Class: Falcon::SpotlightVulnerabilities

Inherits:

Object

• Object
• Falcon::SpotlightVulnerabilities

Defined in:

lib/crimson-falcon/api/spotlight_vulnerabilities.rb

Instance Attribute Summary

• #api_client ⇒ Object

  Returns the value of attribute api_client.

Instance Method Summary

• #combined_query_vulnerabilities(filter, opts = {}) ⇒ DomainSPAPICombinedVulnerabilitiesResponse

  Search for Vulnerabilities in your environment by providing an FQL filter and paging details.

• #combined_query_vulnerabilities_with_http_info(filter, opts = {}) ⇒ Array<(DomainSPAPICombinedVulnerabilitiesResponse, Integer, Hash)>

  Search for Vulnerabilities in your environment by providing an FQL filter and paging details.

• #get_remediations_v2(ids, opts = {}) ⇒ DomainSPAPIRemediationEntitiesResponseV2

  Get details on remediation by providing one or more IDs.

• #get_remediations_v2_with_http_info(ids, opts = {}) ⇒ Array<(DomainSPAPIRemediationEntitiesResponseV2, Integer, Hash)>

  Get details on remediation by providing one or more IDs.

• #get_vulnerabilities(ids, opts = {}) ⇒ DomainSPAPIVulnerabilitiesEntitiesResponseV2

  Get details on vulnerabilities by providing one or more IDs.

• #get_vulnerabilities_with_http_info(ids, opts = {}) ⇒ Array<(DomainSPAPIVulnerabilitiesEntitiesResponseV2, Integer, Hash)>

  Get details on vulnerabilities by providing one or more IDs.

• #initialize(api_client = ApiClient.default) ⇒ SpotlightVulnerabilities constructor

  A new instance of SpotlightVulnerabilities.

• #query_vulnerabilities(filter, opts = {}) ⇒ DomainSPAPIQueryResponse

  Search for Vulnerabilities in your environment by providing an FQL filter and paging details.

• #query_vulnerabilities_with_http_info(filter, opts = {}) ⇒ Array<(DomainSPAPIQueryResponse, Integer, Hash)>

  Search for Vulnerabilities in your environment by providing an FQL filter and paging details.

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ SpotlightVulnerabilities

Returns a new instance of SpotlightVulnerabilities.

# File 'lib/crimson-falcon/api/spotlight_vulnerabilities.rb', line 36

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_client ⇒ Object

Returns the value of attribute api_client.

# File 'lib/crimson-falcon/api/spotlight_vulnerabilities.rb', line 34

def api_client
  @api_client
end

Instance Method Details

#combined_query_vulnerabilities(filter, opts = {}) ⇒ DomainSPAPICombinedVulnerabilitiesResponse

Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria

Parameters:

• filter (String) —

  Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, cve.base_score, cve.types, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason, host_info.instance_state Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): created_timestamp, closed_timestamp, updated_timestamp, cve.base_score

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :after (String) —

  A pagination token used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don&#39;t provide an &#x60;after&#x60; token. On subsequent requests, provide the &#x60;after&#x60; token from the previous response to continue from that place in the results.

• :limit (Integer) —

  The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.

• :sort (String) —

  Sort vulnerabilities by their properties. Common sort options include: &lt;ul&gt;&lt;li&gt;updated_timestamp|asc&lt;/li&gt;&lt;li&gt;closed_timestamp|asc&lt;/li&gt;&lt;/ul&gt;

• :facet (Array<String>) —

  Select various details blocks to be returned for each vulnerability entity. Supported values: &lt;ul&gt;&lt;li&gt;host_info&lt;/li&gt;&lt;li&gt;remediation&lt;/li&gt;&lt;li&gt;cve&lt;/li&gt;&lt;li&gt;evaluation_logic&lt;/li&gt;&lt;/ul&gt;

Returns:

• (DomainSPAPICombinedVulnerabilitiesResponse)

# File 'lib/crimson-falcon/api/spotlight_vulnerabilities.rb', line 47

def combined_query_vulnerabilities(filter, opts = {})
  data, _status_code, _headers = combined_query_vulnerabilities_with_http_info(filter, opts)
  data
end

#combined_query_vulnerabilities_with_http_info(filter, opts = {}) ⇒ Array<(DomainSPAPICombinedVulnerabilitiesResponse, Integer, Hash)>

Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria

Parameters:

• filter (String) —

  Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, cve.base_score, cve.types, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason, host_info.instance_state Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): created_timestamp, closed_timestamp, updated_timestamp, cve.base_score

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :after (String) —

  A pagination token used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don&#39;t provide an &#x60;after&#x60; token. On subsequent requests, provide the &#x60;after&#x60; token from the previous response to continue from that place in the results.

• :limit (Integer) —

  The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.

• :sort (String) —

  Sort vulnerabilities by their properties. Common sort options include: &lt;ul&gt;&lt;li&gt;updated_timestamp|asc&lt;/li&gt;&lt;li&gt;closed_timestamp|asc&lt;/li&gt;&lt;/ul&gt;

• :facet (Array<String>) —

  Select various details blocks to be returned for each vulnerability entity. Supported values: &lt;ul&gt;&lt;li&gt;host_info&lt;/li&gt;&lt;li&gt;remediation&lt;/li&gt;&lt;li&gt;cve&lt;/li&gt;&lt;li&gt;evaluation_logic&lt;/li&gt;&lt;/ul&gt;

Returns:

• (Array<(DomainSPAPICombinedVulnerabilitiesResponse, Integer, Hash)>) —

  DomainSPAPICombinedVulnerabilitiesResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/spotlight_vulnerabilities.rb', line 60

def combined_query_vulnerabilities_with_http_info(filter, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: SpotlightVulnerabilities.combined_query_vulnerabilities ...'
  end
  # verify the required parameter 'filter' is set
  if @api_client.config.client_side_validation && filter.nil?
    fail ArgumentError, "Missing the required parameter 'filter' when calling SpotlightVulnerabilities.combined_query_vulnerabilities"
  end
  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 5000
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling SpotlightVulnerabilities.combined_query_vulnerabilities, must be smaller than or equal to 5000.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling SpotlightVulnerabilities.combined_query_vulnerabilities, must be greater than or equal to 1.'
  end

  # resource path
  local_var_path = '/spotlight/combined/vulnerabilities/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'filter'] = filter
  query_params[:'after'] = opts[:'after'] if !opts[:'after'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'facet'] = @api_client.build_collection_param(opts[:'facet'], :multi) if !opts[:'facet'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainSPAPICombinedVulnerabilitiesResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"SpotlightVulnerabilities.combined_query_vulnerabilities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: SpotlightVulnerabilities#combined_query_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_remediations_v2(ids, opts = {}) ⇒ DomainSPAPIRemediationEntitiesResponseV2

Get details on remediation by providing one or more IDs

Parameters:

• ids (Array<String>) —

  One or more remediation IDs

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainSPAPIRemediationEntitiesResponseV2)

# File 'lib/crimson-falcon/api/spotlight_vulnerabilities.rb', line 125

def get_remediations_v2(ids, opts = {})
  data, _status_code, _headers = get_remediations_v2_with_http_info(ids, opts)
  data
end

#get_remediations_v2_with_http_info(ids, opts = {}) ⇒ Array<(DomainSPAPIRemediationEntitiesResponseV2, Integer, Hash)>

Get details on remediation by providing one or more IDs

Parameters:

• ids (Array<String>) —

  One or more remediation IDs

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainSPAPIRemediationEntitiesResponseV2, Integer, Hash)>) —

  DomainSPAPIRemediationEntitiesResponseV2 data, response status code and response headers

# File 'lib/crimson-falcon/api/spotlight_vulnerabilities.rb', line 134

def get_remediations_v2_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: SpotlightVulnerabilities.get_remediations_v2 ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling SpotlightVulnerabilities.get_remediations_v2"
  end
  # resource path
  local_var_path = '/spotlight/entities/remediations/v2'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainSPAPIRemediationEntitiesResponseV2'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"SpotlightVulnerabilities.get_remediations_v2",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: SpotlightVulnerabilities#get_remediations_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_vulnerabilities(ids, opts = {}) ⇒ DomainSPAPIVulnerabilitiesEntitiesResponseV2

Get details on vulnerabilities by providing one or more IDs

Parameters:

• ids (Array<String>) —

  One or more vulnerability IDs (max: 400). Find vulnerability IDs with GET /spotlight/queries/vulnerabilities/v1

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (DomainSPAPIVulnerabilitiesEntitiesResponseV2)

# File 'lib/crimson-falcon/api/spotlight_vulnerabilities.rb', line 187

def get_vulnerabilities(ids, opts = {})
  data, _status_code, _headers = get_vulnerabilities_with_http_info(ids, opts)
  data
end

#get_vulnerabilities_with_http_info(ids, opts = {}) ⇒ Array<(DomainSPAPIVulnerabilitiesEntitiesResponseV2, Integer, Hash)>

Get details on vulnerabilities by providing one or more IDs

Parameters:

• ids (Array<String>) —

  One or more vulnerability IDs (max: 400). Find vulnerability IDs with GET /spotlight/queries/vulnerabilities/v1

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(DomainSPAPIVulnerabilitiesEntitiesResponseV2, Integer, Hash)>) —

  DomainSPAPIVulnerabilitiesEntitiesResponseV2 data, response status code and response headers

# File 'lib/crimson-falcon/api/spotlight_vulnerabilities.rb', line 196

def get_vulnerabilities_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: SpotlightVulnerabilities.get_vulnerabilities ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling SpotlightVulnerabilities.get_vulnerabilities"
  end
  # resource path
  local_var_path = '/spotlight/entities/vulnerabilities/v2'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainSPAPIVulnerabilitiesEntitiesResponseV2'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"SpotlightVulnerabilities.get_vulnerabilities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: SpotlightVulnerabilities#get_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_vulnerabilities(filter, opts = {}) ⇒ DomainSPAPIQueryResponse

Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria

Parameters:

• filter (String) —

  Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, cve.base_score, cve.types, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason, host_info.instance_state Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): created_timestamp, closed_timestamp, updated_timestamp, cve.base_score

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :after (String) —

  A pagination token used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don&#39;t provide an &#x60;after&#x60; token. On subsequent requests, provide the &#x60;after&#x60; token from the previous response to continue from that place in the results.

• :limit (Integer) —

  The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results.

• :sort (String) —

  Sort vulnerabilities by their properties. Available sort options: &lt;ul&gt;&lt;li&gt;updated_timestamp|asc/desc&lt;/li&gt;&lt;li&gt;closed_timestamp|asc&lt;/li&gt;&lt;li&gt;updated_timestamp|asc/desc&lt;/li&gt;&lt;/ul&gt;. Can be used in a format &lt;field&gt;|asc for ascending order or &lt;field&gt;|desc for descending order.

Returns:

• (DomainSPAPIQueryResponse)

# File 'lib/crimson-falcon/api/spotlight_vulnerabilities.rb', line 252

def query_vulnerabilities(filter, opts = {})
  data, _status_code, _headers = query_vulnerabilities_with_http_info(filter, opts)
  data
end

#query_vulnerabilities_with_http_info(filter, opts = {}) ⇒ Array<(DomainSPAPIQueryResponse, Integer, Hash)>

Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria

Parameters:

• filter (String) —

  Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports match (~): N/A Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, cve.base_score, cve.types, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason, host_info.instance_state Available filter fields that supports wildcard (*): N/A Available filter fields that supports range comparisons (&gt;, &lt;, &gt;&#x3D;, &lt;&#x3D;): created_timestamp, closed_timestamp, updated_timestamp, cve.base_score

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :after (String) —

  A pagination token used with the &#x60;limit&#x60; parameter to manage pagination of results. On your first request, don&#39;t provide an &#x60;after&#x60; token. On subsequent requests, provide the &#x60;after&#x60; token from the previous response to continue from that place in the results.

• :limit (Integer) —

  The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results.

• :sort (String) —

  Sort vulnerabilities by their properties. Available sort options: &lt;ul&gt;&lt;li&gt;updated_timestamp|asc/desc&lt;/li&gt;&lt;li&gt;closed_timestamp|asc&lt;/li&gt;&lt;li&gt;updated_timestamp|asc/desc&lt;/li&gt;&lt;/ul&gt;. Can be used in a format &lt;field&gt;|asc for ascending order or &lt;field&gt;|desc for descending order.

Returns:

• (Array<(DomainSPAPIQueryResponse, Integer, Hash)>) —

  DomainSPAPIQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/spotlight_vulnerabilities.rb', line 264

def query_vulnerabilities_with_http_info(filter, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: SpotlightVulnerabilities.query_vulnerabilities ...'
  end
  # verify the required parameter 'filter' is set
  if @api_client.config.client_side_validation && filter.nil?
    fail ArgumentError, "Missing the required parameter 'filter' when calling SpotlightVulnerabilities.query_vulnerabilities"
  end
  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 400
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling SpotlightVulnerabilities.query_vulnerabilities, must be smaller than or equal to 400.'
  end

  if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] < 1
    fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling SpotlightVulnerabilities.query_vulnerabilities, must be greater than or equal to 1.'
  end

  # resource path
  local_var_path = '/spotlight/queries/vulnerabilities/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'filter'] = filter
  query_params[:'after'] = opts[:'after'] if !opts[:'after'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'DomainSPAPIQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"SpotlightVulnerabilities.query_vulnerabilities",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: SpotlightVulnerabilities#query_vulnerabilities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end