Class: Falcon::SadomainRule

Inherits:

Object

• Object
• Falcon::SadomainRule

Defined in:

lib/crimson-falcon/models/sadomain_rule.rb

Instance Attribute Summary

• #breach_monitor_only ⇒ Object

  Monitor only for exposed data.

• #breach_monitoring_enabled ⇒ Object

  Whether to monitor for exposed data.

• #cid ⇒ Object

  Returns the value of attribute cid.

• #created_by ⇒ Object

  The UUID of the user that created a given rule or or "Crowdstrike" if the rule was system generated.

• #created_timestamp ⇒ Object

  The creation time for a given rule.

• #filter ⇒ Object

  The FQL filter contained in a rule and used for searching.

• #id ⇒ Object

  The ID of a given rule.

• #lookback_period ⇒ Object

  The duration for which the rule will look back in the past at the first run.

• #match_on_tsq_result_types ⇒ Object

  Which result types to monitor for.

• #name ⇒ Object

  The name of a given rule.

• #originating_template_id ⇒ Object

  If the rule was generated based on a template, the id of the template.

• #ownership_assets ⇒ Object

  Returns the value of attribute ownership_assets.

• #permissions ⇒ Object

  The permissions for a given rule which specifies the rule’s access by other users.

• #priority ⇒ Object

  The priority of a given rule.

• #status ⇒ Object

  The status of a given rule.

• #status_message ⇒ Object

  The detailed status message of a given rule.

• #substring_matching_enabled ⇒ Object

  Whether to monitor for substring matches.

• #template_priority ⇒ Object

  Returns the value of attribute template_priority.

• #topic ⇒ Object

  The topic of a given rule.

• #updated_timestamp ⇒ Object

  The last updated time for a given rule.

• #user_id ⇒ Object

  The user ID of the user that created a given rule.

• #user_name ⇒ Object

  The user name of the user that created a given rule.

• #user_uuid ⇒ Object

  The UUID of the user that created a given rule.

Class Method Summary

• .acceptable_attributes ⇒ Object

  Returns all the JSON keys this model knows about.

• .attribute_map ⇒ Object

  Attribute mapping from ruby-style variable name to JSON key.

• .build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• .openapi_nullable ⇒ Object

  List of attributes with nullable: true.

• .openapi_types ⇒ Object

  Attribute type mapping.

Instance Method Summary

• #==(o) ⇒ Object

  Checks equality by comparing each attribute.

• #_deserialize(type, value) ⇒ Object

  Deserializes the data based on type.

• #_to_hash(value) ⇒ Hash

  Outputs non-array value in the form of hash For object, use to_hash.

• #build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• #eql?(o) ⇒ Boolean
• #hash ⇒ Integer

  Calculates hash code according to all attributes.

• #initialize(attributes = {}) ⇒ SadomainRule constructor

  Initializes the object.

• #list_invalid_properties ⇒ Object

  Show invalid properties with the reasons.

• #to_body ⇒ Hash

  to_body is an alias to to_hash (backward compatibility).

• #to_hash ⇒ Hash

  Returns the object in the form of hash.

• #to_s ⇒ String

  Returns the string representation of the object.

• #valid? ⇒ Boolean

  Check to see if the all the properties in the model are valid.

Constructor Details

#initialize(attributes = {}) ⇒ SadomainRule

Initializes the object

Parameters:

• attributes (Hash) (defaults to: {}) —

  Model attributes in the form of hash

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 171

def initialize(attributes = {})
  if (!attributes.is_a?(Hash))
    fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::SadomainRule` initialize method"
  end

  # check to see if the attribute exists and convert string to symbol for hash key
  attributes = attributes.each_with_object({}) { |(k, v), h|
    if (!self.class.attribute_map.key?(k.to_sym))
      fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::SadomainRule`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
    end
    h[k.to_sym] = v
  }

  if attributes.key?(:'breach_monitor_only')
    self.breach_monitor_only = attributes[:'breach_monitor_only']
  end

  if attributes.key?(:'breach_monitoring_enabled')
    self.breach_monitoring_enabled = attributes[:'breach_monitoring_enabled']
  end

  if attributes.key?(:'cid')
    self.cid = attributes[:'cid']
  end

  if attributes.key?(:'created_by')
    self.created_by = attributes[:'created_by']
  end

  if attributes.key?(:'created_timestamp')
    self.created_timestamp = attributes[:'created_timestamp']
  end

  if attributes.key?(:'filter')
    self.filter = attributes[:'filter']
  end

  if attributes.key?(:'id')
    self.id = attributes[:'id']
  end

  if attributes.key?(:'lookback_period')
    self.lookback_period = attributes[:'lookback_period']
  end

  if attributes.key?(:'match_on_tsq_result_types')
    if (value = attributes[:'match_on_tsq_result_types']).is_a?(Array)
      self.match_on_tsq_result_types = value
    end
  end

  if attributes.key?(:'name')
    self.name = attributes[:'name']
  end

  if attributes.key?(:'originating_template_id')
    self.originating_template_id = attributes[:'originating_template_id']
  end

  if attributes.key?(:'ownership_assets')
    self.ownership_assets = attributes[:'ownership_assets']
  end

  if attributes.key?(:'permissions')
    self.permissions = attributes[:'permissions']
  end

  if attributes.key?(:'priority')
    self.priority = attributes[:'priority']
  end

  if attributes.key?(:'status')
    self.status = attributes[:'status']
  end

  if attributes.key?(:'status_message')
    self.status_message = attributes[:'status_message']
  end

  if attributes.key?(:'substring_matching_enabled')
    self.substring_matching_enabled = attributes[:'substring_matching_enabled']
  end

  if attributes.key?(:'template_priority')
    self.template_priority = attributes[:'template_priority']
  end

  if attributes.key?(:'topic')
    self.topic = attributes[:'topic']
  end

  if attributes.key?(:'updated_timestamp')
    self.updated_timestamp = attributes[:'updated_timestamp']
  end

  if attributes.key?(:'user_id')
    self.user_id = attributes[:'user_id']
  end

  if attributes.key?(:'user_name')
    self.user_name = attributes[:'user_name']
  end

  if attributes.key?(:'user_uuid')
    self.user_uuid = attributes[:'user_uuid']
  end
end

Instance Attribute Details

#breach_monitor_only ⇒ Object

Monitor only for exposed data. Must be accompanied by breach_monitoring_enabled:true.

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 35

def breach_monitor_only
  @breach_monitor_only
end

#breach_monitoring_enabled ⇒ Object

Whether to monitor for exposed data. Available only for ‘Company Domains` and `Email addresses` rule topics.

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 38

def breach_monitoring_enabled
  @breach_monitoring_enabled
end

#cid ⇒ Object

Returns the value of attribute cid.

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 40

def cid
  @cid
end

#created_by ⇒ Object

The UUID of the user that created a given rule or or "Crowdstrike" if the rule was system generated

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 43

def created_by
  @created_by
end

#created_timestamp ⇒ Object

The creation time for a given rule

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 46

def created_timestamp
  @created_timestamp
end

#filter ⇒ Object

The FQL filter contained in a rule and used for searching. Parentheses may be added automatically for clarity

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 49

def filter
  @filter
end

#id ⇒ Object

The ID of a given rule

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 52

def id
  @id
end

#lookback_period ⇒ Object

The duration for which the rule will look back in the past at the first run. Time unit: nanoseconds. Possible values: [‘604800000000000 (7 days)`, `2592000000000000 (1 month)`, `15552000000000000 (6 months)`, `31536000000000000 (1 year)`]

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 55

def lookback_period
  @lookback_period
end

#match_on_tsq_result_types ⇒ Object

Which result types to monitor for. Can be set to only monitor domains or subdomains, as well as both. Only available for the ‘Typosquatting` rule topic.

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 58

def match_on_tsq_result_types
  @match_on_tsq_result_types
end

#name ⇒ Object

The name of a given rule

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 61

def name
  @name
end

#originating_template_id ⇒ Object

If the rule was generated based on a template, the id of the template

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 64

def originating_template_id
  @originating_template_id
end

#ownership_assets ⇒ Object

Returns the value of attribute ownership_assets.

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 66

def ownership_assets
  @ownership_assets
end

#permissions ⇒ Object

The permissions for a given rule which specifies the rule’s access by other users. Possible values: [‘public (All Recon users)`, `private (Recon admins)`]

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 69

def permissions
  @permissions
end

#priority ⇒ Object

The priority of a given rule

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 72

def priority
  @priority
end

#status ⇒ Object

The status of a given rule

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 75

def status
  @status
end

#status_message ⇒ Object

The detailed status message of a given rule

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 78

def status_message
  @status_message
end

#substring_matching_enabled ⇒ Object

Whether to monitor for substring matches. Only available for the ‘Typosquatting` rule topic

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 81

def substring_matching_enabled
  @substring_matching_enabled
end

#template_priority ⇒ Object

Returns the value of attribute template_priority.

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 83

def template_priority
  @template_priority
end

#topic ⇒ Object

The topic of a given rule. Possible values: [‘SA_BRAND_PRODUCT (Brands and products)`, `SA_VIP (High-profile-employees)`, `SA_THIRD_PARTY (Supply chain vendors)`, `SA_IP (IP addresses)`, `SA_CVE (Vulnerabilities (CVEs))`, `SA_BIN (Bank identification numbers (BINs))`, `SA_DOMAIN (Company domains)`, `SA_EMAIL (Email addresses)`, `SA_ALIAS (Company names)`, `SA_AUTHOR (Authors)`, `SA_CUSTOM (Custom)`, `SA_TYPOSQUATTING (Typosquatting)`]

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 86

def topic
  @topic
end

#updated_timestamp ⇒ Object

The last updated time for a given rule

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 89

def updated_timestamp
  @updated_timestamp
end

#user_id ⇒ Object

The user ID of the user that created a given rule

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 92

def user_id
  @user_id
end

#user_name ⇒ Object

The user name of the user that created a given rule

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 95

def user_name
  @user_name
end

#user_uuid ⇒ Object

The UUID of the user that created a given rule

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 98

def user_uuid
  @user_uuid
end

Class Method Details

.acceptable_attributes ⇒ Object

Returns all the JSON keys this model knows about

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 130

def self.acceptable_attributes
  attribute_map.values
end

.attribute_map ⇒ Object

Attribute mapping from ruby-style variable name to JSON key.

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 101

def self.attribute_map
  {
    :'breach_monitor_only' => :'breach_monitor_only',
    :'breach_monitoring_enabled' => :'breach_monitoring_enabled',
    :'cid' => :'cid',
    :'created_by' => :'created_by',
    :'created_timestamp' => :'created_timestamp',
    :'filter' => :'filter',
    :'id' => :'id',
    :'lookback_period' => :'lookback_period',
    :'match_on_tsq_result_types' => :'match_on_tsq_result_types',
    :'name' => :'name',
    :'originating_template_id' => :'originating_template_id',
    :'ownership_assets' => :'ownership_assets',
    :'permissions' => :'permissions',
    :'priority' => :'priority',
    :'status' => :'status',
    :'status_message' => :'status_message',
    :'substring_matching_enabled' => :'substring_matching_enabled',
    :'template_priority' => :'template_priority',
    :'topic' => :'topic',
    :'updated_timestamp' => :'updated_timestamp',
    :'user_id' => :'user_id',
    :'user_name' => :'user_name',
    :'user_uuid' => :'user_uuid'
  }
end

.build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 412

def self.build_from_hash(attributes)
  new.build_from_hash(attributes)
end

.openapi_nullable ⇒ Object

List of attributes with nullable: true

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 164

def self.openapi_nullable
  Set.new([
  ])
end

.openapi_types ⇒ Object

Attribute type mapping.

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 135

def self.openapi_types
  {
    :'breach_monitor_only' => :'Boolean',
    :'breach_monitoring_enabled' => :'Boolean',
    :'cid' => :'String',
    :'created_by' => :'String',
    :'created_timestamp' => :'Time',
    :'filter' => :'String',
    :'id' => :'String',
    :'lookback_period' => :'Integer',
    :'match_on_tsq_result_types' => :'Array<String>',
    :'name' => :'String',
    :'originating_template_id' => :'String',
    :'ownership_assets' => :'SadomainCustomerAssets',
    :'permissions' => :'String',
    :'priority' => :'String',
    :'status' => :'String',
    :'status_message' => :'String',
    :'substring_matching_enabled' => :'Boolean',
    :'template_priority' => :'Integer',
    :'topic' => :'String',
    :'updated_timestamp' => :'Time',
    :'user_id' => :'String',
    :'user_name' => :'String',
    :'user_uuid' => :'String'
  }
end

Instance Method Details

#==(o) ⇒ Object

Checks equality by comparing each attribute.

Parameters:

• Object (Object) —

  to be compared

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 369

def ==(o)
  return true if self.equal?(o)
  self.class == o.class &&
      breach_monitor_only == o.breach_monitor_only &&
      breach_monitoring_enabled == o.breach_monitoring_enabled &&
      cid == o.cid &&
      created_by == o.created_by &&
      created_timestamp == o.created_timestamp &&
      filter == o.filter &&
      id == o.id &&
      lookback_period == o.lookback_period &&
      match_on_tsq_result_types == o.match_on_tsq_result_types &&
      name == o.name &&
      originating_template_id == o.originating_template_id &&
      ownership_assets == o.ownership_assets &&
      permissions == o.permissions &&
      priority == o.priority &&
      status == o.status &&
      status_message == o.status_message &&
      substring_matching_enabled == o.substring_matching_enabled &&
      template_priority == o.template_priority &&
      topic == o.topic &&
      updated_timestamp == o.updated_timestamp &&
      user_id == o.user_id &&
      user_name == o.user_name &&
      user_uuid == o.user_uuid
end

#_deserialize(type, value) ⇒ Object

Deserializes the data based on type

Parameters:

• string —

  type Data type

• string —

  value Value to be deserialized

Returns:

• (Object) —

  Deserialized data

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 443

def _deserialize(type, value)
  case type.to_sym
  when :Time
    Time.parse(value)
  when :Date
    Date.parse(value)
  when :String
    value.to_s
  when :Integer
    value.to_i
  when :Float
    value.to_f
  when :Boolean
    if value.to_s =~ /\A(true|t|yes|y|1)\z/i
      true
    else
      false
    end
  when :Object
    # generic object (usually a Hash), return directly
    value
  when /\AArray<(?<inner_type>.+)>\z/
    inner_type = Regexp.last_match[:inner_type]
    value.map { |v| _deserialize(inner_type, v) }
  when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
    k_type = Regexp.last_match[:k_type]
    v_type = Regexp.last_match[:v_type]
    {}.tap do |hash|
      value.each do |k, v|
        hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
      end
    end
  else # model
    # models (e.g. Pet) or oneOf
    klass = Falcon.const_get(type)
    klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
  end
end

#_to_hash(value) ⇒ Hash

Outputs non-array value in the form of hash For object, use to_hash. Otherwise, just return the value

Parameters:

• value (Object) —

  Any valid value

Returns:

• (Hash) —

  Returns the value in the form of hash

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 514

def _to_hash(value)
  if value.is_a?(Array)
    value.compact.map { |v| _to_hash(v) }
  elsif value.is_a?(Hash)
    {}.tap do |hash|
      value.each { |k, v| hash[k] = _to_hash(v) }
    end
  elsif value.respond_to? :to_hash
    value.to_hash
  else
    value
  end
end

#build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 419

def build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)
  attributes = attributes.transform_keys(&:to_sym)
  self.class.openapi_types.each_pair do |key, type|
    if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
      self.send("#{key}=", nil)
    elsif type =~ /\AArray<(.*)>/i
      # check to ensure the input is an array given that the attribute
      # is documented as an array but the input is not
      if attributes[self.class.attribute_map[key]].is_a?(Array)
        self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
      end
    elsif !attributes[self.class.attribute_map[key]].nil?
      self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
    end
  end

  self
end

#eql?(o) ⇒ Boolean

Parameters:

• Object (Object) —

  to be compared

Returns:

• (Boolean)

See Also:

• `==` method

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 399

def eql?(o)
  self == o
end

#hash ⇒ Integer

Calculates hash code according to all attributes.

Returns:

• (Integer) —

  Hash code

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 405

def hash
  [breach_monitor_only, breach_monitoring_enabled, cid, created_by, created_timestamp, filter, id, lookback_period, match_on_tsq_result_types, name, originating_template_id, ownership_assets, permissions, priority, status, status_message, substring_matching_enabled, template_priority, topic, updated_timestamp, user_id, user_name, user_uuid].hash
end

#list_invalid_properties ⇒ Object

Show invalid properties with the reasons. Usually used together with valid?

Returns:

• Array for valid properties with the reasons

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 281

def list_invalid_properties
  invalid_properties = Array.new
  if @breach_monitor_only.nil?
    invalid_properties.push('invalid value for "breach_monitor_only", breach_monitor_only cannot be nil.')
  end

  if @breach_monitoring_enabled.nil?
    invalid_properties.push('invalid value for "breach_monitoring_enabled", breach_monitoring_enabled cannot be nil.')
  end

  if @cid.nil?
    invalid_properties.push('invalid value for "cid", cid cannot be nil.')
  end

  if @created_timestamp.nil?
    invalid_properties.push('invalid value for "created_timestamp", created_timestamp cannot be nil.')
  end

  if @filter.nil?
    invalid_properties.push('invalid value for "filter", filter cannot be nil.')
  end

  if @id.nil?
    invalid_properties.push('invalid value for "id", id cannot be nil.')
  end

  if @match_on_tsq_result_types.nil?
    invalid_properties.push('invalid value for "match_on_tsq_result_types", match_on_tsq_result_types cannot be nil.')
  end

  if @name.nil?
    invalid_properties.push('invalid value for "name", name cannot be nil.')
  end

  if @permissions.nil?
    invalid_properties.push('invalid value for "permissions", permissions cannot be nil.')
  end

  if @priority.nil?
    invalid_properties.push('invalid value for "priority", priority cannot be nil.')
  end

  if @status.nil?
    invalid_properties.push('invalid value for "status", status cannot be nil.')
  end

  if @substring_matching_enabled.nil?
    invalid_properties.push('invalid value for "substring_matching_enabled", substring_matching_enabled cannot be nil.')
  end

  if @topic.nil?
    invalid_properties.push('invalid value for "topic", topic cannot be nil.')
  end

  if @updated_timestamp.nil?
    invalid_properties.push('invalid value for "updated_timestamp", updated_timestamp cannot be nil.')
  end

  if @user_uuid.nil?
    invalid_properties.push('invalid value for "user_uuid", user_uuid cannot be nil.')
  end

  invalid_properties
end

#to_body ⇒ Hash

to_body is an alias to to_hash (backward compatibility)

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 490

def to_body
  to_hash
end

#to_hash ⇒ Hash

Returns the object in the form of hash

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 496

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = self.send(attr)
    if value.nil?
      is_nullable = self.class.openapi_nullable.include?(attr)
      next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
    end

    hash[param] = _to_hash(value)
  end
  hash
end

#to_s ⇒ String

Returns the string representation of the object

Returns:

• (String) —

  String presentation of the object

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 484

def to_s
  to_hash.to_s
end

#valid? ⇒ Boolean

Check to see if the all the properties in the model are valid

Returns:

• (Boolean) —

  true if the model is valid

# File 'lib/crimson-falcon/models/sadomain_rule.rb', line 348

def valid?
  return false if @breach_monitor_only.nil?
  return false if @breach_monitoring_enabled.nil?
  return false if @cid.nil?
  return false if @created_timestamp.nil?
  return false if @filter.nil?
  return false if @id.nil?
  return false if @match_on_tsq_result_types.nil?
  return false if @name.nil?
  return false if @permissions.nil?
  return false if @priority.nil?
  return false if @status.nil?
  return false if @substring_matching_enabled.nil?
  return false if @topic.nil?
  return false if @updated_timestamp.nil?
  return false if @user_uuid.nil?
  true
end