diff --git a/.gitbook.yaml b/.gitbook.yaml new file mode 100644 index 00000000..1d0768ac --- /dev/null +++ b/.gitbook.yaml @@ -0,0 +1,3 @@ +structure: + readme: ./README.md + summary: ./docs/SUMMARY.md diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md new file mode 100644 index 00000000..952940bf --- /dev/null +++ b/docs/SUMMARY.md @@ -0,0 +1,33 @@ +## Available Classes +- Service Classes + - [Cloud Connect AWS](service-class/cloud-connect-aws.md) + - [Detects](service-class/detects.md) + - [Device Control Policies](service-class/device-control-policies.md) + - [Event Streams](service-class/event-streams.md) + - [FalconX Sandbox](service-class/falconx-sandbox.md) + - [Firewall Management](service-class/firewall-management.md) + - [Host Group](service-class/host-group.md) + - [Hosts](service-class/hosts.md) + - [Incidents](service-class/incidents.md) + - [Intel](service-class/intel.md) + - [IOCs](service-class/iocs.md) + - [OAuth2](service-class/oauth2.md) + - [Prevention Policies](service-class/prevention-policies.md) + - [Realtime Response Admin](service-class/real-time-response-admin.md) + - [Realtime Response](service-class/real-time-response.md) + - [Sensor Update Policies](service-class/sensor-update-policies.md) + - [Spotlight Vulnerabilities](service-class/spotlight-vulnerabilities.md) + - [User Management](service-class/user-management.md) + +- Uber Class + - [CSPM Registration](uber-class/cspm-registration.md) + - [Custom IOA](uber-class/custom-ioa.md) + - [D4C Registration](uber-class/d4c-registration.md) + - [Installation Tokens](uber-class/installation-tokens.md) + - [IOA Exclusions](uber-class/ioa-exclusions.md) + - [MalQuery](uber-class/malquery.md) + - [ML Exclusions](uber-class/ml-exclusions.md) + - [Quick Scan](uber-class/quick-scan.md) + - [Sample Uploads](uber-class/sample-uploads.md) + - [Sensor Download](uber-class/sensor-download.md) + - [Sensor Visibility Exclusions](uber-class/sensor-visibility-exclusions.md) diff --git a/docs/service-class/cloud-connect-aws.md b/docs/service-class/cloud-connect-aws.md new file mode 100644 index 00000000..112204e8 --- /dev/null +++ b/docs/service-class/cloud-connect-aws.md @@ -0,0 +1,523 @@ +# Using the Cloud Connect AWS service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [QueryAWSAccounts](#queryawsaccounts) | Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria | +| [GetAWSSettings](#getawssettings) | Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts | +| [GetAWSAccounts](#getawsaccounts) | Retrieve a set of AWS Accounts by specifying their IDs | +| [ProvisionAWSAccounts](#provisionawsaccounts) | Provision AWS Accounts by specifying details about the accounts to provision | +| [DeleteAWSAccounts](#deleteawsaccounts) | Delete a set of AWS Accounts by specifying their IDs | +| [UpdateAWSAccounts](#updateawsaccounts) | Update AWS Accounts by specifying the ID of the account and details to update | +| [CreateOrUpdateAWSSettings](#createorupdateawssettings) | Create or update Global Settings which are applicable to all provisioned AWS accounts | +| [VerifyAWSAccountAccess](#verifyawsaccountaccess) | Performs an Access Verification check on the specified AWS Account IDs | +| [QueryAWSAccountsForIDs](#queryawsaccountsforids) | Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria | +### QueryAWSAccounts +Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __limit__ | query | _integer_ | The maximum records to return. [1-500]. Defaults to 100. | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __sort__ | query | _string_ | The property to sort by (e.g. alias.desc or state.asc) | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import cloud_connect_aws as FalconAWS + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconAWS.Cloud_Connect_AWS(access_token=token) + + PARAMS = { + 'limit': integer, + 'offset': integer, + 'sort': 'string', + 'filter': 'string' + } + + response = falcon.QueryAWSAccounts(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'limit': integer, + 'offset': integer, + 'sort': 'string', + 'filter': 'string' +} + +response = falcon.command('QueryAWSAccounts', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### GetAWSSettings +Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +No parameters +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import cloud_connect_aws as FalconAWS + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconAWS.Cloud_Connect_AWS(access_token=token) + + response = falcon.GetAWSSettings() + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +response = falcon.command('GetAWSSettings') +print(response) +falcon.deauthenticate() +``` +### GetAWSAccounts +Retrieve a set of AWS Accounts by specifying their IDs + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | IDs of accounts to retrieve details | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import cloud_connect_aws as FalconAWS + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconAWS.Cloud_Connect_AWS(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.GetAWSAccounts(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetAWSAccounts', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### ProvisionAWSAccounts +Provision AWS Accounts by specifying details about the accounts to provision + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __mode__ | query | _string_ | Mode for provisioning. Allowed values are `manual` or `cloudformation`. Defaults to manual if not defined. | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import cloud_connect_aws as FalconAWS + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconAWS.Cloud_Connect_AWS(access_token=token) + + PARAMS = { + 'mode': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.ProvisionAWSAccounts(parameters=PARAMS, body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'mode': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('ProvisionAWSAccounts', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### DeleteAWSAccounts +Delete a set of AWS Accounts by specifying their IDs + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | IDs of accounts to remove | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import cloud_connect_aws as FalconAWS + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconAWS.Cloud_Connect_AWS(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.DeleteAWSAccounts(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('DeleteAWSAccounts', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### UpdateAWSAccounts +Update AWS Accounts by specifying the ID of the account and details to update + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import cloud_connect_aws as FalconAWS + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconAWS.Cloud_Connect_AWS(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.UpdateAWSAccounts(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('UpdateAWSAccounts', body=BODY) +print(response) +falcon.deauthenticate() +``` +### CreateOrUpdateAWSSettings +Create or update Global Settings which are applicable to all provisioned AWS accounts + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import cloud_connect_aws as FalconAWS + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconAWS.Cloud_Connect_AWS(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.CreateOrUpdateAWSSettings(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('CreateOrUpdateAWSSettings', body=BODY) +print(response) +falcon.deauthenticate() +``` +### VerifyAWSAccountAccess +Performs an Access Verification check on the specified AWS Account IDs + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | IDs of accounts to verify access on | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import cloud_connect_aws as FalconAWS + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconAWS.Cloud_Connect_AWS(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.VerifyAWSAccountAccess(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('VerifyAWSAccountAccess', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### QueryAWSAccountsForIDs +Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __limit__ | query | _integer_ | The maximum records to return. [1-500]. Defaults to 100. | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __sort__ | query | _string_ | The property to sort by (e.g. alias.desc or state.asc) | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import cloud_connect_aws as FalconAWS + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconAWS.Cloud_Connect_AWS(access_token=token) + + PARAMS = { + 'limit': integer, + 'offset': integer, + 'sort': 'string', + 'filter': 'string' + } + + response = falcon.QueryAWSAccountsForIDs(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'limit': integer, + 'offset': integer, + 'sort': 'string', + 'filter': 'string' +} + +response = falcon.command('QueryAWSAccountsForIDs', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/detects.md b/docs/service-class/detects.md new file mode 100644 index 00000000..f15e4813 --- /dev/null +++ b/docs/service-class/detects.md @@ -0,0 +1,244 @@ +# Using the Detects service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [GetAggregateDetects](#getaggregatedetects) | Get detect aggregates as specified via json in request body. | +| [UpdateDetectsByIdsV2](#updatedetectsbyidsv2) | Modify the state, assignee, and visibility of detections | +| [GetDetectSummaries](#getdetectsummaries) | View information about detections | +| [QueryDetects](#querydetects) | Search for detection IDs that match a given query | +### GetAggregateDetects +Get detect aggregates as specified via json in request body. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Query criteria and settings | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import detects as FalconDetects + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDetects.Detects(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.GetAggregateDetects(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('GetAggregateDetects', body=BODY) +print(response) +falcon.deauthenticate() +``` +### UpdateDetectsByIdsV2 +Modify the state, assignee, and visibility of detections + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | This endpoint modifies attributes (state and assignee) of detections. This endpoint accepts a query formatted as a JSON array of key-value pairs. You can update one or more attributes one or more detections with a single request. **`assigned_to_uuid` values** A user ID, such as `1234567891234567891` **`ids` values** One or more detection IDs, which you can find with the `/detects/queries/detects/v1` endpoint, the Falcon console, or the Streaming API. **`show_in_ui` values** - `true`: This detection is displayed in Falcon - `false`: This detection is not displayed in Falcon. Most commonly used together with the `status` key's `false_positive` value. **`status` values** - `new` - `in_progress` - `true_positive` - `false_positive` - `ignored` **`comment` values** Optional comment to add to the detection. Comments are displayed with the detection in Falcon and usually used to provide context or notes for other Falcon users. A detection can have multiple comments over time. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import detects as FalconDetects + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDetects.Detects(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.UpdateDetectsByIdsV2(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('UpdateDetectsByIdsV2', body=BODY) +print(response) +falcon.deauthenticate() +``` +### GetDetectSummaries +View information about detections + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | View key attributes of detections, including the associated host, [disposition](https://falcon.crowdstrike.com/support/documentation/2/query-api-reference#patterndispositionvalue), objective/tactic/technique, adversary, and more. Specify one or more detection IDs (max 1000 per request). Find detection IDs with the `/detects/queries/detects/v1` endpoint, the Falcon console, or the Streaming API. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import detects as FalconDetects + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDetects.Detects(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.GetDetectSummaries(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('GetDetectSummaries', body=BODY) +print(response) +falcon.deauthenticate() +``` +### QueryDetects +Search for detection IDs that match a given query + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | The first detection to return, where `0` is the latest detection. Use with the `limit` parameter to manage pagination of results. | +| | __limit__ | query | _integer_ | The maximum number of detections to return in this response (default: 9999; max: 9999). Use with the `offset` parameter to manage pagination of results. | +| | __sort__ | query | _string_ | Sort detections using these options: - `first_behavior`: Timestamp of the first behavior associated with this detection - `last_behavior`: Timestamp of the last behavior associated with this detection - `max_severity`: Highest severity of the behaviors associated with this detection - `max_confidence`: Highest confidence of the behaviors associated with this detection - `adversary_id`: ID of the adversary associated with this detection, if any - `devices.hostname`: Hostname of the host where this detection was detected Sort either `asc` (ascending) or `desc` (descending). For example: `last_behavior|asc` | +| | __filter__ | query | _string_ | Filter detections using a query in Falcon Query Language (FQL) An asterisk wildcard `*` includes all results. Common filter options include: - `status` - `device.device_id` - `max_severity` The full list of valid filter options is extensive. Review it in our [documentation inside the Falcon console](https://falcon.crowdstrike.com/support/documentation/2/query-api-reference#detections_fql). | +| | __q__ | query | _string_ | Search all detection metadata for the provided string | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import detects as FalconDetects + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDetects.Detects(access_token=token) + + PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string' + } + + response = falcon.QueryDetects(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string' +} + +response = falcon.command('QueryDetects', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/device-control-policies.md b/docs/service-class/device-control-policies.md new file mode 100644 index 00000000..47813e98 --- /dev/null +++ b/docs/service-class/device-control-policies.md @@ -0,0 +1,608 @@ +# Using the Device Control Policies service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [queryCombinedDeviceControlPolicyMembers](#querycombineddevicecontrolpolicymembers) | Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria | +| [queryCombinedDeviceControlPolicies](#querycombineddevicecontrolpolicies) | Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policies which match the filter criteria | +| [performDeviceControlPoliciesAction](#performdevicecontrolpoliciesaction) | Perform the specified action on the Device Control Policies specified in the request | +| [setDeviceControlPoliciesPrecedence](#setdevicecontrolpoliciesprecedence) | Sets the precedence of Device Control Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence | +| [getDeviceControlPolicies](#getdevicecontrolpolicies) | Retrieve a set of Device Control Policies by specifying their IDs | +| [createDeviceControlPolicies](#createdevicecontrolpolicies) | Create Device Control Policies by specifying details about the policy to create | +| [deleteDeviceControlPolicies](#deletedevicecontrolpolicies) | Delete a set of Device Control Policies by specifying their IDs | +| [updateDeviceControlPolicies](#updatedevicecontrolpolicies) | Update Device Control Policies by specifying the ID of the policy and details to update | +| [queryDeviceControlPolicyMembers](#querydevicecontrolpolicymembers) | Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria | +| [queryDeviceControlPolicies](#querydevicecontrolpolicies) | Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policy IDs which match the filter criteria | +### queryCombinedDeviceControlPolicyMembers +Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __id__ | query | _string_ | The ID of the Device Control Policy to search for members of | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import device_control_policies as FalconDCP + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDCP.Device_Control_Policies(access_token=token) + + PARAMS = { + 'id': 'string', + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' + } + + response = falcon.queryCombinedDeviceControlPolicyMembers(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string', + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryCombinedDeviceControlPolicyMembers', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### queryCombinedDeviceControlPolicies +Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policies which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import device_control_policies as FalconDCP + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDCP.Device_Control_Policies(access_token=token) + + PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' + } + + response = falcon.queryCombinedDeviceControlPolicies(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryCombinedDeviceControlPolicies', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### performDeviceControlPoliciesAction +Perform the specified action on the Device Control Policies specified in the request + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __action_name__ | query | _string_ | The action to perform | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import device_control_policies as FalconDCP + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDCP.Device_Control_Policies(access_token=token) + + PARAMS = { + 'action_name': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.performDeviceControlPoliciesAction(parameters=PARAMS, body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'action_name': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('performDeviceControlPoliciesAction', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### setDeviceControlPoliciesPrecedence +Sets the precedence of Device Control Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import device_control_policies as FalconDCP + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDCP.Device_Control_Policies(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.setDeviceControlPoliciesPrecedence(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('setDeviceControlPoliciesPrecedence', body=BODY) +print(response) +falcon.deauthenticate() +``` +### getDeviceControlPolicies +Retrieve a set of Device Control Policies by specifying their IDs + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the Device Control Policies to return | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import device_control_policies as FalconDCP + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDCP.Device_Control_Policies(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.getDeviceControlPolicies(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('getDeviceControlPolicies', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### createDeviceControlPolicies +Create Device Control Policies by specifying details about the policy to create + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import device_control_policies as FalconDCP + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDCP.Device_Control_Policies(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.createDeviceControlPolicies(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('createDeviceControlPolicies', body=BODY) +print(response) +falcon.deauthenticate() +``` +### deleteDeviceControlPolicies +Delete a set of Device Control Policies by specifying their IDs + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the Device Control Policies to delete | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import device_control_policies as FalconDCP + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDCP.Device_Control_Policies(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.deleteDeviceControlPolicies(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('deleteDeviceControlPolicies', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### updateDeviceControlPolicies +Update Device Control Policies by specifying the ID of the policy and details to update + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import device_control_policies as FalconDCP + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDCP.Device_Control_Policies(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.updateDeviceControlPolicies(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('updateDeviceControlPolicies', body=BODY) +print(response) +falcon.deauthenticate() +``` +### queryDeviceControlPolicyMembers +Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __id__ | query | _string_ | The ID of the Device Control Policy to search for members of | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import device_control_policies as FalconDCP + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDCP.Device_Control_Policies(access_token=token) + + PARAMS = { + 'id': 'string', + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' + } + + response = falcon.queryDeviceControlPolicyMembers(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string', + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryDeviceControlPolicyMembers', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### queryDeviceControlPolicies +Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policy IDs which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import device_control_policies as FalconDCP + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconDCP.Device_Control_Policies(access_token=token) + + PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' + } + + response = falcon.queryDeviceControlPolicies(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryDeviceControlPolicies', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/event-streams.md b/docs/service-class/event-streams.md new file mode 100644 index 00000000..d3d3823c --- /dev/null +++ b/docs/service-class/event-streams.md @@ -0,0 +1,130 @@ +# Using the Event Streams service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [refreshActiveStreamSession](#refreshactivestreamsession) | Refresh an active event stream. Use the URL shown in a GET /sensors/entities/datafeed/v2 response. | +| [listAvailableStreamsOAuth2](#listavailablestreamsoauth2) | Discover all event streams in your environment | +### refreshActiveStreamSession +Refresh an active event stream. Use the URL shown in a GET /sensors/entities/datafeed/v2 response. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __action_name__ | query | _string_ | Action name. Allowed value is refresh_active_stream_session. | +| :white_check_mark: | __appId__ | query | _string_ | Label that identifies your connection. Max: 32 alphanumeric characters (a-z, A-Z, 0-9). | +| :white_check_mark: | __partition__ | path | _integer_ | Partition to request data for. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import event_streams as FalconES + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconES.Event_Streams(access_token=token) + + PARAMS = { + 'action_name': 'string', + 'appId': 'string' + } + + PARTITION = 0 #Refresh the partition we are working with + + response = falcon.refreshActiveStreamSession(parameters=PARAMS, partition=PARTITION) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'action_name': 'string', + 'appId': 'string' +} + +PARTITION = 0 #Refresh the partition we are working with + +response = falcon.command('refreshActiveStreamSession', parameters=PARAMS, partition=PARTITION) +print(response) +falcon.deauthenticate() +``` +### listAvailableStreamsOAuth2 +Discover all event streams in your environment + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __appId__ | query | _string_ | Label that identifies your connection. Max: 32 alphanumeric characters (a-z, A-Z, 0-9). | +| | __format__ | query | _string_ | Format for streaming events. Valid values: json, flatjson | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import event_streams as FalconES + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconES.Event_Streams(access_token=token) + + PARAMS = { + 'appId': 'string', + 'format': 'string' + } + + response = falcon.listAvailableStreamsOAuth2(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'appId': 'string', + 'format': 'string' +} + +response = falcon.command('listAvailableStreamsOAuth2', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/falconx-sandbox.md b/docs/service-class/falconx-sandbox.md new file mode 100644 index 00000000..9876faec --- /dev/null +++ b/docs/service-class/falconx-sandbox.md @@ -0,0 +1,750 @@ +# Using the Falconx Sandbox service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [GetArtifacts](#getartifacts) | Download IOC packs, PCAP files, and other analysis artifacts. | +| [GetSummaryReports](#getsummaryreports) | Get a short summary version of a sandbox report. | +| [GetReports](#getreports) | Get a full sandbox report. | +| [DeleteReport](#deletereport) | Delete report based on the report ID. Operation can be checked for success by polling for the report ID on the report-summaries endpoint. | +| [GetSubmissions](#getsubmissions) | Check the status of a sandbox analysis. Time required for analysis varies but is usually less than 15 minutes. | +| [Submit](#submit) | Submit an uploaded file or a URL for sandbox analysis. Time required for analysis varies but is usually less than 15 minutes. | +| [QueryReports](#queryreports) | Find sandbox reports by providing an FQL filter and paging details. Returns a set of report IDs that match your criteria. | +| [QuerySubmissions](#querysubmissions) | Find submission IDs for uploaded files by providing an FQL filter and paging details. Returns a set of submission IDs that match your criteria. | +| [GetSampleV2](#getsamplev2) | Retrieves the file associated with the given ID (SHA256) | +| [UploadSampleV2](#uploadsamplev2) | Upload a file for sandbox analysis. After uploading, use `/falconx/entities/submissions/v1` to start analyzing the file. | +| [DeleteSampleV2](#deletesamplev2) | Removes a sample, including file, meta and submissions from the collection | +| [QuerySampleV1](#querysamplev1) | Retrieves a list with sha256 of samples that exist and customer has rights to access them, maximum number of accepted items is 200 | +### GetArtifacts +Download IOC packs, PCAP files, and other analysis artifacts. + +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __id__ | query | _string_ | ID of an artifact, such as an IOC pack, PCAP file, or actor image. Find an artifact ID in a report or summary. | +| | __name__ | query | _string_ | The name given to your downloaded file. | +| | __Accept-Encoding__ | header | _string_ | Format used to compress your downloaded file. Currently, you must provide the value `gzip`, the only valid format. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import falconx_sandbox as FalconX + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconX.FalconX_Sandbox(access_token=token) + + PARAMS = { + 'id': 'string', + 'name': 'string' + } + + HEADERS = { + 'Accept-Encoding': 'string' + } + + response = falcon.GetArtifacts(parameters=PARAMS, headers=HEADERS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string', + 'name': 'string' +} + +HEADERS = { + 'Accept-Encoding': 'string' +} + +response = falcon.command('GetArtifacts', parameters=PARAMS, headers=HEADERS) +print(response) +falcon.deauthenticate() +``` +### GetSummaryReports +Get a short summary version of a sandbox report. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | ID of a summary. Find a summary ID from the response when submitting a malware sample or search with `/falconx/queries/reports/v1`. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import falconx_sandbox as FalconX + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconX.FalconX_Sandbox(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.GetSummaryReports(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetSummaryReports', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### GetReports +Get a full sandbox report. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | ID of a report. Find a report ID from the response when submitting a malware sample or search with `/falconx/queries/reports/v1`. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import falconx_sandbox as FalconX + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconX.FalconX_Sandbox(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.GetReports(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetReports', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### DeleteReport +Delete report based on the report ID. Operation can be checked for success by polling for the report ID on the report-summaries endpoint. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | _string_ | ID of a report. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import falconx_sandbox as FalconX + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconX.FalconX_Sandbox(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.DeleteReport(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('DeleteReport', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### GetSubmissions +Check the status of a sandbox analysis. Time required for analysis varies but is usually less than 15 minutes. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | ID of a submitted malware sample. Find a submission ID from the response when submitting a malware sample or search with `/falconx/queries/submissions/v1`. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import falconx_sandbox as FalconX + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconX.FalconX_Sandbox(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.GetSubmissions(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetSubmissions', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### Submit +Submit an uploaded file or a URL for sandbox analysis. Time required for analysis varies but is usually less than 15 minutes. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Submit either a URL or a sample SHA256 for sandbox analysis. The sample file must have been previously uploaded through `/samples/entities/samples/v2`. You must specify a JSON object that includes the `falconx.SubmissionParametersV1` key/value pairs shown below. **`environment_id`**: Specifies the sandbox environment used for analysis. Values: - `300`: Linux Ubuntu 16.04, 64-bit - `200`: Android (static analysis) - `160`: Windows 10, 64-bit - `110`: Windows 7, 64-bit - `100`: Windows 7, 32-bit **`sha256`** ID of the sample, which is a SHA256 hash value. Find a sample ID from the response when uploading a malware sample or search with `/falconx/queries/submissions/v1`.The `url` parameter must be unset if `sha256` is used. **`url`** A web page or file URL. It can be HTTP(S) or FTP. The `sha256` parameter must be unset if `url` is used. **`action_script`** (optional): Runtime script for sandbox analysis. Values: - `default` - `default_maxantievasion` - `default_randomfiles` - `default_randomtheme` - `default_openie` **`command_line`** (optional): Command line script passed to the submitted file at runtime. Max length: 2048 characters **`document_password`** (optional): Auto-filled for Adobe or Office files that prompt for a password. Max length: 32 characters **`enable_tor`** (optional): If `true`, sandbox analysis routes network traffic via TOR. Default: `false`. **`submit_name`** (optional): Name of the malware sample that's used for file type detection and analysis **`system_date`** (optional): Set a custom date in the format `yyyy-MM-dd` for the sandbox environment **`system_time`** (optional): Set a custom time in the format `HH:mm` for the sandbox environment. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import falconx_sandbox as FalconX + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconX.FalconX_Sandbox(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.Submit(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('Submit', body=BODY) +print(response) +falcon.deauthenticate() +``` +### QueryReports +Find sandbox reports by providing an FQL filter and paging details. Returns a set of report IDs that match your criteria. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). | +| | __offset__ | query | _string_ | The offset to start retrieving reports from. | +| | __limit__ | query | _integer_ | Maximum number of report IDs to return. Max: 5000. | +| | __sort__ | query | _string_ | Sort order: `asc` or `desc`. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import falconx_sandbox as FalconX + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconX.FalconX_Sandbox(access_token=token) + + PARAMS = { + 'filter': 'string', + 'offset': 'string', + 'limit': integer, + 'sort': 'string' + } + + response = falcon.QueryReports(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': 'string', + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('QueryReports', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### QuerySubmissions +Find submission IDs for uploaded files by providing an FQL filter and paging details. Returns a set of submission IDs that match your criteria. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). | +| | __offset__ | query | _string_ | The offset to start retrieving submissions from. | +| | __limit__ | query | _integer_ | Maximum number of submission IDs to return. Max: 5000. | +| | __sort__ | query | _string_ | Sort order: `asc` or `desc`. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import falconx_sandbox as FalconX + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconX.FalconX_Sandbox(access_token=token) + + PARAMS = { + 'filter': 'string', + 'offset': 'string', + 'limit': integer, + 'sort': 'string' + } + + response = falcon.QuerySubmissions(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': 'string', + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('QuerySubmissions', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### GetSampleV2 +Retrieves the file associated with the given ID (SHA256) + +#### Content-Type +- Produces: _application/octet-stream_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __X-CS-USERUUID__ | header | _string_ | User UUID | +| :white_check_mark: | __ids__ | query | _string_ | The file SHA256. | +| | __password_protected__ | query | _string_ | Flag whether the sample should be zipped and password protected with pass='infected' | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import falconx_sandbox as FalconX + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconX.FalconX_Sandbox(access_token=token) + + PARAMS = { + 'password_protected': 'string' + } + + HEADERS = { + 'X-CS-USERUUID': 'string' + } + + IDS = 'ID1,ID2,ID3' + + response = falcon.GetSampleV2(parameters=PARAMS, headers=HEADERS, ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'password_protected': 'string' +} + +HEADERS = { + 'X-CS-USERUUID': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetSampleV2', parameters=PARAMS, headers=HEADERS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### UploadSampleV2 +Upload a file for sandbox analysis. After uploading, use `/falconx/entities/submissions/v1` to start analyzing the file. + +#### Content-Type +- Consumes: _application/octet-stream_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __X-CS-USERUUID__ | header | _string_ | User UUID | +| :white_check_mark: | __body__ | body | _string_ | Content of the uploaded sample in binary format. For example, use `--data-binary @$FILE_PATH` when using cURL. Max file size: 100 MB. Accepted file formats: - Portable executables: `.exe`, `.scr`, `.pif`, `.dll`, `.com`, `.cpl`, etc. - Office documents: `.doc`, `.docx`, `.ppt`, `.pps`, `.pptx`, `.ppsx`, `.xls`, `.xlsx`, `.rtf`, `.pub` - PDF - APK - Executable JAR - Windows script component: `.sct` - Windows shortcut: `.lnk` - Windows help: `.chm` - HTML application: `.hta` - Windows script file: `.wsf` - Javascript: `.js` - Visual Basic: `.vbs`, `.vbe` - Shockwave Flash: `.swf` - Perl: `.pl` - Powershell: `.ps1`, `.psd1`, `.psm1` - Scalable vector graphics: `.svg` - Python: `.py` - Linux ELF executables - Email files: MIME RFC 822 `.eml`, Outlook `.msg`. | +| :white_check_mark: | __upfile__ | formData | _file_ | The binary file. | +| :white_check_mark: | __file_name__ | query | _string_ | Name of the file. | +| | __comment__ | query | _string_ | A descriptive comment to identify the file for other users. | +| | __is_confidential__ | query | _boolean_ | Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console. - `true`: File is only shown to users within your customer account - `false`: File can be seen by other CrowdStrike customers Default: `true`. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import falconx_sandbox as FalconX + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconX.FalconX_Sandbox(access_token=token) + + PARAMS = { + 'file_name': 'string', + 'comment': 'string', + 'is_confidential': boolean + } + + BODY = { + 'Body Payload': 'See body description above' + } + + FILENAME = 'testfile.jpg' + PAYLOAD = open(FILENAME, 'rb').read() + + HEADERS = { + 'X-CS-USERUUID': 'string' + } + + response = falcon.UploadSampleV2(parameters=PARAMS, body=BODY, data=PAYLOAD, file_name=FILENAME, content_type='application/octet-stream', headers=HEADERS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'file_name': 'string', + 'comment': 'string', + 'is_confidential': boolean +} + +BODY = { + 'Body Payload': 'See body description above' +} + +FILENAME = 'testfile.jpg' +PAYLOAD = open(FILENAME, 'rb').read() + +HEADERS = { + 'X-CS-USERUUID': 'string' +} + +response = falcon.command('UploadSampleV2', parameters=PARAMS, body=BODY, data=PAYLOAD, file_name=FILENAME, content_type='application/octet-stream', headers=HEADERS) +print(response) +falcon.deauthenticate() +``` +### DeleteSampleV2 +Removes a sample, including file, meta and submissions from the collection + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __X-CS-USERUUID__ | header | _string_ | User UUID | +| :white_check_mark: | __ids__ | query | _string_ | The file SHA256. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import falconx_sandbox as FalconX + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconX.FalconX_Sandbox(access_token=token) + + HEADERS = { + 'X-CS-USERUUID': 'string' + } + + IDS = 'ID1,ID2,ID3' + + response = falcon.DeleteSampleV2(headers=HEADERS, ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +HEADERS = { + 'X-CS-USERUUID': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('DeleteSampleV2', headers=HEADERS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### QuerySampleV1 +Retrieves a list with sha256 of samples that exist and customer has rights to access them, maximum number of accepted items is 200 + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __X-CS-USERUUID__ | header | _string_ | User UUID | +| :white_check_mark: | __body__ | body | _string_ | Pass a list of sha256s to check if the exist. It will be returned the list of existing hashes. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import falconx_sandbox as FalconX + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconX.FalconX_Sandbox(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + HEADERS = { + 'X-CS-USERUUID': 'string' + } + + response = falcon.QuerySampleV1(body=BODY, headers=HEADERS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +HEADERS = { + 'X-CS-USERUUID': 'string' +} + +response = falcon.command('QuerySampleV1', body=BODY, headers=HEADERS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/firewall-management.md b/docs/service-class/firewall-management.md new file mode 100644 index 00000000..847fb684 --- /dev/null +++ b/docs/service-class/firewall-management.md @@ -0,0 +1,1238 @@ +# Using the Firewall Management service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [aggregate_events](#aggregate-events) | Aggregate events for customer | +| [aggregate_policy_rules](#aggregate-policy-rules) | Aggregate rules within a policy for customer | +| [aggregate_rule_groups](#aggregate-rule-groups) | Aggregate rule groups for customer | +| [aggregate_rules](#aggregate-rules) | Aggregate rules for customer | +| [get_events](#get-events) | Get events entities by ID and optionally version | +| [get_firewall_fields](#get-firewall-fields) | Get the firewall field specifications by ID | +| [get_platforms](#get-platforms) | Get platforms by ID, e.g., windows or mac or droid | +| [get_policy_containers](#get-policy-containers) | Get policy container entities by policy ID | +| [update_policy_container](#update-policy-container) | Update an identified policy container | +| [get_rule_groups](#get-rule-groups) | Get rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order. | +| [create_rule_group](#create-rule-group) | Create new rule group on a platform for a customer with a name and description, and return the ID | +| [delete_rule_groups](#delete-rule-groups) | Delete rule group entities by ID | +| [update_rule_group](#update-rule-group) | Update name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules | +| [get_rules](#get-rules) | Get rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string) | +| [query_events](#query-events) | Find all event IDs matching the query with filter | +| [query_firewall_fields](#query-firewall-fields) | Get the firewall field specification IDs for the provided platform | +| [query_platforms](#query-platforms) | Get the list of platform names | +| [query_policy_rules](#query-policy-rules) | Find all firewall rule IDs matching the query with filter, and return them in precedence order | +| [query_rule_groups](#query-rule-groups) | Find all rule group IDs matching the query with filter | +| [query_rules](#query-rules) | Find all rule IDs matching the query with filter | +### aggregate_events +Aggregate events for customer + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Query criteria and settings | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.aggregate-events(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('aggregate-events', body=BODY) +print(response) +falcon.deauthenticate() +``` +### aggregate_policy_rules +Aggregate rules within a policy for customer + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Query criteria and settings | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.aggregate-policy-rules(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('aggregate-policy-rules', body=BODY) +print(response) +falcon.deauthenticate() +``` +### aggregate_rule_groups +Aggregate rule groups for customer + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Query criteria and settings | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.aggregate-rule-groups(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('aggregate-rule-groups', body=BODY) +print(response) +falcon.deauthenticate() +``` +### aggregate_rules +Aggregate rules for customer + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Query criteria and settings | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.aggregate-rules(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('aggregate-rules', body=BODY) +print(response) +falcon.deauthenticate() +``` +### get_events +Get events entities by ID and optionally version + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The events to retrieve, identified by ID | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.get-events(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('get-events', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### get_firewall_fields +Get the firewall field specifications by ID + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the rule types to retrieve | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.get-firewall-fields(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('get-firewall-fields', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### get_platforms +Get platforms by ID, e.g., windows or mac or droid + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the platforms to retrieve | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.get-platforms(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('get-platforms', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### get_policy_containers +Get policy container entities by policy ID + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The policy container(s) to retrieve, identified by policy ID | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.get-policy-containers(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('get-policy-containers', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### update_policy_container +Update an identified policy container + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __X-CS-USERNAME__ | header | _string_ | The user id | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + HEADERS = { + 'X-CS-USERNAME': 'string' + } + + response = falcon.update-policy-container(body=BODY, headers=HEADERS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +HEADERS = { + 'X-CS-USERNAME': 'string' +} + +response = falcon.command('update-policy-container', body=BODY, headers=HEADERS) +print(response) +falcon.deauthenticate() +``` +### get_rule_groups +Get rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the rule groups to retrieve | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.get-rule-groups(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('get-rule-groups', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### create_rule_group +Create new rule group on a platform for a customer with a name and description, and return the ID + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __X-CS-USERNAME__ | header | _string_ | The user id | +| | __clone_id__ | query | _string_ | A rule group ID from which to copy rules. If this is provided then the 'rules' property of the body is ignored. | +| | __library__ | query | _string_ | If this flag is set to true then the rules will be cloned from the clone_id from the CrowdStrike Firewal Rule Groups Library. | +| | __comment__ | query | _string_ | Audit log comment for this action | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + PARAMS = { + 'clone_id': 'string', + 'library': 'string', + 'comment': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + HEADERS = { + 'X-CS-USERNAME': 'string' + } + + response = falcon.create-rule-group(parameters=PARAMS, body=BODY, headers=HEADERS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'clone_id': 'string', + 'library': 'string', + 'comment': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +HEADERS = { + 'X-CS-USERNAME': 'string' +} + +response = falcon.command('create-rule-group', parameters=PARAMS, body=BODY, headers=HEADERS) +print(response) +falcon.deauthenticate() +``` +### delete_rule_groups +Delete rule group entities by ID + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __X-CS-USERNAME__ | header | _string_ | The user id | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the rule groups to be deleted | +| | __comment__ | query | _string_ | Audit log comment for this action | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + PARAMS = { + 'comment': 'string' + } + + HEADERS = { + 'X-CS-USERNAME': 'string' + } + + IDS = 'ID1,ID2,ID3' + + response = falcon.delete-rule-groups(parameters=PARAMS, headers=HEADERS, ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'comment': 'string' +} + +HEADERS = { + 'X-CS-USERNAME': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('delete-rule-groups', parameters=PARAMS, headers=HEADERS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### update_rule_group +Update name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __X-CS-USERNAME__ | header | _string_ | The user id | +| | __comment__ | query | _string_ | Audit log comment for this action | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + PARAMS = { + 'comment': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + HEADERS = { + 'X-CS-USERNAME': 'string' + } + + response = falcon.update-rule-group(parameters=PARAMS, body=BODY, headers=HEADERS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'comment': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +HEADERS = { + 'X-CS-USERNAME': 'string' +} + +response = falcon.command('update-rule-group', parameters=PARAMS, body=BODY, headers=HEADERS) +print(response) +falcon.deauthenticate() +``` +### get_rules +Get rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string) + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The rules to retrieve, identified by ID | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.get-rules(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('get-rules', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### query_events +Find all event IDs matching the query with filter + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __sort__ | query | _string_ | Possible order by fields: | +| | __filter__ | query | _string_ | FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | +| | __q__ | query | _string_ | Match query criteria, which includes all the filter string fields, plus TODO | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return ids. | +| | __after__ | query | _string_ | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. | +| | __limit__ | query | _integer_ | Number of ids to return. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + PARAMS = { + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'offset': 'string', + 'after': 'string', + 'limit': integer + } + + response = falcon.query-events(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'offset': 'string', + 'after': 'string', + 'limit': integer +} + +response = falcon.command('query-events', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### query_firewall_fields +Get the firewall field specification IDs for the provided platform + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __platform_id__ | query | _string_ | Get fields configuration for this platform | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return ids. | +| | __limit__ | query | _integer_ | Number of ids to return. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + PARAMS = { + 'platform_id': 'string', + 'offset': 'string', + 'limit': integer + } + + response = falcon.query-firewall-fields(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'platform_id': 'string', + 'offset': 'string', + 'limit': integer +} + +response = falcon.command('query-firewall-fields', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### query_platforms +Get the list of platform names + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return ids. | +| | __limit__ | query | _integer_ | Number of ids to return. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + PARAMS = { + 'offset': 'string', + 'limit': integer + } + + response = falcon.query-platforms(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': 'string', + 'limit': integer +} + +response = falcon.command('query-platforms', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### query_policy_rules +Find all firewall rule IDs matching the query with filter, and return them in precedence order + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __id__ | query | _string_ | The ID of the policy container within which to query | +| | __sort__ | query | _string_ | Possible order by fields: | +| | __filter__ | query | _string_ | FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | +| | __q__ | query | _string_ | Match query criteria, which includes all the filter string fields, plus TODO | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return ids. | +| | __limit__ | query | _integer_ | Number of ids to return. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + PARAMS = { + 'id': 'string', + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'offset': 'string', + 'limit': integer + } + + response = falcon.query-policy-rules(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string', + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'offset': 'string', + 'limit': integer +} + +response = falcon.command('query-policy-rules', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### query_rule_groups +Find all rule group IDs matching the query with filter + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __sort__ | query | _string_ | Possible order by fields: | +| | __filter__ | query | _string_ | FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | +| | __q__ | query | _string_ | Match query criteria, which includes all the filter string fields, plus TODO | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return ids. | +| | __after__ | query | _string_ | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. | +| | __limit__ | query | _integer_ | Number of ids to return. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + PARAMS = { + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'offset': 'string', + 'after': 'string', + 'limit': integer + } + + response = falcon.query-rule-groups(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'offset': 'string', + 'after': 'string', + 'limit': integer +} + +response = falcon.command('query-rule-groups', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### query_rules +Find all rule IDs matching the query with filter + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __sort__ | query | _string_ | Possible order by fields: | +| | __filter__ | query | _string_ | FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | +| | __q__ | query | _string_ | Match query criteria, which includes all the filter string fields, plus TODO | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return ids. | +| | __after__ | query | _string_ | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. | +| | __limit__ | query | _integer_ | Number of ids to return. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import firewall_management as FalconFM + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconFM.Firewall_Management(access_token=token) + + PARAMS = { + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'offset': 'string', + 'after': 'string', + 'limit': integer + } + + response = falcon.query-rules(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'offset': 'string', + 'after': 'string', + 'limit': integer +} + +response = falcon.command('query-rules', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/host-group.md b/docs/service-class/host-group.md new file mode 100644 index 00000000..bc782a72 --- /dev/null +++ b/docs/service-class/host-group.md @@ -0,0 +1,552 @@ +# Using the Host Group service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [queryCombinedGroupMembers](#querycombinedgroupmembers) | Search for members of a Host Group in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria | +| [queryCombinedHostGroups](#querycombinedhostgroups) | Search for Host Groups in your environment by providing an FQL filter and paging details. Returns a set of Host Groups which match the filter criteria | +| [performGroupAction](#performgroupaction) | Perform the specified action on the Host Groups specified in the request | +| [getHostGroups](#gethostgroups) | Retrieve a set of Host Groups by specifying their IDs | +| [createHostGroups](#createhostgroups) | Create Host Groups by specifying details about the group to create | +| [deleteHostGroups](#deletehostgroups) | Delete a set of Host Groups by specifying their IDs | +| [updateHostGroups](#updatehostgroups) | Update Host Groups by specifying the ID of the group and details to update | +| [queryGroupMembers](#querygroupmembers) | Search for members of a Host Group in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria | +| [queryHostGroups](#queryhostgroups) | Search for Host Groups in your environment by providing an FQL filter and paging details. Returns a set of Host Group IDs which match the filter criteria | +### queryCombinedGroupMembers +Search for members of a Host Group in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __id__ | query | _string_ | The ID of the Host Group to search for members of | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import host_group as FalconHG + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHG.Host_Group(access_token=token) + + PARAMS = { + 'id': 'string', + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' + } + + response = falcon.queryCombinedGroupMembers(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string', + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryCombinedGroupMembers', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### queryCombinedHostGroups +Search for Host Groups in your environment by providing an FQL filter and paging details. Returns a set of Host Groups which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import host_group as FalconHG + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHG.Host_Group(access_token=token) + + PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' + } + + response = falcon.queryCombinedHostGroups(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryCombinedHostGroups', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### performGroupAction +Perform the specified action on the Host Groups specified in the request + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __action_name__ | query | _string_ | The action to perform | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import host_group as FalconHG + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHG.Host_Group(access_token=token) + + PARAMS = { + 'action_name': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.performGroupAction(parameters=PARAMS, body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'action_name': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('performGroupAction', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### getHostGroups +Retrieve a set of Host Groups by specifying their IDs + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the Host Groups to return | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import host_group as FalconHG + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHG.Host_Group(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.getHostGroups(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('getHostGroups', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### createHostGroups +Create Host Groups by specifying details about the group to create + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import host_group as FalconHG + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHG.Host_Group(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.createHostGroups(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('createHostGroups', body=BODY) +print(response) +falcon.deauthenticate() +``` +### deleteHostGroups +Delete a set of Host Groups by specifying their IDs + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the Host Groups to delete | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import host_group as FalconHG + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHG.Host_Group(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.deleteHostGroups(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('deleteHostGroups', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### updateHostGroups +Update Host Groups by specifying the ID of the group and details to update + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import host_group as FalconHG + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHG.Host_Group(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.updateHostGroups(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('updateHostGroups', body=BODY) +print(response) +falcon.deauthenticate() +``` +### queryGroupMembers +Search for members of a Host Group in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __id__ | query | _string_ | The ID of the Host Group to search for members of | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import host_group as FalconHG + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHG.Host_Group(access_token=token) + + PARAMS = { + 'id': 'string', + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' + } + + response = falcon.queryGroupMembers(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string', + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryGroupMembers', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### queryHostGroups +Search for Host Groups in your environment by providing an FQL filter and paging details. Returns a set of Host Group IDs which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import host_group as FalconHG + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHG.Host_Group(access_token=token) + + PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' + } + + response = falcon.queryHostGroups(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryHostGroups', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/hosts.md b/docs/service-class/hosts.md new file mode 100644 index 00000000..a7148596 --- /dev/null +++ b/docs/service-class/hosts.md @@ -0,0 +1,318 @@ +# Using the Hosts service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [PerformActionV2](#performactionv2) | Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. | +| [GetDeviceDetails](#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the /devices/queries/devices/v1 endpoint, the Falcon console or the Streaming API | +| [QueryHiddenDevices](#queryhiddendevices) | Retrieve hidden hosts that match the provided filter criteria. | +| [QueryDevicesByFilterScroll](#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit) | +| [QueryDevicesByFilter](#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria. | +### PerformActionV2 +Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __action_name__ | query | _string_ | Specify one of these actions: - `contain` - This action contains the host, which stops any network communications to locations other than the CrowdStrike cloud and IPs specified in your [containment policy](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#containmentpolicy) - `lift_containment`: This action lifts containment on the host, which returns its network communications to normal - `hide_host`: This action will delete a host. After the host is deleted, no new detections for that host will be reported via UI or APIs - `unhide_host`: This action will restore a host. Detection reporting will resume after the host is restored | +| :white_check_mark: | __body__ | body | _string_ | The host agent ID (AID) of the host you want to contain. Get an agent ID from a detection, the Falcon console, or the Streaming API. Provide the ID in JSON format with the key `ids` and the value in square brackets, such as: `"ids": ["123456789"]` | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import hosts as FalconHosts + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHosts.Hosts(access_token=token) + + PARAMS = { + 'action_name': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.PerformActionV2(parameters=PARAMS, body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'action_name': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('PerformActionV2', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### GetDeviceDetails +Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the /devices/queries/devices/v1 endpoint, the Falcon console or the Streaming API + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The host agentIDs used to get details on | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import hosts as FalconHosts + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHosts.Hosts(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.GetDeviceDetails(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetDeviceDetails', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### QueryHiddenDevices +Retrieve hidden hosts that match the provided filter criteria. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by (e.g. status.desc or hostname.asc) | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import hosts as FalconHosts + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHosts.Hosts(access_token=token) + + PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string' + } + + response = falcon.QueryHiddenDevices(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string' +} + +response = falcon.command('QueryHiddenDevices', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### QueryDevicesByFilterScroll +Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit) + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _string_ | The offset to page from, for the next result set | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by (e.g. status.desc or hostname.asc) | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import hosts as FalconHosts + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHosts.Hosts(access_token=token) + + PARAMS = { + 'offset': 'string', + 'limit': integer, + 'sort': 'string', + 'filter': 'string' + } + + response = falcon.QueryDevicesByFilterScroll(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': 'string', + 'limit': integer, + 'sort': 'string', + 'filter': 'string' +} + +response = falcon.command('QueryDevicesByFilterScroll', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### QueryDevicesByFilter +Search for hosts in your environment by platform, hostname, IP, and other criteria. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by (e.g. status.desc or hostname.asc) | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import hosts as FalconHosts + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconHosts.Hosts(access_token=token) + + PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string' + } + + response = falcon.QueryDevicesByFilter(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string' +} + +response = falcon.command('QueryDevicesByFilter', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/incidents.md b/docs/service-class/incidents.md new file mode 100644 index 00000000..8f54cd16 --- /dev/null +++ b/docs/service-class/incidents.md @@ -0,0 +1,374 @@ +# Using the Incidents service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [CrowdScore](#crowdscore) | Query environment wide CrowdScore and return the entity data | +| [GetBehaviors](#getbehaviors) | Get details on behaviors by providing behavior IDs | +| [PerformIncidentAction](#performincidentaction) | Perform a set of actions on one or more incidents, such as adding tags or comments or updating the incident name or description | +| [GetIncidents](#getincidents) | Get details on incidents by providing incident IDs | +| [QueryBehaviors](#querybehaviors) | Search for behaviors by providing an FQL filter, sorting, and paging details | +| [QueryIncidents](#queryincidents) | Search for incidents by providing an FQL filter, sorting, and paging details | +### CrowdScore +Query environment wide CrowdScore and return the entity data + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return ids. | +| | __limit__ | query | _integer_ | The maximum records to return. [1-2500] | +| | __sort__ | query | _string_ | The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc". | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import incidents as FalconIncidents + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIncidents.Incidents(access_token=token) + + PARAMS = { + 'filter': 'string', + 'offset': 'string', + 'limit': integer, + 'sort': 'string' + } + + response = falcon.CrowdScore(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': 'string', + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('CrowdScore', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### GetBehaviors +Get details on behaviors by providing behavior IDs + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import incidents as FalconIncidents + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIncidents.Incidents(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.GetBehaviors(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('GetBehaviors', body=BODY) +print(response) +falcon.deauthenticate() +``` +### PerformIncidentAction +Perform a set of actions on one or more incidents, such as adding tags or comments or updating the incident name or description + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import incidents as FalconIncidents + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIncidents.Incidents(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.PerformIncidentAction(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('PerformIncidentAction', body=BODY) +print(response) +falcon.deauthenticate() +``` +### GetIncidents +Get details on incidents by providing incident IDs + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import incidents as FalconIncidents + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIncidents.Incidents(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.GetIncidents(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('GetIncidents', body=BODY) +print(response) +falcon.deauthenticate() +``` +### QueryBehaviors +Search for behaviors by providing an FQL filter, sorting, and paging details + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return ids. | +| | __limit__ | query | _integer_ | The maximum records to return. [1-500] | +| | __sort__ | query | _string_ | The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc". | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import incidents as FalconIncidents + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIncidents.Incidents(access_token=token) + + PARAMS = { + 'filter': 'string', + 'offset': 'string', + 'limit': integer, + 'sort': 'string' + } + + response = falcon.QueryBehaviors(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': 'string', + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('QueryBehaviors', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### QueryIncidents +Search for incidents by providing an FQL filter, sorting, and paging details + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __sort__ | query | _string_ | The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc". | +| | __filter__ | query | _string_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return ids. | +| | __limit__ | query | _integer_ | The maximum records to return. [1-500] | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import incidents as FalconIncidents + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIncidents.Incidents(access_token=token) + + PARAMS = { + 'sort': 'string', + 'filter': 'string', + 'offset': 'string', + 'limit': integer + } + + response = falcon.QueryIncidents(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'sort': 'string', + 'filter': 'string', + 'offset': 'string', + 'limit': integer +} + +response = falcon.command('QueryIncidents', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/intel.md b/docs/service-class/intel.md new file mode 100644 index 00000000..a678890c --- /dev/null +++ b/docs/service-class/intel.md @@ -0,0 +1,973 @@ +# Using the Intel service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [QueryIntelActorEntities](#queryintelactorentities) | Get info about actors that match provided FQL filters. | +| [QueryIntelIndicatorEntities](#queryintelindicatorentities) | Get info about indicators that match provided FQL filters. | +| [QueryIntelReportEntities](#queryintelreportentities) | Get info about reports that match provided FQL filters. | +| [GetIntelActorEntities](#getintelactorentities) | Retrieve specific actors using their actor IDs. | +| [GetIntelIndicatorEntities](#getintelindicatorentities) | Retrieve specific indicators using their indicator IDs. | +| [GetIntelReportPDF](#getintelreportpdf) | Return a Report PDF attachment | +| [GetIntelReportEntities](#getintelreportentities) | Retrieve specific reports using their report IDs. | +| [GetIntelRuleFile](#getintelrulefile) | Download earlier rule sets. | +| [GetLatestIntelRuleFile](#getlatestintelrulefile) | Download the latest rule set. | +| [GetIntelRuleEntities](#getintelruleentities) | Retrieve details for rule sets for the specified ids. | +| [QueryIntelActorIds](#queryintelactorids) | Get actor IDs that match provided FQL filters. | +| [QueryIntelIndicatorIds](#queryintelindicatorids) | Get indicators IDs that match provided FQL filters. | +| [QueryIntelReportIds](#queryintelreportids) | Get report IDs that match provided FQL filters. | +| [QueryIntelRuleIds](#queryintelruleids) | Search for rule IDs that match provided filter criteria. | +### QueryIntelActorEntities +Get info about actors that match provided FQL filters. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | Set the starting row number to return actors from. Defaults to 0. | +| | __limit__ | query | _integer_ | Set the number of actors to return. The value must be between 1 and 5000. | +| | __sort__ | query | _string_ | Order fields in ascending or descending order. Ex: created_date|asc. | +| | __filter__ | query | _string_ | Filter your query by specifying FQL filter parameters. Filter parameters include: actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. | +| | __q__ | query | _string_ | Perform a generic substring search across all fields. | +| | __fields__ | query | array (_string_) | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: ____. Ex: slug __full__. Defaults to __basic__. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'fields': [ + 'string', + 'string' + ] + } + + response = falcon.QueryIntelActorEntities(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'fields': [ + 'string', + 'string' + ] +} + +response = falcon.command('QueryIntelActorEntities', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### QueryIntelIndicatorEntities +Get info about indicators that match provided FQL filters. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | Set the starting row number to return indicators from. Defaults to 0. | +| | __limit__ | query | _integer_ | Set the number of indicators to return. The number must be between 1 and 50000 | +| | __sort__ | query | _string_ | Order fields in ascending or descending order. Ex: published_date|asc. | +| | __filter__ | query | _string_ | Filter your query by specifying FQL filter parameters. Filter parameters include: _marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities. | +| | __q__ | query | _string_ | Perform a generic substring search across all fields. | +| | __include_deleted__ | query | _boolean_ | If true, include both published and deleted indicators in the response. Defaults to false. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'include_deleted': boolean + } + + response = falcon.QueryIntelIndicatorEntities(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'include_deleted': boolean +} + +response = falcon.command('QueryIntelIndicatorEntities', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### QueryIntelReportEntities +Get info about reports that match provided FQL filters. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | Set the starting row number to return reports from. Defaults to 0. | +| | __limit__ | query | _integer_ | Set the number of reports to return. The value must be between 1 and 5000. | +| | __sort__ | query | _string_ | Order fields in ascending or descending order. Ex: created_date|asc. | +| | __filter__ | query | _string_ | Filter your query by specifying FQL filter parameters. Filter parameters include: actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. | +| | __q__ | query | _string_ | Perform a generic substring search across all fields. | +| | __fields__ | query | array (_string_) | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: ____. Ex: slug __full__. Defaults to __basic__. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'fields': [ + 'string', + 'string' + ] + } + + response = falcon.QueryIntelReportEntities(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'fields': [ + 'string', + 'string' + ] +} + +response = falcon.command('QueryIntelReportEntities', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### GetIntelActorEntities +Retrieve specific actors using their actor IDs. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the actors you want to retrieve. | +| | __fields__ | query | array (_string_) | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: ____. Ex: slug __full__. Defaults to __basic__. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + PARAMS = { + 'fields': [ + 'string', + 'string' + ] + } + + IDS = 'ID1,ID2,ID3' + + response = falcon.GetIntelActorEntities(parameters=PARAMS, ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'fields': [ + 'string', + 'string' + ] +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetIntelActorEntities', parameters=PARAMS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### GetIntelIndicatorEntities +Retrieve specific indicators using their indicator IDs. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.GetIntelIndicatorEntities(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('GetIntelIndicatorEntities', body=BODY) +print(response) +falcon.deauthenticate() +``` +### GetIntelReportPDF +Return a Report PDF attachment + +#### Content-Type +- Produces: _application/octet-stream_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __id__ | query | _string_ | The ID of the report you want to download as a PDF. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + PARAMS = { + 'id': 'string' + } + + response = falcon.GetIntelReportPDF(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string' +} + +response = falcon.command('GetIntelReportPDF', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### GetIntelReportEntities +Retrieve specific reports using their report IDs. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the reports you want to retrieve. | +| | __fields__ | query | array (_string_) | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: ____. Ex: slug __full__. Defaults to __basic__. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + PARAMS = { + 'fields': [ + 'string', + 'string' + ] + } + + IDS = 'ID1,ID2,ID3' + + response = falcon.GetIntelReportEntities(parameters=PARAMS, ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'fields': [ + 'string', + 'string' + ] +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetIntelReportEntities', parameters=PARAMS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### GetIntelRuleFile +Download earlier rule sets. + +#### Content-Type +- Produces: _application/zip_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __Accept__ | header | _string_ | Choose the format you want the rule set in. | +| :white_check_mark: | __id__ | query | _integer_ | The ID of the rule set. | +| | __format__ | query | _string_ | Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + PARAMS = { + 'id': integer, + 'format': 'string' + } + + HEADERS = { + 'Accept': 'string' + } + + response = falcon.GetIntelRuleFile(parameters=PARAMS, headers=HEADERS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': integer, + 'format': 'string' +} + +HEADERS = { + 'Accept': 'string' +} + +response = falcon.command('GetIntelRuleFile', parameters=PARAMS, headers=HEADERS) +print(response) +falcon.deauthenticate() +``` +### GetLatestIntelRuleFile +Download the latest rule set. + +#### Content-Type +- Produces: _application/zip_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __Accept__ | header | _string_ | Choose the format you want the rule set in. | +| :white_check_mark: | __type__ | query | _string_ | The rule news report type. Accepted values: snort-suricata-master snort-suricata-update snort-suricata-changelog yara-master yara-update yara-changelog common-event-format netwitness | +| | __format__ | query | _string_ | Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + PARAMS = { + 'type': 'string', + 'format': 'string' + } + + HEADERS = { + 'Accept': 'string' + } + + response = falcon.GetLatestIntelRuleFile(parameters=PARAMS, headers=HEADERS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'type': 'string', + 'format': 'string' +} + +HEADERS = { + 'Accept': 'string' +} + +response = falcon.command('GetLatestIntelRuleFile', parameters=PARAMS, headers=HEADERS) +print(response) +falcon.deauthenticate() +``` +### GetIntelRuleEntities +Retrieve details for rule sets for the specified ids. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The ids of rules to return. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.GetIntelRuleEntities(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetIntelRuleEntities', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### QueryIntelActorIds +Get actor IDs that match provided FQL filters. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | Set the starting row number to return actors IDs from. Defaults to 0. | +| | __limit__ | query | _integer_ | Set the number of actor IDs to return. The value must be between 1 and 5000. | +| | __sort__ | query | _string_ | Order fields in ascending or descending order. Ex: created_date|asc. | +| | __filter__ | query | _string_ | Filter your query by specifying FQL filter parameters. Filter parameters include: actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. | +| | __q__ | query | _string_ | Perform a generic substring search across all fields. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string' + } + + response = falcon.QueryIntelActorIds(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string' +} + +response = falcon.command('QueryIntelActorIds', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### QueryIntelIndicatorIds +Get indicators IDs that match provided FQL filters. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | Set the starting row number to return indicator IDs from. Defaults to 0. | +| | __limit__ | query | _integer_ | Set the number of indicator IDs to return. The number must be between 1 and 50000 | +| | __sort__ | query | _string_ | Order fields in ascending or descending order. Ex: published_date|asc. | +| | __filter__ | query | _string_ | Filter your query by specifying FQL filter parameters. Filter parameters include: _marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities. | +| | __q__ | query | _string_ | Perform a generic substring search across all fields. | +| | __include_deleted__ | query | _boolean_ | If true, include both published and deleted indicators in the response. Defaults to false. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'include_deleted': boolean + } + + response = falcon.QueryIntelIndicatorIds(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'include_deleted': boolean +} + +response = falcon.command('QueryIntelIndicatorIds', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### QueryIntelReportIds +Get report IDs that match provided FQL filters. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | Set the starting row number to return report IDs from. Defaults to 0. | +| | __limit__ | query | _integer_ | Set the number of report IDs to return. The value must be between 1 and 5000. | +| | __sort__ | query | _string_ | Order fields in ascending or descending order. Ex: created_date|asc. | +| | __filter__ | query | _string_ | Filter your query by specifying FQL filter parameters. Filter parameters include: actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. | +| | __q__ | query | _string_ | Perform a generic substring search across all fields. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string' + } + + response = falcon.QueryIntelReportIds(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string', + 'q': 'string' +} + +response = falcon.command('QueryIntelReportIds', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### QueryIntelRuleIds +Search for rule IDs that match provided filter criteria. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | Set the starting row number to return reports from. Defaults to 0. | +| | __limit__ | query | _integer_ | The number of rule IDs to return. Defaults to 10. | +| | __sort__ | query | _string_ | Order fields in ascending or descending order. Ex: created_date|asc. | +| | __name__ | query | array (_string_) | Search by rule title. | +| :white_check_mark: | __type__ | query | _string_ | The rule news report type. Accepted values: snort-suricata-master snort-suricata-update snort-suricata-changelog yara-master yara-update yara-changelog common-event-format netwitness | +| | __description__ | query | array (_string_) | Substring match on description field. | +| | __tags__ | query | array (_string_) | Search for rule tags. | +| | __min_created_date__ | query | _integer_ | Filter results to those created on or after a certain date. | +| | __max_created_date__ | query | _string_ | Filter results to those created on or before a certain date. | +| | __q__ | query | _string_ | Perform a generic substring search across all fields. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import intel as FalconIntel + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIntel.Intel(access_token=token) + + PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'name': [ + 'string', + 'string' + ], + 'type': 'string', + 'description': [ + 'string', + 'string' + ], + 'tags': [ + 'string', + 'string' + ], + 'min_created_date': integer, + 'max_created_date': 'string', + 'q': 'string' + } + + response = falcon.QueryIntelRuleIds(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'name': [ + 'string', + 'string' + ], + 'type': 'string', + 'description': [ + 'string', + 'string' + ], + 'tags': [ + 'string', + 'string' + ], + 'min_created_date': integer, + 'max_created_date': 'string', + 'q': 'string' +} + +response = falcon.command('QueryIntelRuleIds', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/iocs.md b/docs/service-class/iocs.md new file mode 100644 index 00000000..d9c28fcf --- /dev/null +++ b/docs/service-class/iocs.md @@ -0,0 +1,582 @@ +# Using the IOCs service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [DevicesCount](#devicescount) | Number of hosts in your customer account that have observed a given custom IOC | +| [GetIOC](#getioc) | Get an IOC by providing a type and value | +| [CreateIOC](#createioc) | Create a new IOC | +| [DeleteIOC](#deleteioc) | Delete an IOC by providing a type and value | +| [UpdateIOC](#updateioc) | Update an IOC by providing a type and value | +| [DevicesRanOn](#devicesranon) | Find hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v1 | +| [QueryIOCs](#queryiocs) | Search the custom IOCs in your customer account | +| [ProcessesRanOn](#processesranon) | Search for processes associated with a custom IOC | +| [entities_processes](#entities.processes) | For the provided ProcessID retrieve the process details | +### DevicesCount +Number of hosts in your customer account that have observed a given custom IOC + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __type__ | query | _string_ | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. | +| :white_check_mark: | __value__ | query | _string_ | The string representation of the indicator | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import iocs as FalconIOCs + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIOCs.Iocs(access_token=token) + + PARAMS = { + 'type': 'string', + 'value': 'string' + } + + response = falcon.DevicesCount(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'type': 'string', + 'value': 'string' +} + +response = falcon.command('DevicesCount', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### GetIOC +Get an IOC by providing a type and value + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __type__ | query | _string_ | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. | +| :white_check_mark: | __value__ | query | _string_ | The string representation of the indicator | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import iocs as FalconIOCs + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIOCs.Iocs(access_token=token) + + PARAMS = { + 'type': 'string', + 'value': 'string' + } + + response = falcon.GetIOC(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'type': 'string', + 'value': 'string' +} + +response = falcon.command('GetIOC', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### CreateIOC +Create a new IOC + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Create a new IOC by providing a JSON object that includes these key/value pairs: **type** (required): The type of the indicator. Valid values: - sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. - md5: A hex-encoded md5 hash string. Length - min 32, max: 32. - domain: A domain name. Length - min: 1, max: 200. - ipv4: An IPv4 address. Must be a valid IP address. - ipv6: An IPv6 address. Must be a valid IP address. **value** (required): The string representation of the indicator. **policy** (required): Action to take when a host observes the custom IOC. Values: - detect: Enable detections for this custom IOC - none: Disable detections for this custom IOC **share_level** (optional): Visibility of this custom IOC. All custom IOCs are visible only within your customer account, so only one value is valid: - red **expiration_days** (optional): Number of days this custom IOC is active. Only applies for the types `domain`, `ipv4`, and `ipv6`. **source** (optional): The source where this indicator originated. This can be used for tracking where this indicator was defined. Limit 200 characters. **description** (optional): Descriptive label for this custom IOC | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import iocs as FalconIOCs + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIOCs.Iocs(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.CreateIOC(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('CreateIOC', body=BODY) +print(response) +falcon.deauthenticate() +``` +### DeleteIOC +Delete an IOC by providing a type and value + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __type__ | query | _string_ | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. | +| :white_check_mark: | __value__ | query | _string_ | The string representation of the indicator | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import iocs as FalconIOCs + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIOCs.Iocs(access_token=token) + + PARAMS = { + 'type': 'string', + 'value': 'string' + } + + response = falcon.DeleteIOC(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'type': 'string', + 'value': 'string' +} + +response = falcon.command('DeleteIOC', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### UpdateIOC +Update an IOC by providing a type and value + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +| :white_check_mark: | __type__ | query | _string_ | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. | +| :white_check_mark: | __value__ | query | _string_ | The string representation of the indicator | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import iocs as FalconIOCs + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIOCs.Iocs(access_token=token) + + PARAMS = { + 'type': 'string', + 'value': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.UpdateIOC(parameters=PARAMS, body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'type': 'string', + 'value': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('UpdateIOC', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### DevicesRanOn +Find hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v1 + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __type__ | query | _string_ | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. | +| :white_check_mark: | __value__ | query | _string_ | The string representation of the indicator | +| | __limit__ | query | _string_ | The first process to return, where 0 is the latest offset. Use with the offset parameter to manage pagination of results. | +| | __offset__ | query | _string_ | The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import iocs as FalconIOCs + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIOCs.Iocs(access_token=token) + + PARAMS = { + 'type': 'string', + 'value': 'string', + 'limit': 'string', + 'offset': 'string' + } + + response = falcon.DevicesRanOn(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'type': 'string', + 'value': 'string', + 'limit': 'string', + 'offset': 'string' +} + +response = falcon.command('DevicesRanOn', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### QueryIOCs +Search the custom IOCs in your customer account + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __types__ | query | _string_ | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. | +| | __values__ | query | _string_ | The string representation of the indicator | +| | __from.expiration_timestamp__ | query | _string_ | Find custom IOCs created after this time (RFC-3339 timestamp) | +| | __to.expiration_timestamp__ | query | _string_ | Find custom IOCs created before this time (RFC-3339 timestamp) | +| | __policies__ | query | _string_ | ndetect: Find custom IOCs that produce notificationsnnnone: Find custom IOCs the particular indicator has been detected on a host. This is equivalent to turning the indicator off. | +| | __sources__ | query | _string_ | The source where this indicator originated. This can be used for tracking where this indicator was defined. Limit 200 characters. | +| | __share_levels__ | query | _string_ | The level at which the indicator will be shared. Currently only red share level (not shared) is supported, indicating that the IOC isn't shared with other FH customers. | +| | __created_by__ | query | _string_ | created_by | +| | __deleted_by__ | query | _string_ | The user or API client who deleted the custom IOC | +| | __include_deleted__ | query | _string_ | true: Include deleted IOCs false: Don't include deleted IOCs (default) | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import iocs as FalconIOCs + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIOCs.Iocs(access_token=token) + + PARAMS = { + 'types': 'string', + 'values': 'string', + 'from.expiration_timestamp': 'string', + 'to.expiration_timestamp': 'string', + 'policies': 'string', + 'sources': 'string', + 'share_levels': 'string', + 'created_by': 'string', + 'deleted_by': 'string', + 'include_deleted': 'string' + } + + response = falcon.QueryIOCs(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'types': 'string', + 'values': 'string', + 'from.expiration_timestamp': 'string', + 'to.expiration_timestamp': 'string', + 'policies': 'string', + 'sources': 'string', + 'share_levels': 'string', + 'created_by': 'string', + 'deleted_by': 'string', + 'include_deleted': 'string' +} + +response = falcon.command('QueryIOCs', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### ProcessesRanOn +Search for processes associated with a custom IOC + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __type__ | query | _string_ | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. | +| :white_check_mark: | __value__ | query | _string_ | The string representation of the indicator | +| :white_check_mark: | __device_id__ | query | _string_ | Specify a host's ID to return only processes from that host. Get a host's ID from GET /devices/queries/devices/v1, the Falcon console, or the Streaming API. | +| | __limit__ | query | _string_ | The first process to return, where 0 is the latest offset. Use with the offset parameter to manage pagination of results. | +| | __offset__ | query | _string_ | The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import iocs as FalconIOCs + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIOCs.Iocs(access_token=token) + + PARAMS = { + 'type': 'string', + 'value': 'string', + 'device_id': 'string', + 'limit': 'string', + 'offset': 'string' + } + + response = falcon.ProcessesRanOn(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'type': 'string', + 'value': 'string', + 'device_id': 'string', + 'limit': 'string', + 'offset': 'string' +} + +response = falcon.command('ProcessesRanOn', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### entities_processes +For the provided ProcessID retrieve the process details + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | ProcessID for the running process you want to lookup | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import iocs as FalconIOCs + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconIOCs.Iocs(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.entities.processes(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('entities.processes', ids=IDS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/oauth2.md b/docs/service-class/oauth2.md new file mode 100644 index 00000000..3f5442c8 --- /dev/null +++ b/docs/service-class/oauth2.md @@ -0,0 +1,123 @@ +# Using the OAuth2 service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [oauth2RevokeToken](#oauth2revoketoken) | Revoke a previously issued OAuth2 access token before the end of its standard 30-minute lifespan. | +| [oauth2AccessToken](#oauth2accesstoken) | Generate an OAuth2 access token | +### oauth2RevokeToken +Revoke a previously issued OAuth2 access token before the end of its standard 30-minute lifespan. + +#### Content-Type +- Consumes: _application/x-www-form-urlencoded_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __token__ | formData | _string_ | The OAuth2 access token you want to revoke. Include your API client ID and secret in basic auth format (`Authorization: basic `) in your request header. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconAuth.OAuth2(access_token=token) + + PAYLOAD = { + 'token': 'string' + } + + response = falcon.oauth2RevokeToken(data=PAYLOAD) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PAYLOAD = { + 'token': 'string' +} + +response = falcon.command('oauth2RevokeToken', data=PAYLOAD) +print(response) +falcon.deauthenticate() +``` +### oauth2AccessToken +Generate an OAuth2 access token + +#### Content-Type +- Consumes: _application/x-www-form-urlencoded_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __client_id__ | formData | _string_ | The API client ID to authenticate your API requests. For information on generating API clients, see [API documentation inside Falcon](https://falcon.crowdstrike.com/support/documentation/1/crowdstrike-api-introduction-for-developers). | +| :white_check_mark: | __client_secret__ | formData | _string_ | The API client secret to authenticate your API requests. For information on generating API clients, see [API documentation inside Falcon](https://falcon.crowdstrike.com/support/documentation/1/crowdstrike-api-introduction-for-developers). | +| | __member_cid__ | formData | _string_ | For MSSP Master CIDs, optionally lock the token to act on behalf of this member CID | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconAuth.OAuth2(access_token=token) + + PAYLOAD = { + 'client_id': 'string', + 'client_secret': 'string', + 'member_cid': 'string' + } + + response = falcon.oauth2AccessToken(data=PAYLOAD) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PAYLOAD = { + 'client_id': 'string', + 'client_secret': 'string', + 'member_cid': 'string' +} + +response = falcon.command('oauth2AccessToken', data=PAYLOAD) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/prevention-policies.md b/docs/service-class/prevention-policies.md new file mode 100644 index 00000000..8f961330 --- /dev/null +++ b/docs/service-class/prevention-policies.md @@ -0,0 +1,324 @@ +# Using the Prevention Policies service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-X%20No-red.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [queryCombinedPreventionPolicyMembers](#querycombinedpreventionpolicymembers) | Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria | +| [queryCombinedPreventionPolicies](#querycombinedpreventionpolicies) | Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria | +| [performPreventionPoliciesAction](#performpreventionpoliciesaction) | Perform the specified action on the Prevention Policies specified in the request | +| [setPreventionPoliciesPrecedence](#setpreventionpoliciesprecedence) | Sets the precedence of Prevention Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence | +| [getPreventionPolicies](#getpreventionpolicies) | Retrieve a set of Prevention Policies by specifying their IDs | +| [createPreventionPolicies](#createpreventionpolicies) | Create Prevention Policies by specifying details about the policy to create | +| [deletePreventionPolicies](#deletepreventionpolicies) | Delete a set of Prevention Policies by specifying their IDs | +| [updatePreventionPolicies](#updatepreventionpolicies) | Update Prevention Policies by specifying the ID of the policy and details to update | +| [queryPreventionPolicyMembers](#querypreventionpolicymembers) | Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria | +| [queryPreventionPolicies](#querypreventionpolicies) | Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria | +### queryCombinedPreventionPolicyMembers +Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __id__ | query | _string_ | The ID of the Prevention Policy to search for members of | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string', + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryCombinedPreventionPolicyMembers', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### queryCombinedPreventionPolicies +Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryCombinedPreventionPolicies', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### performPreventionPoliciesAction +Perform the specified action on the Prevention Policies specified in the request + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __action_name__ | query | _string_ | The action to perform | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'action_name': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('performPreventionPoliciesAction', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### setPreventionPoliciesPrecedence +Sets the precedence of Prevention Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('setPreventionPoliciesPrecedence', body=BODY) +print(response) +falcon.deauthenticate() +``` +### getPreventionPolicies +Retrieve a set of Prevention Policies by specifying their IDs + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the Prevention Policies to return | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('getPreventionPolicies', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### createPreventionPolicies +Create Prevention Policies by specifying details about the policy to create + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('createPreventionPolicies', body=BODY) +print(response) +falcon.deauthenticate() +``` +### deletePreventionPolicies +Delete a set of Prevention Policies by specifying their IDs + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the Prevention Policies to delete | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('deletePreventionPolicies', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### updatePreventionPolicies +Update Prevention Policies by specifying the ID of the policy and details to update + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('updatePreventionPolicies', body=BODY) +print(response) +falcon.deauthenticate() +``` +### queryPreventionPolicyMembers +Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __id__ | query | _string_ | The ID of the Prevention Policy to search for members of | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string', + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryPreventionPolicyMembers', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### queryPreventionPolicies +Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryPreventionPolicies', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/real-time-response-admin.md b/docs/service-class/real-time-response-admin.md new file mode 100644 index 00000000..b7322755 --- /dev/null +++ b/docs/service-class/real-time-response-admin.md @@ -0,0 +1,751 @@ +# Using the Real Time Response Admin service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [BatchAdminCmd](#batchadmincmd) | Batch executes a RTR administrator command across the hosts mapped to the given batch ID. | +| [RTR_CheckAdminCommandStatus](#rtr-checkadmincommandstatus) | Get status of an executed RTR administrator command on a single host. | +| [RTR_ExecuteAdminCommand](#rtr-executeadmincommand) | Execute a RTR administrator command on a single host. | +| [RTR_GetPut_Files](#rtr-getput-files) | Get put-files based on the ID's given. These are used for the RTR `put` command. | +| [RTR_CreatePut_Files](#rtr-createput-files) | Upload a new put-file to use for the RTR `put` command. | +| [RTR_DeletePut_Files](#rtr-deleteput-files) | Delete a put-file based on the ID given. Can only delete one file at a time. | +| [RTR_GetScripts](#rtr-getscripts) | Get custom-scripts based on the ID's given. These are used for the RTR `runscript` command. | +| [RTR_CreateScripts](#rtr-createscripts) | Upload a new custom-script to use for the RTR `runscript` command. | +| [RTR_DeleteScripts](#rtr-deletescripts) | Delete a custom-script based on the ID given. Can only delete one script at a time. | +| [RTR_UpdateScripts](#rtr-updatescripts) | Upload a new scripts to replace an existing one. | +| [RTR_ListPut_Files](#rtr-listput-files) | Get a list of put-file ID's that are available to the user for the `put` command. | +| [RTR_ListScripts](#rtr-listscripts) | Get a list of custom-script ID's that are available to the user for the `runscript` command. | +### BatchAdminCmd +Batch executes a RTR administrator command across the hosts mapped to the given batch ID. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __timeout__ | query | _integer_ | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | +| | __timeout_duration__ | query | _string_ | Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes. | +| :white_check_mark: | __body__ | body | _string_ | Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `put` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `run` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip` **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`. **`command_string`** Full command string for the command. For example `get some_file.txt` **`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response_admin as FalconRTRAdmin + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTRAdmin.Real_Time_Response_Admin(access_token=token) + + PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.BatchAdminCmd(parameters=PARAMS, body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('BatchAdminCmd', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### RTR_CheckAdminCommandStatus +Get status of an executed RTR administrator command on a single host. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __cloud_request_id__ | query | _string_ | Cloud Request ID of the executed command to query | +| :white_check_mark: | __sequence_id__ | query | _integer_ | Sequence ID that we want to retrieve. Command responses are chunked across sequences | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response_admin as FalconRTRAdmin + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTRAdmin.Real_Time_Response_Admin(access_token=token) + + PARAMS = { + 'cloud_request_id': 'string', + 'sequence_id': integer + } + + response = falcon.RTR-CheckAdminCommandStatus(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'cloud_request_id': 'string', + 'sequence_id': integer +} + +response = falcon.command('RTR-CheckAdminCommandStatus', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### RTR_ExecuteAdminCommand +Execute a RTR administrator command on a single host. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `put` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `run` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip` Required values. The rest of the fields are unused. **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands. **`command_string`** Full command string for the command. For example `get some_file.txt` **`session_id`** RTR session ID to run the command on | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response_admin as FalconRTRAdmin + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTRAdmin.Real_Time_Response_Admin(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.RTR-ExecuteAdminCommand(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('RTR-ExecuteAdminCommand', body=BODY) +print(response) +falcon.deauthenticate() +``` +### RTR_GetPut_Files +Get put-files based on the ID's given. These are used for the RTR `put` command. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | File IDs | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response_admin as FalconRTRAdmin + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTRAdmin.Real_Time_Response_Admin(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.RTR-GetPut-Files(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('RTR-GetPut-Files', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### RTR_CreatePut_Files +Upload a new put-file to use for the RTR `put` command. + +#### Content-Type +- Consumes: _multipart/form-data_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __file__ | formData | _file_ | put-file to upload | +| :white_check_mark: | __description__ | formData | _string_ | File description | +| | __name__ | formData | _string_ | File name (if different than actual file name) | +| | __comments_for_audit_log__ | formData | _string_ | The audit log comment | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response_admin as FalconRTRAdmin + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTRAdmin.Real_Time_Response_Admin(access_token=token) + + PAYLOAD = { + 'description': 'string', + 'name': 'string', + 'comments_for_audit_log': 'string' + } + + response = falcon.RTR-CreatePut-Files(data=PAYLOAD, files=[('file', ('testfile.jpg', open('testfile.jpg','rb').read(), 'image/jpg'))]) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PAYLOAD = { + 'description': 'string', + 'name': 'string', + 'comments_for_audit_log': 'string' +} + +response = falcon.command('RTR-CreatePut-Files', data=PAYLOAD, files=[('file', ('testfile.jpg', open('testfile.jpg','rb').read(), 'image/jpg'))]) +print(response) +falcon.deauthenticate() +``` +### RTR_DeletePut_Files +Delete a put-file based on the ID given. Can only delete one file at a time. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | _string_ | File id | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response_admin as FalconRTRAdmin + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTRAdmin.Real_Time_Response_Admin(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.RTR-DeletePut-Files(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('RTR-DeletePut-Files', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### RTR_GetScripts +Get custom-scripts based on the ID's given. These are used for the RTR `runscript` command. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | File IDs | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response_admin as FalconRTRAdmin + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTRAdmin.Real_Time_Response_Admin(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.RTR-GetScripts(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('RTR-GetScripts', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### RTR_CreateScripts +Upload a new custom-script to use for the RTR `runscript` command. + +#### Content-Type +- Consumes: _multipart/form-data_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __file__ | formData | _file_ | custom-script file to upload. These should be powershell scripts. | +| :white_check_mark: | __description__ | formData | _string_ | File description | +| | __name__ | formData | _string_ | File name (if different than actual file name) | +| | __comments_for_audit_log__ | formData | _string_ | The audit log comment | +| :white_check_mark: | __permission_type__ | formData | _string_ | Permission for the custom-script. Valid permission values: - `private`, usable by only the user who uploaded it - `group`, usable by all RTR Admins - `public`, usable by all active-responders and RTR admins | +| | __content__ | formData | _string_ | The script text that you want to use to upload | +| | __platform__ | formData | array (_string_) | Platforms for the file. Currently supports: windows, mac, linux, . If no platform is provided, it will default to 'windows' | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response_admin as FalconRTRAdmin + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTRAdmin.Real_Time_Response_Admin(access_token=token) + + PAYLOAD = { + 'description': 'string', + 'name': 'string', + 'comments_for_audit_log': 'string', + 'permission_type': 'string', + 'content': 'string', + 'platform': [ + 'string', + 'string' + ] + } + + response = falcon.RTR-CreateScripts(data=PAYLOAD, files=[('file', ('testfile.jpg', open('testfile.jpg','rb').read(), 'image/jpg'))]) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PAYLOAD = { + 'description': 'string', + 'name': 'string', + 'comments_for_audit_log': 'string', + 'permission_type': 'string', + 'content': 'string', + 'platform': [ + 'string', + 'string' + ] +} + +response = falcon.command('RTR-CreateScripts', data=PAYLOAD, files=[('file', ('testfile.jpg', open('testfile.jpg','rb').read(), 'image/jpg'))]) +print(response) +falcon.deauthenticate() +``` +### RTR_DeleteScripts +Delete a custom-script based on the ID given. Can only delete one script at a time. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | _string_ | File id | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response_admin as FalconRTRAdmin + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTRAdmin.Real_Time_Response_Admin(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.RTR-DeleteScripts(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('RTR-DeleteScripts', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### RTR_UpdateScripts +Upload a new scripts to replace an existing one. + +#### Content-Type +- Consumes: _multipart/form-data_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __id__ | formData | _string_ | ID to update | +| | __file__ | formData | _file_ | custom-script file to upload. These should be powershell scripts. | +| | __description__ | formData | _string_ | File description | +| | __name__ | formData | _string_ | File name (if different than actual file name) | +| | __comments_for_audit_log__ | formData | _string_ | The audit log comment | +| | __permission_type__ | formData | _string_ | Permission for the custom-script. Valid permission values: - `private`, usable by only the user who uploaded it - `group`, usable by all RTR Admins - `public`, usable by all active-responders and RTR admins | +| | __content__ | formData | _string_ | The script text that you want to use to upload | +| | __platform__ | formData | array (_string_) | Platforms for the file. Currently supports: windows, mac, | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response_admin as FalconRTRAdmin + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTRAdmin.Real_Time_Response_Admin(access_token=token) + + PAYLOAD = { + 'id': 'string', + 'description': 'string', + 'name': 'string', + 'comments_for_audit_log': 'string', + 'permission_type': 'string', + 'content': 'string', + 'platform': [ + 'string', + 'string' + ] + } + + response = falcon.RTR-UpdateScripts(data=PAYLOAD, files=[('file', ('testfile.jpg', open('testfile.jpg','rb').read(), 'image/jpg'))]) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PAYLOAD = { + 'id': 'string', + 'description': 'string', + 'name': 'string', + 'comments_for_audit_log': 'string', + 'permission_type': 'string', + 'content': 'string', + 'platform': [ + 'string', + 'string' + ] +} + +response = falcon.command('RTR-UpdateScripts', data=PAYLOAD, files=[('file', ('testfile.jpg', open('testfile.jpg','rb').read(), 'image/jpg'))]) +print(response) +falcon.deauthenticate() +``` +### RTR_ListPut_Files +Get a list of put-file ID's that are available to the user for the `put` command. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return ids. | +| | __limit__ | query | _integer_ | Number of ids to return. | +| | __sort__ | query | _string_ | Sort by spec. Ex: 'created_at|asc'. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response_admin as FalconRTRAdmin + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTRAdmin.Real_Time_Response_Admin(access_token=token) + + PARAMS = { + 'filter': 'string', + 'offset': 'string', + 'limit': integer, + 'sort': 'string' + } + + response = falcon.RTR-ListPut-Files(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': 'string', + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('RTR-ListPut-Files', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### RTR_ListScripts +Get a list of custom-script ID's that are available to the user for the `runscript` command. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return ids. | +| | __limit__ | query | _integer_ | Number of ids to return. | +| | __sort__ | query | _string_ | Sort by spec. Ex: 'created_at|asc'. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response_admin as FalconRTRAdmin + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTRAdmin.Real_Time_Response_Admin(access_token=token) + + PARAMS = { + 'filter': 'string', + 'offset': 'string', + 'limit': integer, + 'sort': 'string' + } + + response = falcon.RTR-ListScripts(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': 'string', + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('RTR-ListScripts', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/real-time-response.md b/docs/service-class/real-time-response.md new file mode 100644 index 00000000..fd69b5eb --- /dev/null +++ b/docs/service-class/real-time-response.md @@ -0,0 +1,1276 @@ +# Using the Real Time Response service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [RTR_AggregateSessions](#rtr-aggregatesessions) | Get aggregates on session data. | +| [BatchActiveResponderCmd](#batchactiverespondercmd) | Batch executes a RTR active-responder command across the hosts mapped to the given batch ID. | +| [BatchCmd](#batchcmd) | Batch executes a RTR read-only command across the hosts mapped to the given batch ID. | +| [BatchGetCmdStatus](#batchgetcmdstatus) | Retrieves the status of the specified batch get command. Will return successful files when they are finished processing. | +| [BatchGetCmd](#batchgetcmd) | Batch executes `get` command across hosts to retrieve files. After this call is made `GET /real-time-response/combined/batch-get-command/v1` is used to query for the results. | +| [BatchInitSessions](#batchinitsessions) | Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host. | +| [BatchRefreshSessions](#batchrefreshsessions) | Batch refresh a RTR session on multiple hosts. RTR sessions will expire after 10 minutes unless refreshed. | +| [RTR_CheckActiveResponderCommandStatus](#rtr-checkactiverespondercommandstatus) | Get status of an executed active-responder command on a single host. | +| [RTR_ExecuteActiveResponderCommand](#rtr-executeactiverespondercommand) | Execute an active responder command on a single host. | +| [RTR_CheckCommandStatus](#rtr-checkcommandstatus) | Get status of an executed command on a single host. | +| [RTR_ExecuteCommand](#rtr-executecommand) | Execute a command on a single host. | +| [RTR_GetExtractedFileContents](#rtr-getextractedfilecontents) | Get RTR extracted file contents for specified session and sha256. | +| [RTR_ListFiles](#rtr-listfiles) | Get a list of files for the specified RTR session. | +| [RTR_DeleteFile](#rtr-deletefile) | Delete a RTR session file. | +| [RTR_ListQueuedSessions](#rtr-listqueuedsessions) | Get queued session metadata by session ID. | +| [RTR_DeleteQueuedSession](#rtr-deletequeuedsession) | Delete a queued session command | +| [RTR_PulseSession](#rtr-pulsesession) | Refresh a session timeout on a single host. | +| [RTR_ListSessions](#rtr-listsessions) | Get session metadata by session id. | +| [RTR_InitSession](#rtr-initsession) | Initialize a new session with the RTR cloud. | +| [RTR_DeleteSession](#rtr-deletesession) | Delete a session. | +| [RTR_ListAllSessions](#rtr-listallsessions) | Get a list of session_ids. | +### RTR_AggregateSessions +Get aggregates on session data. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Supported aggregations: - `term` - `date_range` Supported aggregation members: **`date_ranges`** If peforming a date range query specify the **`from`** and **`to`** date ranges. These can be in common date formats like `2019-07-18` or `now` **`field`** Term you want to aggregate on. If doing a `date_range` query, this is the date field you want to apply the date ranges to **`filter`** Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). **`name`** Name of the aggregation **`size`** Size limit to apply to the queries. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.RTR-AggregateSessions(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('RTR-AggregateSessions', body=BODY) +print(response) +falcon.deauthenticate() +``` +### BatchActiveResponderCmd +Batch executes a RTR active-responder command across the hosts mapped to the given batch ID. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __timeout__ | query | _integer_ | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | +| | __timeout_duration__ | query | _string_ | Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes. | +| :white_check_mark: | __body__ | body | _string_ | Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip` **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`. **`command_string`** Full command string for the command. For example `get some_file.txt` **`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.BatchActiveResponderCmd(parameters=PARAMS, body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('BatchActiveResponderCmd', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### BatchCmd +Batch executes a RTR read-only command across the hosts mapped to the given batch ID. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __timeout__ | query | _integer_ | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | +| | __timeout_duration__ | query | _string_ | Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes. | +| :white_check_mark: | __body__ | body | _string_ | Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `env` - `eventlog` - `filehash` - `getsid` - `help` - `history` - `ipconfig` - `ls` - `mount` - `netstat` - `ps` - `reg query` **`base_command`** read-only command type we are going to execute, for example: `ls` or `cd`. Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`. **`command_string`** Full command string for the command. For example `cd C:some_directory` **`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.BatchCmd(parameters=PARAMS, body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('BatchCmd', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### BatchGetCmdStatus +Retrieves the status of the specified batch get command. Will return successful files when they are finished processing. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __timeout__ | query | _integer_ | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | +| | __timeout_duration__ | query | _string_ | Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes. | +| :white_check_mark: | __batch_get_cmd_req_id__ | query | _string_ | Batch Get Command Request ID received from `/real-time-response/combined/get-command/v1` | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string', + 'batch_get_cmd_req_id': 'string' + } + + response = falcon.BatchGetCmdStatus(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string', + 'batch_get_cmd_req_id': 'string' +} + +response = falcon.command('BatchGetCmdStatus', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### BatchGetCmd +Batch executes `get` command across hosts to retrieve files. After this call is made `GET /real-time-response/combined/batch-get-command/v1` is used to query for the results. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __timeout__ | query | _integer_ | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | +| | __timeout_duration__ | query | _string_ | Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes. | +| :white_check_mark: | __body__ | body | _string_ | **`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`. **`file_path`** Full path to the file that is to be retrieved from each host in the batch. **`optional_hosts`** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.BatchGetCmd(parameters=PARAMS, body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('BatchGetCmd', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### BatchInitSessions +Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __timeout__ | query | _integer_ | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | +| | __timeout_duration__ | query | _string_ | Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes. | +| :white_check_mark: | __body__ | body | _string_ | **`host_ids`** List of host agent ID's to initialize a RTR session on **`existing_batch_id`** Optional batch ID. Use an existing batch ID if you want to initialize new hosts and add them to the existing batch | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.BatchInitSessions(parameters=PARAMS, body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('BatchInitSessions', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### BatchRefreshSessions +Batch refresh a RTR session on multiple hosts. RTR sessions will expire after 10 minutes unless refreshed. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __timeout__ | query | _integer_ | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | +| | __timeout_duration__ | query | _string_ | Timeout duration for for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes. | +| :white_check_mark: | __body__ | body | _string_ | **`batch_id`** Batch ID to execute the command on. Received from `/real-time-response/combined/init-sessions/v1`. **`hosts_to_remove`** Hosts to remove from the batch session. Heartbeats will no longer happen on these hosts and the sessions will expire. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.BatchRefreshSessions(parameters=PARAMS, body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'timeout': integer, + 'timeout_duration': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('BatchRefreshSessions', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### RTR_CheckActiveResponderCommandStatus +Get status of an executed active-responder command on a single host. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __cloud_request_id__ | query | _string_ | Cloud Request ID of the executed command to query | +| :white_check_mark: | __sequence_id__ | query | _integer_ | Sequence ID that we want to retrieve. Command responses are chunked across sequences | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'cloud_request_id': 'string', + 'sequence_id': integer + } + + response = falcon.RTR-CheckActiveResponderCommandStatus(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'cloud_request_id': 'string', + 'sequence_id': integer +} + +response = falcon.command('RTR-CheckActiveResponderCommandStatus', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### RTR_ExecuteActiveResponderCommand +Execute an active responder command on a single host. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip` Required values. The rest of the fields are unused. **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands. **`command_string`** Full command string for the command. For example `get some_file.txt` **`session_id`** RTR session ID to run the command on | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.RTR-ExecuteActiveResponderCommand(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('RTR-ExecuteActiveResponderCommand', body=BODY) +print(response) +falcon.deauthenticate() +``` +### RTR_CheckCommandStatus +Get status of an executed command on a single host. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __cloud_request_id__ | query | _string_ | Cloud Request ID of the executed command to query | +| :white_check_mark: | __sequence_id__ | query | _integer_ | Sequence ID that we want to retrieve. Command responses are chunked across sequences | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'cloud_request_id': 'string', + 'sequence_id': integer + } + + response = falcon.RTR-CheckCommandStatus(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'cloud_request_id': 'string', + 'sequence_id': integer +} + +response = falcon.command('RTR-CheckCommandStatus', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### RTR_ExecuteCommand +Execute a command on a single host. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `env` - `eventlog` - `filehash` - `getsid` - `help` - `history` - `ipconfig` - `ls` - `mount` - `netstat` - `ps` - `reg query` Required values. The rest of the fields are unused. **`base_command`** read-only command type we are going to execute, for example: `ls` or `cd`. Refer to the RTR documentation for the full list of commands. **`command_string`** Full command string for the command. For example `cd C:some_directory` **`session_id`** RTR session ID to run the command on | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.RTR-ExecuteCommand(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('RTR-ExecuteCommand', body=BODY) +print(response) +falcon.deauthenticate() +``` +### RTR_GetExtractedFileContents +Get RTR extracted file contents for specified session and sha256. + +#### Content-Type +- Produces: _application/x-7z-compressed_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __session_id__ | query | _string_ | RTR Session id | +| :white_check_mark: | __sha256__ | query | _string_ | Extracted SHA256 (e.g. 'efa256a96af3b556cd3fc9d8b1cf587d72807d7805ced441e8149fc279db422b') | +| | __filename__ | query | _string_ | Filename to use for the archive name and the file within the archive. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'session_id': 'string', + 'sha256': 'string', + 'filename': 'string' + } + + response = falcon.RTR-GetExtractedFileContents(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'session_id': 'string', + 'sha256': 'string', + 'filename': 'string' +} + +response = falcon.command('RTR-GetExtractedFileContents', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### RTR_ListFiles +Get a list of files for the specified RTR session. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __session_id__ | query | _string_ | RTR Session id | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'session_id': 'string' + } + + response = falcon.RTR-ListFiles(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'session_id': 'string' +} + +response = falcon.command('RTR-ListFiles', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### RTR_DeleteFile +Delete a RTR session file. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | _string_ | RTR Session file id | +| :white_check_mark: | __session_id__ | query | _string_ | RTR Session id | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'session_id': 'string' + } + + IDS = 'ID1,ID2,ID3' + + response = falcon.RTR-DeleteFile(parameters=PARAMS, ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'session_id': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('RTR-DeleteFile', parameters=PARAMS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### RTR_ListQueuedSessions +Get queued session metadata by session ID. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | **`ids`** List of RTR sessions to retrieve. RTR will only return the sessions that were created by the calling user | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.RTR-ListQueuedSessions(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('RTR-ListQueuedSessions', body=BODY) +print(response) +falcon.deauthenticate() +``` +### RTR_DeleteQueuedSession +Delete a queued session command + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __session_id__ | query | _string_ | RTR Session id | +| :white_check_mark: | __cloud_request_id__ | query | _string_ | Cloud Request ID of the executed command to query | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'session_id': 'string', + 'cloud_request_id': 'string' + } + + response = falcon.RTR-DeleteQueuedSession(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'session_id': 'string', + 'cloud_request_id': 'string' +} + +response = falcon.command('RTR-DeleteQueuedSession', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### RTR_PulseSession +Refresh a session timeout on a single host. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | **`device_id`** The host agent ID to refresh the RTR session on. RTR will retrieve an existing session for the calling user on this host | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.RTR-PulseSession(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('RTR-PulseSession', body=BODY) +print(response) +falcon.deauthenticate() +``` +### RTR_ListSessions +Get session metadata by session id. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | **`ids`** List of RTR sessions to retrieve. RTR will only return the sessions that were created by the calling user | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.RTR-ListSessions(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('RTR-ListSessions', body=BODY) +print(response) +falcon.deauthenticate() +``` +### RTR_InitSession +Initialize a new session with the RTR cloud. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | **`device_id`** The host agent ID to initialize the RTR session on. RTR will retrieve an existing session for the calling user on this host | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.RTR-InitSession(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('RTR-InitSession', body=BODY) +print(response) +falcon.deauthenticate() +``` +### RTR_DeleteSession +Delete a session. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __session_id__ | query | _string_ | RTR Session id | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'session_id': 'string' + } + + response = falcon.RTR-DeleteSession(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'session_id': 'string' +} + +response = falcon.command('RTR-DeleteSession', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### RTR_ListAllSessions +Get a list of session_ids. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return ids. | +| | __limit__ | query | _integer_ | Number of ids to return. | +| | __sort__ | query | _string_ | Sort by spec. Ex: 'date_created|asc'. | +| | __filter__ | query | _string_ | Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). “user_id” can accept a special value ‘@me’ which will restrict results to records with current user’s ID. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import real_time_response as FalconRTR + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconRTR.Real_Time_Response(access_token=token) + + PARAMS = { + 'offset': 'string', + 'limit': integer, + 'sort': 'string', + 'filter': 'string' + } + + response = falcon.RTR-ListAllSessions(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': 'string', + 'limit': integer, + 'sort': 'string', + 'filter': 'string' +} + +response = falcon.command('RTR-ListAllSessions', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/sensor-update-policies.md b/docs/service-class/sensor-update-policies.md new file mode 100644 index 00000000..aa33ba84 --- /dev/null +++ b/docs/service-class/sensor-update-policies.md @@ -0,0 +1,502 @@ +# Using the Sensor Update Policies service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-X%20No-red.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [revealUninstallToken](#revealuninstalltoken) | Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id' | +| [queryCombinedSensorUpdateBuilds](#querycombinedsensorupdatebuilds) | Retrieve available builds for use with Sensor Update Policies | +| [queryCombinedSensorUpdatePolicyMembers](#querycombinedsensorupdatepolicymembers) | Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria | +| [queryCombinedSensorUpdatePolicies](#querycombinedsensorupdatepolicies) | Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria | +| [queryCombinedSensorUpdatePoliciesV2](#querycombinedsensorupdatepoliciesv2) | Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria | +| [performSensorUpdatePoliciesAction](#performsensorupdatepoliciesaction) | Perform the specified action on the Sensor Update Policies specified in the request | +| [setSensorUpdatePoliciesPrecedence](#setsensorupdatepoliciesprecedence) | Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence | +| [getSensorUpdatePolicies](#getsensorupdatepolicies) | Retrieve a set of Sensor Update Policies by specifying their IDs | +| [createSensorUpdatePolicies](#createsensorupdatepolicies) | Create Sensor Update Policies by specifying details about the policy to create | +| [deleteSensorUpdatePolicies](#deletesensorupdatepolicies) | Delete a set of Sensor Update Policies by specifying their IDs | +| [updateSensorUpdatePolicies](#updatesensorupdatepolicies) | Update Sensor Update Policies by specifying the ID of the policy and details to update | +| [getSensorUpdatePoliciesV2](#getsensorupdatepoliciesv2) | Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs | +| [createSensorUpdatePoliciesV2](#createsensorupdatepoliciesv2) | Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection | +| [updateSensorUpdatePoliciesV2](#updatesensorupdatepoliciesv2) | Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection | +| [querySensorUpdatePolicyMembers](#querysensorupdatepolicymembers) | Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria | +| [querySensorUpdatePolicies](#querysensorupdatepolicies) | Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria | +### revealUninstallToken +Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id' + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('revealUninstallToken', body=BODY) +print(response) +falcon.deauthenticate() +``` +### queryCombinedSensorUpdateBuilds +Retrieve available builds for use with Sensor Update Policies + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __platform__ | query | _string_ | The platform to return builds for | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'platform': 'string' +} + +response = falcon.command('queryCombinedSensorUpdateBuilds', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### queryCombinedSensorUpdatePolicyMembers +Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __id__ | query | _string_ | The ID of the Sensor Update Policy to search for members of | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string', + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryCombinedSensorUpdatePolicyMembers', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### queryCombinedSensorUpdatePolicies +Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryCombinedSensorUpdatePolicies', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### queryCombinedSensorUpdatePoliciesV2 +Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryCombinedSensorUpdatePoliciesV2', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### performSensorUpdatePoliciesAction +Perform the specified action on the Sensor Update Policies specified in the request + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __action_name__ | query | _string_ | The action to perform | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'action_name': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('performSensorUpdatePoliciesAction', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### setSensorUpdatePoliciesPrecedence +Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('setSensorUpdatePoliciesPrecedence', body=BODY) +print(response) +falcon.deauthenticate() +``` +### getSensorUpdatePolicies +Retrieve a set of Sensor Update Policies by specifying their IDs + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the Sensor Update Policies to return | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('getSensorUpdatePolicies', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### createSensorUpdatePolicies +Create Sensor Update Policies by specifying details about the policy to create + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('createSensorUpdatePolicies', body=BODY) +print(response) +falcon.deauthenticate() +``` +### deleteSensorUpdatePolicies +Delete a set of Sensor Update Policies by specifying their IDs + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the Sensor Update Policies to delete | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('deleteSensorUpdatePolicies', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### updateSensorUpdatePolicies +Update Sensor Update Policies by specifying the ID of the policy and details to update + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('updateSensorUpdatePolicies', body=BODY) +print(response) +falcon.deauthenticate() +``` +### getSensorUpdatePoliciesV2 +Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the Sensor Update Policies to return | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('getSensorUpdatePoliciesV2', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### createSensorUpdatePoliciesV2 +Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('createSensorUpdatePoliciesV2', body=BODY) +print(response) +falcon.deauthenticate() +``` +### updateSensorUpdatePoliciesV2 +Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('updateSensorUpdatePoliciesV2', body=BODY) +print(response) +falcon.deauthenticate() +``` +### querySensorUpdatePolicyMembers +Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __id__ | query | _string_ | The ID of the Sensor Update Policy to search for members of | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string', + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('querySensorUpdatePolicyMembers', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### querySensorUpdatePolicies +Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-5000] | +| | __sort__ | query | _string_ | The property to sort by | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('querySensorUpdatePolicies', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/spotlight-vulnerabilities.md b/docs/service-class/spotlight-vulnerabilities.md new file mode 100644 index 00000000..6edb7750 --- /dev/null +++ b/docs/service-class/spotlight-vulnerabilities.md @@ -0,0 +1,122 @@ +# Using the Spotlight Vulnerabilities service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [getVulnerabilities](#getvulnerabilities) | Get details on vulnerabilities by providing one or more IDs | +| [queryVulnerabilities](#queryvulnerabilities) | Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria | +### getVulnerabilities +Get details on vulnerabilities by providing one or more IDs + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | One or more vulnerability IDs (max: 400). Find vulnerability IDs with GET /spotlight/queries/vulnerabilities/v1 | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import spotlight_vulnerabilities as FalconSV + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconSV.Sensor_Vulnerabilities(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.getVulnerabilities(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('getVulnerabilities', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### queryVulnerabilities +Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __after__ | query | _string_ | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results. | +| | __limit__ | query | _integer_ | The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results. | +| | __sort__ | query | _string_ | Sort vulnerabilities by their properties. Common sort options include:
  • created_timestamp|desc
  • closed_timestamp|asc
| +| :white_check_mark: | __filter__ | query | _string_ | Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common filter options include:
  • created_timestamp:>'2019-11-25T22:36:12Z'
  • closed_timestamp:>'2019-11-25T22:36:12Z'
  • aid:'8e7656b27d8c49a34a1af416424d6231'
| +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import spotlight_vulnerabilities as FalconSV + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconSV.Sensor_Vulnerabilities(access_token=token) + + PARAMS = { + 'after': 'string', + 'limit': integer, + 'sort': 'string', + 'filter': 'string' + } + + response = falcon.queryVulnerabilities(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'after': 'string', + 'limit': integer, + 'sort': 'string', + 'filter': 'string' +} + +response = falcon.command('queryVulnerabilities', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/service-class/user-management.md b/docs/service-class/user-management.md new file mode 100644 index 00000000..37f1610d --- /dev/null +++ b/docs/service-class/user-management.md @@ -0,0 +1,680 @@ +# Using the User Management service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-%E2%9C%93%20Yes-green.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [GetRoles](#getroles) | Get info about a role | +| [GrantUserRoleIds](#grantuserroleids) | Assign one or more roles to a user | +| [RevokeUserRoleIds](#revokeuserroleids) | Revoke one or more roles from a user | +| [GetAvailableRoleIds](#getavailableroleids) | Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to `/customer/entities/roles/v1`. | +| [GetUserRoleIds](#getuserroleids) | Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to `/customer/entities/roles/v1`. | +| [RetrieveUser](#retrieveuser) | Get info about a user | +| [CreateUser](#createuser) | Create a new user. After creating a user, assign one or more roles with POST /user-roles/entities/user-roles/v1 | +| [DeleteUser](#deleteuser) | Delete a user permanently | +| [UpdateUser](#updateuser) | Modify an existing user's first or last name | +| [RetrieveEmailsByCID](#retrieveemailsbycid) | List the usernames (usually an email address) for all users in your customer account | +| [RetrieveUserUUIDsByCID](#retrieveuseruuidsbycid) | List user IDs for all users in your customer account. For more information on each user, provide the user ID to `/users/entities/user/v1`. | +| [RetrieveUserUUID](#retrieveuseruuid) | Get a user's ID by providing a username (usually an email address) | +### GetRoles +Get info about a role + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | ID of a role. Find a role ID from `/customer/queries/roles/v1` or `/users/queries/roles/v1`. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import user_management as FalconUsers + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconUsers.User_Management(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.GetRoles(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetRoles', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### GrantUserRoleIds +Assign one or more roles to a user + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __user_uuid__ | query | _string_ | ID of a user. Find a user's ID from `/users/entities/user/v1`. | +| :white_check_mark: | __body__ | body | _string_ | Role ID(s) of the role you want to assign | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import user_management as FalconUsers + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconUsers.User_Management(access_token=token) + + PARAMS = { + 'user_uuid': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.GrantUserRoleIds(parameters=PARAMS, body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'user_uuid': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('GrantUserRoleIds', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### RevokeUserRoleIds +Revoke one or more roles from a user + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __user_uuid__ | query | _string_ | ID of a user. Find a user's ID from `/users/entities/user/v1`. | +| :white_check_mark: | __ids__ | query | array (_string_) | One or more role IDs to revoke. Find a role's ID from `/users/queries/roles/v1`. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import user_management as FalconUsers + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconUsers.User_Management(access_token=token) + + PARAMS = { + 'user_uuid': 'string' + } + + IDS = 'ID1,ID2,ID3' + + response = falcon.RevokeUserRoleIds(parameters=PARAMS, ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'user_uuid': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('RevokeUserRoleIds', parameters=PARAMS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### GetAvailableRoleIds +Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to `/customer/entities/roles/v1`. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +No parameters +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import user_management as FalconUsers + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconUsers.User_Management(access_token=token) + + response = falcon.GetAvailableRoleIds() + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +response = falcon.command('GetAvailableRoleIds') +print(response) +falcon.deauthenticate() +``` +### GetUserRoleIds +Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to `/customer/entities/roles/v1`. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __user_uuid__ | query | _string_ | ID of a user. Find a user's ID from `/users/entities/user/v1`. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import user_management as FalconUsers + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconUsers.User_Management(access_token=token) + + PARAMS = { + 'user_uuid': 'string' + } + + response = falcon.GetUserRoleIds(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'user_uuid': 'string' +} + +response = falcon.command('GetUserRoleIds', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### RetrieveUser +Get info about a user + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | ID of a user. Find a user's ID from `/users/entities/user/v1`. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import user_management as FalconUsers + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconUsers.User_Management(access_token=token) + + IDS = 'ID1,ID2,ID3' + + response = falcon.RetrieveUser(ids=IDS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('RetrieveUser', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### CreateUser +Create a new user. After creating a user, assign one or more roles with POST /user-roles/entities/user-roles/v1 + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Attributes for this user. `uid` (required) is the user's email address, which is their username in Falcon. Optional attributes:
  • `firstName`
  • `lastName`
  • `password`
As a best practice, we recommend omitting `password`. If single sign-on is enabled for your customer account, the `password` attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no `password`. The user should use the activation email to set their own password. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import user_management as FalconUsers + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconUsers.User_Management(access_token=token) + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.CreateUser(body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('CreateUser', body=BODY) +print(response) +falcon.deauthenticate() +``` +### DeleteUser +Delete a user permanently + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __user_uuid__ | query | _string_ | ID of a user. Find a user's ID from `/users/entities/user/v1`. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import user_management as FalconUsers + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconUsers.User_Management(access_token=token) + + PARAMS = { + 'user_uuid': 'string' + } + + response = falcon.DeleteUser(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'user_uuid': 'string' +} + +response = falcon.command('DeleteUser', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### UpdateUser +Modify an existing user's first or last name + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __user_uuid__ | query | _string_ | ID of a user. Find a user's ID from `/users/entities/user/v1`. | +| :white_check_mark: | __body__ | body | _string_ | Attributes for this user. All attributes (shown below) are optional. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import user_management as FalconUsers + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconUsers.User_Management(access_token=token) + + PARAMS = { + 'user_uuid': 'string' + } + + BODY = { + 'Body Payload': 'See body description above' + } + + response = falcon.UpdateUser(parameters=PARAMS, body=BODY) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'user_uuid': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('UpdateUser', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### RetrieveEmailsByCID +List the usernames (usually an email address) for all users in your customer account + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +No parameters +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import user_management as FalconUsers + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconUsers.User_Management(access_token=token) + + response = falcon.RetrieveEmailsByCID() + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +response = falcon.command('RetrieveEmailsByCID') +print(response) +falcon.deauthenticate() +``` +### RetrieveUserUUIDsByCID +List user IDs for all users in your customer account. For more information on each user, provide the user ID to `/users/entities/user/v1`. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +No parameters +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import user_management as FalconUsers + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconUsers.User_Management(access_token=token) + + response = falcon.RetrieveUserUUIDsByCID() + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +response = falcon.command('RetrieveUserUUIDsByCID') +print(response) +falcon.deauthenticate() +``` +### RetrieveUserUUID +Get a user's ID by providing a username (usually an email address) + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __uid__ | query | array (_string_) | A username. This is usually the user's email address, but may vary based on your configuration. | +#### Usage +##### Service class example +```python +from falconpy import oauth2 as FalconAuth +from falconpy import user_management as FalconUsers + +authorization = FalconAuth.OAuth2(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret +}) + +try: + token = authorization.token()['body']['access_token'] +except: + token = False + +if token: + falcon = FalconUsers.User_Management(access_token=token) + + PARAMS = { + 'uid': [ + 'string', + 'string' + ] + } + + response = falcon.RetrieveUserUUID(parameters=PARAMS) + print(response) + + authorization.revoke(token=token) +``` +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'uid': [ + 'string', + 'string' + ] +} + +response = falcon.command('RetrieveUserUUID', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/uber-class/cspm-registration.md b/docs/uber-class/cspm-registration.md new file mode 100644 index 00000000..60c21fb3 --- /dev/null +++ b/docs/uber-class/cspm-registration.md @@ -0,0 +1,478 @@ +# Using the CSPM Registration service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-X%20No-red.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [GetCSPMAwsAccount](#getcspmawsaccount) | Returns information about the current status of an AWS account. | +| [CreateCSPMAwsAccount](#createcspmawsaccount) | Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access. | +| [DeleteCSPMAwsAccount](#deletecspmawsaccount) | Deletes an existing AWS account or organization in our system. | +| [GetCSPMAwsConsoleSetupURLs](#getcspmawsconsolesetupurls) | Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment. | +| [GetCSPMAwsAccountScriptsAttachment](#getcspmawsaccountscriptsattachment) | Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment. | +| [GetCSPMAzureAccount](#getcspmazureaccount) | Return information about Azure account registration | +| [CreateCSPMAzureAccount](#createcspmazureaccount) | Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. | +| [DeleteCSPMAzureAccount](#deletecspmazureaccount) | Deletes an Azure subscription from the system. | +| [UpdateCSPMAzureAccountClientID](#updatecspmazureaccountclientid) | Update an Azure service account in our system by with the user-created client_id created with the public key we've provided | +| [GetCSPMAzureUserScriptsAttachment](#getcspmazureuserscriptsattachment) | Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment | +| [GetCSPMPolicy](#getcspmpolicy) | Given a policy ID, returns detailed policy information. | +| [GetCSPMPolicySettings](#getcspmpolicysettings) | Returns information about current policy settings. | +| [UpdateCSPMPolicySettings](#updatecspmpolicysettings) | Updates a policy setting - can be used to override policy severity or to disable a policy entirely. | +| [GetCSPMScanSchedule](#getcspmscanschedule) | Returns scan schedule configuration for one or more cloud platforms. | +| [UpdateCSPMScanSchedule](#updatecspmscanschedule) | Updates scan schedule configuration for one or more cloud platforms. | +### GetCSPMAwsAccount +Returns information about the current status of an AWS account. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __scan-type__ | query | _string_ | Type of scan, dry or full, to perform on selected accounts | +| | __ids__ | query | array (_string_) | AWS account IDs | +| | __organization-ids__ | query | array (_string_) | AWS organization IDs | +| | __status__ | query | _string_ | Account status to filter results by. | +| | __limit__ | query | _integer_ | The maximum records to return. Defaults to 100. | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'scan-type': 'string', + 'organization-ids': [ + 'string', + 'string' + ], + 'status': 'string', + 'limit': integer, + 'offset': integer +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetCSPMAwsAccount', parameters=PARAMS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### CreateCSPMAwsAccount +Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('CreateCSPMAwsAccount', body=BODY) +print(response) +falcon.deauthenticate() +``` +### DeleteCSPMAwsAccount +Deletes an existing AWS account or organization in our system. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __ids__ | query | array (_string_) | AWS account IDs to remove | +| | __organization-ids__ | query | array (_string_) | AWS organization IDs to remove | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'organization-ids': [ + 'string', + 'string' + ] +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('DeleteCSPMAwsAccount', parameters=PARAMS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### GetCSPMAwsConsoleSetupURLs +Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +No parameters +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +response = falcon.command('GetCSPMAwsConsoleSetupURLs') +print(response) +falcon.deauthenticate() +``` +### GetCSPMAwsAccountScriptsAttachment +Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +No parameters +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +response = falcon.command('GetCSPMAwsAccountScriptsAttachment') +print(response) +falcon.deauthenticate() +``` +### GetCSPMAzureAccount +Return information about Azure account registration + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __ids__ | query | array (_string_) | SubscriptionIDs of accounts to select for this status operation. If this is empty then all accounts are returned. | +| | __scan-type__ | query | _string_ | Type of scan, dry or full, to perform on selected accounts | +| | __status__ | query | _string_ | Account status to filter results by. | +| | __limit__ | query | _integer_ | The maximum records to return. Defaults to 100. | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'scan-type': 'string', + 'status': 'string', + 'limit': integer, + 'offset': integer +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetCSPMAzureAccount', parameters=PARAMS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### CreateCSPMAzureAccount +Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('CreateCSPMAzureAccount', body=BODY) +print(response) +falcon.deauthenticate() +``` +### DeleteCSPMAzureAccount +Deletes an Azure subscription from the system. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | Azure subscription IDs to remove | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('DeleteCSPMAzureAccount', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### UpdateCSPMAzureAccountClientID +Update an Azure service account in our system by with the user-created client_id created with the public key we've provided + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __id__ | query | _string_ | ClientID to use for the Service Principal associated with the customer's Azure account | +| | __tenant-id__ | query | _string_ | Tenant ID to update client ID for. Required if multiple tenants are registered. | +| :white_check_mark: | __body__ | body | _string_ | This is a placeholder only. Please ignore this field. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string', + 'tenant-id': 'string' +} + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('UpdateCSPMAzureAccountClientID', parameters=PARAMS, body=BODY) +print(response) +falcon.deauthenticate() +``` +### GetCSPMAzureUserScriptsAttachment +Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __tenant-id__ | query | _string_ | Tenant ID to generate script for. Defaults to most recently registered tenant. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'tenant-id': 'string' +} + +response = falcon.command('GetCSPMAzureUserScriptsAttachment', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### GetCSPMPolicy +Given a policy ID, returns detailed policy information. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | _string_ | Policy ID | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetCSPMPolicy', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### GetCSPMPolicySettings +Returns information about current policy settings. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __service__ | query | _string_ | Service type to filter policy settings by. | +| | __policy-id__ | query | _string_ | Policy ID | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'service': 'string', + 'policy-id': 'string' +} + +response = falcon.command('GetCSPMPolicySettings', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### UpdateCSPMPolicySettings +Updates a policy setting - can be used to override policy severity or to disable a policy entirely. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('UpdateCSPMPolicySettings', body=BODY) +print(response) +falcon.deauthenticate() +``` +### GetCSPMScanSchedule +Returns scan schedule configuration for one or more cloud platforms. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __cloud-platform__ | query | array (_string_) | Cloud Platform | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'cloud-platform': [ + 'string', + 'string' + ] +} + +response = falcon.command('GetCSPMScanSchedule', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### UpdateCSPMScanSchedule +Updates scan schedule configuration for one or more cloud platforms. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('UpdateCSPMScanSchedule', body=BODY) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/uber-class/custom-ioa.md b/docs/uber-class/custom-ioa.md new file mode 100644 index 00000000..60793bea --- /dev/null +++ b/docs/uber-class/custom-ioa.md @@ -0,0 +1,620 @@ +# Using the Custom IOA service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-X%20No-red.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [get_patterns](#get-patterns) | Get pattern severities by ID. | +| [get_platformsMixin0](#get-platformsmixin0) | Get platforms by ID. | +| [get_rule_groupsMixin0](#get-rule-groupsmixin0) | Get rule groups by ID. | +| [create_rule_groupMixin0](#create-rule-groupmixin0) | Create a rule group for a platform with a name and an optional description. Returns the rule group. | +| [delete_rule_groupsMixin0](#delete-rule-groupsmixin0) | Delete rule groups by ID. | +| [update_rule_groupMixin0](#update-rule-groupmixin0) | Update a rule group. The following properties can be modified: name, description, enabled. | +| [get_rule_types](#get-rule-types) | Get rule types by ID. | +| [get_rules_get](#get-rules-get) | Get rules by ID and optionally version in the following format: `ID[:version]`. | +| [get_rulesMixin0](#get-rulesmixin0) | Get rules by ID and optionally version in the following format: `ID[:version]`. The max number of IDs is constrained by URL size. | +| [create_rule](#create-rule) | Create a rule within a rule group. Returns the rule. | +| [delete_rules](#delete-rules) | Delete rules from a rule group by ID. | +| [update_rules](#update-rules) | Update rules within a rule group. Return the updated rules. | +| [validate](#validate) | Validates field values and checks for matches if a test string is provided. | +| [query_patterns](#query-patterns) | Get all pattern severity IDs. | +| [query_platformsMixin0](#query-platformsmixin0) | Get all platform IDs. | +| [query_rule_groups_full](#query-rule-groups-full) | Find all rule groups matching the query with optional filter. | +| [query_rule_groupsMixin0](#query-rule-groupsmixin0) | Finds all rule group IDs matching the query with optional filter. | +| [query_rule_types](#query-rule-types) | Get all rule type IDs. | +| [query_rulesMixin0](#query-rulesmixin0) | Finds all rule IDs matching the query with optional filter. | +### get_patterns +Get pattern severities by ID. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the entities | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('get-patterns', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### get_platformsMixin0 +Get platforms by ID. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the entities | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('get-platformsMixin0', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### get_rule_groupsMixin0 +Get rule groups by ID. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the entities | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('get-rule-groupsMixin0', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### create_rule_groupMixin0 +Create a rule group for a platform with a name and an optional description. Returns the rule group. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __X-CS-USERNAME__ | header | _string_ | The user ID | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +HEADERS = { + 'X-CS-USERNAME': 'string' +} + +response = falcon.command('create-rule-groupMixin0', body=BODY, headers=HEADERS) +print(response) +falcon.deauthenticate() +``` +### delete_rule_groupsMixin0 +Delete rule groups by ID. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __X-CS-USERNAME__ | header | _string_ | The user ID | +| | __comment__ | query | _string_ | Explains why the entity is being deleted | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the entities | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'comment': 'string' +} + +HEADERS = { + 'X-CS-USERNAME': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('delete-rule-groupsMixin0', parameters=PARAMS, headers=HEADERS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### update_rule_groupMixin0 +Update a rule group. The following properties can be modified: name, description, enabled. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __X-CS-USERNAME__ | header | _string_ | The user ID | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +HEADERS = { + 'X-CS-USERNAME': 'string' +} + +response = falcon.command('update-rule-groupMixin0', body=BODY, headers=HEADERS) +print(response) +falcon.deauthenticate() +``` +### get_rule_types +Get rule types by ID. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the entities | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('get-rule-types', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### get_rules_get +Get rules by ID and optionally version in the following format: `ID[:version]`. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | The "ids" field contains a list of the rules to retrieve. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('get-rules-get', body=BODY) +print(response) +falcon.deauthenticate() +``` +### get_rulesMixin0 +Get rules by ID and optionally version in the following format: `ID[:version]`. The max number of IDs is constrained by URL size. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the entities | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('get-rulesMixin0', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### create_rule +Create a rule within a rule group. Returns the rule. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __X-CS-USERNAME__ | header | _string_ | The user ID | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +HEADERS = { + 'X-CS-USERNAME': 'string' +} + +response = falcon.command('create-rule', body=BODY, headers=HEADERS) +print(response) +falcon.deauthenticate() +``` +### delete_rules +Delete rules from a rule group by ID. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __X-CS-USERNAME__ | header | _string_ | The user ID | +| :white_check_mark: | __rule_group_id__ | query | _string_ | The parent rule group | +| | __comment__ | query | _string_ | Explains why the entity is being deleted | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the entities | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'rule_group_id': 'string', + 'comment': 'string' +} + +HEADERS = { + 'X-CS-USERNAME': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('delete-rules', parameters=PARAMS, headers=HEADERS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### update_rules +Update rules within a rule group. Return the updated rules. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __X-CS-USERNAME__ | header | _string_ | The user ID | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +HEADERS = { + 'X-CS-USERNAME': 'string' +} + +response = falcon.command('update-rules', body=BODY, headers=HEADERS) +print(response) +falcon.deauthenticate() +``` +### validate +Validates field values and checks for matches if a test string is provided. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('validate', body=BODY) +print(response) +falcon.deauthenticate() +``` +### query_patterns +Get all pattern severity IDs. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return IDs | +| | __limit__ | query | _integer_ | Number of IDs to return | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': 'string', + 'limit': integer +} + +response = falcon.command('query-patterns', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### query_platformsMixin0 +Get all platform IDs. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return IDs | +| | __limit__ | query | _integer_ | Number of IDs to return | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': 'string', + 'limit': integer +} + +response = falcon.command('query-platformsMixin0', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### query_rule_groups_full +Find all rule groups matching the query with optional filter. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __sort__ | query | _string_ | Possible order by fields: {created_by, created_on, modified_by, modified_on, enabled, name, description} | +| | __filter__ | query | _string_ | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | +| | __q__ | query | _string_ | Match query criteria, which includes all the filter string fields | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return IDs | +| | __limit__ | query | _integer_ | Number of IDs to return | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'offset': 'string', + 'limit': integer +} + +response = falcon.command('query-rule-groups-full', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### query_rule_groupsMixin0 +Finds all rule group IDs matching the query with optional filter. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __sort__ | query | _string_ | Possible order by fields: {created_by, created_on, modified_by, modified_on, enabled, name, description} | +| | __filter__ | query | _string_ | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | +| | __q__ | query | _string_ | Match query criteria, which includes all the filter string fields | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return IDs | +| | __limit__ | query | _integer_ | Number of IDs to return | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'offset': 'string', + 'limit': integer +} + +response = falcon.command('query-rule-groupsMixin0', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### query_rule_types +Get all rule type IDs. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return IDs | +| | __limit__ | query | _integer_ | Number of IDs to return | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': 'string', + 'limit': integer +} + +response = falcon.command('query-rule-types', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### query_rulesMixin0 +Finds all rule IDs matching the query with optional filter. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __sort__ | query | _string_ | Possible order by fields: {rules.ruletype_name, rules.enabled, rules.created_by, rules.current_version.name, rules.current_version.modified_by, rules.created_on, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on} | +| | __filter__ | query | _string_ | FQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | +| | __q__ | query | _string_ | Match query criteria, which includes all the filter string fields | +| | __offset__ | query | _string_ | Starting index of overall result set from which to return IDs | +| | __limit__ | query | _integer_ | Number of IDs to return | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'sort': 'string', + 'filter': 'string', + 'q': 'string', + 'offset': 'string', + 'limit': integer +} + +response = falcon.command('query-rulesMixin0', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/uber-class/d4c-registration.md b/docs/uber-class/d4c-registration.md new file mode 100644 index 00000000..2fa7e73e --- /dev/null +++ b/docs/uber-class/d4c-registration.md @@ -0,0 +1,255 @@ +# Using the D4C Registration service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-X%20No-red.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [GetCSPMAzureAccount](#getcspmazureaccount) | Return information about Azure account registration | +| [CreateCSPMAzureAccount](#createcspmazureaccount) | Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. | +| [UpdateCSPMAzureAccountClientID](#updatecspmazureaccountclientid) | Update an Azure service account in our system by with the user-created client_id created with the public key we've provided | +| [GetCSPMAzureUserScriptsAttachment](#getcspmazureuserscriptsattachment) | Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment | +| [GetCSPMAzureUserScripts](#getcspmazureuserscripts) | Return a script for customer to run in their cloud environment to grant us access to their Azure environment | +| [GetCSPMCGPAccount](#getcspmcgpaccount) | Returns information about the current status of an GCP account. | +| [CreateCSPMGCPAccount](#createcspmgcpaccount) | Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access. | +| [GetCSPMGCPUserScriptsAttachment](#getcspmgcpuserscriptsattachment) | Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment | +| [GetCSPMGCPUserScripts](#getcspmgcpuserscripts) | Return a script for customer to run in their cloud environment to grant us access to their GCP environment | +### GetCSPMAzureAccount +Return information about Azure account registration + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __ids__ | query | array (_string_) | SubscriptionIDs of accounts to select for this status operation. If this is empty then all accounts are returned. | +| | __scan-type__ | query | _string_ | Type of scan, dry or full, to perform on selected accounts | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'scan-type': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetCSPMAzureAccount', parameters=PARAMS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### CreateCSPMAzureAccount +Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('CreateCSPMAzureAccount', body=BODY) +print(response) +falcon.deauthenticate() +``` +### UpdateCSPMAzureAccountClientID +Update an Azure service account in our system by with the user-created client_id created with the public key we've provided + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __id__ | query | _string_ | ClientID to use for the Service Principal associated with the customer's Azure account | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string' +} + +response = falcon.command('UpdateCSPMAzureAccountClientID', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### GetCSPMAzureUserScriptsAttachment +Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment + +#### Content-Type +- Produces: _application/json_ +#### Parameters +No parameters +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +response = falcon.command('GetCSPMAzureUserScriptsAttachment') +print(response) +falcon.deauthenticate() +``` +### GetCSPMAzureUserScripts +Return a script for customer to run in their cloud environment to grant us access to their Azure environment + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +No parameters +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +response = falcon.command('GetCSPMAzureUserScripts') +print(response) +falcon.deauthenticate() +``` +### GetCSPMCGPAccount +Returns information about the current status of an GCP account. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __scan-type__ | query | _string_ | Type of scan, dry or full, to perform on selected accounts | +| | __ids__ | query | array (_string_) | Parent IDs of accounts | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'scan-type': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetCSPMCGPAccount', parameters=PARAMS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### CreateCSPMGCPAccount +Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('CreateCSPMGCPAccount', body=BODY) +print(response) +falcon.deauthenticate() +``` +### GetCSPMGCPUserScriptsAttachment +Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment + +#### Content-Type +- Produces: _application/json_ +#### Parameters +No parameters +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +response = falcon.command('GetCSPMGCPUserScriptsAttachment') +print(response) +falcon.deauthenticate() +``` +### GetCSPMGCPUserScripts +Return a script for customer to run in their cloud environment to grant us access to their GCP environment + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +No parameters +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +response = falcon.command('GetCSPMGCPUserScripts') +print(response) +falcon.deauthenticate() +``` diff --git a/docs/uber-class/installation-tokens.md b/docs/uber-class/installation-tokens.md new file mode 100644 index 00000000..03330b9f --- /dev/null +++ b/docs/uber-class/installation-tokens.md @@ -0,0 +1,247 @@ +# Using the Installation Tokens service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-X%20No-red.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [audit_events_read](#audit-events-read) | Gets the details of one or more audit events by id. | +| [customer_settings_read](#customer-settings-read) | Check current installation token settings. | +| [tokens_read](#tokens-read) | Gets the details of one or more tokens by id. | +| [tokens_create](#tokens-create) | Creates a token. | +| [tokens_delete](#tokens-delete) | Deletes a token immediately. To revoke a token, use PATCH /installation-tokens/entities/tokens/v1 instead. | +| [tokens_update](#tokens-update) | Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore. | +| [audit_events_query](#audit-events-query) | Search for audit events by providing an FQL filter and paging details. | +| [tokens_query](#tokens-query) | Search for tokens by providing an FQL filter and paging details. | +### audit_events_read +Gets the details of one or more audit events by id. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __ids__ | query | array (_string_) | IDs of audit events to retrieve details for | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('audit-events-read', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### customer_settings_read +Check current installation token settings. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +No parameters +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +response = falcon.command('customer-settings-read') +print(response) +falcon.deauthenticate() +``` +### tokens_read +Gets the details of one or more tokens by id. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __ids__ | query | array (_string_) | IDs of tokens to retrieve details for | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('tokens-read', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### tokens_create +Creates a token. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('tokens-create', body=BODY) +print(response) +falcon.deauthenticate() +``` +### tokens_delete +Deletes a token immediately. To revoke a token, use PATCH /installation-tokens/entities/tokens/v1 instead. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The token ids to delete. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('tokens-delete', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### tokens_update +Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The token ids to update. | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('tokens-update', body=BODY, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### audit_events_query +Search for audit events by providing an FQL filter and paging details. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | The offset to start retrieving records from. | +| | __limit__ | query | _integer_ | The maximum records to return. [1-1000]. Defaults to 50. | +| | __sort__ | query | _string_ | The property to sort by (e.g. timestamp.desc). | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results (e.g., `action:'token_create'`). | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string' +} + +response = falcon.command('audit-events-query', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### tokens_query +Search for tokens by providing an FQL filter and paging details. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | The offset to start retrieving records from. | +| | __limit__ | query | _integer_ | The maximum records to return. [1-1000]. Defaults to 50. | +| | __sort__ | query | _string_ | The property to sort by (e.g. created_timestamp.desc). | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results (e.g., `status:'valid'`). | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string' +} + +response = falcon.command('tokens-query', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/uber-class/ioa-exclusions.md b/docs/uber-class/ioa-exclusions.md new file mode 100644 index 00000000..6d45ec4d --- /dev/null +++ b/docs/uber-class/ioa-exclusions.md @@ -0,0 +1,157 @@ +# Using the IOA Exclusions service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-X%20No-red.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [getIOAExclusionsV1](#getioaexclusionsv1) | Get a set of IOA Exclusions by specifying their IDs | +| [createIOAExclusionsV1](#createioaexclusionsv1) | Create the IOA exclusions | +| [deleteIOAExclusionsV1](#deleteioaexclusionsv1) | Delete the IOA exclusions by id | +| [updateIOAExclusionsV1](#updateioaexclusionsv1) | Update the IOA exclusions | +| [queryIOAExclusionsV1](#queryioaexclusionsv1) | Search for IOA exclusions. | +### getIOAExclusionsV1 +Get a set of IOA Exclusions by specifying their IDs + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The ids of the exclusions to retrieve | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('getIOAExclusionsV1', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### createIOAExclusionsV1 +Create the IOA exclusions + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('createIOAExclusionsV1', body=BODY) +print(response) +falcon.deauthenticate() +``` +### deleteIOAExclusionsV1 +Delete the IOA exclusions by id + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The ids of the exclusions to delete | +| | __comment__ | query | _string_ | Explains why this exclusions was deleted | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'comment': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('deleteIOAExclusionsV1', parameters=PARAMS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### updateIOAExclusionsV1 +Update the IOA exclusions + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('updateIOAExclusionsV1', body=BODY) +print(response) +falcon.deauthenticate() +``` +### queryIOAExclusionsV1 +Search for IOA exclusions. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results. | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-500] | +| | __sort__ | query | _string_ | The sort expression that should be used to sort the results. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryIOAExclusionsV1', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/uber-class/malquery.md b/docs/uber-class/malquery.md new file mode 100644 index 00000000..4fba84d7 --- /dev/null +++ b/docs/uber-class/malquery.md @@ -0,0 +1,256 @@ +# Using the Malquery service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-X%20No-red.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [GetMalQueryQuotasV1](#getmalqueryquotasv1) | Get information about search and download quotas in your environment | +| [PostMalQueryFuzzySearchV1](#postmalqueryfuzzysearchv1) | Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. | +| [GetMalQueryDownloadV1](#getmalquerydownloadv1) | Download a file indexed by MalQuery. Specify the file using its SHA256. Only one file is supported at this time | +| [GetMalQueryMetadataV1](#getmalquerymetadatav1) | Retrieve indexed files metadata by their hash | +| [GetMalQueryRequestV1](#getmalqueryrequestv1) | Check the status and results of an asynchronous request, such as hunt or exact-search. Supports a single request id at this time. | +| [GetMalQueryEntitiesSamplesFetchV1](#getmalqueryentitiessamplesfetchv1) | Fetch a zip archive with password 'infected' containing the samples. Call this once the /entities/samples-multidownload request has finished processing | +| [PostMalQueryEntitiesSamplesMultidownloadV1](#postmalqueryentitiessamplesmultidownloadv1) | Schedule samples for download. Use the result id with the /request endpoint to check if the download is ready after which you can call the /entities/samples-fetch to get the zip | +| [PostMalQueryExactSearchV1](#postmalqueryexactsearchv1) | Search Falcon MalQuery for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. You can filter results on criteria such as file type, file size and first seen date. Returns a request id which can be used with the /request endpoint | +| [PostMalQueryHuntV1](#postmalqueryhuntv1) | Schedule a YARA-based search for execution. Returns a request id which can be used with the /request endpoint | +### GetMalQueryQuotasV1 +Get information about search and download quotas in your environment + +#### Content-Type +- Produces: _application/json_ +#### Parameters +No parameters +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +response = falcon.command('GetMalQueryQuotasV1') +print(response) +falcon.deauthenticate() +``` +### PostMalQueryFuzzySearchV1 +Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Fuzzy search parameters. See model for more details. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('PostMalQueryFuzzySearchV1', body=BODY) +print(response) +falcon.deauthenticate() +``` +### GetMalQueryDownloadV1 +Download a file indexed by MalQuery. Specify the file using its SHA256. Only one file is supported at this time + +#### Content-Type +- Produces: _application/octet-stream_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The file SHA256. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetMalQueryDownloadV1', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### GetMalQueryMetadataV1 +Retrieve indexed files metadata by their hash + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The file SHA256. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetMalQueryMetadataV1', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### GetMalQueryRequestV1 +Check the status and results of an asynchronous request, such as hunt or exact-search. Supports a single request id at this time. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | Identifier of a MalQuery request | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetMalQueryRequestV1', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### GetMalQueryEntitiesSamplesFetchV1 +Fetch a zip archive with password 'infected' containing the samples. Call this once the /entities/samples-multidownload request has finished processing + +#### Content-Type +- Produces: _application/zip_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | _string_ | Multidownload job id | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetMalQueryEntitiesSamplesFetchV1', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### PostMalQueryEntitiesSamplesMultidownloadV1 +Schedule samples for download. Use the result id with the /request endpoint to check if the download is ready after which you can call the /entities/samples-fetch to get the zip + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Download request. See model for more details. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('PostMalQueryEntitiesSamplesMultidownloadV1', body=BODY) +print(response) +falcon.deauthenticate() +``` +### PostMalQueryExactSearchV1 +Search Falcon MalQuery for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. You can filter results on criteria such as file type, file size and first seen date. Returns a request id which can be used with the /request endpoint + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Exact search parameters. See model for more details. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('PostMalQueryExactSearchV1', body=BODY) +print(response) +falcon.deauthenticate() +``` +### PostMalQueryHuntV1 +Schedule a YARA-based search for execution. Returns a request id which can be used with the /request endpoint + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Hunt parameters. See model for more details. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('PostMalQueryHuntV1', body=BODY) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/uber-class/ml-exclusions.md b/docs/uber-class/ml-exclusions.md new file mode 100644 index 00000000..ea829116 --- /dev/null +++ b/docs/uber-class/ml-exclusions.md @@ -0,0 +1,157 @@ +# Using the ML Exclusions service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-X%20No-red.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [getMLExclusionsV1](#getmlexclusionsv1) | Get a set of ML Exclusions by specifying their IDs | +| [createMLExclusionsV1](#createmlexclusionsv1) | Create the ML exclusions | +| [deleteMLExclusionsV1](#deletemlexclusionsv1) | Delete the ML exclusions by id | +| [updateMLExclusionsV1](#updatemlexclusionsv1) | Update the ML exclusions | +| [queryMLExclusionsV1](#querymlexclusionsv1) | Search for ML exclusions. | +### getMLExclusionsV1 +Get a set of ML Exclusions by specifying their IDs + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The ids of the exclusions to retrieve | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('getMLExclusionsV1', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### createMLExclusionsV1 +Create the ML exclusions + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('createMLExclusionsV1', body=BODY) +print(response) +falcon.deauthenticate() +``` +### deleteMLExclusionsV1 +Delete the ML exclusions by id + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The ids of the exclusions to delete | +| | __comment__ | query | _string_ | Explains why this exclusions was deleted | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'comment': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('deleteMLExclusionsV1', parameters=PARAMS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### updateMLExclusionsV1 +Update the ML exclusions + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('updateMLExclusionsV1', body=BODY) +print(response) +falcon.deauthenticate() +``` +### queryMLExclusionsV1 +Search for ML exclusions. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results. | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-500] | +| | __sort__ | query | _string_ | The sort expression that should be used to sort the results. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('queryMLExclusionsV1', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/uber-class/quick-scan.md b/docs/uber-class/quick-scan.md new file mode 100644 index 00000000..5dc5ae13 --- /dev/null +++ b/docs/uber-class/quick-scan.md @@ -0,0 +1,126 @@ +# Using the Quick Scan service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-X%20No-red.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [GetScansAggregates](#getscansaggregates) | Get scans aggregations as specified via json in request body. | +| [GetScans](#getscans) | Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute | +| [ScanSamples](#scansamples) | Submit a volume of files for ml scanning. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute | +| [QuerySubmissionsMixin0](#querysubmissionsmixin0) | Find IDs for submitted scans by providing an FQL filter and paging details. Returns a set of volume IDs that match your criteria. | +### GetScansAggregates +Get scans aggregations as specified via json in request body. + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('GetScansAggregates', body=BODY) +print(response) +falcon.deauthenticate() +``` +### GetScans +Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | ID of a submitted scan | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetScans', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### ScanSamples +Submit a volume of files for ml scanning. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ | Submit a batch of SHA256s for ml scanning. The samples must have been previously uploaded through `/samples/entities/samples/v3` | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('ScanSamples', body=BODY) +print(response) +falcon.deauthenticate() +``` +### QuerySubmissionsMixin0 +Find IDs for submitted scans by providing an FQL filter and paging details. Returns a set of volume IDs that match your criteria. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). | +| | __offset__ | query | _string_ | The offset to start retrieving submissions from. | +| | __limit__ | query | _integer_ | Maximum number of volume IDs to return. Max: 5000. | +| | __sort__ | query | _string_ | Sort order: `asc` or `desc`. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': 'string', + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('QuerySubmissionsMixin0', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/uber-class/sample-uploads.md b/docs/uber-class/sample-uploads.md new file mode 100644 index 00000000..627eca68 --- /dev/null +++ b/docs/uber-class/sample-uploads.md @@ -0,0 +1,122 @@ +# Using the Sample Uploads service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-X%20No-red.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [GetSampleV3](#getsamplev3) | Retrieves the file associated with the given ID (SHA256) | +| [UploadSampleV3](#uploadsamplev3) | Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint. | +| [DeleteSampleV3](#deletesamplev3) | Removes a sample, including file, meta and submissions from the collection | +### GetSampleV3 +Retrieves the file associated with the given ID (SHA256) + +#### Content-Type +- Produces: _application/octet-stream_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __X-CS-USERUUID__ | header | _string_ | User UUID | +| :white_check_mark: | __ids__ | query | _string_ | The file SHA256. | +| | __password_protected__ | query | _string_ | Flag whether the sample should be zipped and password protected with pass='infected' | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'password_protected': 'string' +} + +HEADERS = { + 'X-CS-USERUUID': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetSampleV3', parameters=PARAMS, headers=HEADERS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### UploadSampleV3 +Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint. + +#### Content-Type +- Consumes: _application/octet-stream_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __X-CS-USERUUID__ | header | _string_ | User UUID | +| :white_check_mark: | __body__ | body | _string_ | Content of the uploaded sample in binary format. For example, use `--data-binary @$FILE_PATH` when using cURL. Max file size: 100 MB. Accepted file formats: - Portable executables: `.exe`, `.scr`, `.pif`, `.dll`, `.com`, `.cpl`, etc. - Office documents: `.doc`, `.docx`, `.ppt`, `.pps`, `.pptx`, `.ppsx`, `.xls`, `.xlsx`, `.rtf`, `.pub` - PDF - APK - Executable JAR - Windows script component: `.sct` - Windows shortcut: `.lnk` - Windows help: `.chm` - HTML application: `.hta` - Windows script file: `.wsf` - Javascript: `.js` - Visual Basic: `.vbs`, `.vbe` - Shockwave Flash: `.swf` - Perl: `.pl` - Powershell: `.ps1`, `.psd1`, `.psm1` - Scalable vector graphics: `.svg` - Python: `.py` - Linux ELF executables - Email files: MIME RFC 822 `.eml`, Outlook `.msg`. | +| :white_check_mark: | __upfile__ | formData | _file_ | The binary file. | +| :white_check_mark: | __file_name__ | query | _string_ | Name of the file. | +| | __comment__ | query | _string_ | A descriptive comment to identify the file for other users. | +| | __is_confidential__ | query | _boolean_ | Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console. - `true`: File is only shown to users within your customer account - `false`: File can be seen by other CrowdStrike customers Default: `true`. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'file_name': 'string', + 'comment': 'string', + 'is_confidential': boolean +} + +BODY = { + 'Body Payload': 'See body description above' +} + +FILENAME = 'testfile.jpg' +PAYLOAD = open(FILENAME, 'rb').read() + +HEADERS = { + 'X-CS-USERUUID': 'string' +} + +response = falcon.command('UploadSampleV3', parameters=PARAMS, body=BODY, data=PAYLOAD, file_name=FILENAME, content_type='application/octet-stream', headers=HEADERS) +print(response) +falcon.deauthenticate() +``` +### DeleteSampleV3 +Removes a sample, including file, meta and submissions from the collection + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __X-CS-USERUUID__ | header | _string_ | User UUID | +| :white_check_mark: | __ids__ | query | _string_ | The file SHA256. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +HEADERS = { + 'X-CS-USERUUID': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('DeleteSampleV3', headers=HEADERS, ids=IDS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/uber-class/sensor-download.md b/docs/uber-class/sensor-download.md new file mode 100644 index 00000000..eddcb489 --- /dev/null +++ b/docs/uber-class/sensor-download.md @@ -0,0 +1,159 @@ +# Using the Sensor Download service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-X%20No-red.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [GetCombinedSensorInstallersByQuery](#getcombinedsensorinstallersbyquery) | Get sensor installer details by provided query | +| [DownloadSensorInstallerById](#downloadsensorinstallerbyid) | Download sensor installer by SHA256 ID | +| [GetSensorInstallersEntities](#getsensorinstallersentities) | Get sensor installer details by provided SHA256 IDs | +| [GetSensorInstallersCCIDByQuery](#getsensorinstallersccidbyquery) | Get CCID to use with sensor installers | +| [GetSensorInstallersByQuery](#getsensorinstallersbyquery) | Get sensor installer IDs by provided query | +### GetCombinedSensorInstallersByQuery +Get sensor installer details by provided query + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results. | +| | __limit__ | query | _integer_ | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. | +| | __sort__ | query | _string_ | Sort items using their properties. Common sort options include:
  • version|asc
  • release_date|desc
| +| | __filter__ | query | _string_ | Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include:
  • platform:"windows"
  • version:>"5.2"
| +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string' +} + +response = falcon.command('GetCombinedSensorInstallersByQuery', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### DownloadSensorInstallerById +Download sensor installer by SHA256 ID + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __id__ | query | _string_ | SHA256 of the installer to download | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'id': 'string' +} + +response = falcon.command('DownloadSensorInstallerById', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` +### GetSensorInstallersEntities +Get sensor installer details by provided SHA256 IDs + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The IDs of the installers | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('GetSensorInstallersEntities', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### GetSensorInstallersCCIDByQuery +Get CCID to use with sensor installers + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +No parameters +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +response = falcon.command('GetSensorInstallersCCIDByQuery') +print(response) +falcon.deauthenticate() +``` +### GetSensorInstallersByQuery +Get sensor installer IDs by provided query + +#### Content-Type +- Consumes: _application/json_ +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __offset__ | query | _integer_ | The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results. | +| | __limit__ | query | _integer_ | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. | +| | __sort__ | query | _string_ | Sort items using their properties. Common sort options include:
  • version|asc
  • release_date|desc
| +| | __filter__ | query | _string_ | Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include:
  • platform:"windows"
  • version:>"5.2"
| +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'offset': integer, + 'limit': integer, + 'sort': 'string', + 'filter': 'string' +} + +response = falcon.command('GetSensorInstallersByQuery', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/docs/uber-class/sensor-visibility-exclusions.md b/docs/uber-class/sensor-visibility-exclusions.md new file mode 100644 index 00000000..488e8f94 --- /dev/null +++ b/docs/uber-class/sensor-visibility-exclusions.md @@ -0,0 +1,157 @@ +# Using the Sensor Visibility Exclusions service collection +![Uber class support](https://img.shields.io/badge/Uber%20class%20support-%E2%9C%93%20Yes-green.svg) ![Uber class support](https://img.shields.io/badge/Service%20class%20support-X%20No-red.svg) +## Table of Contents +| API Function | Description | +| :--- | :--- | +| [getSensorVisibilityExclusionsV1](#getsensorvisibilityexclusionsv1) | Get a set of Sensor Visibility Exclusions by specifying their IDs | +| [createSVExclusionsV1](#createsvexclusionsv1) | Create the sensor visibility exclusions | +| [deleteSensorVisibilityExclusionsV1](#deletesensorvisibilityexclusionsv1) | Delete the sensor visibility exclusions by id | +| [updateSensorVisibilityExclusionsV1](#updatesensorvisibilityexclusionsv1) | Update the sensor visibility exclusions | +| [querySensorVisibilityExclusionsV1](#querysensorvisibilityexclusionsv1) | Search for sensor visibility exclusions. | +### getSensorVisibilityExclusionsV1 +Get a set of Sensor Visibility Exclusions by specifying their IDs + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The ids of the exclusions to retrieve | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('getSensorVisibilityExclusionsV1', ids=IDS) +print(response) +falcon.deauthenticate() +``` +### createSVExclusionsV1 +Create the sensor visibility exclusions + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('createSVExclusionsV1', body=BODY) +print(response) +falcon.deauthenticate() +``` +### deleteSensorVisibilityExclusionsV1 +Delete the sensor visibility exclusions by id + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __ids__ | query | array (_string_) | The ids of the exclusions to delete | +| | __comment__ | query | _string_ | Explains why this exclusions was deleted | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'comment': 'string' +} + +IDS = 'ID1,ID2,ID3' + +response = falcon.command('deleteSensorVisibilityExclusionsV1', parameters=PARAMS, ids=IDS) +print(response) +falcon.deauthenticate() +``` +### updateSensorVisibilityExclusionsV1 +Update the sensor visibility exclusions + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| :white_check_mark: | __body__ | body | _string_ +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +BODY = { + 'Body Payload': 'See body description above' +} + +response = falcon.command('updateSensorVisibilityExclusionsV1', body=BODY) +print(response) +falcon.deauthenticate() +``` +### querySensorVisibilityExclusionsV1 +Search for sensor visibility exclusions. + +#### Content-Type +- Produces: _application/json_ +#### Parameters +| Required | Name | Type | Datatype | Description | +| :---: | :---- | :---- | :-------- | :---------- | +| | __filter__ | query | _string_ | The filter expression that should be used to limit the results. | +| | __offset__ | query | _integer_ | The offset to start retrieving records from | +| | __limit__ | query | _integer_ | The maximum records to return. [1-500] | +| | __sort__ | query | _string_ | The sort expression that should be used to sort the results. | +#### Usage +##### Uber class example +```python +from falconpy import api_complete as FalconSDK + +falcon = FalconSDK.APIHarness(creds={ + 'client_id': falcon_client_id, + 'client_secret': falcon_client_secret + } +) + +PARAMS = { + 'filter': 'string', + 'offset': integer, + 'limit': integer, + 'sort': 'string' +} + +response = falcon.command('querySensorVisibilityExclusionsV1', parameters=PARAMS) +print(response) +falcon.deauthenticate() +``` diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 00000000..2ff45f26 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,3532 @@ +{ + "name": "coursebook", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "@11ty/dependency-tree": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@11ty/dependency-tree/-/dependency-tree-1.0.0.tgz", + "integrity": "sha512-2FWYlkphQ/83MG7b9qqBJfJJ0K9zupNz/6n4EdDuNLw6hQHGp4Sp4UMDRyBvA/xCTYDBaPSuSjHuu45tSujegg==", + "dev": true + }, + "@11ty/eleventy": { + "version": "0.11.0", + "resolved": "https://registry.npmjs.org/@11ty/eleventy/-/eleventy-0.11.0.tgz", + "integrity": "sha512-ozkfpmSlhodVoGCNFhBFsNbFxJbaiPYiVGKCeVdsFBTfDLhGyWS8cieNWjsvKyEHWT8OLNSIBvJYv4JxuxTivg==", + "dev": true, + "requires": { + "@11ty/dependency-tree": "^1.0.0", + "browser-sync": "^2.26.7", + "chalk": "^3.0.0", + "chokidar": "^3.4.0", + "debug": "^4.1.1", + "dependency-graph": "^0.9.0", + "ejs": "^2.7.4", + "fast-glob": "^3.2.2", + "fs-extra": "^8.1.0", + "gray-matter": "^4.0.2", + "hamljs": "^0.6.2", + "handlebars": "^4.7.6", + "javascript-stringify": "^2.0.1", + "liquidjs": "^6.4.3", + "lodash": "^4.17.15", + "luxon": "^1.24.1", + "markdown-it": "^10.0.0", + "minimist": "^1.2.5", + "moo": "^0.5.1", + "multimatch": "^4.0.0", + "mustache": "^2.3.2", + "normalize-path": "^3.0.0", + "nunjucks": "^3.2.1", + "parse-filepath": "^1.0.2", + "please-upgrade-node": "^3.2.0", + "pretty": "^2.0.0", + "pug": "^2.0.4", + "recursive-copy": "^2.0.10", + "semver": "^7.3.2", + "slugify": "^1.4.0", + "time-require": "^0.1.2", + "valid-url": "^1.0.9" + }, + "dependencies": { + "linkify-it": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-2.2.0.tgz", + "integrity": "sha512-GnAl/knGn+i1U/wjBz3akz2stz+HrHLsxMwHQGofCDfPvlf+gDKN58UtfmUquTY4/MXeE2x7k19KQmeoZi94Iw==", + "dev": true, + "requires": { + "uc.micro": "^1.0.1" + } + }, + "markdown-it": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-10.0.0.tgz", + "integrity": "sha512-YWOP1j7UbDNz+TumYP1kpwnP0aEa711cJjrAQrzd0UXlbJfc5aAq0F/PZHjiioqDC1NKgvIMX+o+9Bk7yuM2dg==", + "dev": true, + "requires": { + "argparse": "^1.0.7", + "entities": "~2.0.0", + "linkify-it": "^2.0.0", + "mdurl": "^1.0.1", + "uc.micro": "^1.0.5" + } + } + } + }, + "@nodelib/fs.scandir": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.3.tgz", + "integrity": "sha512-eGmwYQn3gxo4r7jdQnkrrN6bY478C3P+a/y72IJukF8LjB6ZHeB3c+Ehacj3sYeSmUXGlnA67/PmbM9CVwL7Dw==", + "dev": true, + "requires": { + "@nodelib/fs.stat": "2.0.3", + "run-parallel": "^1.1.9" + } + }, + "@nodelib/fs.stat": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.3.tgz", + "integrity": "sha512-bQBFruR2TAwoevBEd/NWMoAAtNGzTRgdrqnYCc7dhzfoNvqPzLyqlEQnzZ3kVnNrSp25iyxE00/3h2fqGAGArA==", + "dev": true + }, + "@nodelib/fs.walk": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.4.tgz", + "integrity": "sha512-1V9XOY4rDW0rehzbrcqAmHnz8e7SKvX27gh8Gt2WgB0+pdzdiLV83p72kZPU+jvMbS1qU5mauP2iOvO8rhmurQ==", + "dev": true, + "requires": { + "@nodelib/fs.scandir": "2.1.3", + "fastq": "^1.6.0" + } + }, + "@sindresorhus/slugify": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@sindresorhus/slugify/-/slugify-1.1.0.tgz", + "integrity": "sha512-ujZRbmmizX26yS/HnB3P9QNlNa4+UvHh+rIse3RbOXLp8yl6n1TxB4t7NHggtVgS8QmmOtzXo48kCxZGACpkPw==", + "dev": true, + "requires": { + "@sindresorhus/transliterate": "^0.1.1", + "escape-string-regexp": "^4.0.0" + }, + "dependencies": { + "escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "dev": true + } + } + }, + "@sindresorhus/transliterate": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/@sindresorhus/transliterate/-/transliterate-0.1.1.tgz", + "integrity": "sha512-QSdIQ5keUFAZ3KLbfbsntW39ox0Ym8183RqTwBq/ZEFoN3NQAtGV+qWaNdzKpIDHgj9J2CQ2iNDRVU11Zyr7MQ==", + "dev": true, + "requires": { + "escape-string-regexp": "^2.0.0", + "lodash.deburr": "^4.1.0" + }, + "dependencies": { + "escape-string-regexp": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "integrity": "sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==", + "dev": true + } + } + }, + "@types/babel-types": { + "version": "7.0.8", + "resolved": "https://registry.npmjs.org/@types/babel-types/-/babel-types-7.0.8.tgz", + "integrity": "sha512-jvu8g4LR7+p6ao30RhTREnEhHxmP4/R9D9/rOR/Kq14FztORty9SKgtOZUNZNMB9CXLxZ54EWu4dArUE8WdTsw==", + "dev": true + }, + "@types/babylon": { + "version": "6.16.5", + "resolved": "https://registry.npmjs.org/@types/babylon/-/babylon-6.16.5.tgz", + "integrity": "sha512-xH2e58elpj1X4ynnKp9qSnWlsRTIs6n3tgLGNfwAGHwePw0mulHQllV34n0T25uYSu1k0hRKkWXF890B1yS47w==", + "dev": true, + "requires": { + "@types/babel-types": "*" + } + }, + "@types/color-name": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@types/color-name/-/color-name-1.1.1.tgz", + "integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==", + "dev": true + }, + "@types/minimatch": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/minimatch/-/minimatch-3.0.3.tgz", + "integrity": "sha512-tHq6qdbT9U1IRSGf14CL0pUlULksvY9OZ+5eEgl1N7t+OA3tGvNpxJCzuKQlsNgCVwbAs670L1vcVQi8j9HjnA==", + "dev": true + }, + "a-sync-waterfall": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/a-sync-waterfall/-/a-sync-waterfall-1.0.1.tgz", + "integrity": "sha512-RYTOHHdWipFUliRFMCS4X2Yn2X8M87V/OpSqWzKKOGhzqyUxzyVmhHDH9sAvG+ZuQf/TAOFsLCpMw09I1ufUnA==", + "dev": true + }, + "abbrev": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", + "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==", + "dev": true + }, + "accepts": { + "version": "1.3.7", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz", + "integrity": "sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==", + "dev": true, + "requires": { + "mime-types": "~2.1.24", + "negotiator": "0.6.2" + } + }, + "acorn": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-3.3.0.tgz", + "integrity": "sha1-ReN/s56No/JbruP/U2niu18iAXo=", + "dev": true + }, + "acorn-globals": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/acorn-globals/-/acorn-globals-3.1.0.tgz", + "integrity": "sha1-/YJw9x+7SZawBPqIDuXUZXOnMb8=", + "dev": true, + "requires": { + "acorn": "^4.0.4" + }, + "dependencies": { + "acorn": { + "version": "4.0.13", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-4.0.13.tgz", + "integrity": "sha1-EFSVrlNh1pe9GVyCUZLhrX8lN4c=", + "dev": true + } + } + }, + "after": { + "version": "0.8.2", + "resolved": "https://registry.npmjs.org/after/-/after-0.8.2.tgz", + "integrity": "sha1-/ts5T58OAqqXaOcCvaI7UF+ufh8=", + "dev": true + }, + "align-text": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/align-text/-/align-text-0.1.4.tgz", + "integrity": "sha1-DNkKVhCT810KmSVsIrcGlDP60Rc=", + "dev": true, + "requires": { + "kind-of": "^3.0.2", + "longest": "^1.0.1", + "repeat-string": "^1.5.2" + }, + "dependencies": { + "is-buffer": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", + "dev": true + }, + "kind-of": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", + "dev": true, + "requires": { + "is-buffer": "^1.1.5" + } + } + } + }, + "ansi-regex": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=", + "dev": true + }, + "ansi-styles": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "integrity": "sha1-tDLdM1i2NM914eRmQ2gkBTPB3b4=", + "dev": true + }, + "anymatch": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.1.tgz", + "integrity": "sha512-mM8522psRCqzV+6LhomX5wgp25YVibjh8Wj23I5RPkPppSVSjyKD2A2mBJmWGa+KN7f2D6LNh9jkBCeyLktzjg==", + "dev": true, + "requires": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + } + }, + "argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dev": true, + "requires": { + "sprintf-js": "~1.0.2" + } + }, + "array-differ": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/array-differ/-/array-differ-3.0.0.tgz", + "integrity": "sha512-THtfYS6KtME/yIAhKjZ2ul7XI96lQGHRputJQHO80LAWQnuGP4iCIN8vdMRboGbIEYBwU33q8Tch1os2+X0kMg==", + "dev": true + }, + "array-union": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", + "dev": true + }, + "array-uniq": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz", + "integrity": "sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=", + "dev": true + }, + "arraybuffer.slice": { + "version": "0.0.7", + "resolved": "https://registry.npmjs.org/arraybuffer.slice/-/arraybuffer.slice-0.0.7.tgz", + "integrity": "sha512-wGUIVQXuehL5TCqQun8OW81jGzAWycqzFF8lFp+GOM5BXLYj3bKNsYC4daB7n6XjCqxQA/qgTJ+8ANR3acjrog==", + "dev": true + }, + "arrify": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/arrify/-/arrify-2.0.1.tgz", + "integrity": "sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug==", + "dev": true + }, + "asap": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz", + "integrity": "sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY=", + "dev": true + }, + "async": { + "version": "1.5.2", + "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz", + "integrity": "sha1-7GphrlZIDAw8skHJVhjiCJL5Zyo=", + "dev": true + }, + "async-each-series": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/async-each-series/-/async-each-series-0.1.1.tgz", + "integrity": "sha1-dhfBkXQB/Yykooqtzj266Yr+tDI=", + "dev": true + }, + "async-limiter": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", + "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==", + "dev": true + }, + "axios": { + "version": "0.19.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.19.0.tgz", + "integrity": "sha512-1uvKqKQta3KBxIz14F2v06AEHZ/dIoeKfbTRkK1E5oqjDnuEerLmYTgJB5AiQZHJcljpg1TuRzdjDR06qNk0DQ==", + "dev": true, + "requires": { + "follow-redirects": "1.5.10", + "is-buffer": "^2.0.2" + }, + "dependencies": { + "debug": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", + "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==", + "dev": true, + "requires": { + "ms": "2.0.0" + } + }, + "follow-redirects": { + "version": "1.5.10", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.5.10.tgz", + "integrity": "sha512-0V5l4Cizzvqt5D44aTXbFZz+FtyXV1vrDN6qrelxtfYQKW0KO0W2T/hkE8xvGa/540LkZlkaUjO4ailYTFtHVQ==", + "dev": true, + "requires": { + "debug": "=3.1.0" + } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true + } + } + }, + "babel-runtime": { + "version": "6.26.0", + "resolved": "https://registry.npmjs.org/babel-runtime/-/babel-runtime-6.26.0.tgz", + "integrity": "sha1-llxwWGaOgrVde/4E/yM3vItWR/4=", + "dev": true, + "requires": { + "core-js": "^2.4.0", + "regenerator-runtime": "^0.11.0" + } + }, + "babel-types": { + "version": "6.26.0", + "resolved": "https://registry.npmjs.org/babel-types/-/babel-types-6.26.0.tgz", + "integrity": "sha1-o7Bz+Uq0nrb6Vc1lInozQ4BjJJc=", + "dev": true, + "requires": { + "babel-runtime": "^6.26.0", + "esutils": "^2.0.2", + "lodash": "^4.17.4", + "to-fast-properties": "^1.0.3" + } + }, + "babylon": { + "version": "6.18.0", + "resolved": "https://registry.npmjs.org/babylon/-/babylon-6.18.0.tgz", + "integrity": "sha512-q/UEjfGJ2Cm3oKV71DJz9d25TPnq5rhBVL2Q4fA5wcC3jcrdn7+SssEybFIxwAvvP+YCsCYNKughoF33GxgycQ==", + "dev": true + }, + "backo2": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/backo2/-/backo2-1.0.2.tgz", + "integrity": "sha1-MasayLEpNjRj41s+u2n038+6eUc=", + "dev": true + }, + "balanced-match": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz", + "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=", + "dev": true + }, + "base64-arraybuffer": { + "version": "0.1.5", + "resolved": "https://registry.npmjs.org/base64-arraybuffer/-/base64-arraybuffer-0.1.5.tgz", + "integrity": "sha1-c5JncZI7Whl0etZmqlzUv5xunOg=", + "dev": true + }, + "base64id": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/base64id/-/base64id-1.0.0.tgz", + "integrity": "sha1-R2iMuZu2gE8OBtPnY7HDLlfY5rY=", + "dev": true + }, + "batch": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/batch/-/batch-0.6.1.tgz", + "integrity": "sha1-3DQxT05nkxgJP8dgJyUl+UvyXBY=", + "dev": true + }, + "better-assert": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/better-assert/-/better-assert-1.0.2.tgz", + "integrity": "sha1-QIZrnhueC1W0gYlDEeaPr/rrxSI=", + "dev": true, + "requires": { + "callsite": "1.0.0" + } + }, + "binary-extensions": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.1.0.tgz", + "integrity": "sha512-1Yj8h9Q+QDF5FzhMs/c9+6UntbD5MkRfRwac8DoEm9ZfUBZ7tZ55YcGVAzEe4bXsdQHEk+s9S5wsOKVdZrw0tQ==", + "dev": true + }, + "blob": { + "version": "0.0.5", + "resolved": "https://registry.npmjs.org/blob/-/blob-0.0.5.tgz", + "integrity": "sha512-gaqbzQPqOoamawKg0LGVd7SzLgXS+JH61oWprSLH+P+abTczqJbhTR8CmJ2u9/bUYNmHTGJx/UEmn6doAvvuig==", + "dev": true + }, + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "braces": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dev": true, + "requires": { + "fill-range": "^7.0.1" + } + }, + "browser-sync": { + "version": "2.26.12", + "resolved": "https://registry.npmjs.org/browser-sync/-/browser-sync-2.26.12.tgz", + "integrity": "sha512-1GjAe+EpZQJgtKhWsxklEjpaMV0DrRylpHRvZWgOphDQt+bfLZjfynl/j1WjSFIx8ozj9j78g6Yk4TqD3gKaMA==", + "dev": true, + "requires": { + "browser-sync-client": "^2.26.12", + "browser-sync-ui": "^2.26.12", + "bs-recipes": "1.3.4", + "bs-snippet-injector": "^2.0.1", + "chokidar": "^3.4.1", + "connect": "3.6.6", + "connect-history-api-fallback": "^1", + "dev-ip": "^1.0.1", + "easy-extender": "^2.3.4", + "eazy-logger": "^3", + "etag": "^1.8.1", + "fresh": "^0.5.2", + "fs-extra": "3.0.1", + "http-proxy": "^1.18.1", + "immutable": "^3", + "localtunnel": "^2.0.0", + "micromatch": "^4.0.2", + "opn": "5.3.0", + "portscanner": "2.1.1", + "qs": "6.2.3", + "raw-body": "^2.3.2", + "resp-modifier": "6.0.2", + "rx": "4.1.0", + "send": "0.16.2", + "serve-index": "1.9.1", + "serve-static": "1.13.2", + "server-destroy": "1.0.1", + "socket.io": "2.1.1", + "ua-parser-js": "^0.7.18", + "yargs": "^15.4.1" + }, + "dependencies": { + "fs-extra": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-3.0.1.tgz", + "integrity": "sha1-N5TzeMWLNC6n27sjCVEJxLO2IpE=", + "dev": true, + "requires": { + "graceful-fs": "^4.1.2", + "jsonfile": "^3.0.0", + "universalify": "^0.1.0" + } + } + } + }, + "browser-sync-client": { + "version": "2.26.12", + "resolved": "https://registry.npmjs.org/browser-sync-client/-/browser-sync-client-2.26.12.tgz", + "integrity": "sha512-bEBDRkufKxrIfjOsIB1FN9itUEXr2oLtz1AySgSSr80K2AWzmtoYnxtVASx/i40qFrSdeI31pNvdCjHivihLVA==", + "dev": true, + "requires": { + "etag": "1.8.1", + "fresh": "0.5.2", + "mitt": "^1.1.3", + "rxjs": "^5.5.6" + } + }, + "browser-sync-ui": { + "version": "2.26.12", + "resolved": "https://registry.npmjs.org/browser-sync-ui/-/browser-sync-ui-2.26.12.tgz", + "integrity": "sha512-PkAJNf/TfCFTCkQUfXplR2Kp/+/lbCWFO9lrgLZsmxIhvMLx2pYZFBbTBIaem8qjXhld9ZcESUC8EdU5VWFJgQ==", + "dev": true, + "requires": { + "async-each-series": "0.1.1", + "connect-history-api-fallback": "^1", + "immutable": "^3", + "server-destroy": "1.0.1", + "socket.io-client": "^2.0.4", + "stream-throttle": "^0.1.3" + } + }, + "bs-recipes": { + "version": "1.3.4", + "resolved": "https://registry.npmjs.org/bs-recipes/-/bs-recipes-1.3.4.tgz", + "integrity": "sha1-DS1NSKcYyMBEdp/cT4lZLci2lYU=", + "dev": true + }, + "bs-snippet-injector": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/bs-snippet-injector/-/bs-snippet-injector-2.0.1.tgz", + "integrity": "sha1-YbU5PxH1JVntEgaTEANDtu2wTdU=", + "dev": true + }, + "bytes": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz", + "integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg==", + "dev": true + }, + "callsite": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/callsite/-/callsite-1.0.0.tgz", + "integrity": "sha1-KAOY5dZkvXQDi28JBRU+borxvCA=", + "dev": true + }, + "camelcase": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", + "dev": true + }, + "center-align": { + "version": "0.1.3", + "resolved": "https://registry.npmjs.org/center-align/-/center-align-0.1.3.tgz", + "integrity": "sha1-qg0yYptu6XIgBBHL1EYckHvCt60=", + "dev": true, + "requires": { + "align-text": "^0.1.3", + "lazy-cache": "^1.0.3" + } + }, + "chalk": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-3.0.0.tgz", + "integrity": "sha512-4D3B6Wf41KOYRFdszmDqMCGq5VV/uMAB273JILmO+3jAlh8X4qDtdtgCR3fxtbLEMzSx22QdhnDcJvu2u1fVwg==", + "dev": true, + "requires": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "dependencies": { + "ansi-styles": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.2.1.tgz", + "integrity": "sha512-9VGjrMsG1vePxcSweQsN20KY/c4zN0h9fLjqAbwbPfahM3t+NL+M9HC8xeXG2I8pX5NoamTGNuomEUFI7fcUjA==", + "dev": true, + "requires": { + "@types/color-name": "^1.1.1", + "color-convert": "^2.0.1" + } + }, + "color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "requires": { + "color-name": "~1.1.4" + } + }, + "color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true + }, + "supports-color": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.1.0.tgz", + "integrity": "sha512-oRSIpR8pxT1Wr2FquTNnGet79b3BWljqOuoW/h4oBhxJ/HUbX5nX6JSruTkvXDCFMwDPvsaTTbvMLKZWSy0R5g==", + "dev": true, + "requires": { + "has-flag": "^4.0.0" + } + } + } + }, + "character-parser": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/character-parser/-/character-parser-2.2.0.tgz", + "integrity": "sha1-x84o821LzZdE5f/CxfzeHHMmH8A=", + "dev": true, + "requires": { + "is-regex": "^1.0.3" + } + }, + "chokidar": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.4.2.tgz", + "integrity": "sha512-IZHaDeBeI+sZJRX7lGcXsdzgvZqKv6sECqsbErJA4mHWfpRrD8B97kSFN4cQz6nGBGiuFia1MKR4d6c1o8Cv7A==", + "dev": true, + "requires": { + "anymatch": "~3.1.1", + "braces": "~3.0.2", + "fsevents": "~2.1.2", + "glob-parent": "~5.1.0", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.4.0" + } + }, + "clean-css": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/clean-css/-/clean-css-4.2.3.tgz", + "integrity": "sha512-VcMWDN54ZN/DS+g58HYL5/n4Zrqe8vHJpGA8KdgUXFU4fuP/aHNw8eld9SyEIyabIMJX/0RaY/fplOo5hYLSFA==", + "dev": true, + "requires": { + "source-map": "~0.6.0" + } + }, + "cliui": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-5.0.0.tgz", + "integrity": "sha512-PYeGSEmmHM6zvoef2w8TPzlrnNpXIjTipYK780YswmIP9vjxmd6Y2a3CB2Ks6/AU8NHjZugXvo8w3oWM2qnwXA==", + "dev": true, + "requires": { + "string-width": "^3.1.0", + "strip-ansi": "^5.2.0", + "wrap-ansi": "^5.1.0" + }, + "dependencies": { + "ansi-regex": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz", + "integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==", + "dev": true + }, + "strip-ansi": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", + "integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==", + "dev": true, + "requires": { + "ansi-regex": "^4.1.0" + } + } + } + }, + "color-convert": { + "version": "1.9.3", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", + "dev": true, + "requires": { + "color-name": "1.1.3" + } + }, + "color-name": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", + "dev": true + }, + "commander": { + "version": "2.20.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", + "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", + "dev": true + }, + "component-bind": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/component-bind/-/component-bind-1.0.0.tgz", + "integrity": "sha1-AMYIq33Nk4l8AAllGx06jh5zu9E=", + "dev": true + }, + "component-emitter": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.2.1.tgz", + "integrity": "sha1-E3kY1teCg/ffemt8WmPhQOaUJeY=", + "dev": true + }, + "component-inherit": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/component-inherit/-/component-inherit-0.0.3.tgz", + "integrity": "sha1-ZF/ErfWLcrZJ1crmUTVhnbJv8UM=", + "dev": true + }, + "concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", + "dev": true + }, + "condense-newlines": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/condense-newlines/-/condense-newlines-0.2.1.tgz", + "integrity": "sha1-PemFVTE5R10yUCyDsC9gaE0kxV8=", + "dev": true, + "requires": { + "extend-shallow": "^2.0.1", + "is-whitespace": "^0.3.0", + "kind-of": "^3.0.2" + }, + "dependencies": { + "is-buffer": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", + "dev": true + }, + "kind-of": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", + "dev": true, + "requires": { + "is-buffer": "^1.1.5" + } + } + } + }, + "config-chain": { + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.12.tgz", + "integrity": "sha512-a1eOIcu8+7lUInge4Rpf/n4Krkf3Dd9lqhljRzII1/Zno/kRtUWnznPO3jOKBmTEktkt3fkxisUcivoj0ebzoA==", + "dev": true, + "requires": { + "ini": "^1.3.4", + "proto-list": "~1.2.1" + } + }, + "connect": { + "version": "3.6.6", + "resolved": "https://registry.npmjs.org/connect/-/connect-3.6.6.tgz", + "integrity": "sha1-Ce/2xVr3I24TcTWnJXSFi2eG9SQ=", + "dev": true, + "requires": { + "debug": "2.6.9", + "finalhandler": "1.1.0", + "parseurl": "~1.3.2", + "utils-merge": "1.0.1" + }, + "dependencies": { + "debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "dev": true, + "requires": { + "ms": "2.0.0" + } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true + } + } + }, + "connect-history-api-fallback": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/connect-history-api-fallback/-/connect-history-api-fallback-1.6.0.tgz", + "integrity": "sha512-e54B99q/OUoH64zYYRf3HBP5z24G38h5D3qXu23JGRoigpX5Ss4r9ZnDk3g0Z8uQC2x2lPaJ+UlWBc1ZWBWdLg==", + "dev": true + }, + "constantinople": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/constantinople/-/constantinople-3.1.2.tgz", + "integrity": "sha512-yePcBqEFhLOqSBtwYOGGS1exHo/s1xjekXiinh4itpNQGCu4KA1euPh1fg07N2wMITZXQkBz75Ntdt1ctGZouw==", + "dev": true, + "requires": { + "@types/babel-types": "^7.0.0", + "@types/babylon": "^6.16.2", + "babel-types": "^6.26.0", + "babylon": "^6.18.0" + } + }, + "cookie": { + "version": "0.3.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz", + "integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s=", + "dev": true + }, + "core-js": { + "version": "2.6.11", + "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.11.tgz", + "integrity": "sha512-5wjnpaT/3dV+XB4borEsnAYQchn00XSgTAWKDkEqv+K8KevjbzmofK6hfJ9TZIlpj2N0xQpazy7PiRQiWHqzWg==", + "dev": true + }, + "date-time": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/date-time/-/date-time-0.1.1.tgz", + "integrity": "sha1-7S9tk9l5DOL9ZtW1/z7dW7y/Owc=", + "dev": true + }, + "debug": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", + "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", + "dev": true, + "requires": { + "ms": "^2.1.1" + } + }, + "decamelize": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz", + "integrity": "sha1-9lNNFRSCabIDUue+4m9QH5oZEpA=", + "dev": true + }, + "del": { + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/del/-/del-2.2.2.tgz", + "integrity": "sha1-wSyYHQZ4RshLyvhiz/kw2Qf/0ag=", + "dev": true, + "requires": { + "globby": "^5.0.0", + "is-path-cwd": "^1.0.0", + "is-path-in-cwd": "^1.0.0", + "object-assign": "^4.0.1", + "pify": "^2.0.0", + "pinkie-promise": "^2.0.0", + "rimraf": "^2.2.8" + } + }, + "depd": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", + "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak=", + "dev": true + }, + "dependency-graph": { + "version": "0.9.0", + "resolved": "https://registry.npmjs.org/dependency-graph/-/dependency-graph-0.9.0.tgz", + "integrity": "sha512-9YLIBURXj4DJMFALxXw9K3Y3rwb5Fk0X5/8ipCzaN84+gKxoHK43tVKRNakCQbiEx07E8Uwhuq21BpUagFhZ8w==", + "dev": true + }, + "destroy": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz", + "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA=", + "dev": true + }, + "dev-ip": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dev-ip/-/dev-ip-1.0.1.tgz", + "integrity": "sha1-p2o+0YVb56ASu4rBbLgPPADcKPA=", + "dev": true + }, + "doctypes": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/doctypes/-/doctypes-1.1.0.tgz", + "integrity": "sha1-6oCxBqh1OHdOijpKWv4pPeSJ4Kk=", + "dev": true + }, + "easy-extender": { + "version": "2.3.4", + "resolved": "https://registry.npmjs.org/easy-extender/-/easy-extender-2.3.4.tgz", + "integrity": "sha512-8cAwm6md1YTiPpOvDULYJL4ZS6WfM5/cTeVVh4JsvyYZAoqlRVUpHL9Gr5Fy7HA6xcSZicUia3DeAgO3Us8E+Q==", + "dev": true, + "requires": { + "lodash": "^4.17.10" + } + }, + "eazy-logger": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/eazy-logger/-/eazy-logger-3.0.2.tgz", + "integrity": "sha1-oyWqXlPROiIliJsqxBE7K5Y29Pw=", + "dev": true, + "requires": { + "tfunk": "^3.0.1" + } + }, + "editorconfig": { + "version": "0.15.3", + "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-0.15.3.tgz", + "integrity": "sha512-M9wIMFx96vq0R4F+gRpY3o2exzb8hEj/n9S8unZtHSvYjibBp/iMufSzvmOcV/laG0ZtuTVGtiJggPOSW2r93g==", + "dev": true, + "requires": { + "commander": "^2.19.0", + "lru-cache": "^4.1.5", + "semver": "^5.6.0", + "sigmund": "^1.0.1" + }, + "dependencies": { + "semver": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true + } + } + }, + "ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=", + "dev": true + }, + "ejs": { + "version": "2.7.4", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.7.4.tgz", + "integrity": "sha512-7vmuyh5+kuUyJKePhQfRQBhXV5Ce+RnaeeQArKu1EAMpL3WbgMt5WG6uQZpEVvYSSsxMXRKOewtDk9RaTKXRlA==", + "dev": true + }, + "emitter-mixin": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/emitter-mixin/-/emitter-mixin-0.0.3.tgz", + "integrity": "sha1-WUjLKG8uSO3DslGnz8H3iDOW1lw=", + "dev": true + }, + "emoji-regex": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-7.0.3.tgz", + "integrity": "sha512-CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA==", + "dev": true + }, + "encodeurl": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k=", + "dev": true + }, + "engine.io": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-3.2.1.tgz", + "integrity": "sha512-+VlKzHzMhaU+GsCIg4AoXF1UdDFjHHwMmMKqMJNDNLlUlejz58FCy4LBqB2YVJskHGYl06BatYWKP2TVdVXE5w==", + "dev": true, + "requires": { + "accepts": "~1.3.4", + "base64id": "1.0.0", + "cookie": "0.3.1", + "debug": "~3.1.0", + "engine.io-parser": "~2.1.0", + "ws": "~3.3.1" + }, + "dependencies": { + "debug": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", + "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==", + "dev": true, + "requires": { + "ms": "2.0.0" + } + }, + "engine.io-parser": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-2.1.3.tgz", + "integrity": "sha512-6HXPre2O4Houl7c4g7Ic/XzPnHBvaEmN90vtRO9uLmwtRqQmTOw0QMevL1TOfL2Cpu1VzsaTmMotQgMdkzGkVA==", + "dev": true, + "requires": { + "after": "0.8.2", + "arraybuffer.slice": "~0.0.7", + "base64-arraybuffer": "0.1.5", + "blob": "0.0.5", + "has-binary2": "~1.0.2" + } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true + }, + "ws": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/ws/-/ws-3.3.3.tgz", + "integrity": "sha512-nnWLa/NwZSt4KQJu51MYlCcSQ5g7INpOrOMt4XV8j4dqTXdmlUmSHQ8/oLC069ckre0fRsgfvsKwbTdtKLCDkA==", + "dev": true, + "requires": { + "async-limiter": "~1.0.0", + "safe-buffer": "~5.1.0", + "ultron": "~1.1.0" + } + } + } + }, + "engine.io-client": { + "version": "3.4.3", + "resolved": "https://registry.npmjs.org/engine.io-client/-/engine.io-client-3.4.3.tgz", + "integrity": "sha512-0NGY+9hioejTEJCaSJZfWZLk4FPI9dN+1H1C4+wj2iuFba47UgZbJzfWs4aNFajnX/qAaYKbe2lLTfEEWzCmcw==", + "dev": true, + "requires": { + "component-emitter": "~1.3.0", + "component-inherit": "0.0.3", + "debug": "~4.1.0", + "engine.io-parser": "~2.2.0", + "has-cors": "1.1.0", + "indexof": "0.0.1", + "parseqs": "0.0.5", + "parseuri": "0.0.5", + "ws": "~6.1.0", + "xmlhttprequest-ssl": "~1.5.4", + "yeast": "0.1.2" + }, + "dependencies": { + "component-emitter": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.3.0.tgz", + "integrity": "sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==", + "dev": true + } + } + }, + "engine.io-parser": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-2.2.0.tgz", + "integrity": "sha512-6I3qD9iUxotsC5HEMuuGsKA0cXerGz+4uGcXQEkfBidgKf0amsjrrtwcbwK/nzpZBxclXlV7gGl9dgWvu4LF6w==", + "dev": true, + "requires": { + "after": "0.8.2", + "arraybuffer.slice": "~0.0.7", + "base64-arraybuffer": "0.1.5", + "blob": "0.0.5", + "has-binary2": "~1.0.2" + } + }, + "entities": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/entities/-/entities-2.0.3.tgz", + "integrity": "sha512-MyoZ0jgnLvB2X3Lg5HqpFmn1kybDiIfEQmKzTb5apr51Rb+T3KdmMiqa70T+bhGnyv7bQ6WMj2QMHpGMmlrUYQ==", + "dev": true + }, + "errno": { + "version": "0.1.7", + "resolved": "https://registry.npmjs.org/errno/-/errno-0.1.7.tgz", + "integrity": "sha512-MfrRBDWzIWifgq6tJj60gkAwtLNb6sQPlcFrSOflcP1aFmmruKQ2wRnze/8V6kgyz7H3FF8Npzv78mZ7XLLflg==", + "dev": true, + "requires": { + "prr": "~1.0.1" + } + }, + "escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=", + "dev": true + }, + "escape-string-regexp": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=", + "dev": true + }, + "esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "dev": true + }, + "esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "dev": true + }, + "etag": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc=", + "dev": true + }, + "eventemitter3": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.4.tgz", + "integrity": "sha512-rlaVLnVxtxvoyLsQQFBx53YmXHDxRIzzTLbdfxqi4yocpSjAxXwkU0cScM5JgSKMqEhrZpnvQ2D9gjylR0AimQ==", + "dev": true + }, + "extend-shallow": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", + "dev": true, + "requires": { + "is-extendable": "^0.1.0" + } + }, + "fast-glob": { + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.4.tgz", + "integrity": "sha512-kr/Oo6PX51265qeuCYsyGypiO5uJFgBS0jksyG7FUeCyQzNwYnzrNIMR1NXfkZXsMYXYLRAHgISHBz8gQcxKHQ==", + "dev": true, + "requires": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.0", + "merge2": "^1.3.0", + "micromatch": "^4.0.2", + "picomatch": "^2.2.1" + } + }, + "fastq": { + "version": "1.8.0", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.8.0.tgz", + "integrity": "sha512-SMIZoZdLh/fgofivvIkmknUXyPnvxRE3DhtZ5Me3Mrsk5gyPL42F0xr51TdRXskBxHfMp+07bcYzfsYEsSQA9Q==", + "dev": true, + "requires": { + "reusify": "^1.0.4" + } + }, + "fill-range": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dev": true, + "requires": { + "to-regex-range": "^5.0.1" + } + }, + "finalhandler": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.0.tgz", + "integrity": "sha1-zgtoVbRYU+eRsvzGgARtiCU91/U=", + "dev": true, + "requires": { + "debug": "2.6.9", + "encodeurl": "~1.0.1", + "escape-html": "~1.0.3", + "on-finished": "~2.3.0", + "parseurl": "~1.3.2", + "statuses": "~1.3.1", + "unpipe": "~1.0.0" + }, + "dependencies": { + "debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "dev": true, + "requires": { + "ms": "2.0.0" + } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true + } + } + }, + "find-up": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-3.0.0.tgz", + "integrity": "sha512-1yD6RmLI1XBfxugvORwlck6f75tYL+iR0jqwsOrOxMZyGYqUuDhJ0l4AXdO1iX/FTs9cBAMEk1gWSEx1kSbylg==", + "dev": true, + "requires": { + "locate-path": "^3.0.0" + } + }, + "follow-redirects": { + "version": "1.13.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.13.0.tgz", + "integrity": "sha512-aq6gF1BEKje4a9i9+5jimNFIpq4Q1WiwBToeRK5NvZBd/TRsmW8BsJfOEGkr76TbOyPVD3OVDN910EcUNtRYEA==", + "dev": true + }, + "fresh": { + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac=", + "dev": true + }, + "fs-extra": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "integrity": "sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==", + "dev": true, + "requires": { + "graceful-fs": "^4.2.0", + "jsonfile": "^4.0.0", + "universalify": "^0.1.0" + }, + "dependencies": { + "jsonfile": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "integrity": "sha1-h3Gq4HmbZAdrdmQPygWPnBDjPss=", + "dev": true, + "requires": { + "graceful-fs": "^4.1.6" + } + } + } + }, + "fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", + "dev": true + }, + "fsevents": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.1.3.tgz", + "integrity": "sha512-Auw9a4AxqWpa9GUfj370BMPzzyncfBABW8Mab7BGWBYDj4Isgq+cDKtx0i6u9jcX9pQDnswsaaOTgTmA5pEjuQ==", + "dev": true, + "optional": true + }, + "get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "dev": true + }, + "glob": { + "version": "7.1.6", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz", + "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==", + "dev": true, + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } + }, + "glob-parent": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz", + "integrity": "sha512-FnI+VGOpnlGHWZxthPGR+QhR78fuiK0sNLkHQv+bL9fQi57lNNdquIbna/WrfROrolq8GK5Ek6BiMwqL/voRYQ==", + "dev": true, + "requires": { + "is-glob": "^4.0.1" + } + }, + "globby": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-5.0.0.tgz", + "integrity": "sha1-69hGZ8oNuzMLmbz8aOrCvFQ3Dg0=", + "dev": true, + "requires": { + "array-union": "^1.0.1", + "arrify": "^1.0.0", + "glob": "^7.0.3", + "object-assign": "^4.0.1", + "pify": "^2.0.0", + "pinkie-promise": "^2.0.0" + }, + "dependencies": { + "array-union": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz", + "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=", + "dev": true, + "requires": { + "array-uniq": "^1.0.1" + } + }, + "arrify": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", + "integrity": "sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0=", + "dev": true + } + } + }, + "graceful-fs": { + "version": "4.2.4", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.4.tgz", + "integrity": "sha512-WjKPNJF79dtJAVniUlGGWHYGz2jWxT6VhN/4m1NdkbZ2nOsEF+cI1Edgql5zCRhs/VsQYRvrXctxktVXZUkixw==", + "dev": true + }, + "gray-matter": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/gray-matter/-/gray-matter-4.0.2.tgz", + "integrity": "sha512-7hB/+LxrOjq/dd8APlK0r24uL/67w7SkYnfwhNFwg/VDIGWGmduTDYf3WNstLW2fbbmRwrDGCVSJ2isuf2+4Hw==", + "dev": true, + "requires": { + "js-yaml": "^3.11.0", + "kind-of": "^6.0.2", + "section-matter": "^1.0.0", + "strip-bom-string": "^1.0.0" + } + }, + "hamljs": { + "version": "0.6.2", + "resolved": "https://registry.npmjs.org/hamljs/-/hamljs-0.6.2.tgz", + "integrity": "sha1-e3EWz22+cnjkKz9u+HJaM+F3yOM=", + "dev": true + }, + "handlebars": { + "version": "4.7.6", + "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.6.tgz", + "integrity": "sha512-1f2BACcBfiwAfStCKZNrUCgqNZkGsAT7UM3kkYtXuLo0KnaVfjKOyf7PRzB6++aK9STyT1Pd2ZCPe3EGOXleXA==", + "dev": true, + "requires": { + "minimist": "^1.2.5", + "neo-async": "^2.6.0", + "source-map": "^0.6.1", + "uglify-js": "^3.1.4", + "wordwrap": "^1.0.0" + } + }, + "has-ansi": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "integrity": "sha1-NPUEnOHs3ysGSa8+8k5F7TVBbZE=", + "dev": true, + "requires": { + "ansi-regex": "^2.0.0" + } + }, + "has-binary2": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has-binary2/-/has-binary2-1.0.3.tgz", + "integrity": "sha512-G1LWKhDSvhGeAQ8mPVQlqNcOB2sJdwATtZKl2pDKKHfpf/rYj24lkinxf69blJbnsvtqqNU+L3SL50vzZhXOnw==", + "dev": true, + "requires": { + "isarray": "2.0.1" + } + }, + "has-color": { + "version": "0.1.7", + "resolved": "https://registry.npmjs.org/has-color/-/has-color-0.1.7.tgz", + "integrity": "sha1-ZxRKUmDDT8PMpnfQQdr1L+e3iy8=", + "dev": true + }, + "has-cors": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-cors/-/has-cors-1.1.0.tgz", + "integrity": "sha1-XkdHk/fqmEPRu5nCPu9J/xJv/zk=", + "dev": true + }, + "has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "dev": true + }, + "has-symbols": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.1.tgz", + "integrity": "sha512-PLcsoqu++dmEIZB+6totNFKq/7Do+Z0u4oT0zKOJNl3lYK6vGwwu2hjHs+68OEZbTjiUE9bgOABXbP/GvrS0Kg==", + "dev": true + }, + "http-errors": { + "version": "1.7.3", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.3.tgz", + "integrity": "sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw==", + "dev": true, + "requires": { + "depd": "~1.1.2", + "inherits": "2.0.4", + "setprototypeof": "1.1.1", + "statuses": ">= 1.5.0 < 2", + "toidentifier": "1.0.0" + }, + "dependencies": { + "statuses": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", + "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=", + "dev": true + } + } + }, + "http-proxy": { + "version": "1.18.1", + "resolved": "https://registry.npmjs.org/http-proxy/-/http-proxy-1.18.1.tgz", + "integrity": "sha512-7mz/721AbnJwIVbnaSv1Cz3Am0ZLT/UBwkC92VlxhXv/k/BBQfM2fXElQNC27BVGr0uwUpplYPQM9LnaBMR5NQ==", + "dev": true, + "requires": { + "eventemitter3": "^4.0.0", + "follow-redirects": "^1.0.0", + "requires-port": "^1.0.0" + } + }, + "iconv-lite": { + "version": "0.4.24", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "dev": true, + "requires": { + "safer-buffer": ">= 2.1.2 < 3" + } + }, + "immutable": { + "version": "3.8.2", + "resolved": "https://registry.npmjs.org/immutable/-/immutable-3.8.2.tgz", + "integrity": "sha1-wkOZUUVbs5kT2vKBN28VMOEErfM=", + "dev": true + }, + "indexof": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/indexof/-/indexof-0.0.1.tgz", + "integrity": "sha1-gtwzbSMrkGIXnQWrMpOmYFn9Q10=", + "dev": true + }, + "inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", + "dev": true, + "requires": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true + }, + "ini": { + "version": "1.3.5", + "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.5.tgz", + "integrity": "sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==", + "dev": true + }, + "is-absolute": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-absolute/-/is-absolute-1.0.0.tgz", + "integrity": "sha512-dOWoqflvcydARa360Gvv18DZ/gRuHKi2NU/wU5X1ZFzdYfH29nkiNZsF3mp4OJ3H4yo9Mx8A/uAGNzpzPN3yBA==", + "dev": true, + "requires": { + "is-relative": "^1.0.0", + "is-windows": "^1.0.1" + } + }, + "is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "requires": { + "binary-extensions": "^2.0.0" + } + }, + "is-buffer": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-2.0.4.tgz", + "integrity": "sha512-Kq1rokWXOPXWuaMAqZiJW4XxsmD9zGx9q4aePabbn3qCRGedtH7Cm+zV8WETitMfu1wdh+Rvd6w5egwSngUX2A==", + "dev": true + }, + "is-expression": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-expression/-/is-expression-3.0.0.tgz", + "integrity": "sha1-Oayqa+f9HzRx3ELHQW5hwkMXrJ8=", + "dev": true, + "requires": { + "acorn": "~4.0.2", + "object-assign": "^4.0.1" + }, + "dependencies": { + "acorn": { + "version": "4.0.13", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-4.0.13.tgz", + "integrity": "sha1-EFSVrlNh1pe9GVyCUZLhrX8lN4c=", + "dev": true + } + } + }, + "is-extendable": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "integrity": "sha1-YrEQ4omkcUGOPsNqYX1HLjAd/Ik=", + "dev": true + }, + "is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=", + "dev": true + }, + "is-fullwidth-code-point": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz", + "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=", + "dev": true + }, + "is-glob": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz", + "integrity": "sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg==", + "dev": true, + "requires": { + "is-extglob": "^2.1.1" + } + }, + "is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true + }, + "is-number-like": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/is-number-like/-/is-number-like-1.0.8.tgz", + "integrity": "sha512-6rZi3ezCyFcn5L71ywzz2bS5b2Igl1En3eTlZlvKjpz1n3IZLAYMbKYAIQgFmEu0GENg92ziU/faEOA/aixjbA==", + "dev": true, + "requires": { + "lodash.isfinite": "^3.3.2" + } + }, + "is-path-cwd": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-path-cwd/-/is-path-cwd-1.0.0.tgz", + "integrity": "sha1-0iXsIxMuie3Tj9p2dHLmLmXxEG0=", + "dev": true + }, + "is-path-in-cwd": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-path-in-cwd/-/is-path-in-cwd-1.0.1.tgz", + "integrity": "sha512-FjV1RTW48E7CWM7eE/J2NJvAEEVektecDBVBE5Hh3nM1Jd0kvhHtX68Pr3xsDf857xt3Y4AkwVULK1Vku62aaQ==", + "dev": true, + "requires": { + "is-path-inside": "^1.0.0" + } + }, + "is-path-inside": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-1.0.1.tgz", + "integrity": "sha1-jvW33lBDej/cprToZe96pVy0gDY=", + "dev": true, + "requires": { + "path-is-inside": "^1.0.1" + } + }, + "is-promise": { + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz", + "integrity": "sha512-+lP4/6lKUBfQjZ2pdxThZvLUAafmZb8OAxFb8XXtiQmS35INgr85hdOGoEs124ez1FCnZJt6jau/T+alh58QFQ==", + "dev": true + }, + "is-regex": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.1.tgz", + "integrity": "sha512-1+QkEcxiLlB7VEyFtyBg94e08OAsvq7FUBgApTq/w2ymCLyKJgDPsybBENVtA7XCQEgEXxKPonG+mvYRxh/LIg==", + "dev": true, + "requires": { + "has-symbols": "^1.0.1" + } + }, + "is-relative": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-relative/-/is-relative-1.0.0.tgz", + "integrity": "sha512-Kw/ReK0iqwKeu0MITLFuj0jbPAmEiOsIwyIXvvbfa6QfmN9pkD1M+8pdk7Rl/dTKbH34/XBFMbgD4iMJhLQbGA==", + "dev": true, + "requires": { + "is-unc-path": "^1.0.0" + } + }, + "is-unc-path": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-unc-path/-/is-unc-path-1.0.0.tgz", + "integrity": "sha512-mrGpVd0fs7WWLfVsStvgF6iEJnbjDFZh9/emhRDcGWTduTfNHd9CHeUwH3gYIjdbwo4On6hunkztwOaAw0yllQ==", + "dev": true, + "requires": { + "unc-path-regex": "^0.1.2" + } + }, + "is-whitespace": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/is-whitespace/-/is-whitespace-0.3.0.tgz", + "integrity": "sha1-Fjnssb4DauxppUy7QBz77XEUq38=", + "dev": true + }, + "is-windows": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", + "integrity": "sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==", + "dev": true + }, + "is-wsl": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-1.1.0.tgz", + "integrity": "sha1-HxbkqiKwTRM2tmGIpmrzxgDDpm0=", + "dev": true + }, + "isarray": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.1.tgz", + "integrity": "sha1-o32U7ZzaLVmGXJ92/llu4fM4dB4=", + "dev": true + }, + "javascript-stringify": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/javascript-stringify/-/javascript-stringify-2.0.1.tgz", + "integrity": "sha512-yV+gqbd5vaOYjqlbk16EG89xB5udgjqQF3C5FAORDg4f/IS1Yc5ERCv5e/57yBcfJYw05V5JyIXabhwb75Xxow==", + "dev": true + }, + "js-beautify": { + "version": "1.12.0", + "resolved": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.12.0.tgz", + "integrity": "sha512-hZCm93+sWHqrsB2ac38cPX4A9t6mfReq13ZUr/0dk6rCXNLIq0R4lu0EiuJc0Ip6RiWNtE0vECjXOhcy/jMt9Q==", + "dev": true, + "requires": { + "config-chain": "^1.1.12", + "editorconfig": "^0.15.3", + "glob": "^7.1.3", + "mkdirp": "^1.0.4", + "nopt": "^4.0.3" + } + }, + "js-stringify": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/js-stringify/-/js-stringify-1.0.2.tgz", + "integrity": "sha1-Fzb939lyTyijaCrcYjCufk6Weds=", + "dev": true + }, + "js-yaml": { + "version": "3.14.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.0.tgz", + "integrity": "sha512-/4IbIeHcD9VMHFqDR/gQ7EdZdLimOvW2DdcxFjdyyZ9NsbS+ccrXqVWDtab/lRl5AlUqmpBx8EhPaWR+OtY17A==", + "dev": true, + "requires": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + } + }, + "jsonfile": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-3.0.1.tgz", + "integrity": "sha1-pezG9l9T9mLEQVx2daAzHQmS7GY=", + "dev": true, + "requires": { + "graceful-fs": "^4.1.6" + } + }, + "jstransformer": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/jstransformer/-/jstransformer-1.0.0.tgz", + "integrity": "sha1-7Yvwkh4vPx7U1cGkT2hwntJHIsM=", + "dev": true, + "requires": { + "is-promise": "^2.0.0", + "promise": "^7.0.1" + } + }, + "junk": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/junk/-/junk-1.0.3.tgz", + "integrity": "sha1-h75jSIZJy9ym9Tqzm+yczSNH9ZI=", + "dev": true + }, + "kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "dev": true + }, + "lazy-cache": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/lazy-cache/-/lazy-cache-1.0.4.tgz", + "integrity": "sha1-odePw6UEdMuAhF07O24dpJpEbo4=", + "dev": true + }, + "limiter": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/limiter/-/limiter-1.1.5.tgz", + "integrity": "sha512-FWWMIEOxz3GwUI4Ts/IvgVy6LPvoMPgjMdQ185nN6psJyBJ4yOpzqm695/h5umdLJg2vW3GR5iG11MAkR2AzJA==", + "dev": true + }, + "linkify-it": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.2.tgz", + "integrity": "sha512-gDBO4aHNZS6coiZCKVhSNh43F9ioIL4JwRjLZPkoLIY4yZFwg264Y5lu2x6rb1Js42Gh6Yqm2f6L2AJcnkzinQ==", + "dev": true, + "requires": { + "uc.micro": "^1.0.1" + } + }, + "liquidjs": { + "version": "6.4.3", + "resolved": "https://registry.npmjs.org/liquidjs/-/liquidjs-6.4.3.tgz", + "integrity": "sha512-m1xSB10Ncu22NR3X0xdaqu/GvP1xadDCFYGqGgd6me8DAWjyA68BKE5DHJmSxw1CGsWPsX+Hj2v/87J2w/LvMQ==", + "dev": true + }, + "localtunnel": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/localtunnel/-/localtunnel-2.0.0.tgz", + "integrity": "sha512-g6E0aLgYYDvQDxIjIXkgJo2+pHj3sGg4Wz/XP3h2KtZnRsWPbOQY+hw1H8Z91jep998fkcVE9l+kghO+97vllg==", + "dev": true, + "requires": { + "axios": "0.19.0", + "debug": "4.1.1", + "openurl": "1.1.1", + "yargs": "13.3.0" + }, + "dependencies": { + "yargs": { + "version": "13.3.0", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-13.3.0.tgz", + "integrity": "sha512-2eehun/8ALW8TLoIl7MVaRUrg+yCnenu8B4kBlRxj3GJGDKU1Og7sMXPNm1BYyM1DOJmTZ4YeN/Nwxv+8XJsUA==", + "dev": true, + "requires": { + "cliui": "^5.0.0", + "find-up": "^3.0.0", + "get-caller-file": "^2.0.1", + "require-directory": "^2.1.1", + "require-main-filename": "^2.0.0", + "set-blocking": "^2.0.0", + "string-width": "^3.0.0", + "which-module": "^2.0.0", + "y18n": "^4.0.0", + "yargs-parser": "^13.1.1" + } + } + } + }, + "locate-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-3.0.0.tgz", + "integrity": "sha512-7AO748wWnIhNqAuaty2ZWHkQHRSNfPVIsPIfwEOWO22AmaoVrWavlOcMR5nzTLNYvp36X220/maaRsrec1G65A==", + "dev": true, + "requires": { + "p-locate": "^3.0.0", + "path-exists": "^3.0.0" + } + }, + "lodash": { + "version": "4.17.20", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz", + "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==", + "dev": true + }, + "lodash.deburr": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/lodash.deburr/-/lodash.deburr-4.1.0.tgz", + "integrity": "sha1-3bG7s+8HRYwBd7oH3hRCLLAz/5s=", + "dev": true + }, + "lodash.isfinite": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/lodash.isfinite/-/lodash.isfinite-3.3.2.tgz", + "integrity": "sha1-+4m2WpqAKBgz8LdHizpRBPiY67M=", + "dev": true + }, + "longest": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/longest/-/longest-1.0.1.tgz", + "integrity": "sha1-MKCy2jj3N3DoKUoNIuZiXtd9AJc=", + "dev": true + }, + "lru-cache": { + "version": "4.1.5", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz", + "integrity": "sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==", + "dev": true, + "requires": { + "pseudomap": "^1.0.2", + "yallist": "^2.1.2" + } + }, + "luxon": { + "version": "1.24.1", + "resolved": "https://registry.npmjs.org/luxon/-/luxon-1.24.1.tgz", + "integrity": "sha512-CgnIMKAWT0ghcuWFfCWBnWGOddM0zu6c4wZAWmD0NN7MZTnro0+833DF6tJep+xlxRPg4KtsYEHYLfTMBQKwYg==", + "dev": true + }, + "map-cache": { + "version": "0.2.2", + "resolved": "https://registry.npmjs.org/map-cache/-/map-cache-0.2.2.tgz", + "integrity": "sha1-wyq9C9ZSXZsFFkW7TyasXcmKDb8=", + "dev": true + }, + "markdown-it": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-11.0.0.tgz", + "integrity": "sha512-+CvOnmbSubmQFSA9dKz1BRiaSMV7rhexl3sngKqFyXSagoA3fBdJQ8oZWtRy2knXdpDXaBw44euz37DeJQ9asg==", + "dev": true, + "requires": { + "argparse": "^1.0.7", + "entities": "~2.0.0", + "linkify-it": "^3.0.1", + "mdurl": "^1.0.1", + "uc.micro": "^1.0.5" + } + }, + "markdown-it-anchor": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/markdown-it-anchor/-/markdown-it-anchor-5.3.0.tgz", + "integrity": "sha512-/V1MnLL/rgJ3jkMWo84UR+K+jF1cxNG1a+KwqeXqTIJ+jtA8aWSHuigx8lTzauiIjBDbwF3NcWQMotd0Dm39jA==", + "dev": true + }, + "markdown-it-task-lists": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/markdown-it-task-lists/-/markdown-it-task-lists-2.1.1.tgz", + "integrity": "sha512-TxFAc76Jnhb2OUu+n3yz9RMu4CwGfaT788br6HhEDlvWfdeJcLUsxk1Hgw2yJio0OXsxv7pyIPmvECY7bMbluA==", + "dev": true + }, + "markdown-it-title": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/markdown-it-title/-/markdown-it-title-3.0.0.tgz", + "integrity": "sha512-iHZptfptAXGJlcboqWxUSWNkJLUyxZ452CobBzkQ7MtwfVhTI77W1LTAy+miQTqo3U+wkDUOFhhXj2XUD0dVWQ==", + "dev": true + }, + "maximatch": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/maximatch/-/maximatch-0.1.0.tgz", + "integrity": "sha1-hs2NawTJ8wfAWmuUGZBtA2D7E6I=", + "dev": true, + "requires": { + "array-differ": "^1.0.0", + "array-union": "^1.0.1", + "arrify": "^1.0.0", + "minimatch": "^3.0.0" + }, + "dependencies": { + "array-differ": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/array-differ/-/array-differ-1.0.0.tgz", + "integrity": "sha1-7/UuN1gknTO+QCuLuOVkuytdQDE=", + "dev": true + }, + "array-union": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz", + "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=", + "dev": true, + "requires": { + "array-uniq": "^1.0.1" + } + }, + "arrify": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", + "integrity": "sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0=", + "dev": true + } + } + }, + "mdurl": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz", + "integrity": "sha1-/oWy7HWlkDfyrf7BAP1sYBdhFS4=", + "dev": true + }, + "merge2": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", + "dev": true + }, + "micromatch": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.2.tgz", + "integrity": "sha512-y7FpHSbMUMoyPbYUSzO6PaZ6FyRnQOpHuKwbo1G+Knck95XVU4QAiKdGEnj5wwoS7PlOgthX/09u5iFJ+aYf5Q==", + "dev": true, + "requires": { + "braces": "^3.0.1", + "picomatch": "^2.0.5" + } + }, + "mime": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.4.1.tgz", + "integrity": "sha512-KI1+qOZu5DcW6wayYHSzR/tXKCDC5Om4s1z2QJjDULzLcmf3DvzS7oluY4HCTrc+9FiKmWUgeNLg7W3uIQvxtQ==", + "dev": true + }, + "mime-db": { + "version": "1.44.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", + "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==", + "dev": true + }, + "mime-types": { + "version": "2.1.27", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", + "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", + "dev": true, + "requires": { + "mime-db": "1.44.0" + } + }, + "minimatch": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", + "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", + "dev": true, + "requires": { + "brace-expansion": "^1.1.7" + } + }, + "minimist": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", + "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", + "dev": true + }, + "mitt": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/mitt/-/mitt-1.2.0.tgz", + "integrity": "sha512-r6lj77KlwqLhIUku9UWYes7KJtsczvolZkzp8hbaDPPaE24OmWl5s539Mytlj22siEQKosZ26qCBgda2PKwoJw==", + "dev": true + }, + "mkdirp": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", + "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==", + "dev": true + }, + "moo": { + "version": "0.5.1", + "resolved": "https://registry.npmjs.org/moo/-/moo-0.5.1.tgz", + "integrity": "sha512-I1mnb5xn4fO80BH9BLcF0yLypy2UKl+Cb01Fu0hJRkJjlCRtxZMWkTdAtDd5ZqCOxtCkhmRwyI57vWT+1iZ67w==", + "dev": true + }, + "ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + }, + "multimatch": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/multimatch/-/multimatch-4.0.0.tgz", + "integrity": "sha512-lDmx79y1z6i7RNx0ZGCPq1bzJ6ZoDDKbvh7jxr9SJcWLkShMzXrHbYVpTdnhNM5MXpDUxCQ4DgqVttVXlBgiBQ==", + "dev": true, + "requires": { + "@types/minimatch": "^3.0.3", + "array-differ": "^3.0.0", + "array-union": "^2.1.0", + "arrify": "^2.0.1", + "minimatch": "^3.0.4" + } + }, + "mustache": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/mustache/-/mustache-2.3.2.tgz", + "integrity": "sha512-KpMNwdQsYz3O/SBS1qJ/o3sqUJ5wSb8gb0pul8CO0S56b9Y2ALm8zCfsjPXsqGFfoNBkDwZuZIAjhsZI03gYVQ==", + "dev": true + }, + "negotiator": { + "version": "0.6.2", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.2.tgz", + "integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw==", + "dev": true + }, + "neo-async": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz", + "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==", + "dev": true + }, + "nopt": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/nopt/-/nopt-4.0.3.tgz", + "integrity": "sha512-CvaGwVMztSMJLOeXPrez7fyfObdZqNUK1cPAEzLHrTybIua9pMdmmPR5YwtfNftIOMv3DPUhFaxsZMNTQO20Kg==", + "dev": true, + "requires": { + "abbrev": "1", + "osenv": "^0.1.4" + } + }, + "normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true + }, + "nunjucks": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/nunjucks/-/nunjucks-3.2.2.tgz", + "integrity": "sha512-KUi85OoF2NMygwODAy28Lh9qHmq5hO3rBlbkYoC8v377h4l8Pt5qFjILl0LWpMbOrZ18CzfVVUvIHUIrtED3sA==", + "dev": true, + "requires": { + "a-sync-waterfall": "^1.0.0", + "asap": "^2.0.3", + "chokidar": "^3.3.0", + "commander": "^5.1.0" + }, + "dependencies": { + "commander": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz", + "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==", + "dev": true + } + } + }, + "object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=", + "dev": true + }, + "object-component": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/object-component/-/object-component-0.0.3.tgz", + "integrity": "sha1-8MaapQ78lbhmwYb0AKM3acsvEpE=", + "dev": true + }, + "object-path": { + "version": "0.9.2", + "resolved": "https://registry.npmjs.org/object-path/-/object-path-0.9.2.tgz", + "integrity": "sha1-D9mnT8X60a45aLWGvaXGMr1sBaU=", + "dev": true + }, + "on-finished": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", + "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=", + "dev": true, + "requires": { + "ee-first": "1.1.1" + } + }, + "once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", + "dev": true, + "requires": { + "wrappy": "1" + } + }, + "openurl": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/openurl/-/openurl-1.1.1.tgz", + "integrity": "sha1-OHW0sO96UsFW8NtB1GCduw+Us4c=", + "dev": true + }, + "opn": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/opn/-/opn-5.3.0.tgz", + "integrity": "sha512-bYJHo/LOmoTd+pfiYhfZDnf9zekVJrY+cnS2a5F2x+w5ppvTqObojTP7WiFG+kVZs9Inw+qQ/lw7TroWwhdd2g==", + "dev": true, + "requires": { + "is-wsl": "^1.1.0" + } + }, + "os-homedir": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/os-homedir/-/os-homedir-1.0.2.tgz", + "integrity": "sha1-/7xJiDNuDoM94MFox+8VISGqf7M=", + "dev": true + }, + "os-tmpdir": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", + "integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=", + "dev": true + }, + "osenv": { + "version": "0.1.5", + "resolved": "https://registry.npmjs.org/osenv/-/osenv-0.1.5.tgz", + "integrity": "sha512-0CWcCECdMVc2Rw3U5w9ZjqX6ga6ubk1xDVKxtBQPK7wis/0F2r9T6k4ydGYhecl7YUBxBVxhL5oisPsNxAPe2g==", + "dev": true, + "requires": { + "os-homedir": "^1.0.0", + "os-tmpdir": "^1.0.0" + } + }, + "p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "requires": { + "p-try": "^2.0.0" + } + }, + "p-locate": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-3.0.0.tgz", + "integrity": "sha512-x+12w/To+4GFfgJhBEpiDcLozRJGegY+Ei7/z0tSLkMmxGZNybVMSfWj9aJn8Z5Fc7dBUNJOOVgPv2H7IwulSQ==", + "dev": true, + "requires": { + "p-limit": "^2.0.0" + } + }, + "p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true + }, + "parse-filepath": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/parse-filepath/-/parse-filepath-1.0.2.tgz", + "integrity": "sha1-pjISf1Oq89FYdvWHLz/6x2PWyJE=", + "dev": true, + "requires": { + "is-absolute": "^1.0.0", + "map-cache": "^0.2.0", + "path-root": "^0.1.1" + } + }, + "parse-ms": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/parse-ms/-/parse-ms-0.1.2.tgz", + "integrity": "sha1-3T+iXtbC78e93hKtm0bBY6opIk4=", + "dev": true + }, + "parseqs": { + "version": "0.0.5", + "resolved": "https://registry.npmjs.org/parseqs/-/parseqs-0.0.5.tgz", + "integrity": "sha1-1SCKNzjkZ2bikbouoXNoSSGouJ0=", + "dev": true, + "requires": { + "better-assert": "~1.0.0" + } + }, + "parseuri": { + "version": "0.0.5", + "resolved": "https://registry.npmjs.org/parseuri/-/parseuri-0.0.5.tgz", + "integrity": "sha1-gCBKUNTbt3m/3G6+J3jZDkvOMgo=", + "dev": true, + "requires": { + "better-assert": "~1.0.0" + } + }, + "parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "dev": true + }, + "path-exists": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", + "integrity": "sha1-zg6+ql94yxiSXqfYENe1mwEP1RU=", + "dev": true + }, + "path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", + "dev": true + }, + "path-is-inside": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/path-is-inside/-/path-is-inside-1.0.2.tgz", + "integrity": "sha1-NlQX3t5EQw0cEa9hAn+s8HS9/FM=", + "dev": true + }, + "path-parse": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz", + "integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw==", + "dev": true + }, + "path-root": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/path-root/-/path-root-0.1.1.tgz", + "integrity": "sha1-mkpoFMrBwM1zNgqV8yCDyOpHRbc=", + "dev": true, + "requires": { + "path-root-regex": "^0.1.0" + } + }, + "path-root-regex": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/path-root-regex/-/path-root-regex-0.1.2.tgz", + "integrity": "sha1-v8zcjfWxLcUsi0PsONGNcsBLqW0=", + "dev": true + }, + "picomatch": { + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz", + "integrity": "sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==", + "dev": true + }, + "pify": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=", + "dev": true + }, + "pinkie": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz", + "integrity": "sha1-clVrgM+g1IqXToDnckjoDtT3+HA=", + "dev": true + }, + "pinkie-promise": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz", + "integrity": "sha1-ITXW36ejWMBprJsXh3YogihFD/o=", + "dev": true, + "requires": { + "pinkie": "^2.0.0" + } + }, + "please-upgrade-node": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/please-upgrade-node/-/please-upgrade-node-3.2.0.tgz", + "integrity": "sha512-gQR3WpIgNIKwBMVLkpMUeR3e1/E1y42bqDQZfql+kDeXd8COYfM8PQA4X6y7a8u9Ua9FHmsrrmirW2vHs45hWg==", + "dev": true, + "requires": { + "semver-compare": "^1.0.0" + } + }, + "portscanner": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/portscanner/-/portscanner-2.1.1.tgz", + "integrity": "sha1-6rtAnk3iSVD1oqUW01rnaTQ/u5Y=", + "dev": true, + "requires": { + "async": "1.5.2", + "is-number-like": "^1.0.3" + } + }, + "pretty": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/pretty/-/pretty-2.0.0.tgz", + "integrity": "sha1-rbx5YLe7/iiaVX3F9zdhmiINBqU=", + "dev": true, + "requires": { + "condense-newlines": "^0.2.1", + "extend-shallow": "^2.0.1", + "js-beautify": "^1.6.12" + } + }, + "pretty-ms": { + "version": "0.2.2", + "resolved": "https://registry.npmjs.org/pretty-ms/-/pretty-ms-0.2.2.tgz", + "integrity": "sha1-2oeaaC/zOjcBEEbxPWJ/Z8c7hPY=", + "dev": true, + "requires": { + "parse-ms": "^0.1.0" + } + }, + "promise": { + "version": "7.3.1", + "resolved": "https://registry.npmjs.org/promise/-/promise-7.3.1.tgz", + "integrity": "sha512-nolQXZ/4L+bP/UGlkfaIujX9BKxGwmQ9OT4mOt5yvy8iK1h3wqTEJCijzGANTCCl9nWjY41juyAn2K3Q1hLLTg==", + "dev": true, + "requires": { + "asap": "~2.0.3" + } + }, + "proto-list": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "integrity": "sha1-IS1b/hMYMGpCD2QCuOJv85ZHqEk=", + "dev": true + }, + "prr": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/prr/-/prr-1.0.1.tgz", + "integrity": "sha1-0/wRS6BplaRexok/SEzrHXj19HY=", + "dev": true + }, + "pseudomap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz", + "integrity": "sha1-8FKijacOYYkX7wqKw0wa5aaChrM=", + "dev": true + }, + "pug": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/pug/-/pug-2.0.4.tgz", + "integrity": "sha512-XhoaDlvi6NIzL49nu094R2NA6P37ijtgMDuWE+ofekDChvfKnzFal60bhSdiy8y2PBO6fmz3oMEIcfpBVRUdvw==", + "dev": true, + "requires": { + "pug-code-gen": "^2.0.2", + "pug-filters": "^3.1.1", + "pug-lexer": "^4.1.0", + "pug-linker": "^3.0.6", + "pug-load": "^2.0.12", + "pug-parser": "^5.0.1", + "pug-runtime": "^2.0.5", + "pug-strip-comments": "^1.0.4" + } + }, + "pug-attrs": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/pug-attrs/-/pug-attrs-2.0.4.tgz", + "integrity": "sha512-TaZ4Z2TWUPDJcV3wjU3RtUXMrd3kM4Wzjbe3EWnSsZPsJ3LDI0F3yCnf2/W7PPFF+edUFQ0HgDL1IoxSz5K8EQ==", + "dev": true, + "requires": { + "constantinople": "^3.0.1", + "js-stringify": "^1.0.1", + "pug-runtime": "^2.0.5" + } + }, + "pug-code-gen": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/pug-code-gen/-/pug-code-gen-2.0.2.tgz", + "integrity": "sha512-kROFWv/AHx/9CRgoGJeRSm+4mLWchbgpRzTEn8XCiwwOy6Vh0gAClS8Vh5TEJ9DBjaP8wCjS3J6HKsEsYdvaCw==", + "dev": true, + "requires": { + "constantinople": "^3.1.2", + "doctypes": "^1.1.0", + "js-stringify": "^1.0.1", + "pug-attrs": "^2.0.4", + "pug-error": "^1.3.3", + "pug-runtime": "^2.0.5", + "void-elements": "^2.0.1", + "with": "^5.0.0" + } + }, + "pug-error": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/pug-error/-/pug-error-1.3.3.tgz", + "integrity": "sha512-qE3YhESP2mRAWMFJgKdtT5D7ckThRScXRwkfo+Erqga7dyJdY3ZquspprMCj/9sJ2ijm5hXFWQE/A3l4poMWiQ==", + "dev": true + }, + "pug-filters": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/pug-filters/-/pug-filters-3.1.1.tgz", + "integrity": "sha512-lFfjNyGEyVWC4BwX0WyvkoWLapI5xHSM3xZJFUhx4JM4XyyRdO8Aucc6pCygnqV2uSgJFaJWW3Ft1wCWSoQkQg==", + "dev": true, + "requires": { + "clean-css": "^4.1.11", + "constantinople": "^3.0.1", + "jstransformer": "1.0.0", + "pug-error": "^1.3.3", + "pug-walk": "^1.1.8", + "resolve": "^1.1.6", + "uglify-js": "^2.6.1" + }, + "dependencies": { + "camelcase": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-1.2.1.tgz", + "integrity": "sha1-m7UwTS4LVmmLLHWLCKPqqdqlijk=", + "dev": true + }, + "cliui": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-2.1.0.tgz", + "integrity": "sha1-S0dXYP+AJkx2LDoXGQMukcf+oNE=", + "dev": true, + "requires": { + "center-align": "^0.1.1", + "right-align": "^0.1.1", + "wordwrap": "0.0.2" + } + }, + "source-map": { + "version": "0.5.7", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz", + "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=", + "dev": true + }, + "uglify-js": { + "version": "2.8.29", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-2.8.29.tgz", + "integrity": "sha1-KcVzMUgFe7Th913zW3qcty5qWd0=", + "dev": true, + "requires": { + "source-map": "~0.5.1", + "uglify-to-browserify": "~1.0.0", + "yargs": "~3.10.0" + } + }, + "wordwrap": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.2.tgz", + "integrity": "sha1-t5Zpu0LstAn4PVg8rVLKF+qhZD8=", + "dev": true + }, + "yargs": { + "version": "3.10.0", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-3.10.0.tgz", + "integrity": "sha1-9+572FfdfB0tOMDnTvvWgdFDH9E=", + "dev": true, + "requires": { + "camelcase": "^1.0.2", + "cliui": "^2.1.0", + "decamelize": "^1.0.0", + "window-size": "0.1.0" + } + } + } + }, + "pug-lexer": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/pug-lexer/-/pug-lexer-4.1.0.tgz", + "integrity": "sha512-i55yzEBtjm0mlplW4LoANq7k3S8gDdfC6+LThGEvsK4FuobcKfDAwt6V4jKPH9RtiE3a2Akfg5UpafZ1OksaPA==", + "dev": true, + "requires": { + "character-parser": "^2.1.1", + "is-expression": "^3.0.0", + "pug-error": "^1.3.3" + } + }, + "pug-linker": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/pug-linker/-/pug-linker-3.0.6.tgz", + "integrity": "sha512-bagfuHttfQOpANGy1Y6NJ+0mNb7dD2MswFG2ZKj22s8g0wVsojpRlqveEQHmgXXcfROB2RT6oqbPYr9EN2ZWzg==", + "dev": true, + "requires": { + "pug-error": "^1.3.3", + "pug-walk": "^1.1.8" + } + }, + "pug-load": { + "version": "2.0.12", + "resolved": "https://registry.npmjs.org/pug-load/-/pug-load-2.0.12.tgz", + "integrity": "sha512-UqpgGpyyXRYgJs/X60sE6SIf8UBsmcHYKNaOccyVLEuT6OPBIMo6xMPhoJnqtB3Q3BbO4Z3Bjz5qDsUWh4rXsg==", + "dev": true, + "requires": { + "object-assign": "^4.1.0", + "pug-walk": "^1.1.8" + } + }, + "pug-parser": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/pug-parser/-/pug-parser-5.0.1.tgz", + "integrity": "sha512-nGHqK+w07p5/PsPIyzkTQfzlYfuqoiGjaoqHv1LjOv2ZLXmGX1O+4Vcvps+P4LhxZ3drYSljjq4b+Naid126wA==", + "dev": true, + "requires": { + "pug-error": "^1.3.3", + "token-stream": "0.0.1" + } + }, + "pug-runtime": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/pug-runtime/-/pug-runtime-2.0.5.tgz", + "integrity": "sha512-P+rXKn9un4fQY77wtpcuFyvFaBww7/91f3jHa154qU26qFAnOe6SW1CbIDcxiG5lLK9HazYrMCCuDvNgDQNptw==", + "dev": true + }, + "pug-strip-comments": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/pug-strip-comments/-/pug-strip-comments-1.0.4.tgz", + "integrity": "sha512-i5j/9CS4yFhSxHp5iKPHwigaig/VV9g+FgReLJWWHEHbvKsbqL0oP/K5ubuLco6Wu3Kan5p7u7qk8A4oLLh6vw==", + "dev": true, + "requires": { + "pug-error": "^1.3.3" + } + }, + "pug-walk": { + "version": "1.1.8", + "resolved": "https://registry.npmjs.org/pug-walk/-/pug-walk-1.1.8.tgz", + "integrity": "sha512-GMu3M5nUL3fju4/egXwZO0XLi6fW/K3T3VTgFQ14GxNi8btlxgT5qZL//JwZFm/2Fa64J/PNS8AZeys3wiMkVA==", + "dev": true + }, + "qs": { + "version": "6.2.3", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.2.3.tgz", + "integrity": "sha1-HPyyXBCpsrSDBT/zn138kjOQjP4=", + "dev": true + }, + "range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "dev": true + }, + "raw-body": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.1.tgz", + "integrity": "sha512-9WmIKF6mkvA0SLmA2Knm9+qj89e+j1zqgyn8aXGd7+nAduPoqgI9lO57SAZNn/Byzo5P7JhXTyg9PzaJbH73bA==", + "dev": true, + "requires": { + "bytes": "3.1.0", + "http-errors": "1.7.3", + "iconv-lite": "0.4.24", + "unpipe": "1.0.0" + } + }, + "readdirp": { + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.4.0.tgz", + "integrity": "sha512-0xe001vZBnJEK+uKcj8qOhyAKPzIT+gStxWr3LCB0DwcXR5NZJ3IaC+yGnHCYzB/S7ov3m3EEbZI2zeNvX+hGQ==", + "dev": true, + "requires": { + "picomatch": "^2.2.1" + } + }, + "recursive-copy": { + "version": "2.0.10", + "resolved": "https://registry.npmjs.org/recursive-copy/-/recursive-copy-2.0.10.tgz", + "integrity": "sha512-S9J9XJUnfZ2NUS3lK6lx6HWLl2nWui+f7AKuu+qoFs4ikEPYgZ3qKk1T6tmBnr7PzhtKnawE+6TREy9XQKmxCA==", + "dev": true, + "requires": { + "del": "^2.2.0", + "emitter-mixin": "0.0.3", + "errno": "^0.1.2", + "graceful-fs": "^4.1.4", + "junk": "^1.0.1", + "maximatch": "^0.1.0", + "mkdirp": "^0.5.1", + "pify": "^2.3.0", + "promise": "^7.0.1", + "slash": "^1.0.0" + }, + "dependencies": { + "mkdirp": { + "version": "0.5.5", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz", + "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==", + "dev": true, + "requires": { + "minimist": "^1.2.5" + } + } + } + }, + "regenerator-runtime": { + "version": "0.11.1", + "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.11.1.tgz", + "integrity": "sha512-MguG95oij0fC3QV3URf4V2SDYGJhJnJGqvIIgdECeODCT98wSWDAJ94SSuVpYQUoTcGUIL6L4yNB7j1DFFHSBg==", + "dev": true + }, + "repeat-string": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", + "integrity": "sha1-jcrkcOHIirwtYA//Sndihtp15jc=", + "dev": true + }, + "require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=", + "dev": true + }, + "require-main-filename": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz", + "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==", + "dev": true + }, + "requires-port": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", + "integrity": "sha1-kl0mAdOaxIXgkc8NpcbmlNw9yv8=", + "dev": true + }, + "resolve": { + "version": "1.17.0", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.17.0.tgz", + "integrity": "sha512-ic+7JYiV8Vi2yzQGFWOkiZD5Z9z7O2Zhm9XMaTxdJExKasieFCr+yXZ/WmXsckHiKl12ar0y6XiXDx3m4RHn1w==", + "dev": true, + "requires": { + "path-parse": "^1.0.6" + } + }, + "resp-modifier": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/resp-modifier/-/resp-modifier-6.0.2.tgz", + "integrity": "sha1-sSTeXE+6/LpUH0j/pzlw9KpFa08=", + "dev": true, + "requires": { + "debug": "^2.2.0", + "minimatch": "^3.0.2" + }, + "dependencies": { + "debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "dev": true, + "requires": { + "ms": "2.0.0" + } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true + } + } + }, + "reusify": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", + "dev": true + }, + "right-align": { + "version": "0.1.3", + "resolved": "https://registry.npmjs.org/right-align/-/right-align-0.1.3.tgz", + "integrity": "sha1-YTObci/mo1FWiSENJOFMlhSGE+8=", + "dev": true, + "requires": { + "align-text": "^0.1.1" + } + }, + "rimraf": { + "version": "2.7.1", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz", + "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==", + "dev": true, + "requires": { + "glob": "^7.1.3" + } + }, + "run-parallel": { + "version": "1.1.9", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.1.9.tgz", + "integrity": "sha512-DEqnSRTDw/Tc3FXf49zedI638Z9onwUotBMiUFKmrO2sdFKIbXamXGQ3Axd4qgphxKB4kw/qP1w5kTxnfU1B9Q==", + "dev": true + }, + "rx": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/rx/-/rx-4.1.0.tgz", + "integrity": "sha1-pfE/957zt0D+MKqAP7CfmIBdR4I=", + "dev": true + }, + "rxjs": { + "version": "5.5.12", + "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-5.5.12.tgz", + "integrity": "sha512-xx2itnL5sBbqeeiVgNPVuQQ1nC8Jp2WfNJhXWHmElW9YmrpS9UVnNzhP3EH3HFqexO5Tlp8GhYY+WEcqcVMvGw==", + "dev": true, + "requires": { + "symbol-observable": "1.0.1" + } + }, + "safe-buffer": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", + "dev": true + }, + "safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", + "dev": true + }, + "section-matter": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/section-matter/-/section-matter-1.0.0.tgz", + "integrity": "sha512-vfD3pmTzGpufjScBh50YHKzEu2lxBWhVEHsNGoEXmCmn2hKGfeNLYMzCJpe8cD7gqX7TJluOVpBkAequ6dgMmA==", + "dev": true, + "requires": { + "extend-shallow": "^2.0.1", + "kind-of": "^6.0.0" + } + }, + "semver": { + "version": "7.3.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.2.tgz", + "integrity": "sha512-OrOb32TeeambH6UrhtShmF7CRDqhL6/5XpPNp2DuRH6+9QLw/orhp72j87v8Qa1ScDkvrrBNpZcDejAirJmfXQ==", + "dev": true + }, + "semver-compare": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/semver-compare/-/semver-compare-1.0.0.tgz", + "integrity": "sha1-De4hahyUGrN+nvsXiPavxf9VN/w=", + "dev": true + }, + "send": { + "version": "0.16.2", + "resolved": "https://registry.npmjs.org/send/-/send-0.16.2.tgz", + "integrity": "sha512-E64YFPUssFHEFBvpbbjr44NCLtI1AohxQ8ZSiJjQLskAdKuriYEP6VyGEsRDH8ScozGpkaX1BGvhanqCwkcEZw==", + "dev": true, + "requires": { + "debug": "2.6.9", + "depd": "~1.1.2", + "destroy": "~1.0.4", + "encodeurl": "~1.0.2", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "fresh": "0.5.2", + "http-errors": "~1.6.2", + "mime": "1.4.1", + "ms": "2.0.0", + "on-finished": "~2.3.0", + "range-parser": "~1.2.0", + "statuses": "~1.4.0" + }, + "dependencies": { + "debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "dev": true, + "requires": { + "ms": "2.0.0" + } + }, + "http-errors": { + "version": "1.6.3", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz", + "integrity": "sha1-i1VoC7S+KDoLW/TqLjhYC+HZMg0=", + "dev": true, + "requires": { + "depd": "~1.1.2", + "inherits": "2.0.3", + "setprototypeof": "1.1.0", + "statuses": ">= 1.4.0 < 2" + } + }, + "inherits": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", + "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=", + "dev": true + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true + }, + "setprototypeof": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz", + "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ==", + "dev": true + }, + "statuses": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.4.0.tgz", + "integrity": "sha512-zhSCtt8v2NDrRlPQpCNtw/heZLtfUDqxBM1udqikb/Hbk52LK4nQSwr10u77iopCW5LsyHpuXS0GnEc48mLeew==", + "dev": true + } + } + }, + "serve-index": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/serve-index/-/serve-index-1.9.1.tgz", + "integrity": "sha1-03aNabHn2C5c4FD/9bRTvqEqkjk=", + "dev": true, + "requires": { + "accepts": "~1.3.4", + "batch": "0.6.1", + "debug": "2.6.9", + "escape-html": "~1.0.3", + "http-errors": "~1.6.2", + "mime-types": "~2.1.17", + "parseurl": "~1.3.2" + }, + "dependencies": { + "debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "dev": true, + "requires": { + "ms": "2.0.0" + } + }, + "http-errors": { + "version": "1.6.3", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz", + "integrity": "sha1-i1VoC7S+KDoLW/TqLjhYC+HZMg0=", + "dev": true, + "requires": { + "depd": "~1.1.2", + "inherits": "2.0.3", + "setprototypeof": "1.1.0", + "statuses": ">= 1.4.0 < 2" + } + }, + "inherits": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", + "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=", + "dev": true + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true + }, + "setprototypeof": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz", + "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ==", + "dev": true + }, + "statuses": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", + "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=", + "dev": true + } + } + }, + "serve-static": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.13.2.tgz", + "integrity": "sha512-p/tdJrO4U387R9oMjb1oj7qSMaMfmOyd4j9hOFoxZe2baQszgHcSWjuya/CiT5kgZZKRudHNOA0pYXOl8rQ5nw==", + "dev": true, + "requires": { + "encodeurl": "~1.0.2", + "escape-html": "~1.0.3", + "parseurl": "~1.3.2", + "send": "0.16.2" + } + }, + "server-destroy": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/server-destroy/-/server-destroy-1.0.1.tgz", + "integrity": "sha1-8Tv5KOQrnD55OD5hzDmYtdFObN0=", + "dev": true + }, + "set-blocking": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", + "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc=", + "dev": true + }, + "setprototypeof": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz", + "integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw==", + "dev": true + }, + "sigmund": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/sigmund/-/sigmund-1.0.1.tgz", + "integrity": "sha1-P/IfGYytIXX587eBhT/ZTQ0ZtZA=", + "dev": true + }, + "slash": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-1.0.0.tgz", + "integrity": "sha1-xB8vbDn8FtHNF61LXYlhFK5HDVU=", + "dev": true + }, + "slugify": { + "version": "1.4.5", + "resolved": "https://registry.npmjs.org/slugify/-/slugify-1.4.5.tgz", + "integrity": "sha512-WpECLAgYaxHoEAJ8Q1Lo8HOs1ngn7LN7QjXgOLbmmfkcWvosyk4ZTXkTzKyhngK640USTZUlgoQJfED1kz5fnQ==", + "dev": true + }, + "socket.io": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-2.1.1.tgz", + "integrity": "sha512-rORqq9c+7W0DAK3cleWNSyfv/qKXV99hV4tZe+gGLfBECw3XEhBy7x85F3wypA9688LKjtwO9pX9L33/xQI8yA==", + "dev": true, + "requires": { + "debug": "~3.1.0", + "engine.io": "~3.2.0", + "has-binary2": "~1.0.2", + "socket.io-adapter": "~1.1.0", + "socket.io-client": "2.1.1", + "socket.io-parser": "~3.2.0" + }, + "dependencies": { + "debug": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", + "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==", + "dev": true, + "requires": { + "ms": "2.0.0" + } + }, + "engine.io-client": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/engine.io-client/-/engine.io-client-3.2.1.tgz", + "integrity": "sha512-y5AbkytWeM4jQr7m/koQLc5AxpRKC1hEVUb/s1FUAWEJq5AzJJ4NLvzuKPuxtDi5Mq755WuDvZ6Iv2rXj4PTzw==", + "dev": true, + "requires": { + "component-emitter": "1.2.1", + "component-inherit": "0.0.3", + "debug": "~3.1.0", + "engine.io-parser": "~2.1.1", + "has-cors": "1.1.0", + "indexof": "0.0.1", + "parseqs": "0.0.5", + "parseuri": "0.0.5", + "ws": "~3.3.1", + "xmlhttprequest-ssl": "~1.5.4", + "yeast": "0.1.2" + } + }, + "engine.io-parser": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-2.1.3.tgz", + "integrity": "sha512-6HXPre2O4Houl7c4g7Ic/XzPnHBvaEmN90vtRO9uLmwtRqQmTOw0QMevL1TOfL2Cpu1VzsaTmMotQgMdkzGkVA==", + "dev": true, + "requires": { + "after": "0.8.2", + "arraybuffer.slice": "~0.0.7", + "base64-arraybuffer": "0.1.5", + "blob": "0.0.5", + "has-binary2": "~1.0.2" + } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true + }, + "socket.io-client": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/socket.io-client/-/socket.io-client-2.1.1.tgz", + "integrity": "sha512-jxnFyhAuFxYfjqIgduQlhzqTcOEQSn+OHKVfAxWaNWa7ecP7xSNk2Dx/3UEsDcY7NcFafxvNvKPmmO7HTwTxGQ==", + "dev": true, + "requires": { + "backo2": "1.0.2", + "base64-arraybuffer": "0.1.5", + "component-bind": "1.0.0", + "component-emitter": "1.2.1", + "debug": "~3.1.0", + "engine.io-client": "~3.2.0", + "has-binary2": "~1.0.2", + "has-cors": "1.1.0", + "indexof": "0.0.1", + "object-component": "0.0.3", + "parseqs": "0.0.5", + "parseuri": "0.0.5", + "socket.io-parser": "~3.2.0", + "to-array": "0.1.4" + } + }, + "socket.io-parser": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-3.2.0.tgz", + "integrity": "sha512-FYiBx7rc/KORMJlgsXysflWx/RIvtqZbyGLlHZvjfmPTPeuD/I8MaW7cfFrj5tRltICJdgwflhfZ3NVVbVLFQA==", + "dev": true, + "requires": { + "component-emitter": "1.2.1", + "debug": "~3.1.0", + "isarray": "2.0.1" + } + }, + "ws": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/ws/-/ws-3.3.3.tgz", + "integrity": "sha512-nnWLa/NwZSt4KQJu51MYlCcSQ5g7INpOrOMt4XV8j4dqTXdmlUmSHQ8/oLC069ckre0fRsgfvsKwbTdtKLCDkA==", + "dev": true, + "requires": { + "async-limiter": "~1.0.0", + "safe-buffer": "~5.1.0", + "ultron": "~1.1.0" + } + } + } + }, + "socket.io-adapter": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-1.1.2.tgz", + "integrity": "sha512-WzZRUj1kUjrTIrUKpZLEzFZ1OLj5FwLlAFQs9kuZJzJi5DKdU7FsWc36SNmA8iDOtwBQyT8FkrriRM8vXLYz8g==", + "dev": true + }, + "socket.io-client": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/socket.io-client/-/socket.io-client-2.3.0.tgz", + "integrity": "sha512-cEQQf24gET3rfhxZ2jJ5xzAOo/xhZwK+mOqtGRg5IowZsMgwvHwnf/mCRapAAkadhM26y+iydgwsXGObBB5ZdA==", + "dev": true, + "requires": { + "backo2": "1.0.2", + "base64-arraybuffer": "0.1.5", + "component-bind": "1.0.0", + "component-emitter": "1.2.1", + "debug": "~4.1.0", + "engine.io-client": "~3.4.0", + "has-binary2": "~1.0.2", + "has-cors": "1.1.0", + "indexof": "0.0.1", + "object-component": "0.0.3", + "parseqs": "0.0.5", + "parseuri": "0.0.5", + "socket.io-parser": "~3.3.0", + "to-array": "0.1.4" + } + }, + "socket.io-parser": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-3.3.0.tgz", + "integrity": "sha512-hczmV6bDgdaEbVqhAeVMM/jfUfzuEZHsQg6eOmLgJht6G3mPKMxYm75w2+qhAQZ+4X+1+ATZ+QFKeOZD5riHng==", + "dev": true, + "requires": { + "component-emitter": "1.2.1", + "debug": "~3.1.0", + "isarray": "2.0.1" + }, + "dependencies": { + "debug": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", + "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==", + "dev": true, + "requires": { + "ms": "2.0.0" + } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true + } + } + }, + "source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true + }, + "sprintf-js": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=", + "dev": true + }, + "statuses": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz", + "integrity": "sha1-+vUbnrdKrvOzrPStX2Gr8ky3uT4=", + "dev": true + }, + "stream-throttle": { + "version": "0.1.3", + "resolved": "https://registry.npmjs.org/stream-throttle/-/stream-throttle-0.1.3.tgz", + "integrity": "sha1-rdV8jXzHOoFjDTHNVdOWHPr7qcM=", + "dev": true, + "requires": { + "commander": "^2.2.0", + "limiter": "^1.0.5" + } + }, + "string-width": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz", + "integrity": "sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w==", + "dev": true, + "requires": { + "emoji-regex": "^7.0.1", + "is-fullwidth-code-point": "^2.0.0", + "strip-ansi": "^5.1.0" + }, + "dependencies": { + "ansi-regex": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz", + "integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==", + "dev": true + }, + "strip-ansi": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", + "integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==", + "dev": true, + "requires": { + "ansi-regex": "^4.1.0" + } + } + } + }, + "strip-ansi": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=", + "dev": true, + "requires": { + "ansi-regex": "^2.0.0" + } + }, + "strip-bom-string": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/strip-bom-string/-/strip-bom-string-1.0.0.tgz", + "integrity": "sha1-5SEekiQ2n7uB1jOi8ABE3IztrZI=", + "dev": true + }, + "supports-color": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", + "integrity": "sha1-U10EXOa2Nj+kARcIRimZXp3zJMc=", + "dev": true + }, + "symbol-observable": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/symbol-observable/-/symbol-observable-1.0.1.tgz", + "integrity": "sha1-g0D8RwLDEi310iKI+IKD9RPT/dQ=", + "dev": true + }, + "text-table": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=", + "dev": true + }, + "tfunk": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/tfunk/-/tfunk-3.1.0.tgz", + "integrity": "sha1-OORBT8ZJd9h6/apy+sttKfgve1s=", + "dev": true, + "requires": { + "chalk": "^1.1.1", + "object-path": "^0.9.0" + }, + "dependencies": { + "chalk": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", + "integrity": "sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=", + "dev": true, + "requires": { + "ansi-styles": "^2.2.1", + "escape-string-regexp": "^1.0.2", + "has-ansi": "^2.0.0", + "strip-ansi": "^3.0.0", + "supports-color": "^2.0.0" + } + } + } + }, + "time-require": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/time-require/-/time-require-0.1.2.tgz", + "integrity": "sha1-+eEss3D8JgXhFARYK6VO9corLZg=", + "dev": true, + "requires": { + "chalk": "^0.4.0", + "date-time": "^0.1.1", + "pretty-ms": "^0.2.1", + "text-table": "^0.2.0" + }, + "dependencies": { + "ansi-styles": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-1.0.0.tgz", + "integrity": "sha1-yxAt8cVvUSPquLZ817mAJ6AnkXg=", + "dev": true + }, + "chalk": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-0.4.0.tgz", + "integrity": "sha1-UZmj3c0MHv4jvAjBsCewYXbgxk8=", + "dev": true, + "requires": { + "ansi-styles": "~1.0.0", + "has-color": "~0.1.0", + "strip-ansi": "~0.1.0" + } + }, + "strip-ansi": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-0.1.1.tgz", + "integrity": "sha1-OeipjQRNFQZgq+SmgIrPcLt7yZE=", + "dev": true + } + } + }, + "to-array": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/to-array/-/to-array-0.1.4.tgz", + "integrity": "sha1-F+bBH3PdTz10zaek/zI46a2b+JA=", + "dev": true + }, + "to-fast-properties": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-1.0.3.tgz", + "integrity": "sha1-uDVx+k2MJbguIxsG46MFXeTKGkc=", + "dev": true + }, + "to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "requires": { + "is-number": "^7.0.0" + } + }, + "toidentifier": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz", + "integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==", + "dev": true + }, + "token-stream": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/token-stream/-/token-stream-0.0.1.tgz", + "integrity": "sha1-zu78cXp2xDFvEm0LnbqlXX598Bo=", + "dev": true + }, + "ua-parser-js": { + "version": "0.7.21", + "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.21.tgz", + "integrity": "sha512-+O8/qh/Qj8CgC6eYBVBykMrNtp5Gebn4dlGD/kKXVkJNDwyrAwSIqwz8CDf+tsAIWVycKcku6gIXJ0qwx/ZXaQ==", + "dev": true + }, + "uc.micro": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz", + "integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==", + "dev": true + }, + "uglify-js": { + "version": "3.10.1", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.10.1.tgz", + "integrity": "sha512-RjxApKkrPJB6kjJxQS3iZlf///REXWYxYJxO/MpmlQzVkDWVI3PSnCBWezMecmTU/TRkNxrl8bmsfFQCp+LO+Q==", + "dev": true, + "optional": true + }, + "uglify-to-browserify": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/uglify-to-browserify/-/uglify-to-browserify-1.0.2.tgz", + "integrity": "sha1-bgkk1r2mta/jSeOabWMoUKD4grc=", + "dev": true, + "optional": true + }, + "ultron": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ultron/-/ultron-1.1.1.tgz", + "integrity": "sha512-UIEXBNeYmKptWH6z8ZnqTeS8fV74zG0/eRU9VGkpzz+LIJNs8W/zM/L+7ctCkRrgbNnnR0xxw4bKOr0cW0N0Og==", + "dev": true + }, + "unc-path-regex": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/unc-path-regex/-/unc-path-regex-0.1.2.tgz", + "integrity": "sha1-5z3T17DXxe2G+6xrCufYxqadUPo=", + "dev": true + }, + "universalify": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==", + "dev": true + }, + "unpipe": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw=", + "dev": true + }, + "utils-merge": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=", + "dev": true + }, + "valid-url": { + "version": "1.0.9", + "resolved": "https://registry.npmjs.org/valid-url/-/valid-url-1.0.9.tgz", + "integrity": "sha1-HBRHm0DxOXp1eC8RXkCGRHQzogA=", + "dev": true + }, + "void-elements": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/void-elements/-/void-elements-2.0.1.tgz", + "integrity": "sha1-wGavtYK7HLQSjWDqkjkulNXp2+w=", + "dev": true + }, + "which-module": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz", + "integrity": "sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=", + "dev": true + }, + "window-size": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/window-size/-/window-size-0.1.0.tgz", + "integrity": "sha1-VDjNLqk7IC76Ohn+iIeu58lPnJ0=", + "dev": true + }, + "with": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/with/-/with-5.1.1.tgz", + "integrity": "sha1-+k2qktrzLE6pTtRTyB8EaGtXXf4=", + "dev": true, + "requires": { + "acorn": "^3.1.0", + "acorn-globals": "^3.0.0" + } + }, + "wordwrap": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "integrity": "sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus=", + "dev": true + }, + "wrap-ansi": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-5.1.0.tgz", + "integrity": "sha512-QC1/iN/2/RPVJ5jYK8BGttj5z83LmSKmvbvrXPNCLZSEb32KKVDJDl/MOt2N01qU2H/FkzEa9PKto1BqDjtd7Q==", + "dev": true, + "requires": { + "ansi-styles": "^3.2.0", + "string-width": "^3.0.0", + "strip-ansi": "^5.0.0" + }, + "dependencies": { + "ansi-regex": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz", + "integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==", + "dev": true + }, + "ansi-styles": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", + "dev": true, + "requires": { + "color-convert": "^1.9.0" + } + }, + "strip-ansi": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", + "integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==", + "dev": true, + "requires": { + "ansi-regex": "^4.1.0" + } + } + } + }, + "wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", + "dev": true + }, + "ws": { + "version": "6.1.4", + "resolved": "https://registry.npmjs.org/ws/-/ws-6.1.4.tgz", + "integrity": "sha512-eqZfL+NE/YQc1/ZynhojeV8q+H050oR8AZ2uIev7RU10svA9ZnJUddHcOUZTJLinZ9yEfdA2kSATS2qZK5fhJA==", + "dev": true, + "requires": { + "async-limiter": "~1.0.0" + } + }, + "xmlhttprequest-ssl": { + "version": "1.5.5", + "resolved": "https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.5.tgz", + "integrity": "sha1-wodrBhaKrcQOV9l+gRkayPQ5iz4=", + "dev": true + }, + "y18n": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz", + "integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==", + "dev": true + }, + "yallist": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz", + "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=", + "dev": true + }, + "yargs": { + "version": "15.4.1", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz", + "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==", + "dev": true, + "requires": { + "cliui": "^6.0.0", + "decamelize": "^1.2.0", + "find-up": "^4.1.0", + "get-caller-file": "^2.0.1", + "require-directory": "^2.1.1", + "require-main-filename": "^2.0.0", + "set-blocking": "^2.0.0", + "string-width": "^4.2.0", + "which-module": "^2.0.0", + "y18n": "^4.0.0", + "yargs-parser": "^18.1.2" + }, + "dependencies": { + "ansi-regex": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz", + "integrity": "sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg==", + "dev": true + }, + "ansi-styles": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.2.1.tgz", + "integrity": "sha512-9VGjrMsG1vePxcSweQsN20KY/c4zN0h9fLjqAbwbPfahM3t+NL+M9HC8xeXG2I8pX5NoamTGNuomEUFI7fcUjA==", + "dev": true, + "requires": { + "@types/color-name": "^1.1.1", + "color-convert": "^2.0.1" + } + }, + "cliui": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz", + "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==", + "dev": true, + "requires": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^6.2.0" + } + }, + "color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "requires": { + "color-name": "~1.1.4" + } + }, + "color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true + }, + "emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true + }, + "find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "requires": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + } + }, + "is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true + }, + "locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "requires": { + "p-locate": "^4.1.0" + } + }, + "p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "requires": { + "p-limit": "^2.2.0" + } + }, + "path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dev": true + }, + "string-width": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.0.tgz", + "integrity": "sha512-zUz5JD+tgqtuDjMhwIg5uFVV3dtqZ9yQJlZVfq4I01/K5Paj5UHj7VyrQOJvzawSVlKpObApbfD0Ed6yJc+1eg==", + "dev": true, + "requires": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.0" + } + }, + "strip-ansi": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz", + "integrity": "sha512-AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w==", + "dev": true, + "requires": { + "ansi-regex": "^5.0.0" + } + }, + "wrap-ansi": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", + "dev": true, + "requires": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + } + }, + "yargs-parser": { + "version": "18.1.3", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz", + "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==", + "dev": true, + "requires": { + "camelcase": "^5.0.0", + "decamelize": "^1.2.0" + } + } + } + }, + "yargs-parser": { + "version": "13.1.2", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz", + "integrity": "sha512-3lbsNRf/j+A4QuSZfDRA7HRSfWrzO0YjqTJd5kjAq37Zep1CEgaYmrH9Q3GwPiB9cHyd1Y1UwggGhJGoxipbzg==", + "dev": true, + "requires": { + "camelcase": "^5.0.0", + "decamelize": "^1.2.0" + } + }, + "yeast": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/yeast/-/yeast-0.1.2.tgz", + "integrity": "sha1-AI4G2AlDIMNy28L47XagymyKxBk=", + "dev": true + } + } + } + \ No newline at end of file diff --git a/package.json b/package.json new file mode 100644 index 00000000..57119dfe --- /dev/null +++ b/package.json @@ -0,0 +1,30 @@ +{ + "name": "coursebook", + "version": "1.0.0", + "description": "Our open source web development curriculum", + "main": "index.js", + "scripts": { + "dev": "eleventy --serve --quiet", + "build": "ELEVENTY_ENV=production eleventy" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/crowdstrike/falconpy.git" + }, + "keywords": [], + "author": "Oliver Phillips (https://oliverjam.es)", + "license": "MIT", + "bugs": { + "url": "https://github.com/crowdstrike/falconpy/issues" + }, + "homepage": "https://github.com/crowdstrike/falconpy#readme", + "devDependencies": { + "@11ty/eleventy": "^0.11.0", + "@sindresorhus/slugify": "^1.1.0", + "markdown-it": "^11.0.0", + "markdown-it-anchor": "^5.3.0", + "markdown-it-task-lists": "^2.1.1", + "markdown-it-title": "^3.0.0" + } + } + \ No newline at end of file