diff --git a/unsupported/crowdstrike-falcon/1.0.0/Dockerfile b/unsupported/crowdstrike-falcon/1.0.0/Dockerfile new file mode 100644 index 00000000..740fee62 --- /dev/null +++ b/unsupported/crowdstrike-falcon/1.0.0/Dockerfile @@ -0,0 +1,26 @@ +# Base our app image off of the WALKOFF App SDK image +FROM frikky/shuffle:app_sdk as base + +# We're going to stage away all of the bloat from the build tools so lets create a builder stage +FROM base as builder + +# Install all alpine build tools needed for our pip installs +RUN apk --no-cache add --update alpine-sdk libffi libffi-dev musl-dev openssl-dev + +# Install all of our pip packages in a single directory that we can copy to our base image later +RUN mkdir /install +WORKDIR /install +COPY requirements.txt /requirements.txt +RUN pip install --prefix="/install" -r /requirements.txt + +# Switch back to our base image and copy in all of our built packages and source code +FROM base +COPY --from=builder /install /usr/local +COPY src /app + +# Install any binary dependencies needed in our final image - this can be a lot of different stuff +RUN apk --no-cache add --update libmagic + +# Finally, lets run our app! +WORKDIR /app +CMD python app.py --log-level DEBUG diff --git a/unsupported/crowdstrike-falcon/1.0.0/api.yaml b/unsupported/crowdstrike-falcon/1.0.0/api.yaml new file mode 100755 index 00000000..c6738a17 --- /dev/null +++ b/unsupported/crowdstrike-falcon/1.0.0/api.yaml @@ -0,0 +1,17996 @@ +name: Crowdstrike Falcon +is_valid: true +id: "" +link: https://api.crowdstrike.com +app_version: 1.0.0 +sharing_config: "" +generated: true +downloaded: false +sharing: false +verified: false +invalid: false +activated: true +tested: false +hash: "" +private_id: "" +description: Each API endpoint requires authorization via an OAuth2 token. Your first API request + should retrieve an OAuth2 token using the `oauth2/token` endpoint, such as `https://api.crowdstrike.com/oauth2/token`. Any action should be preceeded by a `get oauth2 access token` action titled `auth` that feeds the access token into it. Tokens expire after 30 minutes, after which you should make a new token request + to continue making API requests. +environment: Shuffle +contact_info: + name: "test" + url: "test" +referenceinfo: + documentationurl: "" + githuburl: "" +foldermount: + foldermount: false + sourcefolder: "" + destinationfolder: "" +actions: +- description: "" + name: generate_oauth2_access_token + label: OAuth2 - Generate an OAuth2 access token + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Accept: application/json + Content-Type: application/x-www-form-urlencoded + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_detect_aggregates + label: Detects - Get detect aggregates + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: view_information_about_detections + label: Detects - View information about detections + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "ids": "${ids}" + } + value: |- + { + "ids": "${ids}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: modify_detections + label: Detects - Modify the state assignee and visibility of detections + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "assigned_to_uuid": "${assigned_to_uuid}", + "comment": "${comment}", + "ids": "${ids}", + "show_in_ui": "${show_in_ui}", + "status": "${status}" + } + value: |- + { + "assigned_to_uuid": "${assigned_to_uuid}", + "comment": "${comment}", + "ids": "${ids}", + "show_in_ui": "${show_in_ui}", + "status": "${status}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_detection_ids + label: Detects - Search for detection IDs that match a given query + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The first detection to return, where `0` is the latest detection. + Use with the `limit` parameter to manage pagination of results. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'The maximum number of detections to return in this response (default: + 9999; max: 9999). Use with the `offset` parameter to manage pagination of results.' + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Sort detections using these options: + + - `first_behavior`: Timestamp of the first behavior associated with this detection + - `last_behavior`: Timestamp of the last behavior associated with this detection + - `max_severity`: Highest severity of the behaviors associated with this detection + - `max_confidence`: Highest confidence of the behaviors associated with this detection + - `adversary_id`: ID of the adversary associated with this detection, if any + - `devices.hostname`: Hostname of the host where this detection was detected + + Sort either `asc` (ascending) or `desc` (descending). For example: `last_behavior|asc` + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: "Filter detections using a query in Falcon Query Language (FQL) An + asterisk wildcard `*` includes all results. \n\nCommon filter options include:\n\n- + `status`\n- `device.device_id`\n- `max_severity`\n\nThe full list of valid filter + options is extensive. Review it in our [documentation inside the Falcon console](https://falcon.crowdstrike.com/support/documentation/2/query-api-reference#detections_fql)." + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Search all detection metadata for the provided string + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_set_of_host_groups + label: Host Group - Retrieve a set of Host Groups by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the Host Groups to return + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_set_of_host_groups + label: Host Group - Delete a set of Host Groups by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the Host Groups to delete + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_host_groups + label: Host Group - Create Host Groups by specifying details about the group to create + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_host_groups + label: Host Group - Update Host Groups by specifying the ID of the group and details to update + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_host_groups + label: Host Group - Search for Host Groups in your environment by providing an FQL filter and + paging details Returns a set of Host Groups which match the filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_host_group_ids + label: Host Group - Search for Host Groups in your environment by providing an FQL filter and + paging details Returns a set of Host Group IDs which match the filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_host_group_members + label: Host Group - Search for members of a Host Group in your environment by providing an FQL + filter and paging details Returns a set of host details which match the filter + criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ID of the Host Group to search for members of + name: id + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: perform_action_on_host_group + label: Host Group - Perform the specified action on the Host Groups specified in the request + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The action to perform + name: action_name + example: "" + multiline: false + options: + - add-hosts + - remove-hosts + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ID of the host group to change + name: host_group_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The hostnames to change + name: hostnames + example: "" + multiline: true + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_host_group_member_ids + label: Host Group - Search for members of a Host Group in your environment by providing an FQL + filter and paging details Returns a set of Agent IDs which match the filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ID of the Host Group to search for members of + name: id + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_hidden_hosts + label: Hosts - Retrieve hidden hosts that match the provided filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by (e.g. status.desc or hostname.asc) + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_hosts + label: Hosts - Search for hosts in your environment by platform hostname IP and other criteria + with continuous pagination capability based on offset pointer which expires after + 2 minutes with no maximum limit + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to page from, for the next result set + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by (e.g. status.desc or hostname.asc) + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: modify_host_tags + label: Hosts - Append or remove one or more Falcon Grouping Tags on one or more hosts + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "action": "${action}", + "device_ids": "${device_ids}", + "tags": "${tags}" + } + value: |- + { + "action": "${action}", + "device_ids": "${device_ids}", + "tags": "${tags}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_details_on_hosts + label: Hosts - Get details on one or more hosts by providing agent IDs AID You can get a + hosts agent IDs AIDs from the devicesqueriesdevicesv1 endpoint the Falcon console + or the Streaming API + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The host agentIDs used to get details on + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: take_action_on_hosts + label: Hosts - Take various actions on the hosts in your environment Contain or lift containment + on a host Delete or restore a host + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: |- + Specify one of these actions: + + - `contain` - This action contains the host, which stops any network communications to locations other than the CrowdStrike cloud and IPs specified in your [containment policy](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#containmentpolicy) + - `lift_containment`: This action lifts containment on the host, which returns its network communications to normal + - `hide_host`: This action will delete a host. After the host is deleted, no new detections for that host will be reported via UI or APIs + - `unhide_host`: This action will restore a host. Detection reporting will resume after the host is restored + name: action_name + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "action_parameters": "${action_parameters}", + "ids": "${ids}" + } + value: |- + { + "action_parameters": "${action_parameters}", + "ids": "${ids}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_hosts + label: Hosts - Search for hosts in your environment by platform hostname IP and other criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by (e.g. status.desc or hostname.asc) + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: download_analysis_artifacts + label: FalconX Sandbox - Download IOC packs PCAP files and other analysis artifacts + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: ID of an artifact, such as an IOC pack, PCAP file, or actor image. + Find an artifact ID in a report or summary. + name: id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: gzip + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The name given to your downloaded file. + name: name + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_sandbox_reports + label: FalconX Sandbox - Find sandbox reports by providing an FQL filter and paging details Returns + a set of report IDs that match your criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Optional filter and sort criteria in the form of an FQL query. For + more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving reports from. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Maximum number of report IDs to return. Max: 5000.' + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Sort order: `asc` or `desc`.' + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_a_full_sandbox_report + label: FalconX Sandbox - Get a full sandbox report + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: ID of a report. Find a report ID from the response when submitting + a malware sample or search with `/falconx/queries/reports/v1`. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_report + label: FalconX Sandbox - Delete report based on the report ID Operation can be checked for success + by polling for the report ID on the reportsummaries endpoint + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: ID of a report. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_list_of_samples + label: FalconX Sandbox - retrieve a list with sha256 of samples that exist and customer has rights + to access them maximum number of accepted items is 200 + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "sha256s": "${sha256s}" + } + value: |- + { + "sha256s": "${sha256s}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: check_status_of_sandbox_analysis + label: FalconX Sandbox - Check the status of a sandbox analysis Time required for analysis varies + but is usually less than 15 minutes + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: ID of a submitted malware sample. Find a submission ID from the response + when submitting a malware sample or search with `/falconx/queries/submissions/v1`. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: submit_upload_for_sandbox_analysis + label: FalconX Sandbox - Submit an uploaded file or a URL for sandbox analysis Time required for analysis + varies but is usually less than 15 minutes + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_a_short_summary_version_of_a_sandbox_report + label: FalconX Sandbox - Get a short summary version of a sandbox report + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: ID of a summary. Find a summary ID from the response when submitting + a malware sample or search with `/falconx/queries/reports/v1`. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: find_submission_ids_for_uploaded_files + label: FalconX Sandbox - Find submission IDs for uploaded files by providing an FQL filter and paging + details Returns a set of submission IDs that match your criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Optional filter and sort criteria in the form of an FQL query. For + more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving submissions from. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Maximum number of submission IDs to return. Max: 5000.' + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Sort order: `asc` or `desc`.' + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_the_file_associated_with_the_given_id_sha256 + label: FalconX Sandbox - retrieve the file associated with the given ID SHA256 + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The file SHA256. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Flag whether the sample should be zipped and password protected with + pass='infected' + name: password_protected + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_sample_from_the_collection + label: FalconX Sandbox - Removes a sample including file meta and submissions from the collection + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The file SHA256. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: upload_for_sandbox_analysis + label: FalconX Sandbox - Upload a file for sandbox analysis After uploading use falconxentitiessubmissionsv1 + to start analyzing the file + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Name of the file. + name: file_name + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: A descriptive comment to identify the file for other users. + name: comment + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: "Defines visibility of this file in Falcon MalQuery, either via the + API or the Falcon console.\n\n- `true`: File is only shown to users within your + customer account\n- `false`: File can be seen by other CrowdStrike customers + \n\nDefault: `true`." + name: is_confidential + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_behaviors + label: Incidents - Search for behaviors by providing an FQL filter sorting and paging details + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Optional filter and sort criteria in the form of an FQL query. For + more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return ids. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-500] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort on, followed by a dot (.), followed by the sort + direction, either "asc" or "desc". + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_incidents + label: Incidents - Search for incidents by providing an FQL filter sorting and paging details + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort on, followed by a dot (.), followed by the sort + direction, either "asc" or "desc". + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Optional filter and sort criteria in the form of an FQL query. For + more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return ids. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-500] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: query_crowdscore + label: Incidents - Query environment wide CrowdScore and return the entity data + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Optional filter and sort criteria in the form of an FQL query. For + more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return ids. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-2500] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort on, followed by a dot (.), followed by the sort + direction, either "asc" or "desc". + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: perform_actions_on_incidents + label: Incidents - Perform a set of actions on one or more incidents such as adding tags or + comments or updating the incident name or description + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "action_parameters": "${action_parameters}", + "ids": "${ids}" + } + value: |- + { + "action_parameters": "${action_parameters}", + "ids": "${ids}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_details_on_behaviors + label: Incidents - Get details on behaviors by providing behavior IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "ids": "${ids}" + } + value: |- + { + "ids": "${ids}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_details_on_incidents + label: Incidents - Get details on incidents by providing incident IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "ids": "${ids}" + } + value: |- + { + "ids": "${ids}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_combined_for_indicators + label: IOCs - Get Combined for Indicators + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from. Offset and After params + are mutually exclusive. If none provided then scrolling will be used by default. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The sort expression that should be used to sort the results. + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_indicators_by_ids + label: IOCs - Get Indicators by ids + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The ids of the Indicators to retrieve + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_indicators_by_ids + label: IOCs - Delete Indicators by ids + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The FQL expression to delete Indicators in bulk. If both 'filter' + and 'ids' are provided, then filter takes precedence and ignores ids. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ids of the Indicators to delete. If both 'filter' and 'ids' are + provided, then filter takes precedence and ignores ids + name: ids + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The comment why these indicators were deleted + name: comment + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_indicators + label: IOCs - Create Indicators + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Whether to submit to retrodetects + name: retrodetects + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set to true to ignore warnings and add all IOCs + name: ignore_warnings + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "comment": "${comment}", + "indicators": "${indicators}" + } + value: |- + { + "comment": "${comment}", + "indicators": "${indicators}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_indicators + label: IOCs - Update Indicators + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Whether to submit to retrodetects + name: retrodetects + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set to true to ignore warnings and add all IOCs + name: ignore_warnings + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "bulk_update": "${bulk_update}", + "comment": "${comment}", + "indicators": "${indicators}" + } + value: |- + { + "bulk_update": "${bulk_update}", + "comment": "${comment}", + "indicators": "${indicators}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_number_of_hosts_that_have_observed_a_given_custom_ioc + label: IOCs - Number of hosts in your customer account that have observed a given custom + IOC + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: |2 + + The type of the indicator. Valid types include: + + sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. + + md5: A hex-encoded md5 hash string. Length - min 32, max: 32. + + domain: A domain name. Length - min: 1, max: 200. + + ipv4: An IPv4 address. Must be a valid IP address. + + ipv6: An IPv6 address. Must be a valid IP address. + name: type + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The string representation of the indicator + name: value + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_process_details + label: IOCs - For the provided ProcessID retrieve the process details + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: ProcessID for the running process you want to lookup + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_hosts_that_have_observed_a_given_custom_ioc + label: IOCs - Find hosts that have observed a given custom IOC For details about those + hosts use GET devicesentitiesdevicesv1 + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: |2 + + The type of the indicator. Valid types include: + + sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. + + md5: A hex-encoded md5 hash string. Length - min 32, max: 32. + + domain: A domain name. Length - min: 1, max: 200. + + ipv4: An IPv4 address. Must be a valid IP address. + + ipv6: An IPv6 address. Must be a valid IP address. + name: type + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The string representation of the indicator + name: value + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The first process to return, where 0 is the latest offset. Use with + the offset parameter to manage pagination of results. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The first process to return, where 0 is the latest offset. Use with + the limit parameter to manage pagination of results. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_processes_associated_with_a_custom_ioc + label: IOCs - Search for processes associated with a custom IOC + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: |2 + + The type of the indicator. Valid types include: + + sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. + + md5: A hex-encoded md5 hash string. Length - min 32, max: 32. + + domain: A domain name. Length - min: 1, max: 200. + + ipv4: An IPv4 address. Must be a valid IP address. + + ipv6: An IPv6 address. Must be a valid IP address. + name: type + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The string representation of the indicator + name: value + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Specify a host's ID to return only processes from that host. Get + a host's ID from GET /devices/queries/devices/v1, the Falcon console, or the + Streaming API. + name: device_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The first process to return, where 0 is the latest offset. Use with + the offset parameter to manage pagination of results. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The first process to return, where 0 is the latest offset. Use with + the limit parameter to manage pagination of results. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_indicators + label: IOCs - Search for Indicators + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from. Offset and After params + are mutually exclusive. If none provided then scrolling will be used by default. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The sort expression that should be used to sort the results. + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_info_about_indicators + label: Intel - Get info about indicators that match provided FQL filters + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set the starting row number to return indicators from. Defaults to + 0. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set the number of indicators to return. The number must be between + 1 and 50000 + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Order fields in ascending or descending order. + + Ex: published_date|asc. + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Filter your query by specifying FQL filter parameters. Filter parameters include: + + _marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Perform a generic substring search across all fields. + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: If true, include both published and deleted indicators in the response. + Defaults to false. + name: include_deleted + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: download_earlier_rule_sets + label: Intel - Download earlier rule sets + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The ID of the rule set. + name: id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Choose the format you want the rule set in. Valid formats are zip + and gzip. Defaults to zip. + name: format + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_report_ids + label: Intel - Get report IDs that match provided FQL filters + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set the starting row number to return report IDs from. Defaults to + 0. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set the number of report IDs to return. The value must be between + 1 and 5000. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Order fields in ascending or descending order. + + Ex: created_date|asc. + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Filter your query by specifying FQL filter parameters. Filter parameters include: + + actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Perform a generic substring search across all fields. + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_rule_ids + label: Intel - Search for rule IDs that match provided filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: |- + The rule news report type. Accepted values: + + snort-suricata-master + + snort-suricata-update + + snort-suricata-changelog + + yara-master + + yara-update + + yara-changelog + + common-event-format + + netwitness + name: type + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set the starting row number to return reports from. Defaults to 0. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The number of rule IDs to return. Defaults to 10. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Order fields in ascending or descending order. + + Ex: created_date|asc. + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Search by rule title. + name: name + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Substring match on description field. + name: description + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Search for rule tags. + name: tags + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Filter results to those created on or after a certain date. + name: min_created_date + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Filter results to those created on or before a certain date. + name: max_created_date + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Perform a generic substring search across all fields. + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_info_about_reports + label: Intel - Get info about reports that match provided FQL filters + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set the starting row number to return reports from. Defaults to 0. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set the number of reports to return. The value must be between 1 + and 5000. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Order fields in ascending or descending order. Ex: created_date|asc.' + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Filter your query by specifying FQL filter parameters. Filter parameters include: + + actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Perform a generic substring search across all fields. + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: + + \_\_\\_\_. + + Ex: slug \_\_full\_\_. + + Defaults to \_\_basic\_\_. + name: fields + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_indicators_ids + label: Intel - Get indicators IDs that match provided FQL filters + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set the starting row number to return indicator IDs from. Defaults + to 0. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set the number of indicator IDs to return. The number must be between + 1 and 50000 + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Order fields in ascending or descending order. + + Ex: published_date|asc. + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Filter your query by specifying FQL filter parameters. Filter parameters include: + + _marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Perform a generic substring search across all fields. + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: If true, include both published and deleted indicators in the response. + Defaults to false. + name: include_deleted + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_specific_actors_using_their_actor_ids + label: Intel - Retrieve specific actors using their actor IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "ids": "${ids}" + } + value: |- + { + "ids": "${ids}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_specific_indicators_using_their_indicator_ids + label: Intel - Retrieve specific indicators using their indicator IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "ids": "${ids}" + } + value: |- + { + "ids": "${ids}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_info_about_actors + label: Intel - Get info about actors that match provided FQL filters + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set the starting row number to return actors from. Defaults to 0. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set the number of actors to return. The value must be between 1 and + 5000. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Order fields in ascending or descending order. + + Ex: created_date|asc. + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Filter your query by specifying FQL filter parameters. Filter parameters include: + + actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Perform a generic substring search across all fields. + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: + + \_\_\\_\_. + + Ex: slug \_\_full\_\_. + + Defaults to \_\_basic\_\_. + name: fields + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_a_report_pdf_attachment + label: Intel - Return a Report PDF attachment + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The ID of the report you want to download as a PDF. + name: id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: download_the_latest_rule_set + label: Intel - Download the latest rule set + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: |- + The rule news report type. Accepted values: + + snort-suricata-master + + snort-suricata-update + + snort-suricata-changelog + + yara-master + + yara-update + + yara-changelog + + common-event-format + + netwitness + name: type + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Choose the format you want the rule set in. Valid formats are zip + and gzip. Defaults to zip. + name: format + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_details_for_rule_sets_for_ids + label: Intel - Retrieve details for rule sets for the specified ids + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The ids of rules to return. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_actor_ids + label: Intel - Get actor IDs that match provided FQL filters + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set the starting row number to return actors IDs from. Defaults to + 0. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Set the number of actor IDs to return. The value must be between + 1 and 5000. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Order fields in ascending or descending order. + + Ex: created_date|asc. + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Filter your query by specifying FQL filter parameters. Filter parameters include: + + actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Perform a generic substring search across all fields. + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_specific_reports_using_their_report_ids + label: Intel - Retrieve specific reports using their report IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the reports you want to retrieve. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: + + \_\_\\_\_. + + Ex: slug \_\_full\_\_. + + Defaults to \_\_basic\_\_. + name: fields + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_rules_by_id + label: Custom IOA - Get rules by ID + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the entities + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_rules_from_a_rule_group_by_id + label: Custom IOA - Delete rules from a rule group by ID + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The parent rule group + name: rule_group_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The IDs of the entities + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Explains why the entity is being deleted + name: comment + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_a_rule_within_a_rule_group + label: Custom IOA - Create a rule within a rule group + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "comment": "${comment}", + "description": "${description}", + "disposition_id": "${disposition_id}", + "field_values": "${field_values}", + "name": "${name}", + "pattern_severity": "${pattern_severity}", + "rulegroup_id": "${rulegroup_id}", + "ruletype_id": "${ruletype_id}" + } + value: |- + { + "comment": "${comment}", + "description": "${description}", + "disposition_id": "${disposition_id}", + "field_values": "${field_values}", + "name": "${name}", + "pattern_severity": "${pattern_severity}", + "rulegroup_id": "${rulegroup_id}", + "ruletype_id": "${ruletype_id}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_rules_within_a_rule_group + label: Custom IOA - Update rules within a rule group + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "comment": "${comment}", + "rule_updates": "${rule_updates}", + "rulegroup_id": "${rulegroup_id}", + "rulegroup_version": "${rulegroup_version}" + } + value: |- + { + "comment": "${comment}", + "rule_updates": "${rule_updates}", + "rulegroup_id": "${rulegroup_id}", + "rulegroup_version": "${rulegroup_version}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_rule_types_by_id + label: Custom IOA - Get rule types by ID + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the entities + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_all_platform_ids + label: Custom IOA - Get all platform IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return IDs + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Number of IDs to return + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: find_all_rule_ids + label: Custom IOA - Finds all rule IDs matching the query with optional filter + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Possible order by fields: {rules.ruletype_name, rules.enabled, rules.created_by, + rules.current_version.name, rules.current_version.modified_by, rules.created_on, + rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, + rules.current_version.modified_on}' + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'FQL query specifying the filter parameters. Filter term criteria: + [enabled platform name description rules.action_label rules.name rules.description + rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: + created_on, modified_on; use any common date format, such as ''2010-05-15T14:55:21.892315096Z''.' + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Match query criteria, which includes all the filter string fields + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return IDs + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Number of IDs to return + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: find_all_rule_group_ids + label: Custom IOA - Finds all rule group IDs matching the query with optional filter + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Possible order by fields: {created_by, created_on, modified_by, + modified_on, enabled, name, description}' + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'FQL query specifying the filter parameters. Filter term criteria: + [enabled platform name description rules.action_label rules.name rules.description + rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: + created_on, modified_on; use any common date format, such as ''2010-05-15T14:55:21.892315096Z''.' + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Match query criteria, which includes all the filter string fields + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return IDs + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Number of IDs to return + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_rule_groups_by_id + label: Custom IOA - Get rule groups by ID + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the entities + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_rule_groups_by_id + label: Custom IOA - Delete rule groups by ID + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the entities + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Explains why the entity is being deleted + name: comment + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_a_rule_group + label: Custom IOA - Create a rule group for a platform with a name and an optional description + Returns the rule group + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "comment": "${comment}", + "description": "${description}", + "name": "${name}", + "platform": "${platform}" + } + value: |- + { + "comment": "${comment}", + "description": "${description}", + "name": "${name}", + "platform": "${platform}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_a_rule_group + label: Custom IOA - Update a rule group The following properties can be modified name description + enabled + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "comment": "${comment}", + "description": "${description}", + "enabled": "${enabled}", + "id": "${id}", + "name": "${name}", + "rulegroup_version": "${rulegroup_version}" + } + value: |- + { + "comment": "${comment}", + "description": "${description}", + "enabled": "${enabled}", + "id": "${id}", + "name": "${name}", + "rulegroup_version": "${rulegroup_version}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_all_rule_type_ids + label: Custom IOA - Get all rule type IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return IDs + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Number of IDs to return + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_all_pattern_severity_ids + label: Custom IOA - Get all pattern severity IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return IDs + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Number of IDs to return + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: validates_field_values_and_checks_for_string_matches + label: Custom IOA - Validates field values and checks for matches if a test string is provided + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "fields": "${fields}" + } + value: |- + { + "fields": "${fields}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_rules_by_id + label: Custom IOA - Get rules by ID and optionally version in the following format IDversion + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "ids": "${ids}" + } + value: |- + { + "ids": "${ids}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: find_all_rule_groups + label: Custom IOA - Find all rule groups matching the query with optional filter + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Possible order by fields: {created_by, created_on, modified_by, + modified_on, enabled, name, description}' + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'FQL query specifying the filter parameters. Filter term criteria: + [enabled platform name description rules.action_label rules.name rules.description + rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: + created_on, modified_on; use any common date format, such as ''2010-05-15T14:55:21.892315096Z''.' + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Match query criteria, which includes all the filter string fields + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return IDs + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Number of IDs to return + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_platforms_by_id + label: Custom IOA - Get platforms by ID + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the entities + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_pattern_severities_by_id + label: Custom IOA - Get pattern severities by ID + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the entities + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_a_zipped_sample + label: Malquery - Fetch a zip archive with password infected containing the samples Call this + once the entitiessamplesmultidownload request has finished processing + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Multidownload job id + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: schedule_samples_for_download + label: Malquery - Schedule samples for download Use the result id with the request endpoint + to check if the download is ready after which you can call the entitiessamplesfetch + to get the zip + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "samples": "${samples}" + } + value: |- + { + "samples": "${samples}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_falcon_malquery + label: Malquery - Search Falcon MalQuery for a combination of hex patterns and strings in order + to identify samples based upon file content at byte level granularity You can + filter results on criteria such as file type file size and first seen date Returns + a request id which can be used with the request endpoint + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "options": "${options}", + "patterns": "${patterns}" + } + value: |- + { + "options": "${options}", + "patterns": "${patterns}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_information_about_search_and_download_quotas + label: Malquery - Get information about search and download quotas in your environment + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_indexed_files_metadata_by_their_hash + label: Malquery - Retrieve indexed files metadata by their hash + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The file SHA256. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: schedule_a_yara_based_search_for_execution + label: Malquery - Schedule a YARAbased search for execution Returns a request id which can + be used with the request endpoint + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "options": "${options}", + "yara_rule": "${yara_rule}" + } + value: |- + { + "options": "${options}", + "yara_rule": "${yara_rule}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: check_the_status_and_results_of_an_asynchronous_request + label: Malquery - Check the status and results of an asynchronous request such as hunt or exactsearch + Supports a single request id at this time + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Identifier of a MalQuery request + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: download_a_file_indexed_by_malquery + label: Malquery - Download a file indexed by MalQuery Specify the file using its SHA256 Only + one file is supported at this time + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The file SHA256. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: revoke_oauth2_access_token + label: OAuth2 - Revoke a previously issued OAuth2 access token before the end of its standard + 30minute lifespan + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Accept-Encoding: application/json + Content-Type: application/x-www-form-urlencoded + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_device_control_policy_ids + label: Device Control Policies - Search for Device Control Policies in your environment by providing an FQL + filter and paging details Returns a set of Device Control Policy IDs which match + the filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_device_control_policy_members + label: Device Control Policies - Search for members of a Device Control Policy in your environment by providing + an FQL filter and paging details Returns a set of host details which match the + filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ID of the Device Control Policy to search for members of + name: id + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_device_control_policies + label: Device Control Policies - Search for Device Control Policies in your environment by providing an FQL + filter and paging details Returns a set of Device Control Policies which match + the filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_device_control_policy_member_ids + label: Device Control Policies - Search for members of a Device Control Policy in your environment by providing + an FQL filter and paging details Returns a set of Agent IDs which match the filter + criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ID of the Device Control Policy to search for members of + name: id + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: set_precedence_of_device_control_policies + label: Device Control Policies - Sets the precedence of Device Control Policies based on the order of IDs + specified in the request The first ID specified will have the highest precedence + and the last ID specified will have the lowest You must specify all nonDefault + Policies for a platform when updating precedence + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: perform_action_on_the_device_control_policies + label: Device Control Policies - Perform the specified action on the Device Control Policies specified in + the request + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The action to perform + name: action_name + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_a_set_of_device_control_policies + label: Device Control Policies - Retrieve a set of Device Control Policies by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the Device Control Policies to return + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_a_set_of_device_control_policies + label: Device Control Policies - Delete a set of Device Control Policies by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the Device Control Policies to delete + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_device_control_policies + label: Device Control Policies - Create Device Control Policies by specifying details about the policy to + create + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_device_control_policies + label: Device Control Policies - Update Device Control Policies by specifying the ID of the policy and details + to update + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_firewall_policies + label: Firewall Policies - Search for Firewall Policies in your environment by providing an FQL filter + and paging details Returns a set of Firewall Policy IDs which match the filter + criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: set_precedence_of_firewall_policies + label: Firewall Policies - Sets the precedence of Firewall Policies based on the order of IDs specified + in the request The first ID specified will have the highest precedence and the + last ID specified will have the lowest You must specify all nonDefault Policies + for a platform when updating precedence + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: perform_action_on_the_firewall_policies + label: Firewall Policies - Perform the specified action on the Firewall Policies specified in the request + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The action to perform + name: action_name + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_firewall_policy_member_ids + label: Firewall Policies - Search for members of a Firewall Policy in your environment by providing + an FQL filter and paging details Returns a set of Agent IDs which match the filter + criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ID of the Firewall Policy to search for members of + name: id + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_firewall_policies + label: Firewall Policies - Search for Firewall Policies in your environment by providing an FQL filter + and paging details Returns a set of Firewall Policies which match the filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_a_set_of_firewall_policies + label: Firewall Policies - Retrieve a set of Firewall Policies by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the Firewall Policies to return + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_a_set_of_firewall_policies + label: Firewall Policies - Delete a set of Firewall Policies by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the Firewall Policies to delete + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_firewall_policies + label: Firewall Policies - Create Firewall Policies by specifying details about the policy to create + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The policy ID to be cloned from + name: clone_id + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_firewall_policies + label: Firewall Policies - Update Firewall Policies by specifying the ID of the policy and details to + update + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_firewall_policy_members + label: Firewall Policies - Search for members of a Firewall Policy in your environment by providing + an FQL filter and paging details Returns a set of host details which match the + filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ID of the Firewall Policy to search for members of + name: id + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_prevention_policy_members + label: Prevention Policies - Search for members of a Prevention Policy + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ID of the Prevention Policy to search for members of + name: id + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_prevention_policy_ids + label: Prevention Policies - Search for Prevention Policies in your environment by providing an FQL filter + and paging details Returns a set of Prevention Policy IDs which match the filter + criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_prevention_policies + label: Prevention Policies - Search for Prevention Policies in your environment by providing an FQL filter + and paging details Returns a set of Prevention Policies which match the filter + criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: set_precedence_of_prevention_policies + label: Prevention Policies - Sets the precedence of Prevention Policies based on the order of IDs specified + in the request The first ID specified will have the highest precedence and the + last ID specified will have the lowest You must specify all nonDefault Policies + for a platform when updating precedence + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_a_set_of_prevention_policies + label: Prevention Policies - Retrieve a set of Prevention Policies by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the Prevention Policies to return + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_a_set_of_prevention_policies + label: Prevention Policies - Delete a set of Prevention Policies by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the Prevention Policies to delete + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_prevention_policies + label: Prevention Policies - Create Prevention Policies by specifying details about the policy to create + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_prevention_policies + label: Prevention Policies - Update Prevention Policies by specifying the ID of the policy and details + to update + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_prevention_policy_member_ids + label: Prevention Policies - Search for members of a Prevention Policy in your environment by providing + an FQL filter and paging details Returns a set of Agent IDs which match the filter + criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ID of the Prevention Policy to search for members of + name: id + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: perform_action_on_the_prevention_policies + label: Prevention Policies - Perform the specified action on the Prevention Policies specified in the + request + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The action to perform + name: action_name + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: set_precedence_of_response_policies + label: Response Policies - Sets the precedence of Response Policies based on the order of IDs specified + in the request The first ID specified will have the highest precedence and the + last ID specified will have the lowest You must specify all nonDefault Policies + for a platform when updating precedence + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_response_policy_members + label: Response Policies - Search for members of a Response policy in your environment by providing + an FQL filter and paging details Returns a set of host details which match the + filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ID of the Response policy to search for members of + name: id + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_response_policy_member_ids + label: Response Policies - Search for members of a Response policy in your environment by providing + an FQL filter and paging details Returns a set of Agent IDs which match the filter + criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ID of the Response policy to search for members of + name: id + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: perform_action_on_the_response_policies + label: Response Policies - Perform the specified action on the Response Policies specified in the request + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The action to perform + name: action_name + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_a_set_of_response_policies + label: Response Policies - Retrieve a set of Response Policies by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the RTR Policies to return + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_a_set_of_response_policies + label: Response Policies - Delete a set of Response Policies by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the Response Policies to delete + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_response_policies + label: Response Policies - Create Response Policies by specifying details about the policy to create + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_response_policies + label: Response Policies - Update Response Policies by specifying the ID of the policy and details to + update + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_response_policy_ids + label: Response Policies - Search for Response Policies in your environment by providing an FQL filter + with sort andor paging details This returns a set of Response Policy IDs that + match the given criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to determine the results. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset of the first record to retrieve from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum number of records to return [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort results by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_response_policies + label: Response Policies - Search for Response Policies in your environment by providing an FQL filter + and paging details Returns a set of Response Policies which match the filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_sensor_update_policies + label: Sensor Update Policies - Search for Sensor Update Policies in your environment by providing an FQL + filter and paging details Returns a set of Sensor Update Policies which match + the filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_sensor_update_policy_member_ids + label: Sensor Update Policies - Search for members of a Sensor Update Policy in your environment by providing + an FQL filter and paging details Returns a set of Agent IDs which match the filter + criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ID of the Sensor Update Policy to search for members of + name: id + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: perform_action_on_the_sensor_update_policies + label: Sensor Update Policies - Perform the specified action on the Sensor Update Policies specified in the + request + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The action to perform + name: action_name + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_sensor_update_policy_members + label: Sensor Update Policies - Search for members of a Sensor Update Policy in your environment by providing + an FQL filter and paging details Returns a set of host details which match the + filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The ID of the Sensor Update Policy to search for members of + name: id + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_available_builds_for_use_with_sensor_update_policies + label: Sensor Update Policies - Retrieve available builds for use with Sensor Update Policies + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The platform to return builds for + name: platform + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_sensor_update_policy_ids + label: Sensor Update Policies - Search for Sensor Update Policies in your environment by providing an FQL + filter and paging details Returns a set of Sensor Update Policy IDs which match + the filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_sensor_update_policies_with_additional_support_for_uninstall_protection + label: Sensor Update Policies - Search for Sensor Update Policies with additional support for uninstall protection + in your environment by providing an FQL filter and paging details Returns a set + of Sensor Update Policies which match the filter criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-5000] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The property to sort by + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_a_set_of_sensor_update_policies_with_additional_support_for_uninstall_protection + label: Sensor Update Policies - Retrieve a set of Sensor Update Policies with additional support for uninstall + protection by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the Sensor Update Policies to return + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_sensor_update_policies + label: Sensor Update Policies - Create Sensor Update Policies by specifying details about the policy to create + with additional support for uninstall protection + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_sensor_update_policies + label: Sensor Update Policies - Update Sensor Update Policies by specifying the ID of the policy and details + to update with additional support for uninstall protection + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_an_uninstall_token_for_a_specific_device + label: Sensor Update Policies - Reveals an uninstall token for a specific device To retrieve the bulk maintenance + token pass the value MAINTENANCE as the value for device_id + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: set_precedence_of_sensor_update_policies + label: Sensor Update Policies - Sets the precedence of Sensor Update Policies based on the order of IDs specified + in the request The first ID specified will have the highest precedence and the + last ID specified will have the lowest You must specify all nonDefault Policies + for a platform when updating precedence + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_a_set_of_sensor_update_policies + label: Sensor Update Policies - Retrieve a set of Sensor Update Policies by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the Sensor Update Policies to return + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_a_set_of_sensor_update_policies + label: Sensor Update Policies - Delete a set of Sensor Update Policies by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the Sensor Update Policies to delete + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_sensor_update_policies + label: Sensor Update Policies - Create Sensor Update Policies by specifying details about the policy to create + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_sensor_update_policies + label: Sensor Update Policies - Update Sensor Update Policies by specifying the ID of the policy and details + to update + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_a_set_of_ioa_exclusions + label: IOA Exclusions - Get a set of IOA Exclusions by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The ids of the exclusions to retrieve + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_the_ioa_exclusions_by_id + label: IOA Exclusions - Delete the IOA exclusions by id + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The ids of the exclusions to delete + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Explains why this exclusions was deleted + name: comment + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_the_ioa_exclusions + label: IOA Exclusions - Create the IOA exclusions + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_the_ioa_exclusions + label: IOA Exclusions - Update the IOA exclusions + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_ioa_exclusions + label: IOA Exclusions - Search for IOA exclusions + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-500] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The sort expression that should be used to sort the results. + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_ml_exclusions + label: ML Exclusions - Search for ML exclusions + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-500] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The sort expression that should be used to sort the results. + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_a_set_of_ml_exclusions + label: ML Exclusions - Get a set of ML Exclusions by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The ids of the exclusions to retrieve + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_the_ml_exclusions_by_id + label: ML Exclusions - Delete the ML exclusions by id + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The ids of the exclusions to delete + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Explains why this exclusions was deleted + name: comment + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_the_ml_exclusions + label: ML Exclusions - Create the ML exclusions + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_the_ml_exclusions + label: ML Exclusions - Update the ML exclusions + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_a_set_of_sensor_visibility_exclusions + label: Sensor Visibility Exclusions - Get a set of Sensor Visibility Exclusions by specifying their IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The ids of the exclusions to retrieve + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_the_sensor_visibility_exclusions_by_id + label: Sensor Visibility Exclusions - Delete the sensor visibility exclusions by id + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The ids of the exclusions to delete + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Explains why this exclusions was deleted + name: comment + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_the_sensor_visibility_exclusions + label: Sensor Visibility Exclusions - Create the sensor visibility exclusions + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_the_sensor_visibility_exclusions + label: Sensor Visibility Exclusions - Update the sensor visibility exclusions + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: search_for_sensor_visibility_exclusions + label: Sensor Visibility Exclusions - Search for sensor visibility exclusions + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The filter expression that should be used to limit the results. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving records from + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The maximum records to return. [1-500] + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The sort expression that should be used to sort the results. + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_status_of_an_executed_active_responder_command_on_a_single_host + label: Real Time Response - Get status of an executed active_responder command on a single host + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Cloud Request ID of the executed command to query + name: cloud_request_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Sequence ID that we want to retrieve. Command responses are chunked + across sequences + name: sequence_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: execute_an_active_responder_command_on_a_single_host + label: Real Time Response - Execute an active responder command on a single host + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: batch_refresh_a_rtr_session_on_multiple_hosts_rtr_sessions_will_expire_after_10_minutes_unless_refreshed + label: Real Time Response - Batch refresh a RTR session on multiple hosts RTR sessions will expire after + 10 minutes unless refreshed + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Timeout for how long to wait for the request in seconds, default + timeout is 30 seconds. Maximum is 10 minutes. + name: timeout + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Timeout duration for for how long to wait for the request in duration + syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.' + name: timeout_duration + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_queued_session_metadata_by_session_id + label: Real Time Response - Get queued session metadata by session ID + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: refresh_a_session_timeout_on_a_single_host + label: Real Time Response - Refresh a session timeout on a single host + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: batch_initialize_a_rtr_session_on_multiple_hosts__before_any_rtr_commands_can_be_used_an_active_session_is_needed_on_the_host + label: Real Time Response - Batch initialize a RTR session on multiple hosts Before any RTR commands + can be used an active session is needed on the host + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Timeout for how long to wait for the request in seconds, default + timeout is 30 seconds. Maximum is 10 minutes. + name: timeout + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Timeout duration for for how long to wait for the request in duration + syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.' + name: timeout_duration + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_rtr_extracted_file_contents_for_specified_session_and_sha256 + label: Real Time Response - Get RTR extracted file contents for specified session and sha256 + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: RTR Session id + name: session_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Extracted SHA256 (e.g. 'efa256a96af3b556cd3fc9d8b1cf587d72807d7805ced441e8149fc279db422b') + name: sha256 + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Filename to use for the archive name and the file within the archive. + name: filename + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_aggregates_on_session_data + label: Real Time Response - Get aggregates on session data + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_a_session + label: Real Time Response - Delete a session + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: RTR Session id + name: session_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: initialize_a_new_session_with_the_rtr_cloud + label: Real Time Response - Initialize a new session with the RTR cloud + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_a_queued_session_command + label: Real Time Response - Delete a queued session command + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: RTR Session id + name: session_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Cloud Request ID of the executed command to query + name: cloud_request_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_a_list_of_session_ids + label: Real Time Response - Get a list of session_ids + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return ids. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Number of ids to return. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Sort by spec. Ex: ''date_created|asc''.' + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Optional filter criteria in the form of an FQL query. For more information + about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). + "user_id" can accept a special value '@me' which will restrict results to records + with current user's ID. + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_the_status_of_batch_get_command__will_return_successful_files_when_they_are_finished_processing + label: Real Time Response - retrieve the status of the specified batch get command Will return successful + files when they are finished processing + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Batch Get Command Request ID received from `/real-time-response/combined/get-command/v1` + name: batch_get_cmd_req_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Timeout for how long to wait for the request in seconds, default + timeout is 30 seconds. Maximum is 10 minutes. + name: timeout + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Timeout duration for for how long to wait for the request in duration + syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.' + name: timeout_duration + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: batch_executes_get_command_across_hosts_to_retrieve_files_after_this_call_is_made_get_realtimeresponsecombinedbatchgetcommandv1_is_used_to_query_for_the_results + label: Real Time Response - Batch executes get command across hosts to retrieve files After this call + is made GET realtimeresponsecombinedbatchgetcommandv1 is used to query for the + results + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Timeout for how long to wait for the request in seconds, default + timeout is 30 seconds. Maximum is 10 minutes. + name: timeout + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Timeout duration for for how long to wait for the request in duration + syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.' + name: timeout_duration + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: batch_executes_a_rtr_readonly_command + label: Real Time Response - Batch executes a RTR readonly command across the hosts mapped to the given + batch ID + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Timeout for how long to wait for the request in seconds, default + timeout is 30 seconds. Maximum is 10 minutes. + name: timeout + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Timeout duration for for how long to wait for the request in duration + syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.' + name: timeout_duration + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_session_metadata_by_session_id + label: Real Time Response - Get session metadata by session id + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_a_list_of_files_for_rtr_session + label: Real Time Response - Get a list of files for the specified RTR session + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: RTR Session id + name: session_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_a_rtr_session_file + label: Real Time Response - Delete a RTR session file + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: RTR Session file id + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: RTR Session id + name: session_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_status_of_an_executed_command_on_a_single_host + label: Real Time Response - Get status of an executed command on a single host + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Cloud Request ID of the executed command to query + name: cloud_request_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Sequence ID that we want to retrieve. Command responses are chunked + across sequences + name: sequence_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: execute_a_command_on_a_single_host + label: Real Time Response - Execute a command on a single host + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: batch_executes_a_rtr_active_responder_command + label: Real Time Response - Batch executes a RTR active_responder command across the hosts mapped to the + given batch ID + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Timeout for how long to wait for the request in seconds, default + timeout is 30 seconds. Maximum is 10 minutes. + name: timeout + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Timeout duration for for how long to wait for the request in duration + syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.' + name: timeout_duration + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_putfiles_based_on_the_ids_given + label: Real Time Response Admin - Get putfiles based on the IDs given These are used for the RTR put command + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: File IDs + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_a_putfile_based_on_the_ids_given + label: Real Time Response Admin - Delete a putfile based on the ID given Can only delete one file at a time + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: File id + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: upload_a_new_putfile_to_use_for_the_rtr_put_command + label: Real Time Response Admin - Upload a new putfile to use for the RTR put command + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_status_of_an_executed_rtr_administrator_command_on_a_single_host + label: Real Time Response Admin - Get status of an executed RTR administrator command on a single host + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Cloud Request ID of the executed command to query + name: cloud_request_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Sequence ID that we want to retrieve. Command responses are chunked + across sequences + name: sequence_id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: execute_a_rtr_administrator_command_on_a_single_host + label: Real Time Response Admin - Execute a RTR administrator command on a single host + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_a_list_of_putfile_ids + label: Real Time Response Admin - Get a list of putfile IDs that are available to the user for the put command + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Optional filter criteria in the form of an FQL query. For more information + about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return ids. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Number of ids to return. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Sort by spec. Ex: ''created_at|asc''.' + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_a_list_of_custom_script_ids + label: Real Time Response Admin - Get a list of custom_script IDs that are available to the user for the runscript + command + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Optional filter criteria in the form of an FQL query. For more information + about FQL queries, see our [FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return ids. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Number of ids to return. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Sort by spec. Ex: ''created_at|asc''.' + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_custom_scripts_based_on_the_ids_given + label: Real Time Response Admin - Get custom_scripts based on the IDs given These are used for the RTR runscript + command + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: File IDs + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_a_custom_script_based_on_the_id_given + label: Real Time Response Admin - Delete a custom_script based on the ID given Can only delete one script at + a time + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: File id + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: upload_a_new_custom_script_to_use + label: Real Time Response Admin - Upload a new custom_script to use for the RTR runscript command + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: upload_a_new_scripts_to_replace_an_existing_one + label: Real Time Response Admin - Upload a new scripts to replace an existing one + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: batch_executes_a_rtr_administrator_command + label: Real Time Response Admin - Batch executes a RTR administrator command across the hosts mapped to the + given batch ID + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Timeout for how long to wait for the request in seconds, default + timeout is 30 seconds. Maximum is 10 minutes. + name: timeout + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Timeout duration for for how long to wait for the request in duration + syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 10 minutes.' + name: timeout_duration + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_notifications_based_on_ids_notifications + label: Recon - Delete notifications based on IDs Notifications cannot be recovered after + they are deleted + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Notifications IDs. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_notification_status_or_assignee + label: Recon - Update notification status or assignee Accepts bulk requests + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: query_notifications + label: Recon - Query notifications based on provided criteria Use the IDs from this response + to get the notification entities on GET entitiesnotificationsv1 or GET entitiesnotificationsdetailedv1 + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return ids. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Number of ids to return. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Possible order by fields: created_date, updated_date. Ex: ''updated_date|desc''.' + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'FQL query to filter notifications by. Possible filter properties + are: [id cid user_uuid status rule_id rule_name rule_topic rule_priority item_type + created_date updated_date]' + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Free text search across all indexed fields. + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_detailed_notifications_based_on_their_ids + label: Recon - Get detailed notifications based on their IDs These include the raw intelligence + content that generated the matchThis endpoint will return translated notification + content The only target language available is English A single notification can + be translated per request + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Notification IDs. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: preview_rules_notification_count_and_distribution + label: Recon - Preview rules notification count and distribution This will return aggregations + on channel count site + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_notification_aggregates + label: Recon - Get notification aggregates + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_actions_based_on_their_ids + label: Recon - Get actions based on their IDs IDs can be retrieved using the GET queriesactionsv1 + endpoint + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Action IDs. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_an_action_from_a_monitoring_rule_based_on_the_action_id + label: Recon - Delete an action from a monitoring rule based on the action ID + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: ID of the action. + name: id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_actions_for_a_monitoring_rule + label: Recon - Create actions for a monitoring rule Accepts a list of actions that will + be attached to the monitoring rule + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "actions": "${actions}", + "rule_id": "${rule_id}" + } + value: |- + { + "actions": "${actions}", + "rule_id": "${rule_id}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_an_action_for_a_monitoring_rule + label: Recon - Update an action for a monitoring rule + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "frequency": "${frequency}", + "id": "${id}", + "recipients": "${recipients}", + "status": "${status}" + } + value: |- + { + "frequency": "${frequency}", + "id": "${id}", + "recipients": "${recipients}", + "status": "${status}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: query_actions + label: Recon - Query actions based on provided criteria Use the IDs from this response to + get the action entities on GET entitiesactionsv1 + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return IDs. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Number of IDs to return. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Possible order by fields: created_timestamp, updated_timestamp. + Ex: ''updated_timestamp|desc''.' + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'FQL query to filter actions by. Possible filter properties are: + [id cid user_uuid rule_id type frequency recipients status created_timestamp + updated_timestamp]' + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Free text search across all indexed fields + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: query_monitoring_rules + label: Recon - Query monitoring rules based on provided criteria Use the IDs from this response + to fetch the rules on entitiesrulesv1 + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Starting index of overall result set from which to return ids. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Number of ids to return. + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Possible order by fields: created_timestamp, last_updated_timestamp. + Ex: ''last_updated_timestamp|desc''.' + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'FQL query to filter rules by. Possible filter properties are: [id + cid user_uuid topic priority permissions filter status created_timestamp last_updated_timestamp]' + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Free text search across all indexed fields. + name: q + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_notifications_based_on_their_ids + label: Recon - Get notifications based on their IDs IDs can be retrieved using the GET queriesnotificationsv1 + endpoint This endpoint will return translated notification content The only target + language available is English + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Notification IDs. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_detailed_notifications_based_on_their_ids_with_raw_intelligence_content_that_generated_the_match + label: Recon - Get detailed notifications based on their IDs These include the raw intelligence + content that generated the match + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Notification IDs. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_monitoring_rules_rules_by_provided_ids + label: Recon - Get monitoring rules rules by provided IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: IDs of rules. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: delete_monitoring_rules + label: Recon - Delete monitoring rules + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: IDs of rules. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: create_monitoring_rules + label: Recon - Create monitoring rules + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: update_monitoring_rules + label: Recon - Update monitoring rules + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_notifications_based_on_their_ids + label: Recon - Get notifications based on their IDs IDs can be retrieved using the GET queriesnotificationsv1 + endpoint + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Notification IDs. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: upload_a_file_for_further_cloud_analysis + label: Sample Uploads - Upload a file for further cloud analysis After uploading call the specific + analysis API endpoint + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Name of the file. + name: file_name + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: A descriptive comment to identify the file for other users. + name: comment + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: "Defines visibility of this file in Falcon MalQuery, either via the + API or the Falcon console.\n\n- `true`: File is only shown to users within your + customer account\n- `false`: File can be seen by other CrowdStrike customers + \n\nDefault: `true`." + name: is_confidential + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: retrieve_the_file_associated_with_the_given_id_sha256 + label: Sample Uploads - retrieve the file associated with the given ID SHA256 + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The file SHA256. + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Flag whether the sample should be zipped and password protected with + pass='infected' + name: password_protected + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: find_ids_for_submitted_scans + label: Quick Scan - Find IDs for submitted scans by providing an FQL filter and paging details + Returns a set of volume IDs that match your criteria + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Optional filter and sort criteria in the form of an FQL query. For + more information about FQL queries, see [our FQL documentation in Falcon](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide). + name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The offset to start retrieving submissions from. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Maximum number of volume IDs to return. Max: 5000.' + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Sort order: `asc` or `desc`.' + name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_scans_aggregations + label: Quick Scan - Get scans aggregations + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: body + example: |- + { + "date_ranges": "${date_ranges}", + "field": "${field}", + "filter": "${filter}", + "interval": "${interval}", + "min_doc_count": "${min_doc_count}", + "missing": "${missing}", + "name": "${name}", + "q": "${q}", + "ranges": "${ranges}", + "size": "${size}", + "sort": "${sort}", + "sub_aggregates": "${sub_aggregates}", + "time_zone": "${time_zone}", + "type": "${type}" + } + value: |- + { + "date_ranges": "${date_ranges}", + "field": "${field}", + "filter": "${filter}", + "interval": "${interval}", + "min_doc_count": "${min_doc_count}", + "missing": "${missing}", + "name": "${name}", + "q": "${q}", + "ranges": "${ranges}", + "size": "${size}", + "sort": "${sort}", + "sub_aggregates": "${sub_aggregates}", + "time_zone": "${time_zone}", + "type": "${type}" + } + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: check_the_status_of_a_volume_scan + label: Quick Scan - Check the status of a volume scan Time required for analysis increases with + the number of samples in a volume but usually it should take less than 1 minute + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: ID of a submitted scan + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: submit_a_volume_of_files_for_ml_scanning + label: Quick Scan - Submit a volume of files for ml scanning Time required for analysis increases + with the number of samples in a volume but usually it should take less than 1 + minute + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_sensor_installer_ids_by_provided_query + label: Sensor Download - Get sensor installer IDs by provided query + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The first item to return, where 0 is the latest item. Use with the + limit parameter to manage pagination of results. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'The number of items to return in this response (default: 100, max: + 500). Use with the offset parameter to manage pagination of results.' + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Sort items using their properties. Common sort options include: + +
  • version|asc
  • release_date|desc
+ name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. + + Common filter options include: +
  • platform:"windows"
  • version:>"5.2"
+ name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_sensor_installer_details_by_provided_query + label: Sensor Download - Get sensor installer details by provided query + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: The first item to return, where 0 is the latest item. Use with the + limit parameter to manage pagination of results. + name: offset + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'The number of items to return in this response (default: 100, max: + 500). Use with the offset parameter to manage pagination of results.' + name: limit + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Sort items using their properties. Common sort options include: + +
  • version|asc
  • release_date|desc
+ name: sort + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: |- + Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. + + Common filter options include: +
  • platform:"windows"
  • version:>"5.2"
+ name: filter + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_sensor_installer_details_by_provided_sha256_ids + label: Sensor Download - Get sensor installer details by provided SHA256 IDs + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: The IDs of the installers + name: ids + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: download_sensor_installer_by_sha256_id + label: Sensor Download - Download sensor installer by SHA256 ID + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: SHA256 of the installer to download + name: id + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_ccid_to_use_with_sensor_installers + label: Sensor Download - Get CCID to use with sensor installers + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: refresh_an_active_event_stream + label: Event Streams - Refresh an active event stream Use the URL shown in a GET sensorsentitiesdatafeedv2 + response + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: Action name. Allowed value is refresh_active_stream_session. + name: action_name + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Label that identifies your connection. Max: 32 alphanumeric characters + (a-z, A-Z, 0-9).' + name: appId + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Generated by shuffler.io OpenAPI + name: partition + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +- description: "" + name: get_all_event_streams + label: Event Streams - Discover all event streams in your environment + nodetype: action + environment: Shuffle + sharing: false + privateid: "" + publicid: "" + appid: "" + tags: [] + tested: false + parameters: + - description: 'Label that identifies your connection. Max: 32 alphanumeric characters + (a-z, A-Z, 0-9).' + name: appId + example: "" + multiline: false + options: [] + required: true + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit headers + name: headers + example: "" + value: |- + Authorization: Bearer $auth.access_token + Accept-Encoding: application/json + Content-Type: application/json + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: Add or edit queries + name: queries + example: view=basic&redirect=test + multiline: true + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + - description: 'Format for streaming events. Valid values: json, flatjson' + name: format + example: "" + multiline: false + options: [] + required: false + configuration: false + tags: [] + schema: + type: string + skip_multicheck: false + unique_toggled: false + executionvariable: + description: "" + id: "" + name: "" + value: "" + returns: + example: "" + schema: + type: string + authenticationid: "" + example: "" + auth_not_required: false + source_workflow: "" +authentication: + required: true + parameters: + - description: "" + id: "" + name: client_id + example: '******' + value: "" + multiline: false + required: true + in: "" + schema: + type: string + scheme: "" + - description: "" + id: "" + name: client_secret + example: '******' + value: "" + multiline: false + required: true + in: "" + schema: + type: string + scheme: "" + - description: The URL of the app + id: "" + name: url + example: https://api.crowdstrike.com + value: https://api.crowdstrike.com + multiline: false + required: true + in: "" + schema: + type: string + scheme: "" +tags: [] +categories: [] +created: 0 +edited: 0 +lastruntime: 0 +versions: [] +loopversions: [] +owner: b5ee0878-2de4-4182-92af-bf67ec6526f5 +public: false +referenceorg: "" +referenceurl: "" +large_image: data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/4QAiRXhpZgAATU0AKgAAAAgAAQESAAMAAAABAAEAAAAAAAD/4gKgSUNDX1BST0ZJTEUAAQEAAAKQbGNtcwQwAABtbnRyUkdCIFhZWiAAAAAAAAAAAAAAAABhY3NwQVBQTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9tYAAQAAAADTLWxjbXMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtkZXNjAAABCAAAADhjcHJ0AAABQAAAAE53dHB0AAABkAAAABRjaGFkAAABpAAAACxyWFlaAAAB0AAAABRiWFlaAAAB5AAAABRnWFlaAAAB+AAAABRyVFJDAAACDAAAACBnVFJDAAACLAAAACBiVFJDAAACTAAAACBjaHJtAAACbAAAACRtbHVjAAAAAAAAAAEAAAAMZW5VUwAAABwAAAAcAHMAUgBHAEIAIABiAHUAaQBsAHQALQBpAG4AAG1sdWMAAAAAAAAAAQAAAAxlblVTAAAAMgAAABwATgBvACAAYwBvAHAAeQByAGkAZwBoAHQALAAgAHUAcwBlACAAZgByAGUAZQBsAHkAAAAAWFlaIAAAAAAAAPbWAAEAAAAA0y1zZjMyAAAAAAABDEoAAAXj///zKgAAB5sAAP2H///7ov///aMAAAPYAADAlFhZWiAAAAAAAABvlAAAOO4AAAOQWFlaIAAAAAAAACSdAAAPgwAAtr5YWVogAAAAAAAAYqUAALeQAAAY3nBhcmEAAAAAAAMAAAACZmYAAPKnAAANWQAAE9AAAApbcGFyYQAAAAAAAwAAAAJmZgAA8qcAAA1ZAAAT0AAACltwYXJhAAAAAAADAAAAAmZmAADypwAADVkAABPQAAAKW2Nocm0AAAAAAAMAAAAAo9cAAFR7AABMzQAAmZoAACZmAAAPXP/bAEMAAgEBAgEBAgICAgICAgIDBQMDAwMDBgQEAwUHBgcHBwYHBwgJCwkICAoIBwcKDQoKCwwMDAwHCQ4PDQwOCwwMDP/bAEMBAgICAwMDBgMDBgwIBwgMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP/AABEIAGQAZAMBIgACEQEDEQH/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8/T19vf4+fr/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEAAhEDEQA/APiuiiiv5XP9+AooooAKKKKACiiigAooooAKKKKACiiigAooooAVl2MVPVTg+xpK+tvhZ8A9N/4KP/BFYvCJtbH4+eAdPWG60d3SGPx5pUKBIriA8Bb6FAsUgbiVUjkLb2c15f8AAD9msftAy+I/AVvHcaL8XdKlkuNF02//ANGGuNEGW70pxJgxXibA8IIUEpcRvhjGV9SWU1bxdP3ozXuvu/5f8S25d77Xur/n+H8RMvVPELGp0quGklWg9XTi3aNXpejJe8qiVlG7kouM1HxmirGraTdaBq11YX1rc2N9YzPb3NtcRNFNbSoxV43RgGV1YEFSAQQQQDVevMaadmfe06kakVODunqmuoUUUUiwooooAKKKKACiiigAooooA94/YlvPD+v+Jl0C48Sp8M/HyXiaj4J8dGdoLbTtQA2/Y79lBK2k42gTAEwOCSrxyyrX2R8RP+EQ/bJ+Idv4J/aEs5v2c/2rdAMP9m+NYEFvpvido/lt5ZWVhHuPl4SRJAN8SeVMBi2H5f19SfAP/gojZzfDbT/hh8ePCv8Awtr4X2C+VpryTeX4h8KL8ozp93kNsVVA8h2ClVRA6RqUP1GS5rSjT+rYiyT735X/AIraxa6TjqtmmtvwHxN8PswrYpZ5k/NKcb/A4qtTv8TpOfuVac7XqYWranN3lCUJt830X+0J8E7Hx14ws/An7XWnr8MPidcbLTw98aNHhWXQvFaovlqmpjEaOyqF/esYpFTy/M8hFzL80ftYf8EkvjX+yS099qXhmXxR4XjBddf8OhtQsxGBu3yqqiWABcZaVFTJwrt1r66+GOq63F8Er7R/hV4g0v8Aa+/Z8a1A1X4beIR5XjTwvbgbV8hMCbMZVBHJCpUOMwRKf3o9G/4Jm/tn6f8ABfx94Z+H9l4m1TxV8D/H1w2neB9S1jamr+C9VUA/8I9qS5IRmBxCVJRzt8rchcQ/T1crwWNnGOIvFy2ndN9ldr3akb2XOrSTsp2vc/DMu8QOKeGMNUq5OoVadG7qYdqcYWScpKnCdq2EqqKcnh589GUVKWHbUeU/GcHI9c88UV/S/wDtBf8ABNz4I/tQzzXXjL4d+H73U7hzJLqdpE2n6hK5/ie4t2SSTHXDsw9uTn4g/aI/4NntAv4Z7v4W/EDUdKutrPHpviSFbq3d88KLiFUeJB0yY5W4rzMf4fZhRvKg1UXlo/uen4s+84T+mJwfmPLTzenUwc3u2vaU/wDwKC5vm6aR+P8ARXtH7Wv/AAT5+LH7E2oqvjzwvcWul3Evk2utWbi60u7bnAWdeEZgrERyhJCFJ245rxevicRhqtCbpVouMl0asz+n8lz3Ls3wscdldeNalLaUJKUX811XVbrqFFFFYnrBRRRQAUUUUAFKg3MMnbz19KSigHsdZqHh7xb8BfFei6pFJq2gajJGupaJq+n3DRfaI8lRcWlzGRuAYMu6Nsq6uhwyso9L+L/7TuqfFjwxdt4sivPD3xUsZrae61mzhNi/idI33wyX0KhQmoQB90V4gR3iaRH3Mwc85+z/APtdeI/gJp8+itYeH/Gfgm+uPtV74T8T2C6lo88xQp9oSNsNBcBSAJoWR/lUEsqha+2Ph5+3j+xn8dPgdZ/Dn4lfCTxD4Bs4Wmayvra7n1yPw80hBY2d0XN3BGX/AHn2eOEwFslkfc276bLKVCrGVOniFTuvhne1/wDEtF/i0a2s02fg/HOOzXAYmhi8ZkssYqcv42HcXNQum06UmptXWtJc8JaTU4zjFL9C/wDglZ+3hZ/t4fsy2OsXU9qvjbw/s03xPZxlVZbkA7bkIANsVwoLrgbQwlQEmMmvpmvw1+AHwqj/AGWvj9p3iX4G/GrwvcWuqTR2mieIrtmfQ9XWV8ro/iK1XE+nXD7SI5igjm2IUEEoZx+pXw9/ab+Liad9n8Yfs4+NrXVo22PJ4f8AEugahYTAEjzFe4vraRQeCFaPcM45xk/rmR5xUq0FTxafPHRuKck/O8b2v56PeN0f52+K3h7gsBm1TGcP1IrC1W5Rp1JKjUp33hy1XByUXouW8oL3aijJa+gftVTeE7P9nDxzdePLCHVPBljoV5dazaSpvE9tHC0jqB134X5cfMG2kcgV/LeuQi7vvY5r+oq68aX3xF8MXWna78J/E/8AZmqW0lte6dqkujXMdxE6lXiljW9eN0ZSVKksCCQRiviX9rD/AII9/AL4raRfHwz4Z8VfDPx9Mkk9ppmmFNuoyBCSsFvcS/Y7nYg8xorS4iIA5ZT8p8fjLIMRmfJVwzXuJ6O6bvbZ28tE7H6R9GnxcyfgaeLwWdRqNYiUGpQcZwhyqSblFSur83vSjzaJJrQ/E+iup+N3wd139nz4ueIvBPia0ez1zwzfSWN0hRlVyp+WVNwBaORCsiNgBkdWHBFctX4vUpyhJwmrNaNdmf6c4PGUMXh4YrDSUqc0pRktU4tXTXk1qgoooqTpCiiigAooooAKKKKAHJJsPqCMEHow9D7V+9f/AART/br8P/tD/A2HwfN4mvrrxd4ZjSMaPqw3XtvahFA8u5zi8hDBwpZRNEgVJfMKieX8Eq1vBXjzXPhr4hh1jw5rWreH9WtwRFfaZeSWlzED12yRkMM+xr6Dh3Pp5XiPapc0Xo1/l5/gfjnjR4R4Xj3JlgZVPZV6b5qc7XSeiakuzSs7NSWmtrp/0f8A7a/7SXxO/Z68Pw33gP4O3HxLhkgYzXMOvw2S6ZLnA82FlMkiEFSDHnOGDGP5Wb8dP2uf+CqH7VV9421Hw/441G68Altkx8OR+HobOKBTho3Xz43mcZVXR2kbBUMpBGa8j8bftw+JPi5+yTa/CvxpNrPiJdD119d0TVZtWbzIHl3+fFdI6P8AalJkd43LpJE0kg3OjBF8m8S+NtV8Y2mjw6pfXF9HoNgumWHmtuNvbLJJIsQPXarSvgdgQBwAB7fEPFssXb6pUnFWTsmkk+qdkn6O7Xp0/LvB76O+H4fcln+Dw2IlGc488oSnKUVrTnHnqTgr7OKpU5K3xSsnL0H9qP8Aaz179rmfwrqvi63t7jxZ4f0kaNe62h2za5FHK7wSToAF85FkZC45cBSeRXlNFFfFYjEVK9R1arvJ7vvpb+u5/UWUZPg8rwkcDgIKnShflitlduVl2SbdktIqySSSQUUUViekFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAHZf8K9s/wDntd/99L/8TR/wr2z/AOe13/30v/xNFFeh7OPY+P8ArNb+Z/ew/wCFe2f/AD2u/wDvpf8A4mj/AIV7Z/8APa7/AO+l/wDiaKKPZx7B9ZrfzP72H/CvbP8A57Xf/fS//E0f8K9s/wDntd/99L/8TRRR7OPYPrNb+Z/ew/4V7Z/89rv/AL6X/wCJo/4V7Z/89rv/AL6X/wCJooo9nHsH1mt/M/vYf8K9s/8Antd/99L/APE0f8K9s/8Antd/99L/APE0UUezj2D6zW/mf3sP+Fe2f/Pa7/76X/4mj/hXtn/z2u/++l/+Jooo9nHsH1mt/M/vYf8ACvbP/ntd/wDfS/8AxNFFFHs49g+s1v5n97P/2Q== diff --git a/unsupported/crowdstrike-falcon/1.0.0/requirements.txt b/unsupported/crowdstrike-falcon/1.0.0/requirements.txt new file mode 100644 index 00000000..f76ae497 --- /dev/null +++ b/unsupported/crowdstrike-falcon/1.0.0/requirements.txt @@ -0,0 +1 @@ +# No extra requirements needed diff --git a/unsupported/crowdstrike-falcon/1.0.0/src/app.py b/unsupported/crowdstrike-falcon/1.0.0/src/app.py new file mode 100755 index 00000000..376d9ff3 --- /dev/null +++ b/unsupported/crowdstrike-falcon/1.0.0/src/app.py @@ -0,0 +1,3749 @@ +import requests +import asyncio +import json +import urllib3 + +from walkoff_app_sdk.app_base import AppBase + +class Crowdstrike_Falcon(AppBase): + + __version__ = "1.0" + app_name = "Crowdstrike_Falcon" + + + def __init__(self, redis, logger, console_logger=None): + self.verify = False + urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + super().__init__(redis, logger, console_logger) + + + def setup_headers(self, headers): + request_headers={} + + if len(headers) > 0: + for header in headers.split("\n"): + if '=' in header: + headersplit=header.split('=') + request_headers[headersplit[0].strip()] = headersplit[1].strip() + elif ':' in header: + headersplit=header.split(':') + request_headers[headersplit[0].strip()] = headersplit[1].strip() + return request_headers + + + def setup_params(self, queries): + params={} + + if len(queries) > 0: + for query in queries.split("\&"): + if '=' in query: + headersplit=query.split('&') + params[headersplit[0].strip()] = headersplit[1].strip() + + return params + + + def generate_oauth2_access_token(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/oauth2/token" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + body={'client_id': client_id, 'client_secret': client_secret} + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def revoke_oauth2_access_token(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/oauth2/revoke" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + body={'client_id': client_id, 'client_secret': client_secret} + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def download_analysis_artifacts(self, url, client_id, client_secret, id, headers="", queries="", name=""): + params={} + request_headers={} + url=f"{url}/falconx/entities/artifacts/v1?id={id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + + if name: + params["name"] = name + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_detect_aggregates(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/detects/aggregates/detects/GET/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def view_information_about_detections(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/detects/entities/summaries/GET/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def modify_detections(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/detects/entities/detects/v2" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_sandbox_reports(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/falconx/queries/reports/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_rules_by_id(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/ioarules/entities/rules/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_rules_from_a_rule_group_by_id(self, url, client_id, client_secret, rule_group_id, ids, headers="", queries="", comment=""): + params={} + request_headers={} + url=f"{url}/ioarules/entities/rules/v1?rule_group_id={rule_group_id}&ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_a_rule_within_a_rule_group(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/ioarules/entities/rules/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_rules_within_a_rule_group(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/ioarules/entities/rules/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_prevention_policy_members(self, url, client_id, client_secret, headers="", queries="", id="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/combined/prevention-members/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def set_precedence_of_device_control_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/device-control-precedence/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_hidden_hosts(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter=""): + params={} + request_headers={} + url=f"{url}/devices/queries/devices-hidden/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_rule_types_by_id(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/ioarules/entities/rule-types/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_all_platform_ids(self, url, client_id, client_secret, headers="", queries="", offset="", limit=""): + params={} + request_headers={} + url=f"{url}/ioarules/queries/platforms/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_combined_for_indicators(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/iocs/combined/indicator/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def set_precedence_of_response_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/response-precedence/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_a_set_of_sensor_visibility_exclusions(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/sv-exclusions/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_the_sensor_visibility_exclusions_by_id(self, url, client_id, client_secret, ids, headers="", queries="", comment=""): + params={} + request_headers={} + url=f"{url}/policy/entities/sv-exclusions/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_the_sensor_visibility_exclusions(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/sv-exclusions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_the_sensor_visibility_exclusions(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/sv-exclusions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_prevention_policy_ids(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/queries/prevention/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_notifications_based_on_their_ids(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/recon/entities/notifications/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_notifications_based_on_ids_notifications(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/recon/entities/notifications/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_notification_status_or_assignee(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/recon/entities/notifications/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_sensor_installer_ids_by_provided_query(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter=""): + params={} + request_headers={} + url=f"{url}/sensors/queries/installers/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_info_about_indicators(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter="", q="", include_deleted=""): + params={} + request_headers={} + url=f"{url}/intel/combined/indicators/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + if q: + params["q"] = q + if include_deleted: + params["include_deleted"] = include_deleted + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def download_earlier_rule_sets(self, url, client_id, client_secret, id, headers="", queries="", format=""): + params={} + request_headers={"Accept": "undefined"} + url=f"{url}/intel/entities/rules-files/v1?id={id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_report_ids(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter="", q=""): + params={} + request_headers={} + url=f"{url}/intel/queries/reports/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + if q: + params["q"] = q + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_rule_ids(self, url, client_id, client_secret, type, headers="", queries="", offset="", limit="", sort="", name="", description="", tags="", min_created_date="", max_created_date="", q=""): + params={} + request_headers={} + url=f"{url}/intel/queries/rules/v1?type={type}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if name: + params["name"] = name + if description: + params["description"] = description + if tags: + params["tags"] = tags + if min_created_date: + params["min_created_date"] = min_created_date + if max_created_date: + params["max_created_date"] = max_created_date + if q: + params["q"] = q + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_sensor_update_policies(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/combined/sensor-update/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_a_set_of_ioa_exclusions(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/ioa-exclusions/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_the_ioa_exclusions_by_id(self, url, client_id, client_secret, ids, headers="", queries="", comment=""): + params={} + request_headers={} + url=f"{url}/policy/entities/ioa-exclusions/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_the_ioa_exclusions(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/ioa-exclusions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_the_ioa_exclusions(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/ioa-exclusions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_sensor_update_policy_member_ids(self, url, client_id, client_secret, headers="", queries="", id="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/queries/sensor-update-members/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_sensor_visibility_exclusions(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/queries/sv-exclusions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def find_ids_for_submitted_scans(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/scanner/queries/scans/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_sensor_installer_details_by_provided_query(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter=""): + params={} + request_headers={} + url=f"{url}/sensors/combined/installers/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_hosts(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter=""): + params={} + request_headers={} + url=f"{url}/devices/queries/devices-scroll/v1" + + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_info_about_reports(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter="", q="", fields=""): + params={} + request_headers={} + url=f"{url}/intel/combined/reports/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + if q: + params["q"] = q + if fields: + params["fields"] = fields + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_a_zipped_sample(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/malquery/entities/samples-fetch/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def schedule_samples_for_download(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/malquery/entities/samples-multidownload/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def perform_action_on_the_sensor_update_policies(self, url, client_id, client_secret, action_name, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/sensor-update-actions/v1?action_name={action_name}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def query_notifications(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter="", q=""): + params={} + request_headers={} + url=f"{url}/recon/queries/notifications/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + if q: + params["q"] = q + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_prevention_policies(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/combined/prevention/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_status_of_an_executed_active_responder_command_on_a_single_host(self, url, client_id, client_secret, cloud_request_id, sequence_id, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/active-responder-command/v1?cloud_request_id={cloud_request_id}&sequence_id={sequence_id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def execute_an_active_responder_command_on_a_single_host(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/active-responder-command/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def find_all_rule_ids(self, url, client_id, client_secret, headers="", queries="", sort="", filter="", q="", offset="", limit=""): + params={} + request_headers={} + url=f"{url}/ioarules/queries/rules/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if q: + params["q"] = q + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def set_precedence_of_prevention_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/prevention-precedence/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_indicators_ids(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter="", q="", include_deleted=""): + params={} + request_headers={} + url=f"{url}/intel/queries/indicators/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + if q: + params["q"] = q + if include_deleted: + params["include_deleted"] = include_deleted + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_sensor_update_policy_members(self, url, client_id, client_secret, headers="", queries="", id="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/combined/sensor-update-members/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def batch_refresh_a_rtr_session_on_multiple_hosts_rtr_sessions_will_expire_after_10_minutes_unless_refreshed(self, url, client_id, client_secret, headers="", queries="", timeout="", timeout_duration="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/combined/batch-refresh-session/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if timeout_duration: + params["timeout_duration"] = timeout_duration + body = " ".join(body.strip().split()).encode("utf-8") + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_queued_session_metadata_by_session_id(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/queued-sessions/GET/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def perform_action_on_the_device_control_policies(self, url, client_id, client_secret, action_name, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/device-control-actions/v1?action_name={action_name}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_scans_aggregations(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/scanner/aggregates/scans/GET/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_detailed_notifications_based_on_their_ids(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/recon/entities/notifications-detailed-translated/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_specific_indicators_using_their_indicator_ids(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/intel/entities/indicators/GET/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def find_all_rule_group_ids(self, url, client_id, client_secret, headers="", queries="", sort="", filter="", q="", offset="", limit=""): + params={} + request_headers={} + url=f"{url}/ioarules/queries/rule-groups/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if q: + params["q"] = q + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_falcon_malquery(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/malquery/queries/exact-search/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_available_builds_for_use_with_sensor_update_policies(self, url, client_id, client_secret, headers="", queries="", platform=""): + params={} + request_headers={} + url=f"{url}/policy/combined/sensor-update-builds/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_firewall_policies(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/queries/firewall/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_set_of_host_groups(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/devices/entities/host-groups/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_set_of_host_groups(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/devices/entities/host-groups/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_host_groups(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/devices/entities/host-groups/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_host_groups(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/devices/entities/host-groups/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_behaviors(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/incidents/queries/behaviors/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_incidents(self, url, client_id, client_secret, headers="", queries="", sort="", filter="", offset="", limit=""): + params={} + request_headers={} + url=f"{url}/incidents/queries/incidents/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_rule_groups_by_id(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/ioarules/entities/rule-groups/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_rule_groups_by_id(self, url, client_id, client_secret, ids, headers="", queries="", comment=""): + params={} + request_headers={} + url=f"{url}/ioarules/entities/rule-groups/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_a_rule_group(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/ioarules/entities/rule-groups/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_a_rule_group(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/ioarules/entities/rule-groups/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_all_rule_type_ids(self, url, client_id, client_secret, headers="", queries="", offset="", limit=""): + params={} + request_headers={} + url=f"{url}/ioarules/queries/rule-types/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_information_about_search_and_download_quotas(self, url, client_id, client_secret, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/malquery/aggregates/quotas/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def refresh_a_session_timeout_on_a_single_host(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/refresh-session/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def query_crowdscore(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/incidents/combined/crowdscores/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def perform_actions_on_incidents(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/incidents/entities/incident-actions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_info_about_actors(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter="", q="", fields=""): + params={} + request_headers={} + url=f"{url}/intel/combined/actors/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + if q: + params["q"] = q + if fields: + params["fields"] = fields + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_response_policy_members(self, url, client_id, client_secret, headers="", queries="", id="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/combined/response-members/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def batch_initialize_a_rtr_session_on_multiple_hosts__before_any_rtr_commands_can_be_used_an_active_session_is_needed_on_the_host(self, url, client_id, client_secret, headers="", queries="", timeout="", timeout_duration="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/combined/batch-init-session/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if timeout_duration: + params["timeout_duration"] = timeout_duration + body = " ".join(body.strip().split()).encode("utf-8") + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_rtr_extracted_file_contents_for_specified_session_and_sha256(self, url, client_id, client_secret, session_id, sha256, headers="", queries="", filename=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/extracted-file-contents/v1?session_id={session_id}&sha256={sha256}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_host_groups(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/devices/combined/host-groups/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_all_pattern_severity_ids(self, url, client_id, client_secret, headers="", queries="", offset="", limit=""): + params={} + request_headers={} + url=f"{url}/ioarules/queries/pattern-severities/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_indicators_by_ids(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/iocs/entities/indicators/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_indicators_by_ids(self, url, client_id, client_secret, headers="", queries="", filter="", ids="", comment=""): + params={} + request_headers={} + url=f"{url}/iocs/entities/indicators/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if ids: + params["ids"] = ids + if comment: + params["comment"] = comment + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_indicators(self, url, client_id, client_secret, headers="", queries="", retrodetects="", ignore_warnings="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/jsonX-CS-USERNAME"} + url=f"{url}/iocs/entities/indicators/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if ignore_warnings: + params["ignore_warnings"] = ignore_warnings + body = " ".join(body.strip().split()).encode("utf-8") + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_indicators(self, url, client_id, client_secret, headers="", queries="", retrodetects="", ignore_warnings="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/jsonX-CS-USERNAME"} + url=f"{url}/iocs/entities/indicators/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if ignore_warnings: + params["ignore_warnings"] = ignore_warnings + body = " ".join(body.strip().split()).encode("utf-8") + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_a_set_of_device_control_policies(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/device-control/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_a_set_of_device_control_policies(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/device-control/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_device_control_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/device-control/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_device_control_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/device-control/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_ioa_exclusions(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/queries/ioa-exclusions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_aggregates_on_session_data(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/aggregates/sessions/GET/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_a_session(self, url, client_id, client_secret, session_id, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/sessions/v1?session_id={session_id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def initialize_a_new_session_with_the_rtr_cloud(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/sessions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_a_full_sandbox_report(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/falconx/entities/reports/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_report(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/falconx/entities/reports/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_ml_exclusions(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/queries/ml-exclusions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_sensor_update_policy_ids(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/queries/sensor-update/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_a_queued_session_command(self, url, client_id, client_secret, session_id, cloud_request_id, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/queued-sessions/command/v1?session_id={session_id}&cloud_request_id={cloud_request_id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def preview_rules_notification_count_and_distribution(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"X-CS-USERUUID": "undefined"} + url=f"{url}/recon/aggregates/rules-preview/GET/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_a_report_pdf_attachment(self, url, client_id, client_secret, id, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/intel/entities/report-files/v1?id={id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_a_set_of_prevention_policies(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/prevention/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_a_set_of_prevention_policies(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/prevention/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_prevention_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/prevention/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_prevention_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/prevention/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_putfiles_based_on_the_ids_given(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/put-files/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_a_putfile_based_on_the_ids_given(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/put-files/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def upload_a_new_putfile_to_use_for_the_rtr_put_command(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/put-files/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_a_list_of_session_ids(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter=""): + params={} + request_headers={} + url=f"{url}/real-time-response/queries/sessions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_list_of_samples(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/jsonX-CS-USERUUID"} + url=f"{url}/samples/queries/samples/GET/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def check_status_of_sandbox_analysis(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/falconx/entities/submissions/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def submit_upload_for_sandbox_analysis(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/falconx/entities/submissions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_number_of_hosts_that_have_observed_a_given_custom_ioc(self, url, client_id, client_secret, type, value, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/indicators/aggregates/devices-count/v1?type={type}&value={value}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def set_precedence_of_firewall_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/firewall-precedence/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_notification_aggregates(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/recon/aggregates/notifications/GET/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_actions_based_on_their_ids(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/recon/entities/actions/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_an_action_from_a_monitoring_rule_based_on_the_action_id(self, url, client_id, client_secret, id, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/recon/entities/actions/v1?id={id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_actions_for_a_monitoring_rule(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/recon/entities/actions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_an_action_for_a_monitoring_rule(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/recon/entities/actions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def query_actions(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter="", q=""): + params={} + request_headers={} + url=f"{url}/recon/queries/actions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + if q: + params["q"] = q + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_host_group_ids(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/devices/queries/host-groups/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_indexed_files_metadata_by_their_hash(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/malquery/entities/metadata/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_sensor_update_policies_with_additional_support_for_uninstall_protection(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/combined/sensor-update/v2" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def perform_action_on_the_firewall_policies(self, url, client_id, client_secret, action_name, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/firewall-actions/v1?action_name={action_name}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_process_details(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/processes/entities/processes/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_a_short_summary_version_of_a_sandbox_report(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/falconx/entities/report-summaries/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def schedule_a_yara_based_search_for_execution(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/malquery/queries/hunt/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_the_status_of_batch_get_command__will_return_successful_files_when_they_are_finished_processing(self, url, client_id, client_secret, batch_get_cmd_req_id, headers="", queries="", timeout="", timeout_duration=""): + params={} + request_headers={} + url=f"{url}/real-time-response/combined/batch-get-command/v1?batch_get_cmd_req_id={batch_get_cmd_req_id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if timeout_duration: + params["timeout_duration"] = timeout_duration + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def batch_executes_get_command_across_hosts_to_retrieve_files_after_this_call_is_made_get_realtimeresponsecombinedbatchgetcommandv1_is_used_to_query_for_the_results(self, url, client_id, client_secret, headers="", queries="", timeout="", timeout_duration="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/combined/batch-get-command/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if timeout_duration: + params["timeout_duration"] = timeout_duration + body = " ".join(body.strip().split()).encode("utf-8") + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def query_monitoring_rules(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter="", q=""): + params={} + request_headers={"X-CS-USERUUID": "undefined"} + url=f"{url}/recon/queries/rules/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + if q: + params["q"] = q + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_sensor_installer_details_by_provided_sha256_ids(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/sensors/entities/installers/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def modify_host_tags(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/devices/entities/devices/tags/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_response_policy_member_ids(self, url, client_id, client_secret, headers="", queries="", id="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/queries/response-members/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_status_of_an_executed_rtr_administrator_command_on_a_single_host(self, url, client_id, client_secret, cloud_request_id, sequence_id, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/admin-command/v1?cloud_request_id={cloud_request_id}&sequence_id={sequence_id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def execute_a_rtr_administrator_command_on_a_single_host(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/admin-command/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def refresh_an_active_event_stream(self, url, client_id, client_secret, action_name, appId, partition, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/sensors/entities/datafeed-actions/v1/{partition}?action_name={action_name}&appId={appId}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def validates_field_values_and_checks_for_string_matches(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/ioarules/entities/rules/validate/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def check_the_status_of_a_volume_scan(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/scanner/entities/scans/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def submit_a_volume_of_files_for_ml_scanning(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/scanner/entities/scans/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def download_the_latest_rule_set(self, url, client_id, client_secret, type, headers="", queries="", format=""): + params={} + request_headers={"Accept": "undefined"} + url=f"{url}/intel/entities/rules-latest-files/v1?type={type}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_rules_by_id(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/ioarules/entities/rules/GET/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def find_all_rule_groups(self, url, client_id, client_secret, headers="", queries="", sort="", filter="", q="", offset="", limit=""): + params={} + request_headers={} + url=f"{url}/ioarules/queries/rule-groups-full/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if q: + params["q"] = q + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def check_the_status_and_results_of_an_asynchronous_request(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/malquery/entities/requests/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_a_set_of_ml_exclusions(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/ml-exclusions/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_the_ml_exclusions_by_id(self, url, client_id, client_secret, ids, headers="", queries="", comment=""): + params={} + request_headers={} + url=f"{url}/policy/entities/ml-exclusions/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_the_ml_exclusions(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/ml-exclusions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_the_ml_exclusions(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/ml-exclusions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_device_control_policy_ids(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/queries/device-control/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_firewall_policy_member_ids(self, url, client_id, client_secret, headers="", queries="", id="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/queries/firewall-members/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_notifications_based_on_their_ids(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/recon/entities/notifications-translated/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_host_group_members(self, url, client_id, client_secret, headers="", queries="", id="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/devices/combined/host-group-members/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_platforms_by_id(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/ioarules/entities/platforms/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def perform_action_on_the_response_policies(self, url, client_id, client_secret, action_name, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/response-actions/v1?action_name={action_name}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_a_set_of_response_policies(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/response/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_a_set_of_response_policies(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/response/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_response_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/response/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_response_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/response/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def batch_executes_a_rtr_readonly_command(self, url, client_id, client_secret, headers="", queries="", timeout="", timeout_duration="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/combined/batch-command/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if timeout_duration: + params["timeout_duration"] = timeout_duration + body = " ".join(body.strip().split()).encode("utf-8") + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_session_metadata_by_session_id(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/sessions/GET/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def perform_action_on_host_group(self, url, client_id, client_secret, action_name, host_group_id, hostnames, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/devices/entities/host-group-actions/v1?action_name={action_name}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + body = {"action_parameters": [{"name": "filter", "value": "(hostname:['" + hostnames + "'])" } ], "ids": [ host_group_id ]} + ret = requests.post(url, headers=request_headers, params=params, json=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_device_control_policy_members(self, url, client_id, client_secret, headers="", queries="", id="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/combined/device-control-members/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_firewall_policies(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/combined/firewall/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_a_set_of_sensor_update_policies_with_additional_support_for_uninstall_protection(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/sensor-update/v2?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_sensor_update_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/sensor-update/v2" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_sensor_update_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/sensor-update/v2" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_a_list_of_putfile_ids(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/real-time-response/queries/put-files/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_a_list_of_custom_script_ids(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/real-time-response/queries/scripts/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_detailed_notifications_based_on_their_ids_with_raw_intelligence_content_that_generated_the_match(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/recon/entities/notifications-detailed/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_all_event_streams(self, url, client_id, client_secret, appId, headers="", queries="", format=""): + params={} + request_headers={} + url=f"{url}/sensors/entities/datafeed/v2?appId={appId}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def download_sensor_installer_by_sha256_id(self, url, client_id, client_secret, id, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/sensors/entities/download-installer/v1?id={id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_hosts_that_have_observed_a_given_custom_ioc(self, url, client_id, client_secret, type, value, headers="", queries="", limit="", offset=""): + params={} + request_headers={} + url=f"{url}/indicators/queries/devices/v1?type={type}&value={value}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_details_for_rule_sets_for_ids(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/intel/entities/rules/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def download_a_file_indexed_by_malquery(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/malquery/entities/download-files/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_an_uninstall_token_for_a_specific_device(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/combined/reveal-uninstall-token/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_response_policy_ids(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/queries/response/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_a_list_of_files_for_rtr_session(self, url, client_id, client_secret, session_id, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/file/v1?session_id={session_id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_a_rtr_session_file(self, url, client_id, client_secret, ids, session_id, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/file/v1?ids={ids}&session_id={session_id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_custom_scripts_based_on_the_ids_given(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/scripts/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_a_custom_script_based_on_the_id_given(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/scripts/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def upload_a_new_custom_script_to_use(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/scripts/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def upload_a_new_scripts_to_replace_an_existing_one(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/scripts/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_details_on_hosts(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/devices/entities/devices/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_actor_ids(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter="", q=""): + params={} + request_headers={} + url=f"{url}/intel/queries/actors/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + if q: + params["q"] = q + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_ccid_to_use_with_sensor_installers(self, url, client_id, client_secret, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/sensors/queries/installers/ccid/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def find_submission_ids_for_uploaded_files(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/falconx/queries/submissions/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_details_on_behaviors(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/incidents/entities/behaviors/GET/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_device_control_policies(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/combined/device-control/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_prevention_policy_member_ids(self, url, client_id, client_secret, headers="", queries="", id="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/queries/prevention-members/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_status_of_an_executed_command_on_a_single_host(self, url, client_id, client_secret, cloud_request_id, sequence_id, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/command/v1?cloud_request_id={cloud_request_id}&sequence_id={sequence_id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def execute_a_command_on_a_single_host(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/entities/command/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_the_file_associated_with_the_given_id_sha256(self, url, client_id, client_secret, ids, headers="", queries="", password_protected=""): + params={} + request_headers={"X-CS-USERUUID": "undefined"} + url=f"{url}/samples/entities/samples/v3?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_sample_from_the_collection(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={"X-CS-USERUUID": "undefined"} + url=f"{url}/samples/entities/samples/v3?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def upload_a_file_for_further_cloud_analysis(self, url, client_id, client_secret, file_name, headers="", queries="", comment="", is_confidential="", body=""): + params={} + request_headers={"X-CS-USERUUID": "undefined"} + url=f"{url}/samples/entities/samples/v3?file_name={file_name}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if is_confidential: + params["is_confidential"] = is_confidential + body = " ".join(body.strip().split()).encode("utf-8") + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_response_policies(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/combined/response/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_a_set_of_firewall_policies(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/firewall/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_a_set_of_firewall_policies(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/firewall/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_firewall_policies(self, url, client_id, client_secret, headers="", queries="", clone_id="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/firewall/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + body = " ".join(body.strip().split()).encode("utf-8") + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_firewall_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/firewall/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def set_precedence_of_sensor_update_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/sensor-update-precedence/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_device_control_policy_member_ids(self, url, client_id, client_secret, headers="", queries="", id="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/queries/device-control-members/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def batch_executes_a_rtr_active_responder_command(self, url, client_id, client_secret, headers="", queries="", timeout="", timeout_duration="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/combined/batch-active-responder-command/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if timeout_duration: + params["timeout_duration"] = timeout_duration + body = " ".join(body.strip().split()).encode("utf-8") + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def batch_executes_a_rtr_administrator_command(self, url, client_id, client_secret, headers="", queries="", timeout="", timeout_duration="", body=""): + params={} + request_headers={} + url=f"{url}/real-time-response/combined/batch-admin-command/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if timeout_duration: + params["timeout_duration"] = timeout_duration + body = " ".join(body.strip().split()).encode("utf-8") + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_monitoring_rules_rules_by_provided_ids(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={"X-CS-USERUUID": "undefined"} + url=f"{url}/recon/entities/rules/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_monitoring_rules(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={"X-CS-USERUUID": "undefined"} + url=f"{url}/recon/entities/rules/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_monitoring_rules(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"X-CS-USERUUID": "undefined"} + url=f"{url}/recon/entities/rules/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_monitoring_rules(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"X-CS-USERUUID": "undefined"} + url=f"{url}/recon/entities/rules/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_detection_ids(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter="", q=""): + params={} + request_headers={} + url=f"{url}/detects/queries/detects/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + if q: + params["q"] = q + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_the_file_associated_with_the_given_id_sha256(self, url, client_id, client_secret, ids, headers="", queries="", password_protected=""): + params={} + request_headers={"X-CS-USERUUID": "undefined"} + url=f"{url}/samples/entities/samples/v2?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def upload_for_sandbox_analysis(self, url, client_id, client_secret, file_name, headers="", queries="", comment="", is_confidential="", body=""): + params={} + request_headers={"X-CS-USERUUID": "undefined"} + url=f"{url}/samples/entities/samples/v2?file_name={file_name}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if is_confidential: + params["is_confidential"] = is_confidential + body = " ".join(body.strip().split()).encode("utf-8") + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_host_group_member_ids(self, url, client_id, client_secret, headers="", queries="", id="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/devices/queries/host-group-members/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_details_on_incidents(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/incidents/entities/incidents/GET/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_processes_associated_with_a_custom_ioc(self, url, client_id, client_secret, type, value, device_id, headers="", queries="", limit="", offset=""): + params={} + request_headers={} + url=f"{url}/indicators/queries/processes/v1?type={type}&value={value}&device_id={device_id}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_specific_reports_using_their_report_ids(self, url, client_id, client_secret, ids, headers="", queries="", fields=""): + params={} + request_headers={} + url=f"{url}/intel/entities/reports/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_indicators(self, url, client_id, client_secret, headers="", queries="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/iocs/queries/indicators/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_firewall_policy_members(self, url, client_id, client_secret, headers="", queries="", id="", filter="", offset="", limit="", sort=""): + params={} + request_headers={} + url=f"{url}/policy/combined/firewall-members/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if filter: + params["filter"] = filter + if offset: + params["offset"] = offset + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def perform_action_on_the_prevention_policies(self, url, client_id, client_secret, action_name, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/prevention-actions/v1?action_name={action_name}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_a_set_of_sensor_update_policies(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/sensor-update/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def delete_a_set_of_sensor_update_policies(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/policy/entities/sensor-update/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.delete(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def create_sensor_update_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/sensor-update/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def update_sensor_update_policies(self, url, client_id, client_secret, headers="", queries="", body=""): + params={} + request_headers={} + url=f"{url}/policy/entities/sensor-update/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.patch(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def take_action_on_hosts(self, url, client_id, client_secret, action_name, headers="", queries="", body=""): + params={} + request_headers={"Content-Type": "application/json","Accept": "application/json"} + url=f"{url}/devices/entities/devices-actions/v2?action_name={action_name}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.post(url, headers=request_headers, params=params, data=body) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def search_for_hosts(self, url, client_id, client_secret, headers="", queries="", offset="", limit="", sort="", filter=""): + params={} + request_headers={} + url=f"{url}/devices/queries/devices/v1" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + if limit: + params["limit"] = limit + if sort: + params["sort"] = sort + if filter: + params["filter"] = filter + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def retrieve_specific_actors_using_their_actor_ids(self, url, client_id, client_secret, ids, headers="", queries="", fields=""): + params={} + request_headers={} + url=f"{url}/intel/entities/actors/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + + def get_pattern_severities_by_id(self, url, client_id, client_secret, ids, headers="", queries=""): + params={} + request_headers={} + url=f"{url}/ioarules/entities/pattern-severities/v1?ids={ids}" + request_headers=self.setup_headers(headers) + params=self.setup_params(queries) + + ret = requests.get(url, headers=request_headers, params=params) + try: + return ret.json() + except json.decoder.JSONDecodeError: + return ret.text + + +if __name__ == "__main__": + + Crowdstrike_Falcon.run() diff --git a/cylance/1.0.0/Dockerfile b/unsupported/cylance/1.0.0/Dockerfile similarity index 100% rename from cylance/1.0.0/Dockerfile rename to unsupported/cylance/1.0.0/Dockerfile diff --git a/cylance/1.0.0/api.yaml b/unsupported/cylance/1.0.0/api.yaml similarity index 100% rename from cylance/1.0.0/api.yaml rename to unsupported/cylance/1.0.0/api.yaml diff --git a/cylance/1.0.0/requirements.txt b/unsupported/cylance/1.0.0/requirements.txt similarity index 100% rename from cylance/1.0.0/requirements.txt rename to unsupported/cylance/1.0.0/requirements.txt diff --git a/cylance/1.0.0/src/app.py b/unsupported/cylance/1.0.0/src/app.py similarity index 100% rename from cylance/1.0.0/src/app.py rename to unsupported/cylance/1.0.0/src/app.py diff --git a/hoxhunt/1.0.0/Dockerfile b/unsupported/hoxhunt/1.0.0/Dockerfile similarity index 100% rename from hoxhunt/1.0.0/Dockerfile rename to unsupported/hoxhunt/1.0.0/Dockerfile diff --git a/hoxhunt/1.0.0/api.yaml b/unsupported/hoxhunt/1.0.0/api.yaml similarity index 100% rename from hoxhunt/1.0.0/api.yaml rename to unsupported/hoxhunt/1.0.0/api.yaml diff --git a/hoxhunt/1.0.0/requirements.txt b/unsupported/hoxhunt/1.0.0/requirements.txt similarity index 100% rename from hoxhunt/1.0.0/requirements.txt rename to unsupported/hoxhunt/1.0.0/requirements.txt diff --git a/hoxhunt/1.0.0/src/app.py b/unsupported/hoxhunt/1.0.0/src/app.py similarity index 100% rename from hoxhunt/1.0.0/src/app.py rename to unsupported/hoxhunt/1.0.0/src/app.py diff --git a/microsoft-identity-and-access/1.0.0/Dockerfile b/unsupported/microsoft-identity-and-access/1.0.0/Dockerfile similarity index 100% rename from microsoft-identity-and-access/1.0.0/Dockerfile rename to unsupported/microsoft-identity-and-access/1.0.0/Dockerfile diff --git a/microsoft-identity-and-access/1.0.0/README.md b/unsupported/microsoft-identity-and-access/1.0.0/README.md similarity index 100% rename from microsoft-identity-and-access/1.0.0/README.md rename to unsupported/microsoft-identity-and-access/1.0.0/README.md diff --git a/microsoft-identity-and-access/1.0.0/api.yaml b/unsupported/microsoft-identity-and-access/1.0.0/api.yaml similarity index 100% rename from microsoft-identity-and-access/1.0.0/api.yaml rename to unsupported/microsoft-identity-and-access/1.0.0/api.yaml diff --git a/microsoft-identity-and-access/1.0.0/requirements.txt b/unsupported/microsoft-identity-and-access/1.0.0/requirements.txt similarity index 100% rename from microsoft-identity-and-access/1.0.0/requirements.txt rename to unsupported/microsoft-identity-and-access/1.0.0/requirements.txt diff --git a/microsoft-identity-and-access/1.0.0/src/app.py b/unsupported/microsoft-identity-and-access/1.0.0/src/app.py similarity index 100% rename from microsoft-identity-and-access/1.0.0/src/app.py rename to unsupported/microsoft-identity-and-access/1.0.0/src/app.py diff --git a/microsoft-intune/1.0.0/Dockerfile b/unsupported/microsoft-intune/1.0.0/Dockerfile similarity index 100% rename from microsoft-intune/1.0.0/Dockerfile rename to unsupported/microsoft-intune/1.0.0/Dockerfile diff --git a/microsoft-intune/1.0.0/README.md b/unsupported/microsoft-intune/1.0.0/README.md similarity index 100% rename from microsoft-intune/1.0.0/README.md rename to unsupported/microsoft-intune/1.0.0/README.md diff --git a/microsoft-intune/1.0.0/api.yaml b/unsupported/microsoft-intune/1.0.0/api.yaml similarity index 100% rename from microsoft-intune/1.0.0/api.yaml rename to unsupported/microsoft-intune/1.0.0/api.yaml diff --git a/microsoft-intune/1.0.0/requirements.txt b/unsupported/microsoft-intune/1.0.0/requirements.txt similarity index 100% rename from microsoft-intune/1.0.0/requirements.txt rename to unsupported/microsoft-intune/1.0.0/requirements.txt diff --git a/microsoft-intune/1.0.0/src/app.py b/unsupported/microsoft-intune/1.0.0/src/app.py similarity index 100% rename from microsoft-intune/1.0.0/src/app.py rename to unsupported/microsoft-intune/1.0.0/src/app.py diff --git a/microsoft-security-and-compliance/1.0.0/Dockerfile b/unsupported/microsoft-security-and-compliance/1.0.0/Dockerfile similarity index 100% rename from microsoft-security-and-compliance/1.0.0/Dockerfile rename to unsupported/microsoft-security-and-compliance/1.0.0/Dockerfile diff --git a/microsoft-security-and-compliance/1.0.0/README.md b/unsupported/microsoft-security-and-compliance/1.0.0/README.md similarity index 100% rename from microsoft-security-and-compliance/1.0.0/README.md rename to unsupported/microsoft-security-and-compliance/1.0.0/README.md diff --git a/microsoft-security-and-compliance/1.0.0/api.yaml b/unsupported/microsoft-security-and-compliance/1.0.0/api.yaml similarity index 100% rename from microsoft-security-and-compliance/1.0.0/api.yaml rename to unsupported/microsoft-security-and-compliance/1.0.0/api.yaml diff --git a/microsoft-security-and-compliance/1.0.0/requirements.txt b/unsupported/microsoft-security-and-compliance/1.0.0/requirements.txt similarity index 100% rename from microsoft-security-and-compliance/1.0.0/requirements.txt rename to unsupported/microsoft-security-and-compliance/1.0.0/requirements.txt diff --git a/microsoft-security-and-compliance/1.0.0/src/app.py b/unsupported/microsoft-security-and-compliance/1.0.0/src/app.py similarity index 100% rename from microsoft-security-and-compliance/1.0.0/src/app.py rename to unsupported/microsoft-security-and-compliance/1.0.0/src/app.py diff --git a/microsoft-security-oauth2/1.0.0/Dockerfile b/unsupported/microsoft-security-oauth2/1.0.0/Dockerfile similarity index 100% rename from microsoft-security-oauth2/1.0.0/Dockerfile rename to unsupported/microsoft-security-oauth2/1.0.0/Dockerfile diff --git a/microsoft-security-oauth2/1.0.0/api.yaml b/unsupported/microsoft-security-oauth2/1.0.0/api.yaml similarity index 100% rename from microsoft-security-oauth2/1.0.0/api.yaml rename to unsupported/microsoft-security-oauth2/1.0.0/api.yaml diff --git a/microsoft-security-oauth2/1.0.0/requirements.txt b/unsupported/microsoft-security-oauth2/1.0.0/requirements.txt similarity index 100% rename from microsoft-security-oauth2/1.0.0/requirements.txt rename to unsupported/microsoft-security-oauth2/1.0.0/requirements.txt diff --git a/microsoft-security-oauth2/1.0.0/src/app.py b/unsupported/microsoft-security-oauth2/1.0.0/src/app.py similarity index 100% rename from microsoft-security-oauth2/1.0.0/src/app.py rename to unsupported/microsoft-security-oauth2/1.0.0/src/app.py diff --git a/passivetotal/1.0.0/Dockerfile b/unsupported/microsoft-teams-system-access/1.0.0/Dockerfile similarity index 100% rename from passivetotal/1.0.0/Dockerfile rename to unsupported/microsoft-teams-system-access/1.0.0/Dockerfile diff --git a/unsupported/microsoft-teams-system-access/1.0.0/README.md b/unsupported/microsoft-teams-system-access/1.0.0/README.md new file mode 100644 index 00000000..4ef89c3d --- /dev/null +++ b/unsupported/microsoft-teams-system-access/1.0.0/README.md @@ -0,0 +1,33 @@ +## Microsoft Security and Compliance +- An app to interact with Security and Compliance solutions from microsoft. + +## How to register app in Active Directory on Azure portal ? + +### Step 1: Go to the Azure portal + + - You'll need to go to the [Azure Portal](https://portal.azure.com/) and login. + +### Step 2: Go to the Azure Active Directory Service + +- Once you are logged into Azure, Register a new application so you can access +the Microsoft Graph API. To register a new application go to your **Azure Active Directory** +and once there go down to **App Registrations** a new window will pop up. + +### Step 3: Register a New App +- Set name of your choice. +- Select supported account type. +- You don't have to set redirect URL. + +### Step 4: Generate client secret +- Go to your application → Certificates & Secrets → New client Secret. + +## Note +- You'll need Tenant ID, Client ID & client Secret for authentication (Tenant ID & Client ID are available under application overview and for Client Secret go to Certificate & Secrets section). +- Make sure your application has adequate permissions. +- Each action may require different permission to run. To add permissions, Go to your application in azure portal → API permission → Add permission (some of the permissions will require admin consent). +- After adding permission , Grant consent. +- Be sure to use work / business account. Most of the actions are not supported on personal account. + + +## References +- To read more about required permission for each action you can refer to [Security](https://docs.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-1.0) & [compliance](https://docs.microsoft.com/en-us/graph/api/resources/complianceapioverview?view=graph-rest-beta)'s official documentation. diff --git a/unsupported/microsoft-teams-system-access/1.0.0/api.yaml b/unsupported/microsoft-teams-system-access/1.0.0/api.yaml new file mode 100644 index 00000000..857fc2a1 --- /dev/null +++ b/unsupported/microsoft-teams-system-access/1.0.0/api.yaml @@ -0,0 +1,190 @@ +app_version: 1.0.0 +name: Microsoft Teams System Access +description: An app for the Microsoft teams WITHOUT delegated access +contact_info: + name: "@frikkylikeme" + url: https://frikky.com + email: frikky@shuffler.io +tags: + - Communication + - Comms + - Chat +categories: + - Comms +authentication: + required: true + parameters: + - name: tenant_id + description: The tenant of the OAuth client + example: "*****" + required: true + schema: + type: string + - name: client_id + description: The client id to use + example: "*****" + multiline: false + required: true + schema: + type: string + - name: client_secret + description: The secret key to use + multiline: false + example: "*****" + required: true + schema: + type: string +actions: + - name: list_teams + description: Returns all teams for a user + parameters: + - name: user_id + description: The user to check for + example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + required: true + schema: + type: string + - name: list_members_in_team + description: Returns all members in a team + parameters: + - name: team_id + description: The team to check + example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + required: true + schema: + type: string + - name: list_channels_in_team + description: Returns all channels for a team + parameters: + - name: team_id + description: The user to check for + example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + required: true + schema: + type: string + - name: create_channel_in_team + description: Creates a channel in a team + parameters: + - name: team_id + description: The user to check for + example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + required: true + schema: + type: string + - name: name + description: Add person to channel + example: "The coolest channel" + required: true + schema: + type: string + - name: description + description: The description to use for the channel + example: "And it really is only for cool people" + required: true + schema: + type: string + - name: add_user_to_channel + description: Adds a user to a channel + parameters: + - name: team_id + description: The user to check for + example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + required: true + schema: + type: string + - name: channel_id + description: The channel ID to use + example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + required: true + schema: + type: string + - name: user_id + description: The user to add + example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + required: true + schema: + type: string + - name: role + description: The role to give them + required: true + options: + - member + - owner + schema: + type: string + #- name: send_message_to_channel + # description: Sends a message to a channel + # parameters: + # - name: team_id + # description: The user to check for + # example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + # required: true + # schema: + # type: string + # - name: channel_id + # description: The channel ID to use + # example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + # required: true + # schema: + # type: string + # - name: user_id + # description: The user ID to use + # example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + # required: true + # schema: + # type: string + # - name: message + # description: The message to send + # example: "Have a nice weekend!!" + # required: true + # schema: + # type: string + - name: list_apps_in_team + description: Deletes a channel from a team + parameters: + - name: team_id + description: The user to check for + example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + required: true + schema: + type: string + - name: get_app_in_team + description: Gets and app installed in a team + parameters: + - name: team_id + description: The user to check for + example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + required: true + schema: + type: string + - name: app_id + description: The app ID to use + example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + required: true + schema: + type: string + - name: add_webhook_to_team + description: Adds a webhook to a team + parameters: + - name: team_id + description: The user to check for + example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + required: true + schema: + type: string + - name: delete_channel + description: Deletes a channel from a team + parameters: + - name: team_id + description: The user to check for + example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + required: true + schema: + type: string + - name: channel_id + description: The channel ID to use + example: "b6b6c99f-bf87-4815-9f62-82aef893c634" + required: true + schema: + type: string +large_image: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAK4AAACuCAIAAAAgbqG5AAAACXBIWXMAAA7zAAAO8wEcU5k6AAAAEXRFWHRUaXRsZQBQREYgQ3JlYXRvckFevCgAAAATdEVYdEF1dGhvcgBQREYgVG9vbHMgQUcbz3cwAAAALXpUWHREZXNjcmlwdGlvbgAACJnLKCkpsNLXLy8v1ytISdMtyc/PKdZLzs8FAG6fCPGXryy4AABVtElEQVR42u29iXtURfovnn/qzujozL13ZhwJO0mAJCDKKioIjgNBIAGSIC6jM86IKC64AqKAsgphlS2GsCZAkt7T6X3fsnW6+36q3nOqq8856YSQ+H1+/nKeSj/nvKlTXV31qbferapKcurldrstFovZbA6FQkTp7++3qJfI5vF48Gi1WoPBIFEGBwfxFr2byWSI6PP56EXcECWdTovScE/EQCBAFK/XSxSUILINDAwQEVUiCiopaiKy9fb24jGbzYbDYaK4XC41VwZVJWIqlSJKNErZbN0Ody6bYymXs1rtoJitlngyQbR4PM4oFpvd4WJZeDa73W614seaYpEofUEilTSzbzDZrTbKg6u7u5u+NBqNomKg4NupJvgUPwH1JCJqTpS+vj59m1PX4EJz6buGyqc2p9JENnSNyDY0NDRc1+BfeCzRfx/anUovAgVcMhRENoICXh8lFPx+P7WOHgogPhQUcEUiER0U8tnQGRneydFonBNMzm476kUJj2ZzF6iJRIJe5FBg2bqdVjVbBkggGMViSjbkp2FgsxVAAfUHEVWixkwmk+J3FYECfgtlw7v6rhFtLroGrwsooA01iDGEAtqchq4xFFCcIRTEkBozFPDFIpsojaCAbKg0EalaoOi5AiioEmXDt+v62ISRRBQ0KGXjUMjQSKb2wic6gyEhQ1CwgSKgkM3hJ5h4ykMhFoux7rRqoGDn79ri0QQrPZMlKODCvwy5AlEEV2CIUa+enh7KRlDAzxdcQYaCvs2H4woyFEDXd40YfgZQcKsXWqqPX6g9HtGaeAcgJSJqQ0SMlV5+UTZcKBEZKCdlw4Vs9CJu6EVglvLgZ+CesqEQKk1kQwmiNJQMIijoFSoNlaQXQVTrlsIvJyIalEpj2bwel6cHRF5af1/fALLhLa/HGQ4H+bsDqeSAy+1Hcrv8PA+7QiGUxl4E/pCnty+NbG5XAHncbm8qxerW35cKhwIeF6rhC4Ui9CLoVA38CmpMUMAViIhv71Mv0eaAEf0K1FyfTW5zKk1uc9E1lIfanIgiG9pZlCbaXDQmtblozBIxaMTYEmwWmNWzWfxIouD7iM84nU6RDZCnbPLYIorD4RDZ+NhiF/5LFBSL0lATedCgZKoeqiTzT/pemc0qYysYonGJ34L5W5ONjy2TzdoZDPrZSMrm+vqHTGa72dJtMTvUoZXx+TzEIZRBA44xkLOYu60WJ7JxNovhlQkGfFQ3lZ8NZTJpvZSDcayZ2vDVIhu1OSjU5ihtuKlN0zVym8tsT25zEMGcRDa0P70LBMhTm8LPcrkSuVrEaoyEL0hVVsPvwyV/n5gCRDZ1xi2AgqiWDAWi6KEgs1lAQYioeoE3EgoTFNATajaamFnncSgw3o5xrEgvg2Da962WDou1E31JE4rPHzZbHOh1v1/hxkPpPov5gc32ADmHMv0Km/WFeWkmv99LkxGxWeoDcGaNlCOmNjQy1U0efqLNDYUhAQW0w+ihoB+llE1AQbS5AgXUFcgF3PA+voluiEiP9Im6hvgliLjEu1H1wiNYHDKLFykbLhApT4RfhqWF+aV/UeShuuESFF4YiBGqiVwaZeR5QrEoKzmIbKFYJJzgb/rjcW8o5AyFvaFIOBTtC0WGguEcEsQbpHAwFwlDK+nlJXhYzpArGgvy4uPhUJx9aRg1wa+gGsZRd/G7NL+UKkaNzGoSDIpsRJGz0acgirdEaaIxKfNwpdEroky5NH3XlIxNmdSIjSQtG4owv5oyacTPMqoyyZgBH1ug9DNl0uwwm93djshgOheL5x6YssdOOfd/b/7ki46P95g/+cz06Z6Or/aa9h2wHDtp/6U1kurNpYdy6QymNj/jXNaueCzIhEaw2WSv4Geq1GgsNhbRIMQMCD6hF9VF14woNo5GmZQ1CHrXQJmkHGOAgiymUukaaXZEKAjEFIECqqeHAmQCwT8NoQAeTjYDng3fmwxHYl3mxPWbA0eORXZ93F3X0F7b0FnbaN7cYKlttEnJWrfdXtfYVdvwYEvjvd2fuS5ezd5uHzCZoafYE/EQLy0XT/QxqJm7ICZlcxkNFEQfG0IB0pjerjAara2IBoHX9VAAUYaCsQbRzy/UADlQMzQigExEzCWYbIgosqE2PfxC7fFNIOJHIgMRSUHAhc7DI0n1RMHYRQPJ2bi4HiIKiqXShEgMIipA76JBXfxC/n71ohedrh5UgERiZCMifguV1t8/6IGg73K4euzxWG9/by7el7vZlvjg47Yt29s219s31Qc31sc2bkuwhJv6yMb6kJoi8r+QE+DYuuPWJ3vawSdgYertzbJWSuBL2e8CYwN2qW7oPKoJGpN+LGQ0akn8OpENv5p+qWgl/BZ6Uc5GXYMLP5BKE9nw+gC/RCtRY4o2Z03kdKI0oiCn6EHcUGnIhhdLihhqNLKJRjUQGoRebAQd2QitQmwk2aSIBmEymWSxEa8LsVGjQWgGjapBmLhFhMZWymTq5IPVQZMCPl3uwavNsX9/6KhtbEen1ta7N9X7N9WHXtsWVUEQwSOljQ3BAkBwiLD8DS7OMO7t3mNruZkwm70+bw+3TOSGMjlqENk4JjQIjdhIOfViI2lt1HSGWpth11Bpeq1N7hqh3Ik5q5gGMRqbHTPU8IqOUpk01CCGUyYNNQi9MqmfcRkQLHkpRzLfmtick4V5OPfdIee27bekXkdne2rRtQ2uukb3pgY3wFFb7xUJFIXI82xiycvAsS2xAUyiwbX19duHj9hc7jQZqqFMWrmRylDKkaGgb3OCwpiVSU3XGCqTos2LKZMau4KAnmxXoD5Gb6Fa4vvoRfF9oIt5TkBBo7EMp0yiWPoKJnypk59emZQNrpqpFEID5Hk126AF8oG1E+ofjGzd7ty7O01MFGhwFg5x1t+sp+vdavIWJuW/BAuWvz64qSHKSmgI8ndNH+zuwkSPbxkaGuTuCXYVVybFgCmuTAoFXq9M6rtmRGVSb1dAfipfgYJGTEW5QoTRG7rxKQzdwj5NGgQVqrFuyiKMLDYKEUbwT2GfRgkCT6iA3KCyq0KGHaYDpUGjEdU+7eNGYdZDP1/2b9vRtrHBz/pvmw9ooPENKNAsoE4KweFTiOaOzQ0BDiAgwMnwsQ0FJvD45j9vXW8NdHeH8Y3UJoKf6Q3P8pBAmwuxkV4kfkamNjEkhNgo2B64jjBji2z6NiexkUoTXSNEddHmitgoCnoUZVJv6NYok/gWGQpi0Bgqk8ICU8RmJ/sgZGXSzH2JLhdGQwa63607OSgIxNipv9VR7uWCQrAIDhhQGgQU1GwNXsFC+BTD5hqUuf3Nu9d+iQ9lRqtMUrMbeiaFZl7EHYWWEezcUJnUj9IiGgRpbcXsChqHKZU+SijQ96E0QyiIao1SmSQoaJRJRUZjUOjnRsYMLDcwFCK53MzPdO9+HGoCzQh8vney7twWUfvezyHiUZl/foLgEwclt5QIPX5CAArh0wfK9G+oT+Fzx1s3nN3DQmE4z6TsjhJtjp8GIVrTNXJggEaZlBV4Q2USBRaBAroGb5UwD43XC2qCX8LnATq+OMkvINrLLxAx0yAbiLjBW6Dgi1P8AhEUKg3/xSP5megrUIOkeuHewy98F1FQJpWGT1EaslFpyAYKSkM2ehFE5cVkL3wKTGP0BGBGTKVCfSl8e/Zme652h/W1eh+6EIxdGd/57hyfpEwZamp8O2G1hOBlSyRSVD1YQlFZakzQkPArqJVAxM+hXwooUAtTm/Mfm+Tt4XF7fDHelqzNYxGPt9vr6Q74XalkJJWM9qZigaDH63N6vPZ4IpDqjSZTzLrKC/MHA9FUIknKti+gtHmCF4eaROMR8nhRm5cIqOqVyRHdUXqNhQCI0oYTUzXSbPFBI2ZcvTtf8M8sGzQ93IFkCwVj5EoOR3NvvnsbMgEX7tj4xs3mhtC4Q0Gfdu36paOzr38A9cIkmA4GyVUhu6OGKDDCUGwU7nXWmMwyhp9vRn8TMRpJwnlmZk3uZw415lPLMYq5BykeHyRdBmIjvsJus3Q7LEZaW0LTNaTcFVMmH9EzqbErjKMySZOfxGad3KRoZVNbllmIv/3etmW7RZEDiNUrEsD4972GMWypt313yNXHZrZ+CQomGQoWVeccRplUIi3M3F7OZkAVCpFoEj5SE2JuJCiAYgEUulyJREZAgftgu5zd1uzoPZNB9YpKF1GEzwMvi2zCmSGIwsMhXhSlkXNLk024u6g0cclfQTlFNlETTTZOgassCk4YDHljcXik0jdv57Y03q/l5iOp+4MTxwlkNGzclmp4vc1sSUdjCTBqGLlR/VAgCI8VVRgdwH9XmFpJuJowzyJUQmpz/PwA+50BtGMKBOb0iiIPTK5O2BXhS4vFfHCFINQBlHC4JxZDYIcvFkUjsPLBI+F7w1tI6CzygWEy1bgP1a5JGAe0FdEghDIpi42CGeg1CKGxCLFRFmFIbARF1iCElljEUJNnVOaO/r4MFxsHwxFPpyn+znsdm7f5mHhIUwNTAsO1ZEUYVwRANdVTIELW1lt2f9re1RXHeNUrk8oMmC1oc3UGzAgfBDi8YA9uT5CxFmtnKAzWAvaeGBoM2S3tdksHZoFcFjMRJvdEKGC2W+/ClBII+OjFgcGc4EAi0kKIjZIyCauXbVSeyeLBVcWVSUMoFPdMaqCAiWY4zySTSyydvanBLPvadCgcP3XWCbMP9xpAzeuB5K9CgasDEywocPmUGR7Alq5cTWJagCucvFYQ3biIYJKhYKxMIg8XfdTwuLTb42Chl5Zu+BYGM7mBdC4cybVc95+72HP6TPe9B5luVy6Wyrk8Q12mUJfZ5/fTFDCYTifIK8uhMEjYIs+krNwpyiQ6Eh2DT/wDczMEErT7IL8AZDw6+YVeISIKIqLIhtrrs6GPqTTyM+HCNI/pirwjzE0kZQMRN0RBCU71witEREtRaaikJhveRT0HBvoGB7KBUO6d/97a1OgU1sC8lKBIDBMLBXCFzfXdfGLy7/7M6rCD/3sGBpMDg1k4MBEj6eyxocKDg0NwliFRm+PCDxwYQC8MMT+T08FpLvwi9ksH4z5/D4QDszl75lzsg0+dL/39wtyFx8qqjpVXHy+vOllWeWLO/ONzq4+vWH12x7t3Dx/3Od056Ncof6Av0O10UdNR1+BT3zVwSDmdjrGLjRqfBwmJsjvKUEwtEsUkR4FSafoQchapprp8KBvjny4EpN/HJPPLjSG4mhgngG2xwai3JgwNQlyoq3eSM3PL9juIggkFvWDsMHVA1yXtBjXmRiTGIXr7BmhuQ/gLJgBZulSCsC2OLnPA4819e9C8bOXh8sqjsxdcm1V5Y2Zl24zK+zMq23Ezc/79mfM7Zs2/P7vq9pyqy3Oqjy9c+t1Hn9y61Ra1d5O8ySIHWNi+uaDNJbERjZkp5pnUQwG/QdYgqPMAMWHwGo07CplxTz2qVyZlnXM0nsksm7MQqtXeZYp8/g3ZkfxCgRT8QAHHxDMG2LLItV3X2HHuZ28gwJvb7IB1Qe0VMo6x8Mm+/kEKcQAU+KRgQpwvmcswP2Py6zKnvjnQvWDJ0bIFp+dUX5xTdRU4mFV5a2blHTnNmt/GUuWtWVWts6t/mVN9qWzBT9WLf9yz159J51dwkNyAHqH+KtQgMhOoTD66Z5K4gqxM6mPD8aO4Ib8drdbwZtvGbQGuQHL7YMHUQFZk/4QnLp0w+2aj7cNP73n9MA84i4S50hiCqsEDoYQymYG788bd6Ia6M+VVpzgbaJ9ZdWtmdcucqmYAgo3+wlRWfQWfs6qvAg3IOav69qyqlplVV7ZsPeH2UfwVQcEG4x+HQgZ9xBbz2KyKMplRL8iDFAkJIYAoJM0SUWQjDQJETDlEwfRjUy+IqUSESEEv4oaIZA+nbLineCdaBwEKZk16EZnpRXxCpCAiqkREVFLURK2buzcVzWQHbN05hBEwkzDTHQygMBHWRgNxAZbs+iATVBtc27bfdHshn2PxxQBMhTabAwncGO5s/guYqM4oNkskHMwMsYiH3r643d4BU9PV66nFK38qqz6PvlfYQNWNmdXNhVC4qiZA4RqbOxgUWhTOwQBxc3bVhUUrDv98NTAwlBNdY7Wj/21ev28om0GCsIiW1Lqjxj2gbcJjG83daD7YVq40x6A7bGqI/89CQRgwoLPUNTy4fTdHjqFUb4yEecgJwp7INQg2WKHzq2wvBU0BPbdw6bHZ1ddngflXtajDvZmnVj7ubyDxLs8nRmH/bUFmgZIZlR2zF1ypWnzgXif1DIMCOe1IucsOt1BOtvKO3q5AAUia1VHkYZOd1PLqKKqXZnWUBgrkwBTKpGx+kOYsGwSIoWzu8BEWX8Qjz2iCUGQFpkaKHvpVoKDGOgANlnMX+7mi2w/WBQaggYKb20nRKyGYyiFUZgcQJNdyM7loxY+Y75U+RvdXEwNonlMJnt/KkxYHDArzWxUosFeuckA0M9AAT9VXFy075OhhPc/tCgyUcmwjalWCZ/yPHEjkZ8LE7OMX+gkUolMeXJjdyXEFWUHORjkpGz4pG0rDjSYbLtwTkUyZoFA24bWibEAblYYqUWnktSKiKA1mNSBk1yf3axscSmDBNo/KCfy18mD9NaAQUmJetsEh7tx7APIighO7Q0FPIt7HUgK/FP45NFQggeV2yQj0TFhEfH6X3wevWm5NzQX0PTEDJKXjlT5ulbqZUrOgcJ7RwkSEahUx81sxxZCoAalzzT+O9bhhk0AzpkSb+/mFx2HFRgxBfZydRoMwXHehFxtp3I9NbCTnVlEfRKbH5e8yDbzz3m1AQUQV5Hs9H5rwa4iNG8l5Xe8mu9ZHn9hg9oFUCzORshxb8UGAPdj7+ygeX/FBmCzBXZ+0za48zab5yht8XiAo3OLsoWV29Y1Zct/nZ41m6b5lZuX1WSrnYEoHTSuVN8qqz7638y5fAs6WgAIQ5B/hymSuRL9SB+1O1ig5zg49RESNBoHLcHWU7I6ibDIUqI9xaaCgrEeWlEmNzgkoYDIqjOzIIKy605ze8c9WikiAB3Jzo69W5gQT6Y7SQUGRVCh88r8fmKDlWixtcC4LKJgtHSYsyzVbAQXeSOlwyGcyO365EZ2/aC+GryL0KZyghXOIvKAwS5kjlJSfI6papVcUiMD2wOaX6vNMAalsr1hwtMM8wF1l/YlkPw/v6HDYzahYCfEHcGxi1PhE9xARUBVMmHH+AEuUjdgLZWOeePUihoPSxDxC7+LCfC9PEEQU2WhyoXdFNuY84eXTBCFnA5FqArd7KJTq8eW2v3NzU6NDDTdSY0xYJJK/kCsEC31UQZ3QFxRWo9o8ZRgk6WYcpkbyiEiKoPz3LovHnw4EECbopgkCwfJsevSH+QSBFs4gMCMedSIG7413u1j/seF7bU6+4/MggKwgwDHKxLDC+cfM+TchhGK+2PHOdbipMSvBkyf3YIns6oUJDAkOMVVs7BXOjOJi42gC2uRs46hBwAeR6k33pXNvvNvCxEaKQlMnCG5Z0k0WIkhJ7lH1UeN0Hh40w08QSoR0FK/s+sTOo9ywwDkCQxMSfMe0rIrERkRmwVQajXr9oVxF9SFmI6q6SXJAIRRaZCbxEFCoZhwCdieaIyCNzlt4oOUGlp66IZ2oqz1h6jBpNAgTrSaQoDDahXIaKBBiwMn17igZCiJo0dAdpY8bNo5tTLGM7/73OlY3bORLGJRYtHrVwmgEhY3cBKnBwXhYoMMEBQqq/uQLJ0EB8UW0KleGgquHL9C2mALB2KEjjorq00zar7w1DBRapJvRpwLuAgW1oursB7sfdHRhkDq42oL1wTnYOkvS6YE0v8Cv7A4nEhzrRIH0APnO4XAipdUL49jBL3QPlBBQoHPybOwi5xYu9LHIhkfkxBCnbPjEPWXDfykbWaLIMQZJgoiQDCgbpip6EdlETSgPLDTY/wDsY/cnD7DaSVnjYCAfaCaIoN5PwS2VBaN/GA4xogZBQbBQZFz7vw/2D2AYJAAFbOTjsLvgbcowow7+MgG/l/0GuwuLtmFYnFN1jkPhhqoajAcUqpmtOs9puHH6pVfOW+1YmubEWnKsGh3ozyLeSfJB9PdRDAygUHzdBTH8EVdHCZ8HZZOdC7Q/zSijmDQ+CCHnCh8E7PbmrsgXX5vIrsDlNb8U0BykOHcRxyzTmbYJrW9b0EAmGBOr2MjjprgxA8qkY/9BD/xJmAJIbMyqAW1mbvLlGsQgW6nhys1/5tvZVT+reqNmUngkKJA9ioyS3GfRNm/hEegRyWQQwQ2waNnsbIGXvCSGVpdmEANDjBdLAdlcwn8BUfAbxtEHodcgRr86qiA2HDOuyfnjMVvt9q7XtgWRVGujX3JHeRUbg5gOVImhVqVD75Bincc4a+Q9HSi5ofPMz0mTxWex3nd78lAgZVJtc2Yfu3EbgsIPvKuuj8TtxwaFWzBLo/wZ829Dj4CD+9ZdmBZiHAoOBQpmq9jRiHRc2sDMlIcCR4O67MdUfDsVEXU/Bif1aLbaMNjAjNxRls4Ll7rX1lxZtc68er1lzYZ7L9e0v7y+Y3VN58s191la30Fp7fr2/KNy08lTx5oND0DB5yuvmdbX2ccoQPAAa1pwsbm+9YE512XpsVg7PF7nMFBIQpg4fjpZseAEG7iVRaS/MSU+QTBmw/QI4grtcHEdPeHAemK0m1VwBZrIccH+Zbeztc4YgjQZY8qg2b3b7oCnjE9vaczWdn5h/hayAk3bIJKsADpECjsvjmQFXJjPKQ8+8YoseYCIG42sACLJCqCjSlQavj3DZ1oQmaDALuzdFBkaikfjuX9surRqfccqhoDbLK2/t2r9vdXr7/B0j6c2ft9Gj2uUf7WpdPnx3toNXdy39JBOai4lwA9S1+B4572bwSjfmCHN3FH0oxAkQg3O5TNft/OexZ749CsmM5JpWe3F1nGCwmXF3FR9Fc4IxbpQdXbXx9dh10XFEC/TP5CGlUnWILx8AwrrRKyOKu6OEjsajUGZhFEUUACbhan/o0+7gIDC7m8r7OA7L62/SzgA2yjsfjlb26p1LBtYBdCgj2E0kCTUR6ZGbottYvEK5m+/7wxHh6TVUaZ8QJuiwHts9rtdluiuT8xl1Wfm5Pl/69hUR2OuoLivrnDb5a1Z8xkU3nv/F683SfETYEtMmVQdk4il7AYfg+1J2BVUbsxcF0XsCrRoyxAKIoBO3qpoRLuCYZgrETWro/jadEdfbxyOHDh5r7X0vbz+YiEPUG5W1ah9zB/BD9aoHU8ziPRKm8i/Zl3bK6+ZR8Ub8lBwAgcbt8a3br/fciPIp7Y0nwF7VSjYxTYgPS6P1Xan0xz56FMLoDCz8tr4dP+wE8RVzhXa8F3/2dnMocBHKdkVEHKNBLMewqhjcT+Pxe73+7DzRm8oNBCNDkUjGSRG4YkeKQX8LGcwMBCLZjXZIuEhkY0oyCYouBfZRE4qDZ8ojQqkPKCEQ2nKA7ogEiUczWB/O9TW60u7fLnXtv28tuYOnyYeKFBY9wDdr0BhHSfW3F6z/uaamtbVNTeBG/S3DBpQwBIEFEDcsNWp82gYQYH/a/P2HswOUEk++MiKYFTYjoIBd8Af4btChWHgg4EUyIbBESkah7HVg83Evj3oR5Qi66rqcYYCDJcCCty5xaGw4PSXe+9hmyleDcTYs4qVKPZEswM7EMSTuZZbka/33f7gw2ak3Z+2fLW37atv7n2z78HOXddA2flR82df3vlq330U9OkXt/GItOvjFjxS+mD3L+9/eA3pk89vEUVkw7/oRXzinojIRkQUK7KJ0lAyKHJpe766S9mQ8CLS1/vaP/r4OtXto8/v12xpfmbFpYXLWxeuaF644sozy689s7yF31/j980Lll2sWnK+6rnTlc8dXbDkSPXiw8+uOPHSK1cADkDk5Zq7gjEQPjCPvLrJMnoobGoMcd7Q2XqbxQ4FQy7wWrBVKaAtmw9oY34fpkFcuDRYXn2Mj9pWyYMwDhoExcBxZfKyqkzCS3kSwXZMuWPzAGJnSJlERa3dnabk3m+tVc9+O618/6x5h2bOPcjTYZ7Y/ax5P6j3h0VSiVrKjIpDhv8t8u5oXilajlLh6XOPTZ97elpFE0+n1BslTS9vmjb3JDKUlh9/eubev5T+96mp/0T6a+k7ZZVfvvj3S6qocU+aTe6sfa2D6ZlkdGr0FZ8gsCQG5oT/7mpHiDpsilioQ4NNJ+UwoYFDAXsk5jq6cuXV36l+yFY+UzSPi9iohkMWQAGwszqwoViQhQdbuhUoeLx+m6O3ZvMxdMaUsktTyn+ZUn5tasWV0vKruJnCPq9OqbiMR065WvowaWrFNfqkG8M0peyK4X0RYsErhbWaVv7ztPJz0yrOsk9KhffTK86XVlzAPQPNnC+fnv7u36ZtR/rr1DeenvnB8tUXJCmSSQyr1t2GeskRMDrH5rYYlm/fvIOYgDQtn4UZFwITNgqklbL4lBcZw52WTEAvyy1ZcRDBZ1y+k11Q4wwFZm2svLFo6THsXYn1VbA9ez0hnzeMtXglg0O5t9+7OHPet6UV59QmvqxLP/N0eZj/FkuAlyGdo+3hitK8YljC9IqLBlAQj+zmAt1PLz87s+LE1DlfcsZQzwBR+s+np+1c9erlNetvKzioucMEi5pOMhWMBg11Dba9+2G0iXOV3YTQHMU4lqTggIL9FWhXURY5Fsq89/71OVVNbC6vujGrwCUt348JCvQum32uMPdm1eUtjc0mcxSKPFvjy30QiNAvudmWmTn3U/BSNlYqTs2sOIIGYqwVjLTiBO5nluPm5LS5JxilvAn3+jSt/ASS4b80acbcn8Ylj5SU70X1qJJ8LjgrErqc3zSpj+emV5xC4pj4ecbck3+dvuupaTsAhSmlb/5t6ltzq75cu+HG6pr7bHZgxok7KhRCo4BC8I1/3QvHcs5uv92CfWI7wRU0ULBZzWJXcLbw1+pENgRiXb+ZnjP/JFvXwMJTrw4DhTHICvl3WbAkEyTPfP9DqNPk5+4oDgVoEIDCtnec0+cfZX2fH0NNBcPIKJXypD42FaY8fbputh73xKZ/8b28zoV1U2qbfwQCKD/LeQEYmjr766dK/wMQTJm6Y8rU7U9P/deqvzevriEd5E4hFPwFJm22RVeAzEpK5FIjlmT0YJA5uz08vtkGZZLijGmzKVwwNMlR5ha7z26/H4t0Yz3TyrVNiGnmzLyZbAzMucyDmBGaxrlFiyYyRU4wT82pbCUhcaYa5DKLR0jzMGg4uu7MqTqz/IX9JkuvzeqkKHNEPNOq15LKpeenzztJTSP169kRU759lQ5gSbBl5V5m1BOURlHVwmqrP1OBwqkZ5d8CCk+VvjFlakPp1AZgYunKUxARSO1kEwRkBQUK+Y2balUE0CYsuIGIcKIpxYISLDZ4Xots1idvhcbd1YPYONhk8X/9nWPOwp+U4LOq64W2JtbZDCgFg751mIkj782aUdUGMJVVXaI1VWAJiAcmYxI3dUgBbaq8zZnn3HMj4qDUkC73vTw3/zpJMKFyMR2c1cwRgq5CQa1zxalZFYefmrLzb1PfnDKtHglQWLTsCNMtyQzFoVDbGNRBwcvjU2gBTGjLdtPFyzGzyTfcLlKaHdrEvo35LdbNjo6uxMq1P86Ef7KyTYl1Zjaim7NEJJJWeCyAAoturVZwIAyX01QowNGF/y5fdSYUJgNXmvahxfQEKKASJWMbWwWzQHnTRM8CRZNGFBgBCjpB8tTMuT/8pXQXhEdSJZ6a+u4zy44zAwPsUTBP1bQJsbGWSYUedVcv2t2NuZ1gWPzl+hAEcOhmmHQxzrCcV4WCftcVeW+5PgoewebhfGmlDSsg5i06Sr5ECnvHBM8NRDdmVP0yMx/TZjBBEBSUgEfBKpgL6hdeWgsCG386g1jDNO0Iow1zfRQc8PZt+p9Oo5vUyvPzglJz0iNkKEzdgaRCoR2yAksqFJT9e/g+j8penvWRzfU9O95uv3wVAThsh2IgYGAw1T+A80t6aIk0xEasGgeTgBlXLP0eUC/M1nD/QrAAFPAi1lzDyvfpl52zq05Qpwr5kaZ/tlDOGAp5PpEPf1WsjTzAteoeAqm/3t+B7Q9xkgWt1IbVn9eCxSjhuUTblKNjEjTOlKFWwK4vqOnXnyBGlwpFYxUKO5+a+tbfpjVM4bLCwmWHuRLB3Zs1N4WsoIRIsT3e2BqHuu3393zV7XBiC5weHBhht5myqnOhu9s+mu2+EVPOIzwQBBslpo1zabAV+RvvXIMdGqHuvBdbddHu8tSgBEAXSBX5nIoUiYjnt/59c5AtpR30+1wk0GA5Bi1FV2IbRy0nNg3bsgZQ+PVwoJVRpCmgdHhZZ2r5aQGFWRUSFJis8Cag8DKHAlmjJSiwJdKKA/rfba23e7EQEZthIZiDz7gGZ0fJUNCfHcU367MVnh3FmDZ2bNnx5tXyqiYu691RzAPVV2dUXSsMcJKTMEM1q6GRDArTqtrnLDiz7fVzKWXKymg268OX8tVR1hJVWtR3fJPhY6nxCDslrLxcdKBHpr4zU8REpiJQLi1W/6Yp5WdKmfFRTBDvKhNE6b8XLjvF7QosvIUCF6Alsh1csdF3Q+c7/7acuzCAPQ+wr14o7AtH/PzwDSwaSNDpHuKQEvloEDr2Qz6QQz0ZJaaevBLhKYANlzBfABsf7r6H2Z2ZCNngvsU5xC0hGM7Sroti+gWfVm5wk+ItZX3VwhMffHIfJylhQyjmBQvSYSHsRBPa2EqtW2z0skKT1qiQZ86nps/7aRrvdQGCAjRMaFIAUSgSGsBak6cJP2Hq3PNMg5h7EM6Ip6dzsXHqm7hfsOQ0tyt0QGxcu/7m3zfcrNt+r+GN1k8/f3C3HXuU5OAQ9/v4aU82BA57JC+8acR9aOWAjCI7tIHB4OCJE6fti1ceAnufVXUXvgO+mlbyV2lnDZIZb82Yf5fWQj2z/MSlZu8gV2yx7oXHJNI+ihlaVE9hisqi+rGJjaWFmjoU9FJm/L/Abvi9SJL0MEFJdS7MHZ3cUC7bFc7Bsjlz7t5//vtGzab9y1a+O7eyYeac15es3PuPTec31Te/+e7dzz43HT0R+vlqqr0jjXVOmFb50qJezLgsVNXsgIuBWhabHYn9+DVh+yDqDwHAJUOBXizYdcWKRVSOtvupj/ZYqhefgnUIIdG0lp73+g2R1KVRAMclLK6C8aDq2aPvvn+37QHfM5Afi2WzUnSgCXu/yUGEYuFayRi0BmlCaRJQEH0j7gkWEw0F/u0KNCXjwYgcrokkG2ZZL/sYS4zjCYRhZrAhSSA05PKmezyDYKogJhPMd9/jxjl8YTiaESbT3x/t7cN+gwG+TauPn2iYpMR3S8X5iC7aexYXnRpIu7mKQxNpK1dc4gxC7MOHt3D8H7Jhn2KeLeX19fBzTRBKknN5c1/t7Vz1yo/lVQfnLjyp7LtAMmPldWad5DutVCw8uHz1oc+/bsfKwR5Xn8efQIhXH4zeKQR5hKl6gIJ8oCNtjYtqPDQUuCMnz29nVZ58/uXzK1/+iaczPJ3m6czzSGtOq8SJSs+vuTxjnsZwPhr1AUbx8wSFWRUfgoUiuAiLXJEQEs73vkumEh6idHd3cUWc8W34c+E1gI+f74nKDTXxqBqfa8sNe2BQBkAx0iCczCdhNgMKxFoKQrqVQ5IzflSEbTblBgPq8eZ+Opv88FPbxq2ta9ZfffGVi+s2t259/e4HH9v2H/Jeu97fZcX5nLSrbf9gOkVHJ4p9tcGThj0w6OH0BTbgMBaZu4hG/HPPn+wdZDEaCOZEg8LMwm6Gcv1D+fsJTamB3OLlh+CU4kzoXN4ZYeyAILg0MQ2CcwW4qmdVfNDPlgd1cwPR/UQyTFMAVoBySoez20LLAggKVlsPhwLteJXmM65tOCjwgDaEq2DrtYQGCugVQEHarC9jsMMQRwNtNoVYQ2znyUIRs1h3l+s0RU2WuMmSVJoCe7h4+0xWD+qGXZ85dhFz3MugwO1IfLM+sd23aZRQKCqWY/rnTktyCmPbMB7OiMjEILUglmLz1KveJyY0AevLVuyBQ5WJJhWKq2lqWd78VWqg9SgTxNS5F/FDZlR8yKBg9fJISVsiOaAcT57o5wyg29HtJi0RnQeDAW2uBijQkRPiRDl5aRAtFdesAdef4ECnoMrKJA8tZqek8xOuadNNhJ0GqEfZmap8EfTgYBTxsXbrLYftNmoKHoZvwCZ87MxMHH0ZCFHdBgaHiEJbKGm28BwlVxheYCyEwpIXfuRQCPJeJ4tmjHdSP08JXssJTAiYXbbiC4ICH+VnVDngnICCbGnQuaNOzCrf3WXOqfG5OcRxYFMfjC2fP0KYALcjm4y6EWaaNygP97XaudgoVAPbiPvQynG8eg2i8JQYM51AlOLoVPa04Eff9PSYaRZDstvb+UR2H3vBU0gtJi/U38rAyc+1yg7RrngkNuqXISk7tD2soIAWp/gAUhCWvHCSdBW0GcLPs7QNIe1E/askrKFevGI/+LyiTZSdVlQJ2dBUAIW8qZGc1IACdsekbXLQ79j6BCtc2fa4ykLjNNistD1ulpg2rLZgD+gtFqvNKRkWQm57qIOI1ZMsgBjDg4iVjVj5dt8MgjgGh++IIO38zrb+c9PO7+BnVFo8FkL9+Xbf9iFlrz4crE74sxXu/M4CZ8YEBdaCAgqcK6w8MsgaMcYRqqyf4PVWFkmoZ7wTw6DHEa+M9NZwSRmd4O2Ln/9qxrzjrGJlF/JmBsXX0FRUgzg3o+zEjPI9D6y5viE2BwMQPg8Oqo5hr2jss4fZB3ts9g/msBMg7MEd5hRbC8tlIEStdpj7ukx9bg97RDZsqNxlGgSlsxPnLyjZfP6cydSH5OxRKGBjnV29SMiJRYcDGTWbOf3A1O9wqdmGQEFpAzhSIKFmw/wACpLdoc2GFI0pFPge8djZ1W+zZ0U2i3UQvwJ1xmpJhvvsIDQesBMeTeMcizI5texiAVdYeWxwiLo8QyAV2ykq93zEKGvERoECJZv0ipy0pWVZPy1esRdcgbOri7J2YyDxSB5t4Y6aNffblS/vf3XDZ6/WvL9u/c41r3y4teGHd//zM1YKvL+r5T8ftu788NaHu9twNCXSZ1+Z9nzRhfTRZ/fxuHN3O1Zwf/qlGfRPvjB9uPsBiLs+uvv5lywbI372AO+y9Ok9ehf/ypf2eefuPZ0oZPtbl9dvPLl+46kNm8/U1V+kVLPpNChIm7eer224iIQbIr5Wq82GT/yXKJu2nKMXN2xu0pV2ckvDBfyiMxdCUEZwPhlTK1MxCLCPwhUUKKQztLdPZihnDAXl7L2sMokMwwYyMhSG6349FGDLWUJQyGsQhlDIhzkpjjTlvglx0rAwsoC2aXVIsD0vWn5wbc21NTUta2uaX17/yysbbm9ptCOOmaVGG6IX8yfUNjjqVLpyzzPIeXDPXlfvxX83N+CsSyt/i1Fqai3PLLlaUXWeEiwH45XKF5zDcih2XwXr01mezs+ublq2+kxzaxoxV0PpAfhQHhoKU/JcQREb08oEkVA7lXSHjHrW52A+ZQeEVjbS7DBolAzokFSWPP/F9LlHBBQYY5DdjxojKYdC3kYy9wxEzr9M+ajAB7HkBFsvRfEK67Gm1rq5no4ljZFnklyUwlH52rYwkqDgnu8dGRUZNPnleznh8NMlL1hmz7tZVnlX8SPwpHgfdAlbts6ovDncf/PZCguhDUFnVN2Bz6Ji4Y8Hf3SAs44FCqRBIKiVop9VKIQ4GqgXSWugnutVVYl+FSIjiQtZ6u9+6d1eNfXrUi9BIa9BlKtQ0Mc6cyhAz9R4JvPuKCV05Z/YPlNZiM2WVSG2sQt7qSCqnXbaEmfMiT0bNMfPSSfQGSTNv/hbSmQUtv7AjgCLlj+YM/+Wugljq2xgHlNqlW7oXimceSuqfilf8MNPTbByJh8eCjwwmkVIl1+exiaIE/1pWivOTuPFQswhbgNhN1yhyFPU/2alGSGrExRI+xgadepjssKBmRVMg5hadr7AO2Xoti6ECIcCJoidPMyVnNRvPbPsyMsb7rDwRiVe4Z5YByHvwSCfRrex3qXdm6FBczhdwaN0r55Vx25YhNyGLT51Wy7jpC6Y0d7rkxol26wsnlTvadsNHvmI/YIvPff8QURpj0FsFKYbZm2seq5p/8HIt4ed3x5yYeHft4e87OaQa/9hN+6/P+jafwhE14HD7v2HgkjfHTYzMwktGcsVwILDIBNJ5L7/4T4ODT5wKLBflHYQn25K3x1knyiff4V7//epykXHeAC+3vDcNEyMqxYKf536gYhXwM3CpT8CCsrCmJrCJTG6/takugZfESiwddkMQNp/FRxnWO9/biV2b6SltCN0tkHfG/9Ljn0VAQ18N+jqqxULju87HC0ZWzyj1MrgEEenz8VqNZHY+rXp8/D5A6JCps09RqvYWG+xdv+009JPU4kKhbQ0ZWS6/blZc9+bWXFgetmRaRU/ohy+hu4HSAPSV+BRSTPKj/KSm4YJvCgWwqQNaGMTRANunlmGCeLuKnW53NoNJr4SUruXj7Sjj7zd08Ml3XaCLK2p6dYtrW/l+3fqI1byiWcouNEGO/GtPQvzsJiGsgUX/r6po+QRAlyLA0WEilwQYiZWtE2v2NdpJh5gDAWHPzdz7scwAiomI2ONYISIldIiAVeFiyYMobBw6VG+jlaBAmQFCQrUc0F5a0jNhl8PCQW/Hkk1W4J6KEh7+z5s0kdIy6GwzbMrr1Q+d71kvLtfF4tczqCAJVaGUNBokowr+DgUhPVQGI9HDYVigXd6xVKVFURso8IVNuT335AWyuk2fxyH8yMMdn/asMU/55E26GsZZmVEvih1KiF+c33OgtYxQqFUh4PCEPj8v1SuQD6LqzPKCQrKBKGeiKKDgo4rlBpBwTDUvejUoLU2GkKBcQWNrKCHQr3RjpCjECYM+l66r1Wg4FPm8vFMGqGBBAsGBeAAaBg7FEqLjz91FCrK59yTTPks+wVLkQQUhD9egkLa4cvNmPexYsJi2ooIlDpXqhvf08cYuT8cFIQyKU8QxBVCulMrg+N7foRcLLiCiFcentuPMrVKsW7a19naOmVF3vWJkBUKAFEIhWsjQYFxBQ6FE0owXMFKprPaFfLlZ0cK0B0BCtMKuQKXFd4iKKwaCxSC4wmF/Cbej7JBU6tYODXTQG5QJqCxQKF0FAukhHJfqsgKJ6hraYIwmch9mc7JNoasPEF8xGUF2g7hlKEhuTDcWQlKKJ3b9FBQoIVyhVAwUiY1ssJwM/0jigsShU8QzZoFk0UWzhZN+Z2ejYQGqBU0TbSUjJ/MOIwGofgs8lCQZQUdFNLwkahio+IjkExGem3CsO9HufxXhsIuiSsoyqSR2DgxxwjoYFQIhdZxEh4LxEaBAJHGEttoIJbr1yqpjh/s2MJD4EmDuDa9QkwQg3oTE6DQ7VXERiErKK4j7cLtIrGsTUUD8jRQaJKVSSyqhwWaG57zmzIZTRBFOPyYJYY81AomCO1BDw9/CIDB6616zWLCZAXJZ5F3XzFZYZ9OVkiPrEE86hrfYaWZkZTJNgNlcuJTXmwcxw0cR0qTUJiEwiQURmVXmITCJFeYhMIkFCa5wiQUJrnCJBQmucIkFCa5wiQUJqEwCYVJKExCYRIKk1CYhMIkFCahMAmFSShMQmESCpNQmITCJBQmrY2TUJjkCpNQmOQKk1CYhMIkFCahMAmFSShMQmFSbJyEwiRXmITCJFeYhMIkV5iEwiRXmITCJFeYhMIkFCahMDlBTEJhkitMQmGSK/zmofCQ++MpULis7rrCt+Wq+MZsifNTZbzqoT9BnmI8hbCF58x5O2lTfzoAiG+8UriJxyNvE6PuA32Bttr481RlWy6+1YbYluu3AYXhSijYhmdO5UNv1vfQUGD7Liu7rvzMYFF+8EEXO/ZqIM0OeEEaoDTIUzpnd+eml39Fx5SJndynjzNXyB8uqB4CUAAFaQOe//9whdYRjxxtekQoSNtw0g49J55bfmH5i03LXvxp6Yunl77YxNNpNTUtef7SjPLjSn6+V+9DbM74UBsI6SYI4EBwhbU1v70JoqAcsRcT27+zsqW8+iG5wjDn74xwRKm4n1FxRpzJYXSy/QU+TAugObX8zPiLCMWg0PCbhoJBUXP4xr4LltwoGa+JoAgURHdKx7MUP032XOmo5b5xggLbluu3DoVhd26bU/nzCy/fLSktvjXrI6eCYS0d/qom9RRz9eR5w8oY84ZxgUK5vEObpExqd3P9jUEBu/peVzf9xiHG52vqOiYcCuq2mpqz/TRoaBrmPPkJmCOGhUKhMvkbhAI/SqS6YMpgR5sDCgtOv/4v88TbFeY2KceAij1XK84VigsFKS9MjFV9fSgoGG3s+1vlCs2F+4A2syMh+NEgcxYc+eJbbwlJgiMfqvGoMoS8A+85470/5ePeKiY+4SDiMrCcn3D6iGpXUKGw/NhvGgqt6j3jCjjifu7CA7fa2IFBBSNvJG7c9Gja/AgGK1Vi+JWgwA6rh5gCE1Phxr4MCr8ta6O6x7NSJts1uPrqDBwaU30bR8Q8v+oQTnkvMer+CWDLRpqFrsubxqCsPvIE0aSBwl+m/XPBsh9/Q1BoLtwzXIECzptgR8tV3sEplP/+oAUHspVMm3e+tOJXGYVFzox49H596FeaaILghuf8iXIEhYXLjxQ7Jeb/k1BQJgXlVIhqdowYzqicMf92efXxS9dCmUy65Jnnm7kMX8AbJkanUBVFvbT4a0NBWD9xQMGpqWX7/jL1P3/LHw1SeAjAbxIKxCHYRuLNazdcYkeOWttLXn+3kx33Nve0fNqauiv6ODLkvAYx4sljDyF5jAkK/LzRpqlzwQ5x+uyxp6bv/mvp2+zoWe6DUM6ZxNEgNb8NKAybwBhwrODZCykc5mwzt5Xcblc33a/QnNV0boKniaaiUGiaMK5wgYwZKtwPP/a/txM/ABoUKIArKKfE/A9AYeM2X02db1yh0KzhDfxsgVuQEl7+x5G+gRxO8LVaTCX2nhyOSccpjlMrLgmn8PhDoUifFf5rel6fbBr2MLgxmxo5FOAKIShATvq/0778X3/YiMNhmMzIoLBjSulbi4gr/E9AATgYfygoh87yovgZtCQwVlSfPtnkdbkDHo+rty9dYrF2dHR5NtbhWM+DU8ouPV1+4+ny6zjDA7EFPF3DiYB4nFJ2nR5V+i9T5jSLx6nlLYKuS9coTS1vFvfDpSlz+Hfx064p4WSRqRVXxKOUrvKKXTX6V7GE0qaxCJorsyuOT5m+8/En/vHYE38nlvDU1HphYlqz/jZkhVXr7g5/dtSIB0E9RKKD5FTAhV59zQNvof54IJVYYCego8Dkg4tVk2IrHUQmjh1m55RXteCUY3bQcfX5uoZrJnPUZmvr7u5CDBGg0Gk29zww9X/znW3h0m+nlX01c953gMUsJX3HHilxykw5caLxo7if993DJXZ47Q84bnzW3OP4FAl8ix1AW/iImV7OM5o0o4KVP73swP/5239+94fXHn/yFSQ+LzBZ4enpr5PhmfMDWVYockrMOKRa6RApnFG8tsYxJ28OEieE6o4Fq27RH0KqEpvnqImOmsFNWfUVLjkyCyPkIZMth67HGfV2uxUBZCXhcDAcjoZCqWA43eNOn71g+/Kbm1/va0f6/KvbOz+88v6uyzs/vPTV3jtf77v79d77uz9t+eCjq6B//Nl1yvbF13d4nitIX+1tQx4QkY0ouKFsX35zlyjIjHsiohAi4oa9u6/9q286Fi76+Kkp//rrlPd4+he//9efS9mnSHjUUEaZ/jLln3/8c/3v/lDz+ydfffzJNb9/4qUn//c/FChM3fH0tDdwYNDilT9xENz7Vc6OCgoobFShsOpVS+HZUa3S0YAjQEHmGWQ/ADPAdMDuqy/RAfVzF548eyEQCsYjYT96PxxJAAYlIqjQ4+4Gh7BYbMFgb5YfMp/qy5lNAbPJZzZ7cXp8lp8z7/Iku8w+JF+gP80pkDuIgoTwJDpA3uPrJYrbm1KOlDfKhkKIgmKpNIgwr23e89gTa9Fbj/1hHbj3Y3949XdPrPvdE/h8VX1UEu4fOqGEJ15+7MmXHnvyBfb5xMt//mvtFI4DSlOm/3fF6nM6rjCRx4jxqYF/BSEjtGyVSY4nmKNzH+gcCi26U+Ra1WMqJWLljdlVN8sWnN695wHa3O/roQjToXTOArGRnQCLfmZQYLwCkmQoFOLEXH//IJBh4ZeKmJzH4+NEICZMlMHBIbPZSsQMj1fFu0CK1WoH3e8PKgeEpTOUDXTcEzEQCNGLyE8UVOuDDw8/jn5ifbb2sSdXsZ7DDd3zx989yRKnjyk9uer3T7z4uz++9LsnVz3+p3VPTW38Wx4Kb5XN27P8pfNr1v9KdoXaQg6xuSG8aVvkmeXt+WACLRSadVAwPlBQHEPOBIXqy5gXplfenV3Z9K/3W03mMPrU63UrbT40hMeSPuUaQK+4XB632xuJRIiUTCbd7OpB6u/vB6W3tzcYDLpcLlDD4TBlS6VSeCQiMhAR2fi7bgBLzkYX7omIQuhFka2vP3HqdOtjTywD9+Z9thJj9/E/rlbHMRvK6EX++BIHx0sPmVY9/oQCqd//8ZW/TNkK+YCD4M2nSt+YWb6rctGB5S9dlLhC26+oQShfUfHMVfUg4tZRnD5rmKdZkRal82tnVzf958N2jz9DfRoKxtDv/X2p3l50tLfEol6g0lmPkUiMKD09PYIZ4NFsNuMT+CBKLBYjitPpFNlsNhvlTCQSRInH41Saw+HQZMOFQoiCYolit3fEotnfP/7cY3+Qe3qVDAVxwzsVnyyJztY/Ft4zKCA98adX/1y69SmuOzw9DabGd2bP/WjBs/srnzm07KVLq2ruqCamtrUbusbnJHJD7bFBuq/34Itq6tyzKy8VQKHyBsb0TIOD61sL5oKCYwhVKLB54c6cyhsVC058tOdOlyUcS8RptUEikbJarbzN7UxsVJFg6u/vpSMfwRXwjEyAAp872EXvyFCIRqNE6e7uFn1M2fCphwJ9H12AhQYKyK9mu58ZylUv3P7En9Y98cf1lB7/E9I6UPgNu6fHJ/644XE1GxE1j/p/Pf5/av70fzf89W9bICE+PePtp6f/c8qMd2aUvT934ZeVi/azBCisuggcEBSgT04oFPKHTDKZ0Y2bVa+6mKBHQSVVxB4kfXKYqUGREBUTQguHDpcWqy+VVV18dunp4yf9FrPfauuKx6PUqckExryJt3m3AgUMYgxT8GaSH6PRMPUK+Lamj/EmeLumj2WugGxUmsgm+ljOJqCAQoiCmYV4jL37AYTHPV/eWPDsnqpnvq5e9I2a9kn3Y0/zn/um8tlvFjy7t+q5/ZXP7kPiJQMEB3jCzfcSFGBaaP/HZtvmRp+q90/YvKAcRxxavNKCcQxfEdmGFTRUq8nwtGH+Lwk3LBBhRtWtGVVwPB6q33HNG8jZrT4r63iTGKWpZFyFAucKonswW0CgQ19i/iYK5AOremUyiqDn8/mIQtIlFxsH9dn8fj9RAoGAKjamRTbIKUSESEEUFKuIMJmUyeI7edoJKKBv5i88OH/RISQMVk3i9O/lG4kuZ9P+CxRGlFLVswf5DYPCfA4FVVZoW73uwcZ618RyBQ4Cwlldoxvh//AWllWfFwfQsvFdRXyi1SBJeRB/wH3QV8uqz5YtOPH8msuHjnR3mROYkDMZPjizJKozTKgSfQbdga6XoeA2M9iYRR8DCjRSCzUID1HQiwIKREFmQIHmFHQtUaiPQRTZcAEWqgYRoAnF6/USJZsZYCavjuTiZR9h4IrOq9T03zMFPSr/S9PNmkeGCQ0lnxhjkKAAu8K99XUOxrcnEArB2no3Es0R775vbX+Q++Sza0uf31dedQrBqIzVg0lUteGThrucyJsALjKzkmWYOb8VM0J51Y9r/nHs1BlPIgkjkpdpbZaOoUwfb16M0iBBIT/8GBSsChTQVRApKYcMBaIgn4AC+szMri4JCv2ijzlXyAgo4AJ7oPKJKxCRuAKIgALNKaJa2aGc1QwMud9692jlc18oOOCcXOLhlDSPo0rVUlJLUBBQ9ex3EhQYP1hXa1NwMJFQEOXXNlpPng7ht6OJOjsT5y9nt77eXvnc0TnVx2dXnStb8DMcSHOqL86Cpaj60hyeZlddKK/+GSykrPpMWdWxZ5efanz7zuVrgzDPMONQOm613ufD1DE0lCVZkDNsO2g+n4c6i0PBXAJm4OEXphBM8JizIcqRyod3kvwCHRmg9eETs3uKXxAb6UVkIz2TstFF2UBEsVQaMERF4ULHExGFEAX5kYFl84T6++J9vcnbdwPzn/l4/qLDbBxzKBCrr36G99yz+Pwe9/zmAI1p6f573A/zr/14SxRC5RDzoEeAb8XqK2tf69iw1aV00sTKjIrYWNvg2rrjltkGZQoKeaS3t7/HnXK6BrusA5ebw1983dmw4+pLa49ULUYl989b9C2qWv3c90te+PGV9T+9/vaVz79uu3s/HUvlYnFI9ENulx89Fgg4U70xprr3pmG5wWiH9QjGRRBAjMUiomugT5aYLF1mq6JM5hRlMmKoTGo0CGQbTpnEVVyZhJyiVyapNKsNXzoIloQllOs2Hlm0/PiiZT89u+y4eoN0AmnR8hP88QSjLz+hJvlefVz2U+G/jooSnlnBilUfcX8U6bkVpzds6drc6JG9hROHA0wNm+ujG+sjdY3mjz+74+wZUJW2DMJJ7NZbVuvdVCoBIjhpKJx7YMq1d2TxGU3mEn25/nTObBnoMoVMZkcyFUFDIsXjfsbLbU5bt08pLJeGo4GseYmYokzGEynqeqFMmqhXAMOHggJ6cThlUoaCpCXaNVBA3+vtCjarky+zH8SPP/Rj1/IXfliy8sySlef4J92ckx7Hnha/QOm0QsHNC6dBWbnml82Nbt79QUMn8jhDocG1sT722rbolu1tFy71uHr8JNzxNr8HHAAQvakobxN0TR8EKZPJ5XSGmCsgm8OEbLE6WR9bO5PJIIdCbzwWZM2L0dft0UMBgzObHZK7BgOYQSEY9Af5FYlFKeEiClQJ3KO38AkBgohR6SIioCMoQfUSFLwul0YX7pUvhT2Ll49PKi0UQhXCSJFoyuXOrf77gSXP/7Rk5QXeW6eW6Hpuqdq1S9UkP+r/tVSHBgkf5xatvLiuzsJ8QtsKPA4TxxgAhU3bYmAM7+20wfgei/liMU8sEo1FU7AG+v3xYLAfCIhG42g2pFDQEwp64UaKxYPRWACJt2U4EIwhG6VQOM5aEtkinliUOhEOJ/SOPxQKSP0VlromXKBBEEaE2AgJQDCD0WgQqtiY04uNpEwOp0GAPQgNIpMdAGMAogFzWL2OnGhb+uIPi1deWrzy5yUvnGRJ6dFTSAoyOCyUJAGFY0W5WbqSP754ir2L9doMVez1pS+c5RlOLXnx7HPPX3ylprPukW3MtVrPQsG/qPyNDewr6rbxVO/e0njvxu0M8/v0JTiftsFfQ1KeouezydMEZ6Ik0SuXMAOKNhcKvNw1+myyBsF8EJo+Rq8UahBaKKDPDKFAU4MeCuL7CAqUTYYCUQqUSZOdQ6GjfyCZSOXWrDu65IWLi8EYeE8DE4uJSTBAXFr8wjkkzjYu8BvlHjf0r8XSvfiXNr1wcemLl/+xsauuwVM7ccaDQkcDzUGbtyTrGhw7d7dDNsqy4Zcini23uRilos2HgwI1piEUhC0Hg9Owa0pQ6MDAAN7BPyAAQj4AFPr5BSHTyS8QkYeIKIiI4DNEhJrQo164p9JQaXoRN/QieIxTvZjXiX8vZcOFGyptoD/Z0+N2dnucPbZUEo6x3NkLoedXn4RUv2J184pVLStWtS5b3bLs5Wt4fP6l1qUvX8MjiPgXuwFxVcvzLFs+sfwsTwvyswyrry9/iSVQlq+69sKaG3/f0LF5mwuBAkiPGI9EL8qehdphAteUzFv7wRJutyX7+ocGBiDYo5Vcos0HBtL4E20OTk6NiWkeIhplQ2tT06EN8UiNSc0r2lz0oNzmQAyVhl7DY4kwIuG5iNgo5EFhUZZ9EAKYGg0C9CJio6E7ikQYupxO2KdtXabo+x/drttu29QYggG4rrEHYt2mRh+/d2/a7oa0j9GMT0q41zxK93jLze99POHezS08/s1bJ8b3yEJRtA6nAqg1eL/a5/YH0+CCmBMxFyjWFaZBkKBn0OaGXSNEdUOJXrQ5Fxuzeole9kz2PZQGgWoVUSZFNkNl0tAdpSqTDi4ts5CKbqcHIRSgt93vq21sh8a1sT7E5KwGN24w3XIjnd9A9S/yqLnPd0xwQuPVFDag/UZ/w9st3mAOLnoYBOErgu2GDyEGBbPSxZbepIBCWO/QEYMZbU59TFAARIaDgqFyV0Lv4BJQENCDTUkPPcE8xPdpoECl6ZXJ4lAA8BWuwLxkDAr4Tc4eL6Bgsz2IhIdOneutbbTlPTeFA0vTvsVDiic2ZLlhWC+D9rHBCyZx7bobPzUUTlBjqm2ekdscEQWkXgooyKPUcPiRU1CGgt4FqIVCll8Q9yA20neDK5ArQXZHEdzwKfxMECnoRcxVVBtyR1GBQh7EzETvatxRlE24o1AsUfAvjicziKgAezc7BGXHZEn+d1d7bYMTqhc31jJTIHQw1qAsFW163YTNPI16PI0TFAzQUGC1JDS7ahvNO3cHYFKzWLtD4Sj9fNHmaISsekGmpsakNieHjsgm2py6BhQSG+Vsos2RWXQN8tO71ObFlMnhNAjiSA+lTJIPwlCapdLyymSGuyrgQLF2DqZ7yd4SDkHntN2+E339rXa2UgDBx2yOcG1i08TwTV/E4G/033HxQRvWB3MZ0x4VD2QIM92mRufb/757vxNDHz/fJLzBBQp8JqtR4A27ZpTKZBENQqtMEhRGVCapWuit4lAQOqdGYzG0KxQqkyKbCSKwgILN2mUyeS5fi2/dfp+z1pDSrxrm3MjjRYsM8Ql3KBh8HUFBrRiTcrbueGDtzsHjQj9VhUJGQAEIyWU1XQMXoDKuqGtocIuuQVMTe5ahQCxBDwU5MAC9xqDgUy9MIeR8gqxAFJRIPioQiYIOw+yuyQZMJPglsuES2XBDFNSA8uBCyVQaCtFnwzdSTnjWC7P1RmK5E6fcdQ0PWINibDHOzzVA1d9PaBgpmvRXTUw6UfhQkC+mQFBCx9mLMRc8gEk3/6W9mAHVxmQuwBRvJzRF4c9nBke5a+TGlNscU7zIllQvP79ABOyoT9Hjor/wmNcgiiuTRXwQEBuHUyZH747Ki402ByYvMpLDwEBWNlRJDBq4Xg4c7NnSYGU2OygUKhSKTdX5hQb+X23poySO+NWIBLauBm6nw0ediD3H70JMLzWdaHMmNmaFD8JCHiJJa9OKjXhdFhtlDUJuc9BHFhv1yiRQQ1zlUZRJ8X0P65mU7QqoALEyAYXevjgMkR1dsW/22+rqO/mYU4baqLzJw2UYUR0dhzhmbmluNJ8+kzJbImRF6O0bEm1eqEEobU68XW9XkNtcZNPYFR5amQyoF/mEcKHdwfNBgdCAR7yJT5GNHEi4UHswHFCQuUg23OCRcsbUS2RDISIb5cGFmQruE/JjSdkiammYRYJef+67Q666hntw603oErZHNDMr0xZZQRo6jxz3wtHMf5OPt3kcLmNqTPql5MkjF51okHxjhvLZRGMS56ds1AtyacXbXBDxOEax0VCD0MQ2ygFtQkzViI3DiDA2srLBSkrEUIikSxs3xuEr+sEHO03Jwz866hpsTMMcaRDnZ41fQWwkm8G2AAm2bGqA6ri968cToS4z5N/OXHaQJlS3y05BXMYahF65C0yID6JAg0BxRTQW1FVdRDUqzySpwsU9k1Sa0CA00ixdBAXkRJX49GHD2iwqDJ56BGvAo/nTmWDDjpu1DQ7u6wuOPE1MMBRkExYTXOph7bY1vnGn5QaWBAYg+kAVyvexy0lzMUEBvxQSWxEoiD6Ww05lKBBRtivolbthoTCoXsiBqQXTM6pFLiVMUeTzwIXOo2z4Gsz6oKB7iAIgIxuI+KQXyR3VzS/c4BGvo/bd6oV7yoZCiIJilXr0D3R32x0OZilDu6QHhtIDg6gSZUMlscgOS/OQ0dkNQ6fJ5gjf68y9/g5s+2EOBSkkVbLqqGJjsFbrRJ4Ie3OQu6GZ7QuP77zntdpziXh/T/d9l8Pe42A/YSjdC6sJovfs3fildsQcoInQetTm1OyizalrcKEdiIKWEdlED1LXiDZnbam2ObJpuobcUXK2h/BBEPORxUaTyfSIAW1ChDEUG1FyodiYE4NGjrxFyF5HR/eeL69DydywNbKhPkWuCj5xuBQtbluEJczZ2wKql4g7olg2F7/3cojwdSlKUtY180ReKzctiOCjP0AKLddpGQRRTl29i4eiRDZu64UltK7x7r7v7nR1YTGqyeNyU3QSFgkLNzRc0sXFRo0LUNbaRlTuioiNI7ujNIqNoftrxNVRGmm2+OoovTQroIDKEBTIFi6gIGqilJXlYfsWRPunLlxOvvnO/brGLjY9s/5IkO0BrkjWi9t4PxW4MEJGKViYOJHDSJZPgQkJSQra2DcCIg1uaApv/+t+2z0sFc9hIoNOKNYXQU8Wqw4xHGUoaPw+eigMp0GgNDRL8VhDvdaGNqfGVALaxCATUBDfZ7Q6agSECmeEqJboY41rhAo0sivYxOQnuAKqRETBFfLMI0tTqQ1KJrYDiCdzPxzp3rL9DvzR6JhN9Ulu8eWCG09i1mAWwII+NsRBkA99MfpDss+iEAoh/nW9GxvsW7bfOvaTJ9nLAg8RlAbxAD5GyFgC4nKbE0VwBX02wbBBKe6kNjT56KEgRqm0TpVzhYx6QdCz8YvcUbhQA7t6QbIgIuYtPCIbak8UQNvBL9AxvRER8xC9SO4o8lqJ0nBP2SArEAX5iYISHOqFCtD34rsoGyQdUWH6RofNjgBd9pwdiEa9COaE1n7zztCXe2GUbN/SCP3C9Vp9gPclCyHMdyetUeR9ubG+R5oXDFN+HhECAZVJEwQmo9oGE2aovd+5PIGc05XEoHDYTdFYEL9pKJtJ9qboJ2BIyG1Ov0K0ObBO2UAX2fCriYjmIgomfpFN7hoqDW2uySZ3Df5r2Obykhg3KTZ6DUKemB82tnE0PoiC2EadBsGVyRBhX2ZUUtANsdlMOMKDvi2QiULpoRx2HNt3wNKw4w766bVtQdZtbOCG2B4GZAEkeaKRRAoX9bpiGVRBUKuyE4kBEA7AKmJcLonAe16/4/pX39zHWMXOEWgDu8PJ9i2xdkYiIfI4C7YnNyamA1mDGFGZnKCANsUHIUNBr0xqJ+ZhYhtFNqFMCoOBRpnUxzbq7QqiNFmZJAqAKH65fiqFJQY4wGThckNEBT4wHnO37w58e8gLGWJLI8QIM9TOWkmW5MOaUoRCYwpTRORBfLoqIYKduOoau2tZaQ/e/k/XgcOeO+19dhsJNFjEkcbQJ+sIjEhUYcGNC8aVy13ojlJmQI2fSa/no2VEK4kGEW1uCAVN12iUSbZQTtiqyGJI5ioikuWLiGQxxCUouCEiuaOI6FcvsmcRkZxMZNAkxxVe0ZRG5jDKRnnEl9KLcfWSv4JeRAMRBVCApZIbKyOBoNsfwAIvmNsGopFMNJa7eSe+b3/7W/+6VdvYykTLBhdN8K9tTW7cluIypgYWHAFb4/gvEwJYhhAZi2obbrzz3zv7vutqvRX1+XPYECIeG0CdA0EP/1IvrzCrCfxM3LSIqPOQ8gOSCZ/Sln7xo4TpFjdKLu5nUn9XRM5GbS7eFdlEg+tLk9tcEMnCSznxWCKkWX0U05h9ECNutWG4JEZZVC8pGkWUSbJ6CTZLnhsYJYkbY6UXVgmysGk2tjBM4Wnrx9jCepIO80CHOXf1l6HvDkf+u8te/8Z9TPBABhgGSw1WJdFjo3nLdguGfm3jvca3Ot553/z9kejV1mwgkuvxsq2lMKNCduIcKE1sltgS52csdB0doJHB9fLg6JXJ4TSIh1UmR3BHjcEzSZ0nvk/2khUPaBulO0qvTBpOpSoULNydr4dCmqNh0OtBaSaonYFACrt5IPX15zo7Y7fvhH6+4m65mbxwKdp0NnzoB8e335kPfG/+8ajzws/x1pupLku2rT3aaYp2mSIIUR/iy5J8ft55lk6+udUgn9m4yZypjgZQKKIayMqkLAyJCYWgIGsQmj0thgtzNdQg9FCgrimIVyAXuGEgArm6ySlORJpHhFOciHK8Ar0oTxAJ9RIudjFl4KLSaM2uYTaii7AGkQ28l/n1/b5wNCKV5sVKYe6J703E+5Cw7gqV9fs80UggmQj3Jvx9KZQDaQZGTG8i2R+PD8VjuUBoCLvKeT2pUGggFsuwdxP4pXbkDASwhUgI78YTYXAgrxffEUJYYjyBPBTV4QEJSbSSCB1AJUXdNG2OC1DQZEP369ucfFQiXkHMI9Qg+i8VPYjSkA1yntzmIl6BQklGtTpKs6jeUGzU78hhKDaOGMVkqEHo2WyhBtFLhrxQJExRwi6XUywtQgAEG6lmB5YYZNVtZfhedB09PWbO2xl754FljCuh3QqnNhMs3GgMmmWgH8KJACLaneIKgBXiBGCI4kuF2AjxRWM4KbSTumlMj9YdNXxAGz71K9IezgehqdajeCZJY5G32hhDQNtwyqSGzUpzlkmd2mB+oE0kCmx2NkTMWpheh+Xl1E8Q6TB3YKZQVpfyLmUTCjPZ2bG+OKtAIUmWK7vDlVVy5ey2HpIG+NTGOh7b2PCNbbhxTP1SDgUm0IipDVBQovut+RVwpEyO6JmUZsCJ9EwO8Yt8iWR5QLWIiGrh5xERPUREYe4Q2VAt2Y5BFg+yRJG5g7KhX0VpuAcFmfFfIqL2lI3MHZQNfaw3MQ2pF71oc9jRykSBEo+hCSJ+C8YAfhaI8GzB7mR3mBPJyNAQM22hF2Hpsdl7sNM1tE0kbBaJPgYRCVyBv5gFuwUykK3H5UsPsjxIPU6vw+5CNhSC0hCJic2tHCjfzhYBsPrzL4WYRYY4cGOqGziwZGJKExH1xKNoTPx22cQkfqnoGgwJohhmI3cUiGh80eYiG5mY8EnWP1A02QzExuLWTUPDs2YjtyLrICin8EHgu/SG5yIahJ5RZfnqUuLGYmzht1nMXTRYBWNUNx8l6ZIttUgP9potHWQLolUobFMSH9bhYBYwB/wUG4F+6zObHrAlK5bOzFA/EVV+lt98VOVnbJMaDEeJn5mGExtFmxuKjcKhU7xr9KK6oQ9ixIC2/wcjP6B7AWaL0QAAAABJRU5ErkJggg== diff --git a/passivetotal/1.0.0/requirements.txt b/unsupported/microsoft-teams-system-access/1.0.0/requirements.txt similarity index 100% rename from passivetotal/1.0.0/requirements.txt rename to unsupported/microsoft-teams-system-access/1.0.0/requirements.txt diff --git a/unsupported/microsoft-teams-system-access/1.0.0/src/app.py b/unsupported/microsoft-teams-system-access/1.0.0/src/app.py new file mode 100644 index 00000000..9ce1eee1 --- /dev/null +++ b/unsupported/microsoft-teams-system-access/1.0.0/src/app.py @@ -0,0 +1,275 @@ +import socket +import asyncio +import time +import random +import json +import uuid +import time +import requests + +from walkoff_app_sdk.app_base import AppBase + +# Antispam +# https://protection.office.com/threatpolicy +# https://protection.office.com/antispam +# https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-the-connection-filter-policy?view=o365-worldwide + +#create_url = "https://compliance.microsoft.com/api/ComplianceSearch" +#Request URL: +# https://docs.microsoft.com/en-us/information-protection/develop/overview +# https://docs.microsoft.com/en-us/graph/api/resources/ediscovery-ediscoveryapioverview?view=graph-rest-beta +# Microsoft Graph Security securityAction entity +# https://docs.microsoft.com/en-us/graph/api/resources/threatassessment-api-overview?view=graph-rest-1.0 + +# Permissions (Delegated): SecurityEvents, ThreatAssement, ThreatIndicators, Compliance +# !! Have a "report email" internally using office365 !! +# Microsoft Threat Protection +# https://security.microsoft.com/mtp/ +# https://protection.office.com/api/AcceptedDomain + +class Teams(AppBase): + __version__ = "1.0.0" + app_name = "Teams" + + def __init__(self, redis, logger, console_logger=None): + """ + Each app should have this __init__ to set up Redis and logging. + :param redis: + :param logger: + :param console_logger: + """ + super().__init__(redis, logger, console_logger) + self.graph_url = "https://graph.microsoft.com" + + def authenticate(self, tenant_id, client_id, client_secret): + s = requests.Session() + auth_url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token" + auth_data = { + "grant_type": "client_credentials", + "client_id": client_id, + "client_secret": client_secret, + "scope": f"{self.graph_url}/.default", + } + auth_headers = { + "Content-Type": "application/x-www-form-urlencoded", + "cache-control": "no-cache", + } + + print(f"Making request to: {auth_url}") + res = s.post(auth_url, data=auth_data, headers=auth_headers) + + # Auth failed, raise exception with the response + if res.status_code != 200: + raise ConnectionError(res.text) + + access_token = res.json().get("access_token") + s.headers = {"Authorization": f"Bearer {access_token}", "cache-control": "no-cache"} + print(s) + return s + + # ENABLE: https://protection.office.com/api/OrganizationCustomization/Enable?source=HostedContentFilterPolicy + + def list_teams(self, tenant_id, client_id, client_secret, user_id): + session = self.authenticate(tenant_id, client_id, client_secret) + graph_url = "%s/v1.0/users/%s/joinedTeams" % (self.graph_url, user_id) + + ret = session.get(graph_url) + print(ret.status_code) + print(ret.text) + try: + data = ret.json() + except: + data = ret.text + + if ret.status_code < 300: + return {"success": True, "value": data} + + return {"success": False, "reason": "Bad status code %d - expecting 200." % ret.status_code, "graph_url": graph_url, "details": data} + + def list_members_in_team(self, tenant_id, client_id, client_secret, team_id): + session = self.authenticate(tenant_id, client_id, client_secret) + graph_url = "%s/v1.0/teams/%s/members" % (self.graph_url, team_id) + + ret = session.get(graph_url) + print(ret.status_code) + print(ret.text) + try: + data = ret.json() + except: + data = ret.text + + if ret.status_code < 300: + return {"success": True, "value": data} + + return {"success": False, "reason": "Bad status code %d - expecting 200." % ret.status_code, "url": graph_url, "details": data} + + def list_channels_in_team(self, tenant_id, client_id, client_secret, team_id): + session = self.authenticate(tenant_id, client_id, client_secret) + graph_url = "%s/v1.0/teams/%s/channels" % (self.graph_url, team_id) + + ret = session.get(graph_url) + print(ret.status_code) + print(ret.text) + try: + data = ret.json() + except: + data = ret.text + + if ret.status_code < 300: + return {"success": True, "value": data} + + return {"success": False, "reason": "Bad status code %d - expecting 200." % ret.status_code, "url": graph_url, "details": data} + + def add_user_to_channel(self, tenant_id, client_id, client_secret, team_id, channel_id, user_id, role): + session = self.authenticate(tenant_id, client_id, client_secret) + graph_url = "%s/v1.0/teams/%s/channels/%s/members" % (self.graph_url, team_id, channel_id) + + data = { + "@odata.type": "#microsoft.graph.aadUserConversationMember", + "roles": [role], + "user@odata.bind": "https://graph.microsoft.com/v1.0/users('%s')" % user_id + } + + ret = session.post(graph_url, json=data) + try: + data = ret.json() + except: + data = ret.text + + if ret.status_code < 300: + return {"success": True, "value": data} + + return {"success": False, "reason": "Bad status code %d - expecting 200." % ret.status_code, "url": graph_url, "details": data} + + # Dosnt work: https://docs.microsoft.com/en-us/graph/api/chat-post-messages?view=graph-rest-beta&tabs=http + def send_message_to_channel(self, tenant_id, client_id, client_secret, team_id, channel_id, user_id, message): + session = self.authenticate(tenant_id, client_id, client_secret) + graph_url = "%s/v1.0/teams/%s/channels/%s/messages" % (self.graph_url, team_id, channel_id) + + #"createdDateTime":"2021-02-04T19:58:15.511Z", + data = { + "from":{ + "user":{ + "id":user_id, + "displayName":"Fredrik Sveum ØdegÃ¥rdstuen", + "userIdentityType":"aadUser" + } + }, + "body":{ + "contentType":"html", + "content": message, + } + } + + ret = session.post(graph_url, json=data) + try: + data = ret.json() + except: + data = ret.text + + if ret.status_code < 300: + return {"success": True, "value": data} + + return {"success": False, "reason": "Bad status code %d - expecting 200." % ret.status_code, "url": graph_url, "details": data} + + def create_channel_in_team(self, tenant_id, client_id, client_secret, team_id, name, description): + session = self.authenticate(tenant_id, client_id, client_secret) + graph_url = "%s/v1.0/teams/%s/channels" % (self.graph_url, team_id) + + data = { + "displayName": name, + "description": description, + "membershipType": "standard" + } + + ret = session.post(graph_url, json=data) + try: + data = ret.json() + except: + data = ret.text + + if ret.status_code < 300: + return {"success": True, "value": data} + + return {"success": False, "reason": "Bad status code %d - expecting 200." % ret.status_code, "url": graph_url, "details": data} + + def delete_channel(self, tenant_id, client_id, client_secret, team_id, channel_id): + session = self.authenticate(tenant_id, client_id, client_secret) + graph_url = "%s/v1.0/teams/%s/channels/%s" % (self.graph_url, team_id, channel_id) + ret = session.delete(graph_url) + try: + data = ret.json() + except: + data = ret.text + + if ret.status_code < 300: + return {"success": True, "value": data} + + return {"success": False, "reason": "Bad status code %d - expecting 200." % ret.status_code, "url": graph_url, "details": data} + + def list_apps_in_team(self, tenant_id, client_id, client_secret, team_id): + session = self.authenticate(tenant_id, client_id, client_secret) + graph_url = "%s/v1.0/teams/%s/installedApps" % (self.graph_url, team_id) + ret = session.get(graph_url) + try: + data = ret.json() + except: + data = ret.text + + if ret.status_code < 300: + return {"success": True, "value": data} + + return {"success": False, "reason": "Bad status code %d - expecting 200." % ret.status_code, "url": graph_url, "details": data} + + def get_app_in_team(self, tenant_id, client_id, client_secret, team_id, app_id): + session = self.authenticate(tenant_id, client_id, client_secret) + graph_url = "%s/v1.0/teams/%s/installedApps/%s" % (self.graph_url, team_id, app_id) + ret = session.get(graph_url) + try: + data = ret.json() + except: + data = ret.text + + if ret.status_code < 300: + return {"success": True, "value": data} + + return {"success": False, "reason": "Bad status code %d - expecting 200." % ret.status_code, "url": graph_url, "details": data} + + #{ + # "id": "aa39b2f8-3c8d-4ce1-8b8b-7fe02c59ae3e", + # "externalId": null, + # "displayName": "Outgoing Webhook", + # "distributionMethod": "store" + #}, + def add_webhook_to_team(self, tenant_id, client_id, client_secret, team_id): + session = self.authenticate(tenant_id, client_id, client_secret) + #graph_url = "%s/v1.0/teams/%s/installedApps" % (self.graph_url, team_id) + graph_url = "%s/v1.0/chats/%s/installedApps" % (self.graph_url, team_id) + #POST https://graph.microsoft.com/v1.0/chats/19:ea28e88c00e94c7786b065394a61f296@thread.v2/installedApps + + + data = { + "teamsApp@odata.bind": "https://graph.microsoft.com/beta/appCatalogs/teamsApps/aa39b2f8-3c8d-4ce1-8b8b-7fe02c59ae3e" + } + + ret = session.post(graph_url, json=data) + try: + data = ret.json() + except: + data = ret.text + + if ret.status_code < 300: + return {"success": True, "value": data} + + return {"success": False, "reason": "Bad status code %d - expecting 200." % ret.status_code, "url": graph_url, "details": data} + + #POST /teams/87654321-0abc-zqf0-321456789q/installedApps + #Content-type: application/json + + #{ + # "teamsApp@odata.bind":"https://graph.microsoft.com/beta/appCatalogs/teamsApps/12345678-9abc-def0-123456789a" + #} + + +if __name__ == "__main__": + Teams.run() diff --git a/recordedfuture/1.0.0/Dockerfile b/unsupported/microsoft-teams/1.0.0/Dockerfile similarity index 100% rename from recordedfuture/1.0.0/Dockerfile rename to unsupported/microsoft-teams/1.0.0/Dockerfile diff --git a/unsupported/microsoft-teams/1.0.0/MicrosoftTeams-image.png b/unsupported/microsoft-teams/1.0.0/MicrosoftTeams-image.png new file mode 100644 index 00000000..d8986bba Binary files /dev/null and b/unsupported/microsoft-teams/1.0.0/MicrosoftTeams-image.png differ diff --git a/unsupported/microsoft-teams/1.0.0/README.md b/unsupported/microsoft-teams/1.0.0/README.md new file mode 100644 index 00000000..dba1b839 --- /dev/null +++ b/unsupported/microsoft-teams/1.0.0/README.md @@ -0,0 +1,30 @@ +# Microsoft Teams App + +The MS Teams app for sending an alert to Teams and allowing users to manage alert from Teams. + +![alt text](https://github.com/Shuffle/python-apps/blob/master/microsoft-teams/1.0.0/MicrosoftTeams-image.png?raw=true) + +## Actions + +- Send simple text +- Send rich text +- Send actionable message +- Get user input + +## Requirements + +- Microsoft Teams account. + +## Setup + +1. Go to teams section in Teams app. +2. Select the team then select channel you want to send alert to. (__All the members in same channel will be able to see and react to alert/message__). +3. Go to connectors → incoming webhook select configure. +4. Provide suitable name & picture (optional). +5. Copy webhook url and head over to shuffle. +6. Add Teams app in your workflow, use webhook url in app. + +## Note +- If you are planning on sending actionable message or get user input, you'll need to have webhook running in your workflow (Go to your workflow → Triggers select webhook and start it). +- Once you start webhook you'll see webhook url. Copy & use the same in callback_url for actionable message / user input. +- Read more about webhook [here](https://shuffler.io/docs/triggers#webhook). diff --git a/unsupported/microsoft-teams/1.0.0/api.yaml b/unsupported/microsoft-teams/1.0.0/api.yaml new file mode 100644 index 00000000..89ea36ea --- /dev/null +++ b/unsupported/microsoft-teams/1.0.0/api.yaml @@ -0,0 +1,165 @@ +app_version: 1.0.0 +name: Microsoft Teams +description: Microsoft Teams app for sending an alert to channel. +contact_info: + name: "@ShalinBhavsar" + url: https://github.com/shalin24999 + email: shalinbhavsar17@gmail.com +tags: + - Alert +categories: + - Communication +authentication: + required: true + parameters: + - name: webhook_url + description: Enter webhook of the channels you want to send message to. + example: "https://example.webhook.office.com/123" + required: true + schema: + type: string +actions: + - name: send_simple_text + description: Sends a message to Teams channel. + parameters: + - name: webhook_url + description: Enter webhook of the channels you want to send message to. + required: true + multiline: true + example: 'https://example.webhook.office.com/123' + schema: + type: string + - name: message + description: Message + required: true + multiline: true + example: 'Alert...' + schema: + type: string + returns: + schema: + type: string + - name: send_rich_text + description: Sends a rich text card to channel with link. + parameters: + - name: webhook_url + description: Enter webhook of the channels you want to send message to. + required: true + multiline: true + example: 'https://example.webhook.office.com/123' + schema: + type: string + - name: title + description: Title of the rich text card. + required: false + multiline: false + example: 'Title here' + schema: + type: string + - name: message + description: Message + required: true + multiline: true + example: 'Alert...' + schema: + type: string + - name: link_button_text + description: Text you want to print on redirect button. + required: true + multiline: false + example: 'Shuffle' + schema: + type: string + - name: link_button_url + description: Enter a url you want user to click on. + required: true + multiline: true + example: 'https://yoururlhere.com/' + schema: + type: string + returns: + schema: + type: string + - name: send_actionable_msg + description: Sends message to channel with actions. + parameters: + - name: webhook_url + description: Enter webhook of the channels you want to send message to. + required: true + multiline: true + example: 'https://example.webhook.office.com/123' + schema: + type: string + - name: title + description: Title of the rich text card. + required: false + multiline: false + example: 'Title here' + schema: + type: string + - name: message + description: Message + required: true + multiline: true + example: 'Alert...' + schema: + type: string + - name: choices + description: List of choices to select from + required: false + multiline: true + example: Choice 1,Choice 2,Choice 3 + schema: + type: string + - name: added_information + description: Some extra information to be added to the callback. E.g. an alert + required: true + multiline: true + example: '$new_ticket.ticket_id' + schema: + type: string + - name: callback_url + description: webhook url of your workflow in shuffle + required: true + multiline: false + example: 'https://example.com/123' + schema: + type: string + returns: + schema: + type: string + - name: get_user_input + description: Sends message with text field for user to input to channel. + parameters: + - name: webhook_url + description: Enter webhook of the channels you want to send message to. + required: true + multiline: true + example: 'https://example.webhook.office.com/123' + schema: + type: string + - name: title + description: Title of the rich text card. + required: false + multiline: false + example: 'Title here' + schema: + type: string + - name: message + description: Message + required: true + multiline: true + example: 'Alert...' + schema: + type: string + - name: callback_url + description: webhook url of your workflow in shuffle + required: true + multiline: false + example: 'https://example.com/123' + schema: + type: string + returns: + schema: + type: string +large_image: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAK4AAACuCAIAAAAgbqG5AAAACXBIWXMAAA7zAAAO8wEcU5k6AAAAEXRFWHRUaXRsZQBQREYgQ3JlYXRvckFevCgAAAATdEVYdEF1dGhvcgBQREYgVG9vbHMgQUcbz3cwAAAALXpUWHREZXNjcmlwdGlvbgAACJnLKCkpsNLXLy8v1ytISdMtyc/PKdZLzs8FAG6fCPGXryy4AABVtElEQVR42u29iXtURfovnn/qzujozL13ZhwJO0mAJCDKKioIjgNBIAGSIC6jM86IKC64AqKAsgphlS2GsCZAkt7T6X3fsnW6+36q3nOqq8856YSQ+H1+/nKeSj/nvKlTXV31qbferapKcurldrstFovZbA6FQkTp7++3qJfI5vF48Gi1WoPBIFEGBwfxFr2byWSI6PP56EXcECWdTovScE/EQCBAFK/XSxSUILINDAwQEVUiCiopaiKy9fb24jGbzYbDYaK4XC41VwZVJWIqlSJKNErZbN0Ody6bYymXs1rtoJitlngyQbR4PM4oFpvd4WJZeDa73W614seaYpEofUEilTSzbzDZrTbKg6u7u5u+NBqNomKg4NupJvgUPwH1JCJqTpS+vj59m1PX4EJz6buGyqc2p9JENnSNyDY0NDRc1+BfeCzRfx/anUovAgVcMhRENoICXh8lFPx+P7WOHgogPhQUcEUiER0U8tnQGRneydFonBNMzm476kUJj2ZzF6iJRIJe5FBg2bqdVjVbBkggGMViSjbkp2FgsxVAAfUHEVWixkwmk+J3FYECfgtlw7v6rhFtLroGrwsooA01iDGEAtqchq4xFFCcIRTEkBozFPDFIpsojaCAbKg0EalaoOi5AiioEmXDt+v62ISRRBQ0KGXjUMjQSKb2wic6gyEhQ1CwgSKgkM3hJ5h4ykMhFoux7rRqoGDn79ri0QQrPZMlKODCvwy5AlEEV2CIUa+enh7KRlDAzxdcQYaCvs2H4woyFEDXd40YfgZQcKsXWqqPX6g9HtGaeAcgJSJqQ0SMlV5+UTZcKBEZKCdlw4Vs9CJu6EVglvLgZ+CesqEQKk1kQwmiNJQMIijoFSoNlaQXQVTrlsIvJyIalEpj2bwel6cHRF5af1/fALLhLa/HGQ4H+bsDqeSAy+1Hcrv8PA+7QiGUxl4E/pCnty+NbG5XAHncbm8qxerW35cKhwIeF6rhC4Ui9CLoVA38CmpMUMAViIhv71Mv0eaAEf0K1FyfTW5zKk1uc9E1lIfanIgiG9pZlCbaXDQmtblozBIxaMTYEmwWmNWzWfxIouD7iM84nU6RDZCnbPLYIorD4RDZ+NhiF/5LFBSL0lATedCgZKoeqiTzT/pemc0qYysYonGJ34L5W5ONjy2TzdoZDPrZSMrm+vqHTGa72dJtMTvUoZXx+TzEIZRBA44xkLOYu60WJ7JxNovhlQkGfFQ3lZ8NZTJpvZSDcayZ2vDVIhu1OSjU5ihtuKlN0zVym8tsT25zEMGcRDa0P70LBMhTm8LPcrkSuVrEaoyEL0hVVsPvwyV/n5gCRDZ1xi2AgqiWDAWi6KEgs1lAQYioeoE3EgoTFNATajaamFnncSgw3o5xrEgvg2Da962WDou1E31JE4rPHzZbHOh1v1/hxkPpPov5gc32ADmHMv0Km/WFeWkmv99LkxGxWeoDcGaNlCOmNjQy1U0efqLNDYUhAQW0w+ihoB+llE1AQbS5AgXUFcgF3PA+voluiEiP9Im6hvgliLjEu1H1wiNYHDKLFykbLhApT4RfhqWF+aV/UeShuuESFF4YiBGqiVwaZeR5QrEoKzmIbKFYJJzgb/rjcW8o5AyFvaFIOBTtC0WGguEcEsQbpHAwFwlDK+nlJXhYzpArGgvy4uPhUJx9aRg1wa+gGsZRd/G7NL+UKkaNzGoSDIpsRJGz0acgirdEaaIxKfNwpdEroky5NH3XlIxNmdSIjSQtG4owv5oyacTPMqoyyZgBH1ug9DNl0uwwm93djshgOheL5x6YssdOOfd/b/7ki46P95g/+cz06Z6Or/aa9h2wHDtp/6U1kurNpYdy6QymNj/jXNaueCzIhEaw2WSv4Geq1GgsNhbRIMQMCD6hF9VF14woNo5GmZQ1CHrXQJmkHGOAgiymUukaaXZEKAjEFIECqqeHAmQCwT8NoQAeTjYDng3fmwxHYl3mxPWbA0eORXZ93F3X0F7b0FnbaN7cYKlttEnJWrfdXtfYVdvwYEvjvd2fuS5ezd5uHzCZoafYE/EQLy0XT/QxqJm7ICZlcxkNFEQfG0IB0pjerjAara2IBoHX9VAAUYaCsQbRzy/UADlQMzQigExEzCWYbIgosqE2PfxC7fFNIOJHIgMRSUHAhc7DI0n1RMHYRQPJ2bi4HiIKiqXShEgMIipA76JBXfxC/n71ohedrh5UgERiZCMifguV1t8/6IGg73K4euzxWG9/by7el7vZlvjg47Yt29s219s31Qc31sc2bkuwhJv6yMb6kJoi8r+QE+DYuuPWJ3vawSdgYertzbJWSuBL2e8CYwN2qW7oPKoJGpN+LGQ0akn8OpENv5p+qWgl/BZ6Uc5GXYMLP5BKE9nw+gC/RCtRY4o2Z03kdKI0oiCn6EHcUGnIhhdLihhqNLKJRjUQGoRebAQd2QitQmwk2aSIBmEymWSxEa8LsVGjQWgGjapBmLhFhMZWymTq5IPVQZMCPl3uwavNsX9/6KhtbEen1ta7N9X7N9WHXtsWVUEQwSOljQ3BAkBwiLD8DS7OMO7t3mNruZkwm70+bw+3TOSGMjlqENk4JjQIjdhIOfViI2lt1HSGWpth11Bpeq1N7hqh3Ik5q5gGMRqbHTPU8IqOUpk01CCGUyYNNQi9MqmfcRkQLHkpRzLfmtick4V5OPfdIee27bekXkdne2rRtQ2uukb3pgY3wFFb7xUJFIXI82xiycvAsS2xAUyiwbX19duHj9hc7jQZqqFMWrmRylDKkaGgb3OCwpiVSU3XGCqTos2LKZMau4KAnmxXoD5Gb6Fa4vvoRfF9oIt5TkBBo7EMp0yiWPoKJnypk59emZQNrpqpFEID5Hk126AF8oG1E+ofjGzd7ty7O01MFGhwFg5x1t+sp+vdavIWJuW/BAuWvz64qSHKSmgI8ndNH+zuwkSPbxkaGuTuCXYVVybFgCmuTAoFXq9M6rtmRGVSb1dAfipfgYJGTEW5QoTRG7rxKQzdwj5NGgQVqrFuyiKMLDYKEUbwT2GfRgkCT6iA3KCyq0KGHaYDpUGjEdU+7eNGYdZDP1/2b9vRtrHBz/pvmw9ooPENKNAsoE4KweFTiOaOzQ0BDiAgwMnwsQ0FJvD45j9vXW8NdHeH8Y3UJoKf6Q3P8pBAmwuxkV4kfkamNjEkhNgo2B64jjBji2z6NiexkUoTXSNEddHmitgoCnoUZVJv6NYok/gWGQpi0Bgqk8ICU8RmJ/sgZGXSzH2JLhdGQwa63607OSgIxNipv9VR7uWCQrAIDhhQGgQU1GwNXsFC+BTD5hqUuf3Nu9d+iQ9lRqtMUrMbeiaFZl7EHYWWEezcUJnUj9IiGgRpbcXsChqHKZU+SijQ96E0QyiIao1SmSQoaJRJRUZjUOjnRsYMLDcwFCK53MzPdO9+HGoCzQh8vney7twWUfvezyHiUZl/foLgEwclt5QIPX5CAArh0wfK9G+oT+Fzx1s3nN3DQmE4z6TsjhJtjp8GIVrTNXJggEaZlBV4Q2USBRaBAroGb5UwD43XC2qCX8LnATq+OMkvINrLLxAx0yAbiLjBW6Dgi1P8AhEUKg3/xSP5megrUIOkeuHewy98F1FQJpWGT1EaslFpyAYKSkM2ehFE5cVkL3wKTGP0BGBGTKVCfSl8e/Zme652h/W1eh+6EIxdGd/57hyfpEwZamp8O2G1hOBlSyRSVD1YQlFZakzQkPArqJVAxM+hXwooUAtTm/Mfm+Tt4XF7fDHelqzNYxGPt9vr6Q74XalkJJWM9qZigaDH63N6vPZ4IpDqjSZTzLrKC/MHA9FUIknKti+gtHmCF4eaROMR8nhRm5cIqOqVyRHdUXqNhQCI0oYTUzXSbPFBI2ZcvTtf8M8sGzQ93IFkCwVj5EoOR3NvvnsbMgEX7tj4xs3mhtC4Q0Gfdu36paOzr38A9cIkmA4GyVUhu6OGKDDCUGwU7nXWmMwyhp9vRn8TMRpJwnlmZk3uZw415lPLMYq5BykeHyRdBmIjvsJus3Q7LEZaW0LTNaTcFVMmH9EzqbErjKMySZOfxGad3KRoZVNbllmIv/3etmW7RZEDiNUrEsD4972GMWypt313yNXHZrZ+CQomGQoWVeccRplUIi3M3F7OZkAVCpFoEj5SE2JuJCiAYgEUulyJREZAgftgu5zd1uzoPZNB9YpKF1GEzwMvi2zCmSGIwsMhXhSlkXNLk024u6g0cclfQTlFNlETTTZOgassCk4YDHljcXik0jdv57Y03q/l5iOp+4MTxwlkNGzclmp4vc1sSUdjCTBqGLlR/VAgCI8VVRgdwH9XmFpJuJowzyJUQmpz/PwA+50BtGMKBOb0iiIPTK5O2BXhS4vFfHCFINQBlHC4JxZDYIcvFkUjsPLBI+F7w1tI6CzygWEy1bgP1a5JGAe0FdEghDIpi42CGeg1CKGxCLFRFmFIbARF1iCElljEUJNnVOaO/r4MFxsHwxFPpyn+znsdm7f5mHhIUwNTAsO1ZEUYVwRANdVTIELW1lt2f9re1RXHeNUrk8oMmC1oc3UGzAgfBDi8YA9uT5CxFmtnKAzWAvaeGBoM2S3tdksHZoFcFjMRJvdEKGC2W+/ClBII+OjFgcGc4EAi0kKIjZIyCauXbVSeyeLBVcWVSUMoFPdMaqCAiWY4zySTSyydvanBLPvadCgcP3XWCbMP9xpAzeuB5K9CgasDEywocPmUGR7Alq5cTWJagCucvFYQ3biIYJKhYKxMIg8XfdTwuLTb42Chl5Zu+BYGM7mBdC4cybVc95+72HP6TPe9B5luVy6Wyrk8Q12mUJfZ5/fTFDCYTifIK8uhMEjYIs+krNwpyiQ6Eh2DT/wDczMEErT7IL8AZDw6+YVeISIKIqLIhtrrs6GPqTTyM+HCNI/pirwjzE0kZQMRN0RBCU71witEREtRaaikJhveRT0HBvoGB7KBUO6d/97a1OgU1sC8lKBIDBMLBXCFzfXdfGLy7/7M6rCD/3sGBpMDg1k4MBEj6eyxocKDg0NwliFRm+PCDxwYQC8MMT+T08FpLvwi9ksH4z5/D4QDszl75lzsg0+dL/39wtyFx8qqjpVXHy+vOllWeWLO/ONzq4+vWH12x7t3Dx/3Od056Ncof6Av0O10UdNR1+BT3zVwSDmdjrGLjRqfBwmJsjvKUEwtEsUkR4FSafoQchapprp8KBvjny4EpN/HJPPLjSG4mhgngG2xwai3JgwNQlyoq3eSM3PL9juIggkFvWDsMHVA1yXtBjXmRiTGIXr7BmhuQ/gLJgBZulSCsC2OLnPA4819e9C8bOXh8sqjsxdcm1V5Y2Zl24zK+zMq23Ezc/79mfM7Zs2/P7vq9pyqy3Oqjy9c+t1Hn9y61Ra1d5O8ySIHWNi+uaDNJbERjZkp5pnUQwG/QdYgqPMAMWHwGo07CplxTz2qVyZlnXM0nsksm7MQqtXeZYp8/g3ZkfxCgRT8QAHHxDMG2LLItV3X2HHuZ28gwJvb7IB1Qe0VMo6x8Mm+/kEKcQAU+KRgQpwvmcswP2Py6zKnvjnQvWDJ0bIFp+dUX5xTdRU4mFV5a2blHTnNmt/GUuWtWVWts6t/mVN9qWzBT9WLf9yz159J51dwkNyAHqH+KtQgMhOoTD66Z5K4gqxM6mPD8aO4Ib8drdbwZtvGbQGuQHL7YMHUQFZk/4QnLp0w+2aj7cNP73n9MA84i4S50hiCqsEDoYQymYG788bd6Ia6M+VVpzgbaJ9ZdWtmdcucqmYAgo3+wlRWfQWfs6qvAg3IOav69qyqlplVV7ZsPeH2UfwVQcEG4x+HQgZ9xBbz2KyKMplRL8iDFAkJIYAoJM0SUWQjDQJETDlEwfRjUy+IqUSESEEv4oaIZA+nbLineCdaBwEKZk16EZnpRXxCpCAiqkREVFLURK2buzcVzWQHbN05hBEwkzDTHQygMBHWRgNxAZbs+iATVBtc27bfdHshn2PxxQBMhTabAwncGO5s/guYqM4oNkskHMwMsYiH3r643d4BU9PV66nFK38qqz6PvlfYQNWNmdXNhVC4qiZA4RqbOxgUWhTOwQBxc3bVhUUrDv98NTAwlBNdY7Wj/21ev28om0GCsIiW1Lqjxj2gbcJjG83daD7YVq40x6A7bGqI/89CQRgwoLPUNTy4fTdHjqFUb4yEecgJwp7INQg2WKHzq2wvBU0BPbdw6bHZ1ddngflXtajDvZmnVj7ubyDxLs8nRmH/bUFmgZIZlR2zF1ypWnzgXif1DIMCOe1IucsOt1BOtvKO3q5AAUia1VHkYZOd1PLqKKqXZnWUBgrkwBTKpGx+kOYsGwSIoWzu8BEWX8Qjz2iCUGQFpkaKHvpVoKDGOgANlnMX+7mi2w/WBQaggYKb20nRKyGYyiFUZgcQJNdyM7loxY+Y75U+RvdXEwNonlMJnt/KkxYHDArzWxUosFeuckA0M9AAT9VXFy075OhhPc/tCgyUcmwjalWCZ/yPHEjkZ8LE7OMX+gkUolMeXJjdyXEFWUHORjkpGz4pG0rDjSYbLtwTkUyZoFA24bWibEAblYYqUWnktSKiKA1mNSBk1yf3axscSmDBNo/KCfy18mD9NaAQUmJetsEh7tx7APIighO7Q0FPIt7HUgK/FP45NFQggeV2yQj0TFhEfH6X3wevWm5NzQX0PTEDJKXjlT5ulbqZUrOgcJ7RwkSEahUx81sxxZCoAalzzT+O9bhhk0AzpkSb+/mFx2HFRgxBfZydRoMwXHehFxtp3I9NbCTnVlEfRKbH5e8yDbzz3m1AQUQV5Hs9H5rwa4iNG8l5Xe8mu9ZHn9hg9oFUCzORshxb8UGAPdj7+ygeX/FBmCzBXZ+0za48zab5yht8XiAo3OLsoWV29Y1Zct/nZ41m6b5lZuX1WSrnYEoHTSuVN8qqz7638y5fAs6WgAIQ5B/hymSuRL9SB+1O1ig5zg49RESNBoHLcHWU7I6ibDIUqI9xaaCgrEeWlEmNzgkoYDIqjOzIIKy605ze8c9WikiAB3Jzo69W5gQT6Y7SQUGRVCh88r8fmKDlWixtcC4LKJgtHSYsyzVbAQXeSOlwyGcyO365EZ2/aC+GryL0KZyghXOIvKAwS5kjlJSfI6papVcUiMD2wOaX6vNMAalsr1hwtMM8wF1l/YlkPw/v6HDYzahYCfEHcGxi1PhE9xARUBVMmHH+AEuUjdgLZWOeePUihoPSxDxC7+LCfC9PEEQU2WhyoXdFNuY84eXTBCFnA5FqArd7KJTq8eW2v3NzU6NDDTdSY0xYJJK/kCsEC31UQZ3QFxRWo9o8ZRgk6WYcpkbyiEiKoPz3LovHnw4EECbopgkCwfJsevSH+QSBFs4gMCMedSIG7413u1j/seF7bU6+4/MggKwgwDHKxLDC+cfM+TchhGK+2PHOdbipMSvBkyf3YIns6oUJDAkOMVVs7BXOjOJi42gC2uRs46hBwAeR6k33pXNvvNvCxEaKQlMnCG5Z0k0WIkhJ7lH1UeN0Hh40w08QSoR0FK/s+sTOo9ywwDkCQxMSfMe0rIrERkRmwVQajXr9oVxF9SFmI6q6SXJAIRRaZCbxEFCoZhwCdieaIyCNzlt4oOUGlp66IZ2oqz1h6jBpNAgTrSaQoDDahXIaKBBiwMn17igZCiJo0dAdpY8bNo5tTLGM7/73OlY3bORLGJRYtHrVwmgEhY3cBKnBwXhYoMMEBQqq/uQLJ0EB8UW0KleGgquHL9C2mALB2KEjjorq00zar7w1DBRapJvRpwLuAgW1oursB7sfdHRhkDq42oL1wTnYOkvS6YE0v8Cv7A4nEhzrRIH0APnO4XAipdUL49jBL3QPlBBQoHPybOwi5xYu9LHIhkfkxBCnbPjEPWXDfykbWaLIMQZJgoiQDCgbpip6EdlETSgPLDTY/wDsY/cnD7DaSVnjYCAfaCaIoN5PwS2VBaN/GA4xogZBQbBQZFz7vw/2D2AYJAAFbOTjsLvgbcowow7+MgG/l/0GuwuLtmFYnFN1jkPhhqoajAcUqpmtOs9puHH6pVfOW+1YmubEWnKsGh3ozyLeSfJB9PdRDAygUHzdBTH8EVdHCZ8HZZOdC7Q/zSijmDQ+CCHnCh8E7PbmrsgXX5vIrsDlNb8U0BykOHcRxyzTmbYJrW9b0EAmGBOr2MjjprgxA8qkY/9BD/xJmAJIbMyqAW1mbvLlGsQgW6nhys1/5tvZVT+reqNmUngkKJA9ioyS3GfRNm/hEegRyWQQwQ2waNnsbIGXvCSGVpdmEANDjBdLAdlcwn8BUfAbxtEHodcgRr86qiA2HDOuyfnjMVvt9q7XtgWRVGujX3JHeRUbg5gOVImhVqVD75Bincc4a+Q9HSi5ofPMz0mTxWex3nd78lAgZVJtc2Yfu3EbgsIPvKuuj8TtxwaFWzBLo/wZ829Dj4CD+9ZdmBZiHAoOBQpmq9jRiHRc2sDMlIcCR4O67MdUfDsVEXU/Bif1aLbaMNjAjNxRls4Ll7rX1lxZtc68er1lzYZ7L9e0v7y+Y3VN58s191la30Fp7fr2/KNy08lTx5oND0DB5yuvmdbX2ccoQPAAa1pwsbm+9YE512XpsVg7PF7nMFBIQpg4fjpZseAEG7iVRaS/MSU+QTBmw/QI4grtcHEdPeHAemK0m1VwBZrIccH+Zbeztc4YgjQZY8qg2b3b7oCnjE9vaczWdn5h/hayAk3bIJKsADpECjsvjmQFXJjPKQ8+8YoseYCIG42sACLJCqCjSlQavj3DZ1oQmaDALuzdFBkaikfjuX9surRqfccqhoDbLK2/t2r9vdXr7/B0j6c2ft9Gj2uUf7WpdPnx3toNXdy39JBOai4lwA9S1+B4572bwSjfmCHN3FH0oxAkQg3O5TNft/OexZ749CsmM5JpWe3F1nGCwmXF3FR9Fc4IxbpQdXbXx9dh10XFEC/TP5CGlUnWILx8AwrrRKyOKu6OEjsajUGZhFEUUACbhan/o0+7gIDC7m8r7OA7L62/SzgA2yjsfjlb26p1LBtYBdCgj2E0kCTUR6ZGbottYvEK5m+/7wxHh6TVUaZ8QJuiwHts9rtdluiuT8xl1Wfm5Pl/69hUR2OuoLivrnDb5a1Z8xkU3nv/F683SfETYEtMmVQdk4il7AYfg+1J2BVUbsxcF0XsCrRoyxAKIoBO3qpoRLuCYZgrETWro/jadEdfbxyOHDh5r7X0vbz+YiEPUG5W1ah9zB/BD9aoHU8ziPRKm8i/Zl3bK6+ZR8Ub8lBwAgcbt8a3br/fciPIp7Y0nwF7VSjYxTYgPS6P1Xan0xz56FMLoDCz8tr4dP+wE8RVzhXa8F3/2dnMocBHKdkVEHKNBLMewqhjcT+Pxe73+7DzRm8oNBCNDkUjGSRG4YkeKQX8LGcwMBCLZjXZIuEhkY0oyCYouBfZRE4qDZ8ojQqkPKCEQ2nKA7ogEiUczWB/O9TW60u7fLnXtv28tuYOnyYeKFBY9wDdr0BhHSfW3F6z/uaamtbVNTeBG/S3DBpQwBIEFEDcsNWp82gYQYH/a/P2HswOUEk++MiKYFTYjoIBd8Af4btChWHgg4EUyIbBESkah7HVg83Evj3oR5Qi66rqcYYCDJcCCty5xaGw4PSXe+9hmyleDcTYs4qVKPZEswM7EMSTuZZbka/33f7gw2ak3Z+2fLW37atv7n2z78HOXddA2flR82df3vlq330U9OkXt/GItOvjFjxS+mD3L+9/eA3pk89vEUVkw7/oRXzinojIRkQUK7KJ0lAyKHJpe766S9mQ8CLS1/vaP/r4OtXto8/v12xpfmbFpYXLWxeuaF644sozy689s7yF31/j980Lll2sWnK+6rnTlc8dXbDkSPXiw8+uOPHSK1cADkDk5Zq7gjEQPjCPvLrJMnoobGoMcd7Q2XqbxQ4FQy7wWrBVKaAtmw9oY34fpkFcuDRYXn2Mj9pWyYMwDhoExcBxZfKyqkzCS3kSwXZMuWPzAGJnSJlERa3dnabk3m+tVc9+O618/6x5h2bOPcjTYZ7Y/ax5P6j3h0VSiVrKjIpDhv8t8u5oXilajlLh6XOPTZ97elpFE0+n1BslTS9vmjb3JDKUlh9/eubev5T+96mp/0T6a+k7ZZVfvvj3S6qocU+aTe6sfa2D6ZlkdGr0FZ8gsCQG5oT/7mpHiDpsilioQ4NNJ+UwoYFDAXsk5jq6cuXV36l+yFY+UzSPi9iohkMWQAGwszqwoViQhQdbuhUoeLx+m6O3ZvMxdMaUsktTyn+ZUn5tasWV0vKruJnCPq9OqbiMR065WvowaWrFNfqkG8M0peyK4X0RYsErhbWaVv7ztPJz0yrOsk9KhffTK86XVlzAPQPNnC+fnv7u36ZtR/rr1DeenvnB8tUXJCmSSQyr1t2GeskRMDrH5rYYlm/fvIOYgDQtn4UZFwITNgqklbL4lBcZw52WTEAvyy1ZcRDBZ1y+k11Q4wwFZm2svLFo6THsXYn1VbA9ez0hnzeMtXglg0O5t9+7OHPet6UV59QmvqxLP/N0eZj/FkuAlyGdo+3hitK8YljC9IqLBlAQj+zmAt1PLz87s+LE1DlfcsZQzwBR+s+np+1c9erlNetvKzioucMEi5pOMhWMBg11Dba9+2G0iXOV3YTQHMU4lqTggIL9FWhXURY5Fsq89/71OVVNbC6vujGrwCUt348JCvQum32uMPdm1eUtjc0mcxSKPFvjy30QiNAvudmWmTn3U/BSNlYqTs2sOIIGYqwVjLTiBO5nluPm5LS5JxilvAn3+jSt/ASS4b80acbcn8Ylj5SU70X1qJJ8LjgrErqc3zSpj+emV5xC4pj4ecbck3+dvuupaTsAhSmlb/5t6ltzq75cu+HG6pr7bHZgxok7KhRCo4BC8I1/3QvHcs5uv92CfWI7wRU0ULBZzWJXcLbw1+pENgRiXb+ZnjP/JFvXwMJTrw4DhTHICvl3WbAkEyTPfP9DqNPk5+4oDgVoEIDCtnec0+cfZX2fH0NNBcPIKJXypD42FaY8fbputh73xKZ/8b28zoV1U2qbfwQCKD/LeQEYmjr766dK/wMQTJm6Y8rU7U9P/deqvzevriEd5E4hFPwFJm22RVeAzEpK5FIjlmT0YJA5uz08vtkGZZLijGmzKVwwNMlR5ha7z26/H4t0Yz3TyrVNiGnmzLyZbAzMucyDmBGaxrlFiyYyRU4wT82pbCUhcaYa5DKLR0jzMGg4uu7MqTqz/IX9JkuvzeqkKHNEPNOq15LKpeenzztJTSP169kRU759lQ5gSbBl5V5m1BOURlHVwmqrP1OBwqkZ5d8CCk+VvjFlakPp1AZgYunKUxARSO1kEwRkBQUK+Y2balUE0CYsuIGIcKIpxYISLDZ4Xots1idvhcbd1YPYONhk8X/9nWPOwp+U4LOq64W2JtbZDCgFg751mIkj782aUdUGMJVVXaI1VWAJiAcmYxI3dUgBbaq8zZnn3HMj4qDUkC73vTw3/zpJMKFyMR2c1cwRgq5CQa1zxalZFYefmrLzb1PfnDKtHglQWLTsCNMtyQzFoVDbGNRBwcvjU2gBTGjLdtPFyzGzyTfcLlKaHdrEvo35LdbNjo6uxMq1P86Ef7KyTYl1Zjaim7NEJJJWeCyAAoturVZwIAyX01QowNGF/y5fdSYUJgNXmvahxfQEKKASJWMbWwWzQHnTRM8CRZNGFBgBCjpB8tTMuT/8pXQXhEdSJZ6a+u4zy44zAwPsUTBP1bQJsbGWSYUedVcv2t2NuZ1gWPzl+hAEcOhmmHQxzrCcV4WCftcVeW+5PgoewebhfGmlDSsg5i06Sr5ECnvHBM8NRDdmVP0yMx/TZjBBEBSUgEfBKpgL6hdeWgsCG386g1jDNO0Iow1zfRQc8PZt+p9Oo5vUyvPzglJz0iNkKEzdgaRCoR2yAksqFJT9e/g+j8penvWRzfU9O95uv3wVAThsh2IgYGAw1T+A80t6aIk0xEasGgeTgBlXLP0eUC/M1nD/QrAAFPAi1lzDyvfpl52zq05Qpwr5kaZ/tlDOGAp5PpEPf1WsjTzAteoeAqm/3t+B7Q9xkgWt1IbVn9eCxSjhuUTblKNjEjTOlKFWwK4vqOnXnyBGlwpFYxUKO5+a+tbfpjVM4bLCwmWHuRLB3Zs1N4WsoIRIsT3e2BqHuu3393zV7XBiC5weHBhht5myqnOhu9s+mu2+EVPOIzwQBBslpo1zabAV+RvvXIMdGqHuvBdbddHu8tSgBEAXSBX5nIoUiYjnt/59c5AtpR30+1wk0GA5Bi1FV2IbRy0nNg3bsgZQ+PVwoJVRpCmgdHhZZ2r5aQGFWRUSFJis8Cag8DKHAlmjJSiwJdKKA/rfba23e7EQEZthIZiDz7gGZ0fJUNCfHcU367MVnh3FmDZ2bNnx5tXyqiYu691RzAPVV2dUXSsMcJKTMEM1q6GRDArTqtrnLDiz7fVzKWXKymg268OX8tVR1hJVWtR3fJPhY6nxCDslrLxcdKBHpr4zU8REpiJQLi1W/6Yp5WdKmfFRTBDvKhNE6b8XLjvF7QosvIUCF6Alsh1csdF3Q+c7/7acuzCAPQ+wr14o7AtH/PzwDSwaSNDpHuKQEvloEDr2Qz6QQz0ZJaaevBLhKYANlzBfABsf7r6H2Z2ZCNngvsU5xC0hGM7Sroti+gWfVm5wk+ItZX3VwhMffHIfJylhQyjmBQvSYSHsRBPa2EqtW2z0skKT1qiQZ86nps/7aRrvdQGCAjRMaFIAUSgSGsBak6cJP2Hq3PNMg5h7EM6Ip6dzsXHqm7hfsOQ0tyt0QGxcu/7m3zfcrNt+r+GN1k8/f3C3HXuU5OAQ9/v4aU82BA57JC+8acR9aOWAjCI7tIHB4OCJE6fti1ceAnufVXUXvgO+mlbyV2lnDZIZb82Yf5fWQj2z/MSlZu8gV2yx7oXHJNI+ihlaVE9hisqi+rGJjaWFmjoU9FJm/L/Abvi9SJL0MEFJdS7MHZ3cUC7bFc7Bsjlz7t5//vtGzab9y1a+O7eyYeac15es3PuPTec31Te/+e7dzz43HT0R+vlqqr0jjXVOmFb50qJezLgsVNXsgIuBWhabHYn9+DVh+yDqDwHAJUOBXizYdcWKRVSOtvupj/ZYqhefgnUIIdG0lp73+g2R1KVRAMclLK6C8aDq2aPvvn+37QHfM5Afi2WzUnSgCXu/yUGEYuFayRi0BmlCaRJQEH0j7gkWEw0F/u0KNCXjwYgcrokkG2ZZL/sYS4zjCYRhZrAhSSA05PKmezyDYKogJhPMd9/jxjl8YTiaESbT3x/t7cN+gwG+TauPn2iYpMR3S8X5iC7aexYXnRpIu7mKQxNpK1dc4gxC7MOHt3D8H7Jhn2KeLeX19fBzTRBKknN5c1/t7Vz1yo/lVQfnLjyp7LtAMmPldWad5DutVCw8uHz1oc+/bsfKwR5Xn8efQIhXH4zeKQR5hKl6gIJ8oCNtjYtqPDQUuCMnz29nVZ58/uXzK1/+iaczPJ3m6czzSGtOq8SJSs+vuTxjnsZwPhr1AUbx8wSFWRUfgoUiuAiLXJEQEs73vkumEh6idHd3cUWc8W34c+E1gI+f74nKDTXxqBqfa8sNe2BQBkAx0iCczCdhNgMKxFoKQrqVQ5IzflSEbTblBgPq8eZ+Opv88FPbxq2ta9ZfffGVi+s2t259/e4HH9v2H/Jeu97fZcX5nLSrbf9gOkVHJ4p9tcGThj0w6OH0BTbgMBaZu4hG/HPPn+wdZDEaCOZEg8LMwm6Gcv1D+fsJTamB3OLlh+CU4kzoXN4ZYeyAILg0MQ2CcwW4qmdVfNDPlgd1cwPR/UQyTFMAVoBySoez20LLAggKVlsPhwLteJXmM65tOCjwgDaEq2DrtYQGCugVQEHarC9jsMMQRwNtNoVYQ2znyUIRs1h3l+s0RU2WuMmSVJoCe7h4+0xWD+qGXZ85dhFz3MugwO1IfLM+sd23aZRQKCqWY/rnTktyCmPbMB7OiMjEILUglmLz1KveJyY0AevLVuyBQ5WJJhWKq2lqWd78VWqg9SgTxNS5F/FDZlR8yKBg9fJISVsiOaAcT57o5wyg29HtJi0RnQeDAW2uBijQkRPiRDl5aRAtFdesAdef4ECnoMrKJA8tZqek8xOuadNNhJ0GqEfZmap8EfTgYBTxsXbrLYftNmoKHoZvwCZ87MxMHH0ZCFHdBgaHiEJbKGm28BwlVxheYCyEwpIXfuRQCPJeJ4tmjHdSP08JXssJTAiYXbbiC4ICH+VnVDngnICCbGnQuaNOzCrf3WXOqfG5OcRxYFMfjC2fP0KYALcjm4y6EWaaNygP97XaudgoVAPbiPvQynG8eg2i8JQYM51AlOLoVPa04Eff9PSYaRZDstvb+UR2H3vBU0gtJi/U38rAyc+1yg7RrngkNuqXISk7tD2soIAWp/gAUhCWvHCSdBW0GcLPs7QNIe1E/askrKFevGI/+LyiTZSdVlQJ2dBUAIW8qZGc1IACdsekbXLQ79j6BCtc2fa4ykLjNNistD1ulpg2rLZgD+gtFqvNKRkWQm57qIOI1ZMsgBjDg4iVjVj5dt8MgjgGh++IIO38zrb+c9PO7+BnVFo8FkL9+Xbf9iFlrz4crE74sxXu/M4CZ8YEBdaCAgqcK6w8MsgaMcYRqqyf4PVWFkmoZ7wTw6DHEa+M9NZwSRmd4O2Ln/9qxrzjrGJlF/JmBsXX0FRUgzg3o+zEjPI9D6y5viE2BwMQPg8Oqo5hr2jss4fZB3ts9g/msBMg7MEd5hRbC8tlIEStdpj7ukx9bg97RDZsqNxlGgSlsxPnLyjZfP6cydSH5OxRKGBjnV29SMiJRYcDGTWbOf3A1O9wqdmGQEFpAzhSIKFmw/wACpLdoc2GFI0pFPge8djZ1W+zZ0U2i3UQvwJ1xmpJhvvsIDQesBMeTeMcizI5texiAVdYeWxwiLo8QyAV2ykq93zEKGvERoECJZv0ipy0pWVZPy1esRdcgbOri7J2YyDxSB5t4Y6aNffblS/vf3XDZ6/WvL9u/c41r3y4teGHd//zM1YKvL+r5T8ftu788NaHu9twNCXSZ1+Z9nzRhfTRZ/fxuHN3O1Zwf/qlGfRPvjB9uPsBiLs+uvv5lywbI372AO+y9Ok9ehf/ypf2eefuPZ0oZPtbl9dvPLl+46kNm8/U1V+kVLPpNChIm7eer224iIQbIr5Wq82GT/yXKJu2nKMXN2xu0pV2ckvDBfyiMxdCUEZwPhlTK1MxCLCPwhUUKKQztLdPZihnDAXl7L2sMokMwwYyMhSG6349FGDLWUJQyGsQhlDIhzkpjjTlvglx0rAwsoC2aXVIsD0vWn5wbc21NTUta2uaX17/yysbbm9ptCOOmaVGG6IX8yfUNjjqVLpyzzPIeXDPXlfvxX83N+CsSyt/i1Fqai3PLLlaUXWeEiwH45XKF5zDcih2XwXr01mezs+ublq2+kxzaxoxV0PpAfhQHhoKU/JcQREb08oEkVA7lXSHjHrW52A+ZQeEVjbS7DBolAzokFSWPP/F9LlHBBQYY5DdjxojKYdC3kYy9wxEzr9M+ajAB7HkBFsvRfEK67Gm1rq5no4ljZFnklyUwlH52rYwkqDgnu8dGRUZNPnleznh8NMlL1hmz7tZVnlX8SPwpHgfdAlbts6ovDncf/PZCguhDUFnVN2Bz6Ji4Y8Hf3SAs44FCqRBIKiVop9VKIQ4GqgXSWugnutVVYl+FSIjiQtZ6u9+6d1eNfXrUi9BIa9BlKtQ0Mc6cyhAz9R4JvPuKCV05Z/YPlNZiM2WVSG2sQt7qSCqnXbaEmfMiT0bNMfPSSfQGSTNv/hbSmQUtv7AjgCLlj+YM/+Wugljq2xgHlNqlW7oXimceSuqfilf8MNPTbByJh8eCjwwmkVIl1+exiaIE/1pWivOTuPFQswhbgNhN1yhyFPU/2alGSGrExRI+xgadepjssKBmRVMg5hadr7AO2Xoti6ECIcCJoidPMyVnNRvPbPsyMsb7rDwRiVe4Z5YByHvwSCfRrex3qXdm6FBczhdwaN0r55Vx25YhNyGLT51Wy7jpC6Y0d7rkxol26wsnlTvadsNHvmI/YIvPff8QURpj0FsFKYbZm2seq5p/8HIt4ed3x5yYeHft4e87OaQa/9hN+6/P+jafwhE14HD7v2HgkjfHTYzMwktGcsVwILDIBNJ5L7/4T4ODT5wKLBflHYQn25K3x1knyiff4V7//epykXHeAC+3vDcNEyMqxYKf536gYhXwM3CpT8CCsrCmJrCJTG6/takugZfESiwddkMQNp/FRxnWO9/biV2b6SltCN0tkHfG/9Ljn0VAQ18N+jqqxULju87HC0ZWzyj1MrgEEenz8VqNZHY+rXp8/D5A6JCps09RqvYWG+xdv+009JPU4kKhbQ0ZWS6/blZc9+bWXFgetmRaRU/ohy+hu4HSAPSV+BRSTPKj/KSm4YJvCgWwqQNaGMTRANunlmGCeLuKnW53NoNJr4SUruXj7Sjj7zd08Ml3XaCLK2p6dYtrW/l+3fqI1byiWcouNEGO/GtPQvzsJiGsgUX/r6po+QRAlyLA0WEilwQYiZWtE2v2NdpJh5gDAWHPzdz7scwAiomI2ONYISIldIiAVeFiyYMobBw6VG+jlaBAmQFCQrUc0F5a0jNhl8PCQW/Hkk1W4J6KEh7+z5s0kdIy6GwzbMrr1Q+d71kvLtfF4tczqCAJVaGUNBokowr+DgUhPVQGI9HDYVigXd6xVKVFURso8IVNuT335AWyuk2fxyH8yMMdn/asMU/55E26GsZZmVEvih1KiF+c33OgtYxQqFUh4PCEPj8v1SuQD6LqzPKCQrKBKGeiKKDgo4rlBpBwTDUvejUoLU2GkKBcQWNrKCHQr3RjpCjECYM+l66r1Wg4FPm8vFMGqGBBAsGBeAAaBg7FEqLjz91FCrK59yTTPks+wVLkQQUhD9egkLa4cvNmPexYsJi2ooIlDpXqhvf08cYuT8cFIQyKU8QxBVCulMrg+N7foRcLLiCiFcentuPMrVKsW7a19naOmVF3vWJkBUKAFEIhWsjQYFxBQ6FE0owXMFKprPaFfLlZ0cK0B0BCtMKuQKXFd4iKKwaCxSC4wmF/Cbej7JBU6tYODXTQG5QJqCxQKF0FAukhHJfqsgKJ6hraYIwmch9mc7JNoasPEF8xGUF2g7hlKEhuTDcWQlKKJ3b9FBQoIVyhVAwUiY1ssJwM/0jigsShU8QzZoFk0UWzhZN+Z2ejYQGqBU0TbSUjJ/MOIwGofgs8lCQZQUdFNLwkahio+IjkExGem3CsO9HufxXhsIuiSsoyqSR2DgxxwjoYFQIhdZxEh4LxEaBAJHGEttoIJbr1yqpjh/s2MJD4EmDuDa9QkwQg3oTE6DQ7VXERiErKK4j7cLtIrGsTUUD8jRQaJKVSSyqhwWaG57zmzIZTRBFOPyYJYY81AomCO1BDw9/CIDB6616zWLCZAXJZ5F3XzFZYZ9OVkiPrEE86hrfYaWZkZTJNgNlcuJTXmwcxw0cR0qTUJiEwiQURmVXmITCJFeYhMIkFCa5wiQUJrnCJBQmucIkFCa5wiQUJqEwCYVJKExCYRIKk1CYhMIkFCahMAmFSShMQmESCpNQmITCJBQmrY2TUJjkCpNQmOQKk1CYhMIkFCahMAmFSShMQmFSbJyEwiRXmITCJFeYhMIkV5iEwiRXmITCJFeYhMIkFCahMDlBTEJhkitMQmGSK/zmofCQ++MpULis7rrCt+Wq+MZsifNTZbzqoT9BnmI8hbCF58x5O2lTfzoAiG+8UriJxyNvE6PuA32Bttr481RlWy6+1YbYluu3AYXhSijYhmdO5UNv1vfQUGD7Liu7rvzMYFF+8EEXO/ZqIM0OeEEaoDTIUzpnd+eml39Fx5SJndynjzNXyB8uqB4CUAAFaQOe//9whdYRjxxtekQoSNtw0g49J55bfmH5i03LXvxp6Yunl77YxNNpNTUtef7SjPLjSn6+V+9DbM74UBsI6SYI4EBwhbU1v70JoqAcsRcT27+zsqW8+iG5wjDn74xwRKm4n1FxRpzJYXSy/QU+TAugObX8zPiLCMWg0PCbhoJBUXP4xr4LltwoGa+JoAgURHdKx7MUP032XOmo5b5xggLbluu3DoVhd26bU/nzCy/fLSktvjXrI6eCYS0d/qom9RRz9eR5w8oY84ZxgUK5vEObpExqd3P9jUEBu/peVzf9xiHG52vqOiYcCuq2mpqz/TRoaBrmPPkJmCOGhUKhMvkbhAI/SqS6YMpgR5sDCgtOv/4v88TbFeY2KceAij1XK84VigsFKS9MjFV9fSgoGG3s+1vlCs2F+4A2syMh+NEgcxYc+eJbbwlJgiMfqvGoMoS8A+85470/5ePeKiY+4SDiMrCcn3D6iGpXUKGw/NhvGgqt6j3jCjjifu7CA7fa2IFBBSNvJG7c9Gja/AgGK1Vi+JWgwA6rh5gCE1Phxr4MCr8ta6O6x7NSJts1uPrqDBwaU30bR8Q8v+oQTnkvMer+CWDLRpqFrsubxqCsPvIE0aSBwl+m/XPBsh9/Q1BoLtwzXIECzptgR8tV3sEplP/+oAUHspVMm3e+tOJXGYVFzox49H596FeaaILghuf8iXIEhYXLjxQ7Jeb/k1BQJgXlVIhqdowYzqicMf92efXxS9dCmUy65Jnnm7kMX8AbJkanUBVFvbT4a0NBWD9xQMGpqWX7/jL1P3/LHw1SeAjAbxIKxCHYRuLNazdcYkeOWttLXn+3kx33Nve0fNqauiv6ODLkvAYx4sljDyF5jAkK/LzRpqlzwQ5x+uyxp6bv/mvp2+zoWe6DUM6ZxNEgNb8NKAybwBhwrODZCykc5mwzt5Xcblc33a/QnNV0boKniaaiUGiaMK5wgYwZKtwPP/a/txM/ABoUKIArKKfE/A9AYeM2X02db1yh0KzhDfxsgVuQEl7+x5G+gRxO8LVaTCX2nhyOSccpjlMrLgmn8PhDoUifFf5rel6fbBr2MLgxmxo5FOAKIShATvq/0778X3/YiMNhmMzIoLBjSulbi4gr/E9AATgYfygoh87yovgZtCQwVlSfPtnkdbkDHo+rty9dYrF2dHR5NtbhWM+DU8ouPV1+4+ny6zjDA7EFPF3DiYB4nFJ2nR5V+i9T5jSLx6nlLYKuS9coTS1vFvfDpSlz+Hfx064p4WSRqRVXxKOUrvKKXTX6V7GE0qaxCJorsyuOT5m+8/En/vHYE38nlvDU1HphYlqz/jZkhVXr7g5/dtSIB0E9RKKD5FTAhV59zQNvof54IJVYYCego8Dkg4tVk2IrHUQmjh1m55RXteCUY3bQcfX5uoZrJnPUZmvr7u5CDBGg0Gk29zww9X/znW3h0m+nlX01c953gMUsJX3HHilxykw5caLxo7if993DJXZ47Q84bnzW3OP4FAl8ix1AW/iImV7OM5o0o4KVP73swP/5239+94fXHn/yFSQ+LzBZ4enpr5PhmfMDWVYockrMOKRa6RApnFG8tsYxJ28OEieE6o4Fq27RH0KqEpvnqImOmsFNWfUVLjkyCyPkIZMth67HGfV2uxUBZCXhcDAcjoZCqWA43eNOn71g+/Kbm1/va0f6/KvbOz+88v6uyzs/vPTV3jtf77v79d77uz9t+eCjq6B//Nl1yvbF13d4nitIX+1tQx4QkY0ouKFsX35zlyjIjHsiohAi4oa9u6/9q286Fi76+Kkp//rrlPd4+he//9efS9mnSHjUUEaZ/jLln3/8c/3v/lDz+ydfffzJNb9/4qUn//c/FChM3fH0tDdwYNDilT9xENz7Vc6OCgoobFShsOpVS+HZUa3S0YAjQEHmGWQ/ADPAdMDuqy/RAfVzF548eyEQCsYjYT96PxxJAAYlIqjQ4+4Gh7BYbMFgb5YfMp/qy5lNAbPJZzZ7cXp8lp8z7/Iku8w+JF+gP80pkDuIgoTwJDpA3uPrJYrbm1KOlDfKhkKIgmKpNIgwr23e89gTa9Fbj/1hHbj3Y3949XdPrPvdE/h8VX1UEu4fOqGEJ15+7MmXHnvyBfb5xMt//mvtFI4DSlOm/3fF6nM6rjCRx4jxqYF/BSEjtGyVSY4nmKNzH+gcCi26U+Ra1WMqJWLljdlVN8sWnN695wHa3O/roQjToXTOArGRnQCLfmZQYLwCkmQoFOLEXH//IJBh4ZeKmJzH4+NEICZMlMHBIbPZSsQMj1fFu0CK1WoH3e8PKgeEpTOUDXTcEzEQCNGLyE8UVOuDDw8/jn5ifbb2sSdXsZ7DDd3zx989yRKnjyk9uer3T7z4uz++9LsnVz3+p3VPTW38Wx4Kb5XN27P8pfNr1v9KdoXaQg6xuSG8aVvkmeXt+WACLRSadVAwPlBQHEPOBIXqy5gXplfenV3Z9K/3W03mMPrU63UrbT40hMeSPuUaQK+4XB632xuJRIiUTCbd7OpB6u/vB6W3tzcYDLpcLlDD4TBlS6VSeCQiMhAR2fi7bgBLzkYX7omIQuhFka2vP3HqdOtjTywD9+Z9thJj9/E/rlbHMRvK6EX++BIHx0sPmVY9/oQCqd//8ZW/TNkK+YCD4M2nSt+YWb6rctGB5S9dlLhC26+oQShfUfHMVfUg4tZRnD5rmKdZkRal82tnVzf958N2jz9DfRoKxtDv/X2p3l50tLfEol6g0lmPkUiMKD09PYIZ4NFsNuMT+CBKLBYjitPpFNlsNhvlTCQSRInH41Saw+HQZMOFQoiCYolit3fEotnfP/7cY3+Qe3qVDAVxwzsVnyyJztY/Ft4zKCA98adX/1y69SmuOzw9DabGd2bP/WjBs/srnzm07KVLq2ruqCamtrUbusbnJHJD7bFBuq/34Itq6tyzKy8VQKHyBsb0TIOD61sL5oKCYwhVKLB54c6cyhsVC058tOdOlyUcS8RptUEikbJarbzN7UxsVJFg6u/vpSMfwRXwjEyAAp872EXvyFCIRqNE6e7uFn1M2fCphwJ9H12AhQYKyK9mu58ZylUv3P7En9Y98cf1lB7/E9I6UPgNu6fHJ/644XE1GxE1j/p/Pf5/av70fzf89W9bICE+PePtp6f/c8qMd2aUvT934ZeVi/azBCisuggcEBSgT04oFPKHTDKZ0Y2bVa+6mKBHQSVVxB4kfXKYqUGREBUTQguHDpcWqy+VVV18dunp4yf9FrPfauuKx6PUqckExryJt3m3AgUMYgxT8GaSH6PRMPUK+Lamj/EmeLumj2WugGxUmsgm+ljOJqCAQoiCmYV4jL37AYTHPV/eWPDsnqpnvq5e9I2a9kn3Y0/zn/um8tlvFjy7t+q5/ZXP7kPiJQMEB3jCzfcSFGBaaP/HZtvmRp+q90/YvKAcRxxavNKCcQxfEdmGFTRUq8nwtGH+Lwk3LBBhRtWtGVVwPB6q33HNG8jZrT4r63iTGKWpZFyFAucKonswW0CgQ19i/iYK5AOremUyiqDn8/mIQtIlFxsH9dn8fj9RAoGAKjamRTbIKUSESEEUFKuIMJmUyeI7edoJKKBv5i88OH/RISQMVk3i9O/lG4kuZ9P+CxRGlFLVswf5DYPCfA4FVVZoW73uwcZ618RyBQ4Cwlldoxvh//AWllWfFwfQsvFdRXyi1SBJeRB/wH3QV8uqz5YtOPH8msuHjnR3mROYkDMZPjizJKozTKgSfQbdga6XoeA2M9iYRR8DCjRSCzUID1HQiwIKREFmQIHmFHQtUaiPQRTZcAEWqgYRoAnF6/USJZsZYCavjuTiZR9h4IrOq9T03zMFPSr/S9PNmkeGCQ0lnxhjkKAAu8K99XUOxrcnEArB2no3Es0R775vbX+Q++Sza0uf31dedQrBqIzVg0lUteGThrucyJsALjKzkmWYOb8VM0J51Y9r/nHs1BlPIgkjkpdpbZaOoUwfb16M0iBBIT/8GBSsChTQVRApKYcMBaIgn4AC+szMri4JCv2ijzlXyAgo4AJ7oPKJKxCRuAKIgALNKaJa2aGc1QwMud9692jlc18oOOCcXOLhlDSPo0rVUlJLUBBQ9ex3EhQYP1hXa1NwMJFQEOXXNlpPng7ht6OJOjsT5y9nt77eXvnc0TnVx2dXnStb8DMcSHOqL86Cpaj60hyeZlddKK/+GSykrPpMWdWxZ5efanz7zuVrgzDPMONQOm613ufD1DE0lCVZkDNsO2g+n4c6i0PBXAJm4OEXphBM8JizIcqRyod3kvwCHRmg9eETs3uKXxAb6UVkIz2TstFF2UBEsVQaMERF4ULHExGFEAX5kYFl84T6++J9vcnbdwPzn/l4/qLDbBxzKBCrr36G99yz+Pwe9/zmAI1p6f573A/zr/14SxRC5RDzoEeAb8XqK2tf69iw1aV00sTKjIrYWNvg2rrjltkGZQoKeaS3t7/HnXK6BrusA5ebw1983dmw4+pLa49ULUYl989b9C2qWv3c90te+PGV9T+9/vaVz79uu3s/HUvlYnFI9ENulx89Fgg4U70xprr3pmG5wWiH9QjGRRBAjMUiomugT5aYLF1mq6JM5hRlMmKoTGo0CGQbTpnEVVyZhJyiVyapNKsNXzoIloQllOs2Hlm0/PiiZT89u+y4eoN0AmnR8hP88QSjLz+hJvlefVz2U+G/jooSnlnBilUfcX8U6bkVpzds6drc6JG9hROHA0wNm+ujG+sjdY3mjz+74+wZUJW2DMJJ7NZbVuvdVCoBIjhpKJx7YMq1d2TxGU3mEn25/nTObBnoMoVMZkcyFUFDIsXjfsbLbU5bt08pLJeGo4GseYmYokzGEynqeqFMmqhXAMOHggJ6cThlUoaCpCXaNVBA3+vtCjarky+zH8SPP/Rj1/IXfliy8sySlef4J92ckx7Hnha/QOm0QsHNC6dBWbnml82Nbt79QUMn8jhDocG1sT722rbolu1tFy71uHr8JNzxNr8HHAAQvakobxN0TR8EKZPJ5XSGmCsgm8OEbLE6WR9bO5PJIIdCbzwWZM2L0dft0UMBgzObHZK7BgOYQSEY9Af5FYlFKeEiClQJ3KO38AkBgohR6SIioCMoQfUSFLwul0YX7pUvhT2Ll49PKi0UQhXCSJFoyuXOrf77gSXP/7Rk5QXeW6eW6Hpuqdq1S9UkP+r/tVSHBgkf5xatvLiuzsJ8QtsKPA4TxxgAhU3bYmAM7+20wfgei/liMU8sEo1FU7AG+v3xYLAfCIhG42g2pFDQEwp64UaKxYPRWACJt2U4EIwhG6VQOM5aEtkinliUOhEOJ/SOPxQKSP0VlromXKBBEEaE2AgJQDCD0WgQqtiY04uNpEwOp0GAPQgNIpMdAGMAogFzWL2OnGhb+uIPi1deWrzy5yUvnGRJ6dFTSAoyOCyUJAGFY0W5WbqSP754ir2L9doMVez1pS+c5RlOLXnx7HPPX3ylprPukW3MtVrPQsG/qPyNDewr6rbxVO/e0njvxu0M8/v0JTiftsFfQ1KeouezydMEZ6Ik0SuXMAOKNhcKvNw1+myyBsF8EJo+Rq8UahBaKKDPDKFAU4MeCuL7CAqUTYYCUQqUSZOdQ6GjfyCZSOXWrDu65IWLi8EYeE8DE4uJSTBAXFr8wjkkzjYu8BvlHjf0r8XSvfiXNr1wcemLl/+xsauuwVM7ccaDQkcDzUGbtyTrGhw7d7dDNsqy4Zcini23uRilos2HgwI1piEUhC0Hg9Owa0pQ6MDAAN7BPyAAQj4AFPr5BSHTyS8QkYeIKIiI4DNEhJrQo164p9JQaXoRN/QieIxTvZjXiX8vZcOFGyptoD/Z0+N2dnucPbZUEo6x3NkLoedXn4RUv2J184pVLStWtS5b3bLs5Wt4fP6l1qUvX8MjiPgXuwFxVcvzLFs+sfwsTwvyswyrry9/iSVQlq+69sKaG3/f0LF5mwuBAkiPGI9EL8qehdphAteUzFv7wRJutyX7+ocGBiDYo5Vcos0HBtL4E20OTk6NiWkeIhplQ2tT06EN8UiNSc0r2lz0oNzmQAyVhl7DY4kwIuG5iNgo5EFhUZZ9EAKYGg0C9CJio6E7ikQYupxO2KdtXabo+x/drttu29QYggG4rrEHYt2mRh+/d2/a7oa0j9GMT0q41zxK93jLze99POHezS08/s1bJ8b3yEJRtA6nAqg1eL/a5/YH0+CCmBMxFyjWFaZBkKBn0OaGXSNEdUOJXrQ5Fxuzeole9kz2PZQGgWoVUSZFNkNl0tAdpSqTDi4ts5CKbqcHIRSgt93vq21sh8a1sT7E5KwGN24w3XIjnd9A9S/yqLnPd0xwQuPVFDag/UZ/w9st3mAOLnoYBOErgu2GDyEGBbPSxZbepIBCWO/QEYMZbU59TFAARIaDgqFyV0Lv4BJQENCDTUkPPcE8xPdpoECl6ZXJ4lAA8BWuwLxkDAr4Tc4eL6Bgsz2IhIdOneutbbTlPTeFA0vTvsVDiic2ZLlhWC+D9rHBCyZx7bobPzUUTlBjqm2ekdscEQWkXgooyKPUcPiRU1CGgt4FqIVCll8Q9yA20neDK5ArQXZHEdzwKfxMECnoRcxVVBtyR1GBQh7EzETvatxRlE24o1AsUfAvjicziKgAezc7BGXHZEn+d1d7bYMTqhc31jJTIHQw1qAsFW163YTNPI16PI0TFAzQUGC1JDS7ahvNO3cHYFKzWLtD4Sj9fNHmaISsekGmpsakNieHjsgm2py6BhQSG+Vsos2RWXQN8tO71ObFlMnhNAjiSA+lTJIPwlCapdLyymSGuyrgQLF2DqZ7yd4SDkHntN2+E339rXa2UgDBx2yOcG1i08TwTV/E4G/033HxQRvWB3MZ0x4VD2QIM92mRufb/757vxNDHz/fJLzBBQp8JqtR4A27ZpTKZBENQqtMEhRGVCapWuit4lAQOqdGYzG0KxQqkyKbCSKwgILN2mUyeS5fi2/dfp+z1pDSrxrm3MjjRYsM8Ql3KBh8HUFBrRiTcrbueGDtzsHjQj9VhUJGQAEIyWU1XQMXoDKuqGtocIuuQVMTe5ahQCxBDwU5MAC9xqDgUy9MIeR8gqxAFJRIPioQiYIOw+yuyQZMJPglsuES2XBDFNSA8uBCyVQaCtFnwzdSTnjWC7P1RmK5E6fcdQ0PWINibDHOzzVA1d9PaBgpmvRXTUw6UfhQkC+mQFBCx9mLMRc8gEk3/6W9mAHVxmQuwBRvJzRF4c9nBke5a+TGlNscU7zIllQvP79ABOyoT9Hjor/wmNcgiiuTRXwQEBuHUyZH747Ki402ByYvMpLDwEBWNlRJDBq4Xg4c7NnSYGU2OygUKhSKTdX5hQb+X23poySO+NWIBLauBm6nw0ediD3H70JMLzWdaHMmNmaFD8JCHiJJa9OKjXhdFhtlDUJuc9BHFhv1yiRQQ1zlUZRJ8X0P65mU7QqoALEyAYXevjgMkR1dsW/22+rqO/mYU4baqLzJw2UYUR0dhzhmbmluNJ8+kzJbImRF6O0bEm1eqEEobU68XW9XkNtcZNPYFR5amQyoF/mEcKHdwfNBgdCAR7yJT5GNHEi4UHswHFCQuUg23OCRcsbUS2RDISIb5cGFmQruE/JjSdkiammYRYJef+67Q666hntw603oErZHNDMr0xZZQRo6jxz3wtHMf5OPt3kcLmNqTPql5MkjF51okHxjhvLZRGMS56ds1AtyacXbXBDxOEax0VCD0MQ2ygFtQkzViI3DiDA2srLBSkrEUIikSxs3xuEr+sEHO03Jwz866hpsTMMcaRDnZ41fQWwkm8G2AAm2bGqA6ri968cToS4z5N/OXHaQJlS3y05BXMYahF65C0yID6JAg0BxRTQW1FVdRDUqzySpwsU9k1Sa0CA00ixdBAXkRJX49GHD2iwqDJ56BGvAo/nTmWDDjpu1DQ7u6wuOPE1MMBRkExYTXOph7bY1vnGn5QaWBAYg+kAVyvexy0lzMUEBvxQSWxEoiD6Ww05lKBBRtivolbthoTCoXsiBqQXTM6pFLiVMUeTzwIXOo2z4Gsz6oKB7iAIgIxuI+KQXyR3VzS/c4BGvo/bd6oV7yoZCiIJilXr0D3R32x0OZilDu6QHhtIDg6gSZUMlscgOS/OQ0dkNQ6fJ5gjf68y9/g5s+2EOBSkkVbLqqGJjsFbrRJ4Ie3OQu6GZ7QuP77zntdpziXh/T/d9l8Pe42A/YSjdC6sJovfs3fildsQcoInQetTm1OyizalrcKEdiIKWEdlED1LXiDZnbam2ObJpuobcUXK2h/BBEPORxUaTyfSIAW1ChDEUG1FyodiYE4NGjrxFyF5HR/eeL69DydywNbKhPkWuCj5xuBQtbluEJczZ2wKql4g7olg2F7/3cojwdSlKUtY180ReKzctiOCjP0AKLddpGQRRTl29i4eiRDZu64UltK7x7r7v7nR1YTGqyeNyU3QSFgkLNzRc0sXFRo0LUNbaRlTuioiNI7ujNIqNoftrxNVRGmm2+OoovTQroIDKEBTIFi6gIGqilJXlYfsWRPunLlxOvvnO/brGLjY9s/5IkO0BrkjWi9t4PxW4MEJGKViYOJHDSJZPgQkJSQra2DcCIg1uaApv/+t+2z0sFc9hIoNOKNYXQU8Wqw4xHGUoaPw+eigMp0GgNDRL8VhDvdaGNqfGVALaxCATUBDfZ7Q6agSECmeEqJboY41rhAo0sivYxOQnuAKqRETBFfLMI0tTqQ1KJrYDiCdzPxzp3rL9DvzR6JhN9Ulu8eWCG09i1mAWwII+NsRBkA99MfpDss+iEAoh/nW9GxvsW7bfOvaTJ9nLAg8RlAbxAD5GyFgC4nKbE0VwBX02wbBBKe6kNjT56KEgRqm0TpVzhYx6QdCz8YvcUbhQA7t6QbIgIuYtPCIbak8UQNvBL9AxvRER8xC9SO4o8lqJ0nBP2SArEAX5iYISHOqFCtD34rsoGyQdUWH6RofNjgBd9pwdiEa9COaE1n7zztCXe2GUbN/SCP3C9Vp9gPclCyHMdyetUeR9ubG+R5oXDFN+HhECAZVJEwQmo9oGE2aovd+5PIGc05XEoHDYTdFYEL9pKJtJ9qboJ2BIyG1Ov0K0ObBO2UAX2fCriYjmIgomfpFN7hoqDW2uySZ3Df5r2Obykhg3KTZ6DUKemB82tnE0PoiC2EadBsGVyRBhX2ZUUtANsdlMOMKDvi2QiULpoRx2HNt3wNKw4w766bVtQdZtbOCG2B4GZAEkeaKRRAoX9bpiGVRBUKuyE4kBEA7AKmJcLonAe16/4/pX39zHWMXOEWgDu8PJ9i2xdkYiIfI4C7YnNyamA1mDGFGZnKCANsUHIUNBr0xqJ+ZhYhtFNqFMCoOBRpnUxzbq7QqiNFmZJAqAKH65fiqFJQY4wGThckNEBT4wHnO37w58e8gLGWJLI8QIM9TOWkmW5MOaUoRCYwpTRORBfLoqIYKduOoau2tZaQ/e/k/XgcOeO+19dhsJNFjEkcbQJ+sIjEhUYcGNC8aVy13ojlJmQI2fSa/no2VEK4kGEW1uCAVN12iUSbZQTtiqyGJI5ioikuWLiGQxxCUouCEiuaOI6FcvsmcRkZxMZNAkxxVe0ZRG5jDKRnnEl9KLcfWSv4JeRAMRBVCApZIbKyOBoNsfwAIvmNsGopFMNJa7eSe+b3/7W/+6VdvYykTLBhdN8K9tTW7cluIypgYWHAFb4/gvEwJYhhAZi2obbrzz3zv7vutqvRX1+XPYECIeG0CdA0EP/1IvrzCrCfxM3LSIqPOQ8gOSCZ/Sln7xo4TpFjdKLu5nUn9XRM5GbS7eFdlEg+tLk9tcEMnCSznxWCKkWX0U05h9ECNutWG4JEZZVC8pGkWUSbJ6CTZLnhsYJYkbY6UXVgmysGk2tjBM4Wnrx9jCepIO80CHOXf1l6HvDkf+u8te/8Z9TPBABhgGSw1WJdFjo3nLdguGfm3jvca3Ot553/z9kejV1mwgkuvxsq2lMKNCduIcKE1sltgS52csdB0doJHB9fLg6JXJ4TSIh1UmR3BHjcEzSZ0nvk/2khUPaBulO0qvTBpOpSoULNydr4dCmqNh0OtBaSaonYFACrt5IPX15zo7Y7fvhH6+4m65mbxwKdp0NnzoB8e335kPfG/+8ajzws/x1pupLku2rT3aaYp2mSIIUR/iy5J8ft55lk6+udUgn9m4yZypjgZQKKIayMqkLAyJCYWgIGsQmj0thgtzNdQg9FCgrimIVyAXuGEgArm6ySlORJpHhFOciHK8Ar0oTxAJ9RIudjFl4KLSaM2uYTaii7AGkQ28l/n1/b5wNCKV5sVKYe6J703E+5Cw7gqV9fs80UggmQj3Jvx9KZQDaQZGTG8i2R+PD8VjuUBoCLvKeT2pUGggFsuwdxP4pXbkDASwhUgI78YTYXAgrxffEUJYYjyBPBTV4QEJSbSSCB1AJUXdNG2OC1DQZEP369ucfFQiXkHMI9Qg+i8VPYjSkA1yntzmIl6BQklGtTpKs6jeUGzU78hhKDaOGMVkqEHo2WyhBtFLhrxQJExRwi6XUywtQgAEG6lmB5YYZNVtZfhedB09PWbO2xl754FljCuh3QqnNhMs3GgMmmWgH8KJACLaneIKgBXiBGCI4kuF2AjxRWM4KbSTumlMj9YdNXxAGz71K9IezgehqdajeCZJY5G32hhDQNtwyqSGzUpzlkmd2mB+oE0kCmx2NkTMWpheh+Xl1E8Q6TB3YKZQVpfyLmUTCjPZ2bG+OKtAIUmWK7vDlVVy5ey2HpIG+NTGOh7b2PCNbbhxTP1SDgUm0IipDVBQovut+RVwpEyO6JmUZsCJ9EwO8Yt8iWR5QLWIiGrh5xERPUREYe4Q2VAt2Y5BFg+yRJG5g7KhX0VpuAcFmfFfIqL2lI3MHZQNfaw3MQ2pF71oc9jRykSBEo+hCSJ+C8YAfhaI8GzB7mR3mBPJyNAQM22hF2Hpsdl7sNM1tE0kbBaJPgYRCVyBv5gFuwUykK3H5UsPsjxIPU6vw+5CNhSC0hCJic2tHCjfzhYBsPrzL4WYRYY4cGOqGziwZGJKExH1xKNoTPx22cQkfqnoGgwJohhmI3cUiGh80eYiG5mY8EnWP1A02QzExuLWTUPDs2YjtyLrICin8EHgu/SG5yIahJ5RZfnqUuLGYmzht1nMXTRYBWNUNx8l6ZIttUgP9potHWQLolUobFMSH9bhYBYwB/wUG4F+6zObHrAlK5bOzFA/EVV+lt98VOVnbJMaDEeJn5mGExtFmxuKjcKhU7xr9KK6oQ9ixIC2/wcjP6B7AWaL0QAAAABJRU5ErkJggg== diff --git a/recordedfuture/1.0.0/requirements.txt b/unsupported/microsoft-teams/1.0.0/requirements.txt similarity index 100% rename from recordedfuture/1.0.0/requirements.txt rename to unsupported/microsoft-teams/1.0.0/requirements.txt diff --git a/unsupported/microsoft-teams/1.0.0/src/app.py b/unsupported/microsoft-teams/1.0.0/src/app.py new file mode 100644 index 00000000..0c072f89 --- /dev/null +++ b/unsupported/microsoft-teams/1.0.0/src/app.py @@ -0,0 +1,119 @@ +import socket +import asyncio +import time +import random +import json +import teams #We have made changes to pymsteams module so please use teams.py DO NOT USE pymsteams.py + +from walkoff_app_sdk.app_base import AppBase + +class MsTeams(AppBase): + __version__ = "1.0.0" + app_name = "Microsoft Teams" # this needs to match "name" in api.yaml + + def __init__(self, redis, logger, console_logger=None): + """ + Each app should have this __init__ to set up Redis and logging. + :param redis: + :param logger: + :param console_logger: + """ + super().__init__(redis, logger, console_logger) + + # Write your data inside this function + def send_simple_text(self, webhook_url, message): + try: + myTeamsMessage = teams.connectorcard(str(webhook_url)) # You must create the connectorcard object with the Microsoft Webhook URL + myTeamsMessage.text(message) # Add text to the message. + myTeamsMessage.send()# send the message. + except Exception as e: + return f'{e.__class__} occured' + + return f'Message Sent' + + def send_rich_text(self, webhook_url, title, message, link_button_text, link_button_url): + try: + myTeamsMessage = teams.connectorcard(webhook_url) # You must create the connectorcard object with the Microsoft Webhook URL + myTeamsMessage.title(title) # title for your card + myTeamsMessage.text(message) # Add text to the message. + myTeamsMessage.addLinkButton(str(link_button_text), str(link_button_url)) # for button + myTeamsMessage.send()# send the message. + except Exception as e: + return f'{e.__class__} occured' + + return f'Message Sent' + + def send_actionable_msg(self, webhook_url, title, message, added_information, choices, callback_url): + try: + myTeamsMessage = teams.connectorcard(webhook_url) # You must create the connectorcard object with the Microsoft Webhook URL + myTeamsMessage.title(title) # title for your card + myTeamsMessage.text(message) # Add text to the message. + myTeamsPotentialAction3 = teams.potentialaction(_name = "Select_Action") + + if choices: + for choice in choices.split(","): + choice = choice.strip() + value = { + "choice": choice, + "extra": added_information, + } + + try: + choice_value = json.dumps(value) + except: + print("FAILED ENCODING {}".format(choice)) + choice_value = choice + + myTeamsPotentialAction3.choices.addChoices(choice, choice_value) #option 1 + + else: + value = { + "choice": "ACCEPT", + "extra": added_information, + } + + #print(f"VALUE: {value}") + + try: + accept = json.dumps(value) + except: + print("FAILED ENCODING ACCEPT") + accept = "ACCEPT" + + myTeamsPotentialAction3.choices.addChoices("Accept", accept) #option 1 + + value["choice"] = "REJECT" + try: + deny = json.dumps(value) + except: + print("FAILED ENCODING REJECT") + deny = "REJECT" + + myTeamsPotentialAction3.choices.addChoices("Reject", deny) #option 2 + + myTeamsPotentialAction3.addInput("MultichoiceInput","list","Select Action", False) #Dropdown menu + myTeamsPotentialAction3.addAction("HttpPost","Submit",callback_url) #post request to Shuffle + myTeamsMessage.addPotentialAction(myTeamsPotentialAction3) + myTeamsMessage.send()# send the message. + except Exception as e: + return f'{e} occured' + + return f'Message Sent' + + def get_user_input(self, webhook_url, title, message, callback_url): + try: + myTeamsMessage = teams.connectorcard(webhook_url) # You must create the connectorcard object with the Microsoft Webhook URL + myTeamsMessage.title(title) # Title for your card + myTeamsMessage.text(message) # Add text to the message. + myTeamsPotentialAction1 = teams.potentialaction(_name = "Comment") + myTeamsPotentialAction1.addInput("TextInput","comment", "Your text here..",False) + myTeamsPotentialAction1.addCommentAction("HttpPost","Submit", callback_url) + myTeamsMessage.addPotentialAction(myTeamsPotentialAction1) + myTeamsMessage.send() + except Exception as e: + return f'{e.__class__} occured' + + return f'Message Sent' + +if __name__ == "__main__": + MsTeams.run() diff --git a/unsupported/microsoft-teams/1.0.0/src/teams.py b/unsupported/microsoft-teams/1.0.0/src/teams.py new file mode 100644 index 00000000..31b69079 --- /dev/null +++ b/unsupported/microsoft-teams/1.0.0/src/teams.py @@ -0,0 +1,254 @@ +#!/usr/bin/env python + +# reference: https://github.com/rveachkc/pymsteams/ +# reference: https://dev.outlook.com/connectors/reference + +import requests + +class TeamsWebhookException(Exception): + """custom exception for failed webhook call""" + pass + +class cardsection: + + def title(self, stitle): + # title of the section + self.payload["title"] = stitle + + def activityTitle(self, sactivityTitle): + # Title of the event or action. Often this will be the name of the "actor". + self.payload["activityTitle"] = sactivityTitle + + def activitySubtitle(self, sactivitySubtitle): + # A subtitle describing the event or action. Often this will be a summary of the action. + self.payload["activitySubtitle"] = sactivitySubtitle + + def activityImage(self, sactivityImage): + # URL to image or a data URI with the base64-encoded image inline. + # An image representing the action. Often this is an avatar of the "actor" of the activity. + self.payload["activityImage"] = sactivityImage + + def activityText(self, sactivityText): + # A full description of the action. + self.payload["activityText"] = sactivityText + + def addFact(self, factname, factvalue): + if "facts" not in self.payload.keys(): + self.payload["facts"] = [] + + newfact = { + "name" : factname, + "value" : factvalue + } + self.payload["facts"].append(newfact) + + def addImage(self, simage, ititle=None): + if "images" not in self.payload.keys(): + self.payload["images"] = [] + imobj = {} + imobj["image"] = simage + if ititle: + imobj["title"] = ititle + self.payload["images"].append(imobj) + + + def text(self, stext): + self.payload["text"] = stext + + def linkButton(self, buttontext, buttonurl): + self.payload["potentialAction"] = [ + { + "@context" : "http://schema.org", + "@type" : "ViewAction", + "name" : buttontext, + "target" : [ buttonurl ] + } + ] + + def disableMarkdown(self): + self.payload["markdown"] = False + + def enableMarkdown(self): + self.payload["markdown"] = True + + def dumpSection(self): + return self.payload + + def __init__(self): + self.payload = {} + + + +class potentialaction: + + def addInput(self,_type,_id,title, isMultiline = None): + if "inputs" not in self.payload.keys(): + self.payload["inputs"] = [] + if(self.choices.dumpChoices() == []): + input = { + "@type": _type, + "id": _id, + "isMultiline" :isMultiline, + "title": title + } + else: + input = { + "@type": _type, + "id": _id, + "isMultiline" :str(isMultiline).lower(), + "choices":self.choices.dumpChoices(), + "title": title + } + + self.payload["inputs"].append(input) + + def addAction(self,_type,_name,_target): + if "actions" not in self.payload.keys(): + self.payload["actions"] = [] + action = { + "@type": _type, + "name": _name, + "target": _target, + "body": "{{list.value}}" + } + self.payload["actions"].append(action) + + def addCommentAction(self,_type,_name,_target): + if "actions" not in self.payload.keys(): + self.payload["actions"] = [] + action = { + "@type": _type, + "name": _name, + "target": _target, + "body": "{{comment.value}}" + } + self.payload["actions"].append(action) + + def addOpenURI(self, _name, _targets): + """ + Creates a OpenURI action + + https://docs.microsoft.com/en-us/outlook/actionable-messages/message-card-reference#openuri-action + + :param _name: *Name of the text to appear inside the ActionCard* + :type _name: str + :param _targets: *A list of dictionaries, ex: `{"os": "default", "uri": "https://www..."}`* + :type _targets: list(dict()) + """ + self.payload["@type"] = "OpenUri" + self.payload["name"] = _name + if not isinstance(_targets, list): + raise TypeError("Target must be of type list(dict())") + self.payload["targets"] = _targets + + + def dumpPotentialAction(self): + return self.payload + + def __init__(self, _name, _type = "ActionCard"): + self.payload = {} + self.payload["@type"] = _type + self.payload["name"] = _name + self.choices = choice() + +class choice: + def __init__(self): + self.choices = [] + + def addChoices(self,_display,_value): + self.choices.append({ + "display": _display, + "value": _value + }) + def dumpChoices(self): + return self.choices + +class connectorcard: + + def text(self, mtext): + self.payload["text"] = mtext + + def title(self, mtitle): + self.payload["title"] = mtitle + + def summary(self, msummary): + self.payload["summary"] = msummary + + def color(self, mcolor): + if mcolor.lower() == "red": + self.payload["themeColor"] = "E81123" + else: + self.payload["themeColor"] = mcolor + + def addLinkButton(self, buttontext, buttonurl): + if "potentialAction" not in self.payload: + self.payload["potentialAction"] = [] + + thisbutton = { + "@context" : "http://schema.org", + "@type" : "ViewAction", + "name" : buttontext, + "target" : [ buttonurl ] + } + + self.payload["potentialAction"].append(thisbutton) + + def newhookurl(self, nhookurl): + self.hookurl = nhookurl + + def addSection(self, newsection): + # this function expects a cardsection object + if "sections" not in self.payload.keys(): + self.payload["sections"] = [] + + self.payload["sections"].append(newsection.dumpSection()) + + def addPotentialAction(self, newaction): + # this function expects a potential action object + if "potentialAction" not in self.payload.keys(): + self.payload["potentialAction"] = [] + + self.payload["potentialAction"].append(newaction.dumpPotentialAction()) + + def printme(self): + print("hookurl: %s" % self.hookurl) + print("payload: %s" % self.payload) + + def send(self): + headers = {"Content-Type":"application/json"} + r = requests.post( + self.hookurl, + json=self.payload, + headers=headers, + proxies=self.proxies, + timeout=self.http_timeout, + verify=self.verify, + ) + self.last_http_status = r + + if r.status_code == requests.codes.ok and r.text == '1': # pylint: disable=no-member + return True + else: + raise TeamsWebhookException(r.text) + + def __init__(self, hookurl, http_proxy=None, https_proxy=None, http_timeout=60, verify=None): + self.payload = {} + self.hookurl = hookurl + self.proxies = {} + self.http_timeout = http_timeout + self.verify = verify + self.last_http_response = None + + if http_proxy: + self.proxies['http'] = http_proxy + + if https_proxy: + self.proxies['https'] = https_proxy + + if not self.proxies: + self.proxies = None + + +def formaturl(display, url): + mdurl = "[%s](%s)" % (display, url) + return mdurl diff --git a/twitter/1.0.0/Dockerfile b/unsupported/passivetotal/1.0.0/Dockerfile similarity index 100% rename from twitter/1.0.0/Dockerfile rename to unsupported/passivetotal/1.0.0/Dockerfile diff --git a/passivetotal/1.0.0/api.yaml b/unsupported/passivetotal/1.0.0/api.yaml similarity index 100% rename from passivetotal/1.0.0/api.yaml rename to unsupported/passivetotal/1.0.0/api.yaml diff --git a/unsupported/passivetotal/1.0.0/requirements.txt b/unsupported/passivetotal/1.0.0/requirements.txt new file mode 100644 index 00000000..fd7d3e06 --- /dev/null +++ b/unsupported/passivetotal/1.0.0/requirements.txt @@ -0,0 +1 @@ +requests==2.25.1 \ No newline at end of file diff --git a/passivetotal/1.0.0/src/app.py b/unsupported/passivetotal/1.0.0/src/app.py similarity index 100% rename from passivetotal/1.0.0/src/app.py rename to unsupported/passivetotal/1.0.0/src/app.py diff --git a/vulndb/1.0.0/Dockerfile b/unsupported/recordedfuture/1.0.0/Dockerfile similarity index 100% rename from vulndb/1.0.0/Dockerfile rename to unsupported/recordedfuture/1.0.0/Dockerfile diff --git a/recordedfuture/1.0.0/api.yaml b/unsupported/recordedfuture/1.0.0/api.yaml similarity index 100% rename from recordedfuture/1.0.0/api.yaml rename to unsupported/recordedfuture/1.0.0/api.yaml diff --git a/unsupported/recordedfuture/1.0.0/requirements.txt b/unsupported/recordedfuture/1.0.0/requirements.txt new file mode 100644 index 00000000..fd7d3e06 --- /dev/null +++ b/unsupported/recordedfuture/1.0.0/requirements.txt @@ -0,0 +1 @@ +requests==2.25.1 \ No newline at end of file diff --git a/recordedfuture/1.0.0/src/app.py b/unsupported/recordedfuture/1.0.0/src/app.py similarity index 100% rename from recordedfuture/1.0.0/src/app.py rename to unsupported/recordedfuture/1.0.0/src/app.py diff --git a/unsupported/servicenow/1.0.0/Dockerfile b/unsupported/servicenow/1.0.0/Dockerfile new file mode 100644 index 00000000..364e1531 --- /dev/null +++ b/unsupported/servicenow/1.0.0/Dockerfile @@ -0,0 +1,26 @@ +# Base our app image off of the WALKOFF App SDK image +FROM frikky/shuffle:app_sdk as base + +# We're going to stage away all of the bloat from the build tools so lets create a builder stage +FROM base as builder + +# Install all alpine build tools needed for our pip installs +RUN apk --no-cache add --update alpine-sdk libffi libffi-dev musl-dev openssl-dev + +# Install all of our pip packages in a single directory that we can copy to our base image later +RUN mkdir /install +WORKDIR /install +COPY requirements.txt /requirements.txt +RUN pip install --prefix="/install" -r /requirements.txt + +# Switch back to our base image and copy in all of our built packages and source code +FROM base +COPY --from=builder /install /usr/local +COPY src /app + +# Install any binary dependencies needed in our final image +# RUN apk --no-cache add --update my_binary_dependency + +# Finally, lets run our app! +WORKDIR /app +CMD python app.py --log-level DEBUG diff --git a/unsupported/servicenow/1.0.0/api.yaml b/unsupported/servicenow/1.0.0/api.yaml new file mode 100644 index 00000000..4fa62bef --- /dev/null +++ b/unsupported/servicenow/1.0.0/api.yaml @@ -0,0 +1,146 @@ +walkoff_version: 1.0.0 +app_version: 1.0.0 +name: servicenow +description: servicenow app +tags: + - tickets +categories: + - tickets +contact_info: + name: "@frikkylikeme" + url: https://github.com/frikky + email: "frikky@shuffler.io" +authentication: + required: true + parameters: + - name: url + description: The url your instance is at + multiline: false + example: "test.service-now.com" + required: true + schema: + type: string + - name: username + description: The user to authenticate with + multiline: false + example: "username12345" + required: true + schema: + type: string + - name: password + description: The password for the user to authenticate with + multiline: false + example: "pw1234" + required: true + schema: + type: string +actions: + - name: get_ticket + description: Get ticket ids + parameters: + - name: table_name + description: The type to get. Empty as default + multiline: false + example: "incident" + required: true + schema: + type: string + - name: sys_id + description: The ID to get from the table + multiline: false + example: "INC123456" + required: true + schema: + type: string + - name: number + description: The number to get instead of record_id + multiline: false + example: "20" + required: false + schema: + type: string + returns: + schema: + type: string + - name: create_ticket + description: Create a ticket + parameters: + - name: table_name + description: The table to create the ticket in + multiline: false + example: "incident" + required: true + schema: + type: string + - name: body + description: The body of the ticket + multiline: true + example: "{'short_description':'Unable to connect to office wifi','assignment_group':'287ebd7da9fe198100f92cc8d1d2154e','urgency':'2','impact':'2'}" + required: true + schema: + type: string + - name: file_id + description: Optional file to attach + multiline: false + example: "ca0c88a6-626e-4235-896f-ca18c96fd48e" + required: false + schema: + type: string + returns: + schema: + type: string + - name: update_ticket + description: Update a ticket + parameters: + - name: table_name + description: The table to create the ticket in + multiline: false + example: "incident" + required: true + schema: + type: string + - name: sys_id + description: The ticket to edit + multiline: false + example: "incident" + required: true + schema: + type: string + - name: body + description: JSON data of the data to replace + multiline: true + example: "{'short_description':'Unable to connect to office wifi','assignment_group':'287ebd7da9fe198100f92cc8d1d2154e','urgency':'2','impact':'2'}" + required: true + schema: + type: string + - name: file_id + description: Optional file to attach + multiline: false + example: "ca0c88a6-626e-4235-896f-ca18c96fd48e" + required: false + schema: + type: string + returns: + schema: + type: string + - name: list_table + description: Get ticket ids + parameters: + - name: table_name + description: The type to get. Empty as default + multiline: false + example: "incident" + required: true + schema: + type: string + - name: limit + description: The limit of items to get + multiline: false + example: "1" + required: false + schema: + type: string + returns: + schema: + type: string +large_image: data:image/jpg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/4QAqRXhpZgAASUkqAAgAAAABADEBAgAHAAAAGgAAAAAAAABHb29nbGUAAP/iC/hJQ0NfUFJPRklMRQABAQAAC+gAAAAAAgAAAG1udHJSR0IgWFlaIAfZAAMAGwAVACQAH2Fjc3AAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAD21gABAAAAANMtAAAAACn4Pd6v8lWueEL65MqDOQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGRlc2MAAAFEAAAAeWJYWVoAAAHAAAAAFGJUUkMAAAHUAAAIDGRtZGQAAAngAAAAiGdYWVoAAApoAAAAFGdUUkMAAAHUAAAIDGx1bWkAAAp8AAAAFG1lYXMAAAqQAAAAJGJrcHQAAAq0AAAAFHJYWVoAAArIAAAAFHJUUkMAAAHUAAAIDHRlY2gAAArcAAAADHZ1ZWQAAAroAAAAh3d0cHQAAAtwAAAAFGNwcnQAAAuEAAAAN2NoYWQAAAu8AAAALGRlc2MAAAAAAAAAH3NSR0IgSUVDNjE5NjYtMi0xIGJsYWNrIHNjYWxlZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAAJKAAAA+EAAC2z2N1cnYAAAAAAAAEAAAAAAUACgAPABQAGQAeACMAKAAtADIANwA7AEAARQBKAE8AVABZAF4AYwBoAG0AcgB3AHwAgQCGAIsAkACVAJoAnwCkAKkArgCyALcAvADBAMYAywDQANUA2wDgAOUA6wDwAPYA+wEBAQcBDQETARkBHwElASsBMgE4AT4BRQFMAVIBWQFgAWcBbgF1AXwBgwGLAZIBmgGhAakBsQG5AcEByQHRAdkB4QHpAfIB+gIDAgwCFAIdAiYCLwI4AkECSwJUAl0CZwJxAnoChAKOApgCogKsArYCwQLLAtUC4ALrAvUDAAMLAxYDIQMtAzgDQwNPA1oDZgNyA34DigOWA6IDrgO6A8cD0wPgA+wD+QQGBBMEIAQtBDsESARVBGMEcQR+BIwEmgSoBLYExATTBOEE8AT+BQ0FHAUrBToFSQVYBWcFdwWGBZYFpgW1BcUF1QXlBfYGBgYWBicGNwZIBlkGagZ7BowGnQavBsAG0QbjBvUHBwcZBysHPQdPB2EHdAeGB5kHrAe/B9IH5Qf4CAsIHwgyCEYIWghuCIIIlgiqCL4I0gjnCPsJEAklCToJTwlkCXkJjwmkCboJzwnlCfsKEQonCj0KVApqCoEKmAquCsUK3ArzCwsLIgs5C1ELaQuAC5gLsAvIC+EL+QwSDCoMQwxcDHUMjgynDMAM2QzzDQ0NJg1ADVoNdA2ODakNww3eDfgOEw4uDkkOZA5/DpsOtg7SDu4PCQ8lD0EPXg96D5YPsw/PD+wQCRAmEEMQYRB+EJsQuRDXEPURExExEU8RbRGMEaoRyRHoEgcSJhJFEmQShBKjEsMS4xMDEyMTQxNjE4MTpBPFE+UUBhQnFEkUahSLFK0UzhTwFRIVNBVWFXgVmxW9FeAWAxYmFkkWbBaPFrIW1hb6Fx0XQRdlF4kXrhfSF/cYGxhAGGUYihivGNUY+hkgGUUZaxmRGbcZ3RoEGioaURp3Gp4axRrsGxQbOxtjG4obshvaHAIcKhxSHHscoxzMHPUdHh1HHXAdmR3DHeweFh5AHmoelB6+HukfEx8+H2kflB+/H+ogFSBBIGwgmCDEIPAhHCFIIXUhoSHOIfsiJyJVIoIiryLdIwojOCNmI5QjwiPwJB8kTSR8JKsk2iUJJTglaCWXJccl9yYnJlcmhya3JugnGCdJJ3onqyfcKA0oPyhxKKIo1CkGKTgpaymdKdAqAio1KmgqmyrPKwIrNitpK50r0SwFLDksbiyiLNctDC1BLXYtqy3hLhYuTC6CLrcu7i8kL1ovkS/HL/4wNTBsMKQw2zESMUoxgjG6MfIyKjJjMpsy1DMNM0YzfzO4M/E0KzRlNJ402DUTNU01hzXCNf02NzZyNq426TckN2A3nDfXOBQ4UDiMOMg5BTlCOX85vDn5OjY6dDqyOu87LTtrO6o76DwnPGU8pDzjPSI9YT2hPeA+ID5gPqA+4D8hP2E/oj/iQCNAZECmQOdBKUFqQaxB7kIwQnJCtUL3QzpDfUPARANER0SKRM5FEkVVRZpF3kYiRmdGq0bwRzVHe0fASAVIS0iRSNdJHUljSalJ8Eo3Sn1KxEsMS1NLmkviTCpMcky6TQJNSk2TTdxOJU5uTrdPAE9JT5NP3VAnUHFQu1EGUVBRm1HmUjFSfFLHUxNTX1OqU/ZUQlSPVNtVKFV1VcJWD1ZcVqlW91dEV5JX4FgvWH1Yy1kaWWlZuFoHWlZaplr1W0VblVvlXDVchlzWXSddeF3JXhpebF69Xw9fYV+zYAVgV2CqYPxhT2GiYfViSWKcYvBjQ2OXY+tkQGSUZOllPWWSZedmPWaSZuhnPWeTZ+loP2iWaOxpQ2maafFqSGqfavdrT2una/9sV2yvbQhtYG25bhJua27Ebx5veG/RcCtwhnDgcTpxlXHwcktypnMBc11zuHQUdHB0zHUodYV14XY+dpt2+HdWd7N4EXhueMx5KnmJeed6RnqlewR7Y3vCfCF8gXzhfUF9oX4BfmJ+wn8jf4R/5YBHgKiBCoFrgc2CMIKSgvSDV4O6hB2EgITjhUeFq4YOhnKG14c7h5+IBIhpiM6JM4mZif6KZIrKizCLlov8jGOMyo0xjZiN/45mjs6PNo+ekAaQbpDWkT+RqJIRknqS45NNk7aUIJSKlPSVX5XJljSWn5cKl3WX4JhMmLiZJJmQmfyaaJrVm0Kbr5wcnImc951kndKeQJ6unx2fi5/6oGmg2KFHobaiJqKWowajdqPmpFakx6U4pammGqaLpv2nbqfgqFKoxKk3qamqHKqPqwKrdavprFys0K1ErbiuLa6hrxavi7AAsHWw6rFgsdayS7LCszizrrQltJy1E7WKtgG2ebbwt2i34LhZuNG5SrnCuju6tbsuu6e8IbybvRW9j74KvoS+/796v/XAcMDswWfB48JfwtvDWMPUxFHEzsVLxcjGRsbDx0HHv8g9yLzJOsm5yjjKt8s2y7bMNcy1zTXNtc42zrbPN8+40DnQutE80b7SP9LB00TTxtRJ1MvVTtXR1lXW2Ndc1+DYZNjo2WzZ8dp22vvbgNwF3IrdEN2W3hzeot8p36/gNuC94UThzOJT4tvjY+Pr5HPk/OWE5g3mlucf56noMui86Ubp0Opb6uXrcOv77IbtEe2c7ijutO9A78zwWPDl8XLx//KM8xnzp/Q09ML1UPXe9m32+/eK+Bn4qPk4+cf6V/rn+3f8B/yY/Sn9uv5L/tz/bf//ZGVzYwAAAAAAAAAuSUVDIDYxOTY2LTItMSBEZWZhdWx0IFJHQiBDb2xvdXIgU3BhY2UgLSBzUkdCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhZWiAAAAAAAABimQAAt4UAABjaWFlaIAAAAAAAAAAAAFAAAAAAAABtZWFzAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJYWVogAAAAAAAAAxYAAAMzAAACpFhZWiAAAAAAAABvogAAOPUAAAOQc2lnIAAAAABDUlQgZGVzYwAAAAAAAAAtUmVmZXJlbmNlIFZpZXdpbmcgQ29uZGl0aW9uIGluIElFQyA2MTk2Ni0yLTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhZWiAAAAAAAAD21gABAAAAANMtdGV4dAAAAABDb3B5cmlnaHQgSW50ZXJuYXRpb25hbCBDb2xvciBDb25zb3J0aXVtLCAyMDA5AABzZjMyAAAAAAABDEQAAAXf///zJgAAB5QAAP2P///7of///aIAAAPbAADAdf/bAEMAAgEBAgEBAgICAgICAgIDBQMDAwMDBgQEAwUHBgcHBwYHBwgJCwkICAoIBwcKDQoKCwwMDAwHCQ4PDQwOCwwMDP/bAEMBAgICAwMDBgMDBgwIBwgMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP/AABEIAGQAZAMBIgACEQEDEQH/xAAcAAEAAgIDAQAAAAAAAAAAAAAACAkFCgIEBwb/xABAEAAABgECBAQCBQYPAAAAAAAAAQIDBAUGBxEICRIhEzFBUQoUFRYiM2FSYnaBgrQjJCkyNDg5QkNxcnN0g7X/xAAaAQEAAgMBAAAAAAAAAAAAAAAAAgMBBAUG/8QAJBEAAwABBAIBBQEAAAAAAAAAAAECAwQREhMhMUEFFEJRYdH/2gAMAwEAAhEDEQA/AK3wAB1DyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdymxyxyN1xFdXWFitpPUtMSK5IUgt9iMyQRmRb+pjpi1L4U7vxMaskfl9V4X74sRuuM7luHH2Wo/ZWbi+k2V5xeSaukxbJrmzh/wBIhwamRJkR+2/220INSO35REMbkmMWeG3LtbcVtjUWLH3sSdFcjSG/9TbhEov1kNgfjv55Gk3Lr1uuMEpcGscsy/5hE7JCrDZrY7D7rSFJN19STN582zbM9kmRJNJGoj7FnNTMI0n5+XLtcyimqFxL8mJTdLMmMITaY3asEe8dTiTMlNKV0kpJKNC23CVsStjKruftrwbf2UveYvel8GucMrR4JeZPFN+spLmxYT5uxILr6C/aSkyEjeXXwgwdY7SdlOVwykUlHI+UYr3Pu5ksiI1+J+U23uRGn+8pRb9iMjk3qdx76a6D5OrGXpNg/KrTJl9iohEtiAZf4ZmSkpJReqU77eR7H2C821cZW7OBm1rm+vFPJr2ViyozkKQ4y+24y80ey23EGhaD/FJ9y/WMhZ4TdUkH5qbS3MKMRkXjSa95lrc/IupSST39O/cWVapaQYBx76PlaVj0OTJktLTW3TTfRIiul2Np7ciUad+y21+RHuWx7GJl8JqHOahyUr3TPJFkrOsdgScKsTeURuR7au6VQpCjPv8Aa6IyzV67r/EYWfdejc+nZJ1XKfVL4Nf6trJNzNRGhxpMyS7v0Mx2VOuL2Lc9kpIzPsRn2L0HK2pZtBL+Xnw5kCR0krwpTC2HNj8j6VkR7H77C1P4X3hJk3XEDnmqV3AXHLBI541BQ6kyU1Yv95W35zTKCQf++Y+7+Ki4W0vUWn+s8CMZqr1rxa6Wgu5tL6n4iz/yWT6N/d1JCbyrnxN5aR9PaU9U2HXGRsKdrqe3sWkK6FLiQXpCEq8+kzQkyI9jLt59xjnG1MuKQtKkLQZpUlRbGky7GRl6GNgLTxRcm3kQfSjyUQs3kUx2BoM+lbl9abE0gy9TZ62yP82MY1/nHFvOKW44t51Zmpbiz3U4o+5qM/UzPcz/ABMSi+W5DPh61Pny1ucQABM1wLUfhT/6y+rX6LQv3xYquEoOV1zLZfLN1GyzIYeHxswXlNWzWmw9ZKglGJt43evqJtzq33222L339BDJLctIv01qMqqvRkuecf8AKt6wf86F/wCdFFp3wvf9nPc/p1Y/u8MUqcbfE+9xncUuXanSKZrHnsrfZeVXtyjkpjeHHaY2Jw0pNW5Nb/zS89hJzln88iy5cHD3LwGHpxBy1qXdyLo5r12uEpJutso8PoJlZbF4W++/fq8uwruG4UovwZonO7b8eT0bl42kWboPMYjqSl+Bk1q1I280LVKUtJn+wpJ/qFc+rGK2uBalXlTfNuMW0Wa98wT3ZThmtSvEIz80rI+oleRkY9G4YuMe04b8+ubBuB9J0uQvLenVvj+GZLNalIcbXsey09Rp7lspPn5FtkdYeP8AyvVXKEzU0+Iw4kVX8UYk00exdaTv2JTr6FGZ+/SSS9iGJipttLwzg48WXHnukt1RI3lPYjb0ujF/YTWnma68s0O1qXCMvFJDXQ46kvyVK6Ukfr0H7D2Pko8Y8TTrmxao4CuWlOOarzJCYX2iJsrSH1KQovxcbKQn8TSgRDf5q2USNJpNQVDWxclcaOOzbxF+ExHQZbdaY+x7OEXlsrpI9j27bCOel+pNtpBqdj+XUklce7xqzj20N8zMzJ5l1LiTM/Xcy2P3Iz9xicTbp18lugnJj1Fai1t/hsvcWOS4lyvuBzWHNsZiN1siwk2F+20SyL5u7sXCQgyL2N5aD2LySg/YfB8tvOKDmr8q3Eq7UMjyKVWrjU+RE6r+Efn1khp1t5Rnue7qW2HVe5OqL1FTvM752eR8yXSShwx7DYmFVFXa/S0tMe1XNOxcS2pDST3ab6UoNa1eu5mny6e+A5WfN3v+WPEzCBExWNmdNlrkaScN+zVB+SkNEpBupUTbm/W2aUmWxfdpPftsMdNcf6ehetjt2/HbYlP8UnxZfWXVDCdGKyUaouNsfWS7QhR7HKfJTcVtRe6GfFX/AN6TFTI93z3jePWHiB1Bz/N8Hx3MJGfWv0iuFYLUSa9tLbrTUdp9JE8lCEKZL7Ck7/LpMy7mPFMhsmrnILCZHiMwGJkp19qK193FQtalJaT+agjJJfgkhfjnitjQ1GTst2dMAATKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//2Q== diff --git a/unsupported/servicenow/1.0.0/requirements.txt b/unsupported/servicenow/1.0.0/requirements.txt new file mode 100644 index 00000000..fd7d3e06 --- /dev/null +++ b/unsupported/servicenow/1.0.0/requirements.txt @@ -0,0 +1 @@ +requests==2.25.1 \ No newline at end of file diff --git a/unsupported/servicenow/1.0.0/src/app.py b/unsupported/servicenow/1.0.0/src/app.py new file mode 100755 index 00000000..d85dc832 --- /dev/null +++ b/unsupported/servicenow/1.0.0/src/app.py @@ -0,0 +1,204 @@ +import time +import json +import random +import socket +import asyncio +import requests + +from walkoff_app_sdk.app_base import AppBase + +class Servicenow(AppBase): + __version__ = "1.0.0" + app_name = "servicenow" + + def __init__(self, redis, logger, console_logger=None): + """ + Each app should have this __init__ to set up Redis and logging. + :param redis: + :param logger: + :param console_logger: + """ + super().__init__(redis, logger, console_logger) + + def send_request(self, url, username, password, path, method='get', body=None, params=None, headers=None, json=None, files=None): + body = body if body is not None else {} + params = params if params is not None else {} + + url = '{}{}'.format(url, path) + print("HEADERS: %s" % headers) + if not headers and files == None: + headers = { + 'Accept': 'application/json', + 'Content-Type': 'application/json' + } + + if files: + # Not supported in v2 + url = url.replace('v2', 'v1') + #{'file': ('report.csv', 'some,data,to,send\nanother,row,to,send\n')} + #file_entry = file['id'] + #file_name = file['name'] + try: + #shutil.copy(demisto.getFilePath(file_entry)['path'], file_name) + #with open(file_name, 'rb') as f: + #files = {'file': f} + + try: + res = requests.request(method, url, headers=headers, params=params, data=body, files=files, json=json, auth=(username, password)) + except requests.exceptions.ReadTimeout as e: + return "Readtimeout: %s" % e + except requests.exceptions.ConnectionError as e: + return "ConnectionError: %s" % e + + #shutil.rmtree(demisto.getFilePath(file_entry)['name'], ignore_errors=True) + except Exception as e: + return 'Failed to upload file - ' + str(e) + else: + try: + res = requests.request(method, url, headers=headers, data=json.dumps(body) if body else {}, json=json, params=params, auth=(username, password)) + except requests.exceptions.ReadTimeout as e: + return "Readtimeout: %s" % e + except requests.exceptions.ConnectionError as e: + return "ConnectionError: %s" % e + + try: + obj = res.json() + except Exception as e: + if not res.content: + return '' + return 'Error parsing reply - {} - {}'.format(res.content, str(e)) + + if 'error' in obj: + message = obj.get('error', {}).get('message') + details = obj.get('error', {}).get('detail') + if message == 'No Record found': + return { + # Return an empty results array + 'result': [] + } + return 'ServiceNow Error: {}, details: {}'.format(message, details) + + if res.status_code < 200 or res.status_code >= 300: + return 'Got status code {} with url {} with body {} with headers {}'.format(str(res.status_code), url, str(res.content), str(res.headers)) + + #print("RES: %s" % res) + #print("TEXT: %s" % res.text) + return res.text + + def get_ticket(self, url, username, password, table_name, sys_id, number=None): + path = None + query_params = {} # type: Dict + if sys_id: + path = "/api/now/v1/table/%s/%s" % (table_name, sys_id) + elif number: + path = '/api/now/v1/table/%s' % table_name + query_params = { + 'number': number + } + else: + # Only in cases where the table is of type ticket + return 'servicenow-get-ticket requires either ticket ID or ticket number' + + print("PATH: %s" % path) + return self.send_request(url, username, password, path, 'get', params=query_params) + + def list_table(self, url, username, password, table_name, limit=1): + query_params = { + "sysparm_limit": limit, + } + + #path = '/table/%s' % table_name + path = "/api/now/v1/table/%s" % table_name + + return self.send_request(url, username, password, path, 'get', params=query_params) + + def create_ticket(self, url, username, password, table_name, body, file_id=""): + if not isinstance(body, list) and not isinstance(body, object) and not isinstance(body, dict): + try: + data = json.loads(body) + except json.decoder.JSONDecodeError as e: + return {"success": False, "reason": e} + else: + data = body + + + path = "/api/now/v1/table/%s" % table_name + query_params = {} + base_request = self.send_request(url, username, password, path, 'post', params=query_params, json=data) + + if file_id: + tmp_file = self.get_file(file_id) + files = {'file': (tmp_file["filename"], tmp_file["data"])} + + try: + parsed_return = json.loads(base_request) + except: + print("[INFO] Failed parsed_return loading") + return base_request + + ticket_id = parsed_return["result"]["sys_id"] + params = { + "file_name": tmp_file["filename"], + "table_name": table_name, + "table_sys_id": ticket_id, + } + + filepath = "/api/now/v1/attachment/file" + file_request = self.send_request(url, username, password, filepath, 'post', params=params, files=files, headers={}) + print(file_request) + + return base_request + + def update_ticket(self, url, username, password, table_name, sys_id, body, file_id=""): + if not isinstance(body, list) and not isinstance(body, object) and not isinstance(body, dict): + try: + data = json.loads(body) + except json.decoder.JSONDecodeError as e: + return {"success": False, "reason": e} + else: + data = body + + + path = "/api/now/v1/table/%s/%s" % (table_name, sys_id) + query_params = {} + base_request = self.send_request(url, username, password, path, 'patch', params=query_params, json=data) + + if file_id: + tmp_file = self.get_file(file_id) + files = {'file': (tmp_file["filename"], tmp_file["data"])} + + try: + parsed_return = json.loads(base_request) + except: + print("[INFO] Failed parsed_return loading") + return base_request + + ticket_id = parsed_return["result"]["sys_id"] + params = { + "file_name": tmp_file["filename"], + "table_name": table_name, + "table_sys_id": ticket_id, + } + + filepath = "/api/now/v1/attachment/file" + file_request = self.send_request(url, username, password, filepath, '', params=params, files=files, headers={}) + print(file_request) + + return base_request + +# Run the actual thing after we've checked params +def run(request): + action = request.get_json() + print(action) + print(type(action)) + authorization_key = action.get("authorization") + current_execution_id = action.get("execution_id") + + if action and "name" in action and "app_name" in action: + Servicenow.run(action) + return f'Attempting to execute function {action["name"]} in app {action["app_name"]}' + else: + return f'Invalid action' + +if __name__ == "__main__": + Servicenow.run() diff --git a/thehive/1.0.0/Dockerfile b/unsupported/splunk/1.0.0/Dockerfile similarity index 100% rename from thehive/1.0.0/Dockerfile rename to unsupported/splunk/1.0.0/Dockerfile diff --git a/unsupported/splunk/1.0.0/api.yaml b/unsupported/splunk/1.0.0/api.yaml new file mode 100644 index 00000000..f63c9dac --- /dev/null +++ b/unsupported/splunk/1.0.0/api.yaml @@ -0,0 +1,62 @@ +walkoff_version: 1.0.0 +app_version: 1.0.0 +name: splunk +description: Splunk integration with WALKOFF +tags: + - SIEM + - search +categories: + - SIEM +contact_info: + name: "@frikkylikeme" + url: https://github.com/frikky +authentication: + required: true + parameters: + - name: url + description: The Splunk URL + required: true + example: "http://splunk:8081" + schema: + type: string + - name: username + description: The Splunk username + example: username@splunk.com + required: true + schema: + type: string + - name: password + description: The Splunk password + required: true + example: "******" + schema: + type: string + +actions: + - name: SplunkQuery + description: Returns the amount of search results + parameters: + - name: query + description: The Splunk query to run + required: true + schema: + type: string + - name: result_limit + description: Splunk amount limit + required: false + schema: + type: string + - name: earliest_time + description: The timeframe to use (e.g. -48h) + required: false + schema: + type: string + - name: latest_time + description: The timeframe to use (e.g. -48h) + required: false + schema: + type: string + returns: + schema: + type: string +large_image: data:image/jpg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAcFBgYGBQcGBgYICAcJCxIMCwoKCxcQEQ0SGxccHBoXGhkdISokHR8oIBkaJTIlKCwtLzAvHSM0ODQuNyouLy7/2wBDAQgICAsKCxYMDBYuHhoeLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi7/wAARCABkAGQDAREAAhEBAxEB/8QAGQABAAMBAQAAAAAAAAAAAAAAAAIEBQYD/8QALRAAAQQCAQMBCAEFAAAAAAAAAAECAwQFERIGITFBExQiMlFhcYGxFRYjQkP/xAAaAQEAAwEBAQAAAAAAAAAAAAAAAQIDBAUG/8QAIxEBAAICAgICAgMAAAAAAAAAAAECAxESIQQxQVETIhQj8P/aAAwDAQACEQMRAD8A0T5l5IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABJsb3Nc5rHOa35lRqqifn6E6k0iQAACT45I9c43N2m05NVNoTMTHs0iQAAAAAkxrnvaxqbc5UaifVVJiNzobWUwUeNclebJwuu/ByrpG7tyXXZ3hTfLgjH1Nu/prfFx632tWOl2VL7aNzM1IZpNeyRWOVXb+v0Tfbv5L28Xjbja0bWnDqdTK/i6NjGYjqqnaaiSxwt8L2VOLtKhrjpOPHkrZelZrW8S5/M4eXFy1I5J2SLZjSRqtRU4oq613OXLhnHMRM+2F8c1137aX9o2lyVnHtuQ84IGzK5WqiKiqqa+3jybfw7c5pv1G2n4J5TXarP0+n9JsZGnk61xtdP8zI0VOH4VfJSfH/Sb1tE6VnF+s2id6b3UuNsZS7ha0GkRKSOkkd8sbe21U6PIxTktSI+muSs2msR9OXoY5bdi3UrzVppWJqJXScEkXf8Apvyv2U5KYuVprGtsK03MxClarWKkyw2YXwyp5a9ulM7Vms6tGlZiYnUvEqgAAThbzlYzm2Pk5E5uXSN7+VUmI3JDuLz2yYVrc3YpzZCKZjak0EqPfI3kndden5/k9G87x/2zEzE9Oq3df39/CfVGK996oSdt2rHGxI/bJLKjHRInfel87T6E+Ri5Zt7j42nLTlfe07mYpX4uqHxTxo11dkUPJyIsukd3RF891JvmpeMmp+EzkrbkrZ2GtmIsTkIMjTjghhayb2kunM0qKvw+VX7FM1YyxW0WjUQreIvxmJati9SXPZiRLcHB+NaxrvaJpzvi7J38m1slPyXnfw0m0crd/Dl+nZ4I+muoYpZo2SSQIjGuciK5dL4T1OLBMRhyRtz45iKWdHdy+Pe+lirM8bqVyk2KWSN6bif21tU8J+TrvmpMxjmephtN69Vn1MOLZj6TMhZgt5SJkEH/AFiTmsvfsjUT1/g4Ix1i0xa3Uf7pzRWNzEysZnNR3KUOOrQye7Qu5Nlsv5yu/fon2L5c8WrFKx1H37Wvk3HGGGczIAAAJwuSOZkmvlcjl166XZMdTtMe2l1Jk48xlZLzIXRNcxreLlRVTSGvkZYy35RC+W/O22UYsz9IA/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/2Q== diff --git a/unsupported/splunk/1.0.0/docker-compose.yml b/unsupported/splunk/1.0.0/docker-compose.yml new file mode 100644 index 00000000..ad612c5d --- /dev/null +++ b/unsupported/splunk/1.0.0/docker-compose.yml @@ -0,0 +1,14 @@ +version: '3.4' +services: + splunk: + build: + context: . + dockerfile: Dockerfile + env_file: + - env.txt + restart: "no" + deploy: + mode: replicated + replicas: 10 + restart_policy: + condition: none diff --git a/unsupported/splunk/1.0.0/env.txt b/unsupported/splunk/1.0.0/env.txt new file mode 100644 index 00000000..b5568707 --- /dev/null +++ b/unsupported/splunk/1.0.0/env.txt @@ -0,0 +1,4 @@ +REDIS_URI=redis://redis +REDIS_ACTION_RESULT_CH=action-results +REDIS_ACTION_RESULTS_GROUP=action-results-group +APP_NAME=splunk diff --git a/unsupported/splunk/1.0.0/requirements.txt b/unsupported/splunk/1.0.0/requirements.txt new file mode 100644 index 00000000..c5a5f6ea --- /dev/null +++ b/unsupported/splunk/1.0.0/requirements.txt @@ -0,0 +1,2 @@ +python-magic==0.4.18 +requests==2.25.1 \ No newline at end of file diff --git a/unsupported/splunk/1.0.0/src/app.py b/unsupported/splunk/1.0.0/src/app.py new file mode 100644 index 00000000..a9a10be4 --- /dev/null +++ b/unsupported/splunk/1.0.0/src/app.py @@ -0,0 +1,124 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import asyncio +import time +import random +import requests +import urllib3 +import json + +from walkoff_app_sdk.app_base import AppBase + +class Splunk(AppBase): + """ + Splunk integration for WALKOFF with some basic features + """ + __version__ = "1.0.0" + app_name = "splunk" + + def __init__(self, redis, logger, console_logger=None): + """ + Each app should have this __init__ to set up Redis and logging. + :param redis: + :param logger: + :param console_logger: + """ + self.verify = False + self.timeout = 10 + urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + super().__init__(redis, logger, console_logger) + + def echo(self, input_data): + return input_data + + def run_search(self, auth, url, query): + url = '%s/services/search/jobs?output_mode=json' % (url) + ret = requests.post(url, auth=auth, data=query, timeout=self.timeout, verify=False) + return ret + + def get_search(self, auth, url, search_sid): + # Wait for search to be done? + firsturl = '%s/services/search/jobs/%s?output_mode=json' % (url, search_sid) + print("STARTED FUNCTION WITH URL %s" % firsturl) + time.sleep(0.2) + maxrunduration = 30 + ret = "No results yet" + while(True): + try: + ret = requests.get(firsturl, auth=auth, timeout=self.timeout, verify=False) + except requests.exceptions.ConnectionError: + print("Sleeping for 1 second") + time.sleep(1) + continue + + try: + content = ret.json()["entry"][0]["content"] + except KeyError as e: + print("\nKEYERROR: %s\n" % content) + time.sleep(1) + continue + + try: + if content["resultCount"] > 0 or content["isDone"] or content["isFinalized"] or content["runDuration"] > maxrunduration: + print("CONTENT PRE EVENTS: ", content) + eventsurl = '%s/services/search/jobs/%s/events' % (url, search_sid) + print("Running events check towards %s" % eventsurl) + try: + newret = requests.get(eventsurl, auth=auth, timeout=self.timeout, verify=False) + if ret.status_code < 300 and ret.status_code >= 200: + return newret.text + else: + return "Bad status code for events: %sd", ret.status_code + except requests.exceptions.ConnectionError: + return "Events requesterror: %s" % e + except KeyError: + try: + return ret.json()["messages"] + except KeyError as e: + return "KeyError: %s" % e + + time.sleep(1) + + return ret + + def SplunkQuery(self, url, username, password, query, result_limit=100, earliest_time="-24h", latest_time="now"): + auth = (username, password) + + # "latest_time": "now" + query = { + "search": "| search %s" % query, + "exec_mode": "normal", + "count": result_limit, + "earliest_time": earliest_time, + "latest_time": latest_time + } + + print("Current search: %s" % query["search"]) + + try: + ret = self.run_search(auth, url, query) + except requests.exceptions.ConnectTimeout as e: + print("Timeout: %s" % e) + return "Timeout: %s" % e + + if ret.status_code != 201: + print("Bad status code: %d" % ret.status_code) + return "Bad status code: %d" % ret.status_code + + search_id = ret.json()["sid"] + + print("Search ID: %s" % search_id) + + ret = self.get_search(auth, url, search_id) + return ret + #if len(ret.json()["entry"]) == 1: + # count = ret.json()["entry"][0]["content"]["resultCount"] + # print("Result: %d" % count) + # return str(count) + + #print("No results (or wrong?): %d" % (len(ret.json()["entry"]))) + #return "No results" + +if __name__ == "__main__": + Splunk.run() diff --git a/unsupported/testing/1.0.0/Dockerfile b/unsupported/testing/1.0.0/Dockerfile new file mode 100644 index 00000000..364e1531 --- /dev/null +++ b/unsupported/testing/1.0.0/Dockerfile @@ -0,0 +1,26 @@ +# Base our app image off of the WALKOFF App SDK image +FROM frikky/shuffle:app_sdk as base + +# We're going to stage away all of the bloat from the build tools so lets create a builder stage +FROM base as builder + +# Install all alpine build tools needed for our pip installs +RUN apk --no-cache add --update alpine-sdk libffi libffi-dev musl-dev openssl-dev + +# Install all of our pip packages in a single directory that we can copy to our base image later +RUN mkdir /install +WORKDIR /install +COPY requirements.txt /requirements.txt +RUN pip install --prefix="/install" -r /requirements.txt + +# Switch back to our base image and copy in all of our built packages and source code +FROM base +COPY --from=builder /install /usr/local +COPY src /app + +# Install any binary dependencies needed in our final image +# RUN apk --no-cache add --update my_binary_dependency + +# Finally, lets run our app! +WORKDIR /app +CMD python app.py --log-level DEBUG diff --git a/unsupported/testing/1.0.0/api.yaml b/unsupported/testing/1.0.0/api.yaml new file mode 100644 index 00000000..e1ee1c6c --- /dev/null +++ b/unsupported/testing/1.0.0/api.yaml @@ -0,0 +1,178 @@ +app_version: 1.0.0 +name: Testing +description: Debugging app for Shuffle +tags: + - Testing +categories: + - Testing +contact_info: + name: "@frikkylikeme" + url: https://shuffler.io + email: frikky@shuffler.io +actions: + - name: hello_world + description: Returns Hello World from the hostname the action is run on + returns: + example: HELLO WORLD FROM host.name + returns: + schema: + type: string + - name: repeat_back_to_me + description: Repeats the call parameter + parameters: + - name: call + description: The message to repeat + required: true + multiline: true + example: "REPEATING: Hello world" + schema: + type: string + returns: + schema: + type: string + - name: repeat_back_to_me_multi + description: Repeats the call parameter + parameters: + - name: call + description: The message to repeat + required: true + multiline: true + example: "REPEATING: Hello world" + schema: + type: string + - name: call2 + description: The message to repeat + required: true + multiline: true + example: "REPEATING: Hello world" + schema: + type: string + - name: call3 + description: The message to repeat + required: true + multiline: true + example: "REPEATING: Hello world" + schema: + type: string + returns: + schema: + type: string + - name: return_plus_one + description: Increments the number parameter by 1 + parameters: + - name: number + description: number to increment + required: true + schema: + type: number + example: number(2) + returns: + schema: + type: number + - name: get_type + description: Get the type of a variable + parameters: + - name: value + description: The value to check + required: true + example: '{"return": number(0)}' + schema: + type: string + returns: + schema: + type: number + - name: pause + description: Pause execution by the seconds parameter + parameters: + - name: seconds + description: seconds to pause for + required: true + example: number(3) + schema: + type: number + returns: + schema: + type: number + - name: raise_error + description: This function doesn't exist and is here to test errors + returns: + schema: + type: string + - name: input_options_test + description: Input testing Shuffle + parameters: + - name: call + description: The message to repeat + options: + - hey + - how + - are + - you + required: true + multiline: true + example: "REPEATING: Hello world" + schema: + type: string + returns: + schema: + type: string + - name: get_file_value + description: This function is made for reading file(s), printing their data + parameters: + - name: filedata + description: The files + required: true + multiline: true + example: "REPEATING: Hello world" + schema: + type: file + returns: + schema: + type: string + - name: create_file + description: Returns uploaded file data + parameters: + - name: filename + description: + required: true + multiline: false + example: "test.txt" + schema: + type: string + - name: data + description: + required: true + multiline: true + example: "Some data to put in the file" + schema: + type: string + returns: + schema: + type: file + - name: download_file + description: Downloads a file from a URL + parameters: + - name: url + description: + required: true + multiline: false + example: "https://secure.eicar.org/eicar.com.txt" + schema: + type: string + returns: + schema: + type: string + - name: delete_file + description: Deletes a file based on ID + parameters: + - name: file_id + description: + required: true + multiline: false + example: "Some data to put in the file" + schema: + type: string + returns: + schema: + type: string +large_image: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAIAAAD/gAIDAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAAB3RJTUUH4wgeDy4zYzmH5gAADkRJREFUeNrtXV1QG9cV3nt3V2AwkvgRrRE4nTFxMFKATGyLh1gONG8Rxn2qIQ8GOSYdfpy4rknATacPBRx7ak+d2K0dkDWTYvutMRB3nKllYZLaQD2B8GcPJBNwpIxBIPSDEbt39/ZhG+qglZDEjwT4e9Q9e38+3Xv2nHOPjgDGmHiGwADDPYG1hGdkBYFnZAWBZ2QFASrcEyAIgsAYcxyHEGIYhmVZnucJgoAQ0jQtkUgoiiJJEgAQ7mmGiSyEkMPhsFqtIyMjVqvVYvneYrFMTNgYhkHo/2RRFC2RSBSKJKVSqVSmpqRsSU9P37IlRS6XU1QYZr6qQ7pcrpGRke7urp6env7+fpvN5nQ6WBYBQEAICYLw3j6CZcPzPMYETVMymSwhIVGtfjErKys3V7NtW7pUKl21+YNVsLM8Hs/Q0JDJZOrouPPgwZDT6eR5niRJCGGwhwtjzPM8x3EQgrg4WUZGhlarzc/P37EjMzo6em2TNTU1ZTbfvn79emdnp9PpIAhiGbWPoOkIgpBKZbt37y4sLHz11bzExMS1R5bNZmtra7t69crg4ABCiKKoldPQGGOEEEmSKpW6qKhYp9MlJSWtDbLcbveNGzcMhqa+vq8xxqupiRFCAAC1+kW9Xv/667rNmzdHLlk8z//nP93nz583m80sy4TlhUUQBEKIpmmtdm9FReWuXbtIkow4sux2u9F4uampcXJykqYpggizWcSybHx8gl5/SK/XJyQkLEufy0NWX19fQ0N9e7sZACAYAZEA4Q2g1e6tqanNzs5eeodLJQshdOPGjfr6P42OjtI0HW5+RMCybFra1traWp2uYImaYUlkeTyexsbGc+f+MjPjXkbVsOzgOC42Nraq6sibbx7etGlTyP2ETpbL5T59+gOj0cDzOHKOni/wPA8hLCkpPX68Oi4uLrROQiTL6XTW1dU1N38CAIgEFzcQYIwxJoqL3zhx4vcyWShOUig7wu1219XVNTf/HcI1wxRBEAAACMGVK3+vq/uTy+UKoYegyfJ4PKdOfdDc/Ing+YabgeAXDOGVK82nT5/yeDxBPxuUNM/zjY0fG40GAMBaZEoAAITRePnSpYtCLChwBEdWa2vruXPneB6vodPnDQAAz/MfffTh9evXg3swcAXf19d3+PCbjx6NRbKVEDg4jlMqUy9d+jgnJyfARwLdWXb7VEND/ejod+uDKYIgSJJ89Gjs5MmGqampAB8JiCyMsdFobG83R6aNHjJomr5zp91gaApQeQVEVldXV1NT45rWU75AkqTB0NTZeS8Q4cXJcrvdFy6cn5ycjHwzPQQAAOx2+4ULF9xu96LCi6//xo3PzGYzTUfEpdlKgKbp9nZzS0vLopKLkGWz2QwGA8sya9eqCgQIIaPx8sTEuH+xRchqa2vr6/s6XDHPVQNFUQMD/a2trf7F/JE1OTl59eqVDZKThDG+du2azWbzI+OPLLPZPDg4sO63lQCKogYHB0wmkx8Zn2R5PJ6Wlk8RQuFexeqB47iWluuzs7O+BHySNTQ01NnZtUG2lQCKorq7uwcHB30J+CTLZDI5nY51aYj6AgDA6XSYTLd8CYiT5XK5OjruhHvyYQAAoKOjw+l0iraKkzUyMvLgwdC68ZkDB0mSDx8+HB4eFm0VJ6u7u8vpdG6oMyhAOIn37om7iiJkIYR6enqCjSKuG2CMe3t7WJb1bhIhy+Fw9Pf3b8AzKIAkyYGBgenpae8mEbKsVqvNZluXMYZAACG026csFotIk/dHIyMjG81oeBoAAIfD8c0333g3idicVqsVISSRSIIdBgvXmF5ji2aKBig5D57nMcZ+Ek9E+wykZ29wHGe1WgMiy2L5PliaCILgeS4uTuad2DkzMzM7++Snc8VSqVQiiVogyTCMyyVi4HAcR9P0z3++RSKRzM3NjY8/5jhuAWUY402bNsXGxhGEyHfAMHO+TCdfsFpFSFhIFkLIYrEEq7AQQhkZO+rq6lJSlDzPz6cdkyR55syfr127+nTwHmPi2LHjr7322tMvXIqiPv/88z/+8Q/eTKlU6oqKSo1GExMT43a7zWbz2bNnrFbL068glmX37/9VdfW7QpYpxgRBYGFD2e32+vq6L7/8IvBXFoRwbGxMyO5chKyJCVuAnQrgef7557d/8MGpl19+WRhJWKSQI7l5c+yC04ExoVAotm7dKqQeCx+SJOmdcsbzfGpq6pkzZ9VqtcfjmZmZUSgUxcXFiYmJ77zzttvtmt+wGOOYmNi0tDSOQwQBBF54nnc4HB9+eO7u3X8H+3K326dZll2ELIZhGIYJ6oQDACiKbGy89Ne/sjt37iovr3A4HGfPnhFuGIeGhnx5452dnZcu/Q0AgDGGED5+/Nj7m9Nq96rVarvdXl19/P79+zpdwdGjRzUaTWZm5t27X1LU/zYsTdNffNFRVvYmx3GpqWlHj/5WLpdfvHjxn//8rKenJ9iXFQBgbo5hGGZBftLCZbAsixAbRMcEAQB48ODB4OAAw7Acx5eXV8zNzd2+fWtoaIgkSZKkfB3q6enpnp7e+XHt9kkISa/OIUEQEokkKyvLarW2trbcv98VHR09PDz8tDCEcHT0u2+/HeE47oUXMsrLK4Qv4+7du6ElZCHEetulC8nieT4E250kSZIkhUSV//VLUTQt8b/58/Lybt78nPjRDvzNb8oW+FgURZlM/+rs7NRoNFVVR/T6Q6Ojo7du/au5+RObbXLBhoUQQiiBkKMo8sdPQMghJoQ4Qf39ZIjQ+lodQAitVutbb5WdPHnyq6++Qgjt2LGjquqI0fjJCy9keC9mpbGQeAjhqtnut2/frq2tEbYSy7IOh2PB0BzH/fKXr+XkvDQ2NvrGG8XJycn5+fnl5RUZGRmvv65b0bgIRZHenS8ki6bpea250pDJZFlZWQAQGBMQwvHx8a+/7v0pWfxzz/3i2LFjLpeLpumbN2+aTKZf//pAUlJSVFTQNnOQZNHeuQoLyZJIJBKJJOQbHUHhBPjyyc3N3bVr14+Toz799B9HjlT9dMbkZ5+1FRQUaDSaurr6t99+Jzo6WqFQ2Gw2k8m0cicAYxwVJfH2YRaSRVGUQhH6D1+ePHkyNjY2NTXJsj5vOgAgbDabxWJ5WulQFOXt6EMIx8cf/+53xyorq/bs2SOXyxFCnZ2dFy/+rbu7y9cZZFlksVgYhnny5EnIC4mPl3vvLJH8rNraGoOhKTTfUCKRyGRyjPH0tN23AsaCY/T00ACAuTmPqFPCcRxFUcnJP4uKiuI4bmpq0uVy+XnNkSQpl8cL/jDDzIUQEWAYpqSkpKHh1IJHRYZUKlOD7X1+wQzDjI8/Jn60430JOp0Oh2Pa+3HRhZEkiTH+4QerQC6E0L9BwHGccBEfciY1xkRKSqr3oyKjpqRsCdk8CXB+ISwjKA21RHVGUaRSqRTp1vujbdvSZTLZBrm19wbGWCaTbdu2zbtJhKyUlJSEhMQNG4PneT4+PiHQnSWXy9Vq9erbxxECjuNUKpVcLvduEiGLoqisrGwIN25YOTs7RzR7VlwRajSauLiNqLYwxlKpNDdXI9oqTlZ6enpGRhg81bCD47jt27enpz8v2ipOllQq1Wq14Z55GIAx1mr3ymQy0Vaf9kheXr5UurFOIsZYKpXl5eX7EvBJVmZm5u7duzdUMhtCaOfOnZmZKl8CPsmKjo7et69wQ13iQ0gWFu6PifEZhvbnFuTlvapSqTfI5kIIZWZm5uXl+ZHxR1ZiYtKBA0Ub5B4fAFBUVKRQKPzILOJw6nQFavWL635zIYRUKrVOV+BfbBGyFIqk0tLSdZ+GS5LUwYMlycnJ/sUWD2XodAV7974qmty1PsCyrFar3bdv36KSi5O1efPm8vKK+PiEdWlzYYzj4xMqKioDKfYQUJBMo9Ho9fp16f1wHFdSUpqbmxuIcEBkQQj1+kNa7d51dhhZln3llT2HDh0KMLIaaPg1ISHhvfdq0tK2rpv9JaSQ1NTUBl75LohYdU5OTk1NbWxs7DoIovI8HxMT+957NS+99FLgTwUX2C8sLKyqOgIhXNPKXki3rKys3L9/f1APBkcWhPDw4bKSktK1zBWBMT54sKSs7K1gPd+gr4yio6OPH68uLn5jjR5GnucPHCiurn43hLytUEzzuLi4Eyd+TxDElSvNABBrxXkU0pkPHCh+//33Q6ubu5RiY67Tp08ZjZeFOl7hpmIR8DwPADh4sKS6+t2QKwwvqYzd7Ozsxx9f+uijD2dmZiI58sVxXExMbGVlZVnZW+EpYycAIdTW1lZfX/fo0VhkFl9hWVawp/bt2xfOAonz6O3tbWiov3OnPUIKtwsQSm++8sqe2toTgZcy8oNlK+o6NTVlMDQZDE12uz0StphQ1LW0tFSvP7Rc1amXs1wwx3FdXV0XLpxvbzd7/zxh1YAQIklKq9VWVlbu3q2JxHLB83C73a2trZcvGwYG+sNSiFqlUpeUlOp0umWvq79SJc4nJiba2lqvXr06ODggpO6tdIlzCMnMzMyioqKCggKFInnp3a4eWQImJydNplstLS1dXV3CbxiXvXi+cDO6c+fOwsL9+fn5K1QJfjXIEjA7Ozs4OGgy3ero6Hj48KHT6cAYL/FvGQAAUql0+/btWu3evLx8lUq1FAMqgsiah9PpHB4evnfvXm9v78BAv90+5XA4EOIC/MMPiiJlMll8fIJKpc7Ozs7NzU1PT/eVl7DmyZoHy7LT09NWq2Vk5Bur1WK1WsbGxuz26bk5BiEWIY4gCIoiKYqOipLEx8vT0tJSUlKVSmV6+raUFKVcLg+LdRIeshZA0D4sywp/UiQEY0mSFP6kiKbpCLF1I4KstYJIjxZEFJ6RFQSekRUEnpEVBP4LiQWypqHC6doAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMDgtMzBUMTU6NDc6MjQtMDQ6MDCzXTa0AAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTA4LTMwVDE1OjQ2OjUxLTA0OjAwdT/DiAAAAABJRU5ErkJggg== diff --git a/unsupported/testing/1.0.0/requirements.txt b/unsupported/testing/1.0.0/requirements.txt new file mode 100644 index 00000000..fd7d3e06 --- /dev/null +++ b/unsupported/testing/1.0.0/requirements.txt @@ -0,0 +1 @@ +requests==2.25.1 \ No newline at end of file diff --git a/unsupported/testing/1.0.0/run b/unsupported/testing/1.0.0/run new file mode 100755 index 00000000..e73f748d --- /dev/null +++ b/unsupported/testing/1.0.0/run @@ -0,0 +1,17 @@ +#!/bin/sh +docker stop frikky/shuffle:testing_1.0.0 --force +docker rm frikky/shuffle:testing_1.0.0 --force +docker rmi frikky/shuffle:testing_1.0.0 --force + +docker build . -t frikky/shuffle:testing_1.0.0 + +echo "RUNNING!\n\n" +docker run \ + --env CALLBACK_URL="http://192.168.239.144:5001" \ + --env ACTION='{"app_name":"testing","app_version":"1.0.0","errors":[],"id_":"13fa4c3f-8991-3ade-b90d-f326fd4941dd","is_valid":true,"label":"random_number","environment":"onprem","name":"random_number","parameters":[],"position":{"x":178.07868996109607,"y":457.28345902971614},"priority":3}' \ + --env FUNCTION_APIKEY="asdasd" \ + --env EXECUTIONID="2349bf96-51ad-68d2-5ca6-75ef8f7ee814" \ + --env AUTHORIZATION="8e344a2e-db51-448f-804c-eb959a32c139" \ + frikky/shuffle:testing_1.0.0 + +docker push frikky/shuffle:testing_1.0.0 diff --git a/unsupported/testing/1.0.0/src/app.py b/unsupported/testing/1.0.0/src/app.py new file mode 100644 index 00000000..de090ef2 --- /dev/null +++ b/unsupported/testing/1.0.0/src/app.py @@ -0,0 +1,101 @@ +import socket +import asyncio +import time +import random +import json +import requests + +from walkoff_app_sdk.app_base import AppBase + +class HelloWorld(AppBase): + """ + An example of a Walkoff App. + Inherit from the AppBase class to have Redis, logging, and console logging set up behind the scenes. + """ + __version__ = "1.0.0" + app_name = "hello_world" # this needs to match "name" in api.yaml + + def __init__(self, redis, logger, console_logger=None): + """ + Each app should have this __init__ to set up Redis and logging. + :param redis: + :param logger: + :param console_logger: + """ + super().__init__(redis, logger, console_logger) + + def hello_world(self): + """ + Returns Hello World from the hostname the action is run on + :return: Hello World from your hostname + """ + message = f"Hello World from {socket.gethostname()} in workflow {self.current_execution_id}!" + + # This logs to the docker logs + self.logger.info(message) + + return message + + def repeat_back_to_me(self, call): + return call + + def repeat_back_to_me_multi(self, call, call2, call3): + return {"call1": call, "call2": call2, "call3": call3} + + def return_plus_one(self, number): + return int(number) + 1 + + def pause(self, seconds): + time.sleep(seconds) + return "Waited %d seconds" % seconds + + def get_type(self, value): + return "Type: %s" % type(value) + + def input_options_test(self, call): + return "Value: %s" % call + + def get_file_value(self, filedata): + if filedata == None: + return "File is empty?" + + print("INSIDE APP DATA: %s" % filedata) + return "%s" % filedata["data"].decode() + + def create_file(self, filename, data): + print("Inside function") + filedata = { + "filename": filename, + "data": data, + } + + fileret = self.set_files([filedata]) + value = {"success": True, "file_ids": fileret} + return value + #print("Done with upload function") + + #return ("Successfully put your data in a file", filedata) + + def download_file(self, url): + ret = requests.get(url, verify=False) + fileret = self.set_files([{ + "filename": "downloaded", + "data": ret.content, + }]) + + value = {"success": True, "file_ids": fileret} + return value + + #return ("Successfully put your data in a file", filedata) + + def delete_file(self, file_id): + headers = { + "Authorization": "Bearer %s" % self.authorization, + } + print("HEADERS: %s" % headers) + + ret = requests.delete("%s/api/v1/files/%s?execution_id=%s" % (self.base_url, file_id, self.current_execution_id), headers=headers) + return ret.text + +if __name__ == "__main__": + HelloWorld.run() diff --git a/unsupported/testing/1.0.0/tmp.py b/unsupported/testing/1.0.0/tmp.py new file mode 100644 index 00000000..2c3698ea --- /dev/null +++ b/unsupported/testing/1.0.0/tmp.py @@ -0,0 +1,128 @@ +import json +import re + +# This whole thing should be recursive. +basejson = [{'highlight_ranges': {}, 'message': {'Alert': 'Account Manipulation', '_id': 'd097c6f2-f6b6-11ea-aaa1-0050569f425d', 'timestamp': '2020-09-14T18:19:24.427Z'}, 'index': 'test', 'decoration_stats': None}, {'highlight_ranges': {}, 'message': {'Alert': 'Account Manipulation', '_id': 'd099c2c3-f6b6-11ea-aaa1-0050569f425d', 'timestamp': '2020-09-14T18:19:24.427Z'}, 'index': 'test', 'decoration_stats': None}, {'highlight_ranges': {}, 'message': {'Alert': 'Account Manipulation', '_id': 'd097c6f2-f6b6-11ea-aaa1-0050569f425d', 'timestamp': '2020-09-14T18:19:24.427Z'}, 'index': 'mitre_0', 'decoration_stats': None}, {'highlight_ranges': {}, 'message': {'Alert': 'Account Manipulation', '_id': 'd099c2c3-f6b6-11ea-aaa1-0050569f425d', 'timestamp': '2020-09-14T18:19:24.427Z'}, 'index': 'mitre_0', 'decoration_stats': None}, {'highlight_ranges': {}, 'message': {'Alert': 'Notepad connecting to the internet', '_id': 'c789d084-f6b6-11ea-aaa1-0050569f425d', 'timestamp': '2020-09-14T18:19:09.444Z'}, 'index': '1_207', 'decoration_stats': None}, {'highlight_ranges': {}, 'message': {'Alert': 'Notepad connecting to the internet', '_id': 'c789d084-f6b6-11ea-aaa1-0050569f425d', 'timestamp': '2020-09-14T18:19:09.444Z'}, 'index': 'mitre_0', 'decoration_stats': None}, {'highlight_ranges': {}, 'message': {'Alert': 'Obfuscating Hacking Commands', '_id': 'ae8ad8f5-f6b5-11ea-aaa1-0050569f425d', 'timestamp': '2020-09-14T18:11:17.202Z'}, 'index': 'mitre_0', 'decoration_stats': None}, {'highlight_ranges': {}, 'message': {'Alert': 'Account Manipulation', '_id': '0f9d3001-f6b3-11ea-aaa1-0050569f425d', 'timestamp': '2020-09-14T17:52:31.810Z'}, 'index': 'test_201', 'decoration_stats': None}, {'highlight_ranges': {}, 'message': {'Alert': 'Account Manipulation', '_id': '0f9d3000-f6b3-11ea-aaa1-0050569f425d', 'timestamp': '2020-09-14T17:52:31.810Z'}, 'index': 'test_201', 'decoration_stats': None}, {'highlight_ranges': {}, 'message': {'Alert': 'Account Manipulation', '_id': '0f9d3001-f6b3-11ea-aaa1-0050569f425d', 'timestamp': '2020-09-14T17:52:31.810Z'}, 'index': 'mitre_0', 'decoration_stats': None}, {'highlight_ranges': {}, 'message': {'Alert': 'Account Manipulation', '_id': '0f9d3000-f6b3-11ea-aaa1-0050569f425d', 'timestamp': '2020-09-14T17:52:31.810Z'}, 'index': 'mitre_0', 'decoration_stats': None}] +#basejson = json.loads(baseresult) + +#ACTUAL: [('$Start_node.#.message', 'Start_node.', 'message')] +input_data = "$Start_node.#4:max.message.Alert" + + +def recurse_loop(basejson, parsersplit): + #parsersplit = input_data.split(".") + + match = "#(\d+):?-?([0-9a-z]+)?#?" + print("Split: %s\n%s" % (parsersplit, basejson)) + try: + outercnt = 0 + for value in parsersplit: + print("VALUE: %s\n" % value) + actualitem = re.findall(match, value, re.MULTILINE) + if value == "#": + newvalue = [] + for innervalue in basejson: + # 1. Check the next item (message) + # 2. Call this function again + + try: + ret = recurse_loop(innervalue, parsersplit[outercnt+1:]) + except IndexError: + print("INDEXERROR: ", parsersplit[outercnt]) + #ret = innervalue + ret = recurse_loop(innervalue, parsersplit[outercnt:]) + + print(ret) + #exit() + newvalue.append(ret) + + return newvalue + elif len(actualitem) > 0: + # FIXME: This is absolutely not perfect. + print("IN HERE: ", actualitem) + + newvalue = [] + firstitem = actualitem[0][0] + seconditem = actualitem[0][1] + if seconditem == "": + print("In first") + basejson = basejson[int(firstitem)] + else: + if seconditem == "max": + seconditem = len(basejson) + if seconditem == "min": + seconditem = 0 + + newvalue = [] + for i in range(int(firstitem), int(seconditem)): + # 1. Check the next item (message) + # 2. Call this function again + print("Base: %s" % basejson[i]) + + try: + ret = recurse_loop(basejson[i], parsersplit[outercnt+1:]) + except IndexError: + print("INDEXERROR: ", parsersplit[outercnt]) + #ret = innervalue + ret = recurse_loop(innervalue, parsersplit[outercnt:]) + + print(ret) + #exit() + newvalue.append(ret) + + return newvalue + else: + #print("BEFORE NORMAL VALUE: ", basejson, value) + if len(value) == 0: + return basejson + + if isinstance(basejson[value], str): + print(f"LOADING STRING '%s' AS JSON" % basejson[value]) + try: + basejson = json.loads(basejson[value]) + except json.decoder.JSONDecodeError as e: + print("RETURNING BECAUSE '%s' IS A NORMAL STRING" % basejson[value]) + return basejson[value] + else: + basejson = basejson[value] + + outercnt += 1 + + except KeyError as e: + print("Lower keyerror: %s" % e) + #return basejson + #return "KeyError: Couldn't find key: %s" % e + + return basejson + +ret = recurse_loop(basejson, input_data.split(".")[1:]) +print(ret) + + + + # FIXME - not recursive - should go deeper if there are more # + #print("HANDLE RECURSIVE LOOP OF %s" % basejson) + #returnlist = [] + #try: + # for innervalue in basejson: + # print("Value: %s" % innervalue[parsersplit[cnt+1]]) + # returnlist.append(innervalue[parsersplit[cnt+1]]) + #except IndexError as e: + # print("Indexerror inner: %s" % e) + # # Basically means its a normal list, not a crazy one :) + # # Custom format for ${name[0,1,2,...]}$ + # indexvalue = "${NO_SPLITTER%s}$" % json.dumps(basejson) + # if len(returnlist) > 0: + # indexvalue = "${NO_SPLITTER%s}$" % json.dumps(returnlist) + + # print("INDEXVAL: ", indexvalue) + # return indexvalue + #except TypeError as e: + # print("TypeError inner: %s" % e) + + ## Example format: ${[]}$ + #parseditem = "${%s%s}$" % (parsersplit[cnt+1], json.dumps(returnlist)) + #print("PARSED LOOP ITEM: %s" % parseditem) + + ## FIXME: Always only does one iter here :( + #return parseditem diff --git a/thehive/1.1.0/Dockerfile b/unsupported/thehive/1.0.0/Dockerfile similarity index 100% rename from thehive/1.1.0/Dockerfile rename to unsupported/thehive/1.0.0/Dockerfile diff --git a/thehive/1.0.0/api.yaml b/unsupported/thehive/1.0.0/api.yaml similarity index 100% rename from thehive/1.0.0/api.yaml rename to unsupported/thehive/1.0.0/api.yaml diff --git a/thehive/1.0.0/docker-compose.yml b/unsupported/thehive/1.0.0/docker-compose.yml similarity index 100% rename from thehive/1.0.0/docker-compose.yml rename to unsupported/thehive/1.0.0/docker-compose.yml diff --git a/thehive/1.0.0/env.txt b/unsupported/thehive/1.0.0/env.txt similarity index 100% rename from thehive/1.0.0/env.txt rename to unsupported/thehive/1.0.0/env.txt diff --git a/thehive/1.0.0/requirements.txt b/unsupported/thehive/1.0.0/requirements.txt similarity index 100% rename from thehive/1.0.0/requirements.txt rename to unsupported/thehive/1.0.0/requirements.txt diff --git a/thehive/1.0.0/run b/unsupported/thehive/1.0.0/run similarity index 100% rename from thehive/1.0.0/run rename to unsupported/thehive/1.0.0/run diff --git a/thehive/1.0.0/src/app.py b/unsupported/thehive/1.0.0/src/app.py similarity index 100% rename from thehive/1.0.0/src/app.py rename to unsupported/thehive/1.0.0/src/app.py diff --git a/thehive/1.1.1/Dockerfile b/unsupported/thehive/1.1.0/Dockerfile similarity index 100% rename from thehive/1.1.1/Dockerfile rename to unsupported/thehive/1.1.0/Dockerfile diff --git a/thehive/1.1.0/api.yaml b/unsupported/thehive/1.1.0/api.yaml similarity index 100% rename from thehive/1.1.0/api.yaml rename to unsupported/thehive/1.1.0/api.yaml diff --git a/thehive/1.1.0/docker-compose.yml b/unsupported/thehive/1.1.0/docker-compose.yml similarity index 100% rename from thehive/1.1.0/docker-compose.yml rename to unsupported/thehive/1.1.0/docker-compose.yml diff --git a/thehive/1.1.0/env.txt b/unsupported/thehive/1.1.0/env.txt similarity index 100% rename from thehive/1.1.0/env.txt rename to unsupported/thehive/1.1.0/env.txt diff --git a/thehive/1.1.0/requirements.txt b/unsupported/thehive/1.1.0/requirements.txt similarity index 100% rename from thehive/1.1.0/requirements.txt rename to unsupported/thehive/1.1.0/requirements.txt diff --git a/thehive/1.1.0/run b/unsupported/thehive/1.1.0/run similarity index 100% rename from thehive/1.1.0/run rename to unsupported/thehive/1.1.0/run diff --git a/thehive/1.1.0/src/app.py b/unsupported/thehive/1.1.0/src/app.py similarity index 100% rename from thehive/1.1.0/src/app.py rename to unsupported/thehive/1.1.0/src/app.py diff --git a/thehive/1.1.2/Dockerfile b/unsupported/thehive/1.1.1/Dockerfile similarity index 100% rename from thehive/1.1.2/Dockerfile rename to unsupported/thehive/1.1.1/Dockerfile diff --git a/thehive/1.1.1/api.yaml b/unsupported/thehive/1.1.1/api.yaml similarity index 100% rename from thehive/1.1.1/api.yaml rename to unsupported/thehive/1.1.1/api.yaml diff --git a/thehive/1.1.1/docker-compose.yml b/unsupported/thehive/1.1.1/docker-compose.yml similarity index 100% rename from thehive/1.1.1/docker-compose.yml rename to unsupported/thehive/1.1.1/docker-compose.yml diff --git a/thehive/1.1.1/env.txt b/unsupported/thehive/1.1.1/env.txt similarity index 100% rename from thehive/1.1.1/env.txt rename to unsupported/thehive/1.1.1/env.txt diff --git a/thehive/1.1.1/requirements.txt b/unsupported/thehive/1.1.1/requirements.txt similarity index 100% rename from thehive/1.1.1/requirements.txt rename to unsupported/thehive/1.1.1/requirements.txt diff --git a/thehive/1.1.1/run b/unsupported/thehive/1.1.1/run similarity index 100% rename from thehive/1.1.1/run rename to unsupported/thehive/1.1.1/run diff --git a/thehive/1.1.1/src/app.py b/unsupported/thehive/1.1.1/src/app.py similarity index 100% rename from thehive/1.1.1/src/app.py rename to unsupported/thehive/1.1.1/src/app.py diff --git a/thehive/1.1.3/Dockerfile b/unsupported/thehive/1.1.2/Dockerfile similarity index 100% rename from thehive/1.1.3/Dockerfile rename to unsupported/thehive/1.1.2/Dockerfile diff --git a/thehive/1.1.2/api.yaml b/unsupported/thehive/1.1.2/api.yaml similarity index 100% rename from thehive/1.1.2/api.yaml rename to unsupported/thehive/1.1.2/api.yaml diff --git a/thehive/1.1.2/docker-compose.yml b/unsupported/thehive/1.1.2/docker-compose.yml similarity index 100% rename from thehive/1.1.2/docker-compose.yml rename to unsupported/thehive/1.1.2/docker-compose.yml diff --git a/thehive/1.1.2/env.txt b/unsupported/thehive/1.1.2/env.txt similarity index 100% rename from thehive/1.1.2/env.txt rename to unsupported/thehive/1.1.2/env.txt diff --git a/thehive/1.1.2/requirements.txt b/unsupported/thehive/1.1.2/requirements.txt similarity index 100% rename from thehive/1.1.2/requirements.txt rename to unsupported/thehive/1.1.2/requirements.txt diff --git a/thehive/1.1.2/run b/unsupported/thehive/1.1.2/run similarity index 100% rename from thehive/1.1.2/run rename to unsupported/thehive/1.1.2/run diff --git a/thehive/1.1.2/src/app.py b/unsupported/thehive/1.1.2/src/app.py similarity index 100% rename from thehive/1.1.2/src/app.py rename to unsupported/thehive/1.1.2/src/app.py diff --git a/unsupported/thehive/1.1.3/Dockerfile b/unsupported/thehive/1.1.3/Dockerfile new file mode 100644 index 00000000..bfa83edc --- /dev/null +++ b/unsupported/thehive/1.1.3/Dockerfile @@ -0,0 +1,26 @@ +# Base our app image off of the WALKOFF App SDK image +FROM frikky/shuffle:app_sdk as base + +# We're going to stage away all of the bloat from the build tools so lets create a builder stage +FROM base as builder + +# Install all alpine build tools needed for our pip installs +RUN apk --no-cache add --update alpine-sdk libffi libffi-dev musl-dev openssl-dev + +# Install all of our pip packages in a single directory that we can copy to our base image later +RUN mkdir /install +WORKDIR /install +COPY requirements.txt /requirements.txt +RUN pip install --prefix="/install" -r /requirements.txt + +# Switch back to our base image and copy in all of our built packages and source code +FROM base +COPY --from=builder /install /usr/local +COPY src /app + +# Install any binary dependencies needed in our final image +RUN apk --no-cache add --update libmagic + +# Finally, lets run our app! +WORKDIR /app +CMD python app.py --log-level DEBUG diff --git a/thehive/1.1.3/api.yaml b/unsupported/thehive/1.1.3/api.yaml similarity index 100% rename from thehive/1.1.3/api.yaml rename to unsupported/thehive/1.1.3/api.yaml diff --git a/thehive/1.1.3/docker-compose.yml b/unsupported/thehive/1.1.3/docker-compose.yml similarity index 100% rename from thehive/1.1.3/docker-compose.yml rename to unsupported/thehive/1.1.3/docker-compose.yml diff --git a/thehive/1.1.3/env.txt b/unsupported/thehive/1.1.3/env.txt similarity index 100% rename from thehive/1.1.3/env.txt rename to unsupported/thehive/1.1.3/env.txt diff --git a/thehive/1.1.3/requirements.txt b/unsupported/thehive/1.1.3/requirements.txt similarity index 100% rename from thehive/1.1.3/requirements.txt rename to unsupported/thehive/1.1.3/requirements.txt diff --git a/thehive/1.1.3/run b/unsupported/thehive/1.1.3/run similarity index 100% rename from thehive/1.1.3/run rename to unsupported/thehive/1.1.3/run diff --git a/thehive/1.1.3/src/app.py b/unsupported/thehive/1.1.3/src/app.py similarity index 100% rename from thehive/1.1.3/src/app.py rename to unsupported/thehive/1.1.3/src/app.py diff --git a/thehive/README.md b/unsupported/thehive/README.md similarity index 100% rename from thehive/README.md rename to unsupported/thehive/README.md diff --git a/thehive/conf.png b/unsupported/thehive/conf.png similarity index 100% rename from thehive/conf.png rename to unsupported/thehive/conf.png diff --git a/unsupported/twitter/1.0.0/Dockerfile b/unsupported/twitter/1.0.0/Dockerfile new file mode 100644 index 00000000..364e1531 --- /dev/null +++ b/unsupported/twitter/1.0.0/Dockerfile @@ -0,0 +1,26 @@ +# Base our app image off of the WALKOFF App SDK image +FROM frikky/shuffle:app_sdk as base + +# We're going to stage away all of the bloat from the build tools so lets create a builder stage +FROM base as builder + +# Install all alpine build tools needed for our pip installs +RUN apk --no-cache add --update alpine-sdk libffi libffi-dev musl-dev openssl-dev + +# Install all of our pip packages in a single directory that we can copy to our base image later +RUN mkdir /install +WORKDIR /install +COPY requirements.txt /requirements.txt +RUN pip install --prefix="/install" -r /requirements.txt + +# Switch back to our base image and copy in all of our built packages and source code +FROM base +COPY --from=builder /install /usr/local +COPY src /app + +# Install any binary dependencies needed in our final image +# RUN apk --no-cache add --update my_binary_dependency + +# Finally, lets run our app! +WORKDIR /app +CMD python app.py --log-level DEBUG diff --git a/twitter/1.0.0/api.yaml b/unsupported/twitter/1.0.0/api.yaml similarity index 100% rename from twitter/1.0.0/api.yaml rename to unsupported/twitter/1.0.0/api.yaml diff --git a/twitter/1.0.0/requirements.txt b/unsupported/twitter/1.0.0/requirements.txt similarity index 100% rename from twitter/1.0.0/requirements.txt rename to unsupported/twitter/1.0.0/requirements.txt diff --git a/twitter/1.0.0/src/app.py b/unsupported/twitter/1.0.0/src/app.py similarity index 100% rename from twitter/1.0.0/src/app.py rename to unsupported/twitter/1.0.0/src/app.py diff --git a/unsupported/vulndb/1.0.0/Dockerfile b/unsupported/vulndb/1.0.0/Dockerfile new file mode 100644 index 00000000..364e1531 --- /dev/null +++ b/unsupported/vulndb/1.0.0/Dockerfile @@ -0,0 +1,26 @@ +# Base our app image off of the WALKOFF App SDK image +FROM frikky/shuffle:app_sdk as base + +# We're going to stage away all of the bloat from the build tools so lets create a builder stage +FROM base as builder + +# Install all alpine build tools needed for our pip installs +RUN apk --no-cache add --update alpine-sdk libffi libffi-dev musl-dev openssl-dev + +# Install all of our pip packages in a single directory that we can copy to our base image later +RUN mkdir /install +WORKDIR /install +COPY requirements.txt /requirements.txt +RUN pip install --prefix="/install" -r /requirements.txt + +# Switch back to our base image and copy in all of our built packages and source code +FROM base +COPY --from=builder /install /usr/local +COPY src /app + +# Install any binary dependencies needed in our final image +# RUN apk --no-cache add --update my_binary_dependency + +# Finally, lets run our app! +WORKDIR /app +CMD python app.py --log-level DEBUG diff --git a/vulndb/1.0.0/api.yaml b/unsupported/vulndb/1.0.0/api.yaml similarity index 100% rename from vulndb/1.0.0/api.yaml rename to unsupported/vulndb/1.0.0/api.yaml diff --git a/vulndb/1.0.0/docs.md b/unsupported/vulndb/1.0.0/docs.md similarity index 100% rename from vulndb/1.0.0/docs.md rename to unsupported/vulndb/1.0.0/docs.md diff --git a/vulndb/1.0.0/requirements.txt b/unsupported/vulndb/1.0.0/requirements.txt similarity index 100% rename from vulndb/1.0.0/requirements.txt rename to unsupported/vulndb/1.0.0/requirements.txt diff --git a/vulndb/1.0.0/shield-vulndb.svg b/unsupported/vulndb/1.0.0/shield-vulndb.svg similarity index 100% rename from vulndb/1.0.0/shield-vulndb.svg rename to unsupported/vulndb/1.0.0/shield-vulndb.svg diff --git a/vulndb/1.0.0/src/app.py b/unsupported/vulndb/1.0.0/src/app.py similarity index 100% rename from vulndb/1.0.0/src/app.py rename to unsupported/vulndb/1.0.0/src/app.py