Class: Falcon::Cases

Inherits:

Object

• Object
• Falcon::Cases

Defined in:

lib/crimson-falcon/api/cases.rb

Instance Attribute Summary

• #api_client ⇒ Object

  Returns the value of attribute api_client.

Instance Method Summary

• #entities_alert_evidence_post_v1(body, opts = {}) ⇒ OperationsUpdateCaseResponseVM

  Adds the given list of alert evidence to the specified case.

• #entities_alert_evidence_post_v1_with_http_info(body, opts = {}) ⇒ Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>

  Adds the given list of alert evidence to the specified case.

• #entities_case_tags_delete_v1(id, tag, opts = {}) ⇒ OperationsUpdateCaseResponseVM

  Removes the specified tags from the specified case.

• #entities_case_tags_delete_v1_with_http_info(id, tag, opts = {}) ⇒ Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>

  Removes the specified tags from the specified case.

• #entities_case_tags_post_v1(body, opts = {}) ⇒ OperationsUpdateCaseResponseVM

  Adds the given list of tags to the specified case.

• #entities_case_tags_post_v1_with_http_info(body, opts = {}) ⇒ Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>

  Adds the given list of tags to the specified case.

• #entities_cases_patch_v2(body, opts = {}) ⇒ OperationsUpdateCaseResponseVM

  Updates given fields on the specified case.

• #entities_cases_patch_v2_with_http_info(body, opts = {}) ⇒ Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>

  Updates given fields on the specified case.

• #entities_cases_post_v2(body, opts = {}) ⇒ OperationsGetCasesByIDsResponseVM

  Retrieves all Cases given their IDs.

• #entities_cases_post_v2_with_http_info(body, opts = {}) ⇒ Array<(OperationsGetCasesByIDsResponseVM, Integer, Hash)>

  Retrieves all Cases given their IDs.

• #entities_cases_put_v2(body, opts = {}) ⇒ OperationsCreateCaseResponseVM

  Creates the given Case.

• #entities_cases_put_v2_with_http_info(body, opts = {}) ⇒ Array<(OperationsCreateCaseResponseVM, Integer, Hash)>

  Creates the given Case.

• #entities_event_evidence_post_v1(body, opts = {}) ⇒ OperationsUpdateCaseResponseVM

  Adds the given list of event evidence to the specified case.

• #entities_event_evidence_post_v1_with_http_info(body, opts = {}) ⇒ Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>

  Adds the given list of event evidence to the specified case.

• #initialize(api_client = ApiClient.default) ⇒ Cases constructor

  A new instance of Cases.

• #queries_cases_get_v1(opts = {}) ⇒ CasesapiGetQueriesCasesV1Response

  Retrieves all Cases IDs that match a given query.

• #queries_cases_get_v1_with_http_info(opts = {}) ⇒ Array<(CasesapiGetQueriesCasesV1Response, Integer, Hash)>

  Retrieves all Cases IDs that match a given query.

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ Cases

Returns a new instance of Cases.

# File 'lib/crimson-falcon/api/cases.rb', line 35

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_client ⇒ Object

Returns the value of attribute api_client.

# File 'lib/crimson-falcon/api/cases.rb', line 33

def api_client
  @api_client
end

Instance Method Details

#entities_alert_evidence_post_v1(body, opts = {}) ⇒ OperationsUpdateCaseResponseVM

Adds the given list of alert evidence to the specified case.

Parameters:

• body (OperationsAddAlertsToCaseRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (OperationsUpdateCaseResponseVM)

# File 'lib/crimson-falcon/api/cases.rb', line 42

def entities_alert_evidence_post_v1(body, opts = {})
  data, _status_code, _headers = entities_alert_evidence_post_v1_with_http_info(body, opts)
  data
end

#entities_alert_evidence_post_v1_with_http_info(body, opts = {}) ⇒ Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>

Adds the given list of alert evidence to the specified case.

Parameters:

• body (OperationsAddAlertsToCaseRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>) —

  OperationsUpdateCaseResponseVM data, response status code and response headers

# File 'lib/crimson-falcon/api/cases.rb', line 51

def entities_alert_evidence_post_v1_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Cases.entities_alert_evidence_post_v1 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Cases.entities_alert_evidence_post_v1"
  end
  # resource path
  local_var_path = '/cases/entities/alert-evidence/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'OperationsUpdateCaseResponseVM'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Cases.entities_alert_evidence_post_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Cases#entities_alert_evidence_post_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#entities_case_tags_delete_v1(id, tag, opts = {}) ⇒ OperationsUpdateCaseResponseVM

Removes the specified tags from the specified case.

Parameters:

• id (String) —

  The ID of the case to remove tags from.

• tag (Array<String>) —

  The tag to remove from the case.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (OperationsUpdateCaseResponseVM)

# File 'lib/crimson-falcon/api/cases.rb', line 109

def entities_case_tags_delete_v1(id, tag, opts = {})
  data, _status_code, _headers = entities_case_tags_delete_v1_with_http_info(id, tag, opts)
  data
end

#entities_case_tags_delete_v1_with_http_info(id, tag, opts = {}) ⇒ Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>

Removes the specified tags from the specified case.

Parameters:

• id (String) —

  The ID of the case to remove tags from.

• tag (Array<String>) —

  The tag to remove from the case.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>) —

  OperationsUpdateCaseResponseVM data, response status code and response headers

# File 'lib/crimson-falcon/api/cases.rb', line 119

def entities_case_tags_delete_v1_with_http_info(id, tag, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Cases.entities_case_tags_delete_v1 ...'
  end
  # verify the required parameter 'id' is set
  if @api_client.config.client_side_validation && id.nil?
    fail ArgumentError, "Missing the required parameter 'id' when calling Cases.entities_case_tags_delete_v1"
  end
  # verify the required parameter 'tag' is set
  if @api_client.config.client_side_validation && tag.nil?
    fail ArgumentError, "Missing the required parameter 'tag' when calling Cases.entities_case_tags_delete_v1"
  end
  # resource path
  local_var_path = '/cases/entities/case-tags/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'id'] = id
  query_params[:'tag'] = @api_client.build_collection_param(tag, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'OperationsUpdateCaseResponseVM'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Cases.entities_case_tags_delete_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:DELETE, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Cases#entities_case_tags_delete_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#entities_case_tags_post_v1(body, opts = {}) ⇒ OperationsUpdateCaseResponseVM

Adds the given list of tags to the specified case.

Parameters:

• body (OperationsAddTagsToCaseRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (OperationsUpdateCaseResponseVM)

# File 'lib/crimson-falcon/api/cases.rb', line 177

def entities_case_tags_post_v1(body, opts = {})
  data, _status_code, _headers = entities_case_tags_post_v1_with_http_info(body, opts)
  data
end

#entities_case_tags_post_v1_with_http_info(body, opts = {}) ⇒ Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>

Adds the given list of tags to the specified case.

Parameters:

• body (OperationsAddTagsToCaseRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>) —

  OperationsUpdateCaseResponseVM data, response status code and response headers

# File 'lib/crimson-falcon/api/cases.rb', line 186

def entities_case_tags_post_v1_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Cases.entities_case_tags_post_v1 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Cases.entities_case_tags_post_v1"
  end
  # resource path
  local_var_path = '/cases/entities/case-tags/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'OperationsUpdateCaseResponseVM'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Cases.entities_case_tags_post_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Cases#entities_case_tags_post_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#entities_cases_patch_v2(body, opts = {}) ⇒ OperationsUpdateCaseResponseVM

Updates given fields on the specified case.

Parameters:

• body (OperationsUpdateCaseRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (OperationsUpdateCaseResponseVM)

# File 'lib/crimson-falcon/api/cases.rb', line 243

def entities_cases_patch_v2(body, opts = {})
  data, _status_code, _headers = entities_cases_patch_v2_with_http_info(body, opts)
  data
end

#entities_cases_patch_v2_with_http_info(body, opts = {}) ⇒ Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>

Updates given fields on the specified case.

Parameters:

• body (OperationsUpdateCaseRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>) —

  OperationsUpdateCaseResponseVM data, response status code and response headers

# File 'lib/crimson-falcon/api/cases.rb', line 252

def entities_cases_patch_v2_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Cases.entities_cases_patch_v2 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Cases.entities_cases_patch_v2"
  end
  # resource path
  local_var_path = '/cases/entities/cases/v2'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'OperationsUpdateCaseResponseVM'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Cases.entities_cases_patch_v2",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:PATCH, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Cases#entities_cases_patch_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#entities_cases_post_v2(body, opts = {}) ⇒ OperationsGetCasesByIDsResponseVM

Retrieves all Cases given their IDs.

Parameters:

• body (OperationsGetCasesByIDsRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (OperationsGetCasesByIDsResponseVM)

# File 'lib/crimson-falcon/api/cases.rb', line 309

def entities_cases_post_v2(body, opts = {})
  data, _status_code, _headers = entities_cases_post_v2_with_http_info(body, opts)
  data
end

#entities_cases_post_v2_with_http_info(body, opts = {}) ⇒ Array<(OperationsGetCasesByIDsResponseVM, Integer, Hash)>

Retrieves all Cases given their IDs.

Parameters:

• body (OperationsGetCasesByIDsRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(OperationsGetCasesByIDsResponseVM, Integer, Hash)>) —

  OperationsGetCasesByIDsResponseVM data, response status code and response headers

# File 'lib/crimson-falcon/api/cases.rb', line 318

def entities_cases_post_v2_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Cases.entities_cases_post_v2 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Cases.entities_cases_post_v2"
  end
  # resource path
  local_var_path = '/cases/entities/cases/v2'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'OperationsGetCasesByIDsResponseVM'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Cases.entities_cases_post_v2",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Cases#entities_cases_post_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#entities_cases_put_v2(body, opts = {}) ⇒ OperationsCreateCaseResponseVM

Creates the given Case

Parameters:

• body (OperationsCreateCaseRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (OperationsCreateCaseResponseVM)

# File 'lib/crimson-falcon/api/cases.rb', line 375

def entities_cases_put_v2(body, opts = {})
  data, _status_code, _headers = entities_cases_put_v2_with_http_info(body, opts)
  data
end

#entities_cases_put_v2_with_http_info(body, opts = {}) ⇒ Array<(OperationsCreateCaseResponseVM, Integer, Hash)>

Creates the given Case

Parameters:

• body (OperationsCreateCaseRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(OperationsCreateCaseResponseVM, Integer, Hash)>) —

  OperationsCreateCaseResponseVM data, response status code and response headers

# File 'lib/crimson-falcon/api/cases.rb', line 384

def entities_cases_put_v2_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Cases.entities_cases_put_v2 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Cases.entities_cases_put_v2"
  end
  # resource path
  local_var_path = '/cases/entities/cases/v2'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'OperationsCreateCaseResponseVM'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Cases.entities_cases_put_v2",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:PUT, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Cases#entities_cases_put_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#entities_event_evidence_post_v1(body, opts = {}) ⇒ OperationsUpdateCaseResponseVM

Adds the given list of event evidence to the specified case.

Parameters:

• body (OperationsAddEventsToCaseRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (OperationsUpdateCaseResponseVM)

# File 'lib/crimson-falcon/api/cases.rb', line 441

def entities_event_evidence_post_v1(body, opts = {})
  data, _status_code, _headers = entities_event_evidence_post_v1_with_http_info(body, opts)
  data
end

#entities_event_evidence_post_v1_with_http_info(body, opts = {}) ⇒ Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>

Adds the given list of event evidence to the specified case.

Parameters:

• body (OperationsAddEventsToCaseRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(OperationsUpdateCaseResponseVM, Integer, Hash)>) —

  OperationsUpdateCaseResponseVM data, response status code and response headers

# File 'lib/crimson-falcon/api/cases.rb', line 450

def entities_event_evidence_post_v1_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Cases.entities_event_evidence_post_v1 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Cases.entities_event_evidence_post_v1"
  end
  # resource path
  local_var_path = '/cases/entities/event-evidence/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'OperationsUpdateCaseResponseVM'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Cases.entities_event_evidence_post_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Cases#entities_event_evidence_post_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#queries_cases_get_v1(opts = {}) ⇒ CasesapiGetQueriesCasesV1Response

Retrieves all Cases IDs that match a given query.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :limit (Integer) —

  The maximum number of Cases to return in this response (default: 100; max: 10000). Use this parameter together with the &#x60;offset&#x60; parameter to manage pagination of the results.

• :offset (Integer) —

  The first case to return, where &#x60;0&#x60; is the latest case. Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort parameter takes the form &lt;field|direction&gt;. Direction can be either &#x60;asc&#x60; (ascending) or &#x60;desc&#x60; (descending) order. For example: &#x60;status|asc&#x60; or &#x60;status|desc&#x60;. The sorting fields can be any keyword field that is part of #domain.Case except for the text based fields. Most commonly used fields are status, cid, created_timestamp, updated_timestamp, assigned_to_name, assigned_to_userid, assigned_to_uuid, tags If the fields are missing from the Cases, the service will fallback to its default ordering

• :filter (String) —

  Filter Cases using a query in Falcon Query Language (FQL).Filter fields can be any keyword field that is part of #domain.Case An asterisk wildcard &#x60;*&#x60; includes all results. Empty value means to not filter on anything. Most commonly used filter fields that supports exact match: cid, id … Most commonly used filter fields that supports wildcard (*): assigned_to_name, assigned_to_uuid… Most commonly filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): created_timestamp, updated_timestamp… All filter fields and operations support negation (!). The full list of valid filter options is extensive. Review it in our [documentation inside the Falcon console](falcon.crowdstrike.com/documentation/45/falcon-query-language-fql).

• :q (String) —

  Search all Case metadata for the provided string

Returns:

• (CasesapiGetQueriesCasesV1Response)

# File 'lib/crimson-falcon/api/cases.rb', line 511

def queries_cases_get_v1(opts = {})
  data, _status_code, _headers = queries_cases_get_v1_with_http_info(opts)
  data
end

#queries_cases_get_v1_with_http_info(opts = {}) ⇒ Array<(CasesapiGetQueriesCasesV1Response, Integer, Hash)>

Retrieves all Cases IDs that match a given query.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :limit (Integer) —

  The maximum number of Cases to return in this response (default: 100; max: 10000). Use this parameter together with the &#x60;offset&#x60; parameter to manage pagination of the results.

• :offset (Integer) —

  The first case to return, where &#x60;0&#x60; is the latest case. Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort parameter takes the form &lt;field|direction&gt;. Direction can be either &#x60;asc&#x60; (ascending) or &#x60;desc&#x60; (descending) order. For example: &#x60;status|asc&#x60; or &#x60;status|desc&#x60;. The sorting fields can be any keyword field that is part of #domain.Case except for the text based fields. Most commonly used fields are status, cid, created_timestamp, updated_timestamp, assigned_to_name, assigned_to_userid, assigned_to_uuid, tags If the fields are missing from the Cases, the service will fallback to its default ordering

• :filter (String) —

  Filter Cases using a query in Falcon Query Language (FQL).Filter fields can be any keyword field that is part of #domain.Case An asterisk wildcard &#x60;*&#x60; includes all results. Empty value means to not filter on anything. Most commonly used filter fields that supports exact match: cid, id … Most commonly used filter fields that supports wildcard (*): assigned_to_name, assigned_to_uuid… Most commonly filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): created_timestamp, updated_timestamp… All filter fields and operations support negation (!). The full list of valid filter options is extensive. Review it in our [documentation inside the Falcon console](falcon.crowdstrike.com/documentation/45/falcon-query-language-fql).

• :q (String) —

  Search all Case metadata for the provided string

Returns:

• (Array<(CasesapiGetQueriesCasesV1Response, Integer, Hash)>) —

  CasesapiGetQueriesCasesV1Response data, response status code and response headers

# File 'lib/crimson-falcon/api/cases.rb', line 524

def queries_cases_get_v1_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Cases.queries_cases_get_v1 ...'
  end
  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 10000
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Cases.queries_cases_get_v1, must be smaller than or equal to 10000.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 0
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Cases.queries_cases_get_v1, must be greater than or equal to 0.'
  end

  # resource path
  local_var_path = '/cases/queries/cases/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'CasesapiGetQueriesCasesV1Response'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Cases.queries_cases_get_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Cases#queries_cases_get_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end