Class: Falcon::DiscoverApi

Inherits:

Object

• Object
• Falcon::DiscoverApi

Defined in:

lib/crimson-falcon/api/discover_api.rb

Instance Attribute Summary

• #api_client ⇒ Object

  Returns the value of attribute api_client.

Instance Method Summary

• #get_accounts(ids, opts = {}) ⇒ DomainDiscoverAPIAccountEntitiesResponse

  Get details on accounts by providing one or more IDs.

• #get_accounts_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPIAccountEntitiesResponse, Integer, Hash)>

  Get details on accounts by providing one or more IDs.

• #get_applications(ids, opts = {}) ⇒ DomainDiscoverAPIApplicationEntitiesResponse

  Get details on applications by providing one or more IDs.

• #get_applications_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPIApplicationEntitiesResponse, Integer, Hash)>

  Get details on applications by providing one or more IDs.

• #get_hosts(ids, opts = {}) ⇒ DomainDiscoverAPIHostEntitiesResponse

  Get details on assets by providing one or more IDs.

• #get_hosts_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPIHostEntitiesResponse, Integer, Hash)>

  Get details on assets by providing one or more IDs.

• #get_logins(ids, opts = {}) ⇒ DomainDiscoverAPILoginEntitiesResponse

  Get details on logins by providing one or more IDs.

• #get_logins_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPILoginEntitiesResponse, Integer, Hash)>

  Get details on logins by providing one or more IDs.

• #initialize(api_client = ApiClient.default) ⇒ DiscoverApi constructor

  A new instance of DiscoverApi.

• #query_accounts(opts = {}) ⇒ MsaQueryResponse

  Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details.

• #query_accounts_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

  Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details.

• #query_applications(opts = {}) ⇒ MsaspecQueryResponse

  Search for applications in your environment by providing an FQL filter and paging details.

• #query_applications_with_http_info(opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

  Search for applications in your environment by providing an FQL filter and paging details.

• #query_hosts(opts = {}) ⇒ MsaspecQueryResponse

  Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details.

• #query_hosts_with_http_info(opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

  Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details.

• #query_logins(opts = {}) ⇒ MsaQueryResponse

  Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details.

• #query_logins_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

  Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details.

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ DiscoverApi

Returns a new instance of DiscoverApi.

# File 'lib/crimson-falcon/api/discover_api.rb', line 36

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_client ⇒ Object

Returns the value of attribute api_client.

# File 'lib/crimson-falcon/api/discover_api.rb', line 34

def api_client
  @api_client
end

Instance Method Details

#get_accounts(ids, opts = {}) ⇒ DomainDiscoverAPIAccountEntitiesResponse

Get details on accounts by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  One or more account IDs (max: 100). Find account IDs with GET &#x60;/discover/queries/accounts/v1&#x60;

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainDiscoverAPIAccountEntitiesResponse)

# File 'lib/crimson-falcon/api/discover_api.rb', line 43

def get_accounts(ids, opts = {})
  data, _status_code, _headers = get_accounts_with_http_info(ids, opts)
  data
end

#get_accounts_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPIAccountEntitiesResponse, Integer, Hash)>

Get details on accounts by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  One or more account IDs (max: 100). Find account IDs with GET &#x60;/discover/queries/accounts/v1&#x60;

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainDiscoverAPIAccountEntitiesResponse, Integer, Hash)>) —

  DomainDiscoverAPIAccountEntitiesResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover_api.rb', line 52

def get_accounts_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: DiscoverApi.get_accounts ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling DiscoverApi.get_accounts"
  end
  # resource path
  local_var_path = '/discover/entities/accounts/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainDiscoverAPIAccountEntitiesResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"DiscoverApi.get_accounts",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: DiscoverApi#get_accounts\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_applications(ids, opts = {}) ⇒ DomainDiscoverAPIApplicationEntitiesResponse

Get details on applications by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  The IDs of applications to retrieve. (Min: 1, Max: 100)

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainDiscoverAPIApplicationEntitiesResponse)

# File 'lib/crimson-falcon/api/discover_api.rb', line 105

def get_applications(ids, opts = {})
  data, _status_code, _headers = get_applications_with_http_info(ids, opts)
  data
end

#get_applications_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPIApplicationEntitiesResponse, Integer, Hash)>

Get details on applications by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  The IDs of applications to retrieve. (Min: 1, Max: 100)

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainDiscoverAPIApplicationEntitiesResponse, Integer, Hash)>) —

  DomainDiscoverAPIApplicationEntitiesResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover_api.rb', line 114

def get_applications_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: DiscoverApi.get_applications ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling DiscoverApi.get_applications"
  end
  # resource path
  local_var_path = '/discover/entities/applications/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainDiscoverAPIApplicationEntitiesResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"DiscoverApi.get_applications",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: DiscoverApi#get_applications\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_hosts(ids, opts = {}) ⇒ DomainDiscoverAPIHostEntitiesResponse

Get details on assets by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  One or more asset IDs (max: 100). Find asset IDs with GET &#x60;/discover/queries/hosts/v1&#x60;

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainDiscoverAPIHostEntitiesResponse)

# File 'lib/crimson-falcon/api/discover_api.rb', line 167

def get_hosts(ids, opts = {})
  data, _status_code, _headers = get_hosts_with_http_info(ids, opts)
  data
end

#get_hosts_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPIHostEntitiesResponse, Integer, Hash)>

Get details on assets by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  One or more asset IDs (max: 100). Find asset IDs with GET &#x60;/discover/queries/hosts/v1&#x60;

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainDiscoverAPIHostEntitiesResponse, Integer, Hash)>) —

  DomainDiscoverAPIHostEntitiesResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover_api.rb', line 176

def get_hosts_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: DiscoverApi.get_hosts ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling DiscoverApi.get_hosts"
  end
  # resource path
  local_var_path = '/discover/entities/hosts/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainDiscoverAPIHostEntitiesResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"DiscoverApi.get_hosts",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: DiscoverApi#get_hosts\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_logins(ids, opts = {}) ⇒ DomainDiscoverAPILoginEntitiesResponse

Get details on logins by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  One or more login IDs (max: 100). Find login IDs with GET &#x60;/discover/queries/logins/v1&#x60;

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainDiscoverAPILoginEntitiesResponse)

# File 'lib/crimson-falcon/api/discover_api.rb', line 229

def get_logins(ids, opts = {})
  data, _status_code, _headers = get_logins_with_http_info(ids, opts)
  data
end

#get_logins_with_http_info(ids, opts = {}) ⇒ Array<(DomainDiscoverAPILoginEntitiesResponse, Integer, Hash)>

Get details on logins by providing one or more IDs.

Parameters:

• ids (Array<String>) —

  One or more login IDs (max: 100). Find login IDs with GET &#x60;/discover/queries/logins/v1&#x60;

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainDiscoverAPILoginEntitiesResponse, Integer, Hash)>) —

  DomainDiscoverAPILoginEntitiesResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover_api.rb', line 238

def get_logins_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: DiscoverApi.get_logins ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling DiscoverApi.get_logins"
  end
  # resource path
  local_var_path = '/discover/entities/logins/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainDiscoverAPILoginEntitiesResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"DiscoverApi.get_logins",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: DiscoverApi#get_logins\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_accounts(opts = {}) ⇒ MsaQueryResponse

Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of account IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort accounts by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;username|asc&lt;/li&gt;&lt;li&gt;last_failed_login_timestamp|desc&lt;/li&gt;&lt;/ul&gt;

• :filter (String) —

  Filter accounts using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;account_type:&#39;Local&#39;&lt;/li&gt;&lt;li&gt;admin_privileges:&#39;Yes&#39;&lt;/li&gt;&lt;li&gt;first_seen_timestamp:&lt;&#39;now-7d&#39;&lt;/li&gt;&lt;li&gt;last_successful_login_type:&#39;Terminal server&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, cid, user_sid, account_name, username, account_type, admin_privileges, first_seen_timestamp, last_successful_login_type, last_successful_login_timestamp, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_timestamp, last_failed_login_hostname, password_last_set_timestamp, local_admin_privileges Available filter fields that supports wildcard (*): id, cid, user_sid, account_name, username, account_type, admin_privileges, last_successful_login_type, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_hostname, local_admin_privileges Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, last_successful_login_timestamp,last_failed_login_timestamp, password_last_set_timestamp All filter fields and operations supports negation (!).

Returns:

• (MsaQueryResponse)

# File 'lib/crimson-falcon/api/discover_api.rb', line 294

def query_accounts(opts = {})
  data, _status_code, _headers = query_accounts_with_http_info(opts)
  data
end

#query_accounts_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of account IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort accounts by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;username|asc&lt;/li&gt;&lt;li&gt;last_failed_login_timestamp|desc&lt;/li&gt;&lt;/ul&gt;

• :filter (String) —

  Filter accounts using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;account_type:&#39;Local&#39;&lt;/li&gt;&lt;li&gt;admin_privileges:&#39;Yes&#39;&lt;/li&gt;&lt;li&gt;first_seen_timestamp:&lt;&#39;now-7d&#39;&lt;/li&gt;&lt;li&gt;last_successful_login_type:&#39;Terminal server&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, cid, user_sid, account_name, username, account_type, admin_privileges, first_seen_timestamp, last_successful_login_type, last_successful_login_timestamp, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_timestamp, last_failed_login_hostname, password_last_set_timestamp, local_admin_privileges Available filter fields that supports wildcard (*): id, cid, user_sid, account_name, username, account_type, admin_privileges, last_successful_login_type, last_successful_login_hostname, last_successful_login_remote_ip, last_successful_login_host_country, last_successful_login_host_city, login_domain, last_failed_login_type, last_failed_login_hostname, local_admin_privileges Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, last_successful_login_timestamp,last_failed_login_timestamp, password_last_set_timestamp All filter fields and operations supports negation (!).

Returns:

• (Array<(MsaQueryResponse, Integer, Hash)>) —

  MsaQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover_api.rb', line 306

def query_accounts_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: DiscoverApi.query_accounts ...'
  end
  if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
    fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling DiscoverApi.query_accounts, must be greater than or equal to 0.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_accounts, must be smaller than or equal to 100.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_accounts, must be greater than or equal to 1.'
  end

  # resource path
  local_var_path = '/discover/queries/accounts/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"DiscoverApi.query_accounts",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: DiscoverApi#query_accounts\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_applications(opts = {}) ⇒ MsaspecQueryResponse

Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of application ids to return in this response (Min: 1, Max: 100, Default: 100).

• :sort (String) —

  Sort applications by their properties. A single sort field is allowed.

• :filter (String) —

  Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!).

Returns:

• (MsaspecQueryResponse)

# File 'lib/crimson-falcon/api/discover_api.rb', line 373

def query_applications(opts = {})
  data, _status_code, _headers = query_applications_with_http_info(opts)
  data
end

#query_applications_with_http_info(opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of application ids to return in this response (Min: 1, Max: 100, Default: 100).

• :sort (String) —

  Sort applications by their properties. A single sort field is allowed.

• :filter (String) —

  Search for applications in your environment by providing an FQL filter. Available filter fields that support exact match: name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports wildcard (*): name, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aid Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestamp All filter fields and operations supports negation (!).

Returns:

• (Array<(MsaspecQueryResponse, Integer, Hash)>) —

  MsaspecQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover_api.rb', line 385

def query_applications_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: DiscoverApi.query_applications ...'
  end
  if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
    fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling DiscoverApi.query_applications, must be greater than or equal to 0.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_applications, must be smaller than or equal to 100.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_applications, must be greater than or equal to 1.'
  end

  # resource path
  local_var_path = '/discover/queries/applications/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"DiscoverApi.query_applications",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: DiscoverApi#query_applications\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_hosts(opts = {}) ⇒ MsaspecQueryResponse

Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort assets by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;hostname|asc&lt;/li&gt;&lt;li&gt;product_type_desc|desc&lt;/li&gt;&lt;/ul&gt;

• :filter (String) —

  Filter assets using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;entity_type:&#39;managed&#39;&lt;/li&gt;&lt;li&gt;product_type_desc:&#39;Workstation&#39;&lt;/li&gt;&lt;li&gt;platform_name:&#39;Windows&#39;&lt;/li&gt;&lt;li&gt;last_seen_timestamp:&gt;&#39;now-7d&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp All filter fields and operations supports negation (!).

Returns:

• (MsaspecQueryResponse)

# File 'lib/crimson-falcon/api/discover_api.rb', line 452

def query_hosts(opts = {})
  data, _status_code, _headers = query_hosts_with_http_info(opts)
  data
end

#query_hosts_with_http_info(opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort assets by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;hostname|asc&lt;/li&gt;&lt;li&gt;product_type_desc|desc&lt;/li&gt;&lt;/ul&gt;

• :filter (String) —

  Filter assets using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;entity_type:&#39;managed&#39;&lt;/li&gt;&lt;li&gt;product_type_desc:&#39;Workstation&#39;&lt;/li&gt;&lt;li&gt;platform_name:&#39;Windows&#39;&lt;/li&gt;&lt;li&gt;last_seen_timestamp:&gt;&#39;now-7d&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports wildcard (*): id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, mac_addresses, local_ip_addresses, reduced_functionality_mode, disk_sizes.disk_name, cpu_processor_name, encryption_status, encrypted_drives, unencrypted_drives, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.device_guard_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, mount_storage_info.mount_path, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, account_enabled, email, os_service_pack, location, state, cpu_manufacturer, discovering_by Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp All filter fields and operations supports negation (!).

Returns:

• (Array<(MsaspecQueryResponse, Integer, Hash)>) —

  MsaspecQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover_api.rb', line 464

def query_hosts_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: DiscoverApi.query_hosts ...'
  end
  if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
    fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling DiscoverApi.query_hosts, must be greater than or equal to 0.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_hosts, must be smaller than or equal to 100.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_hosts, must be greater than or equal to 1.'
  end

  # resource path
  local_var_path = '/discover/queries/hosts/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"DiscoverApi.query_hosts",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: DiscoverApi#query_hosts\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_logins(opts = {}) ⇒ MsaQueryResponse

Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of login IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort logins by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;account_name|asc&lt;/li&gt;&lt;li&gt;login_timestamp|desc&lt;/li&gt;&lt;/ul&gt;

• :filter (String) —

  Filter logins using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;account_type:&#39;Local&#39;&lt;/li&gt;&lt;li&gt;login_type:&#39;Interactive&#39;&lt;/li&gt;&lt;li&gt;first_seen_timestamp:&lt;&#39;now-7d&#39;&lt;/li&gt;&lt;li&gt;admin_privileges:&#39;No&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_timestamp, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, is_suspicious, failure_description, login_event_count, aggregation_time_interval Available filter fields that supports wildcard (*): id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, failure_description, aggregation_time_interval Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): login_timestamp, login_event_count All filter fields and operations supports negation (!).

Returns:

• (MsaQueryResponse)

# File 'lib/crimson-falcon/api/discover_api.rb', line 531

def query_logins(opts = {})
  data, _status_code, _headers = query_logins_with_http_info(opts)
  data
end

#query_logins_with_http_info(opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of login IDs which match the filter criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :offset (Integer) —

  An offset used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don’t provide an &#x60;offset&#x60;. On subsequent requests, add previous &#x60;offset&#x60; with the previous &#x60;limit&#x60; to continue from that place in the results.

• :limit (Integer) —

  The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the &#x60;offset&#x60; parameter to manage pagination of results.

• :sort (String) —

  Sort logins by their properties. A single sort field is allowed. Common sort options include: &lt;ul&gt;&lt;li&gt;account_name|asc&lt;/li&gt;&lt;li&gt;login_timestamp|desc&lt;/li&gt;&lt;/ul&gt;

• :filter (String) —

  Filter logins using an FQL query. Common filter options include:&lt;ul&gt;&lt;li&gt;account_type:&#39;Local&#39;&lt;/li&gt;&lt;li&gt;login_type:&#39;Interactive&#39;&lt;/li&gt;&lt;li&gt;first_seen_timestamp:&lt;&#39;now-7d&#39;&lt;/li&gt;&lt;li&gt;admin_privileges:&#39;No&#39;&lt;/li&gt;&lt;/ul&gt; Available filter fields that support exact match: id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_timestamp, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, is_suspicious, failure_description, login_event_count, aggregation_time_interval Available filter fields that supports wildcard (*): id, cid, login_status, account_id, host_id, user_sid, aid, account_name, username, hostname, account_type, login_type, login_domain, admin_privileges, local_admin_privileges, local_ip, remote_ip, host_country, host_city, failure_description, aggregation_time_interval Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): login_timestamp, login_event_count All filter fields and operations supports negation (!).

Returns:

• (Array<(MsaQueryResponse, Integer, Hash)>) —

  MsaQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/discover_api.rb', line 543

def query_logins_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: DiscoverApi.query_logins ...'
  end
  if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] < 0
    fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling DiscoverApi.query_logins, must be greater than or equal to 0.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 100
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_logins, must be smaller than or equal to 100.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling DiscoverApi.query_logins, must be greater than or equal to 1.'
  end

  # resource path
  local_var_path = '/discover/queries/logins/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"DiscoverApi.query_logins",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: DiscoverApi#query_logins\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end