Class: Falcon::Threatgraph

Inherits:

Object

• Object
• Falcon::Threatgraph

Defined in:

lib/crimson-falcon/api/threatgraph.rb

Instance Attribute Summary

• #api_client ⇒ Object

  Returns the value of attribute api_client.

Instance Method Summary

• #combined_edges_get(ids, edge_type, opts = {}) ⇒ nil

  Retrieve edges for a given vertex id.

• #combined_edges_get_with_http_info(ids, edge_type, opts = {}) ⇒ Array<(nil, Integer, Hash)>

  Retrieve edges for a given vertex id.

• #combined_ran_on_get(value, type, opts = {}) ⇒ nil

  Look up instances of indicators such as hashes, domain names, and ip addresses that have been seen on devices in your environment.

• #combined_ran_on_get_with_http_info(value, type, opts = {}) ⇒ Array<(nil, Integer, Hash)>

  Look up instances of indicators such as hashes, domain names, and ip addresses that have been seen on devices in your environment.

• #combined_summary_get(vertex_type, ids, opts = {}) ⇒ nil

  Retrieve summary for a given vertex ID.

• #combined_summary_get_with_http_info(vertex_type, ids, opts = {}) ⇒ Array<(nil, Integer, Hash)>

  Retrieve summary for a given vertex ID.

• #entities_vertices_get(vertex_type, ids, opts = {}) ⇒ ThreatgraphVertexDetailsResponse

  Retrieve metadata for a given vertex ID.

• #entities_vertices_get_with_http_info(vertex_type, ids, opts = {}) ⇒ Array<(ThreatgraphVertexDetailsResponse, Integer, Hash)>

  Retrieve metadata for a given vertex ID.

• #entities_vertices_getv2(vertex_type, ids, opts = {}) ⇒ ThreatgraphVertexDetailsResponse

  Retrieve metadata for a given vertex ID.

• #entities_vertices_getv2_with_http_info(vertex_type, ids, opts = {}) ⇒ Array<(ThreatgraphVertexDetailsResponse, Integer, Hash)>

  Retrieve metadata for a given vertex ID.

• #initialize(api_client = ApiClient.default) ⇒ Threatgraph constructor

  A new instance of Threatgraph.

• #queries_edgetypes_get(opts = {}) ⇒ nil

  Show all available edge types.

• #queries_edgetypes_get_with_http_info(opts = {}) ⇒ Array<(nil, Integer, Hash)>

  Show all available edge types.

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ Threatgraph

Returns a new instance of Threatgraph.

# File 'lib/crimson-falcon/api/threatgraph.rb', line 35

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_client ⇒ Object

Returns the value of attribute api_client.

# File 'lib/crimson-falcon/api/threatgraph.rb', line 33

def api_client
  @api_client
end

Instance Method Details

#combined_edges_get(ids, edge_type, opts = {}) ⇒ nil

Retrieve edges for a given vertex id. One edge type must be specified

Parameters:

• ids (String) —

  Vertex ID to get details for. Only one value is supported

• edge_type (String) —

  The type of edges that you would like to retrieve

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :limit (Integer) —

  How many edges to return in a single request [1-100] (default to 100)

• :offset (String) —

  The offset to use to retrieve the next page of results

• :direction (String) —

  The direction of edges that you would like to retrieve.

• :scope (String) —

  Scope of the request (default to ‘device’)

• :nano (Boolean) —

  Return nano-precision entity timestamps (default to false)

Returns:

• (nil)

# File 'lib/crimson-falcon/api/threatgraph.rb', line 48

def combined_edges_get(ids, edge_type, opts = {})
  combined_edges_get_with_http_info(ids, edge_type, opts)
  nil
end

#combined_edges_get_with_http_info(ids, edge_type, opts = {}) ⇒ Array<(nil, Integer, Hash)>

Retrieve edges for a given vertex id. One edge type must be specified

Parameters:

• ids (String) —

  Vertex ID to get details for. Only one value is supported

• edge_type (String) —

  The type of edges that you would like to retrieve

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :limit (Integer) —

  How many edges to return in a single request [1-100] (default to 100)

• :offset (String) —

  The offset to use to retrieve the next page of results

• :direction (String) —

  The direction of edges that you would like to retrieve.

• :scope (String) —

  Scope of the request (default to ‘device’)

• :nano (Boolean) —

  Return nano-precision entity timestamps (default to false)

Returns:

• (Array<(nil, Integer, Hash)>) —

  nil, response status code and response headers

# File 'lib/crimson-falcon/api/threatgraph.rb', line 63

def combined_edges_get_with_http_info(ids, edge_type, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Threatgraph.combined_edges_get ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Threatgraph.combined_edges_get"
  end
  # verify the required parameter 'edge_type' is set
  if @api_client.config.client_side_validation && edge_type.nil?
    fail ArgumentError, "Missing the required parameter 'edge_type' when calling Threatgraph.combined_edges_get"
  end
  # verify enum value
  allowable_values = ["accessed_ad_computer", "accessed_adfs_application", "accessed_azure_application", "accessed_by_kerberos_ticket", "accessed_by_process", "accessed_by_session", "accessed_okta_application", "accessed_ping_fed_application", "accessed_service_account", "accessed_web", "agent_to_self_diagnostic", "allowed_by_process", "allowed_firewall_rule", "app_uninstalled_from_host", "assigned_ipv4_address", "assigned_ipv6_address", "assigned_to_sensor", "associated_by_ad_computer", "associated_by_ad_group", "associated_by_ad_user", "associated_by_aggregate_indicator", "associated_by_app", "associated_by_azure_ad_user", "associated_by_azure_app", "associated_by_certificate", "associated_by_control_graph", "associated_by_domain", "associated_by_host", "associated_by_host_name", "associated_by_idp_session", "associated_by_incident", "associated_by_indicator", "associated_by_ip", "associated_by_ip4", "associated_by_ip6", "associated_by_okta_user", "associated_by_service_ticket", "associated_control_graph", "associated_firewall_rule", "associated_idp_indicator", "associated_incident", "associated_indicator", "associated_k8s_cluster", "associated_k8s_sensor", "associated_mobile_forensics_report", "associated_mobile_indicator", "associated_module", "associated_primary_module", "associated_quarantined_file", "associated_quarantined_module", "associated_root_process", "associated_to_ad_computer", "associated_to_sensor", "associated_user_session", "associated_vmware_cluster", "associated_vmware_sensor", "associated_with_process", "associated_with_sensor", "attributed_by_process", "attributed_from_domain", "attributed_from_module", "attributed_on", "attributed_on_domain", "attributed_on_module", "attributed_to", "attributed_to_actor", "authenticated_from_incident", "authenticated_host", "blocked_by_app", "blocked_by_process", "blocked_by_sensor", "blocked_dns", "blocked_ip4", "blocked_ip6", "blocked_module", "bundled_in_app", "bundles_module", "cert_is_presented_by", "cert_presented", "child_process", "closed_ip4_socket", "closed_ip6_socket", "command_line_parent_process", "connected_from_app", "connected_from_host", "connected_from_process", "connected_ip4", "connected_ip6", "connected_on_customer", "connected_on_sensor", "connected_to_accessory", "connected_to_wifi_ap", "connection_killed_by_app", "connection_killed_by_process", "containerized_app", "containerized_by_sensor", "control_graph", "created_by_incident", "created_by_process", "created_by_user", "created_quarantined_file", "created_service", "customer_agent_has_user", "customer_has_sensor", "customer_ioc", "customer_sensor_to_sensor", "customer_user_to_sensor_user", "deleted_by_process", "deleted_rule", "denied_by_firewall_rule", "denied_by_process", "denied_firewall_rule", "detected_module", "detection", "device", "disconnect_from_wifi_ap", "disconnected_from_accessory", "disconnected_from_host", "dns", "dns_request", "duplicated_by_app", "duplicates_app", "established_on_ad_computer", "established_on_host_name", "established_on_ip4", "established_on_ip6", "established_on_sensor", "established_session", "established_user_session", "executed_app", "executed_by_process", "executed_macro_script", "executed_script", "extracted_file", "failed_to_authenticate_ad_user", "failed_to_authenticate_to_ad_computer", "failed_to_authenticate_to_adfs_app", "failed_to_authenticate_to_azure_app", "failed_to_authenticate_to_okta_app", "failed_to_authenticate_to_ping_app", "failed_to_authenticate_to_service_account", "generated_by_renewing", "generated_by_session", "generated_dce_rpc_epm_request_against_dc", "generated_dce_rpc_request_against_dc", "generated_failed_authentication_to_ad_computer", "generated_failed_authentication_to_adfs_app", "generated_failed_authentication_to_azure_app", "generated_failed_authentication_to_okta_app", "generated_failed_authentication_to_ping_app", "generated_failed_authentication_to_service_account", "generated_ldap_search_against_dc", "generated_service_ticket", "had_code_injected_by_process", "has_app_installed", "has_attributed_process", "has_attribution", "has_firmware", "implicated_by_incident", "implicated_sensor", "indexed", "initiated_by_ad_computer", "initiated_by_azure_ad_user", "initiated_by_okta_user", "initiated_by_user", "initiated_session", "injected_code_into_process", "injected_thread", "injected_thread_from_process", "installed_app", "installed_by_app", "installed_on_host", "invalid_firewall_rule", "invalid_from_process", "invalidated_by_process", "invalidated_firewall_rule", "involved_ad_computer", "involved_service_account", "ip4_socket_closed_by_app", "ip4_socket_closed_by_process", "ip4_socket_opened_by_process", "ip6_socket_closed_by_app", "ip6_socket_closed_by_process", "ip6_socket_opened_by_process", "ipv4", "ipv4_close", "ipv4_listen", "ipv6", "ipv6_close", "ipv6_listen", "killed_ip4_connection", "killed_ip6_connection", "known_by_md5", "known_by_sha256", "linking_event", "loaded_by_process", "loaded_module", "macro_executed_by_process", "member_of_full_command_line", "module", "module_written", "mounted_on_host", "mounted_to_host", "network_close_ip4", "network_close_ip6", "network_connect_ip4", "network_connect_ip6", "network_listen_ip4", "network_listen_ip6", "opened_ip4_socket", "opened_ip6_socket", "parent_of_command_line", "parent_process", "parented_by_process", "participating_process", "performed_psexec_against_dc", "presented_by_cloud", "primary_module", "primary_module_of_process", "protected_by_shield", "quarantined_file", "queried_by_process", "queried_by_sensor", "queried_dns", "queried_on_customer", "queried_on_sensor", "received_from_cloud", "registered_by_incident", "registered_scheduledtask", "renewed_to_generate", "reports_aggregate_indicator", "resolved_from_domain", "resolved_to_ip4", "resolved_to_ip6", "rooted_control_graph", "rule_set_by_process", "script", "self_diagnostic_to_agent", "set_by_process", "set_firewall_rule", "set_rule", "shell_io_redirect", "shield_activated_on_host", "trigger_process", "triggered_by_control_graph", "triggered_by_process", "triggered_control_graph", "triggered_custom_ioa", "triggered_detection", "triggered_indicator", "triggered_mobile_indicator", "triggered_xdr", "triggering_domain", "triggering_network", "uncontainerized_app", "uncontainerized_by_sensor", "uninstalled_app", "unmounted_from_host", "unmounted_on_host", "user", "user_session", "witnessed_by_sensor", "witnessed_process", "wmicreated_by_incident", "wmicreated_process", "written_by_process", "wrote_module"]
  if @api_client.config.client_side_validation && !allowable_values.include?(edge_type)
    fail ArgumentError, "invalid value for \"edge_type\", must be one of #{allowable_values}"
  end
  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Threatgraph.combined_edges_get, must be smaller than or equal to 100.'
  end

  allowable_values = ["device", "customer"]
  if @api_client.config.client_side_validation && opts[:'scope'] && !allowable_values.include?(opts[:'scope'])
    fail ArgumentError, "invalid value for \"scope\", must be one of #{allowable_values}"
  end
  # resource path
  local_var_path = '/threatgraph/combined/edges/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = ids
  query_params[:'edge_type'] = edge_type
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'direction'] = opts[:'direction'] if !opts[:'direction'].nil?
  query_params[:'scope'] = opts[:'scope'] if !opts[:'scope'].nil?
  query_params[:'nano'] = opts[:'nano'] if !opts[:'nano'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type]

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Threatgraph.combined_edges_get",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Threatgraph#combined_edges_get\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#combined_ran_on_get(value, type, opts = {}) ⇒ nil

Look up instances of indicators such as hashes, domain names, and ip addresses that have been seen on devices in your environment.

Parameters:

• value (String) —

  The value of the indicator to search by.

• type (String) —

  The type of indicator that you would like to retrieve

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :limit (Integer) —

  How many edges to return in a single request [1-100] (default to 100)

• :offset (String) —

  The offset to use to retrieve the next page of results

• :nano (Boolean) —

  Return nano-precision entity timestamps (default to false)

Returns:

• (nil)

# File 'lib/crimson-falcon/api/threatgraph.rb', line 143

def combined_ran_on_get(value, type, opts = {})
  combined_ran_on_get_with_http_info(value, type, opts)
  nil
end

#combined_ran_on_get_with_http_info(value, type, opts = {}) ⇒ Array<(nil, Integer, Hash)>

Look up instances of indicators such as hashes, domain names, and ip addresses that have been seen on devices in your environment.

Parameters:

• value (String) —

  The value of the indicator to search by.

• type (String) —

  The type of indicator that you would like to retrieve

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :limit (Integer) —

  How many edges to return in a single request [1-100] (default to 100)

• :offset (String) —

  The offset to use to retrieve the next page of results

• :nano (Boolean) —

  Return nano-precision entity timestamps (default to false)

Returns:

• (Array<(nil, Integer, Hash)>) —

  nil, response status code and response headers

# File 'lib/crimson-falcon/api/threatgraph.rb', line 156

def combined_ran_on_get_with_http_info(value, type, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Threatgraph.combined_ran_on_get ...'
  end
  # verify the required parameter 'value' is set
  if @api_client.config.client_side_validation && value.nil?
    fail ArgumentError, "Missing the required parameter 'value' when calling Threatgraph.combined_ran_on_get"
  end
  # verify the required parameter 'type' is set
  if @api_client.config.client_side_validation && type.nil?
    fail ArgumentError, "Missing the required parameter 'type' when calling Threatgraph.combined_ran_on_get"
  end
  # verify enum value
  allowable_values = ["domain", "ipv4", "ipv6", "md5", "sha1", "sha256"]
  if @api_client.config.client_side_validation && !allowable_values.include?(type)
    fail ArgumentError, "invalid value for \"type\", must be one of #{allowable_values}"
  end
  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling Threatgraph.combined_ran_on_get, must be smaller than or equal to 100.'
  end

  # resource path
  local_var_path = '/threatgraph/combined/ran-on/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'value'] = value
  query_params[:'type'] = type
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'nano'] = opts[:'nano'] if !opts[:'nano'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type]

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Threatgraph.combined_ran_on_get",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Threatgraph#combined_ran_on_get\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#combined_summary_get(vertex_type, ids, opts = {}) ⇒ nil

Retrieve summary for a given vertex ID

Parameters:

• vertex_type (String) —

  Type of vertex to get properties for

• ids (Array<String>) —

  Vertex ID to get details for

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :scope (String) —

  Scope of the request (default to ‘device’)

• :nano (Boolean) —

  Return nano-precision entity timestamps (default to false)

Returns:

• (nil)

# File 'lib/crimson-falcon/api/threatgraph.rb', line 229

def combined_summary_get(vertex_type, ids, opts = {})
  combined_summary_get_with_http_info(vertex_type, ids, opts)
  nil
end

#combined_summary_get_with_http_info(vertex_type, ids, opts = {}) ⇒ Array<(nil, Integer, Hash)>

Retrieve summary for a given vertex ID

Parameters:

• vertex_type (String) —

  Type of vertex to get properties for

• ids (Array<String>) —

  Vertex ID to get details for

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :scope (String) —

  Scope of the request (default to ‘device’)

• :nano (Boolean) —

  Return nano-precision entity timestamps (default to false)

Returns:

• (Array<(nil, Integer, Hash)>) —

  nil, response status code and response headers

# File 'lib/crimson-falcon/api/threatgraph.rb', line 241

def combined_summary_get_with_http_info(vertex_type, ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Threatgraph.combined_summary_get ...'
  end
  # verify the required parameter 'vertex_type' is set
  if @api_client.config.client_side_validation && vertex_type.nil?
    fail ArgumentError, "Missing the required parameter 'vertex_type' when calling Threatgraph.combined_summary_get"
  end
  # verify enum value
  allowable_values = ["accessory", "accessories", "actor", "ad_computer", "ad-computers", "adfs_application", "adfs-applications", "ad_group", "ad-groups", "aggregate_indicator", "aggregate-indicators", "sensor", "devices", "mobile_app", "mobile-apps", "azure_application", "azure-applications", "azure_ad_user", "azure-ad-users", "containerized_app", "containerized-apps", "certificate", "certificates", "command_line", "command-lines", "control_graph", "control-graphs", "detection", "detections", "domain", "domains", "extracted_file", "extracted-files", "firmware", "firmwares", "mobile_fs_volume", "mobile-fs-volumes", "firewall", "firewalls", "firewall_rule_match", "firewall_rule_matches", "host_name", "host-names", "detection_index", "detection-indices", "idp_indicator", "idp-indicators", "idp_session", "idp-sessions", "incident", "incidents", "indicator", "indicators", "custom_ioa", "custom_ioas", "ipv4", "ipv6", "k8s_cluster", "k8s_clusters", "legacy_detection", "legacy-detections", "mobile_os_forensics_report", "mobile_os_forensics_reports", "mobile_indicator", "mobile-indicators", "module", "modules", "macro_script", "macro_scripts", "okta_application", "okta-applications", "okta_user", "okta-users", "process", "processes", "ping_fed_application", "ping-fed-applications", "quarantined_file", "quarantined-files", "script", "scripts", "shield", "shields", "sensor_self_diagnostic", "sensor-self-diagnostics", "kerberos_ticket", "kerberos-tickets", "user_id", "users", "user_session", "user-sessions", "vmware_cluster", "vmware_clusters", "web_access", "wifi_access_point", "wifi-access-points", "xdr", "any-vertex"]
  if @api_client.config.client_side_validation && !allowable_values.include?(vertex_type)
    fail ArgumentError, "invalid value for \"vertex_type\", must be one of #{allowable_values}"
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Threatgraph.combined_summary_get"
  end
  if @api_client.config.client_side_validation && ids.length > 100
    fail ArgumentError, 'invalid value for "ids" when calling Threatgraph.combined_summary_get, number of items must be less than or equal to 100.'
  end

  allowable_values = ["device", "customer"]
  if @api_client.config.client_side_validation && opts[:'scope'] && !allowable_values.include?(opts[:'scope'])
    fail ArgumentError, "invalid value for \"scope\", must be one of #{allowable_values}"
  end
  # resource path
  local_var_path = '/threatgraph/combined/{vertex-type}/summary/v1'.sub('{' + 'vertex-type' + '}', CGI.escape(vertex_type.to_s))

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)
  query_params[:'scope'] = opts[:'scope'] if !opts[:'scope'].nil?
  query_params[:'nano'] = opts[:'nano'] if !opts[:'nano'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type]

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Threatgraph.combined_summary_get",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Threatgraph#combined_summary_get\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#entities_vertices_get(vertex_type, ids, opts = {}) ⇒ ThreatgraphVertexDetailsResponse

Retrieve metadata for a given vertex ID. Note: This is a legacy endpoint used by CrowdStrike Store partners prior to release of the ThreatGraph OAuth 2.0 APIs. If you’re not currently using this endpoint, use the /v2 endpoint instead.

Parameters:

• vertex_type (String) —

  Type of vertex to get properties for

• ids (Array<String>) —

  Vertex ID to get details for

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :scope (String) —

  Scope of the request (default to ‘device’)

• :nano (Boolean) —

  Return nano-precision entity timestamps (default to false)

Returns:

• (ThreatgraphVertexDetailsResponse)

# File 'lib/crimson-falcon/api/threatgraph.rb', line 316

def entities_vertices_get(vertex_type, ids, opts = {})
  data, _status_code, _headers = entities_vertices_get_with_http_info(vertex_type, ids, opts)
  data
end

#entities_vertices_get_with_http_info(vertex_type, ids, opts = {}) ⇒ Array<(ThreatgraphVertexDetailsResponse, Integer, Hash)>

Retrieve metadata for a given vertex ID. Note: This is a legacy endpoint used by CrowdStrike Store partners prior to release of the ThreatGraph OAuth 2.0 APIs. If you’re not currently using this endpoint, use the /v2 endpoint instead.

Parameters:

• vertex_type (String) —

  Type of vertex to get properties for

• ids (Array<String>) —

  Vertex ID to get details for

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :scope (String) —

  Scope of the request (default to ‘device’)

• :nano (Boolean) —

  Return nano-precision entity timestamps (default to false)

Returns:

• (Array<(ThreatgraphVertexDetailsResponse, Integer, Hash)>) —

  ThreatgraphVertexDetailsResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/threatgraph.rb', line 328

def entities_vertices_get_with_http_info(vertex_type, ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Threatgraph.entities_vertices_get ...'
  end
  # verify the required parameter 'vertex_type' is set
  if @api_client.config.client_side_validation && vertex_type.nil?
    fail ArgumentError, "Missing the required parameter 'vertex_type' when calling Threatgraph.entities_vertices_get"
  end
  # verify enum value
  allowable_values = ["accessory", "accessories", "actor", "ad_computer", "ad-computers", "adfs_application", "adfs-applications", "ad_group", "ad-groups", "aggregate_indicator", "aggregate-indicators", "sensor", "devices", "mobile_app", "mobile-apps", "azure_application", "azure-applications", "azure_ad_user", "azure-ad-users", "containerized_app", "containerized-apps", "certificate", "certificates", "command_line", "command-lines", "control_graph", "control-graphs", "detection", "detections", "domain", "domains", "extracted_file", "extracted-files", "firmware", "firmwares", "mobile_fs_volume", "mobile-fs-volumes", "firewall", "firewalls", "firewall_rule_match", "firewall_rule_matches", "host_name", "host-names", "detection_index", "detection-indices", "idp_indicator", "idp-indicators", "idp_session", "idp-sessions", "incident", "incidents", "indicator", "indicators", "custom_ioa", "custom_ioas", "ipv4", "ipv6", "k8s_cluster", "k8s_clusters", "legacy_detection", "legacy-detections", "mobile_os_forensics_report", "mobile_os_forensics_reports", "mobile_indicator", "mobile-indicators", "module", "modules", "macro_script", "macro_scripts", "okta_application", "okta-applications", "okta_user", "okta-users", "process", "processes", "ping_fed_application", "ping-fed-applications", "quarantined_file", "quarantined-files", "script", "scripts", "shield", "shields", "sensor_self_diagnostic", "sensor-self-diagnostics", "kerberos_ticket", "kerberos-tickets", "user_id", "users", "user_session", "user-sessions", "vmware_cluster", "vmware_clusters", "web_access", "wifi_access_point", "wifi-access-points", "xdr", "any-vertex"]
  if @api_client.config.client_side_validation && !allowable_values.include?(vertex_type)
    fail ArgumentError, "invalid value for \"vertex_type\", must be one of #{allowable_values}"
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Threatgraph.entities_vertices_get"
  end
  if @api_client.config.client_side_validation && ids.length > 100
    fail ArgumentError, 'invalid value for "ids" when calling Threatgraph.entities_vertices_get, number of items must be less than or equal to 100.'
  end

  allowable_values = ["device", "customer"]
  if @api_client.config.client_side_validation && opts[:'scope'] && !allowable_values.include?(opts[:'scope'])
    fail ArgumentError, "invalid value for \"scope\", must be one of #{allowable_values}"
  end
  # resource path
  local_var_path = '/threatgraph/entities/{vertex-type}/v1'.sub('{' + 'vertex-type' + '}', CGI.escape(vertex_type.to_s))

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)
  query_params[:'scope'] = opts[:'scope'] if !opts[:'scope'].nil?
  query_params[:'nano'] = opts[:'nano'] if !opts[:'nano'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'ThreatgraphVertexDetailsResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Threatgraph.entities_vertices_get",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Threatgraph#entities_vertices_get\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#entities_vertices_getv2(vertex_type, ids, opts = {}) ⇒ ThreatgraphVertexDetailsResponse

Retrieve metadata for a given vertex ID

Parameters:

• vertex_type (String) —

  Type of vertex to get properties for

• ids (Array<String>) —

  Vertex ID to get details for

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :scope (String) —

  Scope of the request (default to ‘device’)

• :nano (Boolean) —

  Return nano-precision entity timestamps (default to false)

Returns:

• (ThreatgraphVertexDetailsResponse)

# File 'lib/crimson-falcon/api/threatgraph.rb', line 403

def entities_vertices_getv2(vertex_type, ids, opts = {})
  data, _status_code, _headers = entities_vertices_getv2_with_http_info(vertex_type, ids, opts)
  data
end

#entities_vertices_getv2_with_http_info(vertex_type, ids, opts = {}) ⇒ Array<(ThreatgraphVertexDetailsResponse, Integer, Hash)>

Retrieve metadata for a given vertex ID

Parameters:

• vertex_type (String) —

  Type of vertex to get properties for

• ids (Array<String>) —

  Vertex ID to get details for

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :scope (String) —

  Scope of the request (default to ‘device’)

• :nano (Boolean) —

  Return nano-precision entity timestamps (default to false)

Returns:

• (Array<(ThreatgraphVertexDetailsResponse, Integer, Hash)>) —

  ThreatgraphVertexDetailsResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/threatgraph.rb', line 415

def entities_vertices_getv2_with_http_info(vertex_type, ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Threatgraph.entities_vertices_getv2 ...'
  end
  # verify the required parameter 'vertex_type' is set
  if @api_client.config.client_side_validation && vertex_type.nil?
    fail ArgumentError, "Missing the required parameter 'vertex_type' when calling Threatgraph.entities_vertices_getv2"
  end
  # verify enum value
  allowable_values = ["accessory", "accessories", "actor", "ad_computer", "ad-computers", "adfs_application", "adfs-applications", "ad_group", "ad-groups", "aggregate_indicator", "aggregate-indicators", "sensor", "devices", "mobile_app", "mobile-apps", "azure_application", "azure-applications", "azure_ad_user", "azure-ad-users", "containerized_app", "containerized-apps", "certificate", "certificates", "command_line", "command-lines", "control_graph", "control-graphs", "detection", "detections", "domain", "domains", "extracted_file", "extracted-files", "firmware", "firmwares", "mobile_fs_volume", "mobile-fs-volumes", "firewall", "firewalls", "firewall_rule_match", "firewall_rule_matches", "host_name", "host-names", "detection_index", "detection-indices", "idp_indicator", "idp-indicators", "idp_session", "idp-sessions", "incident", "incidents", "indicator", "indicators", "custom_ioa", "custom_ioas", "ipv4", "ipv6", "k8s_cluster", "k8s_clusters", "legacy_detection", "legacy-detections", "mobile_os_forensics_report", "mobile_os_forensics_reports", "mobile_indicator", "mobile-indicators", "module", "modules", "macro_script", "macro_scripts", "okta_application", "okta-applications", "okta_user", "okta-users", "process", "processes", "ping_fed_application", "ping-fed-applications", "quarantined_file", "quarantined-files", "script", "scripts", "shield", "shields", "sensor_self_diagnostic", "sensor-self-diagnostics", "kerberos_ticket", "kerberos-tickets", "user_id", "users", "user_session", "user-sessions", "vmware_cluster", "vmware_clusters", "web_access", "wifi_access_point", "wifi-access-points", "xdr", "any-vertex"]
  if @api_client.config.client_side_validation && !allowable_values.include?(vertex_type)
    fail ArgumentError, "invalid value for \"vertex_type\", must be one of #{allowable_values}"
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Threatgraph.entities_vertices_getv2"
  end
  if @api_client.config.client_side_validation && ids.length > 100
    fail ArgumentError, 'invalid value for "ids" when calling Threatgraph.entities_vertices_getv2, number of items must be less than or equal to 100.'
  end

  allowable_values = ["device", "customer"]
  if @api_client.config.client_side_validation && opts[:'scope'] && !allowable_values.include?(opts[:'scope'])
    fail ArgumentError, "invalid value for \"scope\", must be one of #{allowable_values}"
  end
  # resource path
  local_var_path = '/threatgraph/entities/{vertex-type}/v2'.sub('{' + 'vertex-type' + '}', CGI.escape(vertex_type.to_s))

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)
  query_params[:'scope'] = opts[:'scope'] if !opts[:'scope'].nil?
  query_params[:'nano'] = opts[:'nano'] if !opts[:'nano'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'ThreatgraphVertexDetailsResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Threatgraph.entities_vertices_getv2",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Threatgraph#entities_vertices_getv2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#queries_edgetypes_get(opts = {}) ⇒ nil

Show all available edge types

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (nil)

# File 'lib/crimson-falcon/api/threatgraph.rb', line 486

def queries_edgetypes_get(opts = {})
  queries_edgetypes_get_with_http_info(opts)
  nil
end

#queries_edgetypes_get_with_http_info(opts = {}) ⇒ Array<(nil, Integer, Hash)>

Show all available edge types

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(nil, Integer, Hash)>) —

  nil, response status code and response headers

# File 'lib/crimson-falcon/api/threatgraph.rb', line 494

def queries_edgetypes_get_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Threatgraph.queries_edgetypes_get ...'
  end
  # resource path
  local_var_path = '/threatgraph/queries/edge-types/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type]

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Threatgraph.queries_edgetypes_get",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Threatgraph#queries_edgetypes_get\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end