Class: Falcon::DetectsAlert

Inherits:

Object

• Object
• Falcon::DetectsAlert

Defined in:

lib/crimson-falcon/models/detects_alert.rb

Instance Attribute Summary

• #agent_id ⇒ Object

  Device or sensor ID for which the Alert was generated.

• #aggregate_id ⇒ Object

  Common linkage between multiple Alerts that belong so the same detection bouquet.

• #assigned_to_name ⇒ Object

  Name of the person this Alert is assigned to.

• #assigned_to_uid ⇒ Object

  UserID to which this Alert is assigned to.

• #assigned_to_uuid ⇒ Object

  UUID to which this Alert is assigned to.

• #cid ⇒ Object

  Unique ID of CrowdStrike customers.

• #composite_id ⇒ Object

  An opaque internal identifier that can uniquely identify an Alert.

• #confidence ⇒ Object

  Confidence is a 1-100 integer value denoting the confidence that, when this Alert fires, it is indicative of malicious activity.

• #crawl_edge_ids ⇒ Object

  internal only.

• #crawl_vertex_ids ⇒ Object

  internal only.

• #crawled_timestamp ⇒ Object

  indicates when ThreatGraph was crawled to gather info for this alert creation/update.

• #created_timestamp ⇒ Object

  indicates when the Alert was first written to backend store.

• #data_domains ⇒ Object

  Data Domains represents domains to which this alert belongs to.

• #description ⇒ Object

  Short, customer-visible summary of the detected activity.

• #display_name ⇒ Object

  Customer visible name for the Alert’s pattern.

• #email_sent ⇒ Object

  Boolean to know if we sent email regarding this Alert.

• #es_doc_id ⇒ Object

  internal only.

• #es_doc_version ⇒ Object

  internal only.

• #es_routing_id ⇒ Object

  internal only.

• #external ⇒ Object

  Boolean indicating if this Alert is internal or external.

• #id ⇒ Object

  Vertex key which triggers the formation of the Alert.

• #name ⇒ Object

  Pattern Name coming either from Taxonomy or directly from the ingested Alert.

• #objective ⇒ Object

  End goal that an attack adversary intends to achieve according to MITRE.

• #pattern_id ⇒ Object

  Taxonomy patternID for this Alert.

• #platform ⇒ Object

  Platform that this Alert was triggered on e.g.

• #poly_id ⇒ Object

  Returns the value of attribute poly_id.

• #product ⇒ Object

  Product specifies the SKU that this Alert belongs to e.g.

• #scenario ⇒ Object

  Scenario was used pre-Handrails to display additional killchain context for UI alerts.

• #severity ⇒ Object

  Severity is also a 1-100 integer value, but unlike confidence severity impacts how a Alert is displayed in the UI.

• #show_in_ui ⇒ Object

  Boolean indicating if this Alert will be shown in the UI or if it’s hidden’.

• #source_products ⇒ Object

  Source Products are products that produced events which contributed to this alert.

• #source_vendors ⇒ Object

  Source Vendors are vendors that produced events which contributed to this alert.

• #status ⇒ Object

  Could be one of the following - New, closed, in_progress, reopened.

• #tactic ⇒ Object

  Tactic and Technique are references to MITRE ATT&CK, which is a public framework for tracking and modeling adversary tools techniques and procedures.

• #tactic_id ⇒ Object

  Unique ID for the tactic seen in the Alert.

• #tags ⇒ Object

  Tags are string values associated with the alert that can be added or removed through the API.

• #technique ⇒ Object

  Tactic and Technique are references to MITRE ATT&CK, which is a public framework for tracking and modeling adversary tools techniques and procedures.

• #technique_id ⇒ Object

  Unique ID for the technique seen in the Alert.

• #timestamp ⇒ Object

  stored value coming in directly from the ingested event or set by cloud in the absence of it.

• #type ⇒ Object

  Type of definition Detections Extensibility use.

• #updated_timestamp ⇒ Object

  indicates when the Alert was last modified.

Class Method Summary

• .acceptable_attributes ⇒ Object

  Returns all the JSON keys this model knows about.

• .attribute_map ⇒ Object

  Attribute mapping from ruby-style variable name to JSON key.

• .build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• .openapi_nullable ⇒ Object

  List of attributes with nullable: true.

• .openapi_types ⇒ Object

  Attribute type mapping.

Instance Method Summary

• #==(o) ⇒ Object

  Checks equality by comparing each attribute.

• #_deserialize(type, value) ⇒ Object

  Deserializes the data based on type.

• #_to_hash(value) ⇒ Hash

  Outputs non-array value in the form of hash For object, use to_hash.

• #build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• #eql?(o) ⇒ Boolean
• #hash ⇒ Integer

  Calculates hash code according to all attributes.

• #initialize(attributes = {}) ⇒ DetectsAlert constructor

  Initializes the object.

• #list_invalid_properties ⇒ Object

  Show invalid properties with the reasons.

• #to_body ⇒ Hash

  to_body is an alias to to_hash (backward compatibility).

• #to_hash ⇒ Hash

  Returns the object in the form of hash.

• #to_s ⇒ String

  Returns the string representation of the object.

• #valid? ⇒ Boolean

  Check to see if the all the properties in the model are valid.

Constructor Details

#initialize(attributes = {}) ⇒ DetectsAlert

Initializes the object

Parameters:

• attributes (Hash) (defaults to: {}) —

  Model attributes in the form of hash

# File 'lib/crimson-falcon/models/detects_alert.rb', line 264

def initialize(attributes = {})
  if (!attributes.is_a?(Hash))
    fail ArgumentError, "The input argument (attributes) must be a hash in `Falcon::DetectsAlert` initialize method"
  end

  # check to see if the attribute exists and convert string to symbol for hash key
  attributes = attributes.each_with_object({}) { |(k, v), h|
    if (!self.class.attribute_map.key?(k.to_sym))
      fail ArgumentError, "`#{k}` is not a valid attribute in `Falcon::DetectsAlert`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
    end
    h[k.to_sym] = v
  }

  if attributes.key?(:'agent_id')
    self.agent_id = attributes[:'agent_id']
  end

  if attributes.key?(:'aggregate_id')
    self.aggregate_id = attributes[:'aggregate_id']
  end

  if attributes.key?(:'assigned_to_name')
    self.assigned_to_name = attributes[:'assigned_to_name']
  end

  if attributes.key?(:'assigned_to_uid')
    self.assigned_to_uid = attributes[:'assigned_to_uid']
  end

  if attributes.key?(:'assigned_to_uuid')
    self.assigned_to_uuid = attributes[:'assigned_to_uuid']
  end

  if attributes.key?(:'cid')
    self.cid = attributes[:'cid']
  end

  if attributes.key?(:'composite_id')
    self.composite_id = attributes[:'composite_id']
  end

  if attributes.key?(:'confidence')
    self.confidence = attributes[:'confidence']
  end

  if attributes.key?(:'crawl_edge_ids')
    if (value = attributes[:'crawl_edge_ids']).is_a?(Hash)
      self.crawl_edge_ids = value
    end
  end

  if attributes.key?(:'crawl_vertex_ids')
    if (value = attributes[:'crawl_vertex_ids']).is_a?(Hash)
      self.crawl_vertex_ids = value
    end
  end

  if attributes.key?(:'crawled_timestamp')
    self.crawled_timestamp = attributes[:'crawled_timestamp']
  end

  if attributes.key?(:'created_timestamp')
    self.created_timestamp = attributes[:'created_timestamp']
  end

  if attributes.key?(:'data_domains')
    if (value = attributes[:'data_domains']).is_a?(Array)
      self.data_domains = value
    end
  end

  if attributes.key?(:'description')
    self.description = attributes[:'description']
  end

  if attributes.key?(:'display_name')
    self.display_name = attributes[:'display_name']
  end

  if attributes.key?(:'email_sent')
    self.email_sent = attributes[:'email_sent']
  end

  if attributes.key?(:'es_doc_id')
    self.es_doc_id = attributes[:'es_doc_id']
  end

  if attributes.key?(:'es_doc_version')
    self.es_doc_version = attributes[:'es_doc_version']
  end

  if attributes.key?(:'es_routing_id')
    self.es_routing_id = attributes[:'es_routing_id']
  end

  if attributes.key?(:'external')
    self.external = attributes[:'external']
  end

  if attributes.key?(:'id')
    self.id = attributes[:'id']
  end

  if attributes.key?(:'name')
    self.name = attributes[:'name']
  end

  if attributes.key?(:'objective')
    self.objective = attributes[:'objective']
  end

  if attributes.key?(:'pattern_id')
    self.pattern_id = attributes[:'pattern_id']
  end

  if attributes.key?(:'platform')
    self.platform = attributes[:'platform']
  end

  if attributes.key?(:'poly_id')
    self.poly_id = attributes[:'poly_id']
  end

  if attributes.key?(:'product')
    self.product = attributes[:'product']
  end

  if attributes.key?(:'scenario')
    self.scenario = attributes[:'scenario']
  end

  if attributes.key?(:'severity')
    self.severity = attributes[:'severity']
  end

  if attributes.key?(:'show_in_ui')
    self.show_in_ui = attributes[:'show_in_ui']
  end

  if attributes.key?(:'source_products')
    if (value = attributes[:'source_products']).is_a?(Array)
      self.source_products = value
    end
  end

  if attributes.key?(:'source_vendors')
    if (value = attributes[:'source_vendors']).is_a?(Array)
      self.source_vendors = value
    end
  end

  if attributes.key?(:'status')
    self.status = attributes[:'status']
  end

  if attributes.key?(:'tactic')
    self.tactic = attributes[:'tactic']
  end

  if attributes.key?(:'tactic_id')
    self.tactic_id = attributes[:'tactic_id']
  end

  if attributes.key?(:'tags')
    if (value = attributes[:'tags']).is_a?(Array)
      self.tags = value
    end
  end

  if attributes.key?(:'technique')
    self.technique = attributes[:'technique']
  end

  if attributes.key?(:'technique_id')
    self.technique_id = attributes[:'technique_id']
  end

  if attributes.key?(:'timestamp')
    self.timestamp = attributes[:'timestamp']
  end

  if attributes.key?(:'type')
    self.type = attributes[:'type']
  end

  if attributes.key?(:'updated_timestamp')
    self.updated_timestamp = attributes[:'updated_timestamp']
  end
end

Instance Attribute Details

#agent_id ⇒ Object

Device or sensor ID for which the Alert was generated

# File 'lib/crimson-falcon/models/detects_alert.rb', line 36

def agent_id
  @agent_id
end

#aggregate_id ⇒ Object

Common linkage between multiple Alerts that belong so the same detection bouquet

# File 'lib/crimson-falcon/models/detects_alert.rb', line 39

def aggregate_id
  @aggregate_id
end

#assigned_to_name ⇒ Object

Name of the person this Alert is assigned to

# File 'lib/crimson-falcon/models/detects_alert.rb', line 42

def assigned_to_name
  @assigned_to_name
end

#assigned_to_uid ⇒ Object

UserID to which this Alert is assigned to

# File 'lib/crimson-falcon/models/detects_alert.rb', line 45

def assigned_to_uid
  @assigned_to_uid
end

#assigned_to_uuid ⇒ Object

UUID to which this Alert is assigned to

# File 'lib/crimson-falcon/models/detects_alert.rb', line 48

def assigned_to_uuid
  @assigned_to_uuid
end

#cid ⇒ Object

Unique ID of CrowdStrike customers

# File 'lib/crimson-falcon/models/detects_alert.rb', line 51

def cid
  @cid
end

#composite_id ⇒ Object

An opaque internal identifier that can uniquely identify an Alert

# File 'lib/crimson-falcon/models/detects_alert.rb', line 54

def composite_id
  @composite_id
end

#confidence ⇒ Object

Confidence is a 1-100 integer value denoting the confidence that, when this Alert fires, it is indicative of malicious activity

# File 'lib/crimson-falcon/models/detects_alert.rb', line 57

def confidence
  @confidence
end

#crawl_edge_ids ⇒ Object

internal only

# File 'lib/crimson-falcon/models/detects_alert.rb', line 60

def crawl_edge_ids
  @crawl_edge_ids
end

#crawl_vertex_ids ⇒ Object

internal only

# File 'lib/crimson-falcon/models/detects_alert.rb', line 63

def crawl_vertex_ids
  @crawl_vertex_ids
end

#crawled_timestamp ⇒ Object

indicates when ThreatGraph was crawled to gather info for this alert creation/update

# File 'lib/crimson-falcon/models/detects_alert.rb', line 66

def crawled_timestamp
  @crawled_timestamp
end

#created_timestamp ⇒ Object

indicates when the Alert was first written to backend store

# File 'lib/crimson-falcon/models/detects_alert.rb', line 69

def created_timestamp
  @created_timestamp
end

#data_domains ⇒ Object

Data Domains represents domains to which this alert belongs to

# File 'lib/crimson-falcon/models/detects_alert.rb', line 72

def data_domains
  @data_domains
end

#description ⇒ Object

Short, customer-visible summary of the detected activity

# File 'lib/crimson-falcon/models/detects_alert.rb', line 75

def description
  @description
end

#display_name ⇒ Object

Customer visible name for the Alert’s pattern

# File 'lib/crimson-falcon/models/detects_alert.rb', line 78

def display_name
  @display_name
end

#email_sent ⇒ Object

Boolean to know if we sent email regarding this Alert

# File 'lib/crimson-falcon/models/detects_alert.rb', line 81

def email_sent
  @email_sent
end

#es_doc_id ⇒ Object

internal only

# File 'lib/crimson-falcon/models/detects_alert.rb', line 84

def es_doc_id
  @es_doc_id
end

#es_doc_version ⇒ Object

internal only

# File 'lib/crimson-falcon/models/detects_alert.rb', line 87

def es_doc_version
  @es_doc_version
end

#es_routing_id ⇒ Object

internal only

# File 'lib/crimson-falcon/models/detects_alert.rb', line 90

def es_routing_id
  @es_routing_id
end

#external ⇒ Object

Boolean indicating if this Alert is internal or external

# File 'lib/crimson-falcon/models/detects_alert.rb', line 93

def external
  @external
end

#id ⇒ Object

Vertex key which triggers the formation of the Alert

# File 'lib/crimson-falcon/models/detects_alert.rb', line 96

def id
  @id
end

#name ⇒ Object

Pattern Name coming either from Taxonomy or directly from the ingested Alert

# File 'lib/crimson-falcon/models/detects_alert.rb', line 99

def name
  @name
end

#objective ⇒ Object

End goal that an attack adversary intends to achieve according to MITRE

# File 'lib/crimson-falcon/models/detects_alert.rb', line 102

def objective
  @objective
end

#pattern_id ⇒ Object

Taxonomy patternID for this Alert

# File 'lib/crimson-falcon/models/detects_alert.rb', line 105

def pattern_id
  @pattern_id
end

#platform ⇒ Object

Platform that this Alert was triggered on e.g. Android, Windows, etc..

# File 'lib/crimson-falcon/models/detects_alert.rb', line 108

def platform
  @platform
end

#poly_id ⇒ Object

Returns the value of attribute poly_id.

# File 'lib/crimson-falcon/models/detects_alert.rb', line 110

def poly_id
  @poly_id
end

#product ⇒ Object

Product specifies the SKU that this Alert belongs to e.g. mobile, idp, epp

# File 'lib/crimson-falcon/models/detects_alert.rb', line 113

def product
  @product
end

#scenario ⇒ Object

Scenario was used pre-Handrails to display additional killchain context for UI alerts. With handrails, this field is mostly obsolete in favor of tactic/technique. Still, it can be useful for determining specific pattern types that are not straightforward to distinguish from other fields alone

# File 'lib/crimson-falcon/models/detects_alert.rb', line 116

def scenario
  @scenario
end

#severity ⇒ Object

Severity is also a 1-100 integer value, but unlike confidence severity impacts how a Alert is displayed in the UI

# File 'lib/crimson-falcon/models/detects_alert.rb', line 119

def severity
  @severity
end

#show_in_ui ⇒ Object

Boolean indicating if this Alert will be shown in the UI or if it’s hidden’

# File 'lib/crimson-falcon/models/detects_alert.rb', line 122

def show_in_ui
  @show_in_ui
end

#source_products ⇒ Object

Source Products are products that produced events which contributed to this alert

# File 'lib/crimson-falcon/models/detects_alert.rb', line 125

def source_products
  @source_products
end

#source_vendors ⇒ Object

Source Vendors are vendors that produced events which contributed to this alert

# File 'lib/crimson-falcon/models/detects_alert.rb', line 128

def source_vendors
  @source_vendors
end

#status ⇒ Object

Could be one of the following - New, closed, in_progress, reopened

# File 'lib/crimson-falcon/models/detects_alert.rb', line 131

def status
  @status
end

#tactic ⇒ Object

Tactic and Technique are references to MITRE ATT&CK, which is a public framework for tracking and modeling adversary tools techniques and procedures

# File 'lib/crimson-falcon/models/detects_alert.rb', line 134

def tactic
  @tactic
end

#tactic_id ⇒ Object

Unique ID for the tactic seen in the Alert

# File 'lib/crimson-falcon/models/detects_alert.rb', line 137

def tactic_id
  @tactic_id
end

#tags ⇒ Object

Tags are string values associated with the alert that can be added or removed through the API

# File 'lib/crimson-falcon/models/detects_alert.rb', line 140

def tags
  @tags
end

#technique ⇒ Object

Tactic and Technique are references to MITRE ATT&CK, which is a public framework for tracking and modeling adversary tools techniques and procedures

# File 'lib/crimson-falcon/models/detects_alert.rb', line 143

def technique
  @technique
end

#technique_id ⇒ Object

Unique ID for the technique seen in the Alert

# File 'lib/crimson-falcon/models/detects_alert.rb', line 146

def technique_id
  @technique_id
end

#timestamp ⇒ Object

stored value coming in directly from the ingested event or set by cloud in the absence of it

# File 'lib/crimson-falcon/models/detects_alert.rb', line 149

def timestamp
  @timestamp
end

#type ⇒ Object

Type of definition Detections Extensibility use. Keyed-off of Pattern of the incoming events/Alerts

# File 'lib/crimson-falcon/models/detects_alert.rb', line 152

def type
  @type
end

#updated_timestamp ⇒ Object

indicates when the Alert was last modified

# File 'lib/crimson-falcon/models/detects_alert.rb', line 155

def updated_timestamp
  @updated_timestamp
end

Class Method Details

.acceptable_attributes ⇒ Object

Returns all the JSON keys this model knows about

# File 'lib/crimson-falcon/models/detects_alert.rb', line 205

def self.acceptable_attributes
  attribute_map.values
end

.attribute_map ⇒ Object

Attribute mapping from ruby-style variable name to JSON key.

# File 'lib/crimson-falcon/models/detects_alert.rb', line 158

def self.attribute_map
  {
    :'agent_id' => :'agent_id',
    :'aggregate_id' => :'aggregate_id',
    :'assigned_to_name' => :'assigned_to_name',
    :'assigned_to_uid' => :'assigned_to_uid',
    :'assigned_to_uuid' => :'assigned_to_uuid',
    :'cid' => :'cid',
    :'composite_id' => :'composite_id',
    :'confidence' => :'confidence',
    :'crawl_edge_ids' => :'crawl_edge_ids',
    :'crawl_vertex_ids' => :'crawl_vertex_ids',
    :'crawled_timestamp' => :'crawled_timestamp',
    :'created_timestamp' => :'created_timestamp',
    :'data_domains' => :'data_domains',
    :'description' => :'description',
    :'display_name' => :'display_name',
    :'email_sent' => :'email_sent',
    :'es_doc_id' => :'es_doc_id',
    :'es_doc_version' => :'es_doc_version',
    :'es_routing_id' => :'es_routing_id',
    :'external' => :'external',
    :'id' => :'id',
    :'name' => :'name',
    :'objective' => :'objective',
    :'pattern_id' => :'pattern_id',
    :'platform' => :'platform',
    :'poly_id' => :'poly_id',
    :'product' => :'product',
    :'scenario' => :'scenario',
    :'severity' => :'severity',
    :'show_in_ui' => :'show_in_ui',
    :'source_products' => :'source_products',
    :'source_vendors' => :'source_vendors',
    :'status' => :'status',
    :'tactic' => :'tactic',
    :'tactic_id' => :'tactic_id',
    :'tags' => :'tags',
    :'technique' => :'technique',
    :'technique_id' => :'technique_id',
    :'timestamp' => :'timestamp',
    :'type' => :'type',
    :'updated_timestamp' => :'updated_timestamp'
  }
end

.build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/crimson-falcon/models/detects_alert.rb', line 535

def self.build_from_hash(attributes)
  new.build_from_hash(attributes)
end

.openapi_nullable ⇒ Object

List of attributes with nullable: true

# File 'lib/crimson-falcon/models/detects_alert.rb', line 257

def self.openapi_nullable
  Set.new([
  ])
end

.openapi_types ⇒ Object

Attribute type mapping.

# File 'lib/crimson-falcon/models/detects_alert.rb', line 210

def self.openapi_types
  {
    :'agent_id' => :'String',
    :'aggregate_id' => :'String',
    :'assigned_to_name' => :'String',
    :'assigned_to_uid' => :'String',
    :'assigned_to_uuid' => :'String',
    :'cid' => :'String',
    :'composite_id' => :'String',
    :'confidence' => :'Integer',
    :'crawl_edge_ids' => :'Hash<String, Array<String>>',
    :'crawl_vertex_ids' => :'Hash<String, Array<String>>',
    :'crawled_timestamp' => :'Time',
    :'created_timestamp' => :'Time',
    :'data_domains' => :'Array<String>',
    :'description' => :'String',
    :'display_name' => :'String',
    :'email_sent' => :'Boolean',
    :'es_doc_id' => :'String',
    :'es_doc_version' => :'Integer',
    :'es_routing_id' => :'String',
    :'external' => :'Boolean',
    :'id' => :'String',
    :'name' => :'String',
    :'objective' => :'String',
    :'pattern_id' => :'Integer',
    :'platform' => :'String',
    :'poly_id' => :'String',
    :'product' => :'String',
    :'scenario' => :'String',
    :'severity' => :'Integer',
    :'show_in_ui' => :'Boolean',
    :'source_products' => :'Array<String>',
    :'source_vendors' => :'Array<String>',
    :'status' => :'String',
    :'tactic' => :'String',
    :'tactic_id' => :'String',
    :'tags' => :'Array<String>',
    :'technique' => :'String',
    :'technique_id' => :'String',
    :'timestamp' => :'Time',
    :'type' => :'String',
    :'updated_timestamp' => :'Time'
  }
end

Instance Method Details

#==(o) ⇒ Object

Checks equality by comparing each attribute.

Parameters:

• Object (Object) —

  to be compared

# File 'lib/crimson-falcon/models/detects_alert.rb', line 474

def ==(o)
  return true if self.equal?(o)
  self.class == o.class &&
      agent_id == o.agent_id &&
      aggregate_id == o.aggregate_id &&
      assigned_to_name == o.assigned_to_name &&
      assigned_to_uid == o.assigned_to_uid &&
      assigned_to_uuid == o.assigned_to_uuid &&
      cid == o.cid &&
      composite_id == o.composite_id &&
      confidence == o.confidence &&
      crawl_edge_ids == o.crawl_edge_ids &&
      crawl_vertex_ids == o.crawl_vertex_ids &&
      crawled_timestamp == o.crawled_timestamp &&
      created_timestamp == o.created_timestamp &&
      data_domains == o.data_domains &&
      description == o.description &&
      display_name == o.display_name &&
      email_sent == o.email_sent &&
      es_doc_id == o.es_doc_id &&
      es_doc_version == o.es_doc_version &&
      es_routing_id == o.es_routing_id &&
      external == o.external &&
      id == o.id &&
      name == o.name &&
      objective == o.objective &&
      pattern_id == o.pattern_id &&
      platform == o.platform &&
      poly_id == o.poly_id &&
      product == o.product &&
      scenario == o.scenario &&
      severity == o.severity &&
      show_in_ui == o.show_in_ui &&
      source_products == o.source_products &&
      source_vendors == o.source_vendors &&
      status == o.status &&
      tactic == o.tactic &&
      tactic_id == o.tactic_id &&
      tags == o.tags &&
      technique == o.technique &&
      technique_id == o.technique_id &&
      timestamp == o.timestamp &&
      type == o.type &&
      updated_timestamp == o.updated_timestamp
end

#_deserialize(type, value) ⇒ Object

Deserializes the data based on type

Parameters:

• string —

  type Data type

• string —

  value Value to be deserialized

Returns:

• (Object) —

  Deserialized data

# File 'lib/crimson-falcon/models/detects_alert.rb', line 566

def _deserialize(type, value)
  case type.to_sym
  when :Time
    Time.parse(value)
  when :Date
    Date.parse(value)
  when :String
    value.to_s
  when :Integer
    value.to_i
  when :Float
    value.to_f
  when :Boolean
    if value.to_s =~ /\A(true|t|yes|y|1)\z/i
      true
    else
      false
    end
  when :Object
    # generic object (usually a Hash), return directly
    value
  when /\AArray<(?<inner_type>.+)>\z/
    inner_type = Regexp.last_match[:inner_type]
    value.map { |v| _deserialize(inner_type, v) }
  when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
    k_type = Regexp.last_match[:k_type]
    v_type = Regexp.last_match[:v_type]
    {}.tap do |hash|
      value.each do |k, v|
        hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
      end
    end
  else # model
    # models (e.g. Pet) or oneOf
    klass = Falcon.const_get(type)
    klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
  end
end

#_to_hash(value) ⇒ Hash

Outputs non-array value in the form of hash For object, use to_hash. Otherwise, just return the value

Parameters:

• value (Object) —

  Any valid value

Returns:

• (Hash) —

  Returns the value in the form of hash

# File 'lib/crimson-falcon/models/detects_alert.rb', line 637

def _to_hash(value)
  if value.is_a?(Array)
    value.compact.map { |v| _to_hash(v) }
  elsif value.is_a?(Hash)
    {}.tap do |hash|
      value.each { |k, v| hash[k] = _to_hash(v) }
    end
  elsif value.respond_to? :to_hash
    value.to_hash
  else
    value
  end
end

#build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/crimson-falcon/models/detects_alert.rb', line 542

def build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)
  attributes = attributes.transform_keys(&:to_sym)
  self.class.openapi_types.each_pair do |key, type|
    if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key)
      self.send("#{key}=", nil)
    elsif type =~ /\AArray<(.*)>/i
      # check to ensure the input is an array given that the attribute
      # is documented as an array but the input is not
      if attributes[self.class.attribute_map[key]].is_a?(Array)
        self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
      end
    elsif !attributes[self.class.attribute_map[key]].nil?
      self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
    end
  end

  self
end

#eql?(o) ⇒ Boolean

Parameters:

• Object (Object) —

  to be compared

Returns:

• (Boolean)

See Also:

• `==` method

# File 'lib/crimson-falcon/models/detects_alert.rb', line 522

def eql?(o)
  self == o
end

#hash ⇒ Integer

Calculates hash code according to all attributes.

Returns:

• (Integer) —

  Hash code

# File 'lib/crimson-falcon/models/detects_alert.rb', line 528

def hash
  [agent_id, aggregate_id, assigned_to_name, assigned_to_uid, assigned_to_uuid, cid, composite_id, confidence, crawl_edge_ids, crawl_vertex_ids, crawled_timestamp, created_timestamp, data_domains, description, display_name, email_sent, es_doc_id, es_doc_version, es_routing_id, external, id, name, objective, pattern_id, platform, poly_id, product, scenario, severity, show_in_ui, source_products, source_vendors, status, tactic, tactic_id, tags, technique, technique_id, timestamp, type, updated_timestamp].hash
end

#list_invalid_properties ⇒ Object

Show invalid properties with the reasons. Usually used together with valid?

Returns:

• Array for valid properties with the reasons

# File 'lib/crimson-falcon/models/detects_alert.rb', line 456

def list_invalid_properties
  invalid_properties = Array.new
  if @type.nil?
    invalid_properties.push('invalid value for "type", type cannot be nil.')
  end

  invalid_properties
end

#to_body ⇒ Hash

to_body is an alias to to_hash (backward compatibility)

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/crimson-falcon/models/detects_alert.rb', line 613

def to_body
  to_hash
end

#to_hash ⇒ Hash

Returns the object in the form of hash

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/crimson-falcon/models/detects_alert.rb', line 619

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = self.send(attr)
    if value.nil?
      is_nullable = self.class.openapi_nullable.include?(attr)
      next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
    end

    hash[param] = _to_hash(value)
  end
  hash
end

#to_s ⇒ String

Returns the string representation of the object

Returns:

• (String) —

  String presentation of the object

# File 'lib/crimson-falcon/models/detects_alert.rb', line 607

def to_s
  to_hash.to_s
end

#valid? ⇒ Boolean

Check to see if the all the properties in the model are valid

Returns:

• (Boolean) —

  true if the model is valid

# File 'lib/crimson-falcon/models/detects_alert.rb', line 467

def valid?
  return false if @type.nil?
  true
end