Class: Falcon::Discover

Inherits:

Object

• Object
• Falcon::Discover

Defined in:

lib/crimson-falcon/api/discover.rb

Instance Attribute Summary

• #api_client ⇒ Object

  Returns the value of attribute api_client.

Instance Method Summary

• #combined_applications(filter, opts = {}) ⇒ DomainDiscoverAPICombinedApplicationsResponse

  Search for applications in your environment by providing an FQL filter and paging details.

• #combined_applications_with_http_info(filter, opts = {}) ⇒ Array<(DomainDiscoverAPICombinedApplicationsResponse, Integer, Hash)>

  Search for applications in your environment by providing an FQL filter and paging details.

• #combined_hosts(filter, opts = {}) ⇒ DomainDiscoverAPICombinedHostsResponse

  Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details.

• #combined_hosts_with_http_info(filter, opts = {}) ⇒ Array<(DomainDiscoverAPICombinedHostsResponse, Integer, Hash)>

  Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details.

• #get_accounts(ids, opts = {}) ⇒ DomainDiscoverAPIAccountEntitiesResponse

  Get details on accounts by providing one or more IDs.

• #get_accounts_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPIAccountEntitiesResponse, Integer, Hash)>

  Get details on accounts by providing one or more IDs.

• #get_applications(ids, opts = {}) ⇒ DomainDiscoverAPIApplicationEntitiesResponse

  Get details on applications by providing one or more IDs.

• #get_applications_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPIApplicationEntitiesResponse, Integer, Hash)>

  Get details on applications by providing one or more IDs.

• #get_hosts(ids, opts = {}) ⇒ DomainDiscoverAPIHostEntitiesResponse

  Get details on assets by providing one or more IDs.

• #get_hosts_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPIHostEntitiesResponse, Integer, Hash)>

  Get details on assets by providing one or more IDs.

• #get_logins(ids, opts = {}) ⇒ DomainDiscoverAPILoginEntitiesResponse

  Get details on logins by providing one or more IDs.

• #get_logins_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPILoginEntitiesResponse, Integer, Hash)>

  Get details on logins by providing one or more IDs.

• #initialize(api_client = ApiClient.default) ⇒ Discover constructor

  A new instance of Discover.

• #query_accounts(opts = {}) ⇒ MsaQueryResponse

  Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details.

• #query_accounts_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

  Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details.

• #query_applications(opts = {}) ⇒ MsaspecQueryResponse

  Search for applications in your environment by providing an FQL filter and paging details.

• #query_applications_with_http_info(opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

  Search for applications in your environment by providing an FQL filter and paging details.

• #query_hosts(opts = {}) ⇒ MsaspecQueryResponse

  Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details.

• #query_hosts_with_http_info(opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

  Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details.

• #query_logins(opts = {}) ⇒ MsaQueryResponse

  Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details.

• #query_logins_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

  Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details.

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ Discover

Returns a new instance of Discover.

# File 'lib/crimson-falcon/api/discover.rb', line 35

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_client ⇒ Object

Returns the value of attribute api_client.

# File 'lib/crimson-falcon/api/discover.rb', line 33

def api_client
  @api_client
end

Instance Method Details

#combined_applications(filter, opts = {}) ⇒ DomainDiscoverAPICombinedApplicationsResponse

Search for applications in your environment by providing an FQL filter and paging details. Returns details on applications which match the filter criteria.

Parameters:

• filter (String) —

  Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, category, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!).

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :after (String) —

  A pagination token used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don&#39;t provide an &#x60;after&#x60; token. On subsequent requests, provide the &#x60;after&#x60; token from the previous response to continue from that place in the results.

• :limit (Integer) —

  The number of application ids to return in this response (Min: 1, Max: 1000, Default: 100). Use with the &#x60;after&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort applications by their properties. A single sort field is allowed.

• :facet (Array<String>) —

  Select various details blocks to be returned for each application entity. Supported values: &lt;ul&gt;&lt;li&gt;browser_extension&lt;/li&gt;&lt;li&gt;host_info&lt;/li&gt;&lt;li&gt;install_usage&lt;/li&gt;&lt;li&gt;dev_package&lt;/li&gt;&lt;li&gt;ide_extension&lt;/li&gt;&lt;/ul&gt;

Returns:

• (DomainDiscoverAPICombinedApplicationsResponse)

# File 'lib/crimson-falcon/api/discover.rb', line 46

def combined_applications(filter, opts = {})
  data, _status_code, _headers = combined_applications_with_http_info(filter, opts)
  data
end

#combined_applications_with_http_info(filter, opts = {}) ⇒ Array<(DomainDiscoverAPICombinedApplicationsResponse, Integer, Hash)>

Search for applications in your environment by providing an FQL filter and paging details. Returns details on applications which match the filter criteria.

Parameters:

• filter (String) —

  Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, category, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!).

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :after (String) —

  A pagination token used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don&#39;t provide an &#x60;after&#x60; token. On subsequent requests, provide the &#x60;after&#x60; token from the previous response to continue from that place in the results.

• :limit (Integer) —

  The number of application ids to return in this response (Min: 1, Max: 1000, Default: 100). Use with the &#x60;after&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort applications by their properties. A single sort field is allowed.

• :facet (Array<String>) —

  Select various details blocks to be returned for each application entity. Supported values: &lt;ul&gt;&lt;li&gt;browser_extension&lt;/li&gt;&lt;li&gt;host_info&lt;/li&gt;&lt;li&gt;install_usage&lt;/li&gt;&lt;li&gt;dev_package&lt;/li&gt;&lt;li&gt;ide_extension&lt;/li&gt;&lt;/ul&gt;

Returns:

• (Array<(DomainDiscoverAPICombinedApplicationsResponse, Integer, Hash)>) —

  DomainDiscoverAPICombinedApplicationsResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover.rb', line 59

def combined_applications_with_http_info(filter, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Discover.combined_applications ...'
  end
  # verify the required parameter 'filter' is set
  if @api_client.config.client_side_validation && filter.nil?
    fail ArgumentError, "Missing the required parameter 'filter' when calling Discover.combined_applications"
  end
  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 1000
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Discover.combined_applications, must be smaller than or equal to 1000.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Discover.combined_applications, must be greater than or equal to 1.'
  end

  # resource path
  local_var_path = '/discover/combined/applications/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'filter'] = filter
  query_params[:'after'] = opts[:'after'] if !opts[:'after'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'facet'] = @api_client.build_collection_param(opts[:'facet'], :multi) if !opts[:'facet'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainDiscoverAPICombinedApplicationsResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Discover.combined_applications",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Discover#combined_applications\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#combined_hosts(filter, opts = {}) ⇒ DomainDiscoverAPICombinedHostsResponse

Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns details on assets which match the filter criteria.

Parameters:

• filter (String) —

  Filter assets using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;entity_type:&#39;managed&#39;&lt;/li&gt;&lt;li&gt;product_type_desc:&#39;Workstation&#39;&lt;/li&gt;&lt;li&gt;platform_name:&#39;Windows&#39;&lt;/li&gt;&lt;li&gt;last_seen_timestamp:&gt;&#39;now-7d&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by, scan_details.scan_id, scan_details.schedule_id Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by, scan_details.scan_id, scan_details.schedule_id Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp, scan_details.scan_date, vulnerability_assessment_date All filter fields and operations supports negation (!).

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :after (String) —

  A pagination token used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don&#39;t provide an &#x60;after&#x60; token. On subsequent requests, provide the &#x60;after&#x60; token from the previous response to continue from that place in the results.

• :limit (Integer) —

  The number of asset IDs to return in this response (min: 1, max: 1000, default: 100). Use with the &#x60;after&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort assets by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;hostname|asc&lt;/li&gt;&lt;li&gt;product_type_desc|desc&lt;/li&gt;&lt;/ul&gt;

• :facet (Array<String>) —

  Select various details blocks to be returned for each host entity. Supported values: &lt;ul&gt;&lt;li&gt;system_insights&lt;/li&gt;&lt;li&gt;third_party&lt;/li&gt;&lt;li&gt;risk_factors&lt;/li&gt;&lt;/ul&gt;

Returns:

• (DomainDiscoverAPICombinedHostsResponse)

# File 'lib/crimson-falcon/api/discover.rb', line 128

def combined_hosts(filter, opts = {})
  data, _status_code, _headers = combined_hosts_with_http_info(filter, opts)
  data
end

#combined_hosts_with_http_info(filter, opts = {}) ⇒ Array<(DomainDiscoverAPICombinedHostsResponse, Integer, Hash)>

Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns details on assets which match the filter criteria.

Parameters:

• filter (String) —

  Filter assets using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;entity_type:&#39;managed&#39;&lt;/li&gt;&lt;li&gt;product_type_desc:&#39;Workstation&#39;&lt;/li&gt;&lt;li&gt;platform_name:&#39;Windows&#39;&lt;/li&gt;&lt;li&gt;last_seen_timestamp:&gt;&#39;now-7d&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by, scan_details.scan_id, scan_details.schedule_id Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by, scan_details.scan_id, scan_details.schedule_id Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp, scan_details.scan_date, vulnerability_assessment_date All filter fields and operations supports negation (!).

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :after (String) —

  A pagination token used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don&#39;t provide an &#x60;after&#x60; token. On subsequent requests, provide the &#x60;after&#x60; token from the previous response to continue from that place in the results.

• :limit (Integer) —

  The number of asset IDs to return in this response (min: 1, max: 1000, default: 100). Use with the &#x60;after&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort assets by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;hostname|asc&lt;/li&gt;&lt;li&gt;product_type_desc|desc&lt;/li&gt;&lt;/ul&gt;

• :facet (Array<String>) —

  Select various details blocks to be returned for each host entity. Supported values: &lt;ul&gt;&lt;li&gt;system_insights&lt;/li&gt;&lt;li&gt;third_party&lt;/li&gt;&lt;li&gt;risk_factors&lt;/li&gt;&lt;/ul&gt;

Returns:

• (Array<(DomainDiscoverAPICombinedHostsResponse, Integer, Hash)>) —

  DomainDiscoverAPICombinedHostsResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover.rb', line 141

def combined_hosts_with_http_info(filter, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Discover.combined_hosts ...'
  end
  # verify the required parameter 'filter' is set
  if @api_client.config.client_side_validation && filter.nil?
    fail ArgumentError, "Missing the required parameter 'filter' when calling Discover.combined_hosts"
  end
  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 1000
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Discover.combined_hosts, must be smaller than or equal to 1000.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Discover.combined_hosts, must be greater than or equal to 1.'
  end

  # resource path
  local_var_path = '/discover/combined/hosts/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'filter'] = filter
  query_params[:'after'] = opts[:'after'] if !opts[:'after'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'facet'] = @api_client.build_collection_param(opts[:'facet'], :multi) if !opts[:'facet'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainDiscoverAPICombinedHostsResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Discover.combined_hosts",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Discover#combined_hosts\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_accounts(ids, opts = {}) ⇒ DomainDiscoverAPIAccountEntitiesResponse

Get details on accounts by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  One or more account IDs (max: 100). Find account IDs with GET &#x60;/discover/queries/accounts/v1&#x60;

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainDiscoverAPIAccountEntitiesResponse)

# File 'lib/crimson-falcon/api/discover.rb', line 206

def get_accounts(ids, opts = {})
  data, _status_code, _headers = get_accounts_with_http_info(ids, opts)
  data
end

#get_accounts_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPIAccountEntitiesResponse, Integer, Hash)>

Get details on accounts by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  One or more account IDs (max: 100). Find account IDs with GET &#x60;/discover/queries/accounts/v1&#x60;

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainDiscoverAPIAccountEntitiesResponse, Integer, Hash)>) —

  DomainDiscoverAPIAccountEntitiesResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover.rb', line 215

def get_accounts_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Discover.get_accounts ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Discover.get_accounts"
  end
  # resource path
  local_var_path = '/discover/entities/accounts/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainDiscoverAPIAccountEntitiesResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Discover.get_accounts",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Discover#get_accounts\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_applications(ids, opts = {}) ⇒ DomainDiscoverAPIApplicationEntitiesResponse

Get details on applications by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  The IDs of applications to retrieve. (Min: 1, Max: 100)

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainDiscoverAPIApplicationEntitiesResponse)

# File 'lib/crimson-falcon/api/discover.rb', line 268

def get_applications(ids, opts = {})
  data, _status_code, _headers = get_applications_with_http_info(ids, opts)
  data
end

#get_applications_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPIApplicationEntitiesResponse, Integer, Hash)>

Get details on applications by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  The IDs of applications to retrieve. (Min: 1, Max: 100)

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainDiscoverAPIApplicationEntitiesResponse, Integer, Hash)>) —

  DomainDiscoverAPIApplicationEntitiesResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover.rb', line 277

def get_applications_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Discover.get_applications ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Discover.get_applications"
  end
  # resource path
  local_var_path = '/discover/entities/applications/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainDiscoverAPIApplicationEntitiesResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Discover.get_applications",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Discover#get_applications\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_hosts(ids, opts = {}) ⇒ DomainDiscoverAPIHostEntitiesResponse

Get details on assets by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  One or more asset IDs (max: 100). Find asset IDs with GET &#x60;/discover/queries/hosts/v1&#x60;

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainDiscoverAPIHostEntitiesResponse)

# File 'lib/crimson-falcon/api/discover.rb', line 330

def get_hosts(ids, opts = {})
  data, _status_code, _headers = get_hosts_with_http_info(ids, opts)
  data
end

#get_hosts_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPIHostEntitiesResponse, Integer, Hash)>

Get details on assets by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  One or more asset IDs (max: 100). Find asset IDs with GET &#x60;/discover/queries/hosts/v1&#x60;

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainDiscoverAPIHostEntitiesResponse, Integer, Hash)>) —

  DomainDiscoverAPIHostEntitiesResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover.rb', line 339

def get_hosts_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Discover.get_hosts ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Discover.get_hosts"
  end
  # resource path
  local_var_path = '/discover/entities/hosts/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainDiscoverAPIHostEntitiesResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Discover.get_hosts",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Discover#get_hosts\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_logins(ids, opts = {}) ⇒ DomainDiscoverAPILoginEntitiesResponse

Get details on logins by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  One or more login IDs (max: 100). Find login IDs with GET &#x60;/discover/queries/logins/v1&#x60;

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainDiscoverAPILoginEntitiesResponse)

# File 'lib/crimson-falcon/api/discover.rb', line 392

def get_logins(ids, opts = {})
  data, _status_code, _headers = get_logins_with_http_info(ids, opts)
  data
end

#get_logins_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPILoginEntitiesResponse, Integer, Hash)>

Get details on logins by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  One or more login IDs (max: 100). Find login IDs with GET &#x60;/discover/queries/logins/v1&#x60;

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainDiscoverAPILoginEntitiesResponse, Integer, Hash)>) —

  DomainDiscoverAPILoginEntitiesResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover.rb', line 401

def get_logins_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Discover.get_logins ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Discover.get_logins"
  end
  # resource path
  local_var_path = '/discover/entities/logins/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainDiscoverAPILoginEntitiesResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Discover.get_logins",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Discover#get_logins\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_accounts(opts = {}) ⇒ MsaQueryResponse

Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of account IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort accounts by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;username|asc&lt;/li&gt;&lt;li&gt;last_failed_login_timestamp|desc&lt;/li&gt;&lt;/ul&gt;

• :filter (String) —

  Filter accounts using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;account_type:&#39;Local&#39;&lt;/li&gt;&lt;li&gt;admin_privileges:&#39;Yes&#39;&lt;/li&gt;&lt;li&gt;first_seen_timestamp:&lt;&#39;now-7d&#39;&lt;/li&gt;&lt;li&gt;last_successful_login_type:&#39;Terminal server&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, cid, user_sid, account_name, username, account_type, admin_privileges, first_seen_timestamp, last_successful_login_type, last_successful_login_timestamp, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_timestamp, last_failed_login_hostname, password_last_set_timestamp, local_admin_privileges Available filter fields that supports wildcard (*): id, cid, user_sid, account_name, username, account_type, admin_privileges, last_successful_login_type, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_hostname, local_admin_privileges Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, last_successful_login_timestamp,last_failed_login_timestamp, password_last_set_timestamp All filter fields and operations supports negation (!).

Returns:

• (MsaQueryResponse)

# File 'lib/crimson-falcon/api/discover.rb', line 457

def query_accounts(opts = {})
  data, _status_code, _headers = query_accounts_with_http_info(opts)
  data
end

#query_accounts_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of account IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort accounts by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;username|asc&lt;/li&gt;&lt;li&gt;last_failed_login_timestamp|desc&lt;/li&gt;&lt;/ul&gt;

• :filter (String) —

  Filter accounts using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;account_type:&#39;Local&#39;&lt;/li&gt;&lt;li&gt;admin_privileges:&#39;Yes&#39;&lt;/li&gt;&lt;li&gt;first_seen_timestamp:&lt;&#39;now-7d&#39;&lt;/li&gt;&lt;li&gt;last_successful_login_type:&#39;Terminal server&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, cid, user_sid, account_name, username, account_type, admin_privileges, first_seen_timestamp, last_successful_login_type, last_successful_login_timestamp, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_timestamp, last_failed_login_hostname, password_last_set_timestamp, local_admin_privileges Available filter fields that supports wildcard (*): id, cid, user_sid, account_name, username, account_type, admin_privileges, last_successful_login_type, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_hostname, local_admin_privileges Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, last_successful_login_timestamp,last_failed_login_timestamp, password_last_set_timestamp All filter fields and operations supports negation (!).

Returns:

• (Array<(MsaQueryResponse, Integer, Hash)>) —

  MsaQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover.rb', line 469

def query_accounts_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Discover.query_accounts ...'
  end
  if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
    fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling Discover.query_accounts, must be greater than or equal to 0.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Discover.query_accounts, must be smaller than or equal to 100.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Discover.query_accounts, must be greater than or equal to 1.'
  end

  # resource path
  local_var_path = '/discover/queries/accounts/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Discover.query_accounts",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Discover#query_accounts\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_applications(opts = {}) ⇒ MsaspecQueryResponse

Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of application ids to return in this response (Min: 1, Max: 100, Default: 100).

• :sort (String) —

  Sort applications by their properties. A single sort field is allowed.

• :filter (String) —

  Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, category, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!).

Returns:

• (MsaspecQueryResponse)

# File 'lib/crimson-falcon/api/discover.rb', line 536

def query_applications(opts = {})
  data, _status_code, _headers = query_applications_with_http_info(opts)
  data
end

#query_applications_with_http_info(opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of application ids to return in this response (Min: 1, Max: 100, Default: 100).

• :sort (String) —

  Sort applications by their properties. A single sort field is allowed.

• :filter (String) —

  Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, category, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!).

Returns:

• (Array<(MsaspecQueryResponse, Integer, Hash)>) —

  MsaspecQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover.rb', line 548

def query_applications_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Discover.query_applications ...'
  end
  if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
    fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling Discover.query_applications, must be greater than or equal to 0.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Discover.query_applications, must be smaller than or equal to 100.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Discover.query_applications, must be greater than or equal to 1.'
  end

  # resource path
  local_var_path = '/discover/queries/applications/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Discover.query_applications",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Discover#query_applications\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_hosts(opts = {}) ⇒ MsaspecQueryResponse

Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort assets by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;hostname|asc&lt;/li&gt;&lt;li&gt;product_type_desc|desc&lt;/li&gt;&lt;/ul&gt;

• :filter (String) —

  Filter assets using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;entity_type:&#39;managed&#39;&lt;/li&gt;&lt;li&gt;product_type_desc:&#39;Workstation&#39;&lt;/li&gt;&lt;li&gt;platform_name:&#39;Windows&#39;&lt;/li&gt;&lt;li&gt;last_seen_timestamp:&gt;&#39;now-7d&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by, scan_details.scan_id, scan_details.schedule_id Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by, scan_details.scan_id, scan_details.schedule_id Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp, scan_details.scan_date, vulnerability_assessment_date All filter fields and operations supports negation (!).

Returns:

• (MsaspecQueryResponse)

# File 'lib/crimson-falcon/api/discover.rb', line 615

def query_hosts(opts = {})
  data, _status_code, _headers = query_hosts_with_http_info(opts)
  data
end

#query_hosts_with_http_info(opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort assets by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;hostname|asc&lt;/li&gt;&lt;li&gt;product_type_desc|desc&lt;/li&gt;&lt;/ul&gt;

• :filter (String) —

  Filter assets using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;entity_type:&#39;managed&#39;&lt;/li&gt;&lt;li&gt;product_type_desc:&#39;Workstation&#39;&lt;/li&gt;&lt;li&gt;platform_name:&#39;Windows&#39;&lt;/li&gt;&lt;li&gt;last_seen_timestamp:&gt;&#39;now-7d&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by, scan_details.scan_id, scan_details.schedule_id Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by, scan_details.scan_id, scan_details.schedule_id Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp, scan_details.scan_date, vulnerability_assessment_date All filter fields and operations supports negation (!).

Returns:

• (Array<(MsaspecQueryResponse, Integer, Hash)>) —

  MsaspecQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover.rb', line 627

def query_hosts_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Discover.query_hosts ...'
  end
  if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
    fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling Discover.query_hosts, must be greater than or equal to 0.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Discover.query_hosts, must be smaller than or equal to 100.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Discover.query_hosts, must be greater than or equal to 1.'
  end

  # resource path
  local_var_path = '/discover/queries/hosts/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Discover.query_hosts",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Discover#query_hosts\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_logins(opts = {}) ⇒ MsaQueryResponse

Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of login IDs which match the filter criteria. The API endpoint returns data only if the response set includes 10,000 or fewer items. This limit applies to the total API response size, regardless of your pagination sizes with the ‘limit` and `offset` parameters. If your response set includes more than 10,000 items, the CrowdStrike API returns an HTML 400 response instead. To avoid this issue, use the filter parameter to reduce the total number of items in the API response.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort logins by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;account_name|asc&lt;/li&gt;&lt;li&gt;login_timestamp|desc&lt;/li&gt;&lt;/ul&gt;

• :filter (String) —

  Filter logins using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;account_type:&#39;Local&#39;&lt;/li&gt;&lt;li&gt;login_type:&#39;Interactive&#39;&lt;/li&gt;&lt;li&gt;first_seen_timestamp:&lt;&#39;now-7d&#39;&lt;/li&gt;&lt;li&gt;admin_privileges:&#39;No&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_timestamp, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, is_suspicious, failure_description, login_event_count, aggregation_time_interval Available filter fields that supports wildcard (*): id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, failure_description, aggregation_time_interval Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): login_timestamp, login_event_count All filter fields and operations supports negation (!).

Returns:

• (MsaQueryResponse)

# File 'lib/crimson-falcon/api/discover.rb', line 695

def query_logins(opts = {})
  data, _status_code, _headers = query_logins_with_http_info(opts)
  data
end

#query_logins_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of login IDs which match the filter criteria. The API endpoint returns data only if the response set includes 10,000 or fewer items. This limit applies to the total API response size, regardless of your pagination sizes with the &#x60;limit&#x60; and &#x60;offset&#x60; parameters. If your response set includes more than 10,000 items, the CrowdStrike API returns an HTML 400 response instead. To avoid this issue, use the filter parameter to reduce the total number of items in the API response.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort logins by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;account_name|asc&lt;/li&gt;&lt;li&gt;login_timestamp|desc&lt;/li&gt;&lt;/ul&gt;

• :filter (String) —

  Filter logins using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;account_type:&#39;Local&#39;&lt;/li&gt;&lt;li&gt;login_type:&#39;Interactive&#39;&lt;/li&gt;&lt;li&gt;first_seen_timestamp:&lt;&#39;now-7d&#39;&lt;/li&gt;&lt;li&gt;admin_privileges:&#39;No&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_timestamp, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, is_suspicious, failure_description, login_event_count, aggregation_time_interval Available filter fields that supports wildcard (*): id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, failure_description, aggregation_time_interval Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): login_timestamp, login_event_count All filter fields and operations supports negation (!).

Returns:

• (Array<(MsaQueryResponse, Integer, Hash)>) —

  MsaQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover.rb', line 708

def query_logins_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Discover.query_logins ...'
  end
  if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
    fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling Discover.query_logins, must be greater than or equal to 0.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Discover.query_logins, must be smaller than or equal to 100.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Discover.query_logins, must be greater than or equal to 1.'
  end

  # resource path
  local_var_path = '/discover/queries/logins/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Discover.query_logins",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Discover#query_logins\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end