Class: Falcon::Intel

Inherits:

Object

• Object
• Falcon::Intel

Defined in:

lib/crimson-falcon/api/intel.rb

Instance Attribute Summary

• #api_client ⇒ Object

  Returns the value of attribute api_client.

Instance Method Summary

• #get_intel_actor_entities(ids, opts = {}) ⇒ DomainActorsResponse

  Retrieve specific actors using their actor IDs.

• #get_intel_actor_entities_with_http_info(ids, opts = {}) ⇒ Array<(DomainActorsResponse, Integer, Hash)>

  Retrieve specific actors using their actor IDs.

• #get_intel_indicator_entities(body, opts = {}) ⇒ DomainPublicIndicatorsV3Response

  Retrieve specific indicators using their indicator IDs.

• #get_intel_indicator_entities_with_http_info(body, opts = {}) ⇒ Array<(DomainPublicIndicatorsV3Response, Integer, Hash)>

  Retrieve specific indicators using their indicator IDs.

• #get_intel_report_entities(ids, opts = {}) ⇒ DomainNewsResponse

  Retrieve specific reports using their report IDs.

• #get_intel_report_entities_with_http_info(ids, opts = {}) ⇒ Array<(DomainNewsResponse, Integer, Hash)>

  Retrieve specific reports using their report IDs.

• #get_intel_report_pdf(opts = {}) ⇒ File

  Return a Report PDF attachment.

• #get_intel_report_pdf_with_http_info(opts = {}) ⇒ Array<(File, Integer, Hash)>

  Return a Report PDF attachment.

• #get_intel_rule_entities(ids, opts = {}) ⇒ DomainRulesResponse

  Retrieve details for rule sets for the specified ids.

• #get_intel_rule_entities_with_http_info(ids, opts = {}) ⇒ Array<(DomainRulesResponse, Integer, Hash)>

  Retrieve details for rule sets for the specified ids.

• #get_intel_rule_file(id, opts = {}) ⇒ File

  Download earlier rule sets.

• #get_intel_rule_file_with_http_info(id, opts = {}) ⇒ Array<(File, Integer, Hash)>

  Download earlier rule sets.

• #get_latest_intel_rule_file(type, opts = {}) ⇒ File

  Download the latest rule set.

• #get_latest_intel_rule_file_with_http_info(type, opts = {}) ⇒ Array<(File, Integer, Hash)>

  Download the latest rule set.

• #get_malware_entities(ids, opts = {}) ⇒ DomainMalwareResponse

  Get malware entities for specified ids.

• #get_malware_entities_with_http_info(ids, opts = {}) ⇒ Array<(DomainMalwareResponse, Integer, Hash)>

  Get malware entities for specified ids.

• #get_malware_mitre_report(id, format, opts = {}) ⇒ nil

  Export Mitre ATT&CK information for a given malware family.

• #get_malware_mitre_report_with_http_info(id, format, opts = {}) ⇒ Array<(nil, Integer, Hash)>

  Export Mitre ATT&amp;CK information for a given malware family.

• #get_mitre_report(actor_id, format, opts = {}) ⇒ nil

  Export Mitre ATT&CK information for a given actor.

• #get_mitre_report_with_http_info(actor_id, format, opts = {}) ⇒ Array<(nil, Integer, Hash)>

  Export Mitre ATT&amp;CK information for a given actor.

• #get_vulnerabilities(body, opts = {}) ⇒ DomainVulnerabilityResponse

  Get vulnerabilities.

• #get_vulnerabilities_with_http_info(body, opts = {}) ⇒ Array<(DomainVulnerabilityResponse, Integer, Hash)>

  Get vulnerabilities.

• #initialize(api_client = ApiClient.default) ⇒ Intel constructor

  A new instance of Intel.

• #post_mitre_attacks(body, opts = {}) ⇒ nil

  Retrieves report and observable IDs associated with the given actor and attacks.

• #post_mitre_attacks_with_http_info(body, opts = {}) ⇒ Array<(nil, Integer, Hash)>

  Retrieves report and observable IDs associated with the given actor and attacks.

• #query_intel_actor_entities(opts = {}) ⇒ DomainActorsResponse

  Get info about actors that match provided FQL filters.

• #query_intel_actor_entities_with_http_info(opts = {}) ⇒ Array<(DomainActorsResponse, Integer, Hash)>

  Get info about actors that match provided FQL filters.

• #query_intel_actor_ids(opts = {}) ⇒ MsaQueryResponse

  Get actor IDs that match provided FQL filters.

• #query_intel_actor_ids_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

  Get actor IDs that match provided FQL filters.

• #query_intel_indicator_entities(opts = {}) ⇒ DomainPublicIndicatorsV3Response

  Get info about indicators that match provided FQL filters.

• #query_intel_indicator_entities_with_http_info(opts = {}) ⇒ Array<(DomainPublicIndicatorsV3Response, Integer, Hash)>

  Get info about indicators that match provided FQL filters.

• #query_intel_indicator_ids(opts = {}) ⇒ MsaQueryResponse

  Get indicators IDs that match provided FQL filters.

• #query_intel_indicator_ids_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

  Get indicators IDs that match provided FQL filters.

• #query_intel_report_entities(opts = {}) ⇒ DomainNewsResponse

  Get info about reports that match provided FQL filters.

• #query_intel_report_entities_with_http_info(opts = {}) ⇒ Array<(DomainNewsResponse, Integer, Hash)>

  Get info about reports that match provided FQL filters.

• #query_intel_report_ids(opts = {}) ⇒ MsaQueryResponse

  Get report IDs that match provided FQL filters.

• #query_intel_report_ids_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

  Get report IDs that match provided FQL filters.

• #query_intel_rule_ids(type, opts = {}) ⇒ MsaQueryResponse

  Search for rule IDs that match provided filter criteria.

• #query_intel_rule_ids_with_http_info(type, opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

  Search for rule IDs that match provided filter criteria.

• #query_malware(opts = {}) ⇒ DomainQueryResponse

  Get malware family names that match provided FQL filters.

• #query_malware_entities(opts = {}) ⇒ DomainMalwareResponse

  Get malware entities that match provided FQL filters.

• #query_malware_entities_with_http_info(opts = {}) ⇒ Array<(DomainMalwareResponse, Integer, Hash)>

  Get malware entities that match provided FQL filters.

• #query_malware_with_http_info(opts = {}) ⇒ Array<(DomainQueryResponse, Integer, Hash)>

  Get malware family names that match provided FQL filters.

• #query_mitre_attacks(opts = {}) ⇒ DomainQueryMitreAttacksResponse

  Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071.

• #query_mitre_attacks_for_malware(ids, opts = {}) ⇒ DomainQueryResponse

  Gets MITRE tactics and techniques for the given malware.

• #query_mitre_attacks_for_malware_with_http_info(ids, opts = {}) ⇒ Array<(DomainQueryResponse, Integer, Hash)>

  Gets MITRE tactics and techniques for the given malware.

• #query_mitre_attacks_with_http_info(opts = {}) ⇒ Array<(DomainQueryMitreAttacksResponse, Integer, Hash)>

  Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071.

• #query_vulnerabilities(opts = {}) ⇒ MsaQueryResponse

  Get vulnerabilities IDs.

• #query_vulnerabilities_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

  Get vulnerabilities IDs.

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ Intel

Returns a new instance of Intel.

# File 'lib/crimson-falcon/api/intel.rb', line 36

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_client ⇒ Object

Returns the value of attribute api_client.

# File 'lib/crimson-falcon/api/intel.rb', line 34

def api_client
  @api_client
end

Instance Method Details

#get_intel_actor_entities(ids, opts = {}) ⇒ DomainActorsResponse

Retrieve specific actors using their actor IDs.

Parameters:

• ids (Array<String>) —

  The IDs of the actors you want to retrieve.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :fields (Array<String>) —

  The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: __\&lt;collection\&gt;__. Ex: slug _full_. Defaults to _basic_.

Returns:

• (DomainActorsResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 44

def get_intel_actor_entities(ids, opts = {})
  data, _status_code, _headers = get_intel_actor_entities_with_http_info(ids, opts)
  data
end

#get_intel_actor_entities_with_http_info(ids, opts = {}) ⇒ Array<(DomainActorsResponse, Integer, Hash)>

Retrieve specific actors using their actor IDs.

Parameters:

• ids (Array<String>) —

  The IDs of the actors you want to retrieve.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :fields (Array<String>) —

  The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: __\&lt;collection\&gt;__. Ex: slug _full_. Defaults to _basic_.

Returns:

• (Array<(DomainActorsResponse, Integer, Hash)>) —

  DomainActorsResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 54

def get_intel_actor_entities_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.get_intel_actor_entities ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Intel.get_intel_actor_entities"
  end
  # resource path
  local_var_path = '/intel/entities/actors/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)
  query_params[:'fields'] = @api_client.build_collection_param(opts[:'fields'], :multi) if !opts[:'fields'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainActorsResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.get_intel_actor_entities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#get_intel_actor_entities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_intel_indicator_entities(body, opts = {}) ⇒ DomainPublicIndicatorsV3Response

Retrieve specific indicators using their indicator IDs.

Parameters:

• body (MsaIdsRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainPublicIndicatorsV3Response)

# File 'lib/crimson-falcon/api/intel.rb', line 108

def get_intel_indicator_entities(body, opts = {})
  data, _status_code, _headers = get_intel_indicator_entities_with_http_info(body, opts)
  data
end

#get_intel_indicator_entities_with_http_info(body, opts = {}) ⇒ Array<(DomainPublicIndicatorsV3Response, Integer, Hash)>

Retrieve specific indicators using their indicator IDs.

Parameters:

• body (MsaIdsRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainPublicIndicatorsV3Response, Integer, Hash)>) —

  DomainPublicIndicatorsV3Response data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 117

def get_intel_indicator_entities_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.get_intel_indicator_entities ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Intel.get_intel_indicator_entities"
  end
  # resource path
  local_var_path = '/intel/entities/indicators/GET/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'DomainPublicIndicatorsV3Response'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.get_intel_indicator_entities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#get_intel_indicator_entities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_intel_report_entities(ids, opts = {}) ⇒ DomainNewsResponse

Retrieve specific reports using their report IDs.

Parameters:

• ids (Array<String>) —

  The IDs of the reports you want to retrieve.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :fields (Array<String>) —

  The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: __\&lt;collection\&gt;__. Ex: slug _full_. Defaults to _basic_.

Returns:

• (DomainNewsResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 175

def get_intel_report_entities(ids, opts = {})
  data, _status_code, _headers = get_intel_report_entities_with_http_info(ids, opts)
  data
end

#get_intel_report_entities_with_http_info(ids, opts = {}) ⇒ Array<(DomainNewsResponse, Integer, Hash)>

Retrieve specific reports using their report IDs.

Parameters:

• ids (Array<String>) —

  The IDs of the reports you want to retrieve.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :fields (Array<String>) —

  The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: __\&lt;collection\&gt;__. Ex: slug _full_. Defaults to _basic_.

Returns:

• (Array<(DomainNewsResponse, Integer, Hash)>) —

  DomainNewsResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 185

def get_intel_report_entities_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.get_intel_report_entities ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Intel.get_intel_report_entities"
  end
  # resource path
  local_var_path = '/intel/entities/reports/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)
  query_params[:'fields'] = @api_client.build_collection_param(opts[:'fields'], :multi) if !opts[:'fields'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainNewsResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.get_intel_report_entities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#get_intel_report_entities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_intel_report_pdf(opts = {}) ⇒ File

Return a Report PDF attachment

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :id (String) —

  The ID of the report you want to download as a PDF.

• :ids (String) —

  The ID of the report you want to download as a PDF. This parameter is used only if no id parameter given.

Returns:

• (File)

# File 'lib/crimson-falcon/api/intel.rb', line 240

def get_intel_report_pdf(opts = {})
  data, _status_code, _headers = get_intel_report_pdf_with_http_info(opts)
  data
end

#get_intel_report_pdf_with_http_info(opts = {}) ⇒ Array<(File, Integer, Hash)>

Return a Report PDF attachment

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :id (String) —

  The ID of the report you want to download as a PDF.

• :ids (String) —

  The ID of the report you want to download as a PDF. This parameter is used only if no id parameter given.

Returns:

• (Array<(File, Integer, Hash)>) —

  File data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 250

def get_intel_report_pdf_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.get_intel_report_pdf ...'
  end
  # resource path
  local_var_path = '/intel/entities/report-files/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'id'] = opts[:'id'] if !opts[:'id'].nil?
  query_params[:'ids'] = opts[:'ids'] if !opts[:'ids'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/octet-stream', 'application/json', 'application/pdf'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'File'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.get_intel_report_pdf",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#get_intel_report_pdf\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_intel_rule_entities(ids, opts = {}) ⇒ DomainRulesResponse

Retrieve details for rule sets for the specified ids.

Parameters:

• ids (Array<String>) —

  The ids of rules to return.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainRulesResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 300

def get_intel_rule_entities(ids, opts = {})
  data, _status_code, _headers = get_intel_rule_entities_with_http_info(ids, opts)
  data
end

#get_intel_rule_entities_with_http_info(ids, opts = {}) ⇒ Array<(DomainRulesResponse, Integer, Hash)>

Retrieve details for rule sets for the specified ids.

Parameters:

• ids (Array<String>) —

  The ids of rules to return.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainRulesResponse, Integer, Hash)>) —

  DomainRulesResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 309

def get_intel_rule_entities_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.get_intel_rule_entities ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Intel.get_intel_rule_entities"
  end
  # resource path
  local_var_path = '/intel/entities/rules/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainRulesResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.get_intel_rule_entities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#get_intel_rule_entities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_intel_rule_file(id, opts = {}) ⇒ File

Download earlier rule sets.

Parameters:

• id (Integer) —

  The ID of the rule set.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :accept (String) —

  Choose the format you want the rule set in.

• :format (String) —

  Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip.

Returns:

• (File)

# File 'lib/crimson-falcon/api/intel.rb', line 364

def get_intel_rule_file(id, opts = {})
  data, _status_code, _headers = get_intel_rule_file_with_http_info(id, opts)
  data
end

#get_intel_rule_file_with_http_info(id, opts = {}) ⇒ Array<(File, Integer, Hash)>

Download earlier rule sets.

Parameters:

• id (Integer) —

  The ID of the rule set.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :accept (String) —

  Choose the format you want the rule set in.

• :format (String) —

  Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip.

Returns:

• (Array<(File, Integer, Hash)>) —

  File data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 375

def get_intel_rule_file_with_http_info(id, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.get_intel_rule_file ...'
  end
  # verify the required parameter 'id' is set
  if @api_client.config.client_side_validation && id.nil?
    fail ArgumentError, "Missing the required parameter 'id' when calling Intel.get_intel_rule_file"
  end
  # resource path
  local_var_path = '/intel/entities/rules-files/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'id'] = id
  query_params[:'format'] = opts[:'format'] if !opts[:'format'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/zip', 'application/gzip', 'application/octet-stream', 'application/json', '*/*'])
  header_params[:'Accept'] = opts[:'accept'] if !opts[:'accept'].nil?

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'File'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.get_intel_rule_file",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#get_intel_rule_file\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_latest_intel_rule_file(type, opts = {}) ⇒ File

Download the latest rule set.

Parameters:

• type (String) —

  The rule news report type. Accepted values: snort-suricata-master snort-suricata-update snort-suricata-changelog yara-master yara-update yara-changelog common-event-format netwitness cql-master cql-update cql-changelog

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :accept (String) —

  Choose the format you want the rule set in.

• :if_none_match (String) —

  Download the latest rule set only if it doesn&#39;t have an ETag matching the given ones.

• :if_modified_since (String) —

  Download the latest rule set only if the rule was modified after this date. http, ANSIC and RFC850 formats accepted

• :format (String) —

  Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip.

• :if_modified_since2 (String) —

  Download Only if changed since

Returns:

• (File)

# File 'lib/crimson-falcon/api/intel.rb', line 435

def get_latest_intel_rule_file(type, opts = {})
  data, _status_code, _headers = get_latest_intel_rule_file_with_http_info(type, opts)
  data
end

#get_latest_intel_rule_file_with_http_info(type, opts = {}) ⇒ Array<(File, Integer, Hash)>

Download the latest rule set.

Parameters:

• type (String) —

  The rule news report type. Accepted values: snort-suricata-master snort-suricata-update snort-suricata-changelog yara-master yara-update yara-changelog common-event-format netwitness cql-master cql-update cql-changelog

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :accept (String) —

  Choose the format you want the rule set in.

• :if_none_match (String) —

  Download the latest rule set only if it doesn&#39;t have an ETag matching the given ones.

• :if_modified_since (String) —

  Download the latest rule set only if the rule was modified after this date. http, ANSIC and RFC850 formats accepted

• :format (String) —

  Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip.

• :if_modified_since2 (String) —

  Download Only if changed since

Returns:

• (Array<(File, Integer, Hash)>) —

  File data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 449

def get_latest_intel_rule_file_with_http_info(type, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.get_latest_intel_rule_file ...'
  end
  # verify the required parameter 'type' is set
  if @api_client.config.client_side_validation && type.nil?
    fail ArgumentError, "Missing the required parameter 'type' when calling Intel.get_latest_intel_rule_file"
  end
  # resource path
  local_var_path = '/intel/entities/rules-latest-files/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'type'] = type
  query_params[:'format'] = opts[:'format'] if !opts[:'format'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/zip', 'application/gzip', 'application/octet-stream', 'application/json', '*/*'])
  header_params[:'Accept'] = opts[:'accept'] if !opts[:'accept'].nil?
  header_params[:'If-None-Match'] = opts[:'if_none_match'] if !opts[:'if_none_match'].nil?
  header_params[:'If-Modified-Since'] = opts[:'if_modified_since'] if !opts[:'if_modified_since'].nil?
  header_params[:'If-Modified-Since'] = opts[:'if_modified_since2'] if !opts[:'if_modified_since2'].nil?

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'File'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.get_latest_intel_rule_file",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#get_latest_intel_rule_file\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_malware_entities(ids, opts = {}) ⇒ DomainMalwareResponse

Get malware entities for specified ids.

Parameters:

• ids (Array<String>) —

  Malware family name in lower case with spaces, dots and slashes replaced with dashes

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainMalwareResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 507

def get_malware_entities(ids, opts = {})
  data, _status_code, _headers = get_malware_entities_with_http_info(ids, opts)
  data
end

#get_malware_entities_with_http_info(ids, opts = {}) ⇒ Array<(DomainMalwareResponse, Integer, Hash)>

Get malware entities for specified ids.

Parameters:

• ids (Array<String>) —

  Malware family name in lower case with spaces, dots and slashes replaced with dashes

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainMalwareResponse, Integer, Hash)>) —

  DomainMalwareResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 516

def get_malware_entities_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.get_malware_entities ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Intel.get_malware_entities"
  end
  # resource path
  local_var_path = '/intel/entities/malware/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainMalwareResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.get_malware_entities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#get_malware_entities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_malware_mitre_report(id, format, opts = {}) ⇒ nil

Export Mitre ATT&CK information for a given malware family.

Parameters:

• id (String) —

  Malware family name in lower case with spaces replaced with dashes

• format (String) —

  Supported report formats: CSV, JSON or JSON_NAVIGATOR

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :x_cs_useruuid (String) —

  User id

Returns:

• (nil)

# File 'lib/crimson-falcon/api/intel.rb', line 571

def get_malware_mitre_report(id, format, opts = {})
  get_malware_mitre_report_with_http_info(id, format, opts)
  nil
end

#get_malware_mitre_report_with_http_info(id, format, opts = {}) ⇒ Array<(nil, Integer, Hash)>

Export Mitre ATT&amp;CK information for a given malware family.

Parameters:

• id (String) —

  Malware family name in lower case with spaces replaced with dashes

• format (String) —

  Supported report formats: CSV, JSON or JSON_NAVIGATOR

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :x_cs_useruuid (String) —

  User id

Returns:

• (Array<(nil, Integer, Hash)>) —

  nil, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 582

def get_malware_mitre_report_with_http_info(id, format, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.get_malware_mitre_report ...'
  end
  # verify the required parameter 'id' is set
  if @api_client.config.client_side_validation && id.nil?
    fail ArgumentError, "Missing the required parameter 'id' when calling Intel.get_malware_mitre_report"
  end
  # verify the required parameter 'format' is set
  if @api_client.config.client_side_validation && format.nil?
    fail ArgumentError, "Missing the required parameter 'format' when calling Intel.get_malware_mitre_report"
  end
  # resource path
  local_var_path = '/intel/entities/malware-mitre-reports/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'id'] = id
  query_params[:'format'] = format

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json', 'text/csv'])
  header_params[:'X-CS-USERUUID'] = opts[:'x_cs_useruuid'] if !opts[:'x_cs_useruuid'].nil?

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type]

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.get_malware_mitre_report",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#get_malware_mitre_report\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_mitre_report(actor_id, format, opts = {}) ⇒ nil

Export Mitre ATT&CK information for a given actor.

Parameters:

• actor_id (String) —

  Actor ID(derived from the actor&#39;s name)

• format (String) —

  Supported report formats: CSV or JSON

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (nil)

# File 'lib/crimson-falcon/api/intel.rb', line 642

def get_mitre_report(actor_id, format, opts = {})
  get_mitre_report_with_http_info(actor_id, format, opts)
  nil
end

#get_mitre_report_with_http_info(actor_id, format, opts = {}) ⇒ Array<(nil, Integer, Hash)>

Export Mitre ATT&amp;CK information for a given actor.

Parameters:

• actor_id (String) —

  Actor ID(derived from the actor&#39;s name)

• format (String) —

  Supported report formats: CSV or JSON

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(nil, Integer, Hash)>) —

  nil, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 652

def get_mitre_report_with_http_info(actor_id, format, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.get_mitre_report ...'
  end
  # verify the required parameter 'actor_id' is set
  if @api_client.config.client_side_validation && actor_id.nil?
    fail ArgumentError, "Missing the required parameter 'actor_id' when calling Intel.get_mitre_report"
  end
  # verify the required parameter 'format' is set
  if @api_client.config.client_side_validation && format.nil?
    fail ArgumentError, "Missing the required parameter 'format' when calling Intel.get_mitre_report"
  end
  # resource path
  local_var_path = '/intel/entities/mitre-reports/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'actor_id'] = actor_id
  query_params[:'format'] = format

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/octet-stream', 'application/json', 'text/csv'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type]

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.get_mitre_report",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#get_mitre_report\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_vulnerabilities(body, opts = {}) ⇒ DomainVulnerabilityResponse

Get vulnerabilities

Parameters:

• body (MsaIdsRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainVulnerabilityResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 710

def get_vulnerabilities(body, opts = {})
  data, _status_code, _headers = get_vulnerabilities_with_http_info(body, opts)
  data
end

#get_vulnerabilities_with_http_info(body, opts = {}) ⇒ Array<(DomainVulnerabilityResponse, Integer, Hash)>

Get vulnerabilities

Parameters:

• body (MsaIdsRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainVulnerabilityResponse, Integer, Hash)>) —

  DomainVulnerabilityResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 719

def get_vulnerabilities_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.get_vulnerabilities ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Intel.get_vulnerabilities"
  end
  # resource path
  local_var_path = '/intel/entities/vulnerabilities/GET/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'DomainVulnerabilityResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.get_vulnerabilities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#get_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#post_mitre_attacks(body, opts = {}) ⇒ nil

Retrieves report and observable IDs associated with the given actor and attacks

Parameters:

• body (MsaIdsRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (nil)

# File 'lib/crimson-falcon/api/intel.rb', line 776

def post_mitre_attacks(body, opts = {})
  post_mitre_attacks_with_http_info(body, opts)
  nil
end

#post_mitre_attacks_with_http_info(body, opts = {}) ⇒ Array<(nil, Integer, Hash)>

Retrieves report and observable IDs associated with the given actor and attacks

Parameters:

• body (MsaIdsRequest)
• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(nil, Integer, Hash)>) —

  nil, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 785

def post_mitre_attacks_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.post_mitre_attacks ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling Intel.post_mitre_attacks"
  end
  # resource path
  local_var_path = '/intel/entities/mitre/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type]

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.post_mitre_attacks",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#post_mitre_attacks\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_intel_actor_entities(opts = {}) ⇒ DomainActorsResponse

Get info about actors that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return actors from. Defaults to 0.

• :limit (Integer) —

  Set the number of actors to return. The value must be between 1 and 5000.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, animal_classifier, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value.

• :q (String) —

  Perform a generic substring search across all fields.

• :fields (Array<String>) —

  The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: __\&lt;collection\&gt;__. Ex: slug _full_. Defaults to _basic_.

Returns:

• (DomainActorsResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 847

def query_intel_actor_entities(opts = {})
  data, _status_code, _headers = query_intel_actor_entities_with_http_info(opts)
  data
end

#query_intel_actor_entities_with_http_info(opts = {}) ⇒ Array<(DomainActorsResponse, Integer, Hash)>

Get info about actors that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return actors from. Defaults to 0.

• :limit (Integer) —

  Set the number of actors to return. The value must be between 1 and 5000.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, animal_classifier, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value.

• :q (String) —

  Perform a generic substring search across all fields.

• :fields (Array<String>) —

  The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: __\&lt;collection\&gt;__. Ex: slug _full_. Defaults to _basic_.

Returns:

• (Array<(DomainActorsResponse, Integer, Hash)>) —

  DomainActorsResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 861

def query_intel_actor_entities_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.query_intel_actor_entities ...'
  end
  # resource path
  local_var_path = '/intel/combined/actors/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?
  query_params[:'fields'] = @api_client.build_collection_param(opts[:'fields'], :multi) if !opts[:'fields'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainActorsResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.query_intel_actor_entities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#query_intel_actor_entities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_intel_actor_ids(opts = {}) ⇒ MsaQueryResponse

Get actor IDs that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return actors IDs from. Defaults to 0.

• :limit (Integer) —

  Set the number of actor IDs to return. The value must be between 1 and 5000.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, animal_classifier, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value.

• :q (String) —

  Perform a generic substring search across all fields.

Returns:

• (MsaQueryResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 919

def query_intel_actor_ids(opts = {})
  data, _status_code, _headers = query_intel_actor_ids_with_http_info(opts)
  data
end

#query_intel_actor_ids_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

Get actor IDs that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return actors IDs from. Defaults to 0.

• :limit (Integer) —

  Set the number of actor IDs to return. The value must be between 1 and 5000.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters. Filter parameters include: actor_type, animal_classifier, capabilities, capability, capability.id, capability.slug, capability.value, created_date, description, ecrime_kill_chain.attribution, ecrime_kill_chain.crimes, ecrime_kill_chain.customers, ecrime_kill_chain.marketing, ecrime_kill_chain.monetization, ecrime_kill_chain.services_offered, ecrime_kill_chain.services_used, ecrime_kill_chain.technical_tradecraft, ecrime_kill_chain.victims, first_activity_date, group, group.id, group.slug, group.value, id, kill_chain.actions_and_objectives, kill_chain.actions_on_objectives, kill_chain.command_and_control, kill_chain.delivery, kill_chain.exploitation, kill_chain.installation, kill_chain.objectives, kill_chain.reconnaissance, kill_chain.weaponization, known_as, last_activity_date, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, objectives, origins, origins.id, origins.slug, origins.value, region, region.id, region.slug, region.value, short_description, slug, status, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, target_regions, target_regions.id, target_regions.slug, target_regions.value.

• :q (String) —

  Perform a generic substring search across all fields.

Returns:

• (Array<(MsaQueryResponse, Integer, Hash)>) —

  MsaQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 932

def query_intel_actor_ids_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.query_intel_actor_ids ...'
  end
  # resource path
  local_var_path = '/intel/queries/actors/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.query_intel_actor_ids",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#query_intel_actor_ids\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_intel_indicator_entities(opts = {}) ⇒ DomainPublicIndicatorsV3Response

Get info about indicators that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return indicators from. Defaults to 0.

• :limit (Integer) —

  Set the number of indicators to return. The number must be between 1 and 10000

• :sort (String) —

  Order fields in ascending or descending order. Ex: published_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters. Filter parameters include: _marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, scope, targets, threat_types, type, vulnerabilities.

• :q (String) —

  Perform a generic substring search across all fields.

• :include_deleted (Boolean) —

  If true, include both published and deleted indicators in the response. Defaults to false.

• :include_relations (Boolean) —

  If true, include related indicators in the response. Defaults to true.

Returns:

• (DomainPublicIndicatorsV3Response)

# File 'lib/crimson-falcon/api/intel.rb', line 991

def query_intel_indicator_entities(opts = {})
  data, _status_code, _headers = query_intel_indicator_entities_with_http_info(opts)
  data
end

#query_intel_indicator_entities_with_http_info(opts = {}) ⇒ Array<(DomainPublicIndicatorsV3Response, Integer, Hash)>

Get info about indicators that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return indicators from. Defaults to 0.

• :limit (Integer) —

  Set the number of indicators to return. The number must be between 1 and 10000

• :sort (String) —

  Order fields in ascending or descending order. Ex: published_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters. Filter parameters include: _marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, scope, targets, threat_types, type, vulnerabilities.

• :q (String) —

  Perform a generic substring search across all fields.

• :include_deleted (Boolean) —

  If true, include both published and deleted indicators in the response. Defaults to false.

• :include_relations (Boolean) —

  If true, include related indicators in the response. Defaults to true.

Returns:

• (Array<(DomainPublicIndicatorsV3Response, Integer, Hash)>) —

  DomainPublicIndicatorsV3Response data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 1006

def query_intel_indicator_entities_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.query_intel_indicator_entities ...'
  end
  # resource path
  local_var_path = '/intel/combined/indicators/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?
  query_params[:'include_deleted'] = opts[:'include_deleted'] if !opts[:'include_deleted'].nil?
  query_params[:'include_relations'] = opts[:'include_relations'] if !opts[:'include_relations'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainPublicIndicatorsV3Response'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.query_intel_indicator_entities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#query_intel_indicator_entities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_intel_indicator_ids(opts = {}) ⇒ MsaQueryResponse

Get indicators IDs that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return indicator IDs from. Defaults to 0.

• :limit (Integer) —

  Set the number of indicator IDs to return. The number must be between 1 and 10000

• :sort (String) —

  Order fields in ascending or descending order. Ex: published_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters. Filter parameters include: _marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, scope, targets, threat_types, type, vulnerabilities.

• :q (String) —

  Perform a generic substring search across all fields.

• :include_deleted (Boolean) —

  If true, include both published and deleted indicators in the response. Defaults to false.

• :include_relations (Boolean) —

  If true, include related indicators in the response. Defaults to true.

Returns:

• (MsaQueryResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 1067

def query_intel_indicator_ids(opts = {})
  data, _status_code, _headers = query_intel_indicator_ids_with_http_info(opts)
  data
end

#query_intel_indicator_ids_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

Get indicators IDs that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return indicator IDs from. Defaults to 0.

• :limit (Integer) —

  Set the number of indicator IDs to return. The number must be between 1 and 10000

• :sort (String) —

  Order fields in ascending or descending order. Ex: published_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters. Filter parameters include: _marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, scope, targets, threat_types, type, vulnerabilities.

• :q (String) —

  Perform a generic substring search across all fields.

• :include_deleted (Boolean) —

  If true, include both published and deleted indicators in the response. Defaults to false.

• :include_relations (Boolean) —

  If true, include related indicators in the response. Defaults to true.

Returns:

• (Array<(MsaQueryResponse, Integer, Hash)>) —

  MsaQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 1082

def query_intel_indicator_ids_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.query_intel_indicator_ids ...'
  end
  # resource path
  local_var_path = '/intel/queries/indicators/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?
  query_params[:'include_deleted'] = opts[:'include_deleted'] if !opts[:'include_deleted'].nil?
  query_params[:'include_relations'] = opts[:'include_relations'] if !opts[:'include_relations'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.query_intel_indicator_ids",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#query_intel_indicator_ids\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_intel_report_entities(opts = {}) ⇒ DomainNewsResponse

Get info about reports that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return reports from. Defaults to 0.

• :limit (Integer) —

  Set the number of reports to return. The value must be between 1 and 5000.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters. Filter parameters include: actors, actors.animal_classifier, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, malware, malware.community_identifiers, malware.family_name, malware.slug, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.

• :q (String) —

  Perform a generic substring search across all fields.

• :fields (Array<String>) —

  The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: __\&lt;collection\&gt;__. Ex: slug _full_. Defaults to _basic_.

Returns:

• (DomainNewsResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 1142

def query_intel_report_entities(opts = {})
  data, _status_code, _headers = query_intel_report_entities_with_http_info(opts)
  data
end

#query_intel_report_entities_with_http_info(opts = {}) ⇒ Array<(DomainNewsResponse, Integer, Hash)>

Get info about reports that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return reports from. Defaults to 0.

• :limit (Integer) —

  Set the number of reports to return. The value must be between 1 and 5000.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters. Filter parameters include: actors, actors.animal_classifier, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, malware, malware.community_identifiers, malware.family_name, malware.slug, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.

• :q (String) —

  Perform a generic substring search across all fields.

• :fields (Array<String>) —

  The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: __\&lt;collection\&gt;__. Ex: slug _full_. Defaults to _basic_.

Returns:

• (Array<(DomainNewsResponse, Integer, Hash)>) —

  DomainNewsResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 1156

def query_intel_report_entities_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.query_intel_report_entities ...'
  end
  # resource path
  local_var_path = '/intel/combined/reports/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?
  query_params[:'fields'] = @api_client.build_collection_param(opts[:'fields'], :multi) if !opts[:'fields'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainNewsResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.query_intel_report_entities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#query_intel_report_entities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_intel_report_ids(opts = {}) ⇒ MsaQueryResponse

Get report IDs that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return report IDs from. Defaults to 0.

• :limit (Integer) —

  Set the number of report IDs to return. The value must be between 1 and 5000.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters. Filter parameters include: actors, actors.animal_classifier, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, malware, malware.community_identifiers, malware.family_name, malware.slug, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.

• :q (String) —

  Perform a generic substring search across all fields.

Returns:

• (MsaQueryResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 1214

def query_intel_report_ids(opts = {})
  data, _status_code, _headers = query_intel_report_ids_with_http_info(opts)
  data
end

#query_intel_report_ids_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

Get report IDs that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return report IDs from. Defaults to 0.

• :limit (Integer) —

  Set the number of report IDs to return. The value must be between 1 and 5000.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters. Filter parameters include: actors, actors.animal_classifier, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, malware, malware.community_identifiers, malware.family_name, malware.slug, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.

• :q (String) —

  Perform a generic substring search across all fields.

Returns:

• (Array<(MsaQueryResponse, Integer, Hash)>) —

  MsaQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 1227

def query_intel_report_ids_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.query_intel_report_ids ...'
  end
  # resource path
  local_var_path = '/intel/queries/reports/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.query_intel_report_ids",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#query_intel_report_ids\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_intel_rule_ids(type, opts = {}) ⇒ MsaQueryResponse

Search for rule IDs that match provided filter criteria.

Parameters:

• type (String) —

  The rule news report type. Accepted values: snort-suricata-master snort-suricata-update snort-suricata-changelog yara-master yara-update yara-changelog common-event-format netwitness cql-master cql-update cql-changelog

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return reports from. Defaults to 0.

• :limit (Integer) —

  The number of rule IDs to return. Defaults to 10.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :name (Array<String>) —

  Search by rule title.

• :description (Array<String>) —

  Substring match on description field.

• :tags (Array<String>) —

  Search for rule tags.

• :min_created_date (Integer) —

  Filter results to those created on or after a certain date.

• :max_created_date (String) —

  Filter results to those created on or before a certain date.

• :q (String) —

  Perform a generic substring search across all fields.

Returns:

• (MsaQueryResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 1289

def query_intel_rule_ids(type, opts = {})
  data, _status_code, _headers = query_intel_rule_ids_with_http_info(type, opts)
  data
end

#query_intel_rule_ids_with_http_info(type, opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

Search for rule IDs that match provided filter criteria.

Parameters:

• type (String) —

  The rule news report type. Accepted values: snort-suricata-master snort-suricata-update snort-suricata-changelog yara-master yara-update yara-changelog common-event-format netwitness cql-master cql-update cql-changelog

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return reports from. Defaults to 0.

• :limit (Integer) —

  The number of rule IDs to return. Defaults to 10.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :name (Array<String>) —

  Search by rule title.

• :description (Array<String>) —

  Substring match on description field.

• :tags (Array<String>) —

  Search for rule tags.

• :min_created_date (Integer) —

  Filter results to those created on or after a certain date.

• :max_created_date (String) —

  Filter results to those created on or before a certain date.

• :q (String) —

  Perform a generic substring search across all fields.

Returns:

• (Array<(MsaQueryResponse, Integer, Hash)>) —

  MsaQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 1307

def query_intel_rule_ids_with_http_info(type, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.query_intel_rule_ids ...'
  end
  # verify the required parameter 'type' is set
  if @api_client.config.client_side_validation && type.nil?
    fail ArgumentError, "Missing the required parameter 'type' when calling Intel.query_intel_rule_ids"
  end
  # resource path
  local_var_path = '/intel/queries/rules/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'type'] = type
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'name'] = @api_client.build_collection_param(opts[:'name'], :csv) if !opts[:'name'].nil?
  query_params[:'description'] = @api_client.build_collection_param(opts[:'description'], :csv) if !opts[:'description'].nil?
  query_params[:'tags'] = @api_client.build_collection_param(opts[:'tags'], :csv) if !opts[:'tags'].nil?
  query_params[:'min_created_date'] = opts[:'min_created_date'] if !opts[:'min_created_date'].nil?
  query_params[:'max_created_date'] = opts[:'max_created_date'] if !opts[:'max_created_date'].nil?
  query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.query_intel_rule_ids",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#query_intel_rule_ids\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_malware(opts = {}) ⇒ DomainQueryResponse

Get malware family names that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return malware IDs from. Defaults to 0.

• :limit (Integer) —

  Set the number of malware IDs to return. The value must be between 1 and 5000.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters.

• :q (String) —

  Perform a generic substring search across all fields.

Returns:

• (DomainQueryResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 1373

def query_malware(opts = {})
  data, _status_code, _headers = query_malware_with_http_info(opts)
  data
end

#query_malware_entities(opts = {}) ⇒ DomainMalwareResponse

Get malware entities that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return malware IDs from. Defaults to 0.

• :limit (Integer) —

  Set the number of malware IDs to return. The value must be between 1 and 5000.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters.

• :q (String) —

  Perform a generic substring search across all fields.

• :fields (Array<String>) —

  The fields to return

Returns:

• (DomainMalwareResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 1444

def query_malware_entities(opts = {})
  data, _status_code, _headers = query_malware_entities_with_http_info(opts)
  data
end

#query_malware_entities_with_http_info(opts = {}) ⇒ Array<(DomainMalwareResponse, Integer, Hash)>

Get malware entities that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return malware IDs from. Defaults to 0.

• :limit (Integer) —

  Set the number of malware IDs to return. The value must be between 1 and 5000.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters.

• :q (String) —

  Perform a generic substring search across all fields.

• :fields (Array<String>) —

  The fields to return

Returns:

• (Array<(DomainMalwareResponse, Integer, Hash)>) —

  DomainMalwareResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 1458

def query_malware_entities_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.query_malware_entities ...'
  end
  # resource path
  local_var_path = '/intel/combined/malware/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?
  query_params[:'fields'] = @api_client.build_collection_param(opts[:'fields'], :multi) if !opts[:'fields'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainMalwareResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.query_malware_entities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#query_malware_entities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_malware_with_http_info(opts = {}) ⇒ Array<(DomainQueryResponse, Integer, Hash)>

Get malware family names that match provided FQL filters.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  Set the starting row number to return malware IDs from. Defaults to 0.

• :limit (Integer) —

  Set the number of malware IDs to return. The value must be between 1 and 5000.

• :sort (String) —

  Order fields in ascending or descending order. Ex: created_date|asc.

• :filter (String) —

  Filter your query by specifying FQL filter parameters.

• :q (String) —

  Perform a generic substring search across all fields.

Returns:

• (Array<(DomainQueryResponse, Integer, Hash)>) —

  DomainQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 1386

def query_malware_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.query_malware ...'
  end
  # resource path
  local_var_path = '/intel/queries/malware/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.query_malware",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#query_malware\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_mitre_attacks(opts = {}) ⇒ DomainQueryMitreAttacksResponse

Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :id (String) —

  The actor ID(derived from the actor&#39;s name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed

• :ids (Array<String>) —

  The actor ID(derived from the actor&#39;s name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed

Returns:

• (DomainQueryMitreAttacksResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 1513

def query_mitre_attacks(opts = {})
  data, _status_code, _headers = query_mitre_attacks_with_http_info(opts)
  data
end

#query_mitre_attacks_for_malware(ids, opts = {}) ⇒ DomainQueryResponse

Gets MITRE tactics and techniques for the given malware

Parameters:

• ids (Array<String>) —

  Malware family name in lower case with spaces replaced with dashes

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainQueryResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 1573

def query_mitre_attacks_for_malware(ids, opts = {})
  data, _status_code, _headers = query_mitre_attacks_for_malware_with_http_info(ids, opts)
  data
end

#query_mitre_attacks_for_malware_with_http_info(ids, opts = {}) ⇒ Array<(DomainQueryResponse, Integer, Hash)>

Gets MITRE tactics and techniques for the given malware

Parameters:

• ids (Array<String>) —

  Malware family name in lower case with spaces replaced with dashes

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainQueryResponse, Integer, Hash)>) —

  DomainQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 1582

def query_mitre_attacks_for_malware_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.query_mitre_attacks_for_malware ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Intel.query_mitre_attacks_for_malware"
  end
  # resource path
  local_var_path = '/intel/queries/mitre-malware/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.query_mitre_attacks_for_malware",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#query_mitre_attacks_for_malware\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_mitre_attacks_with_http_info(opts = {}) ⇒ Array<(DomainQueryMitreAttacksResponse, Integer, Hash)>

Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :id (String) —

  The actor ID(derived from the actor&#39;s name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed

• :ids (Array<String>) —

  The actor ID(derived from the actor&#39;s name) for which to retrieve a list of attacks, for example: fancy-bear. Multiple values are allowed

Returns:

• (Array<(DomainQueryMitreAttacksResponse, Integer, Hash)>) —

  DomainQueryMitreAttacksResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 1523

def query_mitre_attacks_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.query_mitre_attacks ...'
  end
  # resource path
  local_var_path = '/intel/queries/mitre/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'id'] = opts[:'id'] if !opts[:'id'].nil?
  query_params[:'ids'] = @api_client.build_collection_param(opts[:'ids'], :multi) if !opts[:'ids'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainQueryMitreAttacksResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.query_mitre_attacks",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#query_mitre_attacks\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_vulnerabilities(opts = {}) ⇒ MsaQueryResponse

Get vulnerabilities IDs

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (String) —

  Starting index of result set from which to return IDs.

• :limit (Integer) —

  Number of IDs to return.

• :sort (String) —

  Order by fields.

• :filter (String) —

  FQL query specifying the filter parameters. Filter parameters include: _all, affected_products.product, affected_products.vendor, community_identifiers, cve, cvss_v3_base, cvss_v3_base.score, cvss_v3_base.severity, exploit_status, publish_date, related_actors, related_actors.animal_classifier, related_actors.name, related_reports.serial_id, related_reports.title, related_threats, related_threats.name, severity, updated_timestamp.

• :q (String) —

  Match phrase_prefix query criteria; included fields: _all (all filter string fields indexed).

Returns:

• (MsaQueryResponse)

# File 'lib/crimson-falcon/api/intel.rb', line 1639

def query_vulnerabilities(opts = {})
  data, _status_code, _headers = query_vulnerabilities_with_http_info(opts)
  data
end

#query_vulnerabilities_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

Get vulnerabilities IDs

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (String) —

  Starting index of result set from which to return IDs.

• :limit (Integer) —

  Number of IDs to return.

• :sort (String) —

  Order by fields.

• :filter (String) —

  FQL query specifying the filter parameters. Filter parameters include: _all, affected_products.product, affected_products.vendor, community_identifiers, cve, cvss_v3_base, cvss_v3_base.score, cvss_v3_base.severity, exploit_status, publish_date, related_actors, related_actors.animal_classifier, related_actors.name, related_reports.serial_id, related_reports.title, related_threats, related_threats.name, severity, updated_timestamp.

• :q (String) —

  Match phrase_prefix query criteria; included fields: _all (all filter string fields indexed).

Returns:

• (Array<(MsaQueryResponse, Integer, Hash)>) —

  MsaQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/intel.rb', line 1652

def query_vulnerabilities_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Intel.query_vulnerabilities ...'
  end
  # resource path
  local_var_path = '/intel/queries/vulnerabilities/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Intel.query_vulnerabilities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Intel#query_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end