID", "firewall_management", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The events to retrieve, identified by ID", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["update_network_locations_metadata", "POST", "/fwmgr/entities/network-locations-metadata/v1", "Updates the network locations metadata such as polling_intervals for the cid", "firewall_management", [{ - "type": "string", - "description": "Audit log comment for this action", - "name": "comment", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["update_network_locations_precedence", "POST", "/fwmgr/entities/network-locations-precedence/v1", "Updates the network locations precedence according to the list of ids provided.", "firewall_management", [{ - "type": "string", - "description": "Audit log comment for this action", - "name": "comment", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["get_network_locations", "GET", "/fwmgr/entities/network-locations/v1", "Get a summary of network locations entities by ID", "firewall_management", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The events to retrieve, identified by ID", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["create_network_locations", "POST", "/fwmgr/entities/network-locations/v1", "Create new network locations provided, and return the ID.", "firewall_management", [{ - "type": "string", - "description": "A network location ID from which to copy location. If this is provided then the body of the request is ignored.", - "name": "clone_id", - "in": "query" - }, { - "type": "boolean", - "description": "A boolean to determine whether the cloned location needs to be added to the same firewall rules that original location is added to.", - "name": "add_fw_rules", - "in": "query" - }, { - "type": "string", - "description": "Audit log comment for this action", - "name": "comment", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["update_network_locations", "PATCH", "/fwmgr/entities/network-locations/v1", "Updates the network locations provided, and return the ID.", "firewall_management", [{ - "type": "string", - "description": "Audit log comment for this action", - "name": "comment", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["upsert_network_locations", "PUT", "/fwmgr/entities/network-locations/v1", "Updates the network locations provided, and return the ID.", "firewall_management", [{ - "type": "string", - "description": "Audit log comment for this action", - "name": "comment", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["delete_network_locations", "DELETE", "/fwmgr/entities/network-locations/v1", "Delete network location entities by ID.", "firewall_management", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the network locations to be deleted", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["get_platforms", "GET", "/fwmgr/entities/platforms/v1", "Get platforms by ID, e.g., windows or mac or droid", "firewall_management", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the platforms to retrieve", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["get_policy_containers", "GET", "/fwmgr/entities/policies/v1", "Get policy container entities by policy ID", "firewall_management", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The policy container(s) to retrieve, identified by policy ID", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["update_policy_container_v1", "PUT", "/fwmgr/entities/policies/v1", "Update an identified policy container. WARNING: This endpoint is deprecated in favor of v2, using this endpoint could disable your local logging setting.", "firewall_management", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["update_policy_container", "PUT", "/fwmgr/entities/policies/v2", "Update an identified policy container, including local logging functionality.", "firewall_management", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["get_rule_groups", "GET", "/fwmgr/entities/rule-groups/v1", "Get rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order.", "firewall_management", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the rule groups to retrieve", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["create_rule_group", "POST", "/fwmgr/entities/rule-groups/v1", "Create new rule group on a platform for a customer with a name and description, and return the ID", "firewall_management", [{ - "type": "string", - "description": "A rule group ID from which to copy rules. If this is provided then the 'rules' property of the body is ignored.", - "name": "clone_id", - "in": "query" - }, { - "type": "string", - "description": "If this flag is set to true then the rules will be cloned from the clone_id from the CrowdStrike Firewall Rule Groups Library.", - "name": "library", - "in": "query" - }, { - "type": "string", - "description": "Audit log comment for this action", - "name": "comment", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["update_rule_group", "PATCH", "/fwmgr/entities/rule-groups/v1", "Update name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules", "firewall_management", [{ - "type": "string", - "description": "Audit log comment for this action", - "name": "comment", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["delete_rule_groups", "DELETE", "/fwmgr/entities/rule-groups/v1", "Delete rule group entities by ID", "firewall_management", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the rule groups to be deleted", - "name": "ids", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Audit log comment for this action", - "name": "comment", - "in": "query" - }]], - ["create_rule_group_validation", "POST", "/fwmgr/entities/rule-groups/validation/v1", "Validates the request of creating a new rule group on a platform for a customer with a name and description", "firewall_management", [{ - "type": "string", - "description": "A rule group ID from which to copy rules. If this is provided then the 'rules' property of the body is ignored.", - "name": "clone_id", - "in": "query" - }, { - "type": "string", - "description": "If this flag is set to true then the rules will be cloned from the clone_id from the CrowdStrike Firewall Rule Groups Library.", - "name": "library", - "in": "query" - }, { - "type": "string", - "description": "Audit log comment for this action", - "name": "comment", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["update_rule_group_validation", "PATCH", "/fwmgr/entities/rule-groups/validation/v1", "Validates the request of updating name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules", "firewall_management", [{ - "type": "string", - "description": "Audit log comment for this action", - "name": "comment", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["get_rules", "GET", "/fwmgr/entities/rules/v1", "Get rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string)", "firewall_management", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The rules to retrieve, identified by ID", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["validate_filepath_pattern", "POST", "/fwmgr/entities/rules/validate-filepath/v1", "Validates that the test pattern matches the executable filepath glob pattern.", "firewall_management", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["query_events", "GET", "/fwmgr/queries/events/v1", "Find all event IDs matching the query with filter", "firewall_management", [{ - "type": "string", - "description": "Possible order by fields: ", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match query criteria, which includes all the filter string fields, plus TODO", - "name": "q", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "string", - "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", - "name": "after", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }]], - ["query_firewall_fields", "GET", "/fwmgr/queries/firewall-fields/v1", "Get the firewall field specification IDs for the provided platform", "firewall_management", [{ - "type": "string", - "description": "Get fields configuration for this platform", - "name": "platform_id", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }]], - ["query_network_locations", "GET", "/fwmgr/queries/network-locations/v1", "Get a list of network location IDs", "firewall_management", [{ - "type": "string", - "description": "Possible order by fields: ", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters. Filter term criteria: name", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match query criteria, which includes all the filter string fields", - "name": "q", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "string", - "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", - "name": "after", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }]], - ["query_platforms", "GET", "/fwmgr/queries/platforms/v1", "Get the list of platform names", "firewall_management", [{ - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }]], - ["query_policy_rules", "GET", "/fwmgr/queries/policy-rules/v1", "Find all firewall rule IDs matching the query with filter, and return them in precedence order", "firewall_management", [{ - "type": "string", - "description": "The ID of the policy container within which to query", - "name": "id", - "in": "query" - }, { - "type": "string", - "description": "Possible order by fields: ", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match query criteria, which includes all the filter string fields, plus TODO", - "name": "q", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }]], - ["query_rule_groups", "GET", "/fwmgr/queries/rule-groups/v1", "Find all rule group IDs matching the query with filter", "firewall_management", [{ - "type": "string", - "description": "Possible order by fields: ", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match query criteria, which includes all the filter string fields, plus TODO", - "name": "q", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "string", - "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", - "name": "after", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }]], - ["query_rules", "GET", "/fwmgr/queries/rules/v1", "Find all rule IDs matching the query with filter", "firewall_management", [{ - "type": "string", - "description": "Possible order by fields: ", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match query criteria, which includes all the filter string fields, plus TODO", - "name": "q", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "string", - "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", - "name": "after", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }]] -]; \ No newline at end of file + [ + "aggregate_events", + "POST", + "/fwmgr/aggregates/events/GET/v1", + "Aggregate events for customer", + "firewall_management", + [ + { + description: "Query criteria and settings", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "aggregate_policy_rules", + "POST", + "/fwmgr/aggregates/policy-rules/GET/v1", + "Aggregate rules within a policy for customer", + "firewall_management", + [ + { + description: "Query criteria and settings", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "aggregate_rule_groups", + "POST", + "/fwmgr/aggregates/rule-groups/GET/v1", + "Aggregate rule groups for customer", + "firewall_management", + [ + { + description: "Query criteria and settings", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "aggregate_rules", + "POST", + "/fwmgr/aggregates/rules/GET/v1", + "Aggregate rules for customer", + "firewall_management", + [ + { + description: "Query criteria and settings", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "get_events", + "GET", + "/fwmgr/entities/events/v1", + "Get events entities by ID and optionally version", + "firewall_management", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The events to retrieve, identified by ID", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "get_firewall_fields", + "GET", + "/fwmgr/entities/firewall-fields/v1", + "Get the firewall field specifications by ID", + "firewall_management", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the rule types to retrieve", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "get_network_locations_details", + "GET", + "/fwmgr/entities/network-locations-details/v1", + "Get network locations entities by ID", + "firewall_management", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The events to retrieve, identified by ID", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "update_network_locations_metadata", + "POST", + "/fwmgr/entities/network-locations-metadata/v1", + "Updates the network locations metadata such as polling_intervals for the cid", + "firewall_management", + [ + { + type: "string", + description: "Audit log comment for this action", + name: "comment", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "update_network_locations_precedence", + "POST", + "/fwmgr/entities/network-locations-precedence/v1", + "Updates the network locations precedence according to the list of ids provided.", + "firewall_management", + [ + { + type: "string", + description: "Audit log comment for this action", + name: "comment", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "get_network_locations", + "GET", + "/fwmgr/entities/network-locations/v1", + "Get a summary of network locations entities by ID", + "firewall_management", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The events to retrieve, identified by ID", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "create_network_locations", + "POST", + "/fwmgr/entities/network-locations/v1", + "Create new network locations provided, and return the ID.", + "firewall_management", + [ + { + type: "string", + description: "A network location ID from which to copy location. If this is provided then the body of the request is ignored.", + name: "clone_id", + in: "query", + }, + { + type: "boolean", + description: "A boolean to determine whether the cloned location needs to be added to the same firewall rules that original location is added to.", + name: "add_fw_rules", + in: "query", + }, + { + type: "string", + description: "Audit log comment for this action", + name: "comment", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "update_network_locations", + "PATCH", + "/fwmgr/entities/network-locations/v1", + "Updates the network locations provided, and return the ID.", + "firewall_management", + [ + { + type: "string", + description: "Audit log comment for this action", + name: "comment", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "upsert_network_locations", + "PUT", + "/fwmgr/entities/network-locations/v1", + "Updates the network locations provided, and return the ID.", + "firewall_management", + [ + { + type: "string", + description: "Audit log comment for this action", + name: "comment", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "delete_network_locations", + "DELETE", + "/fwmgr/entities/network-locations/v1", + "Delete network location entities by ID.", + "firewall_management", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the network locations to be deleted", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "get_platforms", + "GET", + "/fwmgr/entities/platforms/v1", + "Get platforms by ID, e.g., windows or mac or droid", + "firewall_management", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the platforms to retrieve", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "get_policy_containers", + "GET", + "/fwmgr/entities/policies/v1", + "Get policy container entities by policy ID", + "firewall_management", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The policy container(s) to retrieve, identified by policy ID", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "update_policy_container_v1", + "PUT", + "/fwmgr/entities/policies/v1", + "Update an identified policy container. WARNING: This endpoint is deprecated in favor of v2, using this endpoint could disable your local logging setting.", + "firewall_management", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "update_policy_container", + "PUT", + "/fwmgr/entities/policies/v2", + "Update an identified policy container, including local logging functionality.", + "firewall_management", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "get_rule_groups", + "GET", + "/fwmgr/entities/rule-groups/v1", + "Get rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order.", + "firewall_management", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the rule groups to retrieve", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "create_rule_group", + "POST", + "/fwmgr/entities/rule-groups/v1", + "Create new rule group on a platform for a customer with a name and description, and return the ID", + "firewall_management", + [ + { + type: "string", + description: "A rule group ID from which to copy rules. If this is provided then the 'rules' property of the body is ignored.", + name: "clone_id", + in: "query", + }, + { + type: "string", + description: "If this flag is set to true then the rules will be cloned from the clone_id from the CrowdStrike Firewall Rule Groups Library.", + name: "library", + in: "query", + }, + { + type: "string", + description: "Audit log comment for this action", + name: "comment", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "update_rule_group", + "PATCH", + "/fwmgr/entities/rule-groups/v1", + "Update name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules", + "firewall_management", + [ + { + type: "string", + description: "Audit log comment for this action", + name: "comment", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "delete_rule_groups", + "DELETE", + "/fwmgr/entities/rule-groups/v1", + "Delete rule group entities by ID", + "firewall_management", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the rule groups to be deleted", + name: "ids", + in: "query", + required: 1, + }, + { + type: "string", + description: "Audit log comment for this action", + name: "comment", + in: "query", + }, + ], + ], + [ + "create_rule_group_validation", + "POST", + "/fwmgr/entities/rule-groups/validation/v1", + "Validates the request of creating a new rule group on a platform for a customer with a name and description", + "firewall_management", + [ + { + type: "string", + description: "A rule group ID from which to copy rules. If this is provided then the 'rules' property of the body is ignored.", + name: "clone_id", + in: "query", + }, + { + type: "string", + description: "If this flag is set to true then the rules will be cloned from the clone_id from the CrowdStrike Firewall Rule Groups Library.", + name: "library", + in: "query", + }, + { + type: "string", + description: "Audit log comment for this action", + name: "comment", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "update_rule_group_validation", + "PATCH", + "/fwmgr/entities/rule-groups/validation/v1", + "Validates the request of updating name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules", + "firewall_management", + [ + { + type: "string", + description: "Audit log comment for this action", + name: "comment", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "get_rules", + "GET", + "/fwmgr/entities/rules/v1", + "Get rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string)", + "firewall_management", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The rules to retrieve, identified by ID", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "validate_filepath_pattern", + "POST", + "/fwmgr/entities/rules/validate-filepath/v1", + "Validates that the test pattern matches the executable filepath glob pattern.", + "firewall_management", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "query_events", + "GET", + "/fwmgr/queries/events/v1", + "Find all event IDs matching the query with filter", + "firewall_management", + [ + { + type: "string", + description: "Possible order by fields: ", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Match query criteria, which includes all the filter string fields, plus TODO", + name: "q", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "string", + description: + "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + name: "after", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + ], + ], + [ + "query_firewall_fields", + "GET", + "/fwmgr/queries/firewall-fields/v1", + "Get the firewall field specification IDs for the provided platform", + "firewall_management", + [ + { + type: "string", + description: "Get fields configuration for this platform", + name: "platform_id", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + ], + ], + [ + "query_network_locations", + "GET", + "/fwmgr/queries/network-locations/v1", + "Get a list of network location IDs", + "firewall_management", + [ + { + type: "string", + description: "Possible order by fields: ", + name: "sort", + in: "query", + }, + { + type: "string", + description: "FQL query specifying the filter parameters. Filter term criteria: name", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Match query criteria, which includes all the filter string fields", + name: "q", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "string", + description: + "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + name: "after", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + ], + ], + [ + "query_platforms", + "GET", + "/fwmgr/queries/platforms/v1", + "Get the list of platform names", + "firewall_management", + [ + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + ], + ], + [ + "query_policy_rules", + "GET", + "/fwmgr/queries/policy-rules/v1", + "Find all firewall rule IDs matching the query with filter, and return them in precedence order", + "firewall_management", + [ + { + type: "string", + description: "The ID of the policy container within which to query", + name: "id", + in: "query", + }, + { + type: "string", + description: "Possible order by fields: ", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Match query criteria, which includes all the filter string fields, plus TODO", + name: "q", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + ], + ], + [ + "query_rule_groups", + "GET", + "/fwmgr/queries/rule-groups/v1", + "Find all rule group IDs matching the query with filter", + "firewall_management", + [ + { + type: "string", + description: "Possible order by fields: ", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Match query criteria, which includes all the filter string fields, plus TODO", + name: "q", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "string", + description: + "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + name: "after", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + ], + ], + [ + "query_rules", + "GET", + "/fwmgr/queries/rules/v1", + "Find all rule IDs matching the query with filter", + "firewall_management", + [ + { + type: "string", + description: "Possible order by fields: ", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Match query criteria, which includes all the filter string fields, plus TODO", + name: "q", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "string", + description: + "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + name: "after", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/firewall_policies.ts b/src/_endpoints/firewall_policies.ts index 9e55bd27..99dd100a 100644 --- a/src/_endpoints/firewall_policies.ts +++ b/src/_endpoints/firewall_policies.ts @@ -3,168 +3,308 @@ * consumed and interpreted by Falcon.command(...) */ export const _firewall_policies_endpoints: Array = [ - ["queryCombinedFirewallPolicyMembers", "GET", "/policy/combined/firewall-members/v1", "Search for members of a Firewall Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", "firewall_policies", [{ - "type": "string", - "description": "The ID of the Firewall Policy to search for members of", - "name": "id", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["queryCombinedFirewallPolicies", "GET", "/policy/combined/firewall/v1", "Search for Firewall Policies in your environment by providing an FQL filter and paging details. Returns a set of Firewall Policies which match the filter criteria", "firewall_policies", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["performFirewallPoliciesAction", "POST", "/policy/entities/firewall-actions/v1", "Perform the specified action on the Firewall Policies specified in the request", "firewall_policies", [{ - "enum": ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], - "type": "string", - "description": "The action to perform", - "name": "action_name", - "in": "query", - "required": 1 - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["setFirewallPoliciesPrecedence", "POST", "/policy/entities/firewall-precedence/v1", "Sets the precedence of Firewall Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence", "firewall_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["getFirewallPolicies", "GET", "/policy/entities/firewall/v1", "Retrieve a set of Firewall Policies by specifying their IDs", "firewall_policies", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the Firewall Policies to return", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["createFirewallPolicies", "POST", "/policy/entities/firewall/v1", "Create Firewall Policies by specifying details about the policy to create", "firewall_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }, { - "maxLength": 32, - "minLength": 32, - "type": "string", - "description": "The policy ID to be cloned from", - "name": "clone_id", - "in": "query" - }]], - ["updateFirewallPolicies", "PATCH", "/policy/entities/firewall/v1", "Update Firewall Policies by specifying the ID of the policy and details to update", "firewall_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteFirewallPolicies", "DELETE", "/policy/entities/firewall/v1", "Delete a set of Firewall Policies by specifying their IDs", "firewall_policies", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the Firewall Policies to delete", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["queryFirewallPolicyMembers", "GET", "/policy/queries/firewall-members/v1", "Search for members of a Firewall Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria", "firewall_policies", [{ - "type": "string", - "description": "The ID of the Firewall Policy to search for members of", - "name": "id", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["queryFirewallPolicies", "GET", "/policy/queries/firewall/v1", "Search for Firewall Policies in your environment by providing an FQL filter and paging details. Returns a set of Firewall Policy IDs which match the filter criteria", "firewall_policies", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]] -]; \ No newline at end of file + [ + "queryCombinedFirewallPolicyMembers", + "GET", + "/policy/combined/firewall-members/v1", + "Search for members of a Firewall Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", + "firewall_policies", + [ + { + type: "string", + description: "The ID of the Firewall Policy to search for members of", + name: "id", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "queryCombinedFirewallPolicies", + "GET", + "/policy/combined/firewall/v1", + "Search for Firewall Policies in your environment by providing an FQL filter and paging details. Returns a set of Firewall Policies which match the filter criteria", + "firewall_policies", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + enum: [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "enabled.asc", + "enabled.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc", + "platform_name.asc", + "platform_name.desc", + "precedence.asc", + "precedence.desc", + ], + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "performFirewallPoliciesAction", + "POST", + "/policy/entities/firewall-actions/v1", + "Perform the specified action on the Firewall Policies specified in the request", + "firewall_policies", + [ + { + enum: ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], + type: "string", + description: "The action to perform", + name: "action_name", + in: "query", + required: 1, + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "setFirewallPoliciesPrecedence", + "POST", + "/policy/entities/firewall-precedence/v1", + "Sets the precedence of Firewall Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence", + "firewall_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "getFirewallPolicies", + "GET", + "/policy/entities/firewall/v1", + "Retrieve a set of Firewall Policies by specifying their IDs", + "firewall_policies", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the Firewall Policies to return", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createFirewallPolicies", + "POST", + "/policy/entities/firewall/v1", + "Create Firewall Policies by specifying details about the policy to create", + "firewall_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + { + maxLength: 32, + minLength: 32, + type: "string", + description: "The policy ID to be cloned from", + name: "clone_id", + in: "query", + }, + ], + ], + [ + "updateFirewallPolicies", + "PATCH", + "/policy/entities/firewall/v1", + "Update Firewall Policies by specifying the ID of the policy and details to update", + "firewall_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteFirewallPolicies", + "DELETE", + "/policy/entities/firewall/v1", + "Delete a set of Firewall Policies by specifying their IDs", + "firewall_policies", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the Firewall Policies to delete", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "queryFirewallPolicyMembers", + "GET", + "/policy/queries/firewall-members/v1", + "Search for members of a Firewall Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria", + "firewall_policies", + [ + { + type: "string", + description: "The ID of the Firewall Policy to search for members of", + name: "id", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "queryFirewallPolicies", + "GET", + "/policy/queries/firewall/v1", + "Search for Firewall Policies in your environment by providing an FQL filter and paging details. Returns a set of Firewall Policy IDs which match the filter criteria", + "firewall_policies", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + enum: [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "enabled.asc", + "enabled.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc", + "platform_name.asc", + "platform_name.desc", + "precedence.asc", + "precedence.desc", + ], + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/foundry_logscale.ts b/src/_endpoints/foundry_logscale.ts index b195c19c..cf5cbe2e 100644 --- a/src/_endpoints/foundry_logscale.ts +++ b/src/_endpoints/foundry_logscale.ts @@ -4,140 +4,202 @@ */ export const _foundry_logscale_endpoints: Array = [ ["ListReposV1", "GET", "/loggingapi/combined/repos/v1", "Lists available repositories and views", "foundry_logscale", []], - ["IngestDataV1", "POST", "/loggingapi/entities/data-ingestion/ingest/v1", "Ingest data into the application repository", "foundry_logscale", [{ - "type": "file", - "description": "Data file to ingest", - "name": "data_file", - "in": "formData", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "description": "Custom tag for ingested data in the form tag:value", - "name": "tag", - "in": "formData" - }, { - "type": "string", - "description": "Tag the data with the specified source", - "name": "tag_source", - "in": "formData" - }, { - "type": "boolean", - "default": 0, - "description": "Tag the data with test-ingest", - "name": "test_data", - "in": "formData" - }]], - ["CreateSavedSearchesDynamicExecuteV1", "POST", "/loggingapi/entities/saved-searches/execute-dynamic/v1", "Execute a dynamic saved search", "foundry_logscale", [{ - "type": "boolean", - "default": 0, - "description": "Include generated schemas in the response", - "name": "include_schema_generation", - "in": "query" - }, { - "type": "boolean", - "default": 0, - "description": "Include test data when executing searches", - "name": "include_test_data", - "in": "query" - }, { - "type": "boolean", - "default": 0, - "description": "Whether to include metadata in the response", - "name": "metadata", - "in": "query" - }, { - "enum": ["sync", "async"], - "type": "string", - "description": "Mode to execute the query under.", - "name": "mode", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetSavedSearchesExecuteV1", "GET", "/loggingapi/entities/saved-searches/execute/v1", "Get the results of a saved search", "foundry_logscale", [{ - "type": "string", - "description": "Job ID for a previously executed async query", - "name": "job_id", - "in": "query", - "required": 1 - }, { - "minimum": 0, - "type": "string", - "description": "Maximum number of records to return.", - "name": "limit", - "in": "query" - }, { - "type": "boolean", - "default": 0, - "description": "Whether to include metadata in the response", - "name": "metadata", - "in": "query" - }, { - "minimum": 0, - "type": "string", - "description": "Starting pagination offset of records to return.", - "name": "offset", - "in": "query" - }, { - "pattern": "v?([0-9]+)(\\.[0-9]+)?(\\.[0-9]+)?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?", - "type": "string", - "description": "Version of resource being created", - "name": "version", - "in": "query" - }]], - ["CreateSavedSearchesExecuteV1", "POST", "/loggingapi/entities/saved-searches/execute/v1", "Execute a saved search", "foundry_logscale", [{ - "type": "boolean", - "default": 0, - "description": "Whether to include search field details", - "name": "detailed", - "in": "query" - }, { - "type": "boolean", - "default": 0, - "description": "Include test data when executing searches", - "name": "include_test_data", - "in": "query" - }, { - "type": "boolean", - "default": 0, - "description": "Whether to include metadata in the response", - "name": "metadata", - "in": "query" - }, { - "enum": ["sync", "async", "async_offload"], - "type": "string", - "description": "Mode to execute the query under. If provided, takes precedence over the mode provided in the body.", - "name": "mode", - "in": "query" - }, { - "pattern": "v?([0-9]+)(\\.[0-9]+)?(\\.[0-9]+)?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?", - "type": "string", - "description": "Version of resource being created", - "name": "version", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], + [ + "IngestDataV1", + "POST", + "/loggingapi/entities/data-ingestion/ingest/v1", + "Ingest data into the application repository", + "foundry_logscale", + [ + { + type: "file", + description: "Data file to ingest", + name: "data_file", + in: "formData", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + description: "Custom tag for ingested data in the form tag:value", + name: "tag", + in: "formData", + }, + { + type: "string", + description: "Tag the data with the specified source", + name: "tag_source", + in: "formData", + }, + { + type: "boolean", + default: 0, + description: "Tag the data with test-ingest", + name: "test_data", + in: "formData", + }, + ], + ], + [ + "CreateSavedSearchesDynamicExecuteV1", + "POST", + "/loggingapi/entities/saved-searches/execute-dynamic/v1", + "Execute a dynamic saved search", + "foundry_logscale", + [ + { + type: "boolean", + default: 0, + description: "Include generated schemas in the response", + name: "include_schema_generation", + in: "query", + }, + { + type: "boolean", + default: 0, + description: "Include test data when executing searches", + name: "include_test_data", + in: "query", + }, + { + type: "boolean", + default: 0, + description: "Whether to include metadata in the response", + name: "metadata", + in: "query", + }, + { + enum: ["sync", "async"], + type: "string", + description: "Mode to execute the query under.", + name: "mode", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetSavedSearchesExecuteV1", + "GET", + "/loggingapi/entities/saved-searches/execute/v1", + "Get the results of a saved search", + "foundry_logscale", + [ + { + type: "string", + description: "Job ID for a previously executed async query", + name: "job_id", + in: "query", + required: 1, + }, + { + minimum: 0, + type: "string", + description: "Maximum number of records to return.", + name: "limit", + in: "query", + }, + { + type: "boolean", + default: 0, + description: "Whether to include metadata in the response", + name: "metadata", + in: "query", + }, + { + minimum: 0, + type: "string", + description: "Starting pagination offset of records to return.", + name: "offset", + in: "query", + }, + { + pattern: "v?([0-9]+)(\\.[0-9]+)?(\\.[0-9]+)?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?", + type: "string", + description: "Version of resource being created", + name: "version", + in: "query", + }, + ], + ], + [ + "CreateSavedSearchesExecuteV1", + "POST", + "/loggingapi/entities/saved-searches/execute/v1", + "Execute a saved search", + "foundry_logscale", + [ + { + type: "boolean", + default: 0, + description: "Whether to include search field details", + name: "detailed", + in: "query", + }, + { + type: "boolean", + default: 0, + description: "Include test data when executing searches", + name: "include_test_data", + in: "query", + }, + { + type: "boolean", + default: 0, + description: "Whether to include metadata in the response", + name: "metadata", + in: "query", + }, + { + enum: ["sync", "async", "async_offload"], + type: "string", + description: "Mode to execute the query under. If provided, takes precedence over the mode provided in the body.", + name: "mode", + in: "query", + }, + { + pattern: "v?([0-9]+)(\\.[0-9]+)?(\\.[0-9]+)?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?", + type: "string", + description: "Version of resource being created", + name: "version", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], ["CreateSavedSearchesIngestV1", "POST", "/loggingapi/entities/saved-searches/ingest/v1", "Populate a saved search", "foundry_logscale", []], - ["GetSavedSearchesJobResultsDownloadV1", "GET", "/loggingapi/entities/saved-searches/job-results-download/v1", "Get the results of a saved search as a file", "foundry_logscale", [{ - "type": "string", - "description": "Job ID for a previously executed async query", - "name": "job_id", - "in": "query", - "required": 1 - }, { - "enum": ["json", "csv"], - "type": "string", - "description": "Result Format", - "name": "result_format", - "in": "query" - }]], - ["ListViewV1", "GET", "/loggingapi/entities/views/v1", "List views", "foundry_logscale", []] -]; \ No newline at end of file + [ + "GetSavedSearchesJobResultsDownloadV1", + "GET", + "/loggingapi/entities/saved-searches/job-results-download/v1", + "Get the results of a saved search as a file", + "foundry_logscale", + [ + { + type: "string", + description: "Job ID for a previously executed async query", + name: "job_id", + in: "query", + required: 1, + }, + { + enum: ["json", "csv"], + type: "string", + description: "Result Format", + name: "result_format", + in: "query", + }, + ], + ], + ["ListViewV1", "GET", "/loggingapi/entities/views/v1", "List views", "foundry_logscale", []], +]; diff --git a/src/_endpoints/host_group.ts b/src/_endpoints/host_group.ts index faaaab89..fe5d815d 100644 --- a/src/_endpoints/host_group.ts +++ b/src/_endpoints/host_group.ts @@ -1,290 +1,283 @@ export const _host_group_endpoints: Array = [ [ - "queryCombinedGroupMembers", - "GET", - "/devices/combined/host-group-members/v1", - "Search for members of a Host Group in your environment by providing an FQL filter " + - "and paging details. Returns a set of host details which match the filter criteria", - "host_group", - [ - { - "type": "string", - "description": "The ID of the Host Group to search for members of", - "name": "id", - "in": "query" - }, - { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, - { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, - { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, - { - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - } - ] + "queryCombinedGroupMembers", + "GET", + "/devices/combined/host-group-members/v1", + "Search for members of a Host Group in your environment by providing an FQL filter " + "and paging details. Returns a set of host details which match the filter criteria", + "host_group", + [ + { + type: "string", + description: "The ID of the Host Group to search for members of", + name: "id", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], ], [ - "queryCombinedHostGroups", - "GET", - "/devices/combined/host-groups/v1", - "Search for Host Groups in your environment by providing an FQL filter and paging details. " + - "Returns a set of Host Groups which match the filter criteria", - "host_group", - [ - { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, - { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, - { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, - { - "enum": [ - "created_by.asc", - "created_by.desc", - "created_timestamp.asc", - "created_timestamp.desc", - "group_type.asc", - "group_type.desc", - "modified_by.asc", - "modified_by.desc", - "modified_timestamp.asc", - "modified_timestamp.desc", - "name.asc", - "name.desc" - ], - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - } - ] + "queryCombinedHostGroups", + "GET", + "/devices/combined/host-groups/v1", + "Search for Host Groups in your environment by providing an FQL filter and paging details. " + "Returns a set of Host Groups which match the filter criteria", + "host_group", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + enum: [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "group_type.asc", + "group_type.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc", + ], + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], ], [ - "performGroupAction", - "POST", - "/devices/entities/host-group-actions/v1", - "Perform the specified action on the Host Groups specified in the request", - "host_group", - [ - { - "enum": [ - "add-hosts", - "remove-hosts" - ], - "type": "string", - "description": "The action to perform", - "name": "action_name", - "in": "query", - "required": 1 - }, - { - "type": "boolean", - "default": 0, - "description": "Bool to disable hostname check on add-member", - "name": "disable_hostname_check", - "in": "query" - }, - { - "name": "body", - "in": "body", - "required": 1 - } - ] + "performGroupAction", + "POST", + "/devices/entities/host-group-actions/v1", + "Perform the specified action on the Host Groups specified in the request", + "host_group", + [ + { + enum: ["add-hosts", "remove-hosts"], + type: "string", + description: "The action to perform", + name: "action_name", + in: "query", + required: 1, + }, + { + type: "boolean", + default: 0, + description: "Bool to disable hostname check on add-member", + name: "disable_hostname_check", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], ], [ - "getHostGroups", - "GET", - "/devices/entities/host-groups/v1", - "Retrieve a set of Host Groups by specifying their IDs", - "host_group", - [ - { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the Host Groups to return", - "name": "ids", - "in": "query", - "required": 1 - } - ] + "getHostGroups", + "GET", + "/devices/entities/host-groups/v1", + "Retrieve a set of Host Groups by specifying their IDs", + "host_group", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the Host Groups to return", + name: "ids", + in: "query", + required: 1, + }, + ], ], [ - "createHostGroups", - "POST", - "/devices/entities/host-groups/v1", - "Create Host Groups by specifying details about the group to create", - "host_group", - [ - { - "name": "body", - "in": "body", - "required": 1 - } - ] + "createHostGroups", + "POST", + "/devices/entities/host-groups/v1", + "Create Host Groups by specifying details about the group to create", + "host_group", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], ], [ - "updateHostGroups", - "PATCH", - "/devices/entities/host-groups/v1", - "Update Host Groups by specifying the ID of the group and details to update", - "host_group", - [ - { - "name": "body", - "in": "body", - "required": 1 - } - ] + "updateHostGroups", + "PATCH", + "/devices/entities/host-groups/v1", + "Update Host Groups by specifying the ID of the group and details to update", + "host_group", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], ], [ - "deleteHostGroups", - "DELETE", - "/devices/entities/host-groups/v1", - "Delete a set of Host Groups by specifying their IDs", - "host_group", - [ - { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the Host Groups to delete", - "name": "ids", - "in": "query", - "required": 1 - } - ] + "deleteHostGroups", + "DELETE", + "/devices/entities/host-groups/v1", + "Delete a set of Host Groups by specifying their IDs", + "host_group", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the Host Groups to delete", + name: "ids", + in: "query", + required: 1, + }, + ], ], [ - "queryGroupMembers", - "GET", - "/devices/queries/host-group-members/v1", - "Search for members of a Host Group in your environment by providing an FQL filter and paging details. " + - "Returns a set of Agent IDs which match the filter criteria", - "host_group", - [ - { - "type": "string", - "description": "The ID of the Host Group to search for members of", - "name": "id", - "in": "query" - }, - { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, - { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, - { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, - { - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - } - ] + "queryGroupMembers", + "GET", + "/devices/queries/host-group-members/v1", + "Search for members of a Host Group in your environment by providing an FQL filter and paging details. " + "Returns a set of Agent IDs which match the filter criteria", + "host_group", + [ + { + type: "string", + description: "The ID of the Host Group to search for members of", + name: "id", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], ], [ - "queryHostGroups", - "GET", - "/devices/queries/host-groups/v1", - "Search for Host Groups in your environment by providing an FQL filter and paging details. " + - "Returns a set of Host Group IDs which match the filter criteria", - "host_group", - [ - { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, - { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, - { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, - { - "enum": [ - "created_by.asc", - "created_by.desc", - "created_timestamp.asc", - "created_timestamp.desc", - "group_type.asc", - "group_type.desc", - "modified_by.asc", - "modified_by.desc", - "modified_timestamp.asc", - "modified_timestamp.desc", - "name.asc", - "name.desc" - ], - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - } - ] - ] - ] \ No newline at end of file + "queryHostGroups", + "GET", + "/devices/queries/host-groups/v1", + "Search for Host Groups in your environment by providing an FQL filter and paging details. " + "Returns a set of Host Group IDs which match the filter criteria", + "host_group", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + enum: [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "group_type.asc", + "group_type.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc", + ], + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/hosts.ts b/src/_endpoints/hosts.ts index 264e5516..19a145bd 100644 --- a/src/_endpoints/hosts.ts +++ b/src/_endpoints/hosts.ts @@ -1,46 +1,46 @@ /** * contains all method definitions for API: hosts - * consumed and interpreted by Falcon.command(...) + * consumed and interpreted by Falcon.command(...) */ export const _hosts_endpoints: Array = [ - [ - "QueryDeviceLoginHistory", - "POST", - "/devices/combined/devices/login-history/v1", - "Retrieve details about recent login sessions for a set of devices.", - "hosts", [ - { - "name": "body", - "in": "body", - "required": 1 - } - ] - ], - [ - "QueryGetNetworkAddressHistoryV1", - "POST", - "/devices/combined/devices/network-address-history/v1", - "Retrieve history of IP and MAC addresses of devices.", - "hosts", + "QueryDeviceLoginHistory", + "POST", + "/devices/combined/devices/login-history/v1", + "Retrieve details about recent login sessions for a set of devices.", + "hosts", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], [ - { - "name": "body", - "in": "body", - "required": 1 - } - ] - ], - [ - "PerformActionV2", - "POST", - "/devices/entities/devices-actions/v2", - "Take constious actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host.", - "hosts", + "QueryGetNetworkAddressHistoryV1", + "POST", + "/devices/combined/devices/network-address-history/v1", + "Retrieve history of IP and MAC addresses of devices.", + "hosts", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], [ - { - "type": "string", - "description": `pecify one of these actions:\n\n- "contain" - + "PerformActionV2", + "POST", + "/devices/entities/devices-actions/v2", + "Take constious actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host.", + "hosts", + [ + { + type: "string", + description: `pecify one of these actions:\n\n- "contain" - This action contains the host, which stops any network communications to locations other than the CrowdStrike cloud and IPs specified in your [containment policy] (https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#containmentpolicy) @@ -48,270 +48,267 @@ export const _hosts_endpoints: Array = [ communications to normal\n- "hide_host": This action will delete a host. After the host is deleted, no new detections for that host will be reported via UI or APIs\n- "unhide_host": This action will restore a host. Detection reporting will resume after the host is restored`, - "name": "action_name", - "in": "query", - "required": 1 - }, - { - "description": "The host agent ID (AID) of the host you want to contain. " + - "Get an agent ID from a detection, the Falcon console, or the Streaming API.\n\n" + - "Provide the ID in JSON format with the key `ids` and the value in square brackets, " + - "such as: \n\n`\"ids\": [\"123456789\"]`", - "name": "body", - "in": "body", - "required": 1 - } - ] - ], - [ - "UpdateDeviceTags", - "PATCH", - "/devices/entities/devices/tags/v1", - "Append or remove one or more Falcon Grouping Tags on one or more hosts.", - "hosts", + name: "action_name", + in: "query", + required: 1, + }, + { + description: + "The host agent ID (AID) of the host you want to contain. " + + "Get an agent ID from a detection, the Falcon console, or the Streaming API.\n\n" + + "Provide the ID in JSON format with the key `ids` and the value in square brackets, " + + 'such as: \n\n`"ids": ["123456789"]`', + name: "body", + in: "body", + required: 1, + }, + ], + ], [ - { - "name": "body", - "in": "body", - "required": 1 - } - ] - ], - [ - "GetDeviceDetails", - "POST", - "/devices/entities/devices/v2", - "Get details on one or more hosts by providing host IDs in a POST body. Supports up to a maximum 5000 IDs.", - "hosts", + "UpdateDeviceTags", + "PATCH", + "/devices/entities/devices/tags/v1", + "Append or remove one or more Falcon Grouping Tags on one or more hosts.", + "hosts", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], [ - { - "name": "body", - "in": "body", - "required": 1 - } - ] - ], - [ - "GetDeviceDetailsV1", - "GET", - "/devices/entities/devices/v1", - "Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs " + - "(AIDs) from the /devices/queries/devices/v1 endpoint, the Falcon console or the Streaming API", - "hosts", + "GetDeviceDetails", + "POST", + "/devices/entities/devices/v2", + "Get details on one or more hosts by providing host IDs in a POST body. Supports up to a maximum 5000 IDs.", + "hosts", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], [ - { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The host agentIDs used to get details on", - "name": "ids", - "in": "query", - "required": 1 - } - ] - ], - [ - "GetDeviceDetailsV2", - "GET", - "/devices/entities/devices/v2", - "Get details on one or more hosts by providing host IDs as a query parameter. Supports up to a maximum 100 IDs.", - "hosts", + "GetDeviceDetailsV1", + "GET", + "/devices/entities/devices/v1", + "Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs " + + "(AIDs) from the /devices/queries/devices/v1 endpoint, the Falcon console or the Streaming API", + "hosts", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The host agentIDs used to get details on", + name: "ids", + in: "query", + required: 1, + }, + ], + ], [ - { - "maxItems": 100, - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The host agentIDs used to get details on", - "name": "ids", - "in": "query", - "required": 1 - } - ] - ], - [ - "PostDeviceDetailsV2", - "POST", - "/devices/entities/devices/v2", - "Get details on one or more hosts by providing host IDs in a POST body. Supports up to a maximum 5000 IDs.", - "hosts", + "GetDeviceDetailsV2", + "GET", + "/devices/entities/devices/v2", + "Get details on one or more hosts by providing host IDs as a query parameter. Supports up to a maximum 100 IDs.", + "hosts", + [ + { + maxItems: 100, + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The host agentIDs used to get details on", + name: "ids", + in: "query", + required: 1, + }, + ], + ], [ - { - "name": "body", - "in": "body", - "required": 1 - } - ] - ], - [ - "entities_perform_action", - "POST", - "/devices/entities/group-actions/v1", - "Performs the specified action on the provided prevention policy IDs.", - "hosts", + "PostDeviceDetailsV2", + "POST", + "/devices/entities/devices/v2", + "Get details on one or more hosts by providing host IDs in a POST body. Supports up to a maximum 5000 IDs.", + "hosts", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], [ - { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The group ids to act on", - "name": "ids", - "in": "query", - "required": 1 - }, - { - "enum": [ - "add_group_member", - "remove_all", - "remove_group_member" + "entities_perform_action", + "POST", + "/devices/entities/group-actions/v1", + "Performs the specified action on the provided prevention policy IDs.", + "hosts", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The group ids to act on", + name: "ids", + in: "query", + required: 1, + }, + { + enum: ["add_group_member", "remove_all", "remove_group_member"], + type: "string", + description: "The action to perform.", + name: "action_name", + in: "query", + required: 1, + }, + { + type: "boolean", + default: 0, + description: "Bool to disable hostname check on add-member", + name: "disable_hostname_check", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, ], - "type": "string", - "description": "The action to perform.", - "name": "action_name", - "in": "query", - "required": 1 - }, - { - "type": "boolean", - "default": 0, - "description": "Bool to disable hostname check on add-member", - "name": "disable_hostname_check", - "in": "query" - }, - { - "name": "body", - "in": "body", - "required": 1 - } - ] - ], - [ - "GetOnlineState_V1", - "GET", - "/devices/entities/online-state/v1", - "Get the online status for one or more hosts by specifying each host’s unique ID. " + - "Successful requests return an HTTP 200 response and the status for each host identified " + - "by a `state` of `online`, `offline`, or `unknown` for each host, identified by host `id`." + - "\n\nMake a `GET` request to `/devices/queries/devices/v1` to get a list of host IDs.", - "hosts", + ], [ - { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The unique ID of the host to get the online status of.", - "name": "ids", - "in": "query", - "required": 1 - } - ] - ], - [ - "QueryHiddenDevices", - "GET", - "/devices/queries/devices-hidden/v1", - "Retrieve hidden hosts that match the provided filter criteria.", - "hosts", + "GetOnlineState_V1", + "GET", + "/devices/entities/online-state/v1", + "Get the online status for one or more hosts by specifying each host’s unique ID. " + + "Successful requests return an HTTP 200 response and the status for each host identified " + + "by a `state` of `online`, `offline`, or `unknown` for each host, identified by host `id`." + + "\n\nMake a `GET` request to `/devices/queries/devices/v1` to get a list of host IDs.", + "hosts", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The unique ID of the host to get the online status of.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], [ - { - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, - { - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, - { - "type": "string", - "description": "The property to sort by (e.g. status.desc or hostname.asc)", - "name": "sort", - "in": "query" - }, - { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - } - ] - ], - [ - "QueryDevicesByFilterScroll", - "GET", - "/devices/queries/devices-scroll/v1", - "Search for hosts in your environment by platform, hostname, IP, and other criteria with " + - "continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit)", - "hosts", + "QueryHiddenDevices", + "GET", + "/devices/queries/devices-hidden/v1", + "Retrieve hidden hosts that match the provided filter criteria.", + "hosts", + [ + { + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by (e.g. status.desc or hostname.asc)", + name: "sort", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + ], + ], [ - { - "type": "string", - "description": "The offset to page from, for the next result set", - "name": "offset", - "in": "query" - }, - { - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, - { - "type": "string", - "description": "The property to sort by (e.g. status.desc or hostname.asc)", - "name": "sort", - "in": "query" - }, - { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - } - ] - ], - [ - "QueryDevicesByFilter", - "GET", - "/devices/queries/devices/v1", - "Search for hosts in your environment by platform, hostname, IP, and other criteria.", - "hosts", + "QueryDevicesByFilterScroll", + "GET", + "/devices/queries/devices-scroll/v1", + "Search for hosts in your environment by platform, hostname, IP, and other criteria with " + + "continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit)", + "hosts", + [ + { + type: "string", + description: "The offset to page from, for the next result set", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by (e.g. status.desc or hostname.asc)", + name: "sort", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + ], + ], [ - { - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, - { - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, - { - "type": "string", - "description": "The property to sort by (e.g. status.desc or hostname.asc)", - "name": "sort", - "in": "query" - }, - { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - } - ] - ] -] \ No newline at end of file + "QueryDevicesByFilter", + "GET", + "/devices/queries/devices/v1", + "Search for hosts in your environment by platform, hostname, IP, and other criteria.", + "hosts", + [ + { + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by (e.g. status.desc or hostname.asc)", + name: "sort", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/identity_protection.ts b/src/_endpoints/identity_protection.ts index 755fca33..19aa7075 100644 --- a/src/_endpoints/identity_protection.ts +++ b/src/_endpoints/identity_protection.ts @@ -3,42 +3,81 @@ * consumed and interpreted by Falcon.command(...) */ export const _identity_protection_endpoints: Array = [ - ["api_preempt_proxy_post_graphql", "POST", "/identity-protection/combined/graphql/v1", "Identity Protection GraphQL API. Allows to retrieve entities, timeline activities, identity-based incidents and security assessment. Allows to perform actions on entities and identity-based incidents.", "identity_protection", [{ - "type": "string", - "description": "Authorization Header", - "name": "Authorization", - "in": "header", - "required": 1 - }]], - ["GetSensorAggregates", "POST", "/identity-protection/aggregates/devices/GET/v1", "Get sensor aggregates as specified via json in request body.", "identity_entities", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetSensorDetails", "POST", "/identity-protection/entities/devices/GET/v1", "Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs.", "identity_entities", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["QuerySensorsByFilter", "GET", "/identity-protection/queries/devices/v1", "Search for sensors in your environment by hostname, IP, and other criteria.", "identity_entities", [{ - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum records to return. [1-200]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by (e.g. status.desc or hostname.asc)", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }]] -]; \ No newline at end of file + [ + "api_preempt_proxy_post_graphql", + "POST", + "/identity-protection/combined/graphql/v1", + "Identity Protection GraphQL API. Allows to retrieve entities, timeline activities, identity-based incidents and security assessment. Allows to perform actions on entities and identity-based incidents.", + "identity_protection", + [ + { + type: "string", + description: "Authorization Header", + name: "Authorization", + in: "header", + required: 1, + }, + ], + ], + [ + "GetSensorAggregates", + "POST", + "/identity-protection/aggregates/devices/GET/v1", + "Get sensor aggregates as specified via json in request body.", + "identity_entities", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetSensorDetails", + "POST", + "/identity-protection/entities/devices/GET/v1", + "Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs.", + "identity_entities", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "QuerySensorsByFilter", + "GET", + "/identity-protection/queries/devices/v1", + "Search for sensors in your environment by hostname, IP, and other criteria.", + "identity_entities", + [ + { + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return. [1-200]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by (e.g. status.desc or hostname.asc)", + name: "sort", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/incidents.ts b/src/_endpoints/incidents.ts index 4de17125..0fbbfcb5 100644 --- a/src/_endpoints/incidents.ts +++ b/src/_endpoints/incidents.ts @@ -1,96 +1,165 @@ export const _incidents_endpoints: Array = [ - ["CrowdScore", "GET", "/incidents/combined/crowdscores/v1", "Query environment wide CrowdScore and return the entity data", "incidents", [{ - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "integer", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum records to return. [1-2500]", - "name": "limit", - "in": "query" - }, { - "enum": '["adjusted_score.asc", "adjusted_score.desc", "score.asc", "score.desc", "timestamp.asc", "timestamp.desc"]', - "type": "string", - "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", - "name": "sort", - "in": "query" - }]], - ["GetBehaviors", "POST", "/incidents/entities/behaviors/GET/v1", "Get details on behaviors by providing behavior IDs", "incidents", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["PerformIncidentAction", "POST", "/incidents/entities/incident-actions/v1", "Perform a set of actions on one or more incidents, such as adding tags or comments or updating the incident name or description", "incidents", [{ - "type": "boolean", - "default": 0, - "description": "If true, update assigned-to-uuid and or status of detections associated with the incident(s). Defaults to false", - "name": "update_detects", - "in": "query" - }, { - "type": "boolean", - "default": 0, - "description": "If true and update-detects is true, the assigned-to-uuid or status for ALL detections associated with the incident(s) will be overwritten. If false, only detects that have default values for assigned-to-uuid and/or status will be updated. Defaults to false. Ignored if 'update-detects' is missing or false.", - "name": "overwrite_detects", - "in": "query" - }, { - "description": "Incident Update request body containing minimum 1 and maximum 5000 Incident ID(s) and action param(s) to be performed action against.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetIncidents", "POST", "/incidents/entities/incidents/GET/v1", "Get details on incidents by providing incident IDs", "incidents", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["QueryBehaviors", "GET", "/incidents/queries/behaviors/v1", "Search for behaviors by providing an FQL filter, sorting, and paging details", "incidents", [{ - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "integer", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "enum": '["alert_ids.asc", "alert_ids.desc", "cmdline.asc", "cmdline.desc", "detection_ids.asc", "detection_ids.desc", "display_name.asc", "display_name.desc", "domain.asc", "domain.desc", "filepath.asc", "filepath.desc", "timestamp.asc", "timestamp.desc"]', - "type": "string", - "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", - "name": "sort", - "in": "query" - }]], - ["QueryIncidents", "GET", "/incidents/queries/incidents/v1", "Search for incidents by providing an FQL filter, sorting, and paging details", "incidents", [{ - "enum": '["assigned_to.asc", "assigned_to.desc", "assigned_to_name.asc", "assigned_to_name.desc", "end.asc", "end.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "sort_score.asc", "sort_score.desc", "start.asc", "start.desc", "state.asc", "state.desc", "status.asc", "status.desc"]', - "type": "string", - "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "integer", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }]] -]; \ No newline at end of file + [ + "CrowdScore", + "GET", + "/incidents/combined/crowdscores/v1", + "Query environment wide CrowdScore and return the entity data", + "incidents", + [ + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "integer", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return. [1-2500]", + name: "limit", + in: "query", + }, + { + enum: '["adjusted_score.asc", "adjusted_score.desc", "score.asc", "score.desc", "timestamp.asc", "timestamp.desc"]', + type: "string", + description: 'The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".', + name: "sort", + in: "query", + }, + ], + ], + [ + "GetBehaviors", + "POST", + "/incidents/entities/behaviors/GET/v1", + "Get details on behaviors by providing behavior IDs", + "incidents", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "PerformIncidentAction", + "POST", + "/incidents/entities/incident-actions/v1", + "Perform a set of actions on one or more incidents, such as adding tags or comments or updating the incident name or description", + "incidents", + [ + { + type: "boolean", + default: 0, + description: "If true, update assigned-to-uuid and or status of detections associated with the incident(s). Defaults to false", + name: "update_detects", + in: "query", + }, + { + type: "boolean", + default: 0, + description: + "If true and update-detects is true, the assigned-to-uuid or status for ALL detections associated with the incident(s) will be overwritten. If false, only detects that have default values for assigned-to-uuid and/or status will be updated. Defaults to false. Ignored if 'update-detects' is missing or false.", + name: "overwrite_detects", + in: "query", + }, + { + description: "Incident Update request body containing minimum 1 and maximum 5000 Incident ID(s) and action param(s) to be performed action against.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetIncidents", + "POST", + "/incidents/entities/incidents/GET/v1", + "Get details on incidents by providing incident IDs", + "incidents", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "QueryBehaviors", + "GET", + "/incidents/queries/behaviors/v1", + "Search for behaviors by providing an FQL filter, sorting, and paging details", + "incidents", + [ + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "integer", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + enum: '["alert_ids.asc", "alert_ids.desc", "cmdline.asc", "cmdline.desc", "detection_ids.asc", "detection_ids.desc", "display_name.asc", "display_name.desc", "domain.asc", "domain.desc", "filepath.asc", "filepath.desc", "timestamp.asc", "timestamp.desc"]', + type: "string", + description: 'The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".', + name: "sort", + in: "query", + }, + ], + ], + [ + "QueryIncidents", + "GET", + "/incidents/queries/incidents/v1", + "Search for incidents by providing an FQL filter, sorting, and paging details", + "incidents", + [ + { + enum: '["assigned_to.asc", "assigned_to.desc", "assigned_to_name.asc", "assigned_to_name.desc", "end.asc", "end.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "sort_score.asc", "sort_score.desc", "start.asc", "start.desc", "state.asc", "state.desc", "status.asc", "status.desc"]', + type: "string", + description: 'The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".', + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "integer", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/installation_tokens.ts b/src/_endpoints/installation_tokens.ts index 987335ae..86b503db 100644 --- a/src/_endpoints/installation_tokens.ts +++ b/src/_endpoints/installation_tokens.ts @@ -3,103 +3,182 @@ * consumed and interpreted by Falcon.command(...) */ export const _installation_tokens_endpoints: Array = [ - ["audit_events_read", "GET", "/installation-tokens/entities/audit-events/v1", "Gets the details of one or more audit events by id.", "installation_tokens", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "IDs of audit events to retrieve details for", - "name": "ids", - "in": "query" - }]], + [ + "audit_events_read", + "GET", + "/installation-tokens/entities/audit-events/v1", + "Gets the details of one or more audit events by id.", + "installation_tokens", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "IDs of audit events to retrieve details for", + name: "ids", + in: "query", + }, + ], + ], ["customer_settings_read", "GET", "/installation-tokens/entities/customer-settings/v1", "Check current installation token settings.", "installation_tokens", []], - ["tokens_read", "GET", "/installation-tokens/entities/tokens/v1", "Gets the details of one or more tokens by id.", "installation_tokens", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "IDs of tokens to retrieve details for", - "name": "ids", - "in": "query" - }]], - ["tokens_create", "POST", "/installation-tokens/entities/tokens/v1", "Creates a token.", "installation_tokens", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["tokens_update", "PATCH", "/installation-tokens/entities/tokens/v1", "Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.", "installation_tokens", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "The token ids to update.", - "name": "ids", - "in": "query", - "required": 1 - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["tokens_delete", "DELETE", "/installation-tokens/entities/tokens/v1", "Deletes a token immediately. To revoke a token, use PATCH /installation-tokens/entities/tokens/v1 instead.", "installation_tokens", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "The token ids to delete.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["audit_events_query", "GET", "/installation-tokens/queries/audit-events/v1", "Search for audit events by providing an FQL filter and paging details.", "installation_tokens", [{ - "type": "integer", - "description": "The offset to start retrieving records from.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum records to return. [1-1000]. Defaults to 50.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by (e.g. timestamp.desc).", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results (e.g., `action:'token_create'`).", - "name": "filter", - "in": "query" - }]], - ["tokens_query", "GET", "/installation-tokens/queries/tokens/v1", "Search for tokens by providing an FQL filter and paging details.", "installation_tokens", [{ - "type": "integer", - "description": "The offset to start retrieving records from.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum records to return. [1-1000]. Defaults to 50.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by (e.g. created_timestamp.desc).", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results (e.g., `status:'valid'`).", - "name": "filter", - "in": "query" - }]], - ["customer_settings_update", "PATCH", "/installation-tokens/entities/customer-settings/v1", "Update installation token settings.", "installation_tokens_settings", [{ - "name": "body", - "in": "body", - "required": 1 - }]] -]; \ No newline at end of file + [ + "tokens_read", + "GET", + "/installation-tokens/entities/tokens/v1", + "Gets the details of one or more tokens by id.", + "installation_tokens", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "IDs of tokens to retrieve details for", + name: "ids", + in: "query", + }, + ], + ], + [ + "tokens_create", + "POST", + "/installation-tokens/entities/tokens/v1", + "Creates a token.", + "installation_tokens", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "tokens_update", + "PATCH", + "/installation-tokens/entities/tokens/v1", + "Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.", + "installation_tokens", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "The token ids to update.", + name: "ids", + in: "query", + required: 1, + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "tokens_delete", + "DELETE", + "/installation-tokens/entities/tokens/v1", + "Deletes a token immediately. To revoke a token, use PATCH /installation-tokens/entities/tokens/v1 instead.", + "installation_tokens", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "The token ids to delete.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "audit_events_query", + "GET", + "/installation-tokens/queries/audit-events/v1", + "Search for audit events by providing an FQL filter and paging details.", + "installation_tokens", + [ + { + type: "integer", + description: "The offset to start retrieving records from.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return. [1-1000]. Defaults to 50.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by (e.g. timestamp.desc).", + name: "sort", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results (e.g., `action:'token_create'`).", + name: "filter", + in: "query", + }, + ], + ], + [ + "tokens_query", + "GET", + "/installation-tokens/queries/tokens/v1", + "Search for tokens by providing an FQL filter and paging details.", + "installation_tokens", + [ + { + type: "integer", + description: "The offset to start retrieving records from.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return. [1-1000]. Defaults to 50.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by (e.g. created_timestamp.desc).", + name: "sort", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results (e.g., `status:'valid'`).", + name: "filter", + in: "query", + }, + ], + ], + [ + "customer_settings_update", + "PATCH", + "/installation-tokens/entities/customer-settings/v1", + "Update installation token settings.", + "installation_tokens_settings", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/intel.ts b/src/_endpoints/intel.ts index e8367c77..b5316c1f 100644 --- a/src/_endpoints/intel.ts +++ b/src/_endpoints/intel.ts @@ -3,437 +3,674 @@ * consumed and interpreted by Falcon.command(...) */ export const _intel_endpoints: Array = [ - ["QueryIntelActorEntities", "GET", "/intel/combined/actors/v1", "Get info about actors that match provided FQL filters.", "intel", [{ - "type": "integer", - "description": "Set the starting row number to return actors from. Defaults to 0.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Set the number of actors to return. The value must be between 1 and 5000.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Order fields in ascending or descending order.\n\nEx: created_date|asc.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\nactors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Perform a generic substring search across all fields.", - "name": "q", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:\n\n\\_\\_\\\\_\\_.\n\nEx: slug \\_\\_full\\_\\_.\n\nDefaults to \\_\\_basic\\_\\_.", - "name": "fields", - "in": "query" - }]], - ["QueryIntelIndicatorEntities", "GET", "/intel/combined/indicators/v1", "Get info about indicators that match provided FQL filters.", "intel", [{ - "type": "integer", - "description": "Set the starting row number to return indicators from. Defaults to 0.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Set the number of indicators to return. The number must be between 1 and 50000", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Order fields in ascending or descending order.\n\nEx: published_date|asc.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\n_marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Perform a generic substring search across all fields.", - "name": "q", - "in": "query" - }, { - "type": "boolean", - "description": "If true, include both published and deleted indicators in the response. Defaults to false.", - "name": "include_deleted", - "in": "query" - }, { - "type": "boolean", - "description": "If true, include related indicators in the response. Defaults to true.", - "name": "include_relations", - "in": "query" - }]], - ["QueryIntelReportEntities", "GET", "/intel/combined/reports/v1", "Get info about reports that match provided FQL filters.", "intel", [{ - "type": "integer", - "description": "Set the starting row number to return reports from. Defaults to 0.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Set the number of reports to return. The value must be between 1 and 5000.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Order fields in ascending or descending order. Ex: created_date|asc.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\nactors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Perform a generic substring search across all fields.", - "name": "q", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:\n\n\\_\\_\\\\_\\_.\n\nEx: slug \\_\\_full\\_\\_.\n\nDefaults to \\_\\_basic\\_\\_.", - "name": "fields", - "in": "query" - }]], - ["GetIntelActorEntities", "GET", "/intel/entities/actors/v1", "Retrieve specific actors using their actor IDs.", "intel", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the actors you want to retrieve.", - "name": "ids", - "in": "query", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:\n\n\\_\\_\\\\_\\_.\n\nEx: slug \\_\\_full\\_\\_.\n\nDefaults to \\_\\_basic\\_\\_.", - "name": "fields", - "in": "query" - }]], - ["GetIntelIndicatorEntities", "POST", "/intel/entities/indicators/GET/v1", "Retrieve specific indicators using their indicator IDs.", "intel", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetMitreReport", "GET", "/intel/entities/mitre-reports/v1", "Export Mitre ATT&CK information for a given actor.", "intel", [{ - "type": "string", - "description": "Actor ID(derived from the actor's name)", - "name": "actor_id", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Supported report formats: CSV or JSON", - "name": "format", - "in": "query", - "required": 1 - }]], - ["PostMitreAttacks", "POST", "/intel/entities/mitre/v1", "Retrieves report and observable IDs associated with the given actor and attacks", "intel", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetIntelReportPDF", "GET", "/intel/entities/report-files/v1", "Return a Report PDF attachment", "intel", [{ - "type": "string", - "description": "The ID of the report you want to download as a PDF.", - "name": "id", - "in": "query" - }, { - "type": "string", - "description": "The ID of the report you want to download as a PDF. This parameter is used only if no id parameter given.", - "name": "ids", - "in": "query" - }]], - ["GetIntelReportEntities", "GET", "/intel/entities/reports/v1", "Retrieve specific reports using their report IDs.", "intel", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the reports you want to retrieve.", - "name": "ids", - "in": "query", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:\n\n\\_\\_\\\\_\\_.\n\nEx: slug \\_\\_full\\_\\_.\n\nDefaults to \\_\\_basic\\_\\_.", - "name": "fields", - "in": "query" - }]], - ["GetIntelRuleFile", "GET", "/intel/entities/rules-files/v1", "Download earlier rule sets.", "intel", [{ - "type": "string", - "description": "Choose the format you want the rule set in.", - "name": "Accept", - "in": "header" - }, { - "type": "integer", - "description": "The ID of the rule set.", - "name": "id", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip.", - "name": "format", - "in": "query" - }]], - ["GetLatestIntelRuleFile", "GET", "/intel/entities/rules-latest-files/v1", "Download the latest rule set.", "intel", [{ - "type": "string", - "description": "Choose the format you want the rule set in.", - "name": "Accept", - "in": "header" - }, { - "type": "string", - "description": "Download the latest rule set only if it doesn't have an ETag matching the given ones.", - "name": "If-None-Match", - "in": "header" - }, { - "type": "string", - "description": "Download the latest rule set only if the rule was modified after this date. http, ANSIC and RFC850 formats accepted", - "name": "If-Modified-Since", - "in": "header" - }, { - "type": "string", - "description": "The rule news report type. Accepted values:\n\nsnort-suricata-master\n\nsnort-suricata-update\n\nsnort-suricata-changelog\n\nyara-master\n\nyara-update\n\nyara-changelog\n\ncommon-event-format\n\nnetwitness", - "name": "type", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip.", - "name": "format", - "in": "query" - }]], - ["GetIntelRuleEntities", "GET", "/intel/entities/rules/v1", "Retrieve details for rule sets for the specified ids.", "intel", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The ids of rules to return.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetVulnerabilities", "POST", "/intel/entities/vulnerabilities/GET/v1", "Get vulnerabilities", "intel", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["QueryIntelActorIds", "GET", "/intel/queries/actors/v1", "Get actor IDs that match provided FQL filters.", "intel", [{ - "type": "integer", - "description": "Set the starting row number to return actors IDs from. Defaults to 0.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Set the number of actor IDs to return. The value must be between 1 and 5000.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Order fields in ascending or descending order.\n\nEx: created_date|asc.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\nactors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Perform a generic substring search across all fields.", - "name": "q", - "in": "query" - }]], - ["QueryIntelIndicatorIds", "GET", "/intel/queries/indicators/v1", "Get indicators IDs that match provided FQL filters.", "intel", [{ - "type": "integer", - "description": "Set the starting row number to return indicator IDs from. Defaults to 0.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Set the number of indicator IDs to return. The number must be between 1 and 50000", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Order fields in ascending or descending order.\n\nEx: published_date|asc.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\n_marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Perform a generic substring search across all fields.", - "name": "q", - "in": "query" - }, { - "type": "boolean", - "description": "If true, include both published and deleted indicators in the response. Defaults to false.", - "name": "include_deleted", - "in": "query" - }, { - "type": "boolean", - "description": "If true, include related indicators in the response. Defaults to true.", - "name": "include_relations", - "in": "query" - }]], - ["QueryMitreAttacks", "GET", "/intel/queries/mitre/v1", "Gets MITRE tactics and techniques for the given actor", "intel", [{ - "type": "string", - "description": "The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed", - "name": "id", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed", - "name": "ids", - "in": "query" - }]], - ["QueryIntelReportIds", "GET", "/intel/queries/reports/v1", "Get report IDs that match provided FQL filters.", "intel", [{ - "type": "integer", - "description": "Set the starting row number to return report IDs from. Defaults to 0.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Set the number of report IDs to return. The value must be between 1 and 5000.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Order fields in ascending or descending order.\n\nEx: created_date|asc.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\nactors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, arget_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Perform a generic substring search across all fields.", - "name": "q", - "in": "query" - }]], - ["QueryIntelRuleIds", "GET", "/intel/queries/rules/v1", "Search for rule IDs that match provided filter criteria.", "intel", [{ - "type": "integer", - "description": "Set the starting row number to return reports from. Defaults to 0.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The number of rule IDs to return. Defaults to 10.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Order fields in ascending or descending order.\n\nEx: created_date|asc.", - "name": "sort", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Search by rule title.", - "name": "name", - "in": "query" - }, { - "type": "string", - "description": "The rule news report type. Accepted values:\n\nsnort-suricata-master\n\nsnort-suricata-update\n\nsnort-suricata-changelog\n\nyara-master\n\nyara-update\n\nyara-changelog\n\ncommon-event-format\n\nnetwitness", - "name": "type", - "in": "query", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Substring match on description field.", - "name": "description", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Search for rule tags.", - "name": "tags", - "in": "query" - }, { - "type": "integer", - "description": "Filter results to those created on or after a certain date.", - "name": "min_created_date", - "in": "query" - }, { - "type": "string", - "description": "Filter results to those created on or before a certain date.", - "name": "max_created_date", - "in": "query" - }, { - "type": "string", - "description": "Perform a generic substring search across all fields.", - "name": "q", - "in": "query" - }]], - ["QueryVulnerabilities", "GET", "/intel/queries/vulnerabilities/v1", "Get vulnerabilities IDs", "intel", [{ - "type": "string", - "description": "Starting index of result set from which to return IDs.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of IDs to return.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Order by fields.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match phrase_prefix query criteria; included fields: _all (all filter string fields indexed).", - "name": "q", - "in": "query" - }]] -]; \ No newline at end of file + [ + "QueryIntelActorEntities", + "GET", + "/intel/combined/actors/v1", + "Get info about actors that match provided FQL filters.", + "intel", + [ + { + type: "integer", + description: "Set the starting row number to return actors from. Defaults to 0.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Set the number of actors to return. The value must be between 1 and 5000.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Order fields in ascending or descending order.\n\nEx: created_date|asc.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\nactors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Perform a generic substring search across all fields.", + name: "q", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: + "The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:\n\n\\_\\_\\\\_\\_.\n\nEx: slug \\_\\_full\\_\\_.\n\nDefaults to \\_\\_basic\\_\\_.", + name: "fields", + in: "query", + }, + ], + ], + [ + "QueryIntelIndicatorEntities", + "GET", + "/intel/combined/indicators/v1", + "Get info about indicators that match provided FQL filters.", + "intel", + [ + { + type: "integer", + description: "Set the starting row number to return indicators from. Defaults to 0.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Set the number of indicators to return. The number must be between 1 and 50000", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Order fields in ascending or descending order.\n\nEx: published_date|asc.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\n_marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Perform a generic substring search across all fields.", + name: "q", + in: "query", + }, + { + type: "boolean", + description: "If true, include both published and deleted indicators in the response. Defaults to false.", + name: "include_deleted", + in: "query", + }, + { + type: "boolean", + description: "If true, include related indicators in the response. Defaults to true.", + name: "include_relations", + in: "query", + }, + ], + ], + [ + "QueryIntelReportEntities", + "GET", + "/intel/combined/reports/v1", + "Get info about reports that match provided FQL filters.", + "intel", + [ + { + type: "integer", + description: "Set the starting row number to return reports from. Defaults to 0.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Set the number of reports to return. The value must be between 1 and 5000.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Order fields in ascending or descending order. Ex: created_date|asc.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\nactors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Perform a generic substring search across all fields.", + name: "q", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: + "The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:\n\n\\_\\_\\\\_\\_.\n\nEx: slug \\_\\_full\\_\\_.\n\nDefaults to \\_\\_basic\\_\\_.", + name: "fields", + in: "query", + }, + ], + ], + [ + "GetIntelActorEntities", + "GET", + "/intel/entities/actors/v1", + "Retrieve specific actors using their actor IDs.", + "intel", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the actors you want to retrieve.", + name: "ids", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: + "The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:\n\n\\_\\_\\\\_\\_.\n\nEx: slug \\_\\_full\\_\\_.\n\nDefaults to \\_\\_basic\\_\\_.", + name: "fields", + in: "query", + }, + ], + ], + [ + "GetIntelIndicatorEntities", + "POST", + "/intel/entities/indicators/GET/v1", + "Retrieve specific indicators using their indicator IDs.", + "intel", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetMitreReport", + "GET", + "/intel/entities/mitre-reports/v1", + "Export Mitre ATT&CK information for a given actor.", + "intel", + [ + { + type: "string", + description: "Actor ID(derived from the actor's name)", + name: "actor_id", + in: "query", + required: 1, + }, + { + type: "string", + description: "Supported report formats: CSV or JSON", + name: "format", + in: "query", + required: 1, + }, + ], + ], + [ + "PostMitreAttacks", + "POST", + "/intel/entities/mitre/v1", + "Retrieves report and observable IDs associated with the given actor and attacks", + "intel", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetIntelReportPDF", + "GET", + "/intel/entities/report-files/v1", + "Return a Report PDF attachment", + "intel", + [ + { + type: "string", + description: "The ID of the report you want to download as a PDF.", + name: "id", + in: "query", + }, + { + type: "string", + description: "The ID of the report you want to download as a PDF. This parameter is used only if no id parameter given.", + name: "ids", + in: "query", + }, + ], + ], + [ + "GetIntelReportEntities", + "GET", + "/intel/entities/reports/v1", + "Retrieve specific reports using their report IDs.", + "intel", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the reports you want to retrieve.", + name: "ids", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: + "The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:\n\n\\_\\_\\\\_\\_.\n\nEx: slug \\_\\_full\\_\\_.\n\nDefaults to \\_\\_basic\\_\\_.", + name: "fields", + in: "query", + }, + ], + ], + [ + "GetIntelRuleFile", + "GET", + "/intel/entities/rules-files/v1", + "Download earlier rule sets.", + "intel", + [ + { + type: "string", + description: "Choose the format you want the rule set in.", + name: "Accept", + in: "header", + }, + { + type: "integer", + description: "The ID of the rule set.", + name: "id", + in: "query", + required: 1, + }, + { + type: "string", + description: "Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip.", + name: "format", + in: "query", + }, + ], + ], + [ + "GetLatestIntelRuleFile", + "GET", + "/intel/entities/rules-latest-files/v1", + "Download the latest rule set.", + "intel", + [ + { + type: "string", + description: "Choose the format you want the rule set in.", + name: "Accept", + in: "header", + }, + { + type: "string", + description: "Download the latest rule set only if it doesn't have an ETag matching the given ones.", + name: "If-None-Match", + in: "header", + }, + { + type: "string", + description: "Download the latest rule set only if the rule was modified after this date. http, ANSIC and RFC850 formats accepted", + name: "If-Modified-Since", + in: "header", + }, + { + type: "string", + description: + "The rule news report type. Accepted values:\n\nsnort-suricata-master\n\nsnort-suricata-update\n\nsnort-suricata-changelog\n\nyara-master\n\nyara-update\n\nyara-changelog\n\ncommon-event-format\n\nnetwitness", + name: "type", + in: "query", + required: 1, + }, + { + type: "string", + description: "Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip.", + name: "format", + in: "query", + }, + ], + ], + [ + "GetIntelRuleEntities", + "GET", + "/intel/entities/rules/v1", + "Retrieve details for rule sets for the specified ids.", + "intel", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The ids of rules to return.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetVulnerabilities", + "POST", + "/intel/entities/vulnerabilities/GET/v1", + "Get vulnerabilities", + "intel", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "QueryIntelActorIds", + "GET", + "/intel/queries/actors/v1", + "Get actor IDs that match provided FQL filters.", + "intel", + [ + { + type: "integer", + description: "Set the starting row number to return actors IDs from. Defaults to 0.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Set the number of actor IDs to return. The value must be between 1 and 5000.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Order fields in ascending or descending order.\n\nEx: created_date|asc.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\nactors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Perform a generic substring search across all fields.", + name: "q", + in: "query", + }, + ], + ], + [ + "QueryIntelIndicatorIds", + "GET", + "/intel/queries/indicators/v1", + "Get indicators IDs that match provided FQL filters.", + "intel", + [ + { + type: "integer", + description: "Set the starting row number to return indicator IDs from. Defaults to 0.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Set the number of indicator IDs to return. The number must be between 1 and 50000", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Order fields in ascending or descending order.\n\nEx: published_date|asc.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\n_marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Perform a generic substring search across all fields.", + name: "q", + in: "query", + }, + { + type: "boolean", + description: "If true, include both published and deleted indicators in the response. Defaults to false.", + name: "include_deleted", + in: "query", + }, + { + type: "boolean", + description: "If true, include related indicators in the response. Defaults to true.", + name: "include_relations", + in: "query", + }, + ], + ], + [ + "QueryMitreAttacks", + "GET", + "/intel/queries/mitre/v1", + "Gets MITRE tactics and techniques for the given actor", + "intel", + [ + { + type: "string", + description: "The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed", + name: "id", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The actor ID(derived from the actor's name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed", + name: "ids", + in: "query", + }, + ], + ], + [ + "QueryIntelReportIds", + "GET", + "/intel/queries/reports/v1", + "Get report IDs that match provided FQL filters.", + "intel", + [ + { + type: "integer", + description: "Set the starting row number to return report IDs from. Defaults to 0.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Set the number of report IDs to return. The value must be between 1 and 5000.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Order fields in ascending or descending order.\n\nEx: created_date|asc.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter your query by specifying FQL filter parameters. Filter parameters include:\n\nactors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, arget_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Perform a generic substring search across all fields.", + name: "q", + in: "query", + }, + ], + ], + [ + "QueryIntelRuleIds", + "GET", + "/intel/queries/rules/v1", + "Search for rule IDs that match provided filter criteria.", + "intel", + [ + { + type: "integer", + description: "Set the starting row number to return reports from. Defaults to 0.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The number of rule IDs to return. Defaults to 10.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Order fields in ascending or descending order.\n\nEx: created_date|asc.", + name: "sort", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Search by rule title.", + name: "name", + in: "query", + }, + { + type: "string", + description: + "The rule news report type. Accepted values:\n\nsnort-suricata-master\n\nsnort-suricata-update\n\nsnort-suricata-changelog\n\nyara-master\n\nyara-update\n\nyara-changelog\n\ncommon-event-format\n\nnetwitness", + name: "type", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Substring match on description field.", + name: "description", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Search for rule tags.", + name: "tags", + in: "query", + }, + { + type: "integer", + description: "Filter results to those created on or after a certain date.", + name: "min_created_date", + in: "query", + }, + { + type: "string", + description: "Filter results to those created on or before a certain date.", + name: "max_created_date", + in: "query", + }, + { + type: "string", + description: "Perform a generic substring search across all fields.", + name: "q", + in: "query", + }, + ], + ], + [ + "QueryVulnerabilities", + "GET", + "/intel/queries/vulnerabilities/v1", + "Get vulnerabilities IDs", + "intel", + [ + { + type: "string", + description: "Starting index of result set from which to return IDs.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of IDs to return.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Order by fields.", + name: "sort", + in: "query", + }, + { + type: "string", + description: "FQL query specifying the filter parameters.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Match phrase_prefix query criteria; included fields: _all (all filter string fields indexed).", + name: "q", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/ioa_exclusions.ts b/src/_endpoints/ioa_exclusions.ts index e2234245..e4de00c8 100644 --- a/src/_endpoints/ioa_exclusions.ts +++ b/src/_endpoints/ioa_exclusions.ts @@ -3,63 +3,129 @@ * consumed and interpreted by Falcon.command(...) */ export const _ioa_exclusions_endpoints: Array = [ - ["getIOAExclusionsV1", "GET", "/policy/entities/ioa-exclusions/v1", "Get a set of IOA Exclusions by specifying their IDs", "ioa_exclusions", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The ids of the exclusions to retrieve", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["createIOAExclusionsV1", "POST", "/policy/entities/ioa-exclusions/v1", "Create the IOA exclusions", "ioa_exclusions", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["updateIOAExclusionsV1", "PATCH", "/policy/entities/ioa-exclusions/v1", "Update the IOA exclusions", "ioa_exclusions", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteIOAExclusionsV1", "DELETE", "/policy/entities/ioa-exclusions/v1", "Delete the IOA exclusions by id", "ioa_exclusions", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The ids of the exclusions to delete", - "name": "ids", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Explains why this exclusions was deleted", - "name": "comment", - "in": "query" - }]], - ["queryIOAExclusionsV1", "GET", "/policy/queries/ioa-exclusions/v1", "Search for IOA exclusions.", "ioa_exclusions", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results.", - "name": "filter", - "in": "query" - }, { - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "enum": ["applied_globally.asc", "applied_globally.desc", "created_by.asc", "created_by.desc", "created_on.asc", "created_on.desc", "last_modified.asc", "last_modified.desc", "modified_by.asc", "modified_by.desc", "name.asc", "name.desc", "pattern_id.asc", "pattern_id.desc", "pattern_name.asc", "pattern_name.desc"], - "type": "string", - "description": "The sort expression that should be used to sort the results.", - "name": "sort", - "in": "query" - }]] -]; \ No newline at end of file + [ + "getIOAExclusionsV1", + "GET", + "/policy/entities/ioa-exclusions/v1", + "Get a set of IOA Exclusions by specifying their IDs", + "ioa_exclusions", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The ids of the exclusions to retrieve", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createIOAExclusionsV1", + "POST", + "/policy/entities/ioa-exclusions/v1", + "Create the IOA exclusions", + "ioa_exclusions", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updateIOAExclusionsV1", + "PATCH", + "/policy/entities/ioa-exclusions/v1", + "Update the IOA exclusions", + "ioa_exclusions", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteIOAExclusionsV1", + "DELETE", + "/policy/entities/ioa-exclusions/v1", + "Delete the IOA exclusions by id", + "ioa_exclusions", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The ids of the exclusions to delete", + name: "ids", + in: "query", + required: 1, + }, + { + type: "string", + description: "Explains why this exclusions was deleted", + name: "comment", + in: "query", + }, + ], + ], + [ + "queryIOAExclusionsV1", + "GET", + "/policy/queries/ioa-exclusions/v1", + "Search for IOA exclusions.", + "ioa_exclusions", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results.", + name: "filter", + in: "query", + }, + { + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + enum: [ + "applied_globally.asc", + "applied_globally.desc", + "created_by.asc", + "created_by.desc", + "created_on.asc", + "created_on.desc", + "last_modified.asc", + "last_modified.desc", + "modified_by.asc", + "modified_by.desc", + "name.asc", + "name.desc", + "pattern_id.asc", + "pattern_id.desc", + "pattern_name.asc", + "pattern_name.desc", + ], + type: "string", + description: "The sort expression that should be used to sort the results.", + name: "sort", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/ioc.ts b/src/_endpoints/ioc.ts index b93c94d0..a8c4ceba 100644 --- a/src/_endpoints/ioc.ts +++ b/src/_endpoints/ioc.ts @@ -3,210 +3,390 @@ * consumed and interpreted by Falcon.command(...) */ export const _ioc_endpoints: Array = [ - ["indicator_aggregate_v1", "POST", "/iocs/aggregates/indicators/v1", "Get Indicators aggregates as specified via json in the request body.", "ioc", [{ - "type": "string", - "description": "The filter to narrow down the aggregation data", - "name": "filter", - "in": "query" - }, { - "type": "boolean", - "description": "The filter for returning either only indicators for the request customer or its MSSP parents", - "name": "from_parent", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["indicator_combined_v1", "GET", "/iocs/combined/indicator/v1", "Get Combined for Indicators.", "ioc", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results.", - "name": "filter", - "in": "query" - }, { - "type": "integer", - "description": "The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum records to return.", - "name": "limit", - "in": "query" - }, { - "enum": ["action", "applied_globally", "metadata.av_hits", "metadata.company_name.raw", "created_by", "created_on", "expiration", "expired", "metadata.filename.raw", "modified_by", "modified_on", "metadata.original_filename.raw", "metadata.product_name.raw", "metadata.product_version", "severity_number", "source", "type", "value"], - "type": "string", - "description": "The sort expression that should be used to sort the results.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an 'after' token. On subsequent requests, provide the 'after' token from the previous response to continue from that place in the results. To access more than 10k indicators, use the 'after' parameter instead of 'offset'.", - "name": "after", - "in": "query" - }, { - "type": "boolean", - "description": "The filter for returning either only indicators for the request customer or its MSSP parents", - "name": "from_parent", - "in": "query" - }]], - ["action_get_v1", "GET", "/iocs/entities/actions/v1", "Get Actions by ids.", "ioc", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The ids of the Actions to retrieve", - "name": "ids", - "in": "query" - }]], - ["GetIndicatorsReport", "POST", "/iocs/entities/indicators-reports/v1", "Launch an indicators report creation job", "ioc", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["indicator_get_v1", "GET", "/iocs/entities/indicators/v1", "Get Indicators by ids.", "ioc", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The ids of the Indicators to retrieve", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["indicator_create_v1", "POST", "/iocs/entities/indicators/v1", "Create Indicators.", "ioc", [{ - "type": "boolean", - "description": "Whether to submit to retrodetects", - "name": "retrodetects", - "in": "query" - }, { - "type": "boolean", - "default": 0, - "description": "Set to true to ignore warnings and add all IOCs", - "name": "ignore_warnings", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["indicator_update_v1", "PATCH", "/iocs/entities/indicators/v1", "Update Indicators.", "ioc", [{ - "type": "boolean", - "description": "Whether to submit to retrodetects", - "name": "retrodetects", - "in": "query" - }, { - "type": "boolean", - "default": 0, - "description": "Set to true to ignore warnings and add all IOCs", - "name": "ignore_warnings", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["indicator_delete_v1", "DELETE", "/iocs/entities/indicators/v1", "Delete Indicators by ids.", "ioc", [{ - "type": "string", - "description": "The FQL expression to delete Indicators in bulk. If both 'filter' and 'ids' are provided, then filter takes precedence and ignores ids.", - "name": "filter", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The ids of the Indicators to delete. If both 'filter' and 'ids' are provided, then filter takes precedence and ignores ids", - "name": "ids", - "in": "query" - }, { - "type": "string", - "description": "The comment why these indicators were deleted", - "name": "comment", - "in": "query" - }, { - "type": "boolean", - "description": "The filter for returning either only indicators for the request customer or its MSSP parents", - "name": "from_parent", - "in": "query" - }]], - ["action_query_v1", "GET", "/iocs/queries/actions/v1", "Query Actions.", "ioc", [{ - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }]], - ["indicator_search_v1", "GET", "/iocs/queries/indicators/v1", "Search for Indicators.", "ioc", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results.", - "name": "filter", - "in": "query" - }, { - "type": "integer", - "description": "The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum records to return.", - "name": "limit", - "in": "query" - }, { - "enum": ["action", "applied_globally", "metadata.av_hits", "metadata.company_name.raw", "created_by", "created_on", "expiration", "expired", "metadata.filename.raw", "modified_by", "modified_on", "metadata.original_filename.raw", "metadata.product_name.raw", "metadata.product_version", "severity_number", "source", "type", "value"], - "type": "string", - "description": "The sort expression that should be used to sort the results.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an 'after' token. On subsequent requests, provide the 'after' token from the previous response to continue from that place in the results. To access more than 10k indicators, use the 'after' parameter instead of 'offset'.", - "name": "after", - "in": "query" - }, { - "type": "boolean", - "description": "The filter for returning either only indicators for the request customer or its MSSP parents", - "name": "from_parent", - "in": "query" - }]], - ["ioc_type_query_v1", "GET", "/iocs/queries/ioc-types/v1", "Query IOC Types.", "ioc", [{ - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }]], - ["platform_query_v1", "GET", "/iocs/queries/platforms/v1", "Query Platforms.", "ioc", [{ - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }]], - ["severity_query_v1", "GET", "/iocs/queries/severities/v1", "Query Severities.", "ioc", [{ - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }]] -]; \ No newline at end of file + [ + "indicator_aggregate_v1", + "POST", + "/iocs/aggregates/indicators/v1", + "Get Indicators aggregates as specified via json in the request body.", + "ioc", + [ + { + type: "string", + description: "The filter to narrow down the aggregation data", + name: "filter", + in: "query", + }, + { + type: "boolean", + description: "The filter for returning either only indicators for the request customer or its MSSP parents", + name: "from_parent", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "indicator_combined_v1", + "GET", + "/iocs/combined/indicator/v1", + "Get Combined for Indicators.", + "ioc", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results.", + name: "filter", + in: "query", + }, + { + type: "integer", + description: "The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return.", + name: "limit", + in: "query", + }, + { + enum: [ + "action", + "applied_globally", + "metadata.av_hits", + "metadata.company_name.raw", + "created_by", + "created_on", + "expiration", + "expired", + "metadata.filename.raw", + "modified_by", + "modified_on", + "metadata.original_filename.raw", + "metadata.product_name.raw", + "metadata.product_version", + "severity_number", + "source", + "type", + "value", + ], + type: "string", + description: "The sort expression that should be used to sort the results.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an 'after' token. On subsequent requests, provide the 'after' token from the previous response to continue from that place in the results. To access more than 10k indicators, use the 'after' parameter instead of 'offset'.", + name: "after", + in: "query", + }, + { + type: "boolean", + description: "The filter for returning either only indicators for the request customer or its MSSP parents", + name: "from_parent", + in: "query", + }, + ], + ], + [ + "action_get_v1", + "GET", + "/iocs/entities/actions/v1", + "Get Actions by ids.", + "ioc", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The ids of the Actions to retrieve", + name: "ids", + in: "query", + }, + ], + ], + [ + "GetIndicatorsReport", + "POST", + "/iocs/entities/indicators-reports/v1", + "Launch an indicators report creation job", + "ioc", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "indicator_get_v1", + "GET", + "/iocs/entities/indicators/v1", + "Get Indicators by ids.", + "ioc", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The ids of the Indicators to retrieve", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "indicator_create_v1", + "POST", + "/iocs/entities/indicators/v1", + "Create Indicators.", + "ioc", + [ + { + type: "boolean", + description: "Whether to submit to retrodetects", + name: "retrodetects", + in: "query", + }, + { + type: "boolean", + default: 0, + description: "Set to true to ignore warnings and add all IOCs", + name: "ignore_warnings", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "indicator_update_v1", + "PATCH", + "/iocs/entities/indicators/v1", + "Update Indicators.", + "ioc", + [ + { + type: "boolean", + description: "Whether to submit to retrodetects", + name: "retrodetects", + in: "query", + }, + { + type: "boolean", + default: 0, + description: "Set to true to ignore warnings and add all IOCs", + name: "ignore_warnings", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "indicator_delete_v1", + "DELETE", + "/iocs/entities/indicators/v1", + "Delete Indicators by ids.", + "ioc", + [ + { + type: "string", + description: "The FQL expression to delete Indicators in bulk. If both 'filter' and 'ids' are provided, then filter takes precedence and ignores ids.", + name: "filter", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The ids of the Indicators to delete. If both 'filter' and 'ids' are provided, then filter takes precedence and ignores ids", + name: "ids", + in: "query", + }, + { + type: "string", + description: "The comment why these indicators were deleted", + name: "comment", + in: "query", + }, + { + type: "boolean", + description: "The filter for returning either only indicators for the request customer or its MSSP parents", + name: "from_parent", + in: "query", + }, + ], + ], + [ + "action_query_v1", + "GET", + "/iocs/queries/actions/v1", + "Query Actions.", + "ioc", + [ + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + ], + ], + [ + "indicator_search_v1", + "GET", + "/iocs/queries/indicators/v1", + "Search for Indicators.", + "ioc", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results.", + name: "filter", + in: "query", + }, + { + type: "integer", + description: "The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return.", + name: "limit", + in: "query", + }, + { + enum: [ + "action", + "applied_globally", + "metadata.av_hits", + "metadata.company_name.raw", + "created_by", + "created_on", + "expiration", + "expired", + "metadata.filename.raw", + "modified_by", + "modified_on", + "metadata.original_filename.raw", + "metadata.product_name.raw", + "metadata.product_version", + "severity_number", + "source", + "type", + "value", + ], + type: "string", + description: "The sort expression that should be used to sort the results.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an 'after' token. On subsequent requests, provide the 'after' token from the previous response to continue from that place in the results. To access more than 10k indicators, use the 'after' parameter instead of 'offset'.", + name: "after", + in: "query", + }, + { + type: "boolean", + description: "The filter for returning either only indicators for the request customer or its MSSP parents", + name: "from_parent", + in: "query", + }, + ], + ], + [ + "ioc_type_query_v1", + "GET", + "/iocs/queries/ioc-types/v1", + "Query IOC Types.", + "ioc", + [ + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + ], + ], + [ + "platform_query_v1", + "GET", + "/iocs/queries/platforms/v1", + "Query Platforms.", + "ioc", + [ + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + ], + ], + [ + "severity_query_v1", + "GET", + "/iocs/queries/severities/v1", + "Query Severities.", + "ioc", + [ + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/iocs.ts b/src/_endpoints/iocs.ts index adc1ea3f..06b47d54 100644 --- a/src/_endpoints/iocs.ts +++ b/src/_endpoints/iocs.ts @@ -3,180 +3,291 @@ * consumed and interpreted by Falcon.command(...) */ export const _iocs_endpoints: Array = [ - ["DevicesCount", "GET", "/indicators/aggregates/devices-count/v1", "Number of hosts in your customer account that have observed a given custom IOC", "iocs", [{ - "type": "string", - "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", - "name": "type", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The string representation of the indicator", - "name": "value", - "in": "query", - "required": 1 - }]], - ["GetIOC", "GET", "/indicators/entities/iocs/v1", "Get an IOC by providing a type and value. *** Deprecated - Use the new IOC Management endpoint (GET /iocs/entities/indicators/v1). ***", "iocs", [{ - "type": "string", - "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", - "name": "type", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The string representation of the indicator", - "name": "value", - "in": "query", - "required": 1 - }]], - ["CreateIOC", "POST", "/indicators/entities/iocs/v1", "Create a new IOC. *** Deprecated - Use the new IOC Management endpoint (POST /iocs/entities/indicators/v1). ***", "iocs", [{ - "description": "Create a new IOC by providing a JSON object that includes these key/value pairs:\n\n**type** (required): The type of the indicator. Valid values:\n\n- sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\n- md5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\n- domain: A domain name. Length - min: 1, max: 200.\n\n- ipv4: An IPv4 address. Must be a valid IP address.\n\n- ipv6: An IPv6 address. Must be a valid IP address.\n\n**value** (required): The string representation of the indicator.\n\n**policy** (required): Action to take when a host observes the custom IOC. Values:\n\n- detect: Enable detections for this custom IOC\n\n- none: Disable detections for this custom IOC\n\n**share_level** (optional): Visibility of this custom IOC. All custom IOCs are visible only within your customer account, so only one value is valid:\n\n- red\n\n**expiration_days** (optional): Number of days this custom IOC is active. Only applies for the types `domain`, `ipv4`, and `ipv6`.\n\n**source** (optional): The source where this indicator originated. This can be used for tracking where this indicator was defined. Limit 200 characters.\n\n**description** (optional): Descriptive label for this custom IOC", - "name": "body", - "in": "body", - "required": 1 - }]], - ["UpdateIOC", "PATCH", "/indicators/entities/iocs/v1", "Update an IOC by providing a type and value. *** Deprecated - Use the new IOC Management endpoint (PATCH /iocs/entities/indicators/v1). ***", "iocs", [{ - "name": "body", - "in": "body", - "required": 1 - }, { - "type": "string", - "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", - "name": "type", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The string representation of the indicator", - "name": "value", - "in": "query", - "required": 1 - }]], - ["DeleteIOC", "DELETE", "/indicators/entities/iocs/v1", "Delete an IOC by providing a type and value. *** Deprecated - Use the new IOC Management endpoint (DELETE /iocs/entities/indicators/v1). ***", "iocs", [{ - "type": "string", - "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", - "name": "type", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The string representation of the indicator", - "name": "value", - "in": "query", - "required": 1 - }]], - ["DevicesRanOn", "GET", "/indicators/queries/devices/v1", "Find hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v1", "iocs", [{ - "type": "string", - "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", - "name": "type", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The string representation of the indicator", - "name": "value", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The first process to return, where 0 is the latest offset. Use with the offset parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.", - "name": "offset", - "in": "query" - }]], - ["QueryIOCs", "GET", "/indicators/queries/iocs/v1", "Search the custom IOCs in your customer account. *** Deprecated - Use the new IOC Management endpoint (GET /iocs/queries/indicators/v1). ***", "iocs", [{ - "type": "string", - "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", - "name": "types", - "in": "query" - }, { - "type": "string", - "description": "The string representation of the indicator", - "name": "values", - "in": "query" - }, { - "type": "string", - "description": "Find custom IOCs created after this time (RFC-3339 timestamp)", - "name": "from.expiration_timestamp", - "in": "query" - }, { - "type": "string", - "description": "Find custom IOCs created before this time (RFC-3339 timestamp)", - "name": "to.expiration_timestamp", - "in": "query" - }, { - "type": "string", - "description": "\\ndetect: Find custom IOCs that produce notifications\\n\\nnone: Find custom IOCs the particular indicator has been detected on a host. This is equivalent to turning the indicator off.\n", - "name": "policies", - "in": "query" - }, { - "type": "string", - "description": "The source where this indicator originated. This can be used for tracking where this indicator was defined. Limit 200 characters.", - "name": "sources", - "in": "query" - }, { - "type": "string", - "description": "The level at which the indicator will be shared. Currently only red share level (not shared) is supported, indicating that the IOC isn't shared with other FH customers.", - "name": "share_levels", - "in": "query" - }, { - "type": "string", - "description": "created_by", - "name": "created_by", - "in": "query" - }, { - "type": "string", - "description": "The user or API client who deleted the custom IOC", - "name": "deleted_by", - "in": "query" - }, { - "type": "string", - "description": "\ntrue: Include deleted IOCs\n\nfalse: Don't include deleted IOCs (default)\n", - "name": "include_deleted", - "in": "query" - }]], - ["ProcessesRanOn", "GET", "/indicators/queries/processes/v1", "Search for processes associated with a custom IOC", "iocs", [{ - "type": "string", - "description": "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", - "name": "type", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The string representation of the indicator", - "name": "value", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Specify a host's ID to return only processes from that host. Get a host's ID from GET /devices/queries/devices/v1, the Falcon console, or the Streaming API.", - "name": "device_id", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "The first process to return, where 0 is the latest offset. Use with the offset parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.", - "name": "offset", - "in": "query" - }]], - ["entities_processes", "GET", "/processes/entities/processes/v1", "For the provided ProcessID retrieve the process details", "iocs", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "ProcessID for the running process you want to lookup", - "name": "ids", - "in": "query", - "required": 1 - }]] -]; \ No newline at end of file + [ + "DevicesCount", + "GET", + "/indicators/aggregates/devices-count/v1", + "Number of hosts in your customer account that have observed a given custom IOC", + "iocs", + [ + { + type: "string", + description: + "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + name: "type", + in: "query", + required: 1, + }, + { + type: "string", + description: "The string representation of the indicator", + name: "value", + in: "query", + required: 1, + }, + ], + ], + [ + "GetIOC", + "GET", + "/indicators/entities/iocs/v1", + "Get an IOC by providing a type and value. *** Deprecated - Use the new IOC Management endpoint (GET /iocs/entities/indicators/v1). ***", + "iocs", + [ + { + type: "string", + description: + "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + name: "type", + in: "query", + required: 1, + }, + { + type: "string", + description: "The string representation of the indicator", + name: "value", + in: "query", + required: 1, + }, + ], + ], + [ + "CreateIOC", + "POST", + "/indicators/entities/iocs/v1", + "Create a new IOC. *** Deprecated - Use the new IOC Management endpoint (POST /iocs/entities/indicators/v1). ***", + "iocs", + [ + { + description: + "Create a new IOC by providing a JSON object that includes these key/value pairs:\n\n**type** (required): The type of the indicator. Valid values:\n\n- sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\n- md5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\n- domain: A domain name. Length - min: 1, max: 200.\n\n- ipv4: An IPv4 address. Must be a valid IP address.\n\n- ipv6: An IPv6 address. Must be a valid IP address.\n\n**value** (required): The string representation of the indicator.\n\n**policy** (required): Action to take when a host observes the custom IOC. Values:\n\n- detect: Enable detections for this custom IOC\n\n- none: Disable detections for this custom IOC\n\n**share_level** (optional): Visibility of this custom IOC. All custom IOCs are visible only within your customer account, so only one value is valid:\n\n- red\n\n**expiration_days** (optional): Number of days this custom IOC is active. Only applies for the types `domain`, `ipv4`, and `ipv6`.\n\n**source** (optional): The source where this indicator originated. This can be used for tracking where this indicator was defined. Limit 200 characters.\n\n**description** (optional): Descriptive label for this custom IOC", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "UpdateIOC", + "PATCH", + "/indicators/entities/iocs/v1", + "Update an IOC by providing a type and value. *** Deprecated - Use the new IOC Management endpoint (PATCH /iocs/entities/indicators/v1). ***", + "iocs", + [ + { + name: "body", + in: "body", + required: 1, + }, + { + type: "string", + description: + "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + name: "type", + in: "query", + required: 1, + }, + { + type: "string", + description: "The string representation of the indicator", + name: "value", + in: "query", + required: 1, + }, + ], + ], + [ + "DeleteIOC", + "DELETE", + "/indicators/entities/iocs/v1", + "Delete an IOC by providing a type and value. *** Deprecated - Use the new IOC Management endpoint (DELETE /iocs/entities/indicators/v1). ***", + "iocs", + [ + { + type: "string", + description: + "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + name: "type", + in: "query", + required: 1, + }, + { + type: "string", + description: "The string representation of the indicator", + name: "value", + in: "query", + required: 1, + }, + ], + ], + [ + "DevicesRanOn", + "GET", + "/indicators/queries/devices/v1", + "Find hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v1", + "iocs", + [ + { + type: "string", + description: + "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + name: "type", + in: "query", + required: 1, + }, + { + type: "string", + description: "The string representation of the indicator", + name: "value", + in: "query", + required: 1, + }, + { + type: "string", + description: "The first process to return, where 0 is the latest offset. Use with the offset parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.", + name: "offset", + in: "query", + }, + ], + ], + [ + "QueryIOCs", + "GET", + "/indicators/queries/iocs/v1", + "Search the custom IOCs in your customer account. *** Deprecated - Use the new IOC Management endpoint (GET /iocs/queries/indicators/v1). ***", + "iocs", + [ + { + type: "string", + description: + "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + name: "types", + in: "query", + }, + { + type: "string", + description: "The string representation of the indicator", + name: "values", + in: "query", + }, + { + type: "string", + description: "Find custom IOCs created after this time (RFC-3339 timestamp)", + name: "from.expiration_timestamp", + in: "query", + }, + { + type: "string", + description: "Find custom IOCs created before this time (RFC-3339 timestamp)", + name: "to.expiration_timestamp", + in: "query", + }, + { + type: "string", + description: + "\\ndetect: Find custom IOCs that produce notifications\\n\\nnone: Find custom IOCs the particular indicator has been detected on a host. This is equivalent to turning the indicator off.\n", + name: "policies", + in: "query", + }, + { + type: "string", + description: "The source where this indicator originated. This can be used for tracking where this indicator was defined. Limit 200 characters.", + name: "sources", + in: "query", + }, + { + type: "string", + description: "The level at which the indicator will be shared. Currently only red share level (not shared) is supported, indicating that the IOC isn't shared with other FH customers.", + name: "share_levels", + in: "query", + }, + { + type: "string", + description: "created_by", + name: "created_by", + in: "query", + }, + { + type: "string", + description: "The user or API client who deleted the custom IOC", + name: "deleted_by", + in: "query", + }, + { + type: "string", + description: "\ntrue: Include deleted IOCs\n\nfalse: Don't include deleted IOCs (default)\n", + name: "include_deleted", + in: "query", + }, + ], + ], + [ + "ProcessesRanOn", + "GET", + "/indicators/queries/processes/v1", + "Search for processes associated with a custom IOC", + "iocs", + [ + { + type: "string", + description: + "\nThe type of the indicator. Valid types include:\n\nsha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.\n\nmd5: A hex-encoded md5 hash string. Length - min 32, max: 32.\n\ndomain: A domain name. Length - min: 1, max: 200.\n\nipv4: An IPv4 address. Must be a valid IP address.\n\nipv6: An IPv6 address. Must be a valid IP address.\n", + name: "type", + in: "query", + required: 1, + }, + { + type: "string", + description: "The string representation of the indicator", + name: "value", + in: "query", + required: 1, + }, + { + type: "string", + description: "Specify a host's ID to return only processes from that host. Get a host's ID from GET /devices/queries/devices/v1, the Falcon console, or the Streaming API.", + name: "device_id", + in: "query", + required: 1, + }, + { + type: "string", + description: "The first process to return, where 0 is the latest offset. Use with the offset parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.", + name: "offset", + in: "query", + }, + ], + ], + [ + "entities_processes", + "GET", + "/processes/entities/processes/v1", + "For the provided ProcessID retrieve the process details", + "iocs", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "ProcessID for the running process you want to lookup", + name: "ids", + in: "query", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/kubernetes_protection.ts b/src/_endpoints/kubernetes_protection.ts index ceb98d5d..621b403a 100644 --- a/src/_endpoints/kubernetes_protection.ts +++ b/src/_endpoints/kubernetes_protection.ts @@ -3,368 +3,541 @@ * consumed and interpreted by Falcon.command(...) */ export const _kubernetes_protection_endpoints: Array = [ - ["GetAWSAccountsMixin0", "GET", "/kubernetes-protection/entities/accounts/aws/v1", "Provides a list of AWS accounts.", "kubernetes_protection", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "AWS Account IDs", - "name": "ids", - "in": "query" - }, { - "pattern": "^(true|false)$", - "enum": ["false", "true"], - "type": "string", - "description": "Filter by whether an account originates from Horizon or not", - "name": "is_horizon_acct", - "in": "query" - }, { - "pattern": "^(provisioned|operational)$", - "enum": ["operational", "provisioned"], - "type": "string", - "description": "Filter by account status", - "name": "status", - "in": "query" - }, { - "maximum": 1000, - "minimum": 0, - "type": "integer", - "description": "Limit returned accounts", - "name": "limit", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "Offset returned accounts", - "name": "offset", - "in": "query" - }]], - ["CreateAWSAccount", "POST", "/kubernetes-protection/entities/accounts/aws/v1", "Creates a new AWS account in our system for a customer and generates the installation script", "kubernetes_protection", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["UpdateAWSAccount", "PATCH", "/kubernetes-protection/entities/accounts/aws/v1", "Updates the AWS account per the query parameters provided", "kubernetes_protection", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "AWS Account ID", - "name": "ids", - "in": "query", - "required": 1 - }, { - "pattern": "^[a-z\\d-]+$", - "type": "string", - "description": "Default Region for Account Automation", - "name": "region", - "in": "query" - }]], - ["DeleteAWSAccountsMixin0", "DELETE", "/kubernetes-protection/entities/accounts/aws/v1", "Delete AWS accounts.", "kubernetes_protection", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "AWS Account IDs", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["ListAzureAccounts", "GET", "/kubernetes-protection/entities/accounts/azure/v1", "Provides the azure subscriptions registered to Kubernetes Protection", "kubernetes_protection", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Azure Tenant IDs", - "name": "ids", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Azure Subscription IDs", - "name": "subscription_id", - "in": "query" - }, { - "pattern": "^(provisioned|operational)$", - "enum": ["operational", "provisioned"], - "type": "string", - "description": "Filter by account status", - "name": "status", - "in": "query" - }, { - "pattern": "^(true|false)$", - "enum": ["false", "true"], - "type": "string", - "description": "Filter by whether an account originates from Horizon or not", - "name": "is_horizon_acct", - "in": "query" - }, { - "maximum": 1000, - "minimum": 0, - "type": "integer", - "description": "Limit returned accounts", - "name": "limit", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "Offset returned accounts", - "name": "offset", - "in": "query" - }]], - ["CreateAzureSubscription", "POST", "/kubernetes-protection/entities/accounts/azure/v1", "Creates a new Azure Subscription in our system", "kubernetes_protection", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["DeleteAzureSubscription", "DELETE", "/kubernetes-protection/entities/accounts/azure/v1", "Deletes a new Azure Subscription in our system", "kubernetes_protection", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Azure Subscription IDs", - "name": "ids", - "in": "query" - }]], - ["GetLocations", "GET", "/kubernetes-protection/entities/cloud-locations/v1", "Provides the cloud locations acknowledged by the Kubernetes Protection service", "kubernetes_protection", [{ - "enum": ["aws", "azure", "gcp"], - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Cloud Provider", - "name": "clouds", - "in": "query" - }]], - ["GetCombinedCloudClusters", "GET", "/kubernetes-protection/entities/cloud_cluster/v1", "Returns a combined list of provisioned cloud accounts and known kubernetes clusters", "kubernetes_protection", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Cloud location", - "name": "locations", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Cloud Account IDs", - "name": "ids", - "in": "query" - }, { - "enum": ["aks", "eks"], - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Cluster Service", - "name": "cluster_service", - "in": "query" - }, { - "enum": ["Not Installed", "Running", "Stopped"], - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Cluster Status", - "name": "cluster_status", - "in": "query" - }, { - "maximum": 1000, - "minimum": 0, - "type": "integer", - "description": "Limit returned accounts", - "name": "limit", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "Offset returned accounts", - "name": "offset", - "in": "query" - }]], - ["GetAzureTenantConfig", "GET", "/kubernetes-protection/entities/config/azure/v1", "Gets the Azure tenant Config", "kubernetes_protection", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Azure Tenant IDs", - "name": "ids", - "in": "query" - }, { - "maximum": 1000, - "minimum": 0, - "type": "integer", - "description": "Limit returned accounts", - "name": "limit", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "Offset returned accounts", - "name": "offset", - "in": "query" - }]], + [ + "GetAWSAccountsMixin0", + "GET", + "/kubernetes-protection/entities/accounts/aws/v1", + "Provides a list of AWS accounts.", + "kubernetes_protection", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "AWS Account IDs", + name: "ids", + in: "query", + }, + { + pattern: "^(true|false)$", + enum: ["false", "true"], + type: "string", + description: "Filter by whether an account originates from Horizon or not", + name: "is_horizon_acct", + in: "query", + }, + { + pattern: "^(provisioned|operational)$", + enum: ["operational", "provisioned"], + type: "string", + description: "Filter by account status", + name: "status", + in: "query", + }, + { + maximum: 1000, + minimum: 0, + type: "integer", + description: "Limit returned accounts", + name: "limit", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "Offset returned accounts", + name: "offset", + in: "query", + }, + ], + ], + [ + "CreateAWSAccount", + "POST", + "/kubernetes-protection/entities/accounts/aws/v1", + "Creates a new AWS account in our system for a customer and generates the installation script", + "kubernetes_protection", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "UpdateAWSAccount", + "PATCH", + "/kubernetes-protection/entities/accounts/aws/v1", + "Updates the AWS account per the query parameters provided", + "kubernetes_protection", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "AWS Account ID", + name: "ids", + in: "query", + required: 1, + }, + { + pattern: "^[a-z\\d-]+$", + type: "string", + description: "Default Region for Account Automation", + name: "region", + in: "query", + }, + ], + ], + [ + "DeleteAWSAccountsMixin0", + "DELETE", + "/kubernetes-protection/entities/accounts/aws/v1", + "Delete AWS accounts.", + "kubernetes_protection", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "AWS Account IDs", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "ListAzureAccounts", + "GET", + "/kubernetes-protection/entities/accounts/azure/v1", + "Provides the azure subscriptions registered to Kubernetes Protection", + "kubernetes_protection", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Azure Tenant IDs", + name: "ids", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Azure Subscription IDs", + name: "subscription_id", + in: "query", + }, + { + pattern: "^(provisioned|operational)$", + enum: ["operational", "provisioned"], + type: "string", + description: "Filter by account status", + name: "status", + in: "query", + }, + { + pattern: "^(true|false)$", + enum: ["false", "true"], + type: "string", + description: "Filter by whether an account originates from Horizon or not", + name: "is_horizon_acct", + in: "query", + }, + { + maximum: 1000, + minimum: 0, + type: "integer", + description: "Limit returned accounts", + name: "limit", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "Offset returned accounts", + name: "offset", + in: "query", + }, + ], + ], + [ + "CreateAzureSubscription", + "POST", + "/kubernetes-protection/entities/accounts/azure/v1", + "Creates a new Azure Subscription in our system", + "kubernetes_protection", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "DeleteAzureSubscription", + "DELETE", + "/kubernetes-protection/entities/accounts/azure/v1", + "Deletes a new Azure Subscription in our system", + "kubernetes_protection", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Azure Subscription IDs", + name: "ids", + in: "query", + }, + ], + ], + [ + "GetLocations", + "GET", + "/kubernetes-protection/entities/cloud-locations/v1", + "Provides the cloud locations acknowledged by the Kubernetes Protection service", + "kubernetes_protection", + [ + { + enum: ["aws", "azure", "gcp"], + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Cloud Provider", + name: "clouds", + in: "query", + }, + ], + ], + [ + "GetCombinedCloudClusters", + "GET", + "/kubernetes-protection/entities/cloud_cluster/v1", + "Returns a combined list of provisioned cloud accounts and known kubernetes clusters", + "kubernetes_protection", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Cloud location", + name: "locations", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Cloud Account IDs", + name: "ids", + in: "query", + }, + { + enum: ["aks", "eks"], + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Cluster Service", + name: "cluster_service", + in: "query", + }, + { + enum: ["Not Installed", "Running", "Stopped"], + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Cluster Status", + name: "cluster_status", + in: "query", + }, + { + maximum: 1000, + minimum: 0, + type: "integer", + description: "Limit returned accounts", + name: "limit", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "Offset returned accounts", + name: "offset", + in: "query", + }, + ], + ], + [ + "GetAzureTenantConfig", + "GET", + "/kubernetes-protection/entities/config/azure/v1", + "Gets the Azure tenant Config", + "kubernetes_protection", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Azure Tenant IDs", + name: "ids", + in: "query", + }, + { + maximum: 1000, + minimum: 0, + type: "integer", + description: "Limit returned accounts", + name: "limit", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "Offset returned accounts", + name: "offset", + in: "query", + }, + ], + ], ["GetStaticScripts", "GET", "/kubernetes-protection/entities/gen/scripts/v1", "Gets static bash scripts that are used during registration", "kubernetes_protection", []], - ["GetHelmValuesYaml", "GET", "/kubernetes-protection/entities/integration/agent/v1", "Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart", "kubernetes_protection", [{ - "type": "string", - "description": "Cluster name. For EKS it will be cluster ARN.", - "name": "cluster_name", - "in": "query", - "required": 1 - }, { - "type": "boolean", - "description": "Set to true if the cluster is not managed by a cloud provider, false if it is.", - "name": "is_self_managed_cluster", - "in": "query" - }]], + [ + "GetHelmValuesYaml", + "GET", + "/kubernetes-protection/entities/integration/agent/v1", + "Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart", + "kubernetes_protection", + [ + { + type: "string", + description: "Cluster name. For EKS it will be cluster ARN.", + name: "cluster_name", + in: "query", + required: 1, + }, + { + type: "boolean", + description: "Set to true if the cluster is not managed by a cloud provider, false if it is.", + name: "is_self_managed_cluster", + in: "query", + }, + ], + ], ["RegenerateAPIKey", "POST", "/kubernetes-protection/entities/integration/api-key/v1", "Regenerate API key for docker registry integrations", "kubernetes_protection", []], - ["GetClusters", "GET", "/kubernetes-protection/entities/kubernetes/clusters/v1", "Provides the clusters acknowledged by the Kubernetes Protection service", "kubernetes_protection", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Cluster name. For EKS it will be cluster ARN.", - "name": "cluster_names", - "in": "query" - }, { - "enum": ["Not Installed", "Running", "Stopped"], - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Cluster Status", - "name": "status", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Cluster Account id. For EKS it will be AWS account ID.", - "name": "account_ids", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Cloud location", - "name": "locations", - "in": "query" - }, { - "enum": ["aks", "eks"], - "type": "string", - "description": "Cluster Service", - "name": "cluster_service", - "in": "query" - }, { - "maximum": 1000, - "minimum": 0, - "type": "integer", - "description": "Limit returned accounts", - "name": "limit", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "Offset returned accounts", - "name": "offset", - "in": "query" - }]], - ["TriggerScan", "POST", "/kubernetes-protection/entities/scan/trigger/v1", "Triggers a dry run or a full scan of a customer's kubernetes footprint", "kubernetes_protection", [{ - "pattern": "^(dry-run|full|cluster-refresh)$", - "enum": ["cluster-refresh", "dry-run", "full"], - "type": "string", - "default": "dry-run", - "description": "Scan Type to do", - "name": "scan_type", - "in": "query", - "required": 1 - }]], - ["PatchAzureServicePrincipal", "PATCH", "/kubernetes-protection/entities/service-principal/azure/v1", "Adds the client ID for the given tenant ID to our system", "kubernetes_protection", [{ - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$", - "type": "string", - "description": "Azure Tenant ID", - "name": "id", - "in": "query", - "required": 1 - }, { - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$", - "type": "string", - "description": "Azure Client ID", - "name": "client_id", - "in": "query", - "required": 1 - }]], - ["GetAzureTenantIDs", "GET", "/kubernetes-protection/entities/tenants/azure/v1", "Provides all the azure subscriptions and tenants", "kubernetes_protection", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Azure Tenant IDs", - "name": "ids", - "in": "query" - }, { - "enum": ["Not Installed", "Running", "Stopped"], - "type": "string", - "description": "Cluster Status", - "name": "status", - "in": "query" - }, { - "maximum": 1000, - "minimum": 0, - "type": "integer", - "description": "Limit returned accounts", - "name": "limit", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "Offset returned accounts", - "name": "offset", - "in": "query" - }]], - ["GetAzureInstallScript", "GET", "/kubernetes-protection/entities/user-script/azure/v1", "Provides the script to run for a given tenant id and subscription IDs", "kubernetes_protection", [{ - "maxLength": 36, - "minLength": 36, - "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$", - "type": "string", - "description": "Azure Tenant ID", - "name": "id", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Azure Subscription IDs", - "name": "subscription_id", - "in": "query" - }]] -]; \ No newline at end of file + [ + "GetClusters", + "GET", + "/kubernetes-protection/entities/kubernetes/clusters/v1", + "Provides the clusters acknowledged by the Kubernetes Protection service", + "kubernetes_protection", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Cluster name. For EKS it will be cluster ARN.", + name: "cluster_names", + in: "query", + }, + { + enum: ["Not Installed", "Running", "Stopped"], + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Cluster Status", + name: "status", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Cluster Account id. For EKS it will be AWS account ID.", + name: "account_ids", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Cloud location", + name: "locations", + in: "query", + }, + { + enum: ["aks", "eks"], + type: "string", + description: "Cluster Service", + name: "cluster_service", + in: "query", + }, + { + maximum: 1000, + minimum: 0, + type: "integer", + description: "Limit returned accounts", + name: "limit", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "Offset returned accounts", + name: "offset", + in: "query", + }, + ], + ], + [ + "TriggerScan", + "POST", + "/kubernetes-protection/entities/scan/trigger/v1", + "Triggers a dry run or a full scan of a customer's kubernetes footprint", + "kubernetes_protection", + [ + { + pattern: "^(dry-run|full|cluster-refresh)$", + enum: ["cluster-refresh", "dry-run", "full"], + type: "string", + default: "dry-run", + description: "Scan Type to do", + name: "scan_type", + in: "query", + required: 1, + }, + ], + ], + [ + "PatchAzureServicePrincipal", + "PATCH", + "/kubernetes-protection/entities/service-principal/azure/v1", + "Adds the client ID for the given tenant ID to our system", + "kubernetes_protection", + [ + { + maxLength: 36, + minLength: 36, + pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$", + type: "string", + description: "Azure Tenant ID", + name: "id", + in: "query", + required: 1, + }, + { + maxLength: 36, + minLength: 36, + pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$", + type: "string", + description: "Azure Client ID", + name: "client_id", + in: "query", + required: 1, + }, + ], + ], + [ + "GetAzureTenantIDs", + "GET", + "/kubernetes-protection/entities/tenants/azure/v1", + "Provides all the azure subscriptions and tenants", + "kubernetes_protection", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Azure Tenant IDs", + name: "ids", + in: "query", + }, + { + enum: ["Not Installed", "Running", "Stopped"], + type: "string", + description: "Cluster Status", + name: "status", + in: "query", + }, + { + maximum: 1000, + minimum: 0, + type: "integer", + description: "Limit returned accounts", + name: "limit", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "Offset returned accounts", + name: "offset", + in: "query", + }, + ], + ], + [ + "GetAzureInstallScript", + "GET", + "/kubernetes-protection/entities/user-script/azure/v1", + "Provides the script to run for a given tenant id and subscription IDs", + "kubernetes_protection", + [ + { + maxLength: 36, + minLength: 36, + pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$", + type: "string", + description: "Azure Tenant ID", + name: "id", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Azure Subscription IDs", + name: "subscription_id", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/malquery.ts b/src/_endpoints/malquery.ts index 91139ce2..6ba761e7 100644 --- a/src/_endpoints/malquery.ts +++ b/src/_endpoints/malquery.ts @@ -4,68 +4,140 @@ */ export const _malquery_endpoints: Array = [ ["GetMalQueryQuotasV1", "GET", "/malquery/aggregates/quotas/v1", "Get information about search and download quotas in your environment", "malquery", []], - ["PostMalQueryFuzzySearchV1", "POST", "/malquery/combined/fuzzy-search/v1", "Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity.", "malquery", [{ - "description": "Fuzzy search parameters. See model for more details.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetMalQueryDownloadV1", "GET", "/malquery/entities/download-files/v1", "Download a file indexed by MalQuery. Specify the file using its SHA256. Only one file is supported at this time", "malquery", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "The file SHA256.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetMalQueryMetadataV1", "GET", "/malquery/entities/metadata/v1", "Retrieve indexed files metadata by their hash", "malquery", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "The file SHA256.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetMalQueryRequestV1", "GET", "/malquery/entities/requests/v1", "Check the status and results of an asynchronous request, such as hunt or exact-search. Supports a single request id at this time.", "malquery", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Identifier of a MalQuery request", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetMalQueryEntitiesSamplesFetchV1", "GET", "/malquery/entities/samples-fetch/v1", "Fetch a zip archive with password 'infected' containing the samples. Call this once the /entities/samples-multidownload request has finished processing", "malquery", [{ - "type": "string", - "description": "Multidownload job id", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["PostMalQueryEntitiesSamplesMultidownloadV1", "POST", "/malquery/entities/samples-multidownload/v1", "Schedule samples for download. Use the result id with the /request endpoint to check if the download is ready after which you can call the /entities/samples-fetch to get the zip", "malquery", [{ - "description": "Download request. See model for more details.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["PostMalQueryExactSearchV1", "POST", "/malquery/queries/exact-search/v1", "Search Falcon MalQuery for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. You can filter results on criteria such as file type, file size and first seen date. Returns a request id which can be used with the /request endpoint", "malquery", [{ - "description": "Exact search parameters. See model for more details.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["PostMalQueryHuntV1", "POST", "/malquery/queries/hunt/v1", "Schedule a YARA-based search for execution. Returns a request id which can be used with the /request endpoint", "malquery", [{ - "description": "Hunt parameters. See model for more details.", - "name": "body", - "in": "body", - "required": 1 - }]] -]; \ No newline at end of file + [ + "PostMalQueryFuzzySearchV1", + "POST", + "/malquery/combined/fuzzy-search/v1", + "Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity.", + "malquery", + [ + { + description: "Fuzzy search parameters. See model for more details.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetMalQueryDownloadV1", + "GET", + "/malquery/entities/download-files/v1", + "Download a file indexed by MalQuery. Specify the file using its SHA256. Only one file is supported at this time", + "malquery", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "The file SHA256.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetMalQueryMetadataV1", + "GET", + "/malquery/entities/metadata/v1", + "Retrieve indexed files metadata by their hash", + "malquery", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "The file SHA256.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetMalQueryRequestV1", + "GET", + "/malquery/entities/requests/v1", + "Check the status and results of an asynchronous request, such as hunt or exact-search. Supports a single request id at this time.", + "malquery", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Identifier of a MalQuery request", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetMalQueryEntitiesSamplesFetchV1", + "GET", + "/malquery/entities/samples-fetch/v1", + "Fetch a zip archive with password 'infected' containing the samples. Call this once the /entities/samples-multidownload request has finished processing", + "malquery", + [ + { + type: "string", + description: "Multidownload job id", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "PostMalQueryEntitiesSamplesMultidownloadV1", + "POST", + "/malquery/entities/samples-multidownload/v1", + "Schedule samples for download. Use the result id with the /request endpoint to check if the download is ready after which you can call the /entities/samples-fetch to get the zip", + "malquery", + [ + { + description: "Download request. See model for more details.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "PostMalQueryExactSearchV1", + "POST", + "/malquery/queries/exact-search/v1", + "Search Falcon MalQuery for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. You can filter results on criteria such as file type, file size and first seen date. Returns a request id which can be used with the /request endpoint", + "malquery", + [ + { + description: "Exact search parameters. See model for more details.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "PostMalQueryHuntV1", + "POST", + "/malquery/queries/hunt/v1", + "Schedule a YARA-based search for execution. Returns a request id which can be used with the /request endpoint", + "malquery", + [ + { + description: "Hunt parameters. See model for more details.", + name: "body", + in: "body", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/message_center.ts b/src/_endpoints/message_center.ts index 309ff28a..d60dbae7 100644 --- a/src/_endpoints/message_center.ts +++ b/src/_endpoints/message_center.ts @@ -3,115 +3,234 @@ * consumed and interpreted by Falcon.command(...) */ export const _message_center_endpoints: Array = [ - ["AggregateCases", "POST", "/message-center/aggregates/cases/GET/v1", "Retrieve aggregate case values based on the matched filter", "message_center", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetCaseActivityByIds", "POST", "/message-center/entities/case-activities/GET/v1", "Retrieve activities for given id's", "message_center", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["CaseAddActivity", "POST", "/message-center/entities/case-activity/v1", "Add an activity to case. Only activities of type comment are allowed via API", "message_center", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["CaseDownloadAttachment", "GET", "/message-center/entities/case-attachment/v1", "retrieves an attachment for the case, given the attachment id", "message_center", [{ - "type": "string", - "description": "attachment ID", - "name": "id", - "in": "query", - "required": 1 - }]], - ["CaseAddAttachment", "POST", "/message-center/entities/case-attachment/v1", "Upload an attachment for the case.", "message_center", [{ - "type": "string", - "description": "Case ID", - "name": "case_id", - "in": "formData", - "required": 1 - }, { - "type": "string", - "description": "User UUID", - "name": "user_uuid", - "in": "formData", - "required": 1 - }, { - "type": "file", - "description": "File Body", - "name": "file", - "in": "formData", - "required": 1 - }]], - ["CreateCase", "POST", "/message-center/entities/case/v1", "create a new case", "message_center", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["UpdateCase", "PATCH", "/message-center/entities/case/v1", "update an existing case", "message_center", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["CreateCaseV2", "POST", "/message-center/entities/case/v2", "create a new case", "message_center", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetCaseEntitiesByIDs", "POST", "/message-center/entities/cases/GET/v1", "Retrieve message center cases", "message_center", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["QueryActivityByCaseID", "GET", "/message-center/queries/case-activities/v1", "Retrieve activities id's for a case", "message_center", [{ - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "enum": ["activity.created_time.asc", "activity.created_time.desc", "activity.type.asc", "activity.type.desc"], - "type": "string", - "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "string", - "description": "Case ID", - "name": "case_id", - "in": "query", - "required": 1 - }]], - ["QueryCasesIdsByFilter", "GET", "/message-center/queries/cases/v1", "Retrieve case id's that match the provided filter criteria", "message_center", [{ - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "enum": ["case.created_time.asc", "case.created_time.desc", "case.id.asc", "case.id.desc", "case.last_modified_time.asc", "case.last_modified_time.desc", "case.status.asc", "case.status.desc", "case.type.asc", "case.type.desc"], - "type": "string", - "description": "The property to sort on, followed by a dot (.), followed by the sort direction, either \"asc\" or \"desc\".", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }]] -]; \ No newline at end of file + [ + "AggregateCases", + "POST", + "/message-center/aggregates/cases/GET/v1", + "Retrieve aggregate case values based on the matched filter", + "message_center", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetCaseActivityByIds", + "POST", + "/message-center/entities/case-activities/GET/v1", + "Retrieve activities for given id's", + "message_center", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "CaseAddActivity", + "POST", + "/message-center/entities/case-activity/v1", + "Add an activity to case. Only activities of type comment are allowed via API", + "message_center", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "CaseDownloadAttachment", + "GET", + "/message-center/entities/case-attachment/v1", + "retrieves an attachment for the case, given the attachment id", + "message_center", + [ + { + type: "string", + description: "attachment ID", + name: "id", + in: "query", + required: 1, + }, + ], + ], + [ + "CaseAddAttachment", + "POST", + "/message-center/entities/case-attachment/v1", + "Upload an attachment for the case.", + "message_center", + [ + { + type: "string", + description: "Case ID", + name: "case_id", + in: "formData", + required: 1, + }, + { + type: "string", + description: "User UUID", + name: "user_uuid", + in: "formData", + required: 1, + }, + { + type: "file", + description: "File Body", + name: "file", + in: "formData", + required: 1, + }, + ], + ], + [ + "CreateCase", + "POST", + "/message-center/entities/case/v1", + "create a new case", + "message_center", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "UpdateCase", + "PATCH", + "/message-center/entities/case/v1", + "update an existing case", + "message_center", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "CreateCaseV2", + "POST", + "/message-center/entities/case/v2", + "create a new case", + "message_center", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetCaseEntitiesByIDs", + "POST", + "/message-center/entities/cases/GET/v1", + "Retrieve message center cases", + "message_center", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "QueryActivityByCaseID", + "GET", + "/message-center/queries/case-activities/v1", + "Retrieve activities id's for a case", + "message_center", + [ + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + enum: ["activity.created_time.asc", "activity.created_time.desc", "activity.type.asc", "activity.type.desc"], + type: "string", + description: 'The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".', + name: "sort", + in: "query", + }, + { + type: "string", + description: "Optional filter and sort criteria in the form of an FQL query.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "string", + description: "Case ID", + name: "case_id", + in: "query", + required: 1, + }, + ], + ], + [ + "QueryCasesIdsByFilter", + "GET", + "/message-center/queries/cases/v1", + "Retrieve case id's that match the provided filter criteria", + "message_center", + [ + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + enum: [ + "case.created_time.asc", + "case.created_time.desc", + "case.id.asc", + "case.id.desc", + "case.last_modified_time.asc", + "case.last_modified_time.desc", + "case.status.asc", + "case.status.desc", + "case.type.asc", + "case.type.desc", + ], + type: "string", + description: 'The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".', + name: "sort", + in: "query", + }, + { + type: "string", + description: "Optional filter and sort criteria in the form of an FQL query.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/ml_exclusions.ts b/src/_endpoints/ml_exclusions.ts index 7e4e81b6..140454d8 100644 --- a/src/_endpoints/ml_exclusions.ts +++ b/src/_endpoints/ml_exclusions.ts @@ -3,63 +3,125 @@ * consumed and interpreted by Falcon.command(...) */ export const _ml_exclusions_endpoints: Array = [ - ["getMLExclusionsV1", "GET", "/policy/entities/ml-exclusions/v1", "Get a set of ML Exclusions by specifying their IDs", "ml_exclusions", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The ids of the exclusions to retrieve", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["createMLExclusionsV1", "POST", "/policy/entities/ml-exclusions/v1", "Create the ML exclusions", "ml_exclusions", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["updateMLExclusionsV1", "PATCH", "/policy/entities/ml-exclusions/v1", "Update the ML exclusions", "ml_exclusions", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteMLExclusionsV1", "DELETE", "/policy/entities/ml-exclusions/v1", "Delete the ML exclusions by id", "ml_exclusions", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The ids of the exclusions to delete", - "name": "ids", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Explains why this exclusions was deleted", - "name": "comment", - "in": "query" - }]], - ["queryMLExclusionsV1", "GET", "/policy/queries/ml-exclusions/v1", "Search for ML exclusions.", "ml_exclusions", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results.", - "name": "filter", - "in": "query" - }, { - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "enum": ["applied_globally.asc", "applied_globally.desc", "created_by.asc", "created_by.desc", "created_on.asc", "created_on.desc", "last_modified.asc", "last_modified.desc", "modified_by.asc", "modified_by.desc", "value.asc", "value.desc"], - "type": "string", - "description": "The sort expression that should be used to sort the results.", - "name": "sort", - "in": "query" - }]] -]; \ No newline at end of file + [ + "getMLExclusionsV1", + "GET", + "/policy/entities/ml-exclusions/v1", + "Get a set of ML Exclusions by specifying their IDs", + "ml_exclusions", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The ids of the exclusions to retrieve", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createMLExclusionsV1", + "POST", + "/policy/entities/ml-exclusions/v1", + "Create the ML exclusions", + "ml_exclusions", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updateMLExclusionsV1", + "PATCH", + "/policy/entities/ml-exclusions/v1", + "Update the ML exclusions", + "ml_exclusions", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteMLExclusionsV1", + "DELETE", + "/policy/entities/ml-exclusions/v1", + "Delete the ML exclusions by id", + "ml_exclusions", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The ids of the exclusions to delete", + name: "ids", + in: "query", + required: 1, + }, + { + type: "string", + description: "Explains why this exclusions was deleted", + name: "comment", + in: "query", + }, + ], + ], + [ + "queryMLExclusionsV1", + "GET", + "/policy/queries/ml-exclusions/v1", + "Search for ML exclusions.", + "ml_exclusions", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results.", + name: "filter", + in: "query", + }, + { + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + enum: [ + "applied_globally.asc", + "applied_globally.desc", + "created_by.asc", + "created_by.desc", + "created_on.asc", + "created_on.desc", + "last_modified.asc", + "last_modified.desc", + "modified_by.asc", + "modified_by.desc", + "value.asc", + "value.desc", + ], + type: "string", + description: "The sort expression that should be used to sort the results.", + name: "sort", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/mobile_enrollment.ts b/src/_endpoints/mobile_enrollment.ts index 8b270253..c7f7d6be 100644 --- a/src/_endpoints/mobile_enrollment.ts +++ b/src/_endpoints/mobile_enrollment.ts @@ -3,21 +3,32 @@ * consumed and interpreted by Falcon.command(...) */ export const _mobile_enrollment_endpoints: Array = [ - ["RequestDeviceEnrollmentV3", "POST", "/enrollments/entities/details/v3", "Trigger on-boarding process for a mobile device", "mobile_enrollment", [{ - "enum": ["enroll", "re-enroll"], - "type": "string", - "description": "Action to perform", - "name": "action_name", - "in": "query", - "allowEmptyValue": 1 - }, { - "type": "string", - "description": "FQL filter", - "name": "filter", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]] -]; \ No newline at end of file + [ + "RequestDeviceEnrollmentV3", + "POST", + "/enrollments/entities/details/v3", + "Trigger on-boarding process for a mobile device", + "mobile_enrollment", + [ + { + enum: ["enroll", "re-enroll"], + type: "string", + description: "Action to perform", + name: "action_name", + in: "query", + allowEmptyValue: 1, + }, + { + type: "string", + description: "FQL filter", + name: "filter", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/mssp.ts b/src/_endpoints/mssp.ts index ffceb5de..dd545411 100644 --- a/src/_endpoints/mssp.ts +++ b/src/_endpoints/mssp.ts @@ -3,419 +3,754 @@ * consumed and interpreted by Falcon.command(...) */ export const _mssp_endpoints: Array = [ - ["getChildrenV2", "POST", "/mssp/entities/children/GET/v2", "Get link to child customer by child CID(s)", "mssp", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["getChildren", "GET", "/mssp/entities/children/v1", "Get link to child customer by child CID(s)", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "CID of a child customer", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["getCIDGroupMembersByV1", "GET", "/mssp/entities/cid-group-members/v1", "Deprecated: Please use getCIDGroupMembersBy. Get CID group members by CID group ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "CID group IDs to search for", - "name": "cid_group_ids", - "in": "query", - "required": 1 - }]], - ["addCIDGroupMembers", "POST", "/mssp/entities/cid-group-members/v1", "Add new CID group member.", "mssp", [{ - "description": "Both 'cid_group_id' and 'cids' fields are required.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteCIDGroupMembersV1", "DELETE", "/mssp/entities/cid-group-members/v1", "Deprecated: Please use deleteCIDGroupMembersV2.", "mssp", [{ - "description": "Both 'cid_group_id' and 'cids' fields are required.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["getCIDGroupMembersBy", "GET", "/mssp/entities/cid-group-members/v2", "Get CID group members by CID Group ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "CID group IDs search for", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["getCIDGroupMembersByV2", "GET", "/mssp/entities/cid-group-members/v2", "Get CID group members by CID Group ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "CID group IDs search for", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["deleteCIDGroupMembers", "DELETE", "/mssp/entities/cid-group-members/v2", "Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group.", "mssp", [{ - "description": "Both 'cid_group_id' and 'cids' fields are required.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteCIDGroupMembersV2", "DELETE", "/mssp/entities/cid-group-members/v2", "Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group.", "mssp", [{ - "description": "Both 'cid_group_id' and 'cids' fields are required.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["getCIDGroupByIdV1", "GET", "/mssp/entities/cid-groups/v1", "Deprecated: Please use getCIDGroupById. Get CID groups by ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "CID group IDs to be searched on", - "name": "cid_group_ids", - "in": "query", - "required": 1 - }]], - ["createCIDGroups", "POST", "/mssp/entities/cid-groups/v1", "Create new CID groups. Name is a required field but description is an optional field. Maximum 500 CID groups allowed.", "mssp", [{ - "description": "Only 'name' and/or 'description' fields are required. Remaining are assigned by the system.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["updateCIDGroups", "PATCH", "/mssp/entities/cid-groups/v1", "Update existing CID Group(s). CID Group ID is expected for each CID Group definition provided in request body. Name is a required field but description is an optional field. Empty description will override existing value. CID Group member(s) remain unaffected.", "mssp", [{ - "description": "'cid_group_id' field is required to identify the CID group to update along with 'name' and/or 'description' fields to be updated.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteCIDGroups", "DELETE", "/mssp/entities/cid-groups/v1", "Delete CID groups by ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "CID group ids to delete", - "name": "cid_group_ids", - "in": "query", - "required": 1 - }]], - ["getCIDGroupById", "GET", "/mssp/entities/cid-groups/v2", "Get CID Groups by ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "CID group IDs to search for", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["getCIDGroupByIdV2", "GET", "/mssp/entities/cid-groups/v2", "Get CID Groups by ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "CID group IDs to search for", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["getRolesByID", "GET", "/mssp/entities/mssp-roles/v1", "Get link between user group and CID group by ID. Link ID is a string consisting of multiple components, but should be treated as opaque. MSSP Role assignment is of the format :.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Link ID is a string consisting of multiple components, but should be treated as opaque. MSSP Role assignment is of the format :", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["addRole", "POST", "/mssp/entities/mssp-roles/v1", "Create a link between user group and CID group, with zero or more additional roles. The call does not replace any existing link between them. User group ID and CID group ID have to be specified in request. ", "mssp", [{ - "description": "'user_group_id', 'cid_group_id' and 'role_ids' fields are required. Remaining are populated by system.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["deletedRoles", "DELETE", "/mssp/entities/mssp-roles/v1", "Delete links or additional roles between user groups and CID groups. User group ID and CID group ID have to be specified in request. Only specified roles are removed if specified in request payload, else association between User Group and CID group is dissolved completely (if no roles specified).", "mssp", [{ - "description": "'user_group_id' and 'cid_group_id' fields are required. 'role_ids' field is optional. Remaining fields are ignored.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["getUserGroupMembersByIDV1", "GET", "/mssp/entities/user-group-members/v1", "Deprecated: Please use getUserGroupMembersByID. Get user group members by user group ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "User group IDs to search for", - "name": "user_group_ids", - "in": "query", - "required": 1 - }]], - ["addUserGroupMembers", "POST", "/mssp/entities/user-group-members/v1", "Add new user group member. Maximum 500 members allowed per user group.", "mssp", [{ - "description": "Both 'user_group_id' and 'user_uuids' fields are required.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteUserGroupMembers", "DELETE", "/mssp/entities/user-group-members/v1", "Delete user group members entry.", "mssp", [{ - "description": "Both 'user_group_id' and 'user_uuids' fields are required.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["getUserGroupMembersByID", "GET", "/mssp/entities/user-group-members/v2", "Get user group members by user group ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "User group IDs to search for", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["getUserGroupMembersByIDV2", "GET", "/mssp/entities/user-group-members/v2", "Get user group members by user group ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "User group IDs to search for", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["getUserGroupsByIDV1", "GET", "/mssp/entities/user-groups/v1", "Deprecated: Please use getUserGroupsByID. Get user groups by ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "User Group IDs to search for", - "name": "user_group_ids", - "in": "query", - "required": 1 - }]], - ["createUserGroups", "POST", "/mssp/entities/user-groups/v1", "Create new user groups. Name is a required field but description is an optional field. Maximum 500 user groups allowed per customer.", "mssp", [{ - "description": "Only 'name' and/or 'description' fields are required. Remaining are assigned by the system.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["updateUserGroups", "PATCH", "/mssp/entities/user-groups/v1", "Update existing user group(s). User group ID is expected for each user group definition provided in request body. Name is a required field but description is an optional field. Empty description will override existing value. User group member(s) remain unaffected.", "mssp", [{ - "description": "'user_group_id' field is required to identify the user group to update along with 'name' and/or 'description' fields to be updated.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteUserGroups", "DELETE", "/mssp/entities/user-groups/v1", "Delete user groups by ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "User group IDs to delete", - "name": "user_group_ids", - "in": "query", - "required": 1 - }]], - ["getUserGroupsByID", "GET", "/mssp/entities/user-groups/v2", "Get user groups by ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "User group IDs to search for", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["getUserGroupsByIDV2", "GET", "/mssp/entities/user-groups/v2", "Get user groups by ID.", "mssp", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "User group IDs to search for", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["queryChildren", "GET", "/mssp/queries/children/v1", "Query for customers linked as children", "mssp", [{ - "type": "string", - "description": "Filter using a query in Falcon Query Language (FQL). Supported filters: cid", - "name": "filter", - "in": "query" - }, { - "enum": ["last_modified_timestamp|asc", "last_modified_timestamp|desc"], - "type": "string", - "default": "last_modified_timestamp|desc", - "description": "The sort expression used to sort the results", - "name": "sort", - "in": "query" - }, { - "type": "integer", - "default": 0, - "description": "Starting index of overall result set from which to return ids", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "default": 10, - "description": "Number of ids to return", - "name": "limit", - "in": "query" - }]], - ["queryCIDGroupMembers", "GET", "/mssp/queries/cid-group-members/v1", "Query a CID groups members by associated CID.", "mssp", [{ - "type": "string", - "description": "CID to lookup associated CID group ID", - "name": "cid", - "in": "query", - "required": 1 - }, { - "enum": ["last_modified_timestamp|asc", "last_modified_timestamp|desc"], - "type": "string", - "default": "last_modified_timestamp|desc", - "description": "The sort expression used to sort the results", - "name": "sort", - "in": "query" - }, { - "type": "integer", - "default": 0, - "description": "Starting index of overall result set from which to return id", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "default": 10, - "description": "Maximum number of results to return", - "name": "limit", - "in": "query" - }]], - ["queryCIDGroups", "GET", "/mssp/queries/cid-groups/v1", "Query CID groups.", "mssp", [{ - "type": "string", - "description": "Name to lookup groups for", - "name": "name", - "in": "query" - }, { - "enum": ["last_modified_timestamp|asc", "last_modified_timestamp|desc", "name|asc", "name|desc"], - "type": "string", - "default": "name|asc", - "description": "The sort expression used to sort the results", - "name": "sort", - "in": "query" - }, { - "type": "integer", - "default": 0, - "description": "Starting index of overall result set from which to return ids", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "default": 10, - "description": "Maximum number of results to return", - "name": "limit", - "in": "query" - }]], - ["queryRoles", "GET", "/mssp/queries/mssp-roles/v1", "Query links between user groups and CID groups. At least one of CID group ID or user group ID should also be provided. Role ID is optional.", "mssp", [{ - "type": "string", - "description": "User group ID to fetch MSSP role for", - "name": "user_group_id", - "in": "query" - }, { - "type": "string", - "description": "CID group ID to fetch MSSP role for", - "name": "cid_group_id", - "in": "query" - }, { - "type": "string", - "description": "Role ID to fetch MSSP role for", - "name": "role_id", - "in": "query" - }, { - "enum": ["last_modified_timestamp|asc", "last_modified_timestamp|desc"], - "type": "string", - "default": "last_modified_timestamp|desc", - "description": "The sort expression used to sort the results", - "name": "sort", - "in": "query" - }, { - "type": "integer", - "default": 0, - "description": "Starting index of overall result set from which to return ids", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "default": 10, - "description": "Maximum number of results to return", - "name": "limit", - "in": "query" - }]], - ["queryUserGroupMembers", "GET", "/mssp/queries/user-group-members/v1", "Query user group member by user UUID.", "mssp", [{ - "type": "string", - "description": "User UUID to lookup associated user group ID", - "name": "user_uuid", - "in": "query", - "required": 1 - }, { - "enum": ["last_modified_timestamp|asc", "last_modified_timestamp|desc"], - "type": "string", - "default": "last_modified_timestamp|desc", - "description": "The sort expression used to sort the results", - "name": "sort", - "in": "query" - }, { - "type": "integer", - "default": 0, - "description": "Starting index of overall result set from which to return ids", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "default": 10, - "description": "Number of ids to return", - "name": "limit", - "in": "query" - }]], - ["queryUserGroups", "GET", "/mssp/queries/user-groups/v1", "Query user groups.", "mssp", [{ - "type": "string", - "description": "Name to lookup groups for", - "name": "name", - "in": "query" - }, { - "enum": ["last_modified_timestamp|asc", "last_modified_timestamp|desc", "name|asc", "name|desc"], - "type": "string", - "default": "name|asc", - "description": "The sort expression used to sort the results", - "name": "sort", - "in": "query" - }, { - "type": "integer", - "default": 0, - "description": "Starting index of overall result set from which to return ids", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "default": 10, - "description": "Maximum number of results to return", - "name": "limit", - "in": "query" - }]] -]; \ No newline at end of file + [ + "getChildrenV2", + "POST", + "/mssp/entities/children/GET/v2", + "Get link to child customer by child CID(s)", + "mssp", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "getChildren", + "GET", + "/mssp/entities/children/v1", + "Get link to child customer by child CID(s)", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "CID of a child customer", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getCIDGroupMembersByV1", + "GET", + "/mssp/entities/cid-group-members/v1", + "Deprecated: Please use getCIDGroupMembersBy. Get CID group members by CID group ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "CID group IDs to search for", + name: "cid_group_ids", + in: "query", + required: 1, + }, + ], + ], + [ + "addCIDGroupMembers", + "POST", + "/mssp/entities/cid-group-members/v1", + "Add new CID group member.", + "mssp", + [ + { + description: "Both 'cid_group_id' and 'cids' fields are required.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteCIDGroupMembersV1", + "DELETE", + "/mssp/entities/cid-group-members/v1", + "Deprecated: Please use deleteCIDGroupMembersV2.", + "mssp", + [ + { + description: "Both 'cid_group_id' and 'cids' fields are required.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "getCIDGroupMembersBy", + "GET", + "/mssp/entities/cid-group-members/v2", + "Get CID group members by CID Group ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "CID group IDs search for", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getCIDGroupMembersByV2", + "GET", + "/mssp/entities/cid-group-members/v2", + "Get CID group members by CID Group ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "CID group IDs search for", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "deleteCIDGroupMembers", + "DELETE", + "/mssp/entities/cid-group-members/v2", + "Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group.", + "mssp", + [ + { + description: "Both 'cid_group_id' and 'cids' fields are required.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteCIDGroupMembersV2", + "DELETE", + "/mssp/entities/cid-group-members/v2", + "Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group.", + "mssp", + [ + { + description: "Both 'cid_group_id' and 'cids' fields are required.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "getCIDGroupByIdV1", + "GET", + "/mssp/entities/cid-groups/v1", + "Deprecated: Please use getCIDGroupById. Get CID groups by ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "CID group IDs to be searched on", + name: "cid_group_ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createCIDGroups", + "POST", + "/mssp/entities/cid-groups/v1", + "Create new CID groups. Name is a required field but description is an optional field. Maximum 500 CID groups allowed.", + "mssp", + [ + { + description: "Only 'name' and/or 'description' fields are required. Remaining are assigned by the system.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updateCIDGroups", + "PATCH", + "/mssp/entities/cid-groups/v1", + "Update existing CID Group(s). CID Group ID is expected for each CID Group definition provided in request body. Name is a required field but description is an optional field. Empty description will override existing value. CID Group member(s) remain unaffected.", + "mssp", + [ + { + description: "'cid_group_id' field is required to identify the CID group to update along with 'name' and/or 'description' fields to be updated.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteCIDGroups", + "DELETE", + "/mssp/entities/cid-groups/v1", + "Delete CID groups by ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "CID group ids to delete", + name: "cid_group_ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getCIDGroupById", + "GET", + "/mssp/entities/cid-groups/v2", + "Get CID Groups by ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "CID group IDs to search for", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getCIDGroupByIdV2", + "GET", + "/mssp/entities/cid-groups/v2", + "Get CID Groups by ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "CID group IDs to search for", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getRolesByID", + "GET", + "/mssp/entities/mssp-roles/v1", + "Get link between user group and CID group by ID. Link ID is a string consisting of multiple components, but should be treated as opaque. MSSP Role assignment is of the format :.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Link ID is a string consisting of multiple components, but should be treated as opaque. MSSP Role assignment is of the format :", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "addRole", + "POST", + "/mssp/entities/mssp-roles/v1", + "Create a link between user group and CID group, with zero or more additional roles. The call does not replace any existing link between them. User group ID and CID group ID have to be specified in request. ", + "mssp", + [ + { + description: "'user_group_id', 'cid_group_id' and 'role_ids' fields are required. Remaining are populated by system.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deletedRoles", + "DELETE", + "/mssp/entities/mssp-roles/v1", + "Delete links or additional roles between user groups and CID groups. User group ID and CID group ID have to be specified in request. Only specified roles are removed if specified in request payload, else association between User Group and CID group is dissolved completely (if no roles specified).", + "mssp", + [ + { + description: "'user_group_id' and 'cid_group_id' fields are required. 'role_ids' field is optional. Remaining fields are ignored.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "getUserGroupMembersByIDV1", + "GET", + "/mssp/entities/user-group-members/v1", + "Deprecated: Please use getUserGroupMembersByID. Get user group members by user group ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "User group IDs to search for", + name: "user_group_ids", + in: "query", + required: 1, + }, + ], + ], + [ + "addUserGroupMembers", + "POST", + "/mssp/entities/user-group-members/v1", + "Add new user group member. Maximum 500 members allowed per user group.", + "mssp", + [ + { + description: "Both 'user_group_id' and 'user_uuids' fields are required.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteUserGroupMembers", + "DELETE", + "/mssp/entities/user-group-members/v1", + "Delete user group members entry.", + "mssp", + [ + { + description: "Both 'user_group_id' and 'user_uuids' fields are required.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "getUserGroupMembersByID", + "GET", + "/mssp/entities/user-group-members/v2", + "Get user group members by user group ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "User group IDs to search for", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getUserGroupMembersByIDV2", + "GET", + "/mssp/entities/user-group-members/v2", + "Get user group members by user group ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "User group IDs to search for", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getUserGroupsByIDV1", + "GET", + "/mssp/entities/user-groups/v1", + "Deprecated: Please use getUserGroupsByID. Get user groups by ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "User Group IDs to search for", + name: "user_group_ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createUserGroups", + "POST", + "/mssp/entities/user-groups/v1", + "Create new user groups. Name is a required field but description is an optional field. Maximum 500 user groups allowed per customer.", + "mssp", + [ + { + description: "Only 'name' and/or 'description' fields are required. Remaining are assigned by the system.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updateUserGroups", + "PATCH", + "/mssp/entities/user-groups/v1", + "Update existing user group(s). User group ID is expected for each user group definition provided in request body. Name is a required field but description is an optional field. Empty description will override existing value. User group member(s) remain unaffected.", + "mssp", + [ + { + description: "'user_group_id' field is required to identify the user group to update along with 'name' and/or 'description' fields to be updated.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteUserGroups", + "DELETE", + "/mssp/entities/user-groups/v1", + "Delete user groups by ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "User group IDs to delete", + name: "user_group_ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getUserGroupsByID", + "GET", + "/mssp/entities/user-groups/v2", + "Get user groups by ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "User group IDs to search for", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getUserGroupsByIDV2", + "GET", + "/mssp/entities/user-groups/v2", + "Get user groups by ID.", + "mssp", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "User group IDs to search for", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "queryChildren", + "GET", + "/mssp/queries/children/v1", + "Query for customers linked as children", + "mssp", + [ + { + type: "string", + description: "Filter using a query in Falcon Query Language (FQL). Supported filters: cid", + name: "filter", + in: "query", + }, + { + enum: ["last_modified_timestamp|asc", "last_modified_timestamp|desc"], + type: "string", + default: "last_modified_timestamp|desc", + description: "The sort expression used to sort the results", + name: "sort", + in: "query", + }, + { + type: "integer", + default: 0, + description: "Starting index of overall result set from which to return ids", + name: "offset", + in: "query", + }, + { + type: "integer", + default: 10, + description: "Number of ids to return", + name: "limit", + in: "query", + }, + ], + ], + [ + "queryCIDGroupMembers", + "GET", + "/mssp/queries/cid-group-members/v1", + "Query a CID groups members by associated CID.", + "mssp", + [ + { + type: "string", + description: "CID to lookup associated CID group ID", + name: "cid", + in: "query", + required: 1, + }, + { + enum: ["last_modified_timestamp|asc", "last_modified_timestamp|desc"], + type: "string", + default: "last_modified_timestamp|desc", + description: "The sort expression used to sort the results", + name: "sort", + in: "query", + }, + { + type: "integer", + default: 0, + description: "Starting index of overall result set from which to return id", + name: "offset", + in: "query", + }, + { + type: "integer", + default: 10, + description: "Maximum number of results to return", + name: "limit", + in: "query", + }, + ], + ], + [ + "queryCIDGroups", + "GET", + "/mssp/queries/cid-groups/v1", + "Query CID groups.", + "mssp", + [ + { + type: "string", + description: "Name to lookup groups for", + name: "name", + in: "query", + }, + { + enum: ["last_modified_timestamp|asc", "last_modified_timestamp|desc", "name|asc", "name|desc"], + type: "string", + default: "name|asc", + description: "The sort expression used to sort the results", + name: "sort", + in: "query", + }, + { + type: "integer", + default: 0, + description: "Starting index of overall result set from which to return ids", + name: "offset", + in: "query", + }, + { + type: "integer", + default: 10, + description: "Maximum number of results to return", + name: "limit", + in: "query", + }, + ], + ], + [ + "queryRoles", + "GET", + "/mssp/queries/mssp-roles/v1", + "Query links between user groups and CID groups. At least one of CID group ID or user group ID should also be provided. Role ID is optional.", + "mssp", + [ + { + type: "string", + description: "User group ID to fetch MSSP role for", + name: "user_group_id", + in: "query", + }, + { + type: "string", + description: "CID group ID to fetch MSSP role for", + name: "cid_group_id", + in: "query", + }, + { + type: "string", + description: "Role ID to fetch MSSP role for", + name: "role_id", + in: "query", + }, + { + enum: ["last_modified_timestamp|asc", "last_modified_timestamp|desc"], + type: "string", + default: "last_modified_timestamp|desc", + description: "The sort expression used to sort the results", + name: "sort", + in: "query", + }, + { + type: "integer", + default: 0, + description: "Starting index of overall result set from which to return ids", + name: "offset", + in: "query", + }, + { + type: "integer", + default: 10, + description: "Maximum number of results to return", + name: "limit", + in: "query", + }, + ], + ], + [ + "queryUserGroupMembers", + "GET", + "/mssp/queries/user-group-members/v1", + "Query user group member by user UUID.", + "mssp", + [ + { + type: "string", + description: "User UUID to lookup associated user group ID", + name: "user_uuid", + in: "query", + required: 1, + }, + { + enum: ["last_modified_timestamp|asc", "last_modified_timestamp|desc"], + type: "string", + default: "last_modified_timestamp|desc", + description: "The sort expression used to sort the results", + name: "sort", + in: "query", + }, + { + type: "integer", + default: 0, + description: "Starting index of overall result set from which to return ids", + name: "offset", + in: "query", + }, + { + type: "integer", + default: 10, + description: "Number of ids to return", + name: "limit", + in: "query", + }, + ], + ], + [ + "queryUserGroups", + "GET", + "/mssp/queries/user-groups/v1", + "Query user groups.", + "mssp", + [ + { + type: "string", + description: "Name to lookup groups for", + name: "name", + in: "query", + }, + { + enum: ["last_modified_timestamp|asc", "last_modified_timestamp|desc", "name|asc", "name|desc"], + type: "string", + default: "name|asc", + description: "The sort expression used to sort the results", + name: "sort", + in: "query", + }, + { + type: "integer", + default: 0, + description: "Starting index of overall result set from which to return ids", + name: "offset", + in: "query", + }, + { + type: "integer", + default: 10, + description: "Maximum number of results to return", + name: "limit", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/oauth2.ts b/src/_endpoints/oauth2.ts index c79994ae..6586f6a5 100644 --- a/src/_endpoints/oauth2.ts +++ b/src/_endpoints/oauth2.ts @@ -3,34 +3,58 @@ * consumed and interpreted by Falcon.command(...) */ export const _oauth2_endpoints: Array = [ - ["oauth2RevokeToken", "POST", "/oauth2/revoke", "Revoke a previously issued OAuth2 access token before the end of its standard 30-minute lifespan.", "oauth2", [{ - "type": "string", - "description": "The OAuth2 client ID you are revoking the token for.", - "name": "client_id", - "in": "formData" - }, { - "type": "string", - "description": "The OAuth2 access token you want to revoke.\n\nInclude your API client ID and secret in basic auth format (`Authorization: basic `) in your request header.", - "name": "token", - "in": "formData", - "required": 1 - }]], - ["oauth2AccessToken", "POST", "/oauth2/token", "Generate an OAuth2 access token", "oauth2", [{ - "type": "string", - "description": "The API client ID to authenticate your API requests. For information on generating API clients, see [API documentation inside Falcon](https://falcon.crowdstrike.com/support/documentation/1/crowdstrike-api-introduction-for-developers).", - "name": "client_id", - "in": "formData", - "required": 1 - }, { - "type": "string", - "description": "The API client secret to authenticate your API requests. For information on generating API clients, see [API documentation inside Falcon](https://falcon.crowdstrike.com/support/documentation/1/crowdstrike-api-introduction-for-developers).", - "name": "client_secret", - "in": "formData", - "required": 1 - }, { - "type": "string", - "description": "For MSSP Master CIDs, optionally lock the token to act on behalf of this member CID", - "name": "member_cid", - "in": "formData" - }]] -]; \ No newline at end of file + [ + "oauth2RevokeToken", + "POST", + "/oauth2/revoke", + "Revoke a previously issued OAuth2 access token before the end of its standard 30-minute lifespan.", + "oauth2", + [ + { + type: "string", + description: "The OAuth2 client ID you are revoking the token for.", + name: "client_id", + in: "formData", + }, + { + type: "string", + description: + "The OAuth2 access token you want to revoke.\n\nInclude your API client ID and secret in basic auth format (`Authorization: basic `) in your request header.", + name: "token", + in: "formData", + required: 1, + }, + ], + ], + [ + "oauth2AccessToken", + "POST", + "/oauth2/token", + "Generate an OAuth2 access token", + "oauth2", + [ + { + type: "string", + description: + "The API client ID to authenticate your API requests. For information on generating API clients, see [API documentation inside Falcon](https://falcon.crowdstrike.com/support/documentation/1/crowdstrike-api-introduction-for-developers).", + name: "client_id", + in: "formData", + required: 1, + }, + { + type: "string", + description: + "The API client secret to authenticate your API requests. For information on generating API clients, see [API documentation inside Falcon](https://falcon.crowdstrike.com/support/documentation/1/crowdstrike-api-introduction-for-developers).", + name: "client_secret", + in: "formData", + required: 1, + }, + { + type: "string", + description: "For MSSP Master CIDs, optionally lock the token to act on behalf of this member CID", + name: "member_cid", + in: "formData", + }, + ], + ], +]; diff --git a/src/_endpoints/ods.ts b/src/_endpoints/ods.ts index 9362e12c..74b42222 100644 --- a/src/_endpoints/ods.ts +++ b/src/_endpoints/ods.ts @@ -3,202 +3,444 @@ * consumed and interpreted by Falcon.command(...) */ export const _ods_endpoints: Array = [ - ["aggregate_query_scan_host_metadata", "POST", "/ods/aggregates/scan-hosts/v1", "Get aggregates on ODS scan-hosts data.", "ods", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["aggregate_scans", "POST", "/ods/aggregates/scans/v1", "Get aggregates on ODS scan data.", "ods", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["aggregate_scheduled_scans", "POST", "/ods/aggregates/scheduled-scans/v1", "Get aggregates on ODS scheduled-scan data.", "ods", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["get_malicious_files_by_ids", "GET", "/ods/entities/malicious-files/v1", "Get malicious files by ids.", "ods", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The scan IDs to retrieve the scan entities", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["cancel_scans", "POST", "/ods/entities/scan-control-actions/cancel/v1", "Cancel ODS scans for the given scan ids.", "ods", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["get_scan_host_metadata_by_ids", "GET", "/ods/entities/scan-hosts/v1", "Get scan hosts by ids.", "ods", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The scan IDs to retrieve the scan entities", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["get_scans_by_scan_ids", "GET", "/ods/entities/scans/v1", "Get Scans by IDs.", "ods", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The scan IDs to retrieve the scan entities", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["create_scan", "POST", "/ods/entities/scans/v1", "Create ODS scan and start or schedule scan for the given scan request.", "ods", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["get_scheduled_scans_by_scan_ids", "GET", "/ods/entities/scheduled-scans/v1", "Get ScheduledScans by IDs.", "ods", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The scan IDs to retrieve the scan entities", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["schedule_scan", "POST", "/ods/entities/scheduled-scans/v1", "Create ODS scan and start or schedule scan for the given scan request.", "ods", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["delete_scheduled_scans", "DELETE", "/ods/entities/scheduled-scans/v1", "Delete ODS scheduled-scans for the given scheduled-scan ids.", "ods", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The scan IDs to retrieve the scan entities", - "name": "ids", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "A FQL compatible query string.", - "name": "filter", - "in": "query" - }]], - ["query_malicious_files", "GET", "/ods/queries/malicious-files/v1", "Query malicious files.", "ods", [{ - "type": "string", - "description": "A FQL compatible query string. Terms: [id cid scan_id host_id host_scan_id filepath filename hash pattern_id severity quarantined last_updated]", - "name": "filter", - "in": "query", - "allowEmptyValue": 1 - }, { - "type": "integer", - "default": 0, - "description": "Index of the starting resource", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "default": 500, - "description": "The max number of resources to return", - "name": "limit", - "in": "query" - }, { - "enum": ["id|asc", "id|desc", "scan_id|asc", "scan_id|desc", "host_id|asc", "host_id|desc", "host_scan_id|asc", "host_scan_id|desc", "filename|asc", "filename|desc", "hash|asc", "hash|desc", "pattern_id|asc", "pattern_id|desc", "severity|asc", "severity|desc", "last_updated|asc", "last_updated|desc"], - "type": "string", - "default": "last_updated|desc", - "description": "The property to sort on, followed by a |, followed by the sort direction, either \"asc\" or \"desc\"", - "name": "sort", - "in": "query", - "allowEmptyValue": 1 - }]], - ["query_scan_host_metadata", "GET", "/ods/queries/scan-hosts/v1", "Query scan hosts.", "ods", [{ - "type": "string", - "description": "A FQL compatible query string. Terms: [id cid profile_id host_id scan_id host_scan_id filecount.scanned filecount.malicious filecount.quarantined filecount.skipped affected_hosts_count status severity completed_on started_on last_updated]", - "name": "filter", - "in": "query", - "allowEmptyValue": 1 - }, { - "type": "integer", - "default": 0, - "description": "Index of the starting resource", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "default": 500, - "description": "The max number of resources to return", - "name": "limit", - "in": "query" - }, { - "enum": ["id|asc", "id|desc", "scan_id|asc", "scan_id|desc", "host_id|asc", "host_id|desc", "filecount.scanned|asc", "filecount.scanned|desc", "filecount.malicious|asc", "filecount.malicious|desc", "filecount.quarantined|asc", "filecount.quarantined|desc", "filecount.skipped|asc", "filecount.skipped|desc", "status|asc", "status|desc", "severity|asc", "severity|desc", "started_on|asc", "started_on|desc", "completed_on|asc", "completed_on|desc", "last_updated|asc", "last_updated|desc"], - "type": "string", - "default": "last_updated|desc", - "description": "The property to sort on, followed by a |, followed by the sort direction, either \"asc\" or \"desc\"", - "name": "sort", - "in": "query", - "allowEmptyValue": 1 - }]], - ["query_scans", "GET", "/ods/queries/scans/v1", "Query Scans.", "ods", [{ - "type": "string", - "description": "A FQL compatible query string. Terms: [id cid profile_id description.keyword initiated_from filecount.scanned filecount.malicious filecount.quarantined filecount.skipped affected_hosts_count status severity scan_started_on scan_completed_on created_on created_by last_updated]", - "name": "filter", - "in": "query", - "allowEmptyValue": 1 - }, { - "type": "integer", - "default": 0, - "description": "Index of the starting resource", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "default": 500, - "description": "The max number of resources to return", - "name": "limit", - "in": "query" - }, { - "enum": ["id|asc", "id|desc", "initiated_from|asc", "initiated_from|desc", "description.keyword|asc", "description.keyword|desc", "filecount.scanned|asc", "filecount.scanned|desc", "filecount.malicious|asc", "filecount.malicious|desc", "filecount.quarantined|asc", "filecount.quarantined|desc", "filecount.skipped|asc", "filecount.skipped|desc", "affected_hosts_count|asc", "affected_hosts_count|desc", "status|asc", "status|desc", "severity|asc", "severity|desc", "scan_started_on|asc", "scan_started_on|desc", "scan_completed_on|asc", "scan_completed_on|desc", "created_on|asc", "created_on|desc", "created_by|asc", "created_by|desc", "last_updated|asc", "last_updated|desc"], - "type": "string", - "default": "created_on|desc", - "description": "The property to sort on, followed by a |, followed by the sort direction, either \"asc\" or \"desc\"", - "name": "sort", - "in": "query", - "allowEmptyValue": 1 - }]], - ["query_scheduled_scans", "GET", "/ods/queries/scheduled-scans/v1", "Query ScheduledScans.", "ods", [{ - "type": "string", - "description": "A FQL compatible query string. Terms: [id cid description initiated_from status schedule.start_timestamp schedule.Interval created_on created_by last_updated deleted]", - "name": "filter", - "in": "query", - "allowEmptyValue": 1 - }, { - "type": "integer", - "default": 0, - "description": "Index of the starting resource", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "default": 500, - "description": "The max number of resources to return", - "name": "limit", - "in": "query" - }, { - "enum": ["id|asc", "id|desc", "description.keyword|asc", "description.keyword|desc", "status|asc", "status|desc", "schedule.start_timestamp|asc", "schedule.start_timestamp|desc", "schedule.interval|asc", "schedule.interval|desc", "created_on|asc", "created_on|desc", "created_by|asc", "created_by|desc", "last_updated|asc", "last_updated|desc"], - "type": "string", - "default": "schedule.start_timestamp|desc", - "description": "The property to sort on, followed by a |, followed by the sort direction, either \"asc\" or \"desc\"", - "name": "sort", - "in": "query", - "allowEmptyValue": 1 - }]] -]; \ No newline at end of file + [ + "aggregate_query_scan_host_metadata", + "POST", + "/ods/aggregates/scan-hosts/v1", + "Get aggregates on ODS scan-hosts data.", + "ods", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "aggregate_scans", + "POST", + "/ods/aggregates/scans/v1", + "Get aggregates on ODS scan data.", + "ods", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "aggregate_scheduled_scans", + "POST", + "/ods/aggregates/scheduled-scans/v1", + "Get aggregates on ODS scheduled-scan data.", + "ods", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "get_malicious_files_by_ids", + "GET", + "/ods/entities/malicious-files/v1", + "Get malicious files by ids.", + "ods", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The scan IDs to retrieve the scan entities", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "cancel_scans", + "POST", + "/ods/entities/scan-control-actions/cancel/v1", + "Cancel ODS scans for the given scan ids.", + "ods", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "get_scan_host_metadata_by_ids", + "GET", + "/ods/entities/scan-hosts/v1", + "Get scan hosts by ids.", + "ods", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The scan IDs to retrieve the scan entities", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "get_scans_by_scan_ids", + "GET", + "/ods/entities/scans/v1", + "Get Scans by IDs.", + "ods", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The scan IDs to retrieve the scan entities", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "create_scan", + "POST", + "/ods/entities/scans/v1", + "Create ODS scan and start or schedule scan for the given scan request.", + "ods", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "get_scheduled_scans_by_scan_ids", + "GET", + "/ods/entities/scheduled-scans/v1", + "Get ScheduledScans by IDs.", + "ods", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The scan IDs to retrieve the scan entities", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "schedule_scan", + "POST", + "/ods/entities/scheduled-scans/v1", + "Create ODS scan and start or schedule scan for the given scan request.", + "ods", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "delete_scheduled_scans", + "DELETE", + "/ods/entities/scheduled-scans/v1", + "Delete ODS scheduled-scans for the given scheduled-scan ids.", + "ods", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The scan IDs to retrieve the scan entities", + name: "ids", + in: "query", + required: 1, + }, + { + type: "string", + description: "A FQL compatible query string.", + name: "filter", + in: "query", + }, + ], + ], + [ + "query_malicious_files", + "GET", + "/ods/queries/malicious-files/v1", + "Query malicious files.", + "ods", + [ + { + type: "string", + description: "A FQL compatible query string. Terms: [id cid scan_id host_id host_scan_id filepath filename hash pattern_id severity quarantined last_updated]", + name: "filter", + in: "query", + allowEmptyValue: 1, + }, + { + type: "integer", + default: 0, + description: "Index of the starting resource", + name: "offset", + in: "query", + }, + { + type: "integer", + default: 500, + description: "The max number of resources to return", + name: "limit", + in: "query", + }, + { + enum: [ + "id|asc", + "id|desc", + "scan_id|asc", + "scan_id|desc", + "host_id|asc", + "host_id|desc", + "host_scan_id|asc", + "host_scan_id|desc", + "filename|asc", + "filename|desc", + "hash|asc", + "hash|desc", + "pattern_id|asc", + "pattern_id|desc", + "severity|asc", + "severity|desc", + "last_updated|asc", + "last_updated|desc", + ], + type: "string", + default: "last_updated|desc", + description: 'The property to sort on, followed by a |, followed by the sort direction, either "asc" or "desc"', + name: "sort", + in: "query", + allowEmptyValue: 1, + }, + ], + ], + [ + "query_scan_host_metadata", + "GET", + "/ods/queries/scan-hosts/v1", + "Query scan hosts.", + "ods", + [ + { + type: "string", + description: + "A FQL compatible query string. Terms: [id cid profile_id host_id scan_id host_scan_id filecount.scanned filecount.malicious filecount.quarantined filecount.skipped affected_hosts_count status severity completed_on started_on last_updated]", + name: "filter", + in: "query", + allowEmptyValue: 1, + }, + { + type: "integer", + default: 0, + description: "Index of the starting resource", + name: "offset", + in: "query", + }, + { + type: "integer", + default: 500, + description: "The max number of resources to return", + name: "limit", + in: "query", + }, + { + enum: [ + "id|asc", + "id|desc", + "scan_id|asc", + "scan_id|desc", + "host_id|asc", + "host_id|desc", + "filecount.scanned|asc", + "filecount.scanned|desc", + "filecount.malicious|asc", + "filecount.malicious|desc", + "filecount.quarantined|asc", + "filecount.quarantined|desc", + "filecount.skipped|asc", + "filecount.skipped|desc", + "status|asc", + "status|desc", + "severity|asc", + "severity|desc", + "started_on|asc", + "started_on|desc", + "completed_on|asc", + "completed_on|desc", + "last_updated|asc", + "last_updated|desc", + ], + type: "string", + default: "last_updated|desc", + description: 'The property to sort on, followed by a |, followed by the sort direction, either "asc" or "desc"', + name: "sort", + in: "query", + allowEmptyValue: 1, + }, + ], + ], + [ + "query_scans", + "GET", + "/ods/queries/scans/v1", + "Query Scans.", + "ods", + [ + { + type: "string", + description: + "A FQL compatible query string. Terms: [id cid profile_id description.keyword initiated_from filecount.scanned filecount.malicious filecount.quarantined filecount.skipped affected_hosts_count status severity scan_started_on scan_completed_on created_on created_by last_updated]", + name: "filter", + in: "query", + allowEmptyValue: 1, + }, + { + type: "integer", + default: 0, + description: "Index of the starting resource", + name: "offset", + in: "query", + }, + { + type: "integer", + default: 500, + description: "The max number of resources to return", + name: "limit", + in: "query", + }, + { + enum: [ + "id|asc", + "id|desc", + "initiated_from|asc", + "initiated_from|desc", + "description.keyword|asc", + "description.keyword|desc", + "filecount.scanned|asc", + "filecount.scanned|desc", + "filecount.malicious|asc", + "filecount.malicious|desc", + "filecount.quarantined|asc", + "filecount.quarantined|desc", + "filecount.skipped|asc", + "filecount.skipped|desc", + "affected_hosts_count|asc", + "affected_hosts_count|desc", + "status|asc", + "status|desc", + "severity|asc", + "severity|desc", + "scan_started_on|asc", + "scan_started_on|desc", + "scan_completed_on|asc", + "scan_completed_on|desc", + "created_on|asc", + "created_on|desc", + "created_by|asc", + "created_by|desc", + "last_updated|asc", + "last_updated|desc", + ], + type: "string", + default: "created_on|desc", + description: 'The property to sort on, followed by a |, followed by the sort direction, either "asc" or "desc"', + name: "sort", + in: "query", + allowEmptyValue: 1, + }, + ], + ], + [ + "query_scheduled_scans", + "GET", + "/ods/queries/scheduled-scans/v1", + "Query ScheduledScans.", + "ods", + [ + { + type: "string", + description: "A FQL compatible query string. Terms: [id cid description initiated_from status schedule.start_timestamp schedule.Interval created_on created_by last_updated deleted]", + name: "filter", + in: "query", + allowEmptyValue: 1, + }, + { + type: "integer", + default: 0, + description: "Index of the starting resource", + name: "offset", + in: "query", + }, + { + type: "integer", + default: 500, + description: "The max number of resources to return", + name: "limit", + in: "query", + }, + { + enum: [ + "id|asc", + "id|desc", + "description.keyword|asc", + "description.keyword|desc", + "status|asc", + "status|desc", + "schedule.start_timestamp|asc", + "schedule.start_timestamp|desc", + "schedule.interval|asc", + "schedule.interval|desc", + "created_on|asc", + "created_on|desc", + "created_by|asc", + "created_by|desc", + "last_updated|asc", + "last_updated|desc", + ], + type: "string", + default: "schedule.start_timestamp|desc", + description: 'The property to sort on, followed by a |, followed by the sort direction, either "asc" or "desc"', + name: "sort", + in: "query", + allowEmptyValue: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/overwatch_dashboard.ts b/src/_endpoints/overwatch_dashboard.ts index 4a9be09f..f39a4a9d 100644 --- a/src/_endpoints/overwatch_dashboard.ts +++ b/src/_endpoints/overwatch_dashboard.ts @@ -3,35 +3,80 @@ * consumed and interpreted by Falcon.command(...) */ export const _overwatch_dashboard_endpoints: Array = [ - ["AggregatesDetectionsGlobalCounts", "GET", "/overwatch-dashboards/aggregates/detections-global-counts/v1", "Get the total number of detections pushed across all customers", "overwatch_dashboard", [{ - "type": "string", - "description": "An FQL filter string", - "name": "filter", - "in": "query", - "required": 1 - }]], - ["AggregatesEventsCollections", "POST", "/overwatch-dashboards/aggregates/events-collections/GET/v1", "Get OverWatch detection event collection info by providing an aggregate query", "overwatch_dashboard", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["AggregatesEvents", "POST", "/overwatch-dashboards/aggregates/events/GET/v1", "Get aggregate OverWatch detection event info by providing an aggregate query", "overwatch_dashboard", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["AggregatesIncidentsGlobalCounts", "GET", "/overwatch-dashboards/aggregates/incidents-global-counts/v1", "Get the total number of incidents pushed across all customers", "overwatch_dashboard", [{ - "type": "string", - "description": "An FQL filter string", - "name": "filter", - "in": "query", - "required": 1 - }]], - ["AggregatesOWEventsGlobalCounts", "GET", "/overwatch-dashboards/aggregates/ow-events-global-counts/v1", "Get the total number of OverWatch events across all customers", "overwatch_dashboard", [{ - "type": "string", - "description": "An FQL filter string", - "name": "filter", - "in": "query", - "required": 1 - }]] -]; \ No newline at end of file + [ + "AggregatesDetectionsGlobalCounts", + "GET", + "/overwatch-dashboards/aggregates/detections-global-counts/v1", + "Get the total number of detections pushed across all customers", + "overwatch_dashboard", + [ + { + type: "string", + description: "An FQL filter string", + name: "filter", + in: "query", + required: 1, + }, + ], + ], + [ + "AggregatesEventsCollections", + "POST", + "/overwatch-dashboards/aggregates/events-collections/GET/v1", + "Get OverWatch detection event collection info by providing an aggregate query", + "overwatch_dashboard", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "AggregatesEvents", + "POST", + "/overwatch-dashboards/aggregates/events/GET/v1", + "Get aggregate OverWatch detection event info by providing an aggregate query", + "overwatch_dashboard", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "AggregatesIncidentsGlobalCounts", + "GET", + "/overwatch-dashboards/aggregates/incidents-global-counts/v1", + "Get the total number of incidents pushed across all customers", + "overwatch_dashboard", + [ + { + type: "string", + description: "An FQL filter string", + name: "filter", + in: "query", + required: 1, + }, + ], + ], + [ + "AggregatesOWEventsGlobalCounts", + "GET", + "/overwatch-dashboards/aggregates/ow-events-global-counts/v1", + "Get the total number of OverWatch events across all customers", + "overwatch_dashboard", + [ + { + type: "string", + description: "An FQL filter string", + name: "filter", + in: "query", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/prevention_policies.ts b/src/_endpoints/prevention_policies.ts index ee3d3153..8e397cbc 100644 --- a/src/_endpoints/prevention_policies.ts +++ b/src/_endpoints/prevention_policies.ts @@ -3,161 +3,300 @@ * consumed and interpreted by Falcon.command(...) */ export const _prevention_policies_endpoints: Array = [ - ["queryCombinedPreventionPolicyMembers", "GET", "/policy/combined/prevention-members/v1", "Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", "prevention_policies", [{ - "type": "string", - "description": "The ID of the Prevention Policy to search for members of", - "name": "id", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["queryCombinedPreventionPolicies", "GET", "/policy/combined/prevention/v1", "Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria", "prevention_policies", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["performPreventionPoliciesAction", "POST", "/policy/entities/prevention-actions/v1", "Perform the specified action on the Prevention Policies specified in the request", "prevention_policies", [{ - "enum": ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], - "type": "string", - "description": "The action to perform", - "name": "action_name", - "in": "query", - "required": 1 - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["setPreventionPoliciesPrecedence", "POST", "/policy/entities/prevention-precedence/v1", "Sets the precedence of Prevention Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence", "prevention_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["getPreventionPolicies", "GET", "/policy/entities/prevention/v1", "Retrieve a set of Prevention Policies by specifying their IDs", "prevention_policies", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the Prevention Policies to return", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["createPreventionPolicies", "POST", "/policy/entities/prevention/v1", "Create Prevention Policies by specifying details about the policy to create", "prevention_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["updatePreventionPolicies", "PATCH", "/policy/entities/prevention/v1", "Update Prevention Policies by specifying the ID of the policy and details to update", "prevention_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["deletePreventionPolicies", "DELETE", "/policy/entities/prevention/v1", "Delete a set of Prevention Policies by specifying their IDs", "prevention_policies", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the Prevention Policies to delete", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["queryPreventionPolicyMembers", "GET", "/policy/queries/prevention-members/v1", "Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria", "prevention_policies", [{ - "type": "string", - "description": "The ID of the Prevention Policy to search for members of", - "name": "id", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["queryPreventionPolicies", "GET", "/policy/queries/prevention/v1", "Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria", "prevention_policies", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]] -]; \ No newline at end of file + [ + "queryCombinedPreventionPolicyMembers", + "GET", + "/policy/combined/prevention-members/v1", + "Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", + "prevention_policies", + [ + { + type: "string", + description: "The ID of the Prevention Policy to search for members of", + name: "id", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "queryCombinedPreventionPolicies", + "GET", + "/policy/combined/prevention/v1", + "Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria", + "prevention_policies", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + enum: [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "enabled.asc", + "enabled.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc", + "platform_name.asc", + "platform_name.desc", + "precedence.asc", + "precedence.desc", + ], + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "performPreventionPoliciesAction", + "POST", + "/policy/entities/prevention-actions/v1", + "Perform the specified action on the Prevention Policies specified in the request", + "prevention_policies", + [ + { + enum: ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], + type: "string", + description: "The action to perform", + name: "action_name", + in: "query", + required: 1, + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "setPreventionPoliciesPrecedence", + "POST", + "/policy/entities/prevention-precedence/v1", + "Sets the precedence of Prevention Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence", + "prevention_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "getPreventionPolicies", + "GET", + "/policy/entities/prevention/v1", + "Retrieve a set of Prevention Policies by specifying their IDs", + "prevention_policies", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the Prevention Policies to return", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createPreventionPolicies", + "POST", + "/policy/entities/prevention/v1", + "Create Prevention Policies by specifying details about the policy to create", + "prevention_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updatePreventionPolicies", + "PATCH", + "/policy/entities/prevention/v1", + "Update Prevention Policies by specifying the ID of the policy and details to update", + "prevention_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deletePreventionPolicies", + "DELETE", + "/policy/entities/prevention/v1", + "Delete a set of Prevention Policies by specifying their IDs", + "prevention_policies", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the Prevention Policies to delete", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "queryPreventionPolicyMembers", + "GET", + "/policy/queries/prevention-members/v1", + "Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria", + "prevention_policies", + [ + { + type: "string", + description: "The ID of the Prevention Policy to search for members of", + name: "id", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "queryPreventionPolicies", + "GET", + "/policy/queries/prevention/v1", + "Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria", + "prevention_policies", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + enum: [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "enabled.asc", + "enabled.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc", + "platform_name.asc", + "platform_name.desc", + "precedence.asc", + "precedence.desc", + ], + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/quarantine.ts b/src/_endpoints/quarantine.ts index 4caabd3c..a4f7a6ec 100644 --- a/src/_endpoints/quarantine.ts +++ b/src/_endpoints/quarantine.ts @@ -3,57 +3,117 @@ * consumed and interpreted by Falcon.command(...) */ export const _quarantine_endpoints: Array = [ - ["ActionUpdateCount", "GET", "/quarantine/aggregates/action-update-count/v1", "Returns count of potentially affected quarantined files for each action.", "quarantine", [{ - "type": "string", - "description": "FQL specifying filter parameters.", - "name": "filter", - "in": "query", - "required": 1 - }]], - ["GetAggregateFiles", "POST", "/quarantine/aggregates/quarantined-files/GET/v1", "Get quarantine file aggregates as specified via json in request body.", "quarantine", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetQuarantineFiles", "POST", "/quarantine/entities/quarantined-files/GET/v1", "Get quarantine file metadata for specified ids.", "quarantine", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["UpdateQuarantinedDetectsByIds", "PATCH", "/quarantine/entities/quarantined-files/v1", "Apply action by quarantine file ids", "quarantine", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["QueryQuarantineFiles", "GET", "/quarantine/queries/quarantined-files/v1", "Get quarantine file ids that match the provided filter criteria.", "quarantine", [{ - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Possible order by fields: hostname, username, date_updated, date_created, paths.path, state, paths.state. Ex: 'date_created|asc'.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters. Special value '*' means to not filter on anything. Filter term criteria: status, adversary_id, device.device_id, device.country, device.hostname, behaviors.behavior_id, behaviors.ioc_type, behaviors.ioc_value, behaviors.username, behaviors.tree_root_hash. Filter range criteria:, max_severity, max_confidence, first_behavior, last_behavior.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match phrase_prefix query criteria; included fields: _all (all filter string fields), sha256, state, paths.path, paths.state, hostname, username, date_updated, date_created.", - "name": "q", - "in": "query" - }]], - ["UpdateQfByQuery", "PATCH", "/quarantine/queries/quarantined-files/v1", "Apply quarantine file actions by query.", "quarantine", [{ - "name": "body", - "in": "body", - "required": 1 - }]] -]; \ No newline at end of file + [ + "ActionUpdateCount", + "GET", + "/quarantine/aggregates/action-update-count/v1", + "Returns count of potentially affected quarantined files for each action.", + "quarantine", + [ + { + type: "string", + description: "FQL specifying filter parameters.", + name: "filter", + in: "query", + required: 1, + }, + ], + ], + [ + "GetAggregateFiles", + "POST", + "/quarantine/aggregates/quarantined-files/GET/v1", + "Get quarantine file aggregates as specified via json in request body.", + "quarantine", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetQuarantineFiles", + "POST", + "/quarantine/entities/quarantined-files/GET/v1", + "Get quarantine file metadata for specified ids.", + "quarantine", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "UpdateQuarantinedDetectsByIds", + "PATCH", + "/quarantine/entities/quarantined-files/v1", + "Apply action by quarantine file ids", + "quarantine", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "QueryQuarantineFiles", + "GET", + "/quarantine/queries/quarantined-files/v1", + "Get quarantine file ids that match the provided filter criteria.", + "quarantine", + [ + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Possible order by fields: hostname, username, date_updated, date_created, paths.path, state, paths.state. Ex: 'date_created|asc'.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "FQL query specifying the filter parameters. Special value '*' means to not filter on anything. Filter term criteria: status, adversary_id, device.device_id, device.country, device.hostname, behaviors.behavior_id, behaviors.ioc_type, behaviors.ioc_value, behaviors.username, behaviors.tree_root_hash. Filter range criteria:, max_severity, max_confidence, first_behavior, last_behavior.", + name: "filter", + in: "query", + }, + { + type: "string", + description: + "Match phrase_prefix query criteria; included fields: _all (all filter string fields), sha256, state, paths.path, paths.state, hostname, username, date_updated, date_created.", + name: "q", + in: "query", + }, + ], + ], + [ + "UpdateQfByQuery", + "PATCH", + "/quarantine/queries/quarantined-files/v1", + "Apply quarantine file actions by query.", + "quarantine", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/quick_scan.ts b/src/_endpoints/quick_scan.ts index c0be145d..7a6bd16e 100644 --- a/src/_endpoints/quick_scan.ts +++ b/src/_endpoints/quick_scan.ts @@ -3,47 +3,87 @@ * consumed and interpreted by Falcon.command(...) */ export const _quick_scan_endpoints: Array = [ - ["GetScansAggregates", "POST", "/scanner/aggregates/scans/GET/v1", "Get scans aggregations as specified via json in request body.", "quick_scan", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetScans", "GET", "/scanner/entities/scans/v1", "Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute", "quick_scan", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "ID of a submitted scan", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["ScanSamples", "POST", "/scanner/entities/scans/v1", "Submit a volume of files for ml scanning. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute", "quick_scan", [{ - "description": "Submit a batch of SHA256s for ml scanning. The samples must have been previously uploaded through `/samples/entities/samples/v3`", - "name": "body", - "in": "body", - "required": 1 - }]], - ["QuerySubmissionsMixin0", "GET", "/scanner/queries/scans/v1", "Find IDs for submitted scans by providing an FQL filter and paging details. Returns a set of volume IDs that match your criteria.", "quick_scan", [{ - "type": "string", - "description": "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "The offset to start retrieving submissions from.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Maximum number of volume IDs to return. Max: 5000.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort order: `asc` or `desc`.", - "name": "sort", - "in": "query" - }]] -]; \ No newline at end of file + [ + "GetScansAggregates", + "POST", + "/scanner/aggregates/scans/GET/v1", + "Get scans aggregations as specified via json in request body.", + "quick_scan", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetScans", + "GET", + "/scanner/entities/scans/v1", + "Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute", + "quick_scan", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "ID of a submitted scan", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "ScanSamples", + "POST", + "/scanner/entities/scans/v1", + "Submit a volume of files for ml scanning. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute", + "quick_scan", + [ + { + description: "Submit a batch of SHA256s for ml scanning. The samples must have been previously uploaded through `/samples/entities/samples/v3`", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "QuerySubmissionsMixin0", + "GET", + "/scanner/queries/scans/v1", + "Find IDs for submitted scans by providing an FQL filter and paging details. Returns a set of volume IDs that match your criteria.", + "quick_scan", + [ + { + type: "string", + description: + "Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "The offset to start retrieving submissions from.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Maximum number of volume IDs to return. Max: 5000.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort order: `asc` or `desc`.", + name: "sort", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/real_time_response.ts b/src/_endpoints/real_time_response.ts index 986ad2fd..732f235b 100644 --- a/src/_endpoints/real_time_response.ts +++ b/src/_endpoints/real_time_response.ts @@ -3,318 +3,567 @@ * consumed and interpreted by Falcon.command(...) */ export const _real_time_response_endpoints: Array = [ - ["RTR_AggregateSessions", "POST", "/real-time-response/aggregates/sessions/GET/v1", "Get aggregates on session data.", "real_time_response", [{ - "description": "Supported aggregations: \n- `term`\n- `date_range`\n\nSupported aggregation members:\n\n**`date_ranges`** If peforming a date range query specify the **`from`** and **`to`** date ranges. These can be in common date formats like `2019-07-18` or `now`\n**`field`** Term you want to aggregate on. If doing a `date_range` query, this is the date field you want to apply the date ranges to\n**`filter`** Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).\n**`name`** Name of the aggregation\n**`size`** Size limit to apply to the queries.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["BatchActiveResponderCmd", "POST", "/real-time-response/combined/batch-active-responder-command/v1", "Batch executes a RTR active-responder command across the hosts mapped to the given batch ID.", "real_time_response", [{ - "type": "integer", - "default": 30, - "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", - "name": "timeout", - "in": "query" - }, { - "type": "string", - "default": "30s", - "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", - "name": "timeout_duration", - "in": "query" - }, { - "type": "string", - "default": "tiny bit less than overall request timeout", - "description": "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", - "name": "host_timeout_duration", - "in": "query" - }, { - "description": "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `cp`\n- `encrypt`\n- `env`\n- `eventlog`\n- `filehash`\n- `get`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `kill`\n- `ls`\n- `map`\n- `memdump`\n- `mkdir`\n- `mount`\n- `mv`\n- `netstat`\n- `ps`\n- `reg query`\n- `reg set`\n- `reg delete`\n- `reg load`\n- `reg unload`\n- `restart`\n- `rm`\n- `runscript`\n- `shutdown`\n- `unmap`\n- `update history`\n- `update install`\n- `update list`\n- `update query`\n- `xmemdump`\n- `zip`\n\n**`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands.\n**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`command_string`** Full command string for the command. For example `get some_file.txt`\n**`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["BatchCmd", "POST", "/real-time-response/combined/batch-command/v1", "Batch executes a RTR read-only command across the hosts mapped to the given batch ID.", "real_time_response", [{ - "type": "integer", - "default": 30, - "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", - "name": "timeout", - "in": "query" - }, { - "type": "string", - "default": "30s", - "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", - "name": "timeout_duration", - "in": "query" - }, { - "type": "string", - "default": "tiny bit less than overall request timeout", - "description": "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", - "name": "host_timeout_duration", - "in": "query" - }, { - "description": "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `env`\n- `eventlog`\n- `filehash`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `ls`\n- `mount`\n- `netstat`\n- `ps`\n- `reg query`\n\n**`base_command`** read-only command type we are going to execute, for example: `ls` or `cd`. Refer to the RTR documentation for the full list of commands.\n**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`command_string`** Full command string for the command. For example `cd C:\\some_directory`\n**`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["BatchGetCmdStatus", "GET", "/real-time-response/combined/batch-get-command/v1", "Retrieves the status of the specified batch get command. Will return successful files when they are finished processing.", "real_time_response", [{ - "type": "integer", - "default": 30, - "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", - "name": "timeout", - "in": "query" - }, { - "type": "string", - "default": "30s", - "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", - "name": "timeout_duration", - "in": "query" - }, { - "type": "string", - "description": "Batch Get Command Request ID received from `/real-time-response/combined/get-command/v1`", - "name": "batch_get_cmd_req_id", - "in": "query", - "required": 1 - }]], - ["BatchGetCmd", "POST", "/real-time-response/combined/batch-get-command/v1", "Batch executes `get` command across hosts to retrieve files. After this call is made `GET /real-time-response/combined/batch-get-command/v1` is used to query for the results.", "real_time_response", [{ - "type": "integer", - "default": 30, - "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", - "name": "timeout", - "in": "query" - }, { - "type": "string", - "default": "30s", - "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", - "name": "timeout_duration", - "in": "query" - }, { - "type": "string", - "default": "tiny bit less than overall request timeout", - "description": "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", - "name": "host_timeout_duration", - "in": "query" - }, { - "description": "**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`file_path`** Full path to the file that is to be retrieved from each host in the batch.\n**`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["BatchInitSessions", "POST", "/real-time-response/combined/batch-init-session/v1", "Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host.", "real_time_response", [{ - "type": "integer", - "default": 30, - "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", - "name": "timeout", - "in": "query" - }, { - "type": "string", - "default": "30s", - "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", - "name": "timeout_duration", - "in": "query" - }, { - "type": "string", - "default": "tiny bit less than overall request timeout", - "description": "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", - "name": "host_timeout_duration", - "in": "query" - }, { - "description": "**`host_ids`** List of host agent ID's to initialize a RTR session on\n**`existing_batch_id`** Optional batch ID. Use an existing batch ID if you want to initialize new hosts and add them to the existing batch", - "name": "body", - "in": "body", - "required": 1 - }]], - ["BatchRefreshSessions", "POST", "/real-time-response/combined/batch-refresh-session/v1", "Batch refresh a RTR session on multiple hosts. RTR sessions will expire after 10 minutes unless refreshed.", "real_time_response", [{ - "type": "integer", - "default": 30, - "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", - "name": "timeout", - "in": "query" - }, { - "type": "string", - "default": "30s", - "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", - "name": "timeout_duration", - "in": "query" - }, { - "description": "**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`hosts_to_remove`** Hosts to remove from the batch session. Heartbeats will no longer happen on these hosts and the sessions will expire.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["RTR_CheckActiveResponderCommandStatus", "GET", "/real-time-response/entities/active-responder-command/v1", "Get status of an executed active-responder command on a single host.", "real_time_response", [{ - "type": "string", - "description": "Cloud Request ID of the executed command to query", - "name": "cloud_request_id", - "in": "query", - "required": 1 - }, { - "type": "integer", - "default": 0, - "description": "Sequence ID that we want to retrieve. Command responses are chunked across sequences", - "name": "sequence_id", - "in": "query", - "required": 1 - }]], - ["RTR_ExecuteActiveResponderCommand", "POST", "/real-time-response/entities/active-responder-command/v1", "Execute an active responder command on a single host.", "real_time_response", [{ - "description": "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `cp`\n- `encrypt`\n- `env`\n- `eventlog`\n- `filehash`\n- `get`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `kill`\n- `ls`\n- `map`\n- `memdump`\n- `mkdir`\n- `mount`\n- `mv`\n- `netstat`\n- `ps`\n- `reg query`\n- `reg set`\n- `reg delete`\n- `reg load`\n- `reg unload`\n- `restart`\n- `rm`\n- `runscript`\n- `shutdown`\n- `unmap`\n- `update history`\n- `update install`\n- `update list`\n- `update query`\n- `xmemdump`\n- `zip`\n\nRequired values. The rest of the fields are unused.\n**`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands.\n**`command_string`** Full command string for the command. For example `get some_file.txt`\n**`session_id`** RTR session ID to run the command on", - "name": "body", - "in": "body", - "required": 1 - }]], - ["RTR_CheckCommandStatus", "GET", "/real-time-response/entities/command/v1", "Get status of an executed command on a single host.", "real_time_response", [{ - "type": "string", - "description": "Cloud Request ID of the executed command to query", - "name": "cloud_request_id", - "in": "query", - "required": 1 - }, { - "type": "integer", - "default": 0, - "description": "Sequence ID that we want to retrieve. Command responses are chunked across sequences", - "name": "sequence_id", - "in": "query", - "required": 1 - }]], - ["RTR_ExecuteCommand", "POST", "/real-time-response/entities/command/v1", "Execute a command on a single host.", "real_time_response", [{ - "description": "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `env`\n- `eventlog`\n- `filehash`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `ls`\n- `mount`\n- `netstat`\n- `ps`\n- `reg query`\n\nRequired values. The rest of the fields are unused.\n**`base_command`** read-only command type we are going to execute, for example: `ls` or `cd`. Refer to the RTR documentation for the full list of commands.\n**`command_string`** Full command string for the command. For example `cd C:\\some_directory`\n**`session_id`** RTR session ID to run the command on", - "name": "body", - "in": "body", - "required": 1 - }]], - ["RTR_GetExtractedFileContents", "GET", "/real-time-response/entities/extracted-file-contents/v1", "Get RTR extracted file contents for specified session and sha256.", "real_time_response", [{ - "type": "string", - "description": "RTR Session id", - "name": "session_id", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Extracted SHA256 (e.g. 'efa256a96af3b556cd3fc9d8b1cf587d72807d7805ced441e8149fc279db422b')", - "name": "sha256", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Filename to use for the archive name and the file within the archive.", - "name": "filename", - "in": "query" - }]], - ["RTR_ListFiles", "GET", "/real-time-response/entities/file/v1", "Get a list of files for the specified RTR session.", "real_time_response", [{ - "type": "string", - "description": "RTR Session id", - "name": "session_id", - "in": "query", - "required": 1 - }]], - ["RTR_DeleteFile", "DELETE", "/real-time-response/entities/file/v1", "Delete a RTR session file.", "real_time_response", [{ - "type": "string", - "description": "RTR Session file id", - "name": "ids", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "RTR Session id", - "name": "session_id", - "in": "query", - "required": 1 - }]], - ["RTR_ListFilesV2", "GET", "/real-time-response/entities/file/v2", "Get a list of files for the specified RTR session.", "real_time_response", [{ - "type": "string", - "description": "RTR Session id", - "name": "session_id", - "in": "query", - "required": 1 - }]], - ["RTR_DeleteFileV2", "DELETE", "/real-time-response/entities/file/v2", "Delete a RTR session file.", "real_time_response", [{ - "type": "string", - "description": "RTR Session file id", - "name": "ids", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "RTR Session id", - "name": "session_id", - "in": "query", - "required": 1 - }]], - ["RTR_ListQueuedSessions", "POST", "/real-time-response/entities/queued-sessions/GET/v1", "Get queued session metadata by session ID.", "real_time_response", [{ - "description": "**`ids`** List of RTR sessions to retrieve. RTR will only return the sessions that were created by the calling user", - "name": "body", - "in": "body", - "required": 1 - }]], - ["RTR_DeleteQueuedSession", "DELETE", "/real-time-response/entities/queued-sessions/command/v1", "Delete a queued session command", "real_time_response", [{ - "type": "string", - "description": "RTR Session id", - "name": "session_id", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Cloud Request ID of the executed command to query", - "name": "cloud_request_id", - "in": "query", - "required": 1 - }]], - ["RTR_PulseSession", "POST", "/real-time-response/entities/refresh-session/v1", "Refresh a session timeout on a single host.", "real_time_response", [{ - "description": "**`device_id`** The host agent ID to refresh the RTR session on. RTR will retrieve an existing session for the calling user on this host", - "name": "body", - "in": "body", - "required": 1 - }]], - ["RTR_ListSessions", "POST", "/real-time-response/entities/sessions/GET/v1", "Get session metadata by session id.", "real_time_response", [{ - "description": "**`ids`** List of RTR sessions to retrieve. RTR will only return the sessions that were created by the calling user", - "name": "body", - "in": "body", - "required": 1 - }]], - ["RTR_InitSession", "POST", "/real-time-response/entities/sessions/v1", "Initialize a new session with the RTR cloud.", "real_time_response", [{ - "type": "integer", - "default": 30, - "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", - "name": "timeout", - "in": "query" - }, { - "type": "string", - "default": "30s", - "description": "Timeout duration for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", - "name": "timeout_duration", - "in": "query" - }, { - "description": "**`device_id`** The host agent ID to initialize the RTR session on. RTR will retrieve an existing session for the calling user on this host\n**`queue_offline`** If we should queue this session if the host is offline. Any commands run against an offline-queued session will be queued up and executed when the host comes online.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["RTR_DeleteSession", "DELETE", "/real-time-response/entities/sessions/v1", "Delete a session.", "real_time_response", [{ - "type": "string", - "description": "RTR Session id", - "name": "session_id", - "in": "query", - "required": 1 - }]], - ["RTR_ListAllSessions", "GET", "/real-time-response/queries/sessions/v1", "Get a list of session_ids.", "real_time_response", [{ - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort by spec. Ex: 'date_created|asc'.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).\u00a0\u201cuser_id\u201d can accept a special value \u2018@me\u2019 which will restrict results to records with current user\u2019s ID.", - "name": "filter", - "in": "query" - }]] -]; \ No newline at end of file + [ + "RTR_AggregateSessions", + "POST", + "/real-time-response/aggregates/sessions/GET/v1", + "Get aggregates on session data.", + "real_time_response", + [ + { + description: + "Supported aggregations: \n- `term`\n- `date_range`\n\nSupported aggregation members:\n\n**`date_ranges`** If peforming a date range query specify the **`from`** and **`to`** date ranges. These can be in common date formats like `2019-07-18` or `now`\n**`field`** Term you want to aggregate on. If doing a `date_range` query, this is the date field you want to apply the date ranges to\n**`filter`** Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).\n**`name`** Name of the aggregation\n**`size`** Size limit to apply to the queries.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "BatchActiveResponderCmd", + "POST", + "/real-time-response/combined/batch-active-responder-command/v1", + "Batch executes a RTR active-responder command across the hosts mapped to the given batch ID.", + "real_time_response", + [ + { + type: "integer", + default: 30, + description: "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + name: "timeout", + in: "query", + }, + { + type: "string", + default: "30s", + description: "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + name: "timeout_duration", + in: "query", + }, + { + type: "string", + default: "tiny bit less than overall request timeout", + description: + "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", + name: "host_timeout_duration", + in: "query", + }, + { + description: + "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `cp`\n- `encrypt`\n- `env`\n- `eventlog`\n- `filehash`\n- `get`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `kill`\n- `ls`\n- `map`\n- `memdump`\n- `mkdir`\n- `mount`\n- `mv`\n- `netstat`\n- `ps`\n- `reg query`\n- `reg set`\n- `reg delete`\n- `reg load`\n- `reg unload`\n- `restart`\n- `rm`\n- `runscript`\n- `shutdown`\n- `unmap`\n- `update history`\n- `update install`\n- `update list`\n- `update query`\n- `xmemdump`\n- `zip`\n\n**`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands.\n**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`command_string`** Full command string for the command. For example `get some_file.txt`\n**`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "BatchCmd", + "POST", + "/real-time-response/combined/batch-command/v1", + "Batch executes a RTR read-only command across the hosts mapped to the given batch ID.", + "real_time_response", + [ + { + type: "integer", + default: 30, + description: "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + name: "timeout", + in: "query", + }, + { + type: "string", + default: "30s", + description: "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + name: "timeout_duration", + in: "query", + }, + { + type: "string", + default: "tiny bit less than overall request timeout", + description: + "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", + name: "host_timeout_duration", + in: "query", + }, + { + description: + "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `env`\n- `eventlog`\n- `filehash`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `ls`\n- `mount`\n- `netstat`\n- `ps`\n- `reg query`\n\n**`base_command`** read-only command type we are going to execute, for example: `ls` or `cd`. Refer to the RTR documentation for the full list of commands.\n**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`command_string`** Full command string for the command. For example `cd C:\\some_directory`\n**`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "BatchGetCmdStatus", + "GET", + "/real-time-response/combined/batch-get-command/v1", + "Retrieves the status of the specified batch get command. Will return successful files when they are finished processing.", + "real_time_response", + [ + { + type: "integer", + default: 30, + description: "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + name: "timeout", + in: "query", + }, + { + type: "string", + default: "30s", + description: "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + name: "timeout_duration", + in: "query", + }, + { + type: "string", + description: "Batch Get Command Request ID received from `/real-time-response/combined/get-command/v1`", + name: "batch_get_cmd_req_id", + in: "query", + required: 1, + }, + ], + ], + [ + "BatchGetCmd", + "POST", + "/real-time-response/combined/batch-get-command/v1", + "Batch executes `get` command across hosts to retrieve files. After this call is made `GET /real-time-response/combined/batch-get-command/v1` is used to query for the results.", + "real_time_response", + [ + { + type: "integer", + default: 30, + description: "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + name: "timeout", + in: "query", + }, + { + type: "string", + default: "30s", + description: "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + name: "timeout_duration", + in: "query", + }, + { + type: "string", + default: "tiny bit less than overall request timeout", + description: + "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", + name: "host_timeout_duration", + in: "query", + }, + { + description: + "**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`file_path`** Full path to the file that is to be retrieved from each host in the batch.\n**`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "BatchInitSessions", + "POST", + "/real-time-response/combined/batch-init-session/v1", + "Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host.", + "real_time_response", + [ + { + type: "integer", + default: 30, + description: "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + name: "timeout", + in: "query", + }, + { + type: "string", + default: "30s", + description: "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + name: "timeout_duration", + in: "query", + }, + { + type: "string", + default: "tiny bit less than overall request timeout", + description: + "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", + name: "host_timeout_duration", + in: "query", + }, + { + description: + "**`host_ids`** List of host agent ID's to initialize a RTR session on\n**`existing_batch_id`** Optional batch ID. Use an existing batch ID if you want to initialize new hosts and add them to the existing batch", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "BatchRefreshSessions", + "POST", + "/real-time-response/combined/batch-refresh-session/v1", + "Batch refresh a RTR session on multiple hosts. RTR sessions will expire after 10 minutes unless refreshed.", + "real_time_response", + [ + { + type: "integer", + default: 30, + description: "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + name: "timeout", + in: "query", + }, + { + type: "string", + default: "30s", + description: "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + name: "timeout_duration", + in: "query", + }, + { + description: + "**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`hosts_to_remove`** Hosts to remove from the batch session. Heartbeats will no longer happen on these hosts and the sessions will expire.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "RTR_CheckActiveResponderCommandStatus", + "GET", + "/real-time-response/entities/active-responder-command/v1", + "Get status of an executed active-responder command on a single host.", + "real_time_response", + [ + { + type: "string", + description: "Cloud Request ID of the executed command to query", + name: "cloud_request_id", + in: "query", + required: 1, + }, + { + type: "integer", + default: 0, + description: "Sequence ID that we want to retrieve. Command responses are chunked across sequences", + name: "sequence_id", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_ExecuteActiveResponderCommand", + "POST", + "/real-time-response/entities/active-responder-command/v1", + "Execute an active responder command on a single host.", + "real_time_response", + [ + { + description: + "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `cp`\n- `encrypt`\n- `env`\n- `eventlog`\n- `filehash`\n- `get`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `kill`\n- `ls`\n- `map`\n- `memdump`\n- `mkdir`\n- `mount`\n- `mv`\n- `netstat`\n- `ps`\n- `reg query`\n- `reg set`\n- `reg delete`\n- `reg load`\n- `reg unload`\n- `restart`\n- `rm`\n- `runscript`\n- `shutdown`\n- `unmap`\n- `update history`\n- `update install`\n- `update list`\n- `update query`\n- `xmemdump`\n- `zip`\n\nRequired values. The rest of the fields are unused.\n**`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands.\n**`command_string`** Full command string for the command. For example `get some_file.txt`\n**`session_id`** RTR session ID to run the command on", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "RTR_CheckCommandStatus", + "GET", + "/real-time-response/entities/command/v1", + "Get status of an executed command on a single host.", + "real_time_response", + [ + { + type: "string", + description: "Cloud Request ID of the executed command to query", + name: "cloud_request_id", + in: "query", + required: 1, + }, + { + type: "integer", + default: 0, + description: "Sequence ID that we want to retrieve. Command responses are chunked across sequences", + name: "sequence_id", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_ExecuteCommand", + "POST", + "/real-time-response/entities/command/v1", + "Execute a command on a single host.", + "real_time_response", + [ + { + description: + "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `env`\n- `eventlog`\n- `filehash`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `ls`\n- `mount`\n- `netstat`\n- `ps`\n- `reg query`\n\nRequired values. The rest of the fields are unused.\n**`base_command`** read-only command type we are going to execute, for example: `ls` or `cd`. Refer to the RTR documentation for the full list of commands.\n**`command_string`** Full command string for the command. For example `cd C:\\some_directory`\n**`session_id`** RTR session ID to run the command on", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "RTR_GetExtractedFileContents", + "GET", + "/real-time-response/entities/extracted-file-contents/v1", + "Get RTR extracted file contents for specified session and sha256.", + "real_time_response", + [ + { + type: "string", + description: "RTR Session id", + name: "session_id", + in: "query", + required: 1, + }, + { + type: "string", + description: "Extracted SHA256 (e.g. 'efa256a96af3b556cd3fc9d8b1cf587d72807d7805ced441e8149fc279db422b')", + name: "sha256", + in: "query", + required: 1, + }, + { + type: "string", + description: "Filename to use for the archive name and the file within the archive.", + name: "filename", + in: "query", + }, + ], + ], + [ + "RTR_ListFiles", + "GET", + "/real-time-response/entities/file/v1", + "Get a list of files for the specified RTR session.", + "real_time_response", + [ + { + type: "string", + description: "RTR Session id", + name: "session_id", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_DeleteFile", + "DELETE", + "/real-time-response/entities/file/v1", + "Delete a RTR session file.", + "real_time_response", + [ + { + type: "string", + description: "RTR Session file id", + name: "ids", + in: "query", + required: 1, + }, + { + type: "string", + description: "RTR Session id", + name: "session_id", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_ListFilesV2", + "GET", + "/real-time-response/entities/file/v2", + "Get a list of files for the specified RTR session.", + "real_time_response", + [ + { + type: "string", + description: "RTR Session id", + name: "session_id", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_DeleteFileV2", + "DELETE", + "/real-time-response/entities/file/v2", + "Delete a RTR session file.", + "real_time_response", + [ + { + type: "string", + description: "RTR Session file id", + name: "ids", + in: "query", + required: 1, + }, + { + type: "string", + description: "RTR Session id", + name: "session_id", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_ListQueuedSessions", + "POST", + "/real-time-response/entities/queued-sessions/GET/v1", + "Get queued session metadata by session ID.", + "real_time_response", + [ + { + description: "**`ids`** List of RTR sessions to retrieve. RTR will only return the sessions that were created by the calling user", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "RTR_DeleteQueuedSession", + "DELETE", + "/real-time-response/entities/queued-sessions/command/v1", + "Delete a queued session command", + "real_time_response", + [ + { + type: "string", + description: "RTR Session id", + name: "session_id", + in: "query", + required: 1, + }, + { + type: "string", + description: "Cloud Request ID of the executed command to query", + name: "cloud_request_id", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_PulseSession", + "POST", + "/real-time-response/entities/refresh-session/v1", + "Refresh a session timeout on a single host.", + "real_time_response", + [ + { + description: "**`device_id`** The host agent ID to refresh the RTR session on. RTR will retrieve an existing session for the calling user on this host", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "RTR_ListSessions", + "POST", + "/real-time-response/entities/sessions/GET/v1", + "Get session metadata by session id.", + "real_time_response", + [ + { + description: "**`ids`** List of RTR sessions to retrieve. RTR will only return the sessions that were created by the calling user", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "RTR_InitSession", + "POST", + "/real-time-response/entities/sessions/v1", + "Initialize a new session with the RTR cloud.", + "real_time_response", + [ + { + type: "integer", + default: 30, + description: "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + name: "timeout", + in: "query", + }, + { + type: "string", + default: "30s", + description: "Timeout duration for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + name: "timeout_duration", + in: "query", + }, + { + description: + "**`device_id`** The host agent ID to initialize the RTR session on. RTR will retrieve an existing session for the calling user on this host\n**`queue_offline`** If we should queue this session if the host is offline. Any commands run against an offline-queued session will be queued up and executed when the host comes online.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "RTR_DeleteSession", + "DELETE", + "/real-time-response/entities/sessions/v1", + "Delete a session.", + "real_time_response", + [ + { + type: "string", + description: "RTR Session id", + name: "session_id", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_ListAllSessions", + "GET", + "/real-time-response/queries/sessions/v1", + "Get a list of session_ids.", + "real_time_response", + [ + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort by spec. Ex: 'date_created|asc'.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).\u00a0\u201cuser_id\u201d can accept a special value \u2018@me\u2019 which will restrict results to records with current user\u2019s ID.", + name: "filter", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/real_time_response_admin.ts b/src/_endpoints/real_time_response_admin.ts index d8f81857..64c9bbd6 100644 --- a/src/_endpoints/real_time_response_admin.ts +++ b/src/_endpoints/real_time_response_admin.ts @@ -3,266 +3,425 @@ * consumed and interpreted by Falcon.command(...) */ export const _real_time_response_admin_endpoints: Array = [ - ["BatchAdminCmd", "POST", "/real-time-response/combined/batch-admin-command/v1", "Batch executes a RTR administrator command across the hosts mapped to the given batch ID.", "real_time_response_admin", [{ - "type": "integer", - "default": 30, - "description": "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", - "name": "timeout", - "in": "query" - }, { - "type": "string", - "default": "30s", - "description": "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", - "name": "timeout_duration", - "in": "query" - }, { - "type": "string", - "default": "tiny bit less than overall request timeout", - "description": "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", - "name": "host_timeout_duration", - "in": "query" - }, { - "description": "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `cp`\n- `encrypt`\n- `env`\n- `eventlog`\n- `filehash`\n- `get`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `kill`\n- `ls`\n- `map`\n- `memdump`\n- `mkdir`\n- `mount`\n- `mv`\n- `netstat`\n- `ps`\n- `put`\n- `reg query`\n- `reg set`\n- `reg delete`\n- `reg load`\n- `reg unload`\n- `restart`\n- `rm`\n- `run`\n- `runscript`\n- `shutdown`\n- `unmap`\n- `update history`\n- `update install`\n- `update list`\n- `update query`\n- `xmemdump`\n- `zip`\n\n**`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands.\n**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`command_string`** Full command string for the command. For example `get some_file.txt`\n**`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["RTR_CheckAdminCommandStatus", "GET", "/real-time-response/entities/admin-command/v1", "Get status of an executed RTR administrator command on a single host.", "real_time_response_admin", [{ - "type": "string", - "description": "Cloud Request ID of the executed command to query", - "name": "cloud_request_id", - "in": "query", - "required": 1 - }, { - "type": "integer", - "default": 0, - "description": "Sequence ID that we want to retrieve. Command responses are chunked across sequences", - "name": "sequence_id", - "in": "query", - "required": 1 - }]], - ["RTR_ExecuteAdminCommand", "POST", "/real-time-response/entities/admin-command/v1", "Execute a RTR administrator command on a single host.", "real_time_response_admin", [{ - "description": "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `cp`\n- `encrypt`\n- `env`\n- `eventlog`\n- `filehash`\n- `get`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `kill`\n- `ls`\n- `map`\n- `memdump`\n- `mkdir`\n- `mount`\n- `mv`\n- `netstat`\n- `ps`\n- `put`\n- `reg query`\n- `reg set`\n- `reg delete`\n- `reg load`\n- `reg unload`\n- `restart`\n- `rm`\n- `run`\n- `runscript`\n- `shutdown`\n- `unmap`\n- `update history`\n- `update install`\n- `update list`\n- `update query`\n- `xmemdump`\n- `zip`\n\nRequired values. The rest of the fields are unused.\n**`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands.\n**`command_string`** Full command string for the command. For example `get some_file.txt`\n**`session_id`** RTR session ID to run the command on", - "name": "body", - "in": "body", - "required": 1 - }]], - ["RTR_GetPut_Files", "GET", "/real-time-response/entities/put-files/v1", "Get put-files based on the ID's given. These are used for the RTR `put` command.", "real_time_response_admin", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "File IDs", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["RTR_CreatePut_Files", "POST", "/real-time-response/entities/put-files/v1", "Upload a new put-file to use for the RTR `put` command.", "real_time_response_admin", [{ - "type": "file", - "description": "put-file to upload", - "name": "file", - "in": "formData", - "required": 1 - }, { - "type": "string", - "description": "File description", - "name": "description", - "in": "formData", - "required": 1 - }, { - "type": "string", - "description": "File name (if different than actual file name)", - "name": "name", - "in": "formData" - }, { - "maxLength": 4096, - "type": "string", - "description": "The audit log comment", - "name": "comments_for_audit_log", - "in": "formData" - }]], - ["RTR_DeletePut_Files", "DELETE", "/real-time-response/entities/put-files/v1", "Delete a put-file based on the ID given. Can only delete one file at a time.", "real_time_response_admin", [{ - "type": "string", - "description": "File id", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["RTR_GetPut_FilesV2", "GET", "/real-time-response/entities/put-files/v2", "Get put-files based on the ID's given. These are used for the RTR `put` command.", "real_time_response_admin", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "File IDs", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["RTR_GetScripts", "GET", "/real-time-response/entities/scripts/v1", "Get custom-scripts based on the ID's given. These are used for the RTR `runscript` command.", "real_time_response_admin", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "File IDs", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["RTR_CreateScripts", "POST", "/real-time-response/entities/scripts/v1", "Upload a new custom-script to use for the RTR `runscript` command.", "real_time_response_admin", [{ - "type": "file", - "description": "custom-script file to upload. These should be powershell scripts.", - "name": "file", - "in": "formData" - }, { - "type": "string", - "description": "File description", - "name": "description", - "in": "formData", - "required": 1 - }, { - "type": "string", - "description": "File name (if different than actual file name)", - "name": "name", - "in": "formData" - }, { - "maxLength": 4096, - "type": "string", - "description": "The audit log comment", - "name": "comments_for_audit_log", - "in": "formData" - }, { - "type": "string", - "default": "none", - "description": "Permission for the custom-script. Valid permission values: \n - `private`, usable by only the user who uploaded it \n - `group`, usable by all RTR Admins \n - `public`, usable by all active-responders and RTR admins", - "name": "permission_type", - "in": "formData", - "required": 1 - }, { - "type": "string", - "description": "The script text that you want to use to upload", - "name": "content", - "in": "formData" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "x-cs-exposures": ["public"], - "description": "Platforms for the file. Currently supports: windows, mac, linux, . If no platform is provided, it will default to 'windows'", - "name": "platform", - "in": "formData" - }]], - ["RTR_UpdateScripts", "PATCH", "/real-time-response/entities/scripts/v1", "Upload a new scripts to replace an existing one.", "real_time_response_admin", [{ - "type": "string", - "description": "ID to update", - "name": "id", - "in": "formData", - "required": 1 - }, { - "type": "file", - "description": "custom-script file to upload. These should be powershell scripts.", - "name": "file", - "in": "formData" - }, { - "type": "string", - "description": "File description", - "name": "description", - "in": "formData" - }, { - "type": "string", - "description": "File name (if different than actual file name)", - "name": "name", - "in": "formData" - }, { - "maxLength": 4096, - "type": "string", - "description": "The audit log comment", - "name": "comments_for_audit_log", - "in": "formData" - }, { - "type": "string", - "default": "none", - "description": "Permission for the custom-script. Valid permission values: \n - `private`, usable by only the user who uploaded it \n - `group`, usable by all RTR Admins \n - `public`, usable by all active-responders and RTR admins", - "name": "permission_type", - "in": "formData" - }, { - "type": "string", - "description": "The script text that you want to use to upload", - "name": "content", - "in": "formData" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "x-cs-exposures": ["public"], - "description": "Platforms for the file. Currently supports: windows, mac, ", - "name": "platform", - "in": "formData" - }]], - ["RTR_DeleteScripts", "DELETE", "/real-time-response/entities/scripts/v1", "Delete a custom-script based on the ID given. Can only delete one script at a time.", "real_time_response_admin", [{ - "type": "string", - "description": "File id", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["RTR_GetScriptsV2", "GET", "/real-time-response/entities/scripts/v2", "Get custom-scripts based on the ID's given. These are used for the RTR `runscript` command.", "real_time_response_admin", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "File IDs", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["RTR_ListPut_Files", "GET", "/real-time-response/queries/put-files/v1", "Get a list of put-file ID's that are available to the user for the `put` command.", "real_time_response_admin", [{ - "type": "string", - "description": "Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort by spec. Ex: 'created_at|asc'.", - "name": "sort", - "in": "query" - }]], - ["RTR_ListScripts", "GET", "/real-time-response/queries/scripts/v1", "Get a list of custom-script ID's that are available to the user for the `runscript` command.", "real_time_response_admin", [{ - "type": "string", - "description": "Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort by spec. Ex: 'created_at|asc'.", - "name": "sort", - "in": "query" - }]] -]; \ No newline at end of file + [ + "BatchAdminCmd", + "POST", + "/real-time-response/combined/batch-admin-command/v1", + "Batch executes a RTR administrator command across the hosts mapped to the given batch ID.", + "real_time_response_admin", + [ + { + type: "integer", + default: 30, + description: "Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes.", + name: "timeout", + in: "query", + }, + { + type: "string", + default: "30s", + description: "Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.", + name: "timeout_duration", + in: "query", + }, + { + type: "string", + default: "tiny bit less than overall request timeout", + description: + "Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 10 minutes. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. ", + name: "host_timeout_duration", + in: "query", + }, + { + description: + "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `cp`\n- `encrypt`\n- `env`\n- `eventlog`\n- `filehash`\n- `get`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `kill`\n- `ls`\n- `map`\n- `memdump`\n- `mkdir`\n- `mount`\n- `mv`\n- `netstat`\n- `ps`\n- `put`\n- `reg query`\n- `reg set`\n- `reg delete`\n- `reg load`\n- `reg unload`\n- `restart`\n- `rm`\n- `run`\n- `runscript`\n- `shutdown`\n- `unmap`\n- `update history`\n- `update install`\n- `update list`\n- `update query`\n- `xmemdump`\n- `zip`\n\n**`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands.\n**`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`.\n**`command_string`** Full command string for the command. For example `get some_file.txt`\n**`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "RTR_CheckAdminCommandStatus", + "GET", + "/real-time-response/entities/admin-command/v1", + "Get status of an executed RTR administrator command on a single host.", + "real_time_response_admin", + [ + { + type: "string", + description: "Cloud Request ID of the executed command to query", + name: "cloud_request_id", + in: "query", + required: 1, + }, + { + type: "integer", + default: 0, + description: "Sequence ID that we want to retrieve. Command responses are chunked across sequences", + name: "sequence_id", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_ExecuteAdminCommand", + "POST", + "/real-time-response/entities/admin-command/v1", + "Execute a RTR administrator command on a single host.", + "real_time_response_admin", + [ + { + description: + "Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands):\n- `cat`\n- `cd`\n- `clear`\n- `cp`\n- `encrypt`\n- `env`\n- `eventlog`\n- `filehash`\n- `get`\n- `getsid`\n- `help`\n- `history`\n- `ipconfig`\n- `kill`\n- `ls`\n- `map`\n- `memdump`\n- `mkdir`\n- `mount`\n- `mv`\n- `netstat`\n- `ps`\n- `put`\n- `reg query`\n- `reg set`\n- `reg delete`\n- `reg load`\n- `reg unload`\n- `restart`\n- `rm`\n- `run`\n- `runscript`\n- `shutdown`\n- `unmap`\n- `update history`\n- `update install`\n- `update list`\n- `update query`\n- `xmemdump`\n- `zip`\n\nRequired values. The rest of the fields are unused.\n**`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands.\n**`command_string`** Full command string for the command. For example `get some_file.txt`\n**`session_id`** RTR session ID to run the command on", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "RTR_GetPut_Files", + "GET", + "/real-time-response/entities/put-files/v1", + "Get put-files based on the ID's given. These are used for the RTR `put` command.", + "real_time_response_admin", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "File IDs", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_CreatePut_Files", + "POST", + "/real-time-response/entities/put-files/v1", + "Upload a new put-file to use for the RTR `put` command.", + "real_time_response_admin", + [ + { + type: "file", + description: "put-file to upload", + name: "file", + in: "formData", + required: 1, + }, + { + type: "string", + description: "File description", + name: "description", + in: "formData", + required: 1, + }, + { + type: "string", + description: "File name (if different than actual file name)", + name: "name", + in: "formData", + }, + { + maxLength: 4096, + type: "string", + description: "The audit log comment", + name: "comments_for_audit_log", + in: "formData", + }, + ], + ], + [ + "RTR_DeletePut_Files", + "DELETE", + "/real-time-response/entities/put-files/v1", + "Delete a put-file based on the ID given. Can only delete one file at a time.", + "real_time_response_admin", + [ + { + type: "string", + description: "File id", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_GetPut_FilesV2", + "GET", + "/real-time-response/entities/put-files/v2", + "Get put-files based on the ID's given. These are used for the RTR `put` command.", + "real_time_response_admin", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "File IDs", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_GetScripts", + "GET", + "/real-time-response/entities/scripts/v1", + "Get custom-scripts based on the ID's given. These are used for the RTR `runscript` command.", + "real_time_response_admin", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "File IDs", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_CreateScripts", + "POST", + "/real-time-response/entities/scripts/v1", + "Upload a new custom-script to use for the RTR `runscript` command.", + "real_time_response_admin", + [ + { + type: "file", + description: "custom-script file to upload. These should be powershell scripts.", + name: "file", + in: "formData", + }, + { + type: "string", + description: "File description", + name: "description", + in: "formData", + required: 1, + }, + { + type: "string", + description: "File name (if different than actual file name)", + name: "name", + in: "formData", + }, + { + maxLength: 4096, + type: "string", + description: "The audit log comment", + name: "comments_for_audit_log", + in: "formData", + }, + { + type: "string", + default: "none", + description: + "Permission for the custom-script. Valid permission values: \n - `private`, usable by only the user who uploaded it \n - `group`, usable by all RTR Admins \n - `public`, usable by all active-responders and RTR admins", + name: "permission_type", + in: "formData", + required: 1, + }, + { + type: "string", + description: "The script text that you want to use to upload", + name: "content", + in: "formData", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + "x-cs-exposures": ["public"], + description: "Platforms for the file. Currently supports: windows, mac, linux, . If no platform is provided, it will default to 'windows'", + name: "platform", + in: "formData", + }, + ], + ], + [ + "RTR_UpdateScripts", + "PATCH", + "/real-time-response/entities/scripts/v1", + "Upload a new scripts to replace an existing one.", + "real_time_response_admin", + [ + { + type: "string", + description: "ID to update", + name: "id", + in: "formData", + required: 1, + }, + { + type: "file", + description: "custom-script file to upload. These should be powershell scripts.", + name: "file", + in: "formData", + }, + { + type: "string", + description: "File description", + name: "description", + in: "formData", + }, + { + type: "string", + description: "File name (if different than actual file name)", + name: "name", + in: "formData", + }, + { + maxLength: 4096, + type: "string", + description: "The audit log comment", + name: "comments_for_audit_log", + in: "formData", + }, + { + type: "string", + default: "none", + description: + "Permission for the custom-script. Valid permission values: \n - `private`, usable by only the user who uploaded it \n - `group`, usable by all RTR Admins \n - `public`, usable by all active-responders and RTR admins", + name: "permission_type", + in: "formData", + }, + { + type: "string", + description: "The script text that you want to use to upload", + name: "content", + in: "formData", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + "x-cs-exposures": ["public"], + description: "Platforms for the file. Currently supports: windows, mac, ", + name: "platform", + in: "formData", + }, + ], + ], + [ + "RTR_DeleteScripts", + "DELETE", + "/real-time-response/entities/scripts/v1", + "Delete a custom-script based on the ID given. Can only delete one script at a time.", + "real_time_response_admin", + [ + { + type: "string", + description: "File id", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_GetScriptsV2", + "GET", + "/real-time-response/entities/scripts/v2", + "Get custom-scripts based on the ID's given. These are used for the RTR `runscript` command.", + "real_time_response_admin", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "File IDs", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "RTR_ListPut_Files", + "GET", + "/real-time-response/queries/put-files/v1", + "Get a list of put-file ID's that are available to the user for the `put` command.", + "real_time_response_admin", + [ + { + type: "string", + description: + "Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort by spec. Ex: 'created_at|asc'.", + name: "sort", + in: "query", + }, + ], + ], + [ + "RTR_ListScripts", + "GET", + "/real-time-response/queries/scripts/v1", + "Get a list of custom-script ID's that are available to the user for the `runscript` command.", + "real_time_response_admin", + [ + { + type: "string", + description: + "Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort by spec. Ex: 'created_at|asc'.", + name: "sort", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/real_time_response_audit.ts b/src/_endpoints/real_time_response_audit.ts index 517c8243..a41525a3 100644 --- a/src/_endpoints/real_time_response_audit.ts +++ b/src/_endpoints/real_time_response_audit.ts @@ -3,34 +3,48 @@ * consumed and interpreted by Falcon.command(...) */ export const _real_time_response_audit_endpoints: Array = [ - ["RTRAuditSessions", "GET", "/real-time-response-audit/combined/sessions/v1", "Get all the RTR sessions created for a customer in a specified duration", "real_time_response_audit", [{ - "type": "string", - "description": "Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", - "name": "filter", - "in": "query" - }, { - "enum": ["created_at", "updated_at", "deleted_at"], - "type": "string", - "description": "how to sort the session IDs. e.g. sort=created_at|desc will sort the results based on createdAt in descending order", - "name": "sort", - "in": "query" - }, { - "maximum": 1000, - "minimum": 1, - "type": "string", - "description": "number of sessions to be returned", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "offset value to be used for paginated results", - "name": "offset", - "in": "query" - }, { - "type": "boolean", - "default": 0, - "description": "get sessions with command info included; by default sessions are returned without command info which include cloud_request_ids and logs fields", - "name": "with_command_info", - "in": "query" - }]] -]; \ No newline at end of file + [ + "RTRAuditSessions", + "GET", + "/real-time-response-audit/combined/sessions/v1", + "Get all the RTR sessions created for a customer in a specified duration", + "real_time_response_audit", + [ + { + type: "string", + description: + "Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).", + name: "filter", + in: "query", + }, + { + enum: ["created_at", "updated_at", "deleted_at"], + type: "string", + description: "how to sort the session IDs. e.g. sort=created_at|desc will sort the results based on createdAt in descending order", + name: "sort", + in: "query", + }, + { + maximum: 1000, + minimum: 1, + type: "string", + description: "number of sessions to be returned", + name: "limit", + in: "query", + }, + { + type: "string", + description: "offset value to be used for paginated results", + name: "offset", + in: "query", + }, + { + type: "boolean", + default: 0, + description: "get sessions with command info included; by default sessions are returned without command info which include cloud_request_ids and logs fields", + name: "with_command_info", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/recon.ts b/src/_endpoints/recon.ts index 5e6b1cfd..5fdc475e 100644 --- a/src/_endpoints/recon.ts +++ b/src/_endpoints/recon.ts @@ -3,301 +3,554 @@ * consumed and interpreted by Falcon.command(...) */ export const _recon_endpoints: Array = [ - ["AggregateNotificationsExposedDataRecordsV1", "POST", "/recon/aggregates/notifications-exposed-data-records/GET/v1", "Get notification exposed data record aggregates as specified via JSON in request body. The valid aggregation fields are: [notification_id created_date rule.id rule.name rule.topic source_category site author]", "recon", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["AggregateNotificationsV1", "POST", "/recon/aggregates/notifications/GET/v1", "Get notification aggregates as specified via JSON in request body.", "recon", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["PreviewRuleV1", "POST", "/recon/aggregates/rules-preview/GET/v1", "Preview rules notification count and distribution. This will return aggregations on: channel, count, site.", "recon", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetActionsV1", "GET", "/recon/entities/actions/v1", "Get actions based on their IDs. IDs can be retrieved using the GET /queries/actions/v1 endpoint.", "recon", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Action IDs.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["CreateActionsV1", "POST", "/recon/entities/actions/v1", "Create actions for a monitoring rule. Accepts a list of actions that will be attached to the monitoring rule.", "recon", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["UpdateActionV1", "PATCH", "/recon/entities/actions/v1", "Update an action for a monitoring rule.", "recon", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["DeleteActionV1", "DELETE", "/recon/entities/actions/v1", "Delete an action from a monitoring rule based on the action ID.", "recon", [{ - "type": "string", - "description": "ID of the action.", - "name": "id", - "in": "query", - "required": 1 - }]], - ["GetFileContentForExportJobsV1", "GET", "/recon/entities/export-files/v1", "Download the file associated with a job ID.", "recon", [{ - "type": "string", - "description": "Export Job ID.", - "name": "id", - "in": "query", - "required": 1 - }]], - ["GetExportJobsV1", "GET", "/recon/entities/exports/v1", "Get the status of export jobs based on their IDs. Export jobs can be launched by calling POST /entities/exports/v1. When a job is complete, use the job ID to download the file(s) associated with it using GET entities/export-files/v1.", "recon", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Export Job IDs.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["CreateExportJobsV1", "POST", "/recon/entities/exports/v1", "Launch asynchronous export job. Use the job ID to poll the status of the job using GET /entities/exports/v1.", "recon", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["DeleteExportJobsV1", "DELETE", "/recon/entities/exports/v1", "Delete export jobs (and their associated file(s)) based on their IDs.", "recon", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Export Job IDs.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetNotificationsDetailedTranslatedV1", "GET", "/recon/entities/notifications-detailed-translated/v1", "Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match. This endpoint will return translated notification content. The only target language available is English. A single notification can be translated per request", "recon", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Notification IDs.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetNotificationsDetailedV1", "GET", "/recon/entities/notifications-detailed/v1", "Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match.", "recon", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Notification IDs.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetNotificationsExposedDataRecordsV1", "GET", "/recon/entities/notifications-exposed-data-records/v1", "Get notifications exposed data records based on their IDs. IDs can be retrieved using the GET /queries/notifications-exposed-data-records/v1 endpoint. The associate notification can be fetched using the /entities/notifications/v* endpoints", "recon", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Notification exposed records IDs.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetNotificationsTranslatedV1", "GET", "/recon/entities/notifications-translated/v1", "Get notifications based on their IDs. IDs can be retrieved using the GET /queries/notifications/v1 endpoint. This endpoint will return translated notification content. The only target language available is English.", "recon", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Notification IDs.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetNotificationsV1", "GET", "/recon/entities/notifications/v1", "Get notifications based on their IDs. IDs can be retrieved using the GET /queries/notifications/v1 endpoint.", "recon", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Notification IDs.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["UpdateNotificationsV1", "PATCH", "/recon/entities/notifications/v1", "Update notification status or assignee. Accepts bulk requests", "recon", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["DeleteNotificationsV1", "DELETE", "/recon/entities/notifications/v1", "Delete notifications based on IDs. Notifications cannot be recovered after they are deleted.", "recon", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Notifications IDs.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetRulesV1", "GET", "/recon/entities/rules/v1", "Get monitoring rules rules by provided IDs.", "recon", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "IDs of rules.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["CreateRulesV1", "POST", "/recon/entities/rules/v1", "Create monitoring rules.", "recon", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["UpdateRulesV1", "PATCH", "/recon/entities/rules/v1", "Update monitoring rules.", "recon", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["DeleteRulesV1", "DELETE", "/recon/entities/rules/v1", "Delete monitoring rules.", "recon", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "IDs of rules.", - "name": "ids", - "in": "query", - "required": 1 - }, { - "type": "boolean", - "description": "Whether we should delete the notifications generated by this rule or not", - "name": "notificationsDeletionRequested", - "in": "query" - }]], - ["QueryActionsV1", "GET", "/recon/queries/actions/v1", "Query actions based on provided criteria. Use the IDs from this response to get the action entities on GET /entities/actions/v1.", "recon", [{ - "type": "integer", - "description": "Starting index of overall result set from which to return IDs.", - "name": "offset", - "in": "query" - }, { - "maximum": 500, - "minimum": 1, - "type": "integer", - "description": "Number of IDs to return. Offset + limit should NOT be above 10K.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Possible order by fields: created_timestamp, updated_timestamp. Ex: 'updated_timestamp|desc'.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query to filter actions by. Possible filter properties are: [id cid user_uuid rule_id type frequency recipients status created_timestamp updated_timestamp]", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Free text search across all indexed fields", - "name": "q", - "in": "query" - }]], - ["QueryNotificationsExposedDataRecordsV1", "GET", "/recon/queries/notifications-exposed-data-records/v1", "Query notifications exposed data records based on provided criteria. Use the IDs from this response to get the notification +entities on GET /entities/notifications-exposed-data-records/v1", "recon", [{ - "type": "integer", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "maximum": 500, - "minimum": 1, - "type": "integer", - "description": "Number of IDs to return. Offset + limit should NOT be above 10K.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Possible order by fields: created_date, updated_date. Ex: 'updated_date|desc'.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query to filter notifications by. Possible filter properties are: [id cid user_uuid created_date exposure_date rule.id rule.name rule.topic notification_id source_category site site_id author author_id user_id user_name impacted_url impacted_domain impacted_ip email email_domain hash_type display_name full_name user_ip phone_number company job_position file.name file.complete_data_set file.download_urls location.postal_code location.city location.state location.federal_district location.federal_admin_region location.country_code social.twitter_id social.facebook_id social.vk_id social.vk_token social.aim_id social.icq_id social.msn_id social.instagram_id social.skype_id financial.credit_card financial.bank_account financial.crypto_currency_addresses login_id _all]", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Free text search across all indexed fields.", - "name": "q", - "in": "query" - }]], - ["QueryNotificationsV1", "GET", "/recon/queries/notifications/v1", "Query notifications based on provided criteria. Use the IDs from this response to get the notification +entities on GET /entities/notifications/v1, GET /entities/notifications-detailed/v1, +GET /entities/notifications-translated/v1 or GET /entities/notifications-detailed-translated/v1.", "recon", [{ - "type": "integer", - "description": "Starting index of overall result set from which to return IDs.", - "name": "offset", - "in": "query" - }, { - "maximum": 500, - "minimum": 1, - "type": "integer", - "description": "Number of IDs to return. Offset + limit should NOT be above 10K.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Possible order by fields: `created_date`, `updated_date`. Ex: `updated_date|desc`.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query to filter notifications by. Possible filter properties are: `typosquatting.parent_domain.unicode_format`, `typosquatting.id`, `typosquatting.base_domain.whois.name_servers`, `rule_id`, `item_site`, `typosquatting.base_domain.is_registered`, `assigned_to_uuid`, `rule_priority`, `typosquatting.base_domain.punycode_format`, `typosquatting.base_domain.id`, `rule_name`, `typosquatting.unicode_format`, `rule_topic`, `item_type`, `typosquatting.base_domain.whois.registrant.email`, `cid`, `status`, `typosquatting.base_domain.whois.registrar.name`, `typosquatting.base_domain.whois.registrar.status`, `typosquatting.base_domain.whois.registrant.org`, `typosquatting.parent_domain.id`, `typosquatting.base_domain.unicode_format`, `updated_date`, `typosquatting.base_domain.whois.registrant.name`, `created_date`, `typosquatting.punycode_format`, `typosquatting.parent_domain.punycode_format`, `id`, `user_uuid`", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Free text search across all indexed fields.", - "name": "q", - "in": "query" - }]], - ["QueryRulesV1", "GET", "/recon/queries/rules/v1", "Query monitoring rules based on provided criteria. Use the IDs from this response to fetch the rules on /entities/rules/v1.", "recon", [{ - "type": "integer", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "maximum": 500, - "minimum": 1, - "type": "integer", - "description": "Number of IDs to return. Offset + limit should NOT be above 10K.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Possible order by fields: created_timestamp, last_updated_timestamp. Ex: 'last_updated_timestamp|desc'.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query to filter rules by. Possible filter properties are: [id cid user_uuid topic priority permissions filter status created_timestamp last_updated_timestamp]", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Free text search across all indexed fields.", - "name": "q", - "in": "query" - }]] -]; \ No newline at end of file + [ + "AggregateNotificationsExposedDataRecordsV1", + "POST", + "/recon/aggregates/notifications-exposed-data-records/GET/v1", + "Get notification exposed data record aggregates as specified via JSON in request body. The valid aggregation fields are: [notification_id created_date rule.id rule.name rule.topic source_category site author]", + "recon", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "AggregateNotificationsV1", + "POST", + "/recon/aggregates/notifications/GET/v1", + "Get notification aggregates as specified via JSON in request body.", + "recon", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "PreviewRuleV1", + "POST", + "/recon/aggregates/rules-preview/GET/v1", + "Preview rules notification count and distribution. This will return aggregations on: channel, count, site.", + "recon", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetActionsV1", + "GET", + "/recon/entities/actions/v1", + "Get actions based on their IDs. IDs can be retrieved using the GET /queries/actions/v1 endpoint.", + "recon", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Action IDs.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "CreateActionsV1", + "POST", + "/recon/entities/actions/v1", + "Create actions for a monitoring rule. Accepts a list of actions that will be attached to the monitoring rule.", + "recon", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "UpdateActionV1", + "PATCH", + "/recon/entities/actions/v1", + "Update an action for a monitoring rule.", + "recon", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "DeleteActionV1", + "DELETE", + "/recon/entities/actions/v1", + "Delete an action from a monitoring rule based on the action ID.", + "recon", + [ + { + type: "string", + description: "ID of the action.", + name: "id", + in: "query", + required: 1, + }, + ], + ], + [ + "GetFileContentForExportJobsV1", + "GET", + "/recon/entities/export-files/v1", + "Download the file associated with a job ID.", + "recon", + [ + { + type: "string", + description: "Export Job ID.", + name: "id", + in: "query", + required: 1, + }, + ], + ], + [ + "GetExportJobsV1", + "GET", + "/recon/entities/exports/v1", + "Get the status of export jobs based on their IDs. Export jobs can be launched by calling POST /entities/exports/v1. When a job is complete, use the job ID to download the file(s) associated with it using GET entities/export-files/v1.", + "recon", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Export Job IDs.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "CreateExportJobsV1", + "POST", + "/recon/entities/exports/v1", + "Launch asynchronous export job. Use the job ID to poll the status of the job using GET /entities/exports/v1.", + "recon", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "DeleteExportJobsV1", + "DELETE", + "/recon/entities/exports/v1", + "Delete export jobs (and their associated file(s)) based on their IDs.", + "recon", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Export Job IDs.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetNotificationsDetailedTranslatedV1", + "GET", + "/recon/entities/notifications-detailed-translated/v1", + "Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match. This endpoint will return translated notification content. The only target language available is English. A single notification can be translated per request", + "recon", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Notification IDs.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetNotificationsDetailedV1", + "GET", + "/recon/entities/notifications-detailed/v1", + "Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match.", + "recon", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Notification IDs.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetNotificationsExposedDataRecordsV1", + "GET", + "/recon/entities/notifications-exposed-data-records/v1", + "Get notifications exposed data records based on their IDs. IDs can be retrieved using the GET /queries/notifications-exposed-data-records/v1 endpoint. The associate notification can be fetched using the /entities/notifications/v* endpoints", + "recon", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Notification exposed records IDs.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetNotificationsTranslatedV1", + "GET", + "/recon/entities/notifications-translated/v1", + "Get notifications based on their IDs. IDs can be retrieved using the GET /queries/notifications/v1 endpoint. This endpoint will return translated notification content. The only target language available is English.", + "recon", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Notification IDs.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetNotificationsV1", + "GET", + "/recon/entities/notifications/v1", + "Get notifications based on their IDs. IDs can be retrieved using the GET /queries/notifications/v1 endpoint.", + "recon", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Notification IDs.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "UpdateNotificationsV1", + "PATCH", + "/recon/entities/notifications/v1", + "Update notification status or assignee. Accepts bulk requests", + "recon", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "DeleteNotificationsV1", + "DELETE", + "/recon/entities/notifications/v1", + "Delete notifications based on IDs. Notifications cannot be recovered after they are deleted.", + "recon", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Notifications IDs.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetRulesV1", + "GET", + "/recon/entities/rules/v1", + "Get monitoring rules rules by provided IDs.", + "recon", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "IDs of rules.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "CreateRulesV1", + "POST", + "/recon/entities/rules/v1", + "Create monitoring rules.", + "recon", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "UpdateRulesV1", + "PATCH", + "/recon/entities/rules/v1", + "Update monitoring rules.", + "recon", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "DeleteRulesV1", + "DELETE", + "/recon/entities/rules/v1", + "Delete monitoring rules.", + "recon", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "IDs of rules.", + name: "ids", + in: "query", + required: 1, + }, + { + type: "boolean", + description: "Whether we should delete the notifications generated by this rule or not", + name: "notificationsDeletionRequested", + in: "query", + }, + ], + ], + [ + "QueryActionsV1", + "GET", + "/recon/queries/actions/v1", + "Query actions based on provided criteria. Use the IDs from this response to get the action entities on GET /entities/actions/v1.", + "recon", + [ + { + type: "integer", + description: "Starting index of overall result set from which to return IDs.", + name: "offset", + in: "query", + }, + { + maximum: 500, + minimum: 1, + type: "integer", + description: "Number of IDs to return. Offset + limit should NOT be above 10K.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Possible order by fields: created_timestamp, updated_timestamp. Ex: 'updated_timestamp|desc'.", + name: "sort", + in: "query", + }, + { + type: "string", + description: "FQL query to filter actions by. Possible filter properties are: [id cid user_uuid rule_id type frequency recipients status created_timestamp updated_timestamp]", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Free text search across all indexed fields", + name: "q", + in: "query", + }, + ], + ], + [ + "QueryNotificationsExposedDataRecordsV1", + "GET", + "/recon/queries/notifications-exposed-data-records/v1", + "Query notifications exposed data records based on provided criteria. Use the IDs from this response to get the notification +entities on GET /entities/notifications-exposed-data-records/v1", + "recon", + [ + { + type: "integer", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + maximum: 500, + minimum: 1, + type: "integer", + description: "Number of IDs to return. Offset + limit should NOT be above 10K.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Possible order by fields: created_date, updated_date. Ex: 'updated_date|desc'.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "FQL query to filter notifications by. Possible filter properties are: [id cid user_uuid created_date exposure_date rule.id rule.name rule.topic notification_id source_category site site_id author author_id user_id user_name impacted_url impacted_domain impacted_ip email email_domain hash_type display_name full_name user_ip phone_number company job_position file.name file.complete_data_set file.download_urls location.postal_code location.city location.state location.federal_district location.federal_admin_region location.country_code social.twitter_id social.facebook_id social.vk_id social.vk_token social.aim_id social.icq_id social.msn_id social.instagram_id social.skype_id financial.credit_card financial.bank_account financial.crypto_currency_addresses login_id _all]", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Free text search across all indexed fields.", + name: "q", + in: "query", + }, + ], + ], + [ + "QueryNotificationsV1", + "GET", + "/recon/queries/notifications/v1", + "Query notifications based on provided criteria. Use the IDs from this response to get the notification +entities on GET /entities/notifications/v1, GET /entities/notifications-detailed/v1, +GET /entities/notifications-translated/v1 or GET /entities/notifications-detailed-translated/v1.", + "recon", + [ + { + type: "integer", + description: "Starting index of overall result set from which to return IDs.", + name: "offset", + in: "query", + }, + { + maximum: 500, + minimum: 1, + type: "integer", + description: "Number of IDs to return. Offset + limit should NOT be above 10K.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Possible order by fields: `created_date`, `updated_date`. Ex: `updated_date|desc`.", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "FQL query to filter notifications by. Possible filter properties are: `typosquatting.parent_domain.unicode_format`, `typosquatting.id`, `typosquatting.base_domain.whois.name_servers`, `rule_id`, `item_site`, `typosquatting.base_domain.is_registered`, `assigned_to_uuid`, `rule_priority`, `typosquatting.base_domain.punycode_format`, `typosquatting.base_domain.id`, `rule_name`, `typosquatting.unicode_format`, `rule_topic`, `item_type`, `typosquatting.base_domain.whois.registrant.email`, `cid`, `status`, `typosquatting.base_domain.whois.registrar.name`, `typosquatting.base_domain.whois.registrar.status`, `typosquatting.base_domain.whois.registrant.org`, `typosquatting.parent_domain.id`, `typosquatting.base_domain.unicode_format`, `updated_date`, `typosquatting.base_domain.whois.registrant.name`, `created_date`, `typosquatting.punycode_format`, `typosquatting.parent_domain.punycode_format`, `id`, `user_uuid`", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Free text search across all indexed fields.", + name: "q", + in: "query", + }, + ], + ], + [ + "QueryRulesV1", + "GET", + "/recon/queries/rules/v1", + "Query monitoring rules based on provided criteria. Use the IDs from this response to fetch the rules on /entities/rules/v1.", + "recon", + [ + { + type: "integer", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + maximum: 500, + minimum: 1, + type: "integer", + description: "Number of IDs to return. Offset + limit should NOT be above 10K.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Possible order by fields: created_timestamp, last_updated_timestamp. Ex: 'last_updated_timestamp|desc'.", + name: "sort", + in: "query", + }, + { + type: "string", + description: "FQL query to filter rules by. Possible filter properties are: [id cid user_uuid topic priority permissions filter status created_timestamp last_updated_timestamp]", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Free text search across all indexed fields.", + name: "q", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/report_executions.ts b/src/_endpoints/report_executions.ts index 12d8cf76..c5fc25aa 100644 --- a/src/_endpoints/report_executions.ts +++ b/src/_endpoints/report_executions.ts @@ -3,53 +3,94 @@ * consumed and interpreted by Falcon.command(...) */ export const _report_executions_endpoints: Array = [ - ["report_executions_download_get", "GET", "/reports/entities/report-executions-download/v1", "Get report entity download", "report_executions", [{ - "type": "string", - "description": "The report_execution id to download", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["report_executions_retry", "POST", "/reports/entities/report-executions-retry/v1", "This endpoint will be used to retry report executions", "report_executions", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["report_executions_get", "GET", "/reports/entities/report-executions/v1", "Retrieve report details for the provided report IDs.", "report_executions", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The report_execution id to get details about.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["report_executions_query", "GET", "/reports/queries/report-executions/v1", "Find all report execution IDs matching the query with filter", "report_executions", [{ - "type": "string", - "description": "Possible order by fields: created_on, last_updated_on", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters. Filter term criteria: type, scheduled_report_id, status.Filter range criteria: created_on, last_updated_on, expiration_on; use any common date format,such as '2010-05-15T14:55:21.892315096Z'.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match query criteria, which includes all the filter string fields", - "name": "q", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }]] -]; \ No newline at end of file + [ + "report_executions_download_get", + "GET", + "/reports/entities/report-executions-download/v1", + "Get report entity download", + "report_executions", + [ + { + type: "string", + description: "The report_execution id to download", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "report_executions_retry", + "POST", + "/reports/entities/report-executions-retry/v1", + "This endpoint will be used to retry report executions", + "report_executions", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "report_executions_get", + "GET", + "/reports/entities/report-executions/v1", + "Retrieve report details for the provided report IDs.", + "report_executions", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The report_execution id to get details about.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "report_executions_query", + "GET", + "/reports/queries/report-executions/v1", + "Find all report execution IDs matching the query with filter", + "report_executions", + [ + { + type: "string", + description: "Possible order by fields: created_on, last_updated_on", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "FQL query specifying the filter parameters. Filter term criteria: type, scheduled_report_id, status.Filter range criteria: created_on, last_updated_on, expiration_on; use any common date format,such as '2010-05-15T14:55:21.892315096Z'.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Match query criteria, which includes all the filter string fields", + name: "q", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/response_policies.ts b/src/_endpoints/response_policies.ts index bd20573f..a0dd8a23 100644 --- a/src/_endpoints/response_policies.ts +++ b/src/_endpoints/response_policies.ts @@ -3,161 +3,300 @@ * consumed and interpreted by Falcon.command(...) */ export const _response_policies_endpoints: Array = [ - ["queryCombinedRTResponsePolicyMembers", "GET", "/policy/combined/response-members/v1", "Search for members of a Response policy in your environment by providing an FQL filter and paging details.Returns a set of host details which match the filter criteria", "response_policies", [{ - "type": "string", - "description": "The ID of the Response policy to search for members of", - "name": "id", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["queryCombinedRTResponsePolicies", "GET", "/policy/combined/response/v1", "Search for Response Policies in your environment by providing an FQL filter and paging details.Returns a set of Response Policies which match the filter criteria", "response_policies", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["performRTResponsePoliciesAction", "POST", "/policy/entities/response-actions/v1", "Perform the specified action on the Response Policies specified in the request", "response_policies", [{ - "enum": ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], - "type": "string", - "description": "The action to perform", - "name": "action_name", - "in": "query", - "required": 1 - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["setRTResponsePoliciesPrecedence", "POST", "/policy/entities/response-precedence/v1", "Sets the precedence of Response Policies based on the order of IDs specified in the request.The first ID specified will have the highest precedence and the last ID specified will have the lowest.You must specify all non-Default Policies for a platform when updating precedence", "response_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["getRTResponsePolicies", "GET", "/policy/entities/response/v1", "Retrieve a set of Response Policies by specifying their IDs", "response_policies", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the RTR Policies to return", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["createRTResponsePolicies", "POST", "/policy/entities/response/v1", "Create Response Policies by specifying details about the policy to create", "response_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["updateRTResponsePolicies", "PATCH", "/policy/entities/response/v1", "Update Response Policies by specifying the ID of the policy and details to update", "response_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteRTResponsePolicies", "DELETE", "/policy/entities/response/v1", "Delete a set of Response Policies by specifying their IDs", "response_policies", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the Response Policies to delete", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["queryRTResponsePolicyMembers", "GET", "/policy/queries/response-members/v1", "Search for members of a Response policy in your environment by providing an FQL filter and paging details.Returns a set of Agent IDs which match the filter criteria", "response_policies", [{ - "type": "string", - "description": "The ID of the Response policy to search for members of", - "name": "id", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["queryRTResponsePolicies", "GET", "/policy/queries/response/v1", "Search for Response Policies in your environment by providing an FQL filter with sort and/or paging details.This returns a set of Response Policy IDs that match the given criteria.", "response_policies", [{ - "type": "string", - "description": "The filter expression that should be used to determine the results.", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset of the first record to retrieve from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum number of records to return [1-5000]", - "name": "limit", - "in": "query" - }, { - "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], - "type": "string", - "description": "The property to sort results by", - "name": "sort", - "in": "query" - }]] -]; \ No newline at end of file + [ + "queryCombinedRTResponsePolicyMembers", + "GET", + "/policy/combined/response-members/v1", + "Search for members of a Response policy in your environment by providing an FQL filter and paging details.Returns a set of host details which match the filter criteria", + "response_policies", + [ + { + type: "string", + description: "The ID of the Response policy to search for members of", + name: "id", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "queryCombinedRTResponsePolicies", + "GET", + "/policy/combined/response/v1", + "Search for Response Policies in your environment by providing an FQL filter and paging details.Returns a set of Response Policies which match the filter criteria", + "response_policies", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + enum: [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "enabled.asc", + "enabled.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc", + "platform_name.asc", + "platform_name.desc", + "precedence.asc", + "precedence.desc", + ], + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "performRTResponsePoliciesAction", + "POST", + "/policy/entities/response-actions/v1", + "Perform the specified action on the Response Policies specified in the request", + "response_policies", + [ + { + enum: ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], + type: "string", + description: "The action to perform", + name: "action_name", + in: "query", + required: 1, + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "setRTResponsePoliciesPrecedence", + "POST", + "/policy/entities/response-precedence/v1", + "Sets the precedence of Response Policies based on the order of IDs specified in the request.The first ID specified will have the highest precedence and the last ID specified will have the lowest.You must specify all non-Default Policies for a platform when updating precedence", + "response_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "getRTResponsePolicies", + "GET", + "/policy/entities/response/v1", + "Retrieve a set of Response Policies by specifying their IDs", + "response_policies", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the RTR Policies to return", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createRTResponsePolicies", + "POST", + "/policy/entities/response/v1", + "Create Response Policies by specifying details about the policy to create", + "response_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updateRTResponsePolicies", + "PATCH", + "/policy/entities/response/v1", + "Update Response Policies by specifying the ID of the policy and details to update", + "response_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteRTResponsePolicies", + "DELETE", + "/policy/entities/response/v1", + "Delete a set of Response Policies by specifying their IDs", + "response_policies", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the Response Policies to delete", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "queryRTResponsePolicyMembers", + "GET", + "/policy/queries/response-members/v1", + "Search for members of a Response policy in your environment by providing an FQL filter and paging details.Returns a set of Agent IDs which match the filter criteria", + "response_policies", + [ + { + type: "string", + description: "The ID of the Response policy to search for members of", + name: "id", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "queryRTResponsePolicies", + "GET", + "/policy/queries/response/v1", + "Search for Response Policies in your environment by providing an FQL filter with sort and/or paging details.This returns a set of Response Policy IDs that match the given criteria.", + "response_policies", + [ + { + type: "string", + description: "The filter expression that should be used to determine the results.", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset of the first record to retrieve from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum number of records to return [1-5000]", + name: "limit", + in: "query", + }, + { + enum: [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "enabled.asc", + "enabled.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc", + "platform_name.asc", + "platform_name.desc", + "precedence.asc", + "precedence.desc", + ], + type: "string", + description: "The property to sort results by", + name: "sort", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/sample_uploads.ts b/src/_endpoints/sample_uploads.ts index 96ee419d..1c2a07ca 100644 --- a/src/_endpoints/sample_uploads.ts +++ b/src/_endpoints/sample_uploads.ts @@ -3,184 +3,306 @@ * consumed and interpreted by Falcon.command(...) */ export const _sample_uploads_endpoints: Array = [ - ["ArchiveListV1", "GET", "/archives/entities/archive-files/v1", "Retrieves the archives files in chunks.", "sample_uploads", [{ - "type": "string", - "description": "The archive SHA256.", - "name": "id", - "in": "query", - "required": 1 - }, { - "type": "integer", - "default": 100, - "description": "Max number of files to retrieve.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Offset from where to get files.", - "name": "offset", - "in": "query" - }]], - ["ArchiveGetV1", "GET", "/archives/entities/archives/v1", "Retrieves the archives upload operation statuses. Status `done` means that archive was processed successfully. Status `error` means that archive was not processed successfully.", "sample_uploads", [{ - "type": "string", - "description": "The archive SHA256.", - "name": "id", - "in": "query", - "required": 1 - }, { - "type": "boolean", - "default": 0, - "description": "If `true` includes processed archive files in response.", - "name": "include_files", - "in": "query" - }]], - ["ArchiveUploadV1", "POST", "/archives/entities/archives/v1", "Uploads an archive and extracts files list from it. Operation is asynchronous use the ListArchivesV1 operation to check the status. After uploading, use the ExtractionCreateV1 operation to copy the file to internal storage making it available for content analysis. This method is deprecated in favor of ArchiveUploadV2.", "sample_uploads", [{ - "description": "Content of the uploaded archive in binary format. Max file size: 100 MB.\n\nAccepted file formats:\n\n- Portable executables: `.zip`, `.7z`.", - "name": "body", - "in": "body", - "required": 1 - }, { - "type": "string", - "description": "Name of the archive.", - "name": "name", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Archive password.", - "name": "password", - "in": "query" - }, { - "type": "boolean", - "default": 1, - "description": "Defines visibility of this file, either via the API or the Falcon console. - `true`: File is only shown to users within your customer account - `false`: File can be seen by other CrowdStrike customers. Default: `true`.", - "name": "is_confidential", - "in": "query" - }, { - "type": "string", - "description": "A descriptive comment to identify the file for other users.", - "name": "comment", - "in": "query" - }]], - ["ArchiveDeleteV1", "DELETE", "/archives/entities/archives/v1", "Delete an archive that was uploaded previously", "sample_uploads", [{ - "type": "string", - "description": "The archive SHA256.", - "name": "id", - "in": "query", - "required": 1 - }]], - ["ArchiveUploadV2", "POST", "/archives/entities/archives/v2", "Uploads an archive and extracts files list from it. Operation is asynchronous use `/archives/entities/archives/v1` to check the status. After uploading, use `/archives/entities/extractions/v1` to copy the file to internal storage making it available for content analysis.", "sample_uploads", [{ - "type": "file", - "description": "Content of the uploaded archive. For example, use `--form file=@$FILE_PATH` when using cURL.", - "name": "file", - "in": "formData", - "required": 1 - }, { - "type": "string", - "description": "Archive password. For example, use `--form password=` when using cURL.", - "name": "password", - "in": "formData" - }, { - "type": "string", - "description": "Name of the archive. For example, use `--form name=` when using cURL.", - "name": "name", - "in": "formData", - "required": 1 - }, { - "type": "boolean", - "default": 1, - "description": "Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console. For example, use `--form is_confidential=` when using cURL.\n\n- `true`: File is only shown to users within your customer account\n- `false`: File can be seen by other CrowdStrike customers \n\nDefault: `true`.", - "name": "is_confidential", - "in": "formData" - }, { - "type": "string", - "description": "A descriptive comment to identify the file for other users. For example, use `--form comment=` when using cURL.", - "name": "comment", - "in": "formData" - }]], - ["ExtractionListV1", "GET", "/archives/entities/extraction-files/v1", "Retrieves the files extractions in chunks. Status `done` means that all files were processed successfully. Status `error` means that at least one of the file could not be processed.", "sample_uploads", [{ - "type": "string", - "description": "The extraction operation ID.", - "name": "id", - "in": "query", - "required": 1 - }, { - "type": "integer", - "default": 0, - "description": "Max number of file extractions to retrieve.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Offset from where to get file extractions.", - "name": "offset", - "in": "query" - }]], - ["ExtractionGetV1", "GET", "/archives/entities/extractions/v1", "Retrieves the files extraction operation statuses. Status `done` means that all files were processed successfully. Status `error` means that at least one of the file could not be processed.", "sample_uploads", [{ - "type": "string", - "description": "The extraction operation ID.", - "name": "id", - "in": "query", - "required": 1 - }, { - "type": "boolean", - "default": 0, - "description": "If `true` includes processed archive files in response.", - "name": "include_files", - "in": "query" - }]], - ["ExtractionCreateV1", "POST", "/archives/entities/extractions/v1", "Extracts files from an uploaded archive and copies them to internal storage making it available for content analysis.", "sample_uploads", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["GetSampleV3", "GET", "/samples/entities/samples/v3", "Retrieves the file associated with the given ID (SHA256)", "sample_uploads", [{ - "type": "string", - "description": "The file SHA256.", - "name": "ids", - "in": "query", - "required": 1 - }, { - "type": "boolean", - "default": 0, - "description": "Flag whether the sample should be zipped and password protected with pass='infected'", - "name": "password_protected", - "in": "query" - }]], - ["UploadSampleV3", "POST", "/samples/entities/samples/v3", "Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint.", "sample_uploads", [{ - "description": "Content of the uploaded sample in binary format. For example, use `--data-binary @$FILE_PATH` when using cURL. Max file size: 100 MB.\n\nAccepted file formats:\n\n- Portable executables: `.exe`, `.scr`, `.pif`, `.dll`, `.com`, `.cpl`, etc.\n- Office documents: `.doc`, `.docx`, `.ppt`, `.pps`, `.pptx`, `.ppsx`, `.xls`, `.xlsx`, `.rtf`, `.pub`\n- PDF\n- APK\n- Executable JAR\n- Windows script component: `.sct`\n- Windows shortcut: `.lnk`\n- Windows help: `.chm`\n- HTML application: `.hta`\n- Windows script file: `.wsf`\n- Javascript: `.js`\n- Visual Basic: `.vbs`, `.vbe`\n- Shockwave Flash: `.swf`\n- Perl: `.pl`\n- Powershell: `.ps1`, `.psd1`, `.psm1`\n- Scalable vector graphics: `.svg`\n- Python: `.py`\n- Linux ELF executables\n- Email files: MIME RFC 822 `.eml`, Outlook `.msg`.", - "name": "body", - "in": "body", - "required": 1 - }, { - "type": "file", - "description": "The binary file.", - "name": "upfile", - "in": "formData", - "required": 1 - }, { - "type": "string", - "description": "Name of the file.", - "name": "file_name", - "in": "formData", - "required": 1 - }, { - "type": "string", - "description": "A descriptive comment to identify the file for other users.", - "name": "comment", - "in": "formData" - }, { - "type": "boolean", - "default": 1, - "description": "Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console.\n\n- `true`: File is only shown to users within your customer account\n- `false`: File can be seen by other CrowdStrike customers \n\nDefault: `true`.", - "name": "is_confidential", - "in": "formData" - }]], - ["DeleteSampleV3", "DELETE", "/samples/entities/samples/v3", "Removes a sample, including file, meta and submissions from the collection", "sample_uploads", [{ - "type": "string", - "description": "The file SHA256.", - "name": "ids", - "in": "query", - "required": 1 - }]] -]; \ No newline at end of file + [ + "ArchiveListV1", + "GET", + "/archives/entities/archive-files/v1", + "Retrieves the archives files in chunks.", + "sample_uploads", + [ + { + type: "string", + description: "The archive SHA256.", + name: "id", + in: "query", + required: 1, + }, + { + type: "integer", + default: 100, + description: "Max number of files to retrieve.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Offset from where to get files.", + name: "offset", + in: "query", + }, + ], + ], + [ + "ArchiveGetV1", + "GET", + "/archives/entities/archives/v1", + "Retrieves the archives upload operation statuses. Status `done` means that archive was processed successfully. Status `error` means that archive was not processed successfully.", + "sample_uploads", + [ + { + type: "string", + description: "The archive SHA256.", + name: "id", + in: "query", + required: 1, + }, + { + type: "boolean", + default: 0, + description: "If `true` includes processed archive files in response.", + name: "include_files", + in: "query", + }, + ], + ], + [ + "ArchiveUploadV1", + "POST", + "/archives/entities/archives/v1", + "Uploads an archive and extracts files list from it. Operation is asynchronous use the ListArchivesV1 operation to check the status. After uploading, use the ExtractionCreateV1 operation to copy the file to internal storage making it available for content analysis. This method is deprecated in favor of ArchiveUploadV2.", + "sample_uploads", + [ + { + description: "Content of the uploaded archive in binary format. Max file size: 100 MB.\n\nAccepted file formats:\n\n- Portable executables: `.zip`, `.7z`.", + name: "body", + in: "body", + required: 1, + }, + { + type: "string", + description: "Name of the archive.", + name: "name", + in: "query", + required: 1, + }, + { + type: "string", + description: "Archive password.", + name: "password", + in: "query", + }, + { + type: "boolean", + default: 1, + description: + "Defines visibility of this file, either via the API or the Falcon console. - `true`: File is only shown to users within your customer account - `false`: File can be seen by other CrowdStrike customers. Default: `true`.", + name: "is_confidential", + in: "query", + }, + { + type: "string", + description: "A descriptive comment to identify the file for other users.", + name: "comment", + in: "query", + }, + ], + ], + [ + "ArchiveDeleteV1", + "DELETE", + "/archives/entities/archives/v1", + "Delete an archive that was uploaded previously", + "sample_uploads", + [ + { + type: "string", + description: "The archive SHA256.", + name: "id", + in: "query", + required: 1, + }, + ], + ], + [ + "ArchiveUploadV2", + "POST", + "/archives/entities/archives/v2", + "Uploads an archive and extracts files list from it. Operation is asynchronous use `/archives/entities/archives/v1` to check the status. After uploading, use `/archives/entities/extractions/v1` to copy the file to internal storage making it available for content analysis.", + "sample_uploads", + [ + { + type: "file", + description: "Content of the uploaded archive. For example, use `--form file=@$FILE_PATH` when using cURL.", + name: "file", + in: "formData", + required: 1, + }, + { + type: "string", + description: "Archive password. For example, use `--form password=` when using cURL.", + name: "password", + in: "formData", + }, + { + type: "string", + description: "Name of the archive. For example, use `--form name=` when using cURL.", + name: "name", + in: "formData", + required: 1, + }, + { + type: "boolean", + default: 1, + description: + "Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console. For example, use `--form is_confidential=` when using cURL.\n\n- `true`: File is only shown to users within your customer account\n- `false`: File can be seen by other CrowdStrike customers \n\nDefault: `true`.", + name: "is_confidential", + in: "formData", + }, + { + type: "string", + description: "A descriptive comment to identify the file for other users. For example, use `--form comment=` when using cURL.", + name: "comment", + in: "formData", + }, + ], + ], + [ + "ExtractionListV1", + "GET", + "/archives/entities/extraction-files/v1", + "Retrieves the files extractions in chunks. Status `done` means that all files were processed successfully. Status `error` means that at least one of the file could not be processed.", + "sample_uploads", + [ + { + type: "string", + description: "The extraction operation ID.", + name: "id", + in: "query", + required: 1, + }, + { + type: "integer", + default: 0, + description: "Max number of file extractions to retrieve.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Offset from where to get file extractions.", + name: "offset", + in: "query", + }, + ], + ], + [ + "ExtractionGetV1", + "GET", + "/archives/entities/extractions/v1", + "Retrieves the files extraction operation statuses. Status `done` means that all files were processed successfully. Status `error` means that at least one of the file could not be processed.", + "sample_uploads", + [ + { + type: "string", + description: "The extraction operation ID.", + name: "id", + in: "query", + required: 1, + }, + { + type: "boolean", + default: 0, + description: "If `true` includes processed archive files in response.", + name: "include_files", + in: "query", + }, + ], + ], + [ + "ExtractionCreateV1", + "POST", + "/archives/entities/extractions/v1", + "Extracts files from an uploaded archive and copies them to internal storage making it available for content analysis.", + "sample_uploads", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "GetSampleV3", + "GET", + "/samples/entities/samples/v3", + "Retrieves the file associated with the given ID (SHA256)", + "sample_uploads", + [ + { + type: "string", + description: "The file SHA256.", + name: "ids", + in: "query", + required: 1, + }, + { + type: "boolean", + default: 0, + description: "Flag whether the sample should be zipped and password protected with pass='infected'", + name: "password_protected", + in: "query", + }, + ], + ], + [ + "UploadSampleV3", + "POST", + "/samples/entities/samples/v3", + "Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint.", + "sample_uploads", + [ + { + description: + "Content of the uploaded sample in binary format. For example, use `--data-binary @$FILE_PATH` when using cURL. Max file size: 100 MB.\n\nAccepted file formats:\n\n- Portable executables: `.exe`, `.scr`, `.pif`, `.dll`, `.com`, `.cpl`, etc.\n- Office documents: `.doc`, `.docx`, `.ppt`, `.pps`, `.pptx`, `.ppsx`, `.xls`, `.xlsx`, `.rtf`, `.pub`\n- PDF\n- APK\n- Executable JAR\n- Windows script component: `.sct`\n- Windows shortcut: `.lnk`\n- Windows help: `.chm`\n- HTML application: `.hta`\n- Windows script file: `.wsf`\n- Javascript: `.js`\n- Visual Basic: `.vbs`, `.vbe`\n- Shockwave Flash: `.swf`\n- Perl: `.pl`\n- Powershell: `.ps1`, `.psd1`, `.psm1`\n- Scalable vector graphics: `.svg`\n- Python: `.py`\n- Linux ELF executables\n- Email files: MIME RFC 822 `.eml`, Outlook `.msg`.", + name: "body", + in: "body", + required: 1, + }, + { + type: "file", + description: "The binary file.", + name: "upfile", + in: "formData", + required: 1, + }, + { + type: "string", + description: "Name of the file.", + name: "file_name", + in: "formData", + required: 1, + }, + { + type: "string", + description: "A descriptive comment to identify the file for other users.", + name: "comment", + in: "formData", + }, + { + type: "boolean", + default: 1, + description: + "Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console.\n\n- `true`: File is only shown to users within your customer account\n- `false`: File can be seen by other CrowdStrike customers \n\nDefault: `true`.", + name: "is_confidential", + in: "formData", + }, + ], + ], + [ + "DeleteSampleV3", + "DELETE", + "/samples/entities/samples/v3", + "Removes a sample, including file, meta and submissions from the collection", + "sample_uploads", + [ + { + type: "string", + description: "The file SHA256.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/scheduled_reports.ts b/src/_endpoints/scheduled_reports.ts index d37d1bd3..25aa70b0 100644 --- a/src/_endpoints/scheduled_reports.ts +++ b/src/_endpoints/scheduled_reports.ts @@ -3,46 +3,78 @@ * consumed and interpreted by Falcon.command(...) */ export const _scheduled_reports_endpoints: Array = [ - ["scheduled_reports_launch", "POST", "/reports/entities/scheduled-reports/execution/v1", "Launch scheduled reports executions for the provided report IDs.", "scheduled_reports", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["scheduled_reports_get", "GET", "/reports/entities/scheduled-reports/v1", "Retrieve scheduled reports for the provided report IDs.", "scheduled_reports", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The scheduled_report id to get details about.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["scheduled_reports_query", "GET", "/reports/queries/scheduled-reports/v1", "Find all report IDs matching the query with filter", "scheduled_reports", [{ - "type": "string", - "description": "Possible order by fields: created_on, last_updated_on, last_execution_on, next_execution_on", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters. Filter term criteria: type,trigger_reference, recipients, user_uuid, cid, trigger_params.metadata.Filter range criteria: created_on, modified_on; use any common date format,such as '2010-05-15T14:55:21.892315096Z'.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match query criteria, which includes all the filter string fields", - "name": "q", - "in": "query" - }, { - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }]] -]; \ No newline at end of file + [ + "scheduled_reports_launch", + "POST", + "/reports/entities/scheduled-reports/execution/v1", + "Launch scheduled reports executions for the provided report IDs.", + "scheduled_reports", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "scheduled_reports_get", + "GET", + "/reports/entities/scheduled-reports/v1", + "Retrieve scheduled reports for the provided report IDs.", + "scheduled_reports", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The scheduled_report id to get details about.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "scheduled_reports_query", + "GET", + "/reports/queries/scheduled-reports/v1", + "Find all report IDs matching the query with filter", + "scheduled_reports", + [ + { + type: "string", + description: "Possible order by fields: created_on, last_updated_on, last_execution_on, next_execution_on", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "FQL query specifying the filter parameters. Filter term criteria: type,trigger_reference, recipients, user_uuid, cid, trigger_params.metadata.Filter range criteria: created_on, modified_on; use any common date format,such as '2010-05-15T14:55:21.892315096Z'.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Match query criteria, which includes all the filter string fields", + name: "q", + in: "query", + }, + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/sensor_download.ts b/src/_endpoints/sensor_download.ts index d82b7ab2..d0f43332 100644 --- a/src/_endpoints/sensor_download.ts +++ b/src/_endpoints/sensor_download.ts @@ -3,65 +3,109 @@ * consumed and interpreted by Falcon.command(...) */ export const _sensor_download_endpoints: Array = [ - ["GetCombinedSensorInstallersByQuery", "GET", "/sensors/combined/installers/v1", "Get sensor installer details by provided query", "sensor_download", [{ - "type": "integer", - "description": "The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort items using their properties. Common sort options include:\n\n
  • version|asc
  • release_date|desc
", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results.\n\nCommon filter options include:\n
  • platform:\"windows\"
  • version:>\"5.2\"
", - "name": "filter", - "in": "query" - }]], - ["DownloadSensorInstallerById", "GET", "/sensors/entities/download-installer/v1", "Download sensor installer by SHA256 ID", "sensor_download", [{ - "type": "string", - "description": "SHA256 of the installer to download", - "name": "id", - "in": "query", - "required": 1 - }]], - ["GetSensorInstallersEntities", "GET", "/sensors/entities/installers/v1", "Get sensor installer details by provided SHA256 IDs", "sensor_download", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the installers", - "name": "ids", - "in": "query", - "required": 1 - }]], + [ + "GetCombinedSensorInstallersByQuery", + "GET", + "/sensors/combined/installers/v1", + "Get sensor installer details by provided query", + "sensor_download", + [ + { + type: "integer", + description: "The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort items using their properties. Common sort options include:\n\n
  • version|asc
  • release_date|desc
", + name: "sort", + in: "query", + }, + { + type: "string", + description: + 'Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results.\n\nCommon filter options include:\n
  • platform:"windows"
  • version:>"5.2"
', + name: "filter", + in: "query", + }, + ], + ], + [ + "DownloadSensorInstallerById", + "GET", + "/sensors/entities/download-installer/v1", + "Download sensor installer by SHA256 ID", + "sensor_download", + [ + { + type: "string", + description: "SHA256 of the installer to download", + name: "id", + in: "query", + required: 1, + }, + ], + ], + [ + "GetSensorInstallersEntities", + "GET", + "/sensors/entities/installers/v1", + "Get sensor installer details by provided SHA256 IDs", + "sensor_download", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the installers", + name: "ids", + in: "query", + required: 1, + }, + ], + ], ["GetSensorInstallersCCIDByQuery", "GET", "/sensors/queries/installers/ccid/v1", "Get CCID to use with sensor installers", "sensor_download", []], - ["GetSensorInstallersByQuery", "GET", "/sensors/queries/installers/v1", "Get sensor installer IDs by provided query", "sensor_download", [{ - "type": "integer", - "description": "The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort items using their properties. Common sort options include:\n\n
  • version|asc
  • release_date|desc
", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results.\n\nCommon filter options include:\n
  • platform:\"windows\"
  • version:>\"5.2\"
", - "name": "filter", - "in": "query" - }]] -]; \ No newline at end of file + [ + "GetSensorInstallersByQuery", + "GET", + "/sensors/queries/installers/v1", + "Get sensor installer IDs by provided query", + "sensor_download", + [ + { + type: "integer", + description: "The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort items using their properties. Common sort options include:\n\n
  • version|asc
  • release_date|desc
", + name: "sort", + in: "query", + }, + { + type: "string", + description: + 'Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results.\n\nCommon filter options include:\n
  • platform:"windows"
  • version:>"5.2"
', + name: "filter", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/sensor_update_policies.ts b/src/_endpoints/sensor_update_policies.ts index 03184aef..874d67d9 100644 --- a/src/_endpoints/sensor_update_policies.ts +++ b/src/_endpoints/sensor_update_policies.ts @@ -3,273 +3,510 @@ * consumed and interpreted by Falcon.command(...) */ export const _sensor_update_policies_endpoints: Array = [ - ["revealUninstallToken", "POST", "/policy/combined/reveal-uninstall-token/v1", "Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id'", "sensor_update_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["queryCombinedSensorUpdateBuilds", "GET", "/policy/combined/sensor-update-builds/v1", "Retrieve available builds for use with Sensor Update Policies", "sensor_update_policies", [{ - "enum": ["linux", "linuxarm64", "mac", "windows", "zlinux"], - "type": "string", - "description": "The platform to return builds for", - "name": "platform", - "in": "query" - }, { - "enum": ["early_adopter", "prod"], - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "The stages to return builds for", - "name": "stage", - "in": "query" - }]], - ["queryCombinedSensorUpdateKernels", "GET", "/policy/combined/sensor-update-kernels/v1", "Retrieve kernel compatibility info for Sensor Update Builds", "sensor_update_policies", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 500, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }]], - ["queryCombinedSensorUpdatePolicyMembers", "GET", "/policy/combined/sensor-update-members/v1", "Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", "sensor_update_policies", [{ - "type": "string", - "description": "The ID of the Sensor Update Policy to search for members of", - "name": "id", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["queryCombinedSensorUpdatePolicies", "GET", "/policy/combined/sensor-update/v1", "Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria", "sensor_update_policies", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["queryCombinedSensorUpdatePoliciesV2", "GET", "/policy/combined/sensor-update/v2", "Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria", "sensor_update_policies", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["performSensorUpdatePoliciesAction", "POST", "/policy/entities/sensor-update-actions/v1", "Perform the specified action on the Sensor Update Policies specified in the request", "sensor_update_policies", [{ - "enum": ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], - "type": "string", - "description": "The action to perform", - "name": "action_name", - "in": "query", - "required": 1 - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["setSensorUpdatePoliciesPrecedence", "POST", "/policy/entities/sensor-update-precedence/v1", "Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence", "sensor_update_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["getSensorUpdatePolicies", "GET", "/policy/entities/sensor-update/v1", "Retrieve a set of Sensor Update Policies by specifying their IDs", "sensor_update_policies", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the Sensor Update Policies to return", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["createSensorUpdatePolicies", "POST", "/policy/entities/sensor-update/v1", "Create Sensor Update Policies by specifying details about the policy to create", "sensor_update_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["updateSensorUpdatePolicies", "PATCH", "/policy/entities/sensor-update/v1", "Update Sensor Update Policies by specifying the ID of the policy and details to update", "sensor_update_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteSensorUpdatePolicies", "DELETE", "/policy/entities/sensor-update/v1", "Delete a set of Sensor Update Policies by specifying their IDs", "sensor_update_policies", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the Sensor Update Policies to delete", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["getSensorUpdatePoliciesV2", "GET", "/policy/entities/sensor-update/v2", "Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs", "sensor_update_policies", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The IDs of the Sensor Update Policies to return", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["createSensorUpdatePoliciesV2", "POST", "/policy/entities/sensor-update/v2", "Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection", "sensor_update_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["updateSensorUpdatePoliciesV2", "PATCH", "/policy/entities/sensor-update/v2", "Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection", "sensor_update_policies", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["querySensorUpdateKernelsDistinct", "GET", "/policy/queries/sensor-update-kernels/{}/v1", "Retrieve kernel compatibility info for Sensor Update Builds", "sensor_update_policies", [{ - "type": "string", - "description": "The field name to get distinct values for", - "name": "distinct-field", - "in": "path", - "required": 1 - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 500, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }]], - ["querySensorUpdatePolicyMembers", "GET", "/policy/queries/sensor-update-members/v1", "Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria", "sensor_update_policies", [{ - "type": "string", - "description": "The ID of the Sensor Update Policy to search for members of", - "name": "id", - "in": "query" - }, { - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["querySensorUpdatePolicies", "GET", "/policy/queries/sensor-update/v1", "Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria", "sensor_update_policies", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The maximum records to return. [1-5000]", - "name": "limit", - "in": "query" - }, { - "enum": ["created_by.asc", "created_by.desc", "created_timestamp.asc", "created_timestamp.desc", "enabled.asc", "enabled.desc", "modified_by.asc", "modified_by.desc", "modified_timestamp.asc", "modified_timestamp.desc", "name.asc", "name.desc", "platform_name.asc", "platform_name.desc", "precedence.asc", "precedence.desc"], - "type": "string", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]] -]; \ No newline at end of file + [ + "revealUninstallToken", + "POST", + "/policy/combined/reveal-uninstall-token/v1", + "Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id'", + "sensor_update_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "queryCombinedSensorUpdateBuilds", + "GET", + "/policy/combined/sensor-update-builds/v1", + "Retrieve available builds for use with Sensor Update Policies", + "sensor_update_policies", + [ + { + enum: ["linux", "linuxarm64", "mac", "windows", "zlinux"], + type: "string", + description: "The platform to return builds for", + name: "platform", + in: "query", + }, + { + enum: ["early_adopter", "prod"], + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "The stages to return builds for", + name: "stage", + in: "query", + }, + ], + ], + [ + "queryCombinedSensorUpdateKernels", + "GET", + "/policy/combined/sensor-update-kernels/v1", + "Retrieve kernel compatibility info for Sensor Update Builds", + "sensor_update_policies", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 500, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + ], + ], + [ + "queryCombinedSensorUpdatePolicyMembers", + "GET", + "/policy/combined/sensor-update-members/v1", + "Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria", + "sensor_update_policies", + [ + { + type: "string", + description: "The ID of the Sensor Update Policy to search for members of", + name: "id", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "queryCombinedSensorUpdatePolicies", + "GET", + "/policy/combined/sensor-update/v1", + "Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria", + "sensor_update_policies", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + enum: [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "enabled.asc", + "enabled.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc", + "platform_name.asc", + "platform_name.desc", + "precedence.asc", + "precedence.desc", + ], + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "queryCombinedSensorUpdatePoliciesV2", + "GET", + "/policy/combined/sensor-update/v2", + "Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria", + "sensor_update_policies", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + enum: [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "enabled.asc", + "enabled.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc", + "platform_name.asc", + "platform_name.desc", + "precedence.asc", + "precedence.desc", + ], + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "performSensorUpdatePoliciesAction", + "POST", + "/policy/entities/sensor-update-actions/v1", + "Perform the specified action on the Sensor Update Policies specified in the request", + "sensor_update_policies", + [ + { + enum: ["add-host-group", "add-rule-group", "disable", "enable", "remove-host-group", "remove-rule-group"], + type: "string", + description: "The action to perform", + name: "action_name", + in: "query", + required: 1, + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "setSensorUpdatePoliciesPrecedence", + "POST", + "/policy/entities/sensor-update-precedence/v1", + "Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence", + "sensor_update_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "getSensorUpdatePolicies", + "GET", + "/policy/entities/sensor-update/v1", + "Retrieve a set of Sensor Update Policies by specifying their IDs", + "sensor_update_policies", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the Sensor Update Policies to return", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createSensorUpdatePolicies", + "POST", + "/policy/entities/sensor-update/v1", + "Create Sensor Update Policies by specifying details about the policy to create", + "sensor_update_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updateSensorUpdatePolicies", + "PATCH", + "/policy/entities/sensor-update/v1", + "Update Sensor Update Policies by specifying the ID of the policy and details to update", + "sensor_update_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteSensorUpdatePolicies", + "DELETE", + "/policy/entities/sensor-update/v1", + "Delete a set of Sensor Update Policies by specifying their IDs", + "sensor_update_policies", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the Sensor Update Policies to delete", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getSensorUpdatePoliciesV2", + "GET", + "/policy/entities/sensor-update/v2", + "Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs", + "sensor_update_policies", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The IDs of the Sensor Update Policies to return", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createSensorUpdatePoliciesV2", + "POST", + "/policy/entities/sensor-update/v2", + "Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection", + "sensor_update_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updateSensorUpdatePoliciesV2", + "PATCH", + "/policy/entities/sensor-update/v2", + "Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection", + "sensor_update_policies", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "querySensorUpdateKernelsDistinct", + "GET", + "/policy/queries/sensor-update-kernels/{}/v1", + "Retrieve kernel compatibility info for Sensor Update Builds", + "sensor_update_policies", + [ + { + type: "string", + description: "The field name to get distinct values for", + name: "distinct-field", + in: "path", + required: 1, + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 500, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + ], + ], + [ + "querySensorUpdatePolicyMembers", + "GET", + "/policy/queries/sensor-update-members/v1", + "Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria", + "sensor_update_policies", + [ + { + type: "string", + description: "The ID of the Sensor Update Policy to search for members of", + name: "id", + in: "query", + }, + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "querySensorUpdatePolicies", + "GET", + "/policy/queries/sensor-update/v1", + "Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria", + "sensor_update_policies", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The maximum records to return. [1-5000]", + name: "limit", + in: "query", + }, + { + enum: [ + "created_by.asc", + "created_by.desc", + "created_timestamp.asc", + "created_timestamp.desc", + "enabled.asc", + "enabled.desc", + "modified_by.asc", + "modified_by.desc", + "modified_timestamp.asc", + "modified_timestamp.desc", + "name.asc", + "name.desc", + "platform_name.asc", + "platform_name.desc", + "precedence.asc", + "precedence.desc", + ], + type: "string", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/sensor_visibility_exclusions.ts b/src/_endpoints/sensor_visibility_exclusions.ts index fd6119c6..84ae7817 100644 --- a/src/_endpoints/sensor_visibility_exclusions.ts +++ b/src/_endpoints/sensor_visibility_exclusions.ts @@ -3,63 +3,125 @@ * consumed and interpreted by Falcon.command(...) */ export const _sensor_visibility_exclusions_endpoints: Array = [ - ["getSensorVisibilityExclusionsV1", "GET", "/policy/entities/sv-exclusions/v1", "Get a set of Sensor Visibility Exclusions by specifying their IDs", "sensor_visibility_exclusions", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The ids of the exclusions to retrieve", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["createSVExclusionsV1", "POST", "/policy/entities/sv-exclusions/v1", "Create the sensor visibility exclusions", "sensor_visibility_exclusions", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["updateSensorVisibilityExclusionsV1", "PATCH", "/policy/entities/sv-exclusions/v1", "Update the sensor visibility exclusions", "sensor_visibility_exclusions", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteSensorVisibilityExclusionsV1", "DELETE", "/policy/entities/sv-exclusions/v1", "Delete the sensor visibility exclusions by id", "sensor_visibility_exclusions", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "The ids of the exclusions to delete", - "name": "ids", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Explains why this exclusions was deleted", - "name": "comment", - "in": "query" - }]], - ["querySensorVisibilityExclusionsV1", "GET", "/policy/queries/sv-exclusions/v1", "Search for sensor visibility exclusions.", "sensor_visibility_exclusions", [{ - "type": "string", - "description": "The filter expression that should be used to limit the results.", - "name": "filter", - "in": "query" - }, { - "type": "integer", - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "enum": ["applied_globally.asc", "applied_globally.desc", "created_by.asc", "created_by.desc", "created_on.asc", "created_on.desc", "last_modified.asc", "last_modified.desc", "modified_by.asc", "modified_by.desc", "value.asc", "value.desc"], - "type": "string", - "description": "The sort expression that should be used to sort the results.", - "name": "sort", - "in": "query" - }]] -]; \ No newline at end of file + [ + "getSensorVisibilityExclusionsV1", + "GET", + "/policy/entities/sv-exclusions/v1", + "Get a set of Sensor Visibility Exclusions by specifying their IDs", + "sensor_visibility_exclusions", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The ids of the exclusions to retrieve", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "createSVExclusionsV1", + "POST", + "/policy/entities/sv-exclusions/v1", + "Create the sensor visibility exclusions", + "sensor_visibility_exclusions", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updateSensorVisibilityExclusionsV1", + "PATCH", + "/policy/entities/sv-exclusions/v1", + "Update the sensor visibility exclusions", + "sensor_visibility_exclusions", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteSensorVisibilityExclusionsV1", + "DELETE", + "/policy/entities/sv-exclusions/v1", + "Delete the sensor visibility exclusions by id", + "sensor_visibility_exclusions", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "The ids of the exclusions to delete", + name: "ids", + in: "query", + required: 1, + }, + { + type: "string", + description: "Explains why this exclusions was deleted", + name: "comment", + in: "query", + }, + ], + ], + [ + "querySensorVisibilityExclusionsV1", + "GET", + "/policy/queries/sv-exclusions/v1", + "Search for sensor visibility exclusions.", + "sensor_visibility_exclusions", + [ + { + type: "string", + description: "The filter expression that should be used to limit the results.", + name: "filter", + in: "query", + }, + { + type: "integer", + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + enum: [ + "applied_globally.asc", + "applied_globally.desc", + "created_by.asc", + "created_by.desc", + "created_on.asc", + "created_on.desc", + "last_modified.asc", + "last_modified.desc", + "modified_by.asc", + "modified_by.desc", + "value.asc", + "value.desc", + ], + type: "string", + description: "The sort expression that should be used to sort the results.", + name: "sort", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/spotlight_evaluation_logic.ts b/src/_endpoints/spotlight_evaluation_logic.ts index 2a5e7c04..1727104d 100644 --- a/src/_endpoints/spotlight_evaluation_logic.ts +++ b/src/_endpoints/spotlight_evaluation_logic.ts @@ -3,59 +3,94 @@ * consumed and interpreted by Falcon.command(...) */ export const _spotlight_evaluation_logic_endpoints: Array = [ - ["combinedQueryEvaluationLogic", "GET", "/spotlight/combined/evaluation-logic/v1", "Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.", "spotlight_evaluation_logic", [{ - "type": "string", - "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", - "name": "after", - "in": "query" - }, { - "type": "integer", - "description": "Maximum number of entities to return.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters.", - "name": "filter", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Sort evaluation logic by their properties.", - "name": "sort", - "in": "query" - }]], - ["getEvaluationLogic", "GET", "/spotlight/entities/evaluation-logic/v1", "Get details on evaluation logic items by providing one or more IDs.", "spotlight_evaluation_logic", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more evaluation logic IDs.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["queryEvaluationLogic", "GET", "/spotlight/queries/evaluation-logic/v1", "Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria.", "spotlight_evaluation_logic", [{ - "type": "string", - "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", - "name": "after", - "in": "query" - }, { - "type": "integer", - "description": "Maximum number of entities to return.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters.", - "name": "filter", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Sort evaluation logic by their properties.", - "name": "sort", - "in": "query" - }]] -]; \ No newline at end of file + [ + "combinedQueryEvaluationLogic", + "GET", + "/spotlight/combined/evaluation-logic/v1", + "Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.", + "spotlight_evaluation_logic", + [ + { + type: "string", + description: + "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + name: "after", + in: "query", + }, + { + type: "integer", + description: "Maximum number of entities to return.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "FQL query specifying the filter parameters.", + name: "filter", + in: "query", + required: 1, + }, + { + type: "string", + description: "Sort evaluation logic by their properties.", + name: "sort", + in: "query", + }, + ], + ], + [ + "getEvaluationLogic", + "GET", + "/spotlight/entities/evaluation-logic/v1", + "Get details on evaluation logic items by providing one or more IDs.", + "spotlight_evaluation_logic", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more evaluation logic IDs.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "queryEvaluationLogic", + "GET", + "/spotlight/queries/evaluation-logic/v1", + "Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria.", + "spotlight_evaluation_logic", + [ + { + type: "string", + description: + "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + name: "after", + in: "query", + }, + { + type: "integer", + description: "Maximum number of entities to return.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "FQL query specifying the filter parameters.", + name: "filter", + in: "query", + required: 1, + }, + { + type: "string", + description: "Sort evaluation logic by their properties.", + name: "sort", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/spotlight_vulnerabilities.ts b/src/_endpoints/spotlight_vulnerabilities.ts index 165009f2..7a39ccd4 100644 --- a/src/_endpoints/spotlight_vulnerabilities.ts +++ b/src/_endpoints/spotlight_vulnerabilities.ts @@ -3,94 +3,151 @@ * consumed and interpreted by Falcon.command(...) */ export const _spotlight_vulnerabilities_endpoints: Array = [ - ["combinedQueryVulnerabilities", "GET", "/spotlight/combined/vulnerabilities/v1", "Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria", "spotlight_vulnerabilities", [{ - "type": "string", - "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", - "name": "after", - "in": "query" - }, { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort vulnerabilities by their properties. Common sort options include:\n\n
  • created_timestamp|desc
  • closed_timestamp|asc
", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. \n\nCommon filter options include:\n\n
  • created_timestamp:>'2019-11-25T22:36:12Z'
  • closed_timestamp:>'2019-11-25T22:36:12Z'
  • aid:'8e7656b27d8c49a34a1af416424d6231'
", - "name": "filter", - "in": "query", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Select constious details blocks to be returned for each vulnerability entity. Supported values:\n\n
  • host_info
  • remediation
  • cve
  • evaluation_logic
", - "name": "facet", - "in": "query" - }]], - ["getRemediationsV2", "GET", "/spotlight/entities/remediations/v2", "Get details on remediation by providing one or more IDs", "spotlight_vulnerabilities", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more remediation IDs", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["getVulnerabilities", "GET", "/spotlight/entities/vulnerabilities/v2", "Get details on vulnerabilities by providing one or more IDs", "spotlight_vulnerabilities", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more vulnerability IDs (max: 400). Find vulnerability IDs with GET /spotlight/queries/vulnerabilities/v1", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["queryVulnerabilities", "GET", "/spotlight/queries/vulnerabilities/v1", "Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria", "spotlight_vulnerabilities", [{ - "type": "string", - "description": "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", - "name": "after", - "in": "query" - }, { - "maximum": 400, - "minimum": 1, - "type": "integer", - "description": "The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Sort vulnerabilities by their properties. Common sort options include:\n\n
  • created_timestamp|desc
  • closed_timestamp|asc
", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. \n\nCommon filter options include:\n\n
  • created_timestamp:>'2019-11-25T22:36:12Z'
  • closed_timestamp:>'2019-11-25T22:36:12Z'
  • aid:'8e7656b27d8c49a34a1af416424d6231'
", - "name": "filter", - "in": "query", - "required": 1 - }]], - ["getRemediations", "GET", "/spotlight/entities/remediations/v2", "Get details on remediations by providing one or more IDs", "spotlight_vulnerabilities", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more remediation IDs (max: 400).", - "name": "ids", - "in": "query", - "required": 1 - }]] -]; \ No newline at end of file + [ + "combinedQueryVulnerabilities", + "GET", + "/spotlight/combined/vulnerabilities/v1", + "Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria", + "spotlight_vulnerabilities", + [ + { + type: "string", + description: + "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + name: "after", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort vulnerabilities by their properties. Common sort options include:\n\n
  • created_timestamp|desc
  • closed_timestamp|asc
", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. \n\nCommon filter options include:\n\n
  • created_timestamp:>'2019-11-25T22:36:12Z'
  • closed_timestamp:>'2019-11-25T22:36:12Z'
  • aid:'8e7656b27d8c49a34a1af416424d6231'
", + name: "filter", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: + "Select constious details blocks to be returned for each vulnerability entity. Supported values:\n\n
  • host_info
  • remediation
  • cve
  • evaluation_logic
", + name: "facet", + in: "query", + }, + ], + ], + [ + "getRemediationsV2", + "GET", + "/spotlight/entities/remediations/v2", + "Get details on remediation by providing one or more IDs", + "spotlight_vulnerabilities", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more remediation IDs", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "getVulnerabilities", + "GET", + "/spotlight/entities/vulnerabilities/v2", + "Get details on vulnerabilities by providing one or more IDs", + "spotlight_vulnerabilities", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more vulnerability IDs (max: 400). Find vulnerability IDs with GET /spotlight/queries/vulnerabilities/v1", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "queryVulnerabilities", + "GET", + "/spotlight/queries/vulnerabilities/v1", + "Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria", + "spotlight_vulnerabilities", + [ + { + type: "string", + description: + "A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.", + name: "after", + in: "query", + }, + { + maximum: 400, + minimum: 1, + type: "integer", + description: "The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort vulnerabilities by their properties. Common sort options include:\n\n
  • created_timestamp|desc
  • closed_timestamp|asc
", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. \n\nCommon filter options include:\n\n
  • created_timestamp:>'2019-11-25T22:36:12Z'
  • closed_timestamp:>'2019-11-25T22:36:12Z'
  • aid:'8e7656b27d8c49a34a1af416424d6231'
", + name: "filter", + in: "query", + required: 1, + }, + ], + ], + [ + "getRemediations", + "GET", + "/spotlight/entities/remediations/v2", + "Get details on remediations by providing one or more IDs", + "spotlight_vulnerabilities", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more remediation IDs (max: 400).", + name: "ids", + in: "query", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/tailored_intelligence.ts b/src/_endpoints/tailored_intelligence.ts index 5d01a542..eb6d7fe0 100644 --- a/src/_endpoints/tailored_intelligence.ts +++ b/src/_endpoints/tailored_intelligence.ts @@ -3,73 +3,126 @@ * consumed and interpreted by Falcon.command(...) */ export const _tailored_intelligence_endpoints: Array = [ - ["GetEventsBody", "GET", "/ti/events/entities/events-full-body/v2", "Get event body for the provided event ID", "tailored_intelligence", [{ - "type": "string", - "description": "Return the event body for event id.", - "name": "id", - "in": "query", - "required": 1 - }]], - ["GetEventsEntities", "POST", "/ti/events/entities/events/GET/v2", "Get events entities for specified ids.", "tailored_intelligence", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["QueryEvents", "GET", "/ti/events/queries/events/v2", "Get events ids that match the provided filter criteria.", "tailored_intelligence", [{ - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Possible order by fields: source_type, created_date, updated_date. Ex: 'updated_date|desc'.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters. Special value '*' means to not filter on anything.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match phrase_prefix query criteria; included fields: _all (all filter string fields indexed).", - "name": "q", - "in": "query" - }]], - ["GetRulesEntities", "POST", "/ti/rules/entities/rules/GET/v2", "Get rules entities for specified ids.", "tailored_intelligence", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["QueryRules", "GET", "/ti/rules/queries/rules/v2", "Get rules ids that match the provided filter criteria.", "tailored_intelligence", [{ - "type": "string", - "description": "Starting index of overall result set from which to return ids.", - "name": "offset", - "in": "query" - }, { - "type": "integer", - "description": "Number of ids to return.", - "name": "limit", - "in": "query" - }, { - "type": "string", - "description": "Possible order by fields: name, value, rule_type, customer_id, created_date, updated_date. Ex: 'updated_date|asc'.", - "name": "sort", - "in": "query" - }, { - "type": "string", - "description": "FQL query specifying the filter parameters. Special value '*' means to not filter on anything.", - "name": "filter", - "in": "query" - }, { - "type": "string", - "description": "Match phrase_prefix query criteria; included fields: _all (all filter string fields indexed).", - "name": "q", - "in": "query" - }]] -]; \ No newline at end of file + [ + "GetEventsBody", + "GET", + "/ti/events/entities/events-full-body/v2", + "Get event body for the provided event ID", + "tailored_intelligence", + [ + { + type: "string", + description: "Return the event body for event id.", + name: "id", + in: "query", + required: 1, + }, + ], + ], + [ + "GetEventsEntities", + "POST", + "/ti/events/entities/events/GET/v2", + "Get events entities for specified ids.", + "tailored_intelligence", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "QueryEvents", + "GET", + "/ti/events/queries/events/v2", + "Get events ids that match the provided filter criteria.", + "tailored_intelligence", + [ + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Possible order by fields: source_type, created_date, updated_date. Ex: 'updated_date|desc'.", + name: "sort", + in: "query", + }, + { + type: "string", + description: "FQL query specifying the filter parameters. Special value '*' means to not filter on anything.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Match phrase_prefix query criteria; included fields: _all (all filter string fields indexed).", + name: "q", + in: "query", + }, + ], + ], + [ + "GetRulesEntities", + "POST", + "/ti/rules/entities/rules/GET/v2", + "Get rules entities for specified ids.", + "tailored_intelligence", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "QueryRules", + "GET", + "/ti/rules/queries/rules/v2", + "Get rules ids that match the provided filter criteria.", + "tailored_intelligence", + [ + { + type: "string", + description: "Starting index of overall result set from which to return ids.", + name: "offset", + in: "query", + }, + { + type: "integer", + description: "Number of ids to return.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Possible order by fields: name, value, rule_type, customer_id, created_date, updated_date. Ex: 'updated_date|asc'.", + name: "sort", + in: "query", + }, + { + type: "string", + description: "FQL query specifying the filter parameters. Special value '*' means to not filter on anything.", + name: "filter", + in: "query", + }, + { + type: "string", + description: "Match phrase_prefix query criteria; included fields: _all (all filter string fields indexed).", + name: "q", + in: "query", + }, + ], + ], +]; diff --git a/src/_endpoints/user_management.ts b/src/_endpoints/user_management.ts index b19dfc65..774c8a6c 100644 --- a/src/_endpoints/user_management.ts +++ b/src/_endpoints/user_management.ts @@ -3,256 +3,482 @@ * consumed and interpreted by Falcon.command(...) */ export const _user_management_endpoints: Array = [ - ["combinedUserRolesV1", "GET", "/user-management/combined/user-roles/v1", "Get User Grant(s). This endpoint lists both direct as well as flight control grants between a User and a Customer.", "user_management", [{ - "type": "string", - "description": "User UUID to get available roles for.", - "name": "user_uuid", - "in": "query", - "required": 1 - }, { - "type": "string", - "description": "Customer ID to get grants for. Empty CID would result in Role IDs for user against current CID in view.", - "name": "cid", - "in": "query" - }, { - "type": "boolean", - "default": 0, - "description": "Specifies if to request direct Only role grants or all role grants between user and CID (specified in query params)", - "name": "direct_only", - "in": "query" - }, { - "type": "string", - "description": "Filter using a query in Falcon Query Language (FQL). Supported filters: role_id, role_name", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "default": 0, - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 500, - "minimum": 1, - "type": "integer", - "default": 100, - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "enum": ["cid|asc", "cid|desc", "role_name|asc", "role_name|desc", "type|asc", "type|desc"], - "type": "string", - "default": "role_name|asc", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["entitiesRolesV1", "GET", "/user-management/entities/roles/v1", "Get info about a role", "user_management", [{ - "type": "string", - "description": "Customer ID to get available roles for. Empty CID would result in Role IDs for current CID in view.", - "name": "cid", - "in": "query" - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "ID of a role. Find a role ID from `/user-management/queries/roles/v1`.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["userActionV1", "POST", "/user-management/entities/user-actions/v1", "Apply actions to one or more User. Available action names: reset_2fa, reset_password. User UUIDs can be provided in `ids` param as part of request payload.", "user_management", [{ - "description": "User UUIDs and Action Name params are required. Allowed values for Action Name param includes 'reset_2fa' and 'reset_password'", - "name": "body", - "in": "body", - "required": 1 - }]], - ["userRolesActionV1", "POST", "/user-management/entities/user-role-actions/v1", "Grant or Revoke one or more role(s) to a user against a CID.", "user_management", [{ - "description": "All fields including CID, RoleID(s), User UUID and Action are required. Allowed values for Action param include 'grant' and 'revoke'.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["retrieveUsersGETV1", "POST", "/user-management/entities/users/GET/v1", "Get info about users including their name, UID and CID by providing user UUIDs", "user_management", [{ - "description": "Maximum of 5000 User UUIDs can be specified per request.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["createUserV1", "POST", "/user-management/entities/users/v1", "Create a new user. After creating a user, assign one or more roles with POST '/user-management/entities/user-role-actions/v1'", "user_management", [{ - "type": "boolean", - "default": 0, - "description": "Validate of user is allowed, but do not create user.", - "name": "validate_only", - "in": "query" - }, { - "description": "Attributes for this user. `uid` (required) is the user's email address, which is their username in Falcon.\n\nOptional attributes:\n\n
  • `firstName`
  • `lastName`
  • `password`
\n\nAs a best practice, we recommend omitting `password`. If single sign-on is enabled for your customer account, the `password` attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no `password`. The user should use the activation email to set their own password.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["updateUserV1", "PATCH", "/user-management/entities/users/v1", "Modify an existing user's first or last name.", "user_management", [{ - "type": "string", - "description": "user uuid", - "name": "user_uuid", - "in": "query", - "required": 1 - }, { - "description": "Both firstName and lastName have to specified.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["deleteUserV1", "DELETE", "/user-management/entities/users/v1", "Delete a user permanently.", "user_management", [{ - "type": "string", - "description": "User UUID.", - "name": "user_uuid", - "in": "query", - "required": 1 - }]], - ["queriesRolesV1", "GET", "/user-management/queries/roles/v1", "Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to `/user-management/entities/roles/v1`.", "user_management", [{ - "type": "string", - "description": "Customer ID to get available roles for. Empty CID would result in Role IDs for current CID in view.", - "name": "cid", - "in": "query" - }, { - "type": "string", - "description": "User UUID to get available roles for. Empty User UUID would returns all roles IDs available for customer.", - "name": "user_uuid", - "in": "query" - }, { - "type": "string", - "default": "grant", - "description": "Actionable purpose of the query", - "name": "action", - "in": "query" - }]], - ["queryUserV1", "GET", "/user-management/queries/users/v1", "List user IDs for all users in your customer account. For more information on each user, provide the user ID to `/user-management/entities/users/GET/v1`.", "user_management", [{ - "type": "string", - "description": "Filter using a query in Falcon Query Language (FQL). Supported filters: assigned_cids, cid, first_name, last_name, name, uid", - "name": "filter", - "in": "query" - }, { - "minimum": 0, - "type": "integer", - "default": 0, - "description": "The offset to start retrieving records from", - "name": "offset", - "in": "query" - }, { - "maximum": 500, - "minimum": 1, - "type": "integer", - "default": 100, - "description": "The maximum records to return. [1-500]", - "name": "limit", - "in": "query" - }, { - "enum": ["cid_name|asc", "cid_name|desc", "created_at|asc", "created_at|desc", "first_name|asc", "first_name|desc", "last_login_at|asc", "last_login_at|desc", "last_name|asc", "last_name|desc", "name|asc", "name|desc", "uid|asc", "uid|desc"], - "type": "string", - "default": "uid|asc", - "description": "The property to sort by", - "name": "sort", - "in": "query" - }]], - ["GetRoles", "GET", "/user-roles/entities/user-roles/v1", "Deprecated : Please use entitiesRolesV1. Get info about a role", "user_management", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "ID of a role. Find a role ID from `/customer/queries/roles/v1` or `/users/queries/roles/v1`.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GrantUserRoleIds", "POST", "/user-roles/entities/user-roles/v1", "Deprecated : Please use userRolesActionV1. Assign one or more roles to a user", "user_management", [{ - "type": "string", - "description": "ID of a user. Find a user's ID from `/users/entities/user/v1`.", - "name": "user_uuid", - "in": "query", - "required": 1 - }, { - "description": "Role ID(s) of the role you want to assign", - "name": "body", - "in": "body", - "required": 1 - }]], - ["RevokeUserRoleIds", "DELETE", "/user-roles/entities/user-roles/v1", "Deprecated : Please use userRolesActionV1. Revoke one or more roles from a user", "user_management", [{ - "type": "string", - "description": "ID of a user. Find a user's ID from `/users/entities/user/v1`.", - "name": "user_uuid", - "in": "query", - "required": 1 - }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more role IDs to revoke. Find a role's ID from `/users/queries/roles/v1`.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["GetAvailableRoleIds", "GET", "/user-roles/queries/user-role-ids-by-cid/v1", "Deprecated : Please use queriesRolesV1. Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to `/customer/entities/roles/v1`.", "user_management", []], - ["GetUserRoleIds", "GET", "/user-roles/queries/user-role-ids-by-user-uuid/v1", "Deprecated : Please use combinedUserRolesV1. Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to `/customer/entities/roles/v1`.", "user_management", [{ - "type": "string", - "description": "ID of a user. Find a user's ID from `/users/entities/user/v1`.", - "name": "user_uuid", - "in": "query", - "required": 1 - }]], - ["RetrieveUser", "GET", "/users/entities/users/v1", "Deprecated : Please use retrieveUsersGETV1. Get info about a user", "user_management", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "ID of a user. Find a user's ID from `/users/entities/user/v1`.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["CreateUser", "POST", "/users/entities/users/v1", "Deprecated : Please use createUserV1. Create a new user. After creating a user, assign one or more roles with POST /user-roles/entities/user-roles/v1", "user_management", [{ - "description": "Attributes for this user. `uid` (required) is the user's email address, which is their username in Falcon.\n\nOptional attributes:\n\n
  • `firstName`
  • `lastName`
  • `password`
\n\nAs a best practice, we recommend omitting `password`. If single sign-on is enabled for your customer account, the `password` attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no `password`. The user should use the activation email to set their own password.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["UpdateUser", "PATCH", "/users/entities/users/v1", "Deprecated : Please use updateUserV1. Modify an existing user's first or last name", "user_management", [{ - "type": "string", - "description": "ID of a user. Find a user's ID from `/users/entities/user/v1`.", - "name": "user_uuid", - "in": "query", - "required": 1 - }, { - "description": "Attributes for this user. All attributes (shown below) are optional.", - "name": "body", - "in": "body", - "required": 1 - }]], - ["DeleteUser", "DELETE", "/users/entities/users/v1", "Deprecated : Please use deleteUserV1. Delete a user permanently", "user_management", [{ - "type": "string", - "description": "ID of a user. Find a user's ID from `/users/entities/user/v1`.", - "name": "user_uuid", - "in": "query", - "required": 1 - }]], - ["RetrieveEmailsByCID", "GET", "/users/queries/emails-by-cid/v1", "Deprecated : Please use retrieveUsersGETV1. List the usernames (usually an email address) for all users in your customer account", "user_management", []], - ["RetrieveUserUUIDsByCID", "GET", "/users/queries/user-uuids-by-cid/v1", "Deprecated : Please use queryUserV1. List user IDs for all users in your customer account. For more information on each user, provide the user ID to `/users/entities/user/v1`.", "user_management", []], - ["RetrieveUserUUID", "GET", "/users/queries/user-uuids-by-email/v1", "Deprecated : Please use queryUserV1. Get a user's ID by providing a username (usually an email address)", "user_management", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "A username. This is usually the user's email address, but may consty based on your configuration.", - "name": "uid", - "in": "query", - "required": 1 - }]] -]; \ No newline at end of file + [ + "combinedUserRolesV1", + "GET", + "/user-management/combined/user-roles/v1", + "Get User Grant(s). This endpoint lists both direct as well as flight control grants between a User and a Customer.", + "user_management", + [ + { + type: "string", + description: "User UUID to get available roles for.", + name: "user_uuid", + in: "query", + required: 1, + }, + { + type: "string", + description: "Customer ID to get grants for. Empty CID would result in Role IDs for user against current CID in view.", + name: "cid", + in: "query", + }, + { + type: "boolean", + default: 0, + description: "Specifies if to request direct Only role grants or all role grants between user and CID (specified in query params)", + name: "direct_only", + in: "query", + }, + { + type: "string", + description: "Filter using a query in Falcon Query Language (FQL). Supported filters: role_id, role_name", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + default: 0, + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 500, + minimum: 1, + type: "integer", + default: 100, + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + enum: ["cid|asc", "cid|desc", "role_name|asc", "role_name|desc", "type|asc", "type|desc"], + type: "string", + default: "role_name|asc", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "entitiesRolesV1", + "GET", + "/user-management/entities/roles/v1", + "Get info about a role", + "user_management", + [ + { + type: "string", + description: "Customer ID to get available roles for. Empty CID would result in Role IDs for current CID in view.", + name: "cid", + in: "query", + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "ID of a role. Find a role ID from `/user-management/queries/roles/v1`.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "userActionV1", + "POST", + "/user-management/entities/user-actions/v1", + "Apply actions to one or more User. Available action names: reset_2fa, reset_password. User UUIDs can be provided in `ids` param as part of request payload.", + "user_management", + [ + { + description: "User UUIDs and Action Name params are required. Allowed values for Action Name param includes 'reset_2fa' and 'reset_password'", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "userRolesActionV1", + "POST", + "/user-management/entities/user-role-actions/v1", + "Grant or Revoke one or more role(s) to a user against a CID.", + "user_management", + [ + { + description: "All fields including CID, RoleID(s), User UUID and Action are required. Allowed values for Action param include 'grant' and 'revoke'.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "retrieveUsersGETV1", + "POST", + "/user-management/entities/users/GET/v1", + "Get info about users including their name, UID and CID by providing user UUIDs", + "user_management", + [ + { + description: "Maximum of 5000 User UUIDs can be specified per request.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "createUserV1", + "POST", + "/user-management/entities/users/v1", + "Create a new user. After creating a user, assign one or more roles with POST '/user-management/entities/user-role-actions/v1'", + "user_management", + [ + { + type: "boolean", + default: 0, + description: "Validate of user is allowed, but do not create user.", + name: "validate_only", + in: "query", + }, + { + description: + "Attributes for this user. `uid` (required) is the user's email address, which is their username in Falcon.\n\nOptional attributes:\n\n
  • `firstName`
  • `lastName`
  • `password`
\n\nAs a best practice, we recommend omitting `password`. If single sign-on is enabled for your customer account, the `password` attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no `password`. The user should use the activation email to set their own password.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "updateUserV1", + "PATCH", + "/user-management/entities/users/v1", + "Modify an existing user's first or last name.", + "user_management", + [ + { + type: "string", + description: "user uuid", + name: "user_uuid", + in: "query", + required: 1, + }, + { + description: "Both firstName and lastName have to specified.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "deleteUserV1", + "DELETE", + "/user-management/entities/users/v1", + "Delete a user permanently.", + "user_management", + [ + { + type: "string", + description: "User UUID.", + name: "user_uuid", + in: "query", + required: 1, + }, + ], + ], + [ + "queriesRolesV1", + "GET", + "/user-management/queries/roles/v1", + "Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to `/user-management/entities/roles/v1`.", + "user_management", + [ + { + type: "string", + description: "Customer ID to get available roles for. Empty CID would result in Role IDs for current CID in view.", + name: "cid", + in: "query", + }, + { + type: "string", + description: "User UUID to get available roles for. Empty User UUID would returns all roles IDs available for customer.", + name: "user_uuid", + in: "query", + }, + { + type: "string", + default: "grant", + description: "Actionable purpose of the query", + name: "action", + in: "query", + }, + ], + ], + [ + "queryUserV1", + "GET", + "/user-management/queries/users/v1", + "List user IDs for all users in your customer account. For more information on each user, provide the user ID to `/user-management/entities/users/GET/v1`.", + "user_management", + [ + { + type: "string", + description: "Filter using a query in Falcon Query Language (FQL). Supported filters: assigned_cids, cid, first_name, last_name, name, uid", + name: "filter", + in: "query", + }, + { + minimum: 0, + type: "integer", + default: 0, + description: "The offset to start retrieving records from", + name: "offset", + in: "query", + }, + { + maximum: 500, + minimum: 1, + type: "integer", + default: 100, + description: "The maximum records to return. [1-500]", + name: "limit", + in: "query", + }, + { + enum: [ + "cid_name|asc", + "cid_name|desc", + "created_at|asc", + "created_at|desc", + "first_name|asc", + "first_name|desc", + "last_login_at|asc", + "last_login_at|desc", + "last_name|asc", + "last_name|desc", + "name|asc", + "name|desc", + "uid|asc", + "uid|desc", + ], + type: "string", + default: "uid|asc", + description: "The property to sort by", + name: "sort", + in: "query", + }, + ], + ], + [ + "GetRoles", + "GET", + "/user-roles/entities/user-roles/v1", + "Deprecated : Please use entitiesRolesV1. Get info about a role", + "user_management", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "ID of a role. Find a role ID from `/customer/queries/roles/v1` or `/users/queries/roles/v1`.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GrantUserRoleIds", + "POST", + "/user-roles/entities/user-roles/v1", + "Deprecated : Please use userRolesActionV1. Assign one or more roles to a user", + "user_management", + [ + { + type: "string", + description: "ID of a user. Find a user's ID from `/users/entities/user/v1`.", + name: "user_uuid", + in: "query", + required: 1, + }, + { + description: "Role ID(s) of the role you want to assign", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "RevokeUserRoleIds", + "DELETE", + "/user-roles/entities/user-roles/v1", + "Deprecated : Please use userRolesActionV1. Revoke one or more roles from a user", + "user_management", + [ + { + type: "string", + description: "ID of a user. Find a user's ID from `/users/entities/user/v1`.", + name: "user_uuid", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more role IDs to revoke. Find a role's ID from `/users/queries/roles/v1`.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "GetAvailableRoleIds", + "GET", + "/user-roles/queries/user-role-ids-by-cid/v1", + "Deprecated : Please use queriesRolesV1. Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to `/customer/entities/roles/v1`.", + "user_management", + [], + ], + [ + "GetUserRoleIds", + "GET", + "/user-roles/queries/user-role-ids-by-user-uuid/v1", + "Deprecated : Please use combinedUserRolesV1. Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to `/customer/entities/roles/v1`.", + "user_management", + [ + { + type: "string", + description: "ID of a user. Find a user's ID from `/users/entities/user/v1`.", + name: "user_uuid", + in: "query", + required: 1, + }, + ], + ], + [ + "RetrieveUser", + "GET", + "/users/entities/users/v1", + "Deprecated : Please use retrieveUsersGETV1. Get info about a user", + "user_management", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "ID of a user. Find a user's ID from `/users/entities/user/v1`.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "CreateUser", + "POST", + "/users/entities/users/v1", + "Deprecated : Please use createUserV1. Create a new user. After creating a user, assign one or more roles with POST /user-roles/entities/user-roles/v1", + "user_management", + [ + { + description: + "Attributes for this user. `uid` (required) is the user's email address, which is their username in Falcon.\n\nOptional attributes:\n\n
  • `firstName`
  • `lastName`
  • `password`
\n\nAs a best practice, we recommend omitting `password`. If single sign-on is enabled for your customer account, the `password` attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no `password`. The user should use the activation email to set their own password.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "UpdateUser", + "PATCH", + "/users/entities/users/v1", + "Deprecated : Please use updateUserV1. Modify an existing user's first or last name", + "user_management", + [ + { + type: "string", + description: "ID of a user. Find a user's ID from `/users/entities/user/v1`.", + name: "user_uuid", + in: "query", + required: 1, + }, + { + description: "Attributes for this user. All attributes (shown below) are optional.", + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "DeleteUser", + "DELETE", + "/users/entities/users/v1", + "Deprecated : Please use deleteUserV1. Delete a user permanently", + "user_management", + [ + { + type: "string", + description: "ID of a user. Find a user's ID from `/users/entities/user/v1`.", + name: "user_uuid", + in: "query", + required: 1, + }, + ], + ], + [ + "RetrieveEmailsByCID", + "GET", + "/users/queries/emails-by-cid/v1", + "Deprecated : Please use retrieveUsersGETV1. List the usernames (usually an email address) for all users in your customer account", + "user_management", + [], + ], + [ + "RetrieveUserUUIDsByCID", + "GET", + "/users/queries/user-uuids-by-cid/v1", + "Deprecated : Please use queryUserV1. List user IDs for all users in your customer account. For more information on each user, provide the user ID to `/users/entities/user/v1`.", + "user_management", + [], + ], + [ + "RetrieveUserUUID", + "GET", + "/users/queries/user-uuids-by-email/v1", + "Deprecated : Please use queryUserV1. Get a user's ID by providing a username (usually an email address)", + "user_management", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "A username. This is usually the user's email address, but may consty based on your configuration.", + name: "uid", + in: "query", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/workflows.ts b/src/_endpoints/workflows.ts index 7ea861b3..145fed20 100644 --- a/src/_endpoints/workflows.ts +++ b/src/_endpoints/workflows.ts @@ -3,73 +3,132 @@ * consumed and interpreted by Falcon.command(...) */ export const _workflows_endpoints: Array = [ - ["WorkflowExecute", "POST", "/workflows/entities/execute/v1", "Executes an on-demand Workflow, the body is JSON used to trigger the execution, the response the execution ID(s)", "workflows", [{ - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "Definition ID to execute, either a name or an ID can be specified.", - "name": "definition_id", - "in": "query" - }, { - "type": "string", - "description": "Workflow name to execute, either a name or an ID can be specified.", - "name": "name", - "in": "query" - }, { - "type": "string", - "description": "Key used to help deduplicate executions, if unset a new UUID is used", - "name": "key", - "in": "query" - }, { - "type": "integer", - "description": "Used to record the execution depth to help limit execution loops when a workflow triggers another. The maximum depth is 4.", - "name": "depth", - "in": "query" - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["WorkflowExecutionsAction", "POST", "/workflows/entities/execution-actions/v1", "Allows a user to resume/retry a failed workflow execution.", "workflows", [{ - "enum": ["resume"], - "type": "string", - "description": "Specify one of these actions:\n\n- `resume`: resume/retry the workflow execution(s) specified in ids", - "name": "action_name", - "in": "query", - "required": 1 - }, { - "name": "body", - "in": "body", - "required": 1 - }]], - ["WorkflowExecutionResults", "GET", "/workflows/entities/execution-results/v1", "Get execution result of a given execution", "workflows", [{ - "maxItems": 500, - "minItems": 1, - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "csv", - "description": "workflow execution id to return results for.", - "name": "ids", - "in": "query", - "required": 1 - }]], - ["WorkflowSystemDefinitionsDeProvision", "POST", "/workflows/system-definitions/deprovision/v1", "Deprovisions a system definition that was previously provisioned on the target CID", "workflows", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["WorkflowSystemDefinitionsPromote", "POST", "/workflows/system-definitions/promote/v1", "Promotes a version of a system definition on a customer. The customer must already have been provisioned. This allows the callerto apply an updated template version to a specific cid and expects all parameters to be supplied. If the template supports multi-instancethe customer scope definition ID must be supplied to determine which customer workflow should be updated.", "workflows", [{ - "name": "body", - "in": "body", - "required": 1 - }]], - ["WorkflowSystemDefinitionsProvision", "POST", "/workflows/system-definitions/provision/v1", "Provisions a system definition onto the target CID by using the template and provided parameters", "workflows", [{ - "name": "body", - "in": "body", - "required": 1 - }]] -]; \ No newline at end of file + [ + "WorkflowExecute", + "POST", + "/workflows/entities/execute/v1", + "Executes an on-demand Workflow, the body is JSON used to trigger the execution, the response the execution ID(s)", + "workflows", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "Definition ID to execute, either a name or an ID can be specified.", + name: "definition_id", + in: "query", + }, + { + type: "string", + description: "Workflow name to execute, either a name or an ID can be specified.", + name: "name", + in: "query", + }, + { + type: "string", + description: "Key used to help deduplicate executions, if unset a new UUID is used", + name: "key", + in: "query", + }, + { + type: "integer", + description: "Used to record the execution depth to help limit execution loops when a workflow triggers another. The maximum depth is 4.", + name: "depth", + in: "query", + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "WorkflowExecutionsAction", + "POST", + "/workflows/entities/execution-actions/v1", + "Allows a user to resume/retry a failed workflow execution.", + "workflows", + [ + { + enum: ["resume"], + type: "string", + description: "Specify one of these actions:\n\n- `resume`: resume/retry the workflow execution(s) specified in ids", + name: "action_name", + in: "query", + required: 1, + }, + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "WorkflowExecutionResults", + "GET", + "/workflows/entities/execution-results/v1", + "Get execution result of a given execution", + "workflows", + [ + { + maxItems: 500, + minItems: 1, + type: "array", + items: { + type: "string", + }, + collectionFormat: "csv", + description: "workflow execution id to return results for.", + name: "ids", + in: "query", + required: 1, + }, + ], + ], + [ + "WorkflowSystemDefinitionsDeProvision", + "POST", + "/workflows/system-definitions/deprovision/v1", + "Deprovisions a system definition that was previously provisioned on the target CID", + "workflows", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "WorkflowSystemDefinitionsPromote", + "POST", + "/workflows/system-definitions/promote/v1", + "Promotes a version of a system definition on a customer. The customer must already have been provisioned. This allows the callerto apply an updated template version to a specific cid and expects all parameters to be supplied. If the template supports multi-instancethe customer scope definition ID must be supplied to determine which customer workflow should be updated.", + "workflows", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], + [ + "WorkflowSystemDefinitionsProvision", + "POST", + "/workflows/system-definitions/provision/v1", + "Provisions a system definition onto the target CID by using the template and provided parameters", + "workflows", + [ + { + name: "body", + in: "body", + required: 1, + }, + ], + ], +]; diff --git a/src/_endpoints/zero_trust_assessment.ts b/src/_endpoints/zero_trust_assessment.ts index 5fef6007..c7a2e887 100644 --- a/src/_endpoints/zero_trust_assessment.ts +++ b/src/_endpoints/zero_trust_assessment.ts @@ -1,123 +1,114 @@ export const _zero_trust_assessment_endpoints: Array = [ - [ - "getAssessmentV1", - "GET", - "/zero-trust-assessment/entities/assessments/v1", - "Get Zero Trust Assessment data for one or more hosts by providing agent IDs (AID) and a customer ID (CID).", - "zero_trust_assessment", [ - { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "One or more agent IDs, which you can find in the data.zta file, or the Falcon console.", - "name": "ids", - "in": "query", - "required": 1, - } + "getAssessmentV1", + "GET", + "/zero-trust-assessment/entities/assessments/v1", + "Get Zero Trust Assessment data for one or more hosts by providing agent IDs (AID) and a customer ID (CID).", + "zero_trust_assessment", + [ + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "One or more agent IDs, which you can find in the data.zta file, or the Falcon console.", + name: "ids", + in: "query", + required: 1, + }, + ], ], - ], - [ - "getAuditV1", - "GET", - "/zero-trust-assessment/entities/audit/v1", - "Get the Zero Trust Assessment audit report for one customer ID (CID).", - "zero_trust_assessment", - [] - ], - [ - "getAssessmentsByScoreV1", - "GET", - "/zero-trust-assessment/queries/assessments/v1", - "Get Zero Trust Assessment data for one or more hosts by providing a customer ID (CID) and a range of scores.", - "zero_trust_assessment", + ["getAuditV1", "GET", "/zero-trust-assessment/entities/audit/v1", "Get the Zero Trust Assessment audit report for one customer ID (CID).", "zero_trust_assessment", []], [ - { - "type": "string", - "description": "FQL query specifying the filter score.", - "name": "filter", - "in": "query", - "required": 1 - }, - { - "type": "integer", - "description": "The number of scores to return in this response (min: 1, max: 1000, default: 100). " + - "Use with the `after` parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, - { - "type": "string", - "description": "A pagination token used with the `limit` parameter to manage pagination of results. " + - "On your first request, don't provide an `after` token. On subsequent requests, provide the `after` " + - "token from the previous response to continue from that place in the results.", - "name": "after", - "in": "query" - }, - { - "type": "string", - "default": "score", - "description": "Sort accounts by their properties. A single sort field is allowed. " + - "Defaults to ascending. Supported sort option include:\n\n
  • score|desc
  • score|asc
", - "name": "sort", - "in": "query" - } - ] - ], - [ - "getCombinedAssessmentsQuery", - "GET", - "/configuration-assessment/combined/assessments/v1", - "Search for assessments in your environment by providing an FQL filter and paging details. " + - "Returns a set of HostFinding entities which match the filter criteria", - "public_assessments", + "getAssessmentsByScoreV1", + "GET", + "/zero-trust-assessment/queries/assessments/v1", + "Get Zero Trust Assessment data for one or more hosts by providing a customer ID (CID) and a range of scores.", + "zero_trust_assessment", + [ + { + type: "string", + description: "FQL query specifying the filter score.", + name: "filter", + in: "query", + required: 1, + }, + { + type: "integer", + description: "The number of scores to return in this response (min: 1, max: 1000, default: 100). " + "Use with the `after` parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: + "A pagination token used with the `limit` parameter to manage pagination of results. " + + "On your first request, don't provide an `after` token. On subsequent requests, provide the `after` " + + "token from the previous response to continue from that place in the results.", + name: "after", + in: "query", + }, + { + type: "string", + default: "score", + description: + "Sort accounts by their properties. A single sort field is allowed. " + "Defaults to ascending. Supported sort option include:\n\n
  • score|desc
  • score|asc
", + name: "sort", + in: "query", + }, + ], + ], [ - { - "type": "string", - "description": "A pagination token used with the `limit` parameter to manage pagination of results. " + - "On your first request, don't provide an `after` token. On subsequent requests, provide the `after` " + - "token from the previous response to continue from that place in the results.", - "name": "after", - "in": "query" - }, - { - "maximum": 5000, - "minimum": 1, - "type": "integer", - "description": "The number of items to return in this response (default: 100, max: 5000). " + - "Use with the after parameter to manage pagination of results.", - "name": "limit", - "in": "query" - }, - { - "type": "string", - "description": "Sort assessment by their properties. Common sort options include:\n\n" + - "
  • created_timestamp|desc
  • updated_timestamp|asc
", - "name": "sort", - "in": "query" - }, - { - "type": "string", - "description": "Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. " + - "\n\nCommon filter options include:\n\n
  • created_timestamp:>'2019-11-25T22:36:12Z'
    • " + - "
  • updated_timestamp:>'2019-11-25T22:36:12Z'
  • aid:'8e7656b27d8c49a34a1af416424d6231'
", - "name": "filter", - "in": "query", - "required": 1 - }, - { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Select constious details blocks to be returned for each assessment entity. " + - "Supported values:\n\n
  • host
  • finding.rule
", - "name": "facet", - "in": "query" - } - ] - ] -] \ No newline at end of file + "getCombinedAssessmentsQuery", + "GET", + "/configuration-assessment/combined/assessments/v1", + "Search for assessments in your environment by providing an FQL filter and paging details. " + "Returns a set of HostFinding entities which match the filter criteria", + "public_assessments", + [ + { + type: "string", + description: + "A pagination token used with the `limit` parameter to manage pagination of results. " + + "On your first request, don't provide an `after` token. On subsequent requests, provide the `after` " + + "token from the previous response to continue from that place in the results.", + name: "after", + in: "query", + }, + { + maximum: 5000, + minimum: 1, + type: "integer", + description: "The number of items to return in this response (default: 100, max: 5000). " + "Use with the after parameter to manage pagination of results.", + name: "limit", + in: "query", + }, + { + type: "string", + description: "Sort assessment by their properties. Common sort options include:\n\n" + "
  • created_timestamp|desc
  • updated_timestamp|asc
", + name: "sort", + in: "query", + }, + { + type: "string", + description: + "Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. " + + "\n\nCommon filter options include:\n\n
  • created_timestamp:>'2019-11-25T22:36:12Z'
    • " + + "
  • updated_timestamp:>'2019-11-25T22:36:12Z'
  • aid:'8e7656b27d8c49a34a1af416424d6231'
", + name: "filter", + in: "query", + required: 1, + }, + { + type: "array", + items: { + type: "string", + }, + collectionFormat: "multi", + description: "Select constious details blocks to be returned for each assessment entity. " + "Supported values:\n\n
  • host
  • finding.rule
", + name: "facet", + in: "query", + }, + ], + ], +]; diff --git a/src/endpoints.ts b/src/endpoints.ts index f4e9f679..345ed89d 100644 --- a/src/endpoints.ts +++ b/src/endpoints.ts @@ -1,60 +1,60 @@ -import { _hosts_endpoints } from "./_endpoints/hosts" -import { _detects_endpoints } from "./_endpoints/detects" -import { _zero_trust_assessment_endpoints } from "./_endpoints/zero_trust_assessment" -import { _host_group_endpoints } from "./_endpoints/host_group" -import { _report_executions_endpoints } from "./_endpoints/report_executions" -import { _sample_uploads_endpoints } from "./_endpoints/sample_uploads" -import { _mobile_enrollment_endpoints } from "./_endpoints/mobile_enrollment" -import { _malquery_endpoints } from "./_endpoints/malquery" -import { _device_control_policies_endpoints } from "./_endpoints/device_control_policies" -import { _iocs_endpoints } from "./_endpoints/iocs" -import { _falconx_sandbox_endpoints } from "./_endpoints/falconx_sandbox" -import { _identity_protection_endpoints } from "./_endpoints/identity_protection" -import { _falcon_container_endpoints } from "./_endpoints/falcon_container" -import { _firewall_policies_endpoints } from "./_endpoints/firewall_policies" -import { _scheduled_reports_endpoints } from "./_endpoints/scheduled_reports" -import { _cspm_registration_endpoints } from "./_endpoints/cspm_registration" -import { _spotlight_vulnerabilities_endpoints } from "./_endpoints/spotlight_vulnerabilities" -import { _ioc_endpoints } from "./_endpoints/ioc" -import { _sensor_visibility_exclusions_endpoints } from "./_endpoints/sensor_visibility_exclusions" -import { _real_time_response_audit_endpoints } from "./_endpoints/real_time_response_audit" -import { _prevention_policies_endpoints } from "./_endpoints/prevention_policies" -import { _ods_endpoints } from "./_endpoints/ods" -import { _mssp_endpoints } from "./_endpoints/mssp" -import { _message_center_endpoints } from "./_endpoints/message_center" -import { _cloud_snapshots_endpoints } from "./_endpoints/cloud_snapshots" -import { _discover_endpoints } from "./_endpoints/discover" -import { _ioa_exclusions_endpoints } from "./_endpoints/ioa_exclusions" -import { _custom_storage_endpoints } from "./_endpoints/custom_storage" -import { _intel_endpoints } from "./_endpoints/intel" -import { _installation_tokens_endpoints } from "./_endpoints/installation_tokens" -import { _ml_exclusions_endpoints } from "./_endpoints/ml_exclusions" -import { _recon_endpoints } from "./_endpoints/recon" -import { _foundry_logscale_endpoints } from "./_endpoints/foundry_logscale" -import { _response_policies_endpoints } from "./_endpoints/response_policies" -import { _real_time_response_endpoints } from "./_endpoints/real_time_response" -import { _kubernetes_protection_endpoints } from "./_endpoints/kubernetes_protection" -import { _sensor_update_policies_endpoints } from "./_endpoints/sensor_update_policies" -import { _falcon_complete_dashboard_endpoints } from "./_endpoints/falcon_complete_dashboard" -import { _incidents_endpoints } from "./_endpoints/incidents" -import { _tailored_intelligence_endpoints } from "./_endpoints/tailored_intelligence" -import { _quick_scan_endpoints } from "./_endpoints/quick_scan" -import { _d4c_registration_endpoints } from "./_endpoints/d4c_registration" -import { _oauth2_endpoints } from "./_endpoints/oauth2" -import { _user_management_endpoints } from "./_endpoints/user_management" -import { _fdr_endpoints } from "./_endpoints/fdr" -import { _cloud_connect_aws_endpoints } from "./_endpoints/cloud_connect_aws" -import { _spotlight_evaluation_logic_endpoints } from "./_endpoints/spotlight_evaluation_logic" -import { _quarantine_endpoints } from "./_endpoints/quarantine" -import { _custom_ioa_endpoints } from "./_endpoints/custom_ioa" -import { _filevantage_endpoints } from "./_endpoints/filevantage" -import { _sensor_download_endpoints } from "./_endpoints/sensor_download" -import { _workflows_endpoints } from "./_endpoints/workflows" -import { _firewall_management_endpoints } from "./_endpoints/firewall_management" -import { _event_streams_endpoints } from "./_endpoints/event_streams" -import { _overwatch_dashboard_endpoints } from "./_endpoints/overwatch_dashboard" -import { _real_time_response_admin_endpoints } from "./_endpoints/real_time_response_admin" -import { _alerts_endpoints } from "./_endpoints/alerts" +import { _hosts_endpoints } from "./_endpoints/hosts"; +import { _detects_endpoints } from "./_endpoints/detects"; +import { _zero_trust_assessment_endpoints } from "./_endpoints/zero_trust_assessment"; +import { _host_group_endpoints } from "./_endpoints/host_group"; +import { _report_executions_endpoints } from "./_endpoints/report_executions"; +import { _sample_uploads_endpoints } from "./_endpoints/sample_uploads"; +import { _mobile_enrollment_endpoints } from "./_endpoints/mobile_enrollment"; +import { _malquery_endpoints } from "./_endpoints/malquery"; +import { _device_control_policies_endpoints } from "./_endpoints/device_control_policies"; +import { _iocs_endpoints } from "./_endpoints/iocs"; +import { _falconx_sandbox_endpoints } from "./_endpoints/falconx_sandbox"; +import { _identity_protection_endpoints } from "./_endpoints/identity_protection"; +import { _falcon_container_endpoints } from "./_endpoints/falcon_container"; +import { _firewall_policies_endpoints } from "./_endpoints/firewall_policies"; +import { _scheduled_reports_endpoints } from "./_endpoints/scheduled_reports"; +import { _cspm_registration_endpoints } from "./_endpoints/cspm_registration"; +import { _spotlight_vulnerabilities_endpoints } from "./_endpoints/spotlight_vulnerabilities"; +import { _ioc_endpoints } from "./_endpoints/ioc"; +import { _sensor_visibility_exclusions_endpoints } from "./_endpoints/sensor_visibility_exclusions"; +import { _real_time_response_audit_endpoints } from "./_endpoints/real_time_response_audit"; +import { _prevention_policies_endpoints } from "./_endpoints/prevention_policies"; +import { _ods_endpoints } from "./_endpoints/ods"; +import { _mssp_endpoints } from "./_endpoints/mssp"; +import { _message_center_endpoints } from "./_endpoints/message_center"; +import { _cloud_snapshots_endpoints } from "./_endpoints/cloud_snapshots"; +import { _discover_endpoints } from "./_endpoints/discover"; +import { _ioa_exclusions_endpoints } from "./_endpoints/ioa_exclusions"; +import { _custom_storage_endpoints } from "./_endpoints/custom_storage"; +import { _intel_endpoints } from "./_endpoints/intel"; +import { _installation_tokens_endpoints } from "./_endpoints/installation_tokens"; +import { _ml_exclusions_endpoints } from "./_endpoints/ml_exclusions"; +import { _recon_endpoints } from "./_endpoints/recon"; +import { _foundry_logscale_endpoints } from "./_endpoints/foundry_logscale"; +import { _response_policies_endpoints } from "./_endpoints/response_policies"; +import { _real_time_response_endpoints } from "./_endpoints/real_time_response"; +import { _kubernetes_protection_endpoints } from "./_endpoints/kubernetes_protection"; +import { _sensor_update_policies_endpoints } from "./_endpoints/sensor_update_policies"; +import { _falcon_complete_dashboard_endpoints } from "./_endpoints/falcon_complete_dashboard"; +import { _incidents_endpoints } from "./_endpoints/incidents"; +import { _tailored_intelligence_endpoints } from "./_endpoints/tailored_intelligence"; +import { _quick_scan_endpoints } from "./_endpoints/quick_scan"; +import { _d4c_registration_endpoints } from "./_endpoints/d4c_registration"; +import { _oauth2_endpoints } from "./_endpoints/oauth2"; +import { _user_management_endpoints } from "./_endpoints/user_management"; +import { _fdr_endpoints } from "./_endpoints/fdr"; +import { _cloud_connect_aws_endpoints } from "./_endpoints/cloud_connect_aws"; +import { _spotlight_evaluation_logic_endpoints } from "./_endpoints/spotlight_evaluation_logic"; +import { _quarantine_endpoints } from "./_endpoints/quarantine"; +import { _custom_ioa_endpoints } from "./_endpoints/custom_ioa"; +import { _filevantage_endpoints } from "./_endpoints/filevantage"; +import { _sensor_download_endpoints } from "./_endpoints/sensor_download"; +import { _workflows_endpoints } from "./_endpoints/workflows"; +import { _firewall_management_endpoints } from "./_endpoints/firewall_management"; +import { _event_streams_endpoints } from "./_endpoints/event_streams"; +import { _overwatch_dashboard_endpoints } from "./_endpoints/overwatch_dashboard"; +import { _real_time_response_admin_endpoints } from "./_endpoints/real_time_response_admin"; +import { _alerts_endpoints } from "./_endpoints/alerts"; /** aggregates ./endpoints into one array for Falcon.command(...) */ export const api_endpoints: Array = [ @@ -114,6 +114,5 @@ export const api_endpoints: Array = [ .concat(_event_streams_endpoints) .concat(_overwatch_dashboard_endpoints) .concat(_real_time_response_admin_endpoints) - .concat(_alerts_endpoints) -] - + .concat(_alerts_endpoints), +]; diff --git a/src/falcon.ts b/src/falcon.ts index 8b79b178..f3d4fe7a 100644 --- a/src/falcon.ts +++ b/src/falcon.ts @@ -1,22 +1,22 @@ import axios from "axios"; -import { api_endpoints } from "./endpoints" +import { api_endpoints } from "./endpoints"; /** * defines and enforces formatting arguments for Falcon.command(...) - * + * * @interface CommandArguments - * @member {string} commandName + * @member {string} commandName * @member {object} params * @member {object} body * @member {any} [propName] * @member {string} header */ interface CommandArguments { - commandName: string, - params?: object, - body?: object, - header?: string, - [propName: string]: any + commandName: string; + params?: object; + body?: object; + header?: string; + [propName: string]: any; } /** @@ -34,7 +34,7 @@ export class Falcon { /** * instantiates an instance of the Falcon class - * + * * @constructor * @memberof Falcon * @param {string} baseUrl base URL of user's Falcon API client @@ -53,38 +53,38 @@ export class Falcon { } /** - * handles procedures necessary for initializing Falcon class - * GETs OAuth2 token from Falcon API authentication endpoint - * - * @memberof Falcon - */ + * handles procedures necessary for initializing Falcon class + * GETs OAuth2 token from Falcon API authentication endpoint + * + * @memberof Falcon + */ async init() { - const authUrl = this.baseUrl + "/oauth2/token" + const authUrl = this.baseUrl + "/oauth2/token"; const requestData = { client_id: this.clientId, - client_secret: this.clientSecret - } + client_secret: this.clientSecret, + }; const response = await axios.post(authUrl, requestData, { headers: { - 'Content-Type': 'application/x-www-form-urlencoded' - } + "Content-Type": "application/x-www-form-urlencoded", + }, }); - console.log(response.data["access_token"]) - this.token = response.data["access_token"] + console.log(response.data["access_token"]); + this.token = response.data["access_token"]; } /** - * used to initialize an instance of the Falcon class - * aggregates helper function execution and - * initiates factory pattern to build properly configured API client - * - * @memberof Falcon - * @param {string} baseUrl base URL of user's Falcon API client - * @param {string} clientId client ID of user's Falcon API client - * @param {string} clientSecret client Secret of user's Falcon API client - * @param {string} userAgent value to be used for outgoing requests' HTTP header: User-Agent - * @return {Promise} new instance of the Falcon class - */ + * used to initialize an instance of the Falcon class + * aggregates helper function execution and + * initiates factory pattern to build properly configured API client + * + * @memberof Falcon + * @param {string} baseUrl base URL of user's Falcon API client + * @param {string} clientId client ID of user's Falcon API client + * @param {string} clientSecret client Secret of user's Falcon API client + * @param {string} userAgent value to be used for outgoing requests' HTTP header: User-Agent + * @return {Promise} new instance of the Falcon class + */ static async build(baseUrl: string, clientId: string, clientSecret: string, userAgent: string): Promise { const f = new Falcon(baseUrl, clientId, clientSecret, userAgent); await f.init(); @@ -93,42 +93,40 @@ export class Falcon { /** helper function for printing Token @memberof Falcon */ public printToken() { - console.log(this.token) + console.log(this.token); } /** - * performs an arbitrary request to the Falcon API - * - * @memberof Falcon - * @param {CommandArguments} args arguments for API method - request params or body - * @return {Promise} response data - */ + * performs an arbitrary request to the Falcon API + * + * @memberof Falcon + * @param {CommandArguments} args arguments for API method - request params or body + * @return {Promise} response data + */ public async command(args: CommandArguments): Promise { - const cmd = args["commandName"] - const params = args["params"] - const body = args["body"] + const cmd = args["commandName"]; + const params = args["params"]; + const body = args["body"]; for (const i of this.endpoints) { if (i[0] == cmd) { - const url = this.baseUrl + i[2] - const method = i[1].toLowerCase() - const p = params ? params : null - const b = body ? body : null + const url = this.baseUrl + i[2]; + const method = i[1].toLowerCase(); + const p = params ? params : null; + const b = body ? body : null; const headers = { - 'Content-Type': 'application/json', - 'Authorization': 'Bearer ' + this.token, - } + "Content-Type": "application/json", + Authorization: "Bearer " + this.token, + }; const response = await axios({ method: method, url: url, data: b, params: p, headers: headers, - paramsSerializer: { indexes: null } - + paramsSerializer: { indexes: null }, }); - return response["data"]["resources"] - + return response["data"]["resources"]; } } } -} \ No newline at end of file +} diff --git a/src/index.ts b/src/index.ts index e529102b..16e3eb4d 100644 --- a/src/index.ts +++ b/src/index.ts @@ -8,4 +8,4 @@ export * from "./client"; export * from "./error"; export * from "./event_stream"; export * from "./FalconCloud"; -export * from "./falcon" \ No newline at end of file +export * from "./falcon"; From 696fafaf730e03ead04d8ee86c55d0e1cbbe262f Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Tue, 24 Sep 2024 16:51:20 -0400 Subject: [PATCH 6/6] fix: remove DS_Store and add to gitignore --- .gitignore | 1 + src/.DS_Store | Bin 6148 -> 0 bytes 2 files changed, 1 insertion(+) delete mode 100644 src/.DS_Store diff --git a/.gitignore b/.gitignore index a59a1bfe..57514190 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ /src/test.ts typings *.js +.DS_Store diff --git a/src/.DS_Store b/src/.DS_Store deleted file mode 100644 index 3b42e6d517e08d222e241b8ff49707f33a3efd35..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHKyG{c^3>-s>2%3~B_ZRqsRTRD;9{@#AgoG}LSAA8!E1$;rAw+bcprAox$(~)W zXHPf9`3%5T@7o(-0bovd#KFVV{M>zF7nLz0op(HAk4Fr6!|SB_e8Ra`xWfZk+wc63 z&CBq#A9i{7d9t!nKnh3!DIf);z^@hX-bI`ggSdf}LubXW}^R!_E?P%NI#`&*R5dZMBf zkOHR)T;_J+{r{H!!~B0r(oPCUfq$id&DNXsimz0?b@FoFYa9KZ?lnic8`nW$h;~ej icFc{p<7E_OUGp{1d*PTEbmoIj)X#wHB9j7tt-vQwP8Grc