Class: Falcon::Alerts

Inherits:

Object

Object
Falcon::Alerts

show all

Defined in:: lib/crimson-falcon/api/alerts.rb

Instance Attribute Summary collapse

#api_client ⇒ Object

Returns the value of attribute api_client.

Instance Method Summary collapse

#get_queries_alerts_v1(opts = {}) ⇒ DetectsapiAlertQueryResponse

Deprecated: please use version v2 of this endpoint.
#get_queries_alerts_v1_with_http_info(opts = {}) ⇒ Array<(DetectsapiAlertQueryResponse, Integer, Hash)>

Deprecated: please use version v2 of this endpoint.
#get_queries_alerts_v2(opts = {}) ⇒ DetectsapiAlertQueryResponse

Retrieves all Alerts ids that match a given query.
#get_queries_alerts_v2_with_http_info(opts = {}) ⇒ Array<(DetectsapiAlertQueryResponse, Integer, Hash)>

Retrieves all Alerts ids that match a given query.
#initialize(api_client = ApiClient.default) ⇒ Alerts constructor

A new instance of Alerts.
#patch_entities_alerts_v2(body, opts = {}) ⇒ DetectsapiResponseFields

Deprecated: Please use version v3 of this endpoint.
#patch_entities_alerts_v2_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiResponseFields, Integer, Hash)>

Deprecated: Please use version v3 of this endpoint.
#patch_entities_alerts_v3(body, opts = {}) ⇒ DetectsapiResponseFields

Perform actions on Alerts identified by composite ID(s) in request.
#patch_entities_alerts_v3_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiResponseFields, Integer, Hash)>

Perform actions on Alerts identified by composite ID(s) in request.
#post_aggregates_alerts_v1(body, opts = {}) ⇒ DetectsapiAggregatesResponse

Deprecated: Please use version v2 of this endpoint.
#post_aggregates_alerts_v1_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiAggregatesResponse, Integer, Hash)>

Deprecated: Please use version v2 of this endpoint.
#post_aggregates_alerts_v2(body, opts = {}) ⇒ DetectsapiAggregatesResponse

Retrieves aggregate values for Alerts across all CIDs.
#post_aggregates_alerts_v2_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiAggregatesResponse, Integer, Hash)>

Retrieves aggregate values for Alerts across all CIDs.
#post_combined_alerts_v1(body, opts = {}) ⇒ DetectsapiPostCombinedAlertsV1ResponseSwagger

Retrieves all Alerts that match a particular FQL filter.
#post_combined_alerts_v1_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiPostCombinedAlertsV1ResponseSwagger, Integer, Hash)>

Retrieves all Alerts that match a particular FQL filter.
#post_entities_alerts_v1(body, opts = {}) ⇒ DetectsapiPostEntitiesAlertsV1ResponseSwagger

Deprecated: please use version v2 of this endpoint.
#post_entities_alerts_v1_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiPostEntitiesAlertsV1ResponseSwagger, Integer, Hash)>

Deprecated: please use version v2 of this endpoint.
#post_entities_alerts_v2(body, opts = {}) ⇒ DetectsapiPostEntitiesAlertsV2ResponseSwagger

Retrieves all Alerts given their composite ids.
#post_entities_alerts_v2_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiPostEntitiesAlertsV2ResponseSwagger, Integer, Hash)>

Retrieves all Alerts given their composite ids.

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ `Alerts`

Returns a new instance of Alerts.



35
36
37

# File 'lib/crimson-falcon/api/alerts.rb', line 35

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_client ⇒ `Object`

Returns the value of attribute api_client.



33
34
35

# File 'lib/crimson-falcon/api/alerts.rb', line 33

def api_client
  @api_client
end

Instance Method Details

#get_queries_alerts_v1(opts = {}) ⇒ `DetectsapiAlertQueryResponse`

Deprecated: please use version v2 of this endpoint. Retrieves all Alerts ids that match a given query.

Parameters:

opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:offset (Integer) —

The first detection to return, where `0` is the latest detection. Use with the `offset` parameter to manage pagination of results.
:limit (Integer) —

The maximum number of detections to return in this response (default: 100; max: 10000). Use this parameter together with the `offset` parameter to manage pagination of the results.
:sort (String) —

Sort parameter takes the form <field|direction>. Direction can be either `asc` (ascending) or `desc` (descending) order. For example: `status|asc` or `status|desc`. The sorting fields can be any keyword field that is part of #domain.Alert except for the text based fields. Most commonly used fields are status, cid, aggregate_id, timestamp, created_timestamp, updated_timestamp, assigned_to_name, assigned_to_uid, assigned_to_uuid, show_in_ui, tactic_id, tactic, technique, technique_id, pattern_id, product, comment, tags If the fields are missing from the Alerts, the service will fallback to its default ordering
:filter (String) —

Filter Alerts using a query in Falcon Query Language (FQL).Filter fields can be any keyword field that is part of #domain.Alert An asterisk wildcard `*` includes all results. Empty value means to not filter on anything. Most commonly used filter fields that supports exact match: cid, id, aggregate_id, product, type, pattern_id, platform … Most commonly used filter fields that supports wildcard (*): assigned_to_name, assigned_to_uuid, tactic_id, technique … Most commonly filter fields that supports range comparisons (>, <, >=, <=): severity, created_timestamp, timestamp, updated_timestamp… All filter fields and operations support negation (!). The full list of valid filter options is extensive. Review it in our [documentation inside the Falcon console](falcon.crowdstrike.com/documentation/45/falcon-query-language-fql).
:q (String) —

Search all alert metadata for the provided string

Returns:

(DetectsapiAlertQueryResponse)

# File 'lib/crimson-falcon/api/alerts.rb', line 46

def get_queries_alerts_v1(opts = {})
  data, _status_code, _headers = get_queries_alerts_v1_with_http_info(opts)
  data
end

#get_queries_alerts_v1_with_http_info(opts = {}) ⇒ `Array<(DetectsapiAlertQueryResponse, Integer, Hash)>`

Deprecated: please use version v2 of this endpoint. Retrieves all Alerts ids that match a given query.

Parameters:

opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:offset (Integer) —

The first detection to return, where `0` is the latest detection. Use with the `offset` parameter to manage pagination of results.
:limit (Integer) —

The maximum number of detections to return in this response (default: 100; max: 10000). Use this parameter together with the `offset` parameter to manage pagination of the results.
:sort (String) —

Sort parameter takes the form <field|direction>. Direction can be either `asc` (ascending) or `desc` (descending) order. For example: `status|asc` or `status|desc`. The sorting fields can be any keyword field that is part of #domain.Alert except for the text based fields. Most commonly used fields are status, cid, aggregate_id, timestamp, created_timestamp, updated_timestamp, assigned_to_name, assigned_to_uid, assigned_to_uuid, show_in_ui, tactic_id, tactic, technique, technique_id, pattern_id, product, comment, tags If the fields are missing from the Alerts, the service will fallback to its default ordering
:filter (String) —

Filter Alerts using a query in Falcon Query Language (FQL).Filter fields can be any keyword field that is part of #domain.Alert An asterisk wildcard `*` includes all results. Empty value means to not filter on anything. Most commonly used filter fields that supports exact match: cid, id, aggregate_id, product, type, pattern_id, platform … Most commonly used filter fields that supports wildcard (*): assigned_to_name, assigned_to_uuid, tactic_id, technique … Most commonly filter fields that supports range comparisons (>, <, >=, <=): severity, created_timestamp, timestamp, updated_timestamp… All filter fields and operations support negation (!). The full list of valid filter options is extensive. Review it in our [documentation inside the Falcon console](falcon.crowdstrike.com/documentation/45/falcon-query-language-fql).
:q (String) —

Search all alert metadata for the provided string

Returns:

(Array<(DetectsapiAlertQueryResponse, Integer, Hash)>) —

DetectsapiAlertQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/alerts.rb', line 59

def get_queries_alerts_v1_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Alerts.get_queries_alerts_v1 ...'
  end
  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 10000
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Alerts.get_queries_alerts_v1, must be smaller than or equal to 10000.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 0
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Alerts.get_queries_alerts_v1, must be greater than or equal to 0.'
  end

  # resource path
  local_var_path = '/alerts/queries/alerts/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DetectsapiAlertQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Alerts.get_queries_alerts_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Alerts#get_queries_alerts_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_queries_alerts_v2(opts = {}) ⇒ `DetectsapiAlertQueryResponse`

Retrieves all Alerts ids that match a given query.

Parameters:

opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:include_hidden (Boolean) —

allows previously hidden alerts to be retrieved (default to true)
:offset (Integer) —

The first detection to return, where `0` is the latest detection. Use with the `offset` parameter to manage pagination of results.
:limit (Integer) —

The maximum number of detections to return in this response (default: 100; max: 10000). Use this parameter together with the `offset` parameter to manage pagination of the results.
:sort (String) —

Sort parameter takes the form <field|direction>. Direction can be either `asc` (ascending) or `desc` (descending) order. For example: `status|asc` or `status|desc`. The sorting fields can be any keyword field that is part of #domain.Alert except for the text based fields. Most commonly used fields are status, cid, aggregate_id, timestamp, created_timestamp, updated_timestamp, assigned_to_name, assigned_to_uid, assigned_to_uuid, show_in_ui, tactic_id, tactic, technique, technique_id, pattern_id, product, comment, tags If the fields are missing from the Alerts, the service will fallback to its default ordering
:filter (String) —

Filter Alerts using a query in Falcon Query Language (FQL).Filter fields can be any keyword field that is part of #domain.Alert An asterisk wildcard `*` includes all results. Empty value means to not filter on anything. Most commonly used filter fields that supports exact match: cid, id, aggregate_id, product, type, pattern_id, platform … Most commonly used filter fields that supports wildcard (*): assigned_to_name, assigned_to_uuid, tactic_id, technique … Most commonly filter fields that supports range comparisons (>, <, >=, <=): severity, created_timestamp, timestamp, updated_timestamp… All filter fields and operations support negation (!). The full list of valid filter options is extensive. Review it in our [documentation inside the Falcon console](falcon.crowdstrike.com/documentation/45/falcon-query-language-fql).
:q (String) —

Search all alert metadata for the provided string

Returns:

(DetectsapiAlertQueryResponse)

# File 'lib/crimson-falcon/api/alerts.rb', line 125

def get_queries_alerts_v2(opts = {})
  data, _status_code, _headers = get_queries_alerts_v2_with_http_info(opts)
  data
end

#get_queries_alerts_v2_with_http_info(opts = {}) ⇒ `Array<(DetectsapiAlertQueryResponse, Integer, Hash)>`

Retrieves all Alerts ids that match a given query.

Parameters:

opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:include_hidden (Boolean) —

allows previously hidden alerts to be retrieved (default to true)
:offset (Integer) —

The first detection to return, where `0` is the latest detection. Use with the `offset` parameter to manage pagination of results.
:limit (Integer) —

The maximum number of detections to return in this response (default: 100; max: 10000). Use this parameter together with the `offset` parameter to manage pagination of the results.
:sort (String) —

Sort parameter takes the form <field|direction>. Direction can be either `asc` (ascending) or `desc` (descending) order. For example: `status|asc` or `status|desc`. The sorting fields can be any keyword field that is part of #domain.Alert except for the text based fields. Most commonly used fields are status, cid, aggregate_id, timestamp, created_timestamp, updated_timestamp, assigned_to_name, assigned_to_uid, assigned_to_uuid, show_in_ui, tactic_id, tactic, technique, technique_id, pattern_id, product, comment, tags If the fields are missing from the Alerts, the service will fallback to its default ordering
:filter (String) —

Filter Alerts using a query in Falcon Query Language (FQL).Filter fields can be any keyword field that is part of #domain.Alert An asterisk wildcard `*` includes all results. Empty value means to not filter on anything. Most commonly used filter fields that supports exact match: cid, id, aggregate_id, product, type, pattern_id, platform … Most commonly used filter fields that supports wildcard (*): assigned_to_name, assigned_to_uuid, tactic_id, technique … Most commonly filter fields that supports range comparisons (>, <, >=, <=): severity, created_timestamp, timestamp, updated_timestamp… All filter fields and operations support negation (!). The full list of valid filter options is extensive. Review it in our [documentation inside the Falcon console](falcon.crowdstrike.com/documentation/45/falcon-query-language-fql).
:q (String) —

Search all alert metadata for the provided string

Returns:

(Array<(DetectsapiAlertQueryResponse, Integer, Hash)>) —

DetectsapiAlertQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/alerts.rb', line 139

def get_queries_alerts_v2_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Alerts.get_queries_alerts_v2 ...'
  end
  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 10000
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Alerts.get_queries_alerts_v2, must be smaller than or equal to 10000.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 0
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Alerts.get_queries_alerts_v2, must be greater than or equal to 0.'
  end

  # resource path
  local_var_path = '/alerts/queries/alerts/v2'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'include_hidden'] = opts[:'include_hidden'] if !opts[:'include_hidden'].nil?
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DetectsapiAlertQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Alerts.get_queries_alerts_v2",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Alerts#get_queries_alerts_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#patch_entities_alerts_v2(body, opts = {}) ⇒ `DetectsapiResponseFields`

Deprecated: Please use version v3 of this endpoint. Perform actions on Alerts identified by composite ID(s) in request. Each action has a name and a description which describes what the action does. If a request adds and removes tag in a single request, the order of processing would be to remove tags before adding new ones in.

Parameters:

body (DetectsapiPatchEntitiesAlertsV2Request) —

`ids` - IDs of Alerts to modify. `action_parameters` values - `assign_to_uuid` - Assign Alert to user UUID, such as `00000000-0000-0000-0000-000000000000` - `assign_to_user_id` - Assign Alert to user ID, such as `user@example.com` - `assign_to_name` - Assign Alert to username, such as `John Doe` - `unassign` - Unassign Alert clears out the assigned user UUID, user ID, and username. - `add_tag` - Add a tag to the Alert. - `remove_tag` - Remove a tag from the Alert. - `remove_tags_by_prefix` - Remove tags from the Alert based on the prefix. - `append_comment` - Comments are displayed with the Alert in Falcon and are usually used to provide context or notes for other Falcon users. An Alert can have multiple comments over time. - `update_status` values - `new` - `in_progress` - `reopened` - `closed` - `show_in_ui` values - `true`: This alert is displayed in Falcon - `false`: This alert is not displayed in Falcon.
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(DetectsapiResponseFields)

# File 'lib/crimson-falcon/api/alerts.rb', line 201

def patch_entities_alerts_v2(body, opts = {})
  data, _status_code, _headers = patch_entities_alerts_v2_with_http_info(body, opts)
  data
end

#patch_entities_alerts_v2_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiResponseFields, Integer, Hash)>`

Parameters:

body (DetectsapiPatchEntitiesAlertsV2Request) —

`ids` - IDs of Alerts to modify. `action_parameters` values - `assign_to_uuid` - Assign Alert to user UUID, such as `00000000-0000-0000-0000-000000000000` - `assign_to_user_id` - Assign Alert to user ID, such as `user@example.com` - `assign_to_name` - Assign Alert to username, such as `John Doe` - `unassign` - Unassign Alert clears out the assigned user UUID, user ID, and username. - `add_tag` - Add a tag to the Alert. - `remove_tag` - Remove a tag from the Alert. - `remove_tags_by_prefix` - Remove tags from the Alert based on the prefix. - `append_comment` - Comments are displayed with the Alert in Falcon and are usually used to provide context or notes for other Falcon users. An Alert can have multiple comments over time. - `update_status` values - `new` - `in_progress` - `reopened` - `closed` - `show_in_ui` values - `true`: This alert is displayed in Falcon - `false`: This alert is not displayed in Falcon.
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(Array<(DetectsapiResponseFields, Integer, Hash)>) —

DetectsapiResponseFields data, response status code and response headers

# File 'lib/crimson-falcon/api/alerts.rb', line 210

def patch_entities_alerts_v2_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Alerts.patch_entities_alerts_v2 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Alerts.patch_entities_alerts_v2"
  end
  # resource path
  local_var_path = '/alerts/entities/alerts/v2'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'DetectsapiResponseFields'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Alerts.patch_entities_alerts_v2",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:PATCH, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Alerts#patch_entities_alerts_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#patch_entities_alerts_v3(body, opts = {}) ⇒ `DetectsapiResponseFields`

Perform actions on Alerts identified by composite ID(s) in request. Each action has a name and a description which describes what the action does. If a request adds and removes tag in a single request, the order of processing would be to remove tags before adding new ones in.

Parameters:

body (DetectsapiPatchEntitiesAlertsV3Request) —

`composite_ids` - CompositeIDs of Alerts to modify. `action_parameters` values - `assign_to_uuid` - Assign Alert to user UUID, such as `00000000-0000-0000-0000-000000000000` - `assign_to_user_id` - Assign Alert to user ID, such as `user@example.com` - `assign_to_name` - Assign Alert to username, such as `John Doe` - `unassign` - Unassign Alert clears out the assigned user UUID, user ID, and username. - `add_tag` - Add a tag to the Alert. - `remove_tag` - Remove a tag from the Alert. - `remove_tags_by_prefix` - Remove tags from the Alert based on the prefix. - `append_comment` - Comments are displayed with the Alert in Falcon and are usually used to provide context or notes for other Falcon users. An Alert can have multiple comments over time. - `update_status` values - `new` - `in_progress` - `reopened` - `closed` - `show_in_ui` values - `true`: This alert is displayed in Falcon - `false`: This alert is not displayed in Falcon.
opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:include_hidden (Boolean) —

allows previously hidden alerts to be retrieved (default to true)

Returns:

(DetectsapiResponseFields)

# File 'lib/crimson-falcon/api/alerts.rb', line 268

def patch_entities_alerts_v3(body, opts = {})
  data, _status_code, _headers = patch_entities_alerts_v3_with_http_info(body, opts)
  data
end

#patch_entities_alerts_v3_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiResponseFields, Integer, Hash)>`

Parameters:

body (DetectsapiPatchEntitiesAlertsV3Request) —

`composite_ids` - CompositeIDs of Alerts to modify. `action_parameters` values - `assign_to_uuid` - Assign Alert to user UUID, such as `00000000-0000-0000-0000-000000000000` - `assign_to_user_id` - Assign Alert to user ID, such as `user@example.com` - `assign_to_name` - Assign Alert to username, such as `John Doe` - `unassign` - Unassign Alert clears out the assigned user UUID, user ID, and username. - `add_tag` - Add a tag to the Alert. - `remove_tag` - Remove a tag from the Alert. - `remove_tags_by_prefix` - Remove tags from the Alert based on the prefix. - `append_comment` - Comments are displayed with the Alert in Falcon and are usually used to provide context or notes for other Falcon users. An Alert can have multiple comments over time. - `update_status` values - `new` - `in_progress` - `reopened` - `closed` - `show_in_ui` values - `true`: This alert is displayed in Falcon - `false`: This alert is not displayed in Falcon.
opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:include_hidden (Boolean) —

allows previously hidden alerts to be retrieved (default to true)

Returns:

(Array<(DetectsapiResponseFields, Integer, Hash)>) —

DetectsapiResponseFields data, response status code and response headers

# File 'lib/crimson-falcon/api/alerts.rb', line 278

def patch_entities_alerts_v3_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Alerts.patch_entities_alerts_v3 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Alerts.patch_entities_alerts_v3"
  end
  # resource path
  local_var_path = '/alerts/entities/alerts/v3'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'include_hidden'] = opts[:'include_hidden'] if !opts[:'include_hidden'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'DetectsapiResponseFields'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Alerts.patch_entities_alerts_v3",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:PATCH, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Alerts#patch_entities_alerts_v3\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#post_aggregates_alerts_v1(body, opts = {}) ⇒ `DetectsapiAggregatesResponse`

Deprecated: Please use version v2 of this endpoint. Retrieves aggregate values for Alerts across all CIDs.

Parameters:

body (Array<DetectsapiAggregateAlertQueryRequest>) —

request body takes a list of aggregate-alert query requests
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(DetectsapiAggregatesResponse)

# File 'lib/crimson-falcon/api/alerts.rb', line 336

def post_aggregates_alerts_v1(body, opts = {})
  data, _status_code, _headers = post_aggregates_alerts_v1_with_http_info(body, opts)
  data
end

#post_aggregates_alerts_v1_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiAggregatesResponse, Integer, Hash)>`

Deprecated: Please use version v2 of this endpoint. Retrieves aggregate values for Alerts across all CIDs.

Parameters:

body (Array<DetectsapiAggregateAlertQueryRequest>) —

request body takes a list of aggregate-alert query requests
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(Array<(DetectsapiAggregatesResponse, Integer, Hash)>) —

DetectsapiAggregatesResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/alerts.rb', line 345

def post_aggregates_alerts_v1_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Alerts.post_aggregates_alerts_v1 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Alerts.post_aggregates_alerts_v1"
  end
  # resource path
  local_var_path = '/alerts/aggregates/alerts/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'DetectsapiAggregatesResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Alerts.post_aggregates_alerts_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Alerts#post_aggregates_alerts_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#post_aggregates_alerts_v2(body, opts = {}) ⇒ `DetectsapiAggregatesResponse`

Retrieves aggregate values for Alerts across all CIDs.

Parameters:

body (Array<DetectsapiAggregateAlertQueryRequest>) —

request body takes a list of aggregate-alert query requests
opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:include_hidden (Boolean) —

allows previously hidden alerts to be retrieved (default to true)

Returns:

(DetectsapiAggregatesResponse)

# File 'lib/crimson-falcon/api/alerts.rb', line 403

def post_aggregates_alerts_v2(body, opts = {})
  data, _status_code, _headers = post_aggregates_alerts_v2_with_http_info(body, opts)
  data
end

#post_aggregates_alerts_v2_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiAggregatesResponse, Integer, Hash)>`

Retrieves aggregate values for Alerts across all CIDs.

Parameters:

body (Array<DetectsapiAggregateAlertQueryRequest>) —

request body takes a list of aggregate-alert query requests
opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:include_hidden (Boolean) —

allows previously hidden alerts to be retrieved (default to true)

Returns:

(Array<(DetectsapiAggregatesResponse, Integer, Hash)>) —

DetectsapiAggregatesResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/alerts.rb', line 413

def post_aggregates_alerts_v2_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Alerts.post_aggregates_alerts_v2 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Alerts.post_aggregates_alerts_v2"
  end
  # resource path
  local_var_path = '/alerts/aggregates/alerts/v2'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'include_hidden'] = opts[:'include_hidden'] if !opts[:'include_hidden'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'DetectsapiAggregatesResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Alerts.post_aggregates_alerts_v2",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Alerts#post_aggregates_alerts_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#post_combined_alerts_v1(body, opts = {}) ⇒ `DetectsapiPostCombinedAlertsV1ResponseSwagger`

Retrieves all Alerts that match a particular FQL filter. This API is intended for retrieval of large amounts of Alerts(>10k) using a pagination based on a ‘after` token. If you need to use `offset` pagination, consider using GET /alerts/queries/alerts/* and POST /alerts/entities/alerts/* APIs.

Parameters:

body (DetectsapiPostCombinedAlertsV1RequestSwagger) —

`after` - The `after` token is used for pagination of results. The `after` token is present when more results are available on the next page. To retrieve all Alerts: - Use the `after` token in subsequent requests to fetch the next page. - Continue this process until you reach a page without an `after` token, indicating the last page. This value is highly dependant on the `sort` parameter, so if you plan to change the sort order, you will have to re-start your search from the first page (without `after` parameter). `filter` - Filter Alerts using a query in Falcon Query Language (FQL).Filter fields can be any keyword field that is part of #domain.Alert An asterisk wildcard `*` includes all results. Empty value means to not filter on anything. Most commonly used filter fields that supports exact match: cid, id, aggregate_id, product, type, pattern_id, platform … Most commonly used filter fields that supports wildcard (*): assigned_to_name, assigned_to_uuid, tactic_id, technique … Most commonly filter fields that supports range comparisons (>, <, >=, <=): severity, created_timestamp, timestamp, updated_timestamp… All filter fields and operations support negation (!). The full list of valid filter options is extensive. Review it in our [documentation inside the Falcon console](falcon.crowdstrike.com/documentation/45/falcon-query-language-fql). `limit` - The maximum number of detections to return in this response (default: 100; max: 1000). Use this parameter together with the `after` parameter to manage pagination of the results. `sort` - Sort parameter takes the form of `<field|direction>`. The sorting fields can be any keyword field that is part of #domain.Alert except for the text based fields. Most commonly used fields for sorting are: timestamp, created_timestamp, updated_timestamp, status, aggregate_id, assigned_to_name, assigned_to_uid, assigned_to_uuid, tactic_id, tactic, technique, technique_id, pattern_id or product. By default all the results are sorted by the `created_timestamp` field in the descending order. Important: The pagination is done on live data in the order defined by the `sort` field parameter (default: `created_timestamp|desc`), so if you want to avoid inconsistent results where the same record might appear on multiple pages (or none), sort only on the fields that do not change over time (e.g. created_timestamp, composite_id, …).
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(DetectsapiPostCombinedAlertsV1ResponseSwagger)

# File 'lib/crimson-falcon/api/alerts.rb', line 471

def post_combined_alerts_v1(body, opts = {})
  data, _status_code, _headers = post_combined_alerts_v1_with_http_info(body, opts)
  data
end

#post_combined_alerts_v1_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiPostCombinedAlertsV1ResponseSwagger, Integer, Hash)>`

Retrieves all Alerts that match a particular FQL filter. This API is intended for retrieval of large amounts of Alerts(>10k) using a pagination based on a `after` token. If you need to use `offset` pagination, consider using GET /alerts/queries/alerts/* and POST /alerts/entities/alerts/* APIs.

Parameters:

body (DetectsapiPostCombinedAlertsV1RequestSwagger) —

`after` - The `after` token is used for pagination of results. The `after` token is present when more results are available on the next page. To retrieve all Alerts: - Use the `after` token in subsequent requests to fetch the next page. - Continue this process until you reach a page without an `after` token, indicating the last page. This value is highly dependant on the `sort` parameter, so if you plan to change the sort order, you will have to re-start your search from the first page (without `after` parameter). `filter` - Filter Alerts using a query in Falcon Query Language (FQL).Filter fields can be any keyword field that is part of #domain.Alert An asterisk wildcard `*` includes all results. Empty value means to not filter on anything. Most commonly used filter fields that supports exact match: cid, id, aggregate_id, product, type, pattern_id, platform … Most commonly used filter fields that supports wildcard (*): assigned_to_name, assigned_to_uuid, tactic_id, technique … Most commonly filter fields that supports range comparisons (>, <, >=, <=): severity, created_timestamp, timestamp, updated_timestamp… All filter fields and operations support negation (!). The full list of valid filter options is extensive. Review it in our [documentation inside the Falcon console](falcon.crowdstrike.com/documentation/45/falcon-query-language-fql). `limit` - The maximum number of detections to return in this response (default: 100; max: 1000). Use this parameter together with the `after` parameter to manage pagination of the results. `sort` - Sort parameter takes the form of `<field|direction>`. The sorting fields can be any keyword field that is part of #domain.Alert except for the text based fields. Most commonly used fields for sorting are: timestamp, created_timestamp, updated_timestamp, status, aggregate_id, assigned_to_name, assigned_to_uid, assigned_to_uuid, tactic_id, tactic, technique, technique_id, pattern_id or product. By default all the results are sorted by the `created_timestamp` field in the descending order. Important: The pagination is done on live data in the order defined by the `sort` field parameter (default: `created_timestamp|desc`), so if you want to avoid inconsistent results where the same record might appear on multiple pages (or none), sort only on the fields that do not change over time (e.g. created_timestamp, composite_id, …).
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(Array<(DetectsapiPostCombinedAlertsV1ResponseSwagger, Integer, Hash)>) —

DetectsapiPostCombinedAlertsV1ResponseSwagger data, response status code and response headers

# File 'lib/crimson-falcon/api/alerts.rb', line 480

def post_combined_alerts_v1_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Alerts.post_combined_alerts_v1 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Alerts.post_combined_alerts_v1"
  end
  # resource path
  local_var_path = '/alerts/combined/alerts/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'DetectsapiPostCombinedAlertsV1ResponseSwagger'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Alerts.post_combined_alerts_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Alerts#post_combined_alerts_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#post_entities_alerts_v1(body, opts = {}) ⇒ `DetectsapiPostEntitiesAlertsV1ResponseSwagger`

Deprecated: please use version v2 of this endpoint. Retrieves all Alerts given their ids.

Parameters:

body (DetectsapiPostEntitiesAlertsV1Request)
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(DetectsapiPostEntitiesAlertsV1ResponseSwagger)

# File 'lib/crimson-falcon/api/alerts.rb', line 537

def post_entities_alerts_v1(body, opts = {})
  data, _status_code, _headers = post_entities_alerts_v1_with_http_info(body, opts)
  data
end

#post_entities_alerts_v1_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiPostEntitiesAlertsV1ResponseSwagger, Integer, Hash)>`

Deprecated: please use version v2 of this endpoint. Retrieves all Alerts given their ids.

Parameters:

body (DetectsapiPostEntitiesAlertsV1Request)
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(Array<(DetectsapiPostEntitiesAlertsV1ResponseSwagger, Integer, Hash)>) —

DetectsapiPostEntitiesAlertsV1ResponseSwagger data, response status code and response headers

# File 'lib/crimson-falcon/api/alerts.rb', line 546

def post_entities_alerts_v1_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Alerts.post_entities_alerts_v1 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Alerts.post_entities_alerts_v1"
  end
  # resource path
  local_var_path = '/alerts/entities/alerts/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'DetectsapiPostEntitiesAlertsV1ResponseSwagger'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Alerts.post_entities_alerts_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Alerts#post_entities_alerts_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#post_entities_alerts_v2(body, opts = {}) ⇒ `DetectsapiPostEntitiesAlertsV2ResponseSwagger`

Retrieves all Alerts given their composite ids.

Parameters:

body (DetectsapiPostEntitiesAlertsV2Request)
opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:include_hidden (Boolean) —

allows previously hidden alerts to be retrieved (default to true)

Returns:

(DetectsapiPostEntitiesAlertsV2ResponseSwagger)

# File 'lib/crimson-falcon/api/alerts.rb', line 604

def post_entities_alerts_v2(body, opts = {})
  data, _status_code, _headers = post_entities_alerts_v2_with_http_info(body, opts)
  data
end

#post_entities_alerts_v2_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiPostEntitiesAlertsV2ResponseSwagger, Integer, Hash)>`

Retrieves all Alerts given their composite ids.

Parameters:

body (DetectsapiPostEntitiesAlertsV2Request)
opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:include_hidden (Boolean) —

allows previously hidden alerts to be retrieved (default to true)

Returns:

(Array<(DetectsapiPostEntitiesAlertsV2ResponseSwagger, Integer, Hash)>) —

DetectsapiPostEntitiesAlertsV2ResponseSwagger data, response status code and response headers

# File 'lib/crimson-falcon/api/alerts.rb', line 614

def post_entities_alerts_v2_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Alerts.post_entities_alerts_v2 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Alerts.post_entities_alerts_v2"
  end
  # resource path
  local_var_path = '/alerts/entities/alerts/v2'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'include_hidden'] = opts[:'include_hidden'] if !opts[:'include_hidden'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'DetectsapiPostEntitiesAlertsV2ResponseSwagger'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Alerts.post_entities_alerts_v2",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Alerts#post_entities_alerts_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

Class: Falcon::Alerts

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ Alerts

Instance Attribute Details

#api_client ⇒ Object

Instance Method Details

#get_queries_alerts_v1(opts = {}) ⇒ DetectsapiAlertQueryResponse

#get_queries_alerts_v1_with_http_info(opts = {}) ⇒ Array<(DetectsapiAlertQueryResponse, Integer, Hash)>

#get_queries_alerts_v2(opts = {}) ⇒ DetectsapiAlertQueryResponse

#get_queries_alerts_v2_with_http_info(opts = {}) ⇒ Array<(DetectsapiAlertQueryResponse, Integer, Hash)>

#patch_entities_alerts_v2(body, opts = {}) ⇒ DetectsapiResponseFields

#patch_entities_alerts_v2_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiResponseFields, Integer, Hash)>

#patch_entities_alerts_v3(body, opts = {}) ⇒ DetectsapiResponseFields

#patch_entities_alerts_v3_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiResponseFields, Integer, Hash)>

#post_aggregates_alerts_v1(body, opts = {}) ⇒ DetectsapiAggregatesResponse

#post_aggregates_alerts_v1_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiAggregatesResponse, Integer, Hash)>

#post_aggregates_alerts_v2(body, opts = {}) ⇒ DetectsapiAggregatesResponse

#post_aggregates_alerts_v2_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiAggregatesResponse, Integer, Hash)>

#post_combined_alerts_v1(body, opts = {}) ⇒ DetectsapiPostCombinedAlertsV1ResponseSwagger

#post_combined_alerts_v1_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiPostCombinedAlertsV1ResponseSwagger, Integer, Hash)>

#post_entities_alerts_v1(body, opts = {}) ⇒ DetectsapiPostEntitiesAlertsV1ResponseSwagger

#post_entities_alerts_v1_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiPostEntitiesAlertsV1ResponseSwagger, Integer, Hash)>

#post_entities_alerts_v2(body, opts = {}) ⇒ DetectsapiPostEntitiesAlertsV2ResponseSwagger

#post_entities_alerts_v2_with_http_info(body, opts = {}) ⇒ Array<(DetectsapiPostEntitiesAlertsV2ResponseSwagger, Integer, Hash)>

#initialize(api_client = ApiClient.default) ⇒ `Alerts`

#api_client ⇒ `Object`

#get_queries_alerts_v1(opts = {}) ⇒ `DetectsapiAlertQueryResponse`

#get_queries_alerts_v1_with_http_info(opts = {}) ⇒ `Array<(DetectsapiAlertQueryResponse, Integer, Hash)>`

#get_queries_alerts_v2(opts = {}) ⇒ `DetectsapiAlertQueryResponse`

#get_queries_alerts_v2_with_http_info(opts = {}) ⇒ `Array<(DetectsapiAlertQueryResponse, Integer, Hash)>`

#patch_entities_alerts_v2(body, opts = {}) ⇒ `DetectsapiResponseFields`

#patch_entities_alerts_v2_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiResponseFields, Integer, Hash)>`

#patch_entities_alerts_v3(body, opts = {}) ⇒ `DetectsapiResponseFields`

#patch_entities_alerts_v3_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiResponseFields, Integer, Hash)>`

#post_aggregates_alerts_v1(body, opts = {}) ⇒ `DetectsapiAggregatesResponse`

#post_aggregates_alerts_v1_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiAggregatesResponse, Integer, Hash)>`

#post_aggregates_alerts_v2(body, opts = {}) ⇒ `DetectsapiAggregatesResponse`

#post_aggregates_alerts_v2_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiAggregatesResponse, Integer, Hash)>`

#post_combined_alerts_v1(body, opts = {}) ⇒ `DetectsapiPostCombinedAlertsV1ResponseSwagger`

#post_combined_alerts_v1_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiPostCombinedAlertsV1ResponseSwagger, Integer, Hash)>`

#post_entities_alerts_v1(body, opts = {}) ⇒ `DetectsapiPostEntitiesAlertsV1ResponseSwagger`

#post_entities_alerts_v1_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiPostEntitiesAlertsV1ResponseSwagger, Integer, Hash)>`

#post_entities_alerts_v2(body, opts = {}) ⇒ `DetectsapiPostEntitiesAlertsV2ResponseSwagger`

#post_entities_alerts_v2_with_http_info(body, opts = {}) ⇒ `Array<(DetectsapiPostEntitiesAlertsV2ResponseSwagger, Integer, Hash)>`