Class: Falcon::CloudSecurityDetections

Inherits:

Object

Object
Falcon::CloudSecurityDetections

show all

Defined in:: lib/crimson-falcon/api/cloud_security_detections.rb

Instance Attribute Summary collapse

#api_client ⇒ Object

Returns the value of attribute api_client.

Instance Method Summary collapse

#cspm_evaluations_combined_iom_by_rule(opts = {}) ⇒ EvaluationsIOMsByRuleResponse

returns ioms grouped by rule.
#cspm_evaluations_combined_iom_by_rule_with_http_info(opts = {}) ⇒ Array<(EvaluationsIOMsByRuleResponse, Integer, Hash)>

returns ioms grouped by rule.
#cspm_evaluations_iom_entities(opts = {}) ⇒ EvaluationsGetIOMsResponse

Gets IOMs based on the provided IDs.
#cspm_evaluations_iom_entities_with_http_info(opts = {}) ⇒ Array<(EvaluationsGetIOMsResponse, Integer, Hash)>

Gets IOMs based on the provided IDs.
#cspm_evaluations_iom_queries(opts = {}) ⇒ EvaluationsQueryIOMsResponse

Gets a list of IOM IDs for the given parameters, filters and sort criteria.
#cspm_evaluations_iom_queries_with_http_info(opts = {}) ⇒ Array<(EvaluationsQueryIOMsResponse, Integer, Hash)>

Gets a list of IOM IDs for the given parameters, filters and sort criteria.
#initialize(api_client = ApiClient.default) ⇒ CloudSecurityDetections constructor

A new instance of CloudSecurityDetections.

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ `CloudSecurityDetections`

Returns a new instance of CloudSecurityDetections.



35
36
37

# File 'lib/crimson-falcon/api/cloud_security_detections.rb', line 35

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_client ⇒ `Object`

Returns the value of attribute api_client.



33
34
35

# File 'lib/crimson-falcon/api/cloud_security_detections.rb', line 33

def api_client
  @api_client
end

Instance Method Details

#cspm_evaluations_combined_iom_by_rule(opts = {}) ⇒ `EvaluationsIOMsByRuleResponse`

returns ioms grouped by rule

Parameters:

opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:filter (String) —

FQL string to filter results in Falcon Query Language (FQL). Supported fields: - `account_id` - `account_name` - `applicable_profile` - `attack_type` - `benchmark_name` - `benchmark_version` - `business_impact` - `cid` - `cloud_group` - `cloud_label` - `cloud_label_id` - `cloud_provider` - `cloud_scope` - `created_at` - `environment` - `extension_status` - `first_detected` - `framework` - `last_detected` - `policy_id` - `policy_name` - `region` - `requirement` - `resource_gcrn` - `resource_id` - `resource_parent` - `resource_status` - `resource_type` - `resource_type_name` - `rule_group` - `rule_id` - `rule_name` - `rule_origin` - `section` - `service` - `service_category` - `severity` - `status` - `suppressed_by` - `tactic_id` - `tactic_name` - `tag_key` - `tag_value` - `tags` - `tags_string` - `technique_id` - `technique_name` - `tenant_id` - `zone`
:sort (String) —

The field to sort on. Sortable fields include: - `assessed_assets` - `cloud_provider` - `misconfigurations` - `rule_id` - `severity` Use `|asc` or `|desc` suffix to specify sort direction.
:limit (Integer) —

The maximum number of items to return. When not specified or 0, 500 is used. When larger than 1000, 1000 is used. (default to 500)
:offset (Integer) —

Offset returned assets

Returns:

(EvaluationsIOMsByRuleResponse)

# File 'lib/crimson-falcon/api/cloud_security_detections.rb', line 45

def cspm_evaluations_combined_iom_by_rule(opts = {})
  data, _status_code, _headers = cspm_evaluations_combined_iom_by_rule_with_http_info(opts)
  data
end

#cspm_evaluations_combined_iom_by_rule_with_http_info(opts = {}) ⇒ `Array<(EvaluationsIOMsByRuleResponse, Integer, Hash)>`

returns ioms grouped by rule

Parameters:

opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:filter (String) —

FQL string to filter results in Falcon Query Language (FQL). Supported fields: - `account_id` - `account_name` - `applicable_profile` - `attack_type` - `benchmark_name` - `benchmark_version` - `business_impact` - `cid` - `cloud_group` - `cloud_label` - `cloud_label_id` - `cloud_provider` - `cloud_scope` - `created_at` - `environment` - `extension_status` - `first_detected` - `framework` - `last_detected` - `policy_id` - `policy_name` - `region` - `requirement` - `resource_gcrn` - `resource_id` - `resource_parent` - `resource_status` - `resource_type` - `resource_type_name` - `rule_group` - `rule_id` - `rule_name` - `rule_origin` - `section` - `service` - `service_category` - `severity` - `status` - `suppressed_by` - `tactic_id` - `tactic_name` - `tag_key` - `tag_value` - `tags` - `tags_string` - `technique_id` - `technique_name` - `tenant_id` - `zone`
:sort (String) —

The field to sort on. Sortable fields include: - `assessed_assets` - `cloud_provider` - `misconfigurations` - `rule_id` - `severity` Use `|asc` or `|desc` suffix to specify sort direction.
:limit (Integer) —

The maximum number of items to return. When not specified or 0, 500 is used. When larger than 1000, 1000 is used. (default to 500)
:offset (Integer) —

Offset returned assets

Returns:

(Array<(EvaluationsIOMsByRuleResponse, Integer, Hash)>) —

EvaluationsIOMsByRuleResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/cloud_security_detections.rb', line 57

def cspm_evaluations_combined_iom_by_rule_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: CloudSecurityDetections.cspm_evaluations_combined_iom_by_rule ...'
  end
  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 1000
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling CloudSecurityDetections.cspm_evaluations_combined_iom_by_rule, must be smaller than or equal to 1000.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 0
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling CloudSecurityDetections.cspm_evaluations_combined_iom_by_rule, must be greater than or equal to 0.'
  end

  if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
    fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling CloudSecurityDetections.cspm_evaluations_combined_iom_by_rule, must be greater than or equal to 0.'
  end

  # resource path
  local_var_path = '/cloud-security-evaluations/combined/ioms-by-rule/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'EvaluationsIOMsByRuleResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"CloudSecurityDetections.cspm_evaluations_combined_iom_by_rule",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: CloudSecurityDetections#cspm_evaluations_combined_iom_by_rule\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#cspm_evaluations_iom_entities(opts = {}) ⇒ `EvaluationsGetIOMsResponse`

Gets IOMs based on the provided IDs

Parameters:

opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:ids (Array<String>) —

List of IOMs to return (maximum 100 IDs allowed). Use POST method with same path if more entities are required.

Returns:

(EvaluationsGetIOMsResponse)

# File 'lib/crimson-falcon/api/cloud_security_detections.rb', line 121

def cspm_evaluations_iom_entities(opts = {})
  data, _status_code, _headers = cspm_evaluations_iom_entities_with_http_info(opts)
  data
end

#cspm_evaluations_iom_entities_with_http_info(opts = {}) ⇒ `Array<(EvaluationsGetIOMsResponse, Integer, Hash)>`

Gets IOMs based on the provided IDs

Parameters:

opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:ids (Array<String>) —

List of IOMs to return (maximum 100 IDs allowed). Use POST method with same path if more entities are required.

Returns:

(Array<(EvaluationsGetIOMsResponse, Integer, Hash)>) —

EvaluationsGetIOMsResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/cloud_security_detections.rb', line 130

def cspm_evaluations_iom_entities_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: CloudSecurityDetections.cspm_evaluations_iom_entities ...'
  end
  # resource path
  local_var_path = '/cloud-security-evaluations/entities/ioms/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(opts[:'ids'], :multi) if !opts[:'ids'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'EvaluationsGetIOMsResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"CloudSecurityDetections.cspm_evaluations_iom_entities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: CloudSecurityDetections#cspm_evaluations_iom_entities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#cspm_evaluations_iom_queries(opts = {}) ⇒ `EvaluationsQueryIOMsResponse`

Gets a list of IOM IDs for the given parameters, filters and sort criteria.

Parameters:

opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:filter (String) —

FQL string to filter results in Falcon Query Language (FQL). Supported fields: - `account_id` - `account_name` - `applicable_profile` - `attack_type` - `benchmark_name` - `benchmark_version` - `business_impact` - `cid` - `cloud_group` - `cloud_label` - `cloud_label_id` - `cloud_provider` - `cloud_scope` - `created_at` - `environment` - `extension_status` - `first_detected` - `framework` - `last_detected` - `policy_id` - `policy_name` - `policy_uuid` - `region` - `requirement` - `requirement_name` - `resource_gcrn` - `resource_id` - `resource_parent` - `resource_status` - `resource_type` - `resource_type_name` - `rule_group` - `rule_id` - `rule_name` - `rule_origin` - `rule_remediation` - `section` - `service` - `service_category` - `severity` - `status` - `suppressed_by` - `suppression_reason` - `tactic_id` - `tactic_name` - `tag_key` - `tag_value` - `tags` - `tags_string` - `technique_id` - `technique_name` - `tenant_id`
:sort (String) —

The field to sort on. Use `|asc` or `|desc` suffix to specify sort direction.Supported fields: - `account_id` - `account_name` - `applicable_profile` - `attack_type` - `benchmark_name` - `benchmark_version` - `business_impact` - `cid` - `cloud_group` - `cloud_label` - `cloud_label_id` - `cloud_provider` - `cloud_scope` - `created_at` - `environment` - `extension_status` - `first_detected` - `framework` - `last_detected` - `policy_id` - `policy_name` - `policy_uuid` - `region` - `requirement` - `requirement_name` - `resource_gcrn` - `resource_id` - `resource_parent` - `resource_status` - `resource_type` - `resource_type_name` - `rule_group` - `rule_id` - `rule_name` - `rule_origin` - `rule_remediation` - `section` - `service` - `service_category` - `severity` - `status` - `suppressed_by` - `suppression_reason` - `tactic_id` - `tactic_name` - `tag_key` - `tag_value` - `tags` - `tags_string` - `technique_id` - `technique_name` - `tenant_id`
:limit (Integer) —

The maximum number of items to return. When not specified or 0, 500 is used. When larger than 1000, 1000 is used. (default to 500)
:offset (Integer) —

Offset returned assets
:after (String) —

token-based pagination. Use for paginating through an entire result set. Use only one of 'offset' and 'after' parameters for paginating

Returns:

(EvaluationsQueryIOMsResponse)

# File 'lib/crimson-falcon/api/cloud_security_detections.rb', line 183

def cspm_evaluations_iom_queries(opts = {})
  data, _status_code, _headers = cspm_evaluations_iom_queries_with_http_info(opts)
  data
end

#cspm_evaluations_iom_queries_with_http_info(opts = {}) ⇒ `Array<(EvaluationsQueryIOMsResponse, Integer, Hash)>`

Gets a list of IOM IDs for the given parameters, filters and sort criteria.

Parameters:

opts (Hash) (defaults to: {}) —

the optional parameters

Options Hash (opts):

:filter (String) —

FQL string to filter results in Falcon Query Language (FQL). Supported fields: - `account_id` - `account_name` - `applicable_profile` - `attack_type` - `benchmark_name` - `benchmark_version` - `business_impact` - `cid` - `cloud_group` - `cloud_label` - `cloud_label_id` - `cloud_provider` - `cloud_scope` - `created_at` - `environment` - `extension_status` - `first_detected` - `framework` - `last_detected` - `policy_id` - `policy_name` - `policy_uuid` - `region` - `requirement` - `requirement_name` - `resource_gcrn` - `resource_id` - `resource_parent` - `resource_status` - `resource_type` - `resource_type_name` - `rule_group` - `rule_id` - `rule_name` - `rule_origin` - `rule_remediation` - `section` - `service` - `service_category` - `severity` - `status` - `suppressed_by` - `suppression_reason` - `tactic_id` - `tactic_name` - `tag_key` - `tag_value` - `tags` - `tags_string` - `technique_id` - `technique_name` - `tenant_id`
:sort (String) —

The field to sort on. Use `|asc` or `|desc` suffix to specify sort direction.Supported fields: - `account_id` - `account_name` - `applicable_profile` - `attack_type` - `benchmark_name` - `benchmark_version` - `business_impact` - `cid` - `cloud_group` - `cloud_label` - `cloud_label_id` - `cloud_provider` - `cloud_scope` - `created_at` - `environment` - `extension_status` - `first_detected` - `framework` - `last_detected` - `policy_id` - `policy_name` - `policy_uuid` - `region` - `requirement` - `requirement_name` - `resource_gcrn` - `resource_id` - `resource_parent` - `resource_status` - `resource_type` - `resource_type_name` - `rule_group` - `rule_id` - `rule_name` - `rule_origin` - `rule_remediation` - `section` - `service` - `service_category` - `severity` - `status` - `suppressed_by` - `suppression_reason` - `tactic_id` - `tactic_name` - `tag_key` - `tag_value` - `tags` - `tags_string` - `technique_id` - `technique_name` - `tenant_id`
:limit (Integer) —

The maximum number of items to return. When not specified or 0, 500 is used. When larger than 1000, 1000 is used. (default to 500)
:offset (Integer) —

Offset returned assets
:after (String) —

token-based pagination. Use for paginating through an entire result set. Use only one of 'offset' and 'after' parameters for paginating

Returns:

(Array<(EvaluationsQueryIOMsResponse, Integer, Hash)>) —

EvaluationsQueryIOMsResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/cloud_security_detections.rb', line 196

def cspm_evaluations_iom_queries_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: CloudSecurityDetections.cspm_evaluations_iom_queries ...'
  end
  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 1000
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling CloudSecurityDetections.cspm_evaluations_iom_queries, must be smaller than or equal to 1000.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 0
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling CloudSecurityDetections.cspm_evaluations_iom_queries, must be greater than or equal to 0.'
  end

  if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
    fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling CloudSecurityDetections.cspm_evaluations_iom_queries, must be greater than or equal to 0.'
  end

  # resource path
  local_var_path = '/cloud-security-evaluations/queries/ioms/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'after'] = opts[:'after'] if !opts[:'after'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'EvaluationsQueryIOMsResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"CloudSecurityDetections.cspm_evaluations_iom_queries",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: CloudSecurityDetections#cspm_evaluations_iom_queries\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

Class: Falcon::CloudSecurityDetections

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ CloudSecurityDetections

Instance Attribute Details

#api_client ⇒ Object

Instance Method Details

#cspm_evaluations_combined_iom_by_rule(opts = {}) ⇒ EvaluationsIOMsByRuleResponse

#cspm_evaluations_combined_iom_by_rule_with_http_info(opts = {}) ⇒ Array<(EvaluationsIOMsByRuleResponse, Integer, Hash)>

#cspm_evaluations_iom_entities(opts = {}) ⇒ EvaluationsGetIOMsResponse

#cspm_evaluations_iom_entities_with_http_info(opts = {}) ⇒ Array<(EvaluationsGetIOMsResponse, Integer, Hash)>

#cspm_evaluations_iom_queries(opts = {}) ⇒ EvaluationsQueryIOMsResponse

#cspm_evaluations_iom_queries_with_http_info(opts = {}) ⇒ Array<(EvaluationsQueryIOMsResponse, Integer, Hash)>

#initialize(api_client = ApiClient.default) ⇒ `CloudSecurityDetections`

#api_client ⇒ `Object`

#cspm_evaluations_combined_iom_by_rule(opts = {}) ⇒ `EvaluationsIOMsByRuleResponse`

#cspm_evaluations_combined_iom_by_rule_with_http_info(opts = {}) ⇒ `Array<(EvaluationsIOMsByRuleResponse, Integer, Hash)>`

#cspm_evaluations_iom_entities(opts = {}) ⇒ `EvaluationsGetIOMsResponse`

#cspm_evaluations_iom_entities_with_http_info(opts = {}) ⇒ `Array<(EvaluationsGetIOMsResponse, Integer, Hash)>`

#cspm_evaluations_iom_queries(opts = {}) ⇒ `EvaluationsQueryIOMsResponse`

#cspm_evaluations_iom_queries_with_http_info(opts = {}) ⇒ `Array<(EvaluationsQueryIOMsResponse, Integer, Hash)>`