Class: Falcon::DetectsExternalAlert

Inherits:

Object

• Object
• Falcon::DetectsExternalAlert

Defined in:

lib/crimson-falcon/models/detects_external_alert.rb

Instance Attribute Summary

• #agent_id ⇒ Object

  Device or sensor ID for which the Alert was generated.

• #aggregate_id ⇒ Object

  Common linkage between multiple Alerts that belong to the same detection bouquet.

• #aggregation_rule_id ⇒ Object

  An opaque internal identifier that can uniquely identify the aggregation rule.

• #aggregation_rule_name ⇒ Object

  Aggregation rule name.

• #assigned_to_name ⇒ Object

  Name of the person this Alert is assigned to.

• #assigned_to_uid ⇒ Object

  UserID to which this Alert is assigned to.

• #assigned_to_uuid ⇒ Object

  UUID to which this Alert is assigned to.

• #cid ⇒ Object

  Unique ID of CrowdStrike customers.

• #cms_rule_id ⇒ Object

  An opaque internal identifier that can uniquely identify the CMS rule which triggered this detection.

• #composite_id ⇒ Object

  An opaque internal identifier that can uniquely identify an Alert.

• #confidence ⇒ Object

  Confidence is a 1-100 integer value denoting the confidence that, when this Alert fires, it is indicative of malicious activity.

• #crawled_timestamp ⇒ Object

  indicates when ThreatGraph was crawled to gather info for this alert creation/update.

• #created_timestamp ⇒ Object

  indicates when the Alert was first written to backend store.

• #data_domains ⇒ Object

  Data Domains represents domains to which this alert belongs to.

• #description ⇒ Object

  Short, customer-visible summary of the detected activity.

• #display_name ⇒ Object

  Customer visible name for the Alert’s pattern.

• #email_sent ⇒ Object

  Boolean to know if we sent email regarding this Alert.

• #external ⇒ Object

  Boolean indicating if this Alert is internal or external.

• #id ⇒ Object

  Vertex key which triggers the formation of the Alert.

• #is_aggregated ⇒ Object

  Boolean indicating if this Alert is an aggregated alert.

• #linked_behavioral_detections ⇒ Object

  Linked Behavioral Detections are behavioral detections that are associated with this alert.

• #linked_case_ids ⇒ Object

  Linked Case Ids are cases that are associated with this alert.

• #mitre_attack ⇒ Object

  References to MITRE ATT&CK, which is a public framework for tracking and modeling adversary tools techniques and procedures.

• #name ⇒ Object

  Pattern Name coming either from Taxonomy or directly from the ingested Alert.

• #objective ⇒ Object

  End goal that an attack adversary intends to achieve according to MITRE.

• #origin_cid ⇒ Object

  Original CID value when the alert was first created, mirrors the cid field during alert creation.

• #pattern_id ⇒ Object

  Taxonomy patternID for this Alert.

• #platform ⇒ Object

  Platform that this Alert was triggered on e.g.

• #product ⇒ Object

  Product specifies the SKU that this Alert belongs to e.g.

• #resolution ⇒ Object

  Alert resolution.

• #scenario ⇒ Object

  Scenario was used pre-Handrails to display additional killchain context for UI alerts.

• #seconds_to_resolved ⇒ Object

  Seconds To Resolved represents the seconds elapsed since this alert has been resolved.

• #seconds_to_triaged ⇒ Object

  Seconds To Triage represents the seconds elapsed since this alert has been triaged.

• #severity ⇒ Object

  Severity is also a 1-100 integer value, but unlike confidence severity impacts how a Alert is displayed in the UI.

• #severity_name ⇒ Object

  Severity name is a UI friendly bucketing of the severity integer.

• #show_in_ui ⇒ Object

  Boolean indicating if this Alert will be shown in the UI or if it’s hidden’.

• #source_products ⇒ Object

  Source Products are products that produced events which contributed to this alert.

• #source_vendors ⇒ Object

  Source Vendors are vendors that produced events which contributed to this alert.

• #status ⇒ Object

  Could be one of the following - New, closed, in_progress, reopened.

• #tactic ⇒ Object

  Tactic and Technique are references to MITRE ATT&CK, which is a public framework for tracking and modeling adversary tools techniques and procedures.

• #tactic_id ⇒ Object

  Unique ID for the tactic seen in the Alert.

• #tags ⇒ Object

  Tags are string values associated with the alert that can be added or removed through the API.

• #technique ⇒ Object

  Tactic and Technique are references to MITRE ATT&CK, which is a public framework for tracking and modeling adversary tools techniques and procedures.

• #technique_id ⇒ Object

  Unique ID for the technique seen in the Alert.

• #timestamp ⇒ Object

  stored value coming in directly from the ingested event or set by cloud in the absence of it.

• #type ⇒ Object

  Type of definition Detections Extensibility use.

• #updated_timestamp ⇒ Object

  indicates when the Alert was last modified.

Class Method Summary

• .acceptable_attributes ⇒ Object

  Returns all the JSON keys this model knows about.

• .attribute_map ⇒ Object

  Attribute mapping from ruby-style variable name to JSON key.

• .build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• .openapi_nullable ⇒ Object

  List of attributes with nullable: true.

• .openapi_types ⇒ Object

  Attribute type mapping.

Instance Method Summary

• #==(o) ⇒ Object

  Checks equality by comparing each attribute.

• #_deserialize(type, value) ⇒ Object

  Deserializes the data based on type.

• #_to_hash(value) ⇒ Hash

  Outputs non-array value in the form of hash For object, use to_hash.

• #build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• #eql?(o) ⇒ Boolean
• #hash ⇒ Integer

  Calculates hash code according to all attributes.

• #initialize(attributes = {}) ⇒ DetectsExternalAlert constructor

  Initializes the object.

• #list_invalid_properties ⇒ Object

  Show invalid properties with the reasons.

• #to_body ⇒ Hash

  to_body is an alias to to_hash (backward compatibility).

• #to_hash ⇒ Hash

  Returns the object in the form of hash.

• #to_s ⇒ String

  Returns the string representation of the object.

• #valid? ⇒ Boolean

  Check to see if the all the properties in the model are valid.

Constructor Details

#initialize(attributes = {}) ⇒ DetectsExternalAlert

Initializes the object

Parameters:

• attributes (Hash) (defaults to: {}) —

  Model attributes in the form of hash

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 294

def initialize(attributes = {})
  if (!attributes.is_a?(Hash))
    fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DetectsExternalAlert` initialize method"
  end

  # check to see if the attribute exists and convert string to symbol for hash key
  attributes = attributes.each_with_object({}) { |(k, v), h|
    if (!self.class.attribute_map.key?(k.to_sym))
      fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DetectsExternalAlert`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
    end
    h[k.to_sym] = v
  }

  if attributes.key?(:'agent_id')
    self.agent_id = attributes[:'agent_id']
  end

  if attributes.key?(:'aggregate_id')
    self.aggregate_id = attributes[:'aggregate_id']
  end

  if attributes.key?(:'aggregation_rule_id')
    self.aggregation_rule_id = attributes[:'aggregation_rule_id']
  end

  if attributes.key?(:'aggregation_rule_name')
    self.aggregation_rule_name = attributes[:'aggregation_rule_name']
  end

  if attributes.key?(:'assigned_to_name')
    self.assigned_to_name = attributes[:'assigned_to_name']
  end

  if attributes.key?(:'assigned_to_uid')
    self.assigned_to_uid = attributes[:'assigned_to_uid']
  end

  if attributes.key?(:'assigned_to_uuid')
    self.assigned_to_uuid = attributes[:'assigned_to_uuid']
  end

  if attributes.key?(:'cid')
    self.cid = attributes[:'cid']
  end

  if attributes.key?(:'cms_rule_id')
    self.cms_rule_id = attributes[:'cms_rule_id']
  end

  if attributes.key?(:'composite_id')
    self.composite_id = attributes[:'composite_id']
  end

  if attributes.key?(:'confidence')
    self.confidence = attributes[:'confidence']
  end

  if attributes.key?(:'crawled_timestamp')
    self.crawled_timestamp = attributes[:'crawled_timestamp']
  end

  if attributes.key?(:'created_timestamp')
    self.created_timestamp = attributes[:'created_timestamp']
  end

  if attributes.key?(:'data_domains')
    if (value = attributes[:'data_domains']).is_a?(Array)
      self.data_domains = value
    end
  end

  if attributes.key?(:'description')
    self.description = attributes[:'description']
  end

  if attributes.key?(:'display_name')
    self.display_name = attributes[:'display_name']
  end

  if attributes.key?(:'email_sent')
    self.email_sent = attributes[:'email_sent']
  end

  if attributes.key?(:'external')
    self.external = attributes[:'external']
  end

  if attributes.key?(:'id')
    self.id = attributes[:'id']
  end

  if attributes.key?(:'is_aggregated')
    self.is_aggregated = attributes[:'is_aggregated']
  end

  if attributes.key?(:'linked_behavioral_detections')
    if (value = attributes[:'linked_behavioral_detections']).is_a?(Array)
      self.linked_behavioral_detections = value
    end
  end

  if attributes.key?(:'linked_case_ids')
    if (value = attributes[:'linked_case_ids']).is_a?(Array)
      self.linked_case_ids = value
    end
  end

  if attributes.key?(:'mitre_attack')
    if (value = attributes[:'mitre_attack']).is_a?(Array)
      self.mitre_attack = value
    end
  end

  if attributes.key?(:'name')
    self.name = attributes[:'name']
  end

  if attributes.key?(:'objective')
    self.objective = attributes[:'objective']
  end

  if attributes.key?(:'origin_cid')
    self.origin_cid = attributes[:'origin_cid']
  end

  if attributes.key?(:'pattern_id')
    self.pattern_id = attributes[:'pattern_id']
  end

  if attributes.key?(:'platform')
    self.platform = attributes[:'platform']
  end

  if attributes.key?(:'product')
    self.product = attributes[:'product']
  end

  if attributes.key?(:'resolution')
    self.resolution = attributes[:'resolution']
  end

  if attributes.key?(:'scenario')
    self.scenario = attributes[:'scenario']
  end

  if attributes.key?(:'seconds_to_resolved')
    self.seconds_to_resolved = attributes[:'seconds_to_resolved']
  end

  if attributes.key?(:'seconds_to_triaged')
    self.seconds_to_triaged = attributes[:'seconds_to_triaged']
  end

  if attributes.key?(:'severity')
    self.severity = attributes[:'severity']
  end

  if attributes.key?(:'severity_name')
    self.severity_name = attributes[:'severity_name']
  end

  if attributes.key?(:'show_in_ui')
    self.show_in_ui = attributes[:'show_in_ui']
  end

  if attributes.key?(:'source_products')
    if (value = attributes[:'source_products']).is_a?(Array)
      self.source_products = value
    end
  end

  if attributes.key?(:'source_vendors')
    if (value = attributes[:'source_vendors']).is_a?(Array)
      self.source_vendors = value
    end
  end

  if attributes.key?(:'status')
    self.status = attributes[:'status']
  end

  if attributes.key?(:'tactic')
    self.tactic = attributes[:'tactic']
  end

  if attributes.key?(:'tactic_id')
    self.tactic_id = attributes[:'tactic_id']
  end

  if attributes.key?(:'tags')
    if (value = attributes[:'tags']).is_a?(Array)
      self.tags = value
    end
  end

  if attributes.key?(:'technique')
    self.technique = attributes[:'technique']
  end

  if attributes.key?(:'technique_id')
    self.technique_id = attributes[:'technique_id']
  end

  if attributes.key?(:'timestamp')
    self.timestamp = attributes[:'timestamp']
  end

  if attributes.key?(:'type')
    self.type = attributes[:'type']
  end

  if attributes.key?(:'updated_timestamp')
    self.updated_timestamp = attributes[:'updated_timestamp']
  end
end

Instance Attribute Details

#agent_id ⇒ Object

Device or sensor ID for which the Alert was generated

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 35

def agent_id
  @agent_id
end

#aggregate_id ⇒ Object

Common linkage between multiple Alerts that belong to the same detection bouquet

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 38

def aggregate_id
  @aggregate_id
end

#aggregation_rule_id ⇒ Object

An opaque internal identifier that can uniquely identify the aggregation rule

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 41

def aggregation_rule_id
  @aggregation_rule_id
end

#aggregation_rule_name ⇒ Object

Aggregation rule name

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 44

def aggregation_rule_name
  @aggregation_rule_name
end

#assigned_to_name ⇒ Object

Name of the person this Alert is assigned to

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 47

def assigned_to_name
  @assigned_to_name
end

#assigned_to_uid ⇒ Object

UserID to which this Alert is assigned to

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 50

def assigned_to_uid
  @assigned_to_uid
end

#assigned_to_uuid ⇒ Object

UUID to which this Alert is assigned to

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 53

def assigned_to_uuid
  @assigned_to_uuid
end

#cid ⇒ Object

Unique ID of CrowdStrike customers

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 56

def cid
  @cid
end

#cms_rule_id ⇒ Object

An opaque internal identifier that can uniquely identify the CMS rule which triggered this detection

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 59

def cms_rule_id
  @cms_rule_id
end

#composite_id ⇒ Object

An opaque internal identifier that can uniquely identify an Alert

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 62

def composite_id
  @composite_id
end

#confidence ⇒ Object

Confidence is a 1-100 integer value denoting the confidence that, when this Alert fires, it is indicative of malicious activity

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 65

def confidence
  @confidence
end

#crawled_timestamp ⇒ Object

indicates when ThreatGraph was crawled to gather info for this alert creation/update

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 68

def crawled_timestamp
  @crawled_timestamp
end

#created_timestamp ⇒ Object

indicates when the Alert was first written to backend store

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 71

def created_timestamp
  @created_timestamp
end

#data_domains ⇒ Object

Data Domains represents domains to which this alert belongs to

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 74

def data_domains
  @data_domains
end

#description ⇒ Object

Short, customer-visible summary of the detected activity

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 77

def description
  @description
end

#display_name ⇒ Object

Customer visible name for the Alert’s pattern

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 80

def display_name
  @display_name
end

#email_sent ⇒ Object

Boolean to know if we sent email regarding this Alert

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 83

def email_sent
  @email_sent
end

#external ⇒ Object

Boolean indicating if this Alert is internal or external

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 86

def external
  @external
end

#id ⇒ Object

Vertex key which triggers the formation of the Alert

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 89

def id
  @id
end

#is_aggregated ⇒ Object

Boolean indicating if this Alert is an aggregated alert

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 92

def is_aggregated
  @is_aggregated
end

#linked_behavioral_detections ⇒ Object

Linked Behavioral Detections are behavioral detections that are associated with this alert

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 95

def linked_behavioral_detections
  @linked_behavioral_detections
end

#linked_case_ids ⇒ Object

Linked Case Ids are cases that are associated with this alert

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 98

def linked_case_ids
  @linked_case_ids
end

#mitre_attack ⇒ Object

References to MITRE ATT&CK, which is a public framework for tracking and modeling adversary tools techniques and procedures

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 101

def mitre_attack
  @mitre_attack
end

#name ⇒ Object

Pattern Name coming either from Taxonomy or directly from the ingested Alert

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 104

def name
  @name
end

#objective ⇒ Object

End goal that an attack adversary intends to achieve according to MITRE

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 107

def objective
  @objective
end

#origin_cid ⇒ Object

Original CID value when the alert was first created, mirrors the cid field during alert creation

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 110

def origin_cid
  @origin_cid
end

#pattern_id ⇒ Object

Taxonomy patternID for this Alert

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 113

def pattern_id
  @pattern_id
end

#platform ⇒ Object

Platform that this Alert was triggered on e.g. Android, Windows, etc..

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 116

def platform
  @platform
end

#product ⇒ Object

Product specifies the SKU that this Alert belongs to e.g. mobile, idp, epp

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 119

def product
  @product
end

#resolution ⇒ Object

Alert resolution. Could be one of the following values: true_positive, false_positive, ignored

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 122

def resolution
  @resolution
end

#scenario ⇒ Object

Scenario was used pre-Handrails to display additional killchain context for UI alerts. With handrails, this field is mostly obsolete in favor of tactic/technique. Still, it can be useful for determining specific pattern types that are not straightforward to distinguish from other fields alone

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 125

def scenario
  @scenario
end

#seconds_to_resolved ⇒ Object

Seconds To Resolved represents the seconds elapsed since this alert has been resolved

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 128

def seconds_to_resolved
  @seconds_to_resolved
end

#seconds_to_triaged ⇒ Object

Seconds To Triage represents the seconds elapsed since this alert has been triaged

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 131

def seconds_to_triaged
  @seconds_to_triaged
end

#severity ⇒ Object

Severity is also a 1-100 integer value, but unlike confidence severity impacts how a Alert is displayed in the UI

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 134

def severity
  @severity
end

#severity_name ⇒ Object

Severity name is a UI friendly bucketing of the severity integer

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 137

def severity_name
  @severity_name
end

#show_in_ui ⇒ Object

Boolean indicating if this Alert will be shown in the UI or if it’s hidden’

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 140

def show_in_ui
  @show_in_ui
end

#source_products ⇒ Object

Source Products are products that produced events which contributed to this alert

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 143

def source_products
  @source_products
end

#source_vendors ⇒ Object

Source Vendors are vendors that produced events which contributed to this alert

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 146

def source_vendors
  @source_vendors
end

#status ⇒ Object

Could be one of the following - New, closed, in_progress, reopened

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 149

def status
  @status
end

#tactic ⇒ Object

Tactic and Technique are references to MITRE ATT&CK, which is a public framework for tracking and modeling adversary tools techniques and procedures

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 152

def tactic
  @tactic
end

#tactic_id ⇒ Object

Unique ID for the tactic seen in the Alert

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 155

def tactic_id
  @tactic_id
end

#tags ⇒ Object

Tags are string values associated with the alert that can be added or removed through the API

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 158

def tags
  @tags
end

#technique ⇒ Object

Tactic and Technique are references to MITRE ATT&CK, which is a public framework for tracking and modeling adversary tools techniques and procedures

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 161

def technique
  @technique
end

#technique_id ⇒ Object

Unique ID for the technique seen in the Alert

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 164

def technique_id
  @technique_id
end

#timestamp ⇒ Object

stored value coming in directly from the ingested event or set by cloud in the absence of it

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 167

def timestamp
  @timestamp
end

#type ⇒ Object

Type of definition Detections Extensibility use. Keyed-off of Pattern of the incoming events/Alerts

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 170

def type
  @type
end

#updated_timestamp ⇒ Object

indicates when the Alert was last modified

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 173

def updated_timestamp
  @updated_timestamp
end

Class Method Details

.acceptable_attributes ⇒ Object

Returns all the JSON keys this model knows about

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 229

def self.acceptable_attributes
  attribute_map.values
end

.attribute_map ⇒ Object

Attribute mapping from ruby-style variable name to JSON key.

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 176

def self.attribute_map
  {
    :'agent_id' => :'agent_id',
    :'aggregate_id' => :'aggregate_id',
    :'aggregation_rule_id' => :'aggregation_rule_id',
    :'aggregation_rule_name' => :'aggregation_rule_name',
    :'assigned_to_name' => :'assigned_to_name',
    :'assigned_to_uid' => :'assigned_to_uid',
    :'assigned_to_uuid' => :'assigned_to_uuid',
    :'cid' => :'cid',
    :'cms_rule_id' => :'cms_rule_id',
    :'composite_id' => :'composite_id',
    :'confidence' => :'confidence',
    :'crawled_timestamp' => :'crawled_timestamp',
    :'created_timestamp' => :'created_timestamp',
    :'data_domains' => :'data_domains',
    :'description' => :'description',
    :'display_name' => :'display_name',
    :'email_sent' => :'email_sent',
    :'external' => :'external',
    :'id' => :'id',
    :'is_aggregated' => :'is_aggregated',
    :'linked_behavioral_detections' => :'linked_behavioral_detections',
    :'linked_case_ids' => :'linked_case_ids',
    :'mitre_attack' => :'mitre_attack',
    :'name' => :'name',
    :'objective' => :'objective',
    :'origin_cid' => :'origin_cid',
    :'pattern_id' => :'pattern_id',
    :'platform' => :'platform',
    :'product' => :'product',
    :'resolution' => :'resolution',
    :'scenario' => :'scenario',
    :'seconds_to_resolved' => :'seconds_to_resolved',
    :'seconds_to_triaged' => :'seconds_to_triaged',
    :'severity' => :'severity',
    :'severity_name' => :'severity_name',
    :'show_in_ui' => :'show_in_ui',
    :'source_products' => :'source_products',
    :'source_vendors' => :'source_vendors',
    :'status' => :'status',
    :'tactic' => :'tactic',
    :'tactic_id' => :'tactic_id',
    :'tags' => :'tags',
    :'technique' => :'technique',
    :'technique_id' => :'technique_id',
    :'timestamp' => :'timestamp',
    :'type' => :'type',
    :'updated_timestamp' => :'updated_timestamp'
  }
end

.build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 827

def self.build_from_hash(attributes)
  new.build_from_hash(attributes)
end

.openapi_nullable ⇒ Object

List of attributes with nullable: true

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 287

def self.openapi_nullable
  Set.new([
  ])
end

.openapi_types ⇒ Object

Attribute type mapping.

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 234

def self.openapi_types
  {
    :'agent_id' => :'String',
    :'aggregate_id' => :'String',
    :'aggregation_rule_id' => :'String',
    :'aggregation_rule_name' => :'String',
    :'assigned_to_name' => :'String',
    :'assigned_to_uid' => :'String',
    :'assigned_to_uuid' => :'String',
    :'cid' => :'String',
    :'cms_rule_id' => :'String',
    :'composite_id' => :'String',
    :'confidence' => :'Integer',
    :'crawled_timestamp' => :'Time',
    :'created_timestamp' => :'Time',
    :'data_domains' => :'Array<String>',
    :'description' => :'String',
    :'display_name' => :'String',
    :'email_sent' => :'Boolean',
    :'external' => :'Boolean',
    :'id' => :'String',
    :'is_aggregated' => :'Boolean',
    :'linked_behavioral_detections' => :'Array<String>',
    :'linked_case_ids' => :'Array<String>',
    :'mitre_attack' => :'Array<DetectsMitreAttackMapping>',
    :'name' => :'String',
    :'objective' => :'String',
    :'origin_cid' => :'String',
    :'pattern_id' => :'Integer',
    :'platform' => :'String',
    :'product' => :'String',
    :'resolution' => :'String',
    :'scenario' => :'String',
    :'seconds_to_resolved' => :'Integer',
    :'seconds_to_triaged' => :'Integer',
    :'severity' => :'Integer',
    :'severity_name' => :'String',
    :'show_in_ui' => :'Boolean',
    :'source_products' => :'Array<String>',
    :'source_vendors' => :'Array<String>',
    :'status' => :'String',
    :'tactic' => :'String',
    :'tactic_id' => :'String',
    :'tags' => :'Array<String>',
    :'technique' => :'String',
    :'technique_id' => :'String',
    :'timestamp' => :'Time',
    :'type' => :'String',
    :'updated_timestamp' => :'Time'
  }
end

Instance Method Details

#==(o) ⇒ Object

Checks equality by comparing each attribute.

Parameters:

• Object (Object) —

  to be compared

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 760

def ==(o)
  return true if self.equal?(o)
  self.class == o.class &&
      agent_id == o.agent_id &&
      aggregate_id == o.aggregate_id &&
      aggregation_rule_id == o.aggregation_rule_id &&
      aggregation_rule_name == o.aggregation_rule_name &&
      assigned_to_name == o.assigned_to_name &&
      assigned_to_uid == o.assigned_to_uid &&
      assigned_to_uuid == o.assigned_to_uuid &&
      cid == o.cid &&
      cms_rule_id == o.cms_rule_id &&
      composite_id == o.composite_id &&
      confidence == o.confidence &&
      crawled_timestamp == o.crawled_timestamp &&
      created_timestamp == o.created_timestamp &&
      data_domains == o.data_domains &&
      description == o.description &&
      display_name == o.display_name &&
      email_sent == o.email_sent &&
      external == o.external &&
      id == o.id &&
      is_aggregated == o.is_aggregated &&
      linked_behavioral_detections == o.linked_behavioral_detections &&
      linked_case_ids == o.linked_case_ids &&
      mitre_attack == o.mitre_attack &&
      name == o.name &&
      objective == o.objective &&
      origin_cid == o.origin_cid &&
      pattern_id == o.pattern_id &&
      platform == o.platform &&
      product == o.product &&
      resolution == o.resolution &&
      scenario == o.scenario &&
      seconds_to_resolved == o.seconds_to_resolved &&
      seconds_to_triaged == o.seconds_to_triaged &&
      severity == o.severity &&
      severity_name == o.severity_name &&
      show_in_ui == o.show_in_ui &&
      source_products == o.source_products &&
      source_vendors == o.source_vendors &&
      status == o.status &&
      tactic == o.tactic &&
      tactic_id == o.tactic_id &&
      tags == o.tags &&
      technique == o.technique &&
      technique_id == o.technique_id &&
      timestamp == o.timestamp &&
      type == o.type &&
      updated_timestamp == o.updated_timestamp
end

#_deserialize(type, value) ⇒ Object

Deserializes the data based on type

Parameters:

• string —

  type Data type

• string —

  value Value to be deserialized

Returns:

• (Object) —

  Deserialized data

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 858

def _deserialize(type, value)
  case type.to_sym
  when :Time
    Time.parse(value)
  when :Date
    Date.parse(value)
  when :String
    value.to_s
  when :Integer
    value.to_i
  when :Float
    value.to_f
  when :Boolean
    if value.to_s =~ /\A(true|t|yes|y|1)\z/i
      true
    else
      false
    end
  when :Object
    # generic object (usually a Hash), return directly
    value
  when /\AArray<(?<inner_type>.+)>\z/
    inner_type = Regexp.last_match[:inner_type]
    value.map { |v| _deserialize(inner_type, v) }
  when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
    k_type = Regexp.last_match[:k_type]
    v_type = Regexp.last_match[:v_type]
    {}.tap do |hash|
      value.each do |k, v|
        hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
      end
    end
  else # model
    # models (e.g. Pet) or oneOf
    klass = Falcon.const_get(type)
    klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
  end
end

#_to_hash(value) ⇒ Hash

Outputs non-array value in the form of hash For object, use to_hash. Otherwise, just return the value

Parameters:

• value (Object) —

  Any valid value

Returns:

• (Hash) —

  Returns the value in the form of hash

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 929

def _to_hash(value)
  if value.is_a?(Array)
    value.compact.map { |v| _to_hash(v) }
  elsif value.is_a?(Hash)
    {}.tap do |hash|
      value.each { |k, v| hash[k] = _to_hash(v) }
    end
  elsif value.respond_to? :to_hash
    value.to_hash
  else
    value
  end
end

#build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 834

def build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)
  attributes = attributes.transform_keys(&:to_sym)
  self.class.openapi_types.each_pair do |key, type|
    if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
      self.send("#{key}=", nil)
    elsif type =~ /\AArray<(.*)>/i
      # check to ensure the input is an array given that the attribute
      # is documented as an array but the input is not
      if attributes[self.class.attribute_map[key]].is_a?(Array)
        self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
      end
    elsif !attributes[self.class.attribute_map[key]].nil?
      self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
    end
  end

  self
end

#eql?(o) ⇒ Boolean

Parameters:

• Object (Object) —

  to be compared

Returns:

• (Boolean)

See Also:

• `==` method

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 814

def eql?(o)
  self == o
end

#hash ⇒ Integer

Calculates hash code according to all attributes.

Returns:

• (Integer) —

  Hash code

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 820

def hash
  [agent_id, aggregate_id, aggregation_rule_id, aggregation_rule_name, assigned_to_name, assigned_to_uid, assigned_to_uuid, cid, cms_rule_id, composite_id, confidence, crawled_timestamp, created_timestamp, data_domains, description, display_name, email_sent, external, id, is_aggregated, linked_behavioral_detections, linked_case_ids, mitre_attack, name, objective, origin_cid, pattern_id, platform, product, resolution, scenario, seconds_to_resolved, seconds_to_triaged, severity, severity_name, show_in_ui, source_products, source_vendors, status, tactic, tactic_id, tags, technique, technique_id, timestamp, type, updated_timestamp].hash
end

#list_invalid_properties ⇒ Object

Show invalid properties with the reasons. Usually used together with valid?

Returns:

• Array for valid properties with the reasons

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 512

def list_invalid_properties
  invalid_properties = Array.new
  if @agent_id.nil?
    invalid_properties.push('invalid value for "agent_id", agent_id cannot be nil.')
  end

  if @aggregate_id.nil?
    invalid_properties.push('invalid value for "aggregate_id", aggregate_id cannot be nil.')
  end

  if @aggregation_rule_id.nil?
    invalid_properties.push('invalid value for "aggregation_rule_id", aggregation_rule_id cannot be nil.')
  end

  if @aggregation_rule_name.nil?
    invalid_properties.push('invalid value for "aggregation_rule_name", aggregation_rule_name cannot be nil.')
  end

  if @assigned_to_name.nil?
    invalid_properties.push('invalid value for "assigned_to_name", assigned_to_name cannot be nil.')
  end

  if @assigned_to_uid.nil?
    invalid_properties.push('invalid value for "assigned_to_uid", assigned_to_uid cannot be nil.')
  end

  if @assigned_to_uuid.nil?
    invalid_properties.push('invalid value for "assigned_to_uuid", assigned_to_uuid cannot be nil.')
  end

  if @cid.nil?
    invalid_properties.push('invalid value for "cid", cid cannot be nil.')
  end

  if @cms_rule_id.nil?
    invalid_properties.push('invalid value for "cms_rule_id", cms_rule_id cannot be nil.')
  end

  if @composite_id.nil?
    invalid_properties.push('invalid value for "composite_id", composite_id cannot be nil.')
  end

  if @confidence.nil?
    invalid_properties.push('invalid value for "confidence", confidence cannot be nil.')
  end

  if @crawled_timestamp.nil?
    invalid_properties.push('invalid value for "crawled_timestamp", crawled_timestamp cannot be nil.')
  end

  if @created_timestamp.nil?
    invalid_properties.push('invalid value for "created_timestamp", created_timestamp cannot be nil.')
  end

  if @data_domains.nil?
    invalid_properties.push('invalid value for "data_domains", data_domains cannot be nil.')
  end

  if @description.nil?
    invalid_properties.push('invalid value for "description", description cannot be nil.')
  end

  if @display_name.nil?
    invalid_properties.push('invalid value for "display_name", display_name cannot be nil.')
  end

  if @email_sent.nil?
    invalid_properties.push('invalid value for "email_sent", email_sent cannot be nil.')
  end

  if @external.nil?
    invalid_properties.push('invalid value for "external", external cannot be nil.')
  end

  if @id.nil?
    invalid_properties.push('invalid value for "id", id cannot be nil.')
  end

  if @is_aggregated.nil?
    invalid_properties.push('invalid value for "is_aggregated", is_aggregated cannot be nil.')
  end

  if @linked_behavioral_detections.nil?
    invalid_properties.push('invalid value for "linked_behavioral_detections", linked_behavioral_detections cannot be nil.')
  end

  if @linked_case_ids.nil?
    invalid_properties.push('invalid value for "linked_case_ids", linked_case_ids cannot be nil.')
  end

  if @mitre_attack.nil?
    invalid_properties.push('invalid value for "mitre_attack", mitre_attack cannot be nil.')
  end

  if @name.nil?
    invalid_properties.push('invalid value for "name", name cannot be nil.')
  end

  if @objective.nil?
    invalid_properties.push('invalid value for "objective", objective cannot be nil.')
  end

  if @origin_cid.nil?
    invalid_properties.push('invalid value for "origin_cid", origin_cid cannot be nil.')
  end

  if @pattern_id.nil?
    invalid_properties.push('invalid value for "pattern_id", pattern_id cannot be nil.')
  end

  if @platform.nil?
    invalid_properties.push('invalid value for "platform", platform cannot be nil.')
  end

  if @product.nil?
    invalid_properties.push('invalid value for "product", product cannot be nil.')
  end

  if @resolution.nil?
    invalid_properties.push('invalid value for "resolution", resolution cannot be nil.')
  end

  if @scenario.nil?
    invalid_properties.push('invalid value for "scenario", scenario cannot be nil.')
  end

  if @seconds_to_resolved.nil?
    invalid_properties.push('invalid value for "seconds_to_resolved", seconds_to_resolved cannot be nil.')
  end

  if @seconds_to_triaged.nil?
    invalid_properties.push('invalid value for "seconds_to_triaged", seconds_to_triaged cannot be nil.')
  end

  if @severity.nil?
    invalid_properties.push('invalid value for "severity", severity cannot be nil.')
  end

  if @severity_name.nil?
    invalid_properties.push('invalid value for "severity_name", severity_name cannot be nil.')
  end

  if @show_in_ui.nil?
    invalid_properties.push('invalid value for "show_in_ui", show_in_ui cannot be nil.')
  end

  if @source_products.nil?
    invalid_properties.push('invalid value for "source_products", source_products cannot be nil.')
  end

  if @source_vendors.nil?
    invalid_properties.push('invalid value for "source_vendors", source_vendors cannot be nil.')
  end

  if @status.nil?
    invalid_properties.push('invalid value for "status", status cannot be nil.')
  end

  if @tactic.nil?
    invalid_properties.push('invalid value for "tactic", tactic cannot be nil.')
  end

  if @tactic_id.nil?
    invalid_properties.push('invalid value for "tactic_id", tactic_id cannot be nil.')
  end

  if @tags.nil?
    invalid_properties.push('invalid value for "tags", tags cannot be nil.')
  end

  if @technique.nil?
    invalid_properties.push('invalid value for "technique", technique cannot be nil.')
  end

  if @technique_id.nil?
    invalid_properties.push('invalid value for "technique_id", technique_id cannot be nil.')
  end

  if @timestamp.nil?
    invalid_properties.push('invalid value for "timestamp", timestamp cannot be nil.')
  end

  if @type.nil?
    invalid_properties.push('invalid value for "type", type cannot be nil.')
  end

  if @updated_timestamp.nil?
    invalid_properties.push('invalid value for "updated_timestamp", updated_timestamp cannot be nil.')
  end

  invalid_properties
end

#to_body ⇒ Hash

to_body is an alias to to_hash (backward compatibility)

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 905

def to_body
  to_hash
end

#to_hash ⇒ Hash

Returns the object in the form of hash

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 911

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = self.send(attr)
    if value.nil?
      is_nullable = self.class.openapi_nullable.include?(attr)
      next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
    end

    hash[param] = _to_hash(value)
  end
  hash
end

#to_s ⇒ String

Returns the string representation of the object

Returns:

• (String) —

  String presentation of the object

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 899

def to_s
  to_hash.to_s
end

#valid? ⇒ Boolean

Check to see if the all the properties in the model are valid

Returns:

• (Boolean) —

  true if the model is valid

# File 'lib/crimson-falcon/models/detects_external_alert.rb', line 707

def valid?
  return false if @agent_id.nil?
  return false if @aggregate_id.nil?
  return false if @aggregation_rule_id.nil?
  return false if @aggregation_rule_name.nil?
  return false if @assigned_to_name.nil?
  return false if @assigned_to_uid.nil?
  return false if @assigned_to_uuid.nil?
  return false if @cid.nil?
  return false if @cms_rule_id.nil?
  return false if @composite_id.nil?
  return false if @confidence.nil?
  return false if @crawled_timestamp.nil?
  return false if @created_timestamp.nil?
  return false if @data_domains.nil?
  return false if @description.nil?
  return false if @display_name.nil?
  return false if @email_sent.nil?
  return false if @external.nil?
  return false if @id.nil?
  return false if @is_aggregated.nil?
  return false if @linked_behavioral_detections.nil?
  return false if @linked_case_ids.nil?
  return false if @mitre_attack.nil?
  return false if @name.nil?
  return false if @objective.nil?
  return false if @origin_cid.nil?
  return false if @pattern_id.nil?
  return false if @platform.nil?
  return false if @product.nil?
  return false if @resolution.nil?
  return false if @scenario.nil?
  return false if @seconds_to_resolved.nil?
  return false if @seconds_to_triaged.nil?
  return false if @severity.nil?
  return false if @severity_name.nil?
  return false if @show_in_ui.nil?
  return false if @source_products.nil?
  return false if @source_vendors.nil?
  return false if @status.nil?
  return false if @tactic.nil?
  return false if @tactic_id.nil?
  return false if @tags.nil?
  return false if @technique.nil?
  return false if @technique_id.nil?
  return false if @timestamp.nil?
  return false if @type.nil?
  return false if @updated_timestamp.nil?
  true
end