Class: Falcon::MalqueryApi

Inherits:

Object

• Object
• Falcon::MalqueryApi

Defined in:

lib/crimson-falcon/api/malquery_api.rb

Instance Attribute Summary

• #api_client ⇒ Object

  Returns the value of attribute api_client.

Instance Method Summary

• #get_mal_query_download_v1(ids, opts = {}) ⇒ nil

  Download a file indexed by MalQuery.

• #get_mal_query_download_v1_with_http_info(ids, opts = {}) ⇒ Array<(nil, Integer, Hash)>

  Download a file indexed by MalQuery.

• #get_mal_query_entities_samples_fetch_v1(ids, opts = {}) ⇒ nil

  Fetch a zip archive with password ‘infected’ containing the samples.

• #get_mal_query_entities_samples_fetch_v1_with_http_info(ids, opts = {}) ⇒ Array<(nil, Integer, Hash)>

  Fetch a zip archive with password &#39;infected&#39; containing the samples.

• #get_mal_query_metadata_v1(ids, opts = {}) ⇒ MalquerySampleMetadataResponse

  Retrieve indexed files metadata by their hash.

• #get_mal_query_metadata_v1_with_http_info(ids, opts = {}) ⇒ Array<(MalquerySampleMetadataResponse, Integer, Hash)>

  Retrieve indexed files metadata by their hash.

• #get_mal_query_quotas_v1(opts = {}) ⇒ MalqueryRateLimitsResponse

  Get information about search and download quotas in your environment.

• #get_mal_query_quotas_v1_with_http_info(opts = {}) ⇒ Array<(MalqueryRateLimitsResponse, Integer, Hash)>

  Get information about search and download quotas in your environment.

• #get_mal_query_request_v1(ids, opts = {}) ⇒ MalqueryRequestResponse

  Check the status and results of an asynchronous request, such as hunt or exact-search.

• #get_mal_query_request_v1_with_http_info(ids, opts = {}) ⇒ Array<(MalqueryRequestResponse, Integer, Hash)>

  Check the status and results of an asynchronous request, such as hunt or exact-search.

• #initialize(api_client = ApiClient.default) ⇒ MalqueryApi constructor

  A new instance of MalqueryApi.

• #post_mal_query_entities_samples_multidownload_v1(body, opts = {}) ⇒ MalqueryExternalQueryResponse

  Schedule samples for download.

• #post_mal_query_entities_samples_multidownload_v1_with_http_info(body, opts = {}) ⇒ Array<(MalqueryExternalQueryResponse, Integer, Hash)>

  Schedule samples for download.

• #post_mal_query_exact_search_v1(body, opts = {}) ⇒ MalqueryExternalQueryResponse

  Search Falcon MalQuery for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity.

• #post_mal_query_exact_search_v1_with_http_info(body, opts = {}) ⇒ Array<(MalqueryExternalQueryResponse, Integer, Hash)>

  Search Falcon MalQuery for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity.

• #post_mal_query_fuzzy_search_v1(body, opts = {}) ⇒ MalqueryFuzzySearchResponse

  Search Falcon MalQuery quickly, but with more potential for false positives.

• #post_mal_query_fuzzy_search_v1_with_http_info(body, opts = {}) ⇒ Array<(MalqueryFuzzySearchResponse, Integer, Hash)>

  Search Falcon MalQuery quickly, but with more potential for false positives.

• #post_mal_query_hunt_v1(body, opts = {}) ⇒ MalqueryExternalQueryResponse

  Schedule a YARA-based search for execution.

• #post_mal_query_hunt_v1_with_http_info(body, opts = {}) ⇒ Array<(MalqueryExternalQueryResponse, Integer, Hash)>

  Schedule a YARA-based search for execution.

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ MalqueryApi

Returns a new instance of MalqueryApi.

# File 'lib/crimson-falcon/api/malquery_api.rb', line 36

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_client ⇒ Object

Returns the value of attribute api_client.

# File 'lib/crimson-falcon/api/malquery_api.rb', line 34

def api_client
  @api_client
end

Instance Method Details

#get_mal_query_download_v1(ids, opts = {}) ⇒ nil

Download a file indexed by MalQuery. Specify the file using its SHA256. Only one file is supported at this time

Parameters:

• ids (Array<String>) —

  The file SHA256.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (nil)

# File 'lib/crimson-falcon/api/malquery_api.rb', line 43

def get_mal_query_download_v1(ids, opts = {})
  get_mal_query_download_v1_with_http_info(ids, opts)
  nil
end

#get_mal_query_download_v1_with_http_info(ids, opts = {}) ⇒ Array<(nil, Integer, Hash)>

Download a file indexed by MalQuery. Specify the file using its SHA256. Only one file is supported at this time

Parameters:

• ids (Array<String>) —

  The file SHA256.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(nil, Integer, Hash)>) —

  nil, response status code and response headers

# File 'lib/crimson-falcon/api/malquery_api.rb', line 52

def get_mal_query_download_v1_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: MalqueryApi.get_mal_query_download_v1 ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling MalqueryApi.get_mal_query_download_v1"
  end
  # resource path
  local_var_path = '/malquery/entities/download-files/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :csv)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/octet-stream', 'application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type]

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"MalqueryApi.get_mal_query_download_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: MalqueryApi#get_mal_query_download_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_mal_query_entities_samples_fetch_v1(ids, opts = {}) ⇒ nil

Fetch a zip archive with password ‘infected’ containing the samples. Call this once the /entities/samples-multidownload request has finished processing

Parameters:

• ids (String) —

  Multidownload job id

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (nil)

# File 'lib/crimson-falcon/api/malquery_api.rb', line 105

def get_mal_query_entities_samples_fetch_v1(ids, opts = {})
  get_mal_query_entities_samples_fetch_v1_with_http_info(ids, opts)
  nil
end

#get_mal_query_entities_samples_fetch_v1_with_http_info(ids, opts = {}) ⇒ Array<(nil, Integer, Hash)>

Fetch a zip archive with password &#39;infected&#39; containing the samples. Call this once the /entities/samples-multidownload request has finished processing

Parameters:

• ids (String) —

  Multidownload job id

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(nil, Integer, Hash)>) —

  nil, response status code and response headers

# File 'lib/crimson-falcon/api/malquery_api.rb', line 114

def get_mal_query_entities_samples_fetch_v1_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: MalqueryApi.get_mal_query_entities_samples_fetch_v1 ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling MalqueryApi.get_mal_query_entities_samples_fetch_v1"
  end
  # resource path
  local_var_path = '/malquery/entities/samples-fetch/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = ids

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/zip', 'application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type]

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"MalqueryApi.get_mal_query_entities_samples_fetch_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: MalqueryApi#get_mal_query_entities_samples_fetch_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_mal_query_metadata_v1(ids, opts = {}) ⇒ MalquerySampleMetadataResponse

Retrieve indexed files metadata by their hash

Parameters:

• ids (Array<String>) —

  The file SHA256.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (MalquerySampleMetadataResponse)

# File 'lib/crimson-falcon/api/malquery_api.rb', line 167

def get_mal_query_metadata_v1(ids, opts = {})
  data, _status_code, _headers = get_mal_query_metadata_v1_with_http_info(ids, opts)
  data
end

#get_mal_query_metadata_v1_with_http_info(ids, opts = {}) ⇒ Array<(MalquerySampleMetadataResponse, Integer, Hash)>

Retrieve indexed files metadata by their hash

Parameters:

• ids (Array<String>) —

  The file SHA256.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(MalquerySampleMetadataResponse, Integer, Hash)>) —

  MalquerySampleMetadataResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/malquery_api.rb', line 176

def get_mal_query_metadata_v1_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: MalqueryApi.get_mal_query_metadata_v1 ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling MalqueryApi.get_mal_query_metadata_v1"
  end
  # resource path
  local_var_path = '/malquery/entities/metadata/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :csv)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MalquerySampleMetadataResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"MalqueryApi.get_mal_query_metadata_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: MalqueryApi#get_mal_query_metadata_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_mal_query_quotas_v1(opts = {}) ⇒ MalqueryRateLimitsResponse

Get information about search and download quotas in your environment

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (MalqueryRateLimitsResponse)

# File 'lib/crimson-falcon/api/malquery_api.rb', line 228

def get_mal_query_quotas_v1(opts = {})
  data, _status_code, _headers = get_mal_query_quotas_v1_with_http_info(opts)
  data
end

#get_mal_query_quotas_v1_with_http_info(opts = {}) ⇒ Array<(MalqueryRateLimitsResponse, Integer, Hash)>

Get information about search and download quotas in your environment

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(MalqueryRateLimitsResponse, Integer, Hash)>) —

  MalqueryRateLimitsResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/malquery_api.rb', line 236

def get_mal_query_quotas_v1_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: MalqueryApi.get_mal_query_quotas_v1 ...'
  end
  # resource path
  local_var_path = '/malquery/aggregates/quotas/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MalqueryRateLimitsResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"MalqueryApi.get_mal_query_quotas_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: MalqueryApi#get_mal_query_quotas_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_mal_query_request_v1(ids, opts = {}) ⇒ MalqueryRequestResponse

Check the status and results of an asynchronous request, such as hunt or exact-search. Supports a single request id at this time.

Parameters:

• ids (Array<String>) —

  Identifier of a MalQuery request

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (MalqueryRequestResponse)

# File 'lib/crimson-falcon/api/malquery_api.rb', line 284

def get_mal_query_request_v1(ids, opts = {})
  data, _status_code, _headers = get_mal_query_request_v1_with_http_info(ids, opts)
  data
end

#get_mal_query_request_v1_with_http_info(ids, opts = {}) ⇒ Array<(MalqueryRequestResponse, Integer, Hash)>

Check the status and results of an asynchronous request, such as hunt or exact-search. Supports a single request id at this time.

Parameters:

• ids (Array<String>) —

  Identifier of a MalQuery request

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(MalqueryRequestResponse, Integer, Hash)>) —

  MalqueryRequestResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/malquery_api.rb', line 293

def get_mal_query_request_v1_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: MalqueryApi.get_mal_query_request_v1 ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling MalqueryApi.get_mal_query_request_v1"
  end
  # resource path
  local_var_path = '/malquery/entities/requests/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :csv)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MalqueryRequestResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"MalqueryApi.get_mal_query_request_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: MalqueryApi#get_mal_query_request_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#post_mal_query_entities_samples_multidownload_v1(body, opts = {}) ⇒ MalqueryExternalQueryResponse

Schedule samples for download. Use the result id with the /request endpoint to check if the download is ready after which you can call the /entities/samples-fetch to get the zip

Parameters:

• body (MalqueryMultiDownloadRequestV1) —

  Download request. See model for more details.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (MalqueryExternalQueryResponse)

# File 'lib/crimson-falcon/api/malquery_api.rb', line 346

def post_mal_query_entities_samples_multidownload_v1(body, opts = {})
  data, _status_code, _headers = post_mal_query_entities_samples_multidownload_v1_with_http_info(body, opts)
  data
end

#post_mal_query_entities_samples_multidownload_v1_with_http_info(body, opts = {}) ⇒ Array<(MalqueryExternalQueryResponse, Integer, Hash)>

Schedule samples for download. Use the result id with the /request endpoint to check if the download is ready after which you can call the /entities/samples-fetch to get the zip

Parameters:

• body (MalqueryMultiDownloadRequestV1) —

  Download request. See model for more details.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(MalqueryExternalQueryResponse, Integer, Hash)>) —

  MalqueryExternalQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/malquery_api.rb', line 355

def post_mal_query_entities_samples_multidownload_v1_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: MalqueryApi.post_mal_query_entities_samples_multidownload_v1 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling MalqueryApi.post_mal_query_entities_samples_multidownload_v1"
  end
  # resource path
  local_var_path = '/malquery/entities/samples-multidownload/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'MalqueryExternalQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"MalqueryApi.post_mal_query_entities_samples_multidownload_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: MalqueryApi#post_mal_query_entities_samples_multidownload_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#post_mal_query_exact_search_v1(body, opts = {}) ⇒ MalqueryExternalQueryResponse

Search Falcon MalQuery for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. You can filter results on criteria such as file type, file size and first seen date. Returns a request id which can be used with the /request endpoint

Parameters:

• body (MalqueryExternalExactSearchParametersV1) —

  Exact search parameters. See model for more details.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (MalqueryExternalQueryResponse)

# File 'lib/crimson-falcon/api/malquery_api.rb', line 412

def post_mal_query_exact_search_v1(body, opts = {})
  data, _status_code, _headers = post_mal_query_exact_search_v1_with_http_info(body, opts)
  data
end

#post_mal_query_exact_search_v1_with_http_info(body, opts = {}) ⇒ Array<(MalqueryExternalQueryResponse, Integer, Hash)>

Search Falcon MalQuery for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. You can filter results on criteria such as file type, file size and first seen date. Returns a request id which can be used with the /request endpoint

Parameters:

• body (MalqueryExternalExactSearchParametersV1) —

  Exact search parameters. See model for more details.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(MalqueryExternalQueryResponse, Integer, Hash)>) —

  MalqueryExternalQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/malquery_api.rb', line 421

def post_mal_query_exact_search_v1_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: MalqueryApi.post_mal_query_exact_search_v1 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling MalqueryApi.post_mal_query_exact_search_v1"
  end
  # resource path
  local_var_path = '/malquery/queries/exact-search/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'MalqueryExternalQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"MalqueryApi.post_mal_query_exact_search_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: MalqueryApi#post_mal_query_exact_search_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#post_mal_query_fuzzy_search_v1(body, opts = {}) ⇒ MalqueryFuzzySearchResponse

Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity.

Parameters:

• body (MalqueryFuzzySearchParametersV1) —

  Fuzzy search parameters. See model for more details.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (MalqueryFuzzySearchResponse)

# File 'lib/crimson-falcon/api/malquery_api.rb', line 478

def post_mal_query_fuzzy_search_v1(body, opts = {})
  data, _status_code, _headers = post_mal_query_fuzzy_search_v1_with_http_info(body, opts)
  data
end

#post_mal_query_fuzzy_search_v1_with_http_info(body, opts = {}) ⇒ Array<(MalqueryFuzzySearchResponse, Integer, Hash)>

Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity.

Parameters:

• body (MalqueryFuzzySearchParametersV1) —

  Fuzzy search parameters. See model for more details.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(MalqueryFuzzySearchResponse, Integer, Hash)>) —

  MalqueryFuzzySearchResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/malquery_api.rb', line 487

def post_mal_query_fuzzy_search_v1_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: MalqueryApi.post_mal_query_fuzzy_search_v1 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling MalqueryApi.post_mal_query_fuzzy_search_v1"
  end
  # resource path
  local_var_path = '/malquery/combined/fuzzy-search/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'MalqueryFuzzySearchResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"MalqueryApi.post_mal_query_fuzzy_search_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: MalqueryApi#post_mal_query_fuzzy_search_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#post_mal_query_hunt_v1(body, opts = {}) ⇒ MalqueryExternalQueryResponse

Schedule a YARA-based search for execution. Returns a request id which can be used with the /request endpoint

Parameters:

• body (MalqueryExternalHuntParametersV1) —

  Hunt parameters. See model for more details.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (MalqueryExternalQueryResponse)

# File 'lib/crimson-falcon/api/malquery_api.rb', line 544

def post_mal_query_hunt_v1(body, opts = {})
  data, _status_code, _headers = post_mal_query_hunt_v1_with_http_info(body, opts)
  data
end

#post_mal_query_hunt_v1_with_http_info(body, opts = {}) ⇒ Array<(MalqueryExternalQueryResponse, Integer, Hash)>

Schedule a YARA-based search for execution. Returns a request id which can be used with the /request endpoint

Parameters:

• body (MalqueryExternalHuntParametersV1) —

  Hunt parameters. See model for more details.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(MalqueryExternalQueryResponse, Integer, Hash)>) —

  MalqueryExternalQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/malquery_api.rb', line 553

def post_mal_query_hunt_v1_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: MalqueryApi.post_mal_query_hunt_v1 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling MalqueryApi.post_mal_query_hunt_v1"
  end
  # resource path
  local_var_path = '/malquery/queries/hunt/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'MalqueryExternalQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"MalqueryApi.post_mal_query_hunt_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: MalqueryApi#post_mal_query_hunt_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end