From b1a3332d248d50771fd8e3221aeb3a392aecf2ec Mon Sep 17 00:00:00 2001 From: nitescuc <1108077+nitescuc@users.noreply.github.com> Date: Thu, 19 Mar 2026 13:43:18 +0000 Subject: [PATCH] Update python SDK 1.116.3 --- crowdsec_tracker_api/__init__.py | 142 +- .../__pycache__/base_model.cpython-311.pyc | Bin 4407 -> 4407 bytes .../__pycache__/http_client.cpython-311.pyc | Bin 7797 -> 7797 bytes crowdsec_tracker_api/models.py | 2871 +++++++++++------ .../__pycache__/__init__.cpython-311.pyc | Bin 236 -> 236 bytes crowdsec_tracker_api/services/allowlists.py | 320 ++ crowdsec_tracker_api/services/blocklists.py | 383 +++ crowdsec_tracker_api/services/decisions.py | 63 + crowdsec_tracker_api/services/hub.py | 63 + crowdsec_tracker_api/services/info.py | 30 + crowdsec_tracker_api/services/integrations.py | 4 +- crowdsec_tracker_api/services/metrics.py | 39 + doc/Allowlists.md | 530 +++ doc/Blocklists.md | 656 ++++ doc/Cves.md | 328 -- doc/Decisions.md | 113 + doc/Fingerprints.md | 321 -- doc/Hub.md | 172 + doc/Info.md | 35 + doc/Integrations.md | 4 + doc/Metrics.md | 49 + doc/Models.md | 988 ++++-- doc/Products.md | 89 - doc/README.md | 168 +- doc/Tags.md | 89 - doc/Vendors.md | 89 - let-openapi.json | 2 +- pyproject.toml | 2 +- 28 files changed, 5216 insertions(+), 2334 deletions(-) create mode 100644 crowdsec_tracker_api/services/allowlists.py create mode 100644 crowdsec_tracker_api/services/blocklists.py create mode 100644 crowdsec_tracker_api/services/decisions.py create mode 100644 crowdsec_tracker_api/services/hub.py create mode 100644 crowdsec_tracker_api/services/info.py create mode 100644 crowdsec_tracker_api/services/metrics.py create mode 100644 doc/Allowlists.md create mode 100644 doc/Blocklists.md delete mode 100644 doc/Cves.md create mode 100644 doc/Decisions.md delete mode 100644 doc/Fingerprints.md create mode 100644 doc/Hub.md create mode 100644 doc/Info.md create mode 100644 doc/Metrics.md delete mode 100644 doc/Products.md delete mode 100644 doc/Tags.md delete mode 100644 doc/Vendors.md diff --git a/crowdsec_tracker_api/__init__.py b/crowdsec_tracker_api/__init__.py index 1fb352c..b9282bd 100644 --- a/crowdsec_tracker_api/__init__.py +++ b/crowdsec_tracker_api/__init__.py @@ -2,11 +2,12 @@ from .models import * from .base_model import Page from .services.integrations import Integrations -from .services.cves import Cves -from .services.vendors import Vendors -from .services.products import Products -from .services.tags import Tags -from .services.fingerprints import Fingerprints +from .services.allowlists import Allowlists +from .services.blocklists import Blocklists +from .services.decisions import Decisions +from .services.info import Info +from .services.metrics import Metrics +from .services.hub import Hub from .http_client import ApiKeyAuth class Server(Enum): @@ -14,11 +15,12 @@ class Server(Enum): __all__ = [ 'Integrations', - 'Cves', - 'Vendors', - 'Products', - 'Tags', - 'Fingerprints', + 'Allowlists', + 'Blocklists', + 'Decisions', + 'Info', + 'Metrics', + 'Hub', 'ApiKeyCredentials', 'BasicAuthCredentials', 'BlocklistSubscription', @@ -36,50 +38,84 @@ class Server(Enum): 'OutputFormat', 'Stats', 'ValidationError', - 'AdjustmentScore', - 'AffectedComponent', - 'AllowlistSubscription', - 'AttackDetail', - 'Behavior', - 'CVEEvent', - 'CVEResponseBase', - 'CVEsubscription', - 'CWE', - 'Classification', - 'Classifications', + 'AllowlistCreateRequest', + 'AllowlistCreateResponse', + 'AllowlistGetItemsResponse', + 'AllowlistGetItemsResponsePage', + 'AllowlistGetResponse', + 'AllowlistGetResponsePage', + 'AllowlistItemUpdateRequest', + 'AllowlistItemUpdateResponse', + 'AllowlistItemsCreateRequest', + 'AllowlistScope', + 'AllowlistSubscriberEntity', + 'AllowlistSubscriberEntityPage', + 'AllowlistSubscribersCount', + 'AllowlistSubscriptionRequest', + 'AllowlistSubscriptionResponse', + 'AllowlistUpdateRequest', + 'AllowlistUpdateResponse', + 'AttacksMetrics', + 'BlocklistAddIPsRequest', + 'BlocklistCategory', + 'BlocklistContentStats', + 'BlocklistCreateRequest', + 'BlocklistDeleteIPsRequest', + 'BlocklistIncludeFilters', + 'BlocklistOrigin', + 'BlocklistSearchRequest', + 'BlocklistShareRequest', + 'BlocklistSources', + 'BlocklistStats', + 'BlocklistSubscriberEntity', + 'BlocklistSubscriberEntityPage', + 'BlocklistSubscribersCount', + 'BlocklistSubscriptionRequest', + 'BlocklistSubscriptionResponse', + 'BlocklistUpdateRequest', + 'BlocklistUsageStats', + 'Body_uploadBlocklistContent', + 'ComputedMetrics', + 'ComputedSavedMetrics', + 'CtiAs', + 'CtiBehavior', + 'CtiCategory', + 'CtiCountry', + 'CtiIp', + 'CtiScenario', + 'DecisionCreateRequest', + 'DecisionCreateResponse', + 'DecisionResponse', + 'DecisionTargetModel', + 'DecisionTargetType', + 'DecisionsGetResponsePage', + 'DecisionsSortBy', + 'DecisionsSortOrder', 'EntityType', - 'ExploitationPhase', - 'FingerprintRuleResponse', - 'FingerprintRuleSummary', - 'FingerprintTimelineItem', - 'GetCVEIPsResponsePage', - 'GetCVEResponse', - 'GetCVESubscribedIntegrationsResponsePage', - 'GetCVEsFilterBy', - 'GetCVEsResponsePage', - 'GetCVEsSortBy', - 'GetCVEsSortOrder', - 'GetFingerprintIPsResponsePage', - 'GetFingerprintRulesResponsePage', - 'GetFingerprintSubscribedIntegrationsResponsePage', - 'History', - 'IPItem', - 'IntegrationResponse', - 'IntervalOptions', - 'Location', - 'LookupImpactCVEItem', - 'LookupImpactFingerprintItem', - 'LookupImpactResponsePage', - 'LookupListItem', - 'LookupListResponsePage', - 'MitreTechnique', - 'Reference', - 'ScoreBreakdown', - 'Scores', - 'SinceOptions', - 'SubscribeCVEIntegrationRequest', - 'SubscribeFingerprintIntegrationRequest', - 'TimelineItem', + 'GetRemediationMetricsResponse', + 'InfoResponse', + 'MetricUnits', + 'OriginMetrics', + 'Permission', + 'PricingTiers', + 'PublicBlocklistResponse', + 'PublicBlocklistResponsePage', + 'RawMetrics', + 'RemediationMetrics', + 'RemediationMetricsData', + 'Share', + 'SourceInfo', + 'SourceType', + 'SubscriberEntityType', + 'AppsecConfigIndex', + 'AppsecRuleIndex', + 'CollectionIndex', + 'ContextIndex', + 'Index', + 'ParserIndex', + 'PostoverflowIndex', + 'ScenarioIndex', + 'VersionDetail', 'ApiKeyAuth', 'Server', 'Page' diff --git a/crowdsec_tracker_api/__pycache__/base_model.cpython-311.pyc b/crowdsec_tracker_api/__pycache__/base_model.cpython-311.pyc index a48f15d154982d0e684afc810c60b74f0dc1dd88..ef537f695b1ba65cfc55e580f23900db1f97d392 100644 GIT binary patch delta 27 hcmdn4v|WjNIWI340}v$t-Mx|9i -# timestamp: 2026-02-24T17:00:06+00:00 +# timestamp: 2026-03-19T13:43:13+00:00 from __future__ import annotations from datetime import datetime -from enum import IntEnum, StrEnum -from typing import Annotated, Dict, List, Literal, Optional, Union +from enum import StrEnum +from typing import Annotated, Dict, List, Optional, Union from pydantic import AnyUrl, ConfigDict, Field, RootModel @@ -33,6 +33,8 @@ class BasicAuthCredentials(BaseModelSdk): class BlocklistSubscription(BaseModelSdk): id: Annotated[str, Field(title='Id')] remediation: Annotated[Optional[str], Field(title='Remediation')] = None + name: Annotated[str, Field(title='Name')] + label: Annotated[str, Field(title='Label')] class CVESubscription(BaseModelSdk): @@ -40,7 +42,7 @@ class CVESubscription(BaseModelSdk): class FingerprintSubscription(BaseModelSdk): - id: Annotated[str, Field(title='Id')] + id: Annotated[str, Field(description='Fingerprint ID', title='Id')] class IntegrationType(StrEnum): @@ -97,772 +99,472 @@ class ValidationError(BaseModelSdk): type: Annotated[str, Field(title='Error Type')] -class AdjustmentScore(BaseModelSdk): - total: Annotated[int, Field(description='Total score adjustment', title='Total')] - recency: Annotated[ - int, Field(description='Recency score adjustment', title='Recency') - ] - low_info: Annotated[ - int, Field(description='Low information score adjustment', title='Low Info') +class AllowlistCreateRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) + name: Annotated[ + str, + Field( + description='Name of the allowlist', + max_length=200, + min_length=1, + title='Name', + ), ] + description: Annotated[ + Optional[str], + Field(description='Description of the allowlist', title='Description'), + ] = None -class AffectedComponent(BaseModelSdk): - vendor: Annotated[ +class AllowlistCreateResponse(BaseModelSdk): + id: Annotated[ + str, + Field( + description='ID of the allowlist', + examples=['5f9d88b9e5c4f5b9a3d3e8b1'], + title='Id', + ), + ] + organization_id: Annotated[ + str, Field(description='ID of the owner organization', title='Organization Id') + ] + name: Annotated[str, Field(description='Name of the allowlist', title='Name')] + description: Annotated[ Optional[str], - Field(description='Vendor of the affected component', title='Vendor'), + Field(description='Description of the allowlist', title='Description'), + ] = None + created_at: Annotated[ + datetime, + Field(description='Time the allowlist was created', title='Created At'), + ] + updated_at: Annotated[ + Optional[datetime], + Field(description='Time the allowlist was updated', title='Updated At'), ] = None - product: Annotated[ + from_cti_query: Annotated[ Optional[str], - Field(description='Product name of the affected component', title='Product'), + Field( + description='CTI query from which the blocklist was created', + title='From Cti Query', + ), ] = None + since: Annotated[ + Optional[str], + Field( + description='Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days', + title='Since', + ), + ] = None + total_items: Annotated[ + int, Field(description='Number of items in the allowlist', title='Total Items') + ] -class AllowlistSubscription(BaseModelSdk): - id: Annotated[str, Field(title='Id')] - - -class AttackDetail(BaseModelSdk): - name: Annotated[str, Field(description='Attack detail name', title='Name')] - label: Annotated[str, Field(description='Attack detail label', title='Label')] +class AllowlistItemUpdateRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) description: Annotated[ - str, Field(description='Attack detail description', title='Description') - ] - references: Annotated[ - Optional[List[str]], - Field(description='Attack detail references', title='References'), + Optional[str], + Field(description='Description of the allowlist entry', title='Description'), + ] = None + expiration: Annotated[ + Optional[datetime], + Field(description='Time the allowlist entry will expire', title='Expiration'), ] = None -class Behavior(BaseModelSdk): - name: Annotated[str, Field(description='Behavior name', title='Name')] - label: Annotated[str, Field(description='Behavior label', title='Label')] - description: Annotated[ - str, Field(description='Behavior description', title='Description') +class AllowlistItemsCreateRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) + items: Annotated[ + List[str], + Field(description='List of values to add to the allowlist', title='Items'), ] - - -class CVEEvent(BaseModelSdk): - date: Annotated[datetime, Field(description='Date of the event', title='Date')] description: Annotated[ - str, Field(description='Description of the event', title='Description') + str, + Field(description='Description of the allowlist entry', title='Description'), ] - label: Annotated[str, Field(description='Label of the event', title='Label')] - name: Annotated[str, Field(description='Name of the event', title='Name')] + expiration: Annotated[ + Optional[datetime], + Field(description='Time the allowlist entry will expire', title='Expiration'), + ] = None -class CvssScore(RootModelSdk[float]): - root: Annotated[ - float, - Field(description='CVSS score of the CVE', ge=0.0, le=10.0, title='Cvss Score'), - ] +class AllowlistScope(StrEnum): + IP = 'ip' + RANGE = 'range' -class CVEsubscription(BaseModelSdk): - id: Annotated[str, Field(title='Id')] +class AllowlistSubscriptionResponse(BaseModelSdk): + updated: Annotated[ + Optional[List[str]], + Field( + description='List of updated allowlist ids', + examples=['5f9d88b9e5c4f5b9a3d3e8b1'], + title='Updated', + ), + ] = None + errors: Annotated[ + Optional[List[Dict[str, str]]], + Field( + description='List of errors if any', + examples=[{'5f9d88b9e5c4f5b9a3d3e8b1': 'error message'}], + title='Errors', + ), + ] = None -class CWE(BaseModelSdk): - name: Annotated[str, Field(description='Name of the CWE', title='Name')] - label: Annotated[str, Field(description='Label of the CWE', title='Label')] - description: Annotated[ - str, Field(description='Description of the CWE', title='Description') +class Name(RootModelSdk[str]): + root: Annotated[ + str, + Field( + description='Name of the allowlist', + max_length=200, + min_length=1, + title='Name', + ), ] -class Classification(BaseModelSdk): - name: Annotated[str, Field(description='Classification name', title='Name')] - label: Annotated[str, Field(description='Classification label', title='Label')] +class AllowlistUpdateRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) + name: Annotated[ + Optional[Name], Field(description='Name of the allowlist', title='Name') + ] = None description: Annotated[ - str, Field(description='Classification description', title='Description') - ] + Optional[str], + Field(description='Description of the allowlist', title='Description'), + ] = None -class Classifications(BaseModelSdk): - false_positives: Annotated[ - Optional[List[Classification]], - Field(description='False positive classifications', title='False Positives'), - ] = None - classifications: Annotated[ - Optional[List[Classification]], - Field(description='Main classifications', title='Classifications'), +class BlocklistAddIPsRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) + ips: Annotated[List[str], Field(description='List of IPs or networks', title='Ips')] + expiration: Annotated[ + Optional[datetime], + Field( + description='Expiration date', + examples=['2030-01-01T00:00:00.000Z'], + title='Expiration', + ), ] = None -class EntityType(StrEnum): - ORG = 'org' - TAG = 'tag' - ENGINE = 'engine' - FIREWALL_INTEGRATION = 'firewall_integration' - REMEDIATION_COMPONENT_INTEGRATION = 'remediation_component_integration' - REMEDIATION_COMPONENT = 'remediation_component' - LOG_PROCESSOR = 'log_processor' +class BlocklistCategory(BaseModelSdk): + name: Annotated[str, Field(title='Name')] + label: Annotated[str, Field(title='Label')] + description: Annotated[str, Field(title='Description')] + priority: Annotated[int, Field(title='Priority')] -class ExploitationPhase(BaseModelSdk): +class BlocklistCreateRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) name: Annotated[ - str, Field(description='Name of the exploitation phase', title='Name') + str, + Field( + description='Blocklist name, must be unique within the organization', + max_length=200, + min_length=1, + title='Name', + ), ] label: Annotated[ - str, Field(description='Label of the exploitation phase', title='Label') - ] + Optional[str], + Field( + description='Blocklist human readable name (Default: name)', title='Label' + ), + ] = None description: Annotated[ str, - Field(description='Description of the exploitation phase', title='Description'), + Field(description='Blocklist description', min_length=1, title='Description'), ] + references: Annotated[ + Optional[List[str]], + Field( + description="Useful references on the list's origins", title='References' + ), + ] = [] + tags: Annotated[ + Optional[List[str]], Field(description='Classification tags', title='Tags') + ] = [] -class FingerprintRuleResponse(BaseModelSdk): - id: Annotated[str, Field(description='Fingerprint rule identifier', title='Id')] - name: Annotated[str, Field(description='Fingerprint rule name', title='Name')] - title: Annotated[str, Field(description='Fingerprint rule title', title='Title')] - affected_components: Annotated[ - List[AffectedComponent], - Field(description='List of affected components', title='Affected Components'), - ] - crowdsec_score: Annotated[ - int, +class BlocklistDeleteIPsRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) + ips: Annotated[List[str], Field(description='List of IPs or networks', title='Ips')] + + +class BlocklistIncludeFilters(StrEnum): + PUBLIC = 'public' + PRIVATE = 'private' + SHARED = 'shared' + ALL = 'all' + + +class BlocklistSources(StrEnum): + CROWDSEC = 'crowdsec' + THIRD_PARTY = 'third_party' + CUSTOM = 'custom' + + +class BlocklistSubscriptionResponse(BaseModelSdk): + updated: Annotated[ + Optional[List[str]], Field( - description='Live Exploit Tracker score for the fingerprint rule', - ge=0, - le=10, - title='Crowdsec Score', + description='List of updated blocklist ids', + examples=['5f9d88b9e5c4f5b9a3d3e8b1'], + title='Updated', ), - ] - opportunity_score: Annotated[ - Optional[int], - Field(description='Opportunity score', ge=0, le=5, title='Opportunity Score'), - ] = 0 - momentum_score: Annotated[ - Optional[int], - Field(description='Momentum score', ge=0, le=5, title='Momentum Score'), - ] = 0 - first_seen: Annotated[ - Optional[datetime], Field(description='First seen date', title='First Seen') ] = None - last_seen: Annotated[ - Optional[datetime], Field(description='Last seen date', title='Last Seen') - ] = None - nb_ips: Annotated[ - int, Field(description='Number of unique IPs observed', ge=0, title='Nb Ips') - ] - rule_release_date: Annotated[ - Optional[datetime], + errors: Annotated[ + Optional[List[Dict[str, str]]], Field( - description='Release date of the fingerprint rule', - title='Rule Release Date', + description='List of errors if any', + examples=[{'5f9d88b9e5c4f5b9a3d3e8b1': 'error message'}], + title='Errors', ), ] = None - exploitation_phase: Annotated[ - ExploitationPhase, Field(description='Current exploitation phase') - ] - adjustment_score: Annotated[ - Optional[AdjustmentScore], Field(description='Score adjustment details') - ] = None - hype_score: Annotated[ - Optional[int], - Field( - description='Hype score (raw momentum component)', - ge=0, - le=5, - title='Hype Score', - ), - ] = 0 - tags: Annotated[ - Optional[List[str]], - Field(description='Tags associated with the fingerprint rule', title='Tags'), + + +class BlocklistUpdateRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) + label: Annotated[ + Optional[str], Field(description='Blocklist human readable name', title='Label') ] = None description: Annotated[ - Optional[str], - Field(description='Fingerprint rule description', title='Description'), + Optional[str], Field(description='Blocklist description', title='Description') ] = None references: Annotated[ Optional[List[str]], - Field( - description='Reference links for the fingerprint rule', title='References' - ), + Field(description='Blocklist references', title='References'), + ] = None + tags: Annotated[ + Optional[List[str]], Field(description='Blocklist tags', title='Tags') ] = None - crowdsec_analysis: Annotated[ + from_cti_query: Annotated[ Optional[str], Field( - description='CrowdSec analysis for this fingerprint rule', - title='Crowdsec Analysis', + description='CTI query (doc link available soon)', title='From Cti Query' ), ] = None - events: Annotated[ - Optional[List[CVEEvent]], + since: Annotated[ + Optional[str], Field( - description='List of events related to the fingerprint rule', title='Events' + description='Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days', + title='Since', ), ] = None -class FingerprintRuleSummary(BaseModelSdk): - id: Annotated[str, Field(description='Fingerprint rule identifier', title='Id')] - name: Annotated[str, Field(description='Fingerprint rule name', title='Name')] - title: Annotated[str, Field(description='Fingerprint rule title', title='Title')] - affected_components: Annotated[ - List[AffectedComponent], - Field(description='List of affected components', title='Affected Components'), - ] - crowdsec_score: Annotated[ - int, - Field( - description='Live Exploit Tracker score for the fingerprint rule', - ge=0, - le=10, - title='Crowdsec Score', - ), - ] - opportunity_score: Annotated[ - Optional[int], - Field(description='Opportunity score', ge=0, le=5, title='Opportunity Score'), +class BlocklistUsageStats(BaseModelSdk): + model_config = ConfigDict( + extra='allow', + ) + engines_subscribed_directly: Annotated[ + Optional[int], Field(title='Engines Subscribed Directly') ] = 0 - momentum_score: Annotated[ - Optional[int], - Field(description='Momentum score', ge=0, le=5, title='Momentum Score'), + engines_subscribed_through_org: Annotated[ + Optional[int], Field(title='Engines Subscribed Through Org') ] = 0 - first_seen: Annotated[ - Optional[datetime], Field(description='First seen date', title='First Seen') - ] = None - last_seen: Annotated[ - Optional[datetime], Field(description='Last seen date', title='Last Seen') - ] = None - nb_ips: Annotated[ - int, Field(description='Number of unique IPs observed', ge=0, title='Nb Ips') - ] - rule_release_date: Annotated[ - Optional[datetime], - Field( - description='Release date of the fingerprint rule', - title='Rule Release Date', - ), - ] = None - exploitation_phase: Annotated[ - ExploitationPhase, Field(description='Current exploitation phase') - ] - adjustment_score: Annotated[ - Optional[AdjustmentScore], Field(description='Score adjustment details') - ] = None + engines_subscribed_through_tag: Annotated[ + Optional[int], Field(title='Engines Subscribed Through Tag') + ] = 0 + total_subscribed_engines: Annotated[ + Optional[int], Field(title='Total Subscribed Engines') + ] = 0 + total_subscribed_organizations: Annotated[ + Optional[int], Field(title='Total Subscribed Organizations') + ] = 0 + updated_at: Annotated[Optional[datetime], Field(title='Updated At')] = None -class FingerprintTimelineItem(BaseModelSdk): - timestamp: Annotated[ - datetime, - Field(description='Timestamp of the timeline event', title='Timestamp'), - ] - count: Annotated[ - int, Field(description='Count of occurrences at the timestamp', title='Count') +class BodyUploadBlocklistContent(BaseModelSdk): + file: Annotated[ + bytes, Field(description='Blocklist file in txt format', title='File') ] -class GetCVEResponse(BaseModelSdk): - id: Annotated[str, Field(description='ID of the CVE', title='Id')] - name: Annotated[str, Field(description='Name of the CVE', title='Name')] - title: Annotated[str, Field(description='Title of the CVE', title='Title')] - affected_components: Annotated[ - List[AffectedComponent], - Field(description='List of affected components', title='Affected Components'), - ] - crowdsec_score: Annotated[ - int, - Field( - description='Live Exploit Tracker score of the CVE', - ge=0, - le=10, - title='Crowdsec Score', - ), - ] - opportunity_score: Annotated[ - Optional[int], - Field( - description="Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", - ge=0, - le=5, - title='Opportunity Score', - ), - ] = 0 - momentum_score: Annotated[ - Optional[int], - Field( - description="Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", - ge=0, - le=5, - title='Momentum Score', - ), - ] = 0 - first_seen: Annotated[ - Optional[datetime], Field(description='First seen date', title='First Seen') - ] = None - last_seen: Annotated[ - Optional[datetime], Field(description='Last seen date', title='Last Seen') - ] = None - nb_ips: Annotated[ - int, Field(description='Number of unique IPs affected', ge=0, title='Nb Ips') - ] - published_date: Annotated[ - datetime, Field(description='Published date of the CVE', title='Published Date') - ] - cvss_score: Annotated[ - Optional[CvssScore], - Field(description='CVSS score of the CVE', title='Cvss Score'), - ] = None - has_public_exploit: Annotated[ - bool, - Field( - description='Indicates if there is a public exploit for the CVE', - title='Has Public Exploit', - ), - ] - rule_release_date: Annotated[ - Optional[datetime], - Field( - description='Release date of the associated detection rule', - title='Rule Release Date', - ), - ] = None - exploitation_phase: Annotated[ - ExploitationPhase, Field(description='Current exploitation phase of the CVE') - ] - adjustment_score: Annotated[ - Optional[AdjustmentScore], - Field( - description='Score adjustments applied to the CVE score based on various factors' - ), - ] = None - hype_score: Annotated[ - Optional[int], - Field( - description='Hype score (raw momentum component)', - ge=0, - le=5, - title='Hype Score', - ), - ] = 0 - tags: Annotated[ - Optional[List[str]], - Field(description='Tags associated with the CVE', title='Tags'), - ] = None - references: Annotated[ - List[str], - Field(description='List of references for the CVE', title='References'), - ] - description: Annotated[ - str, Field(description='Description of the CVE', title='Description') - ] - crowdsec_analysis: Annotated[ - Optional[str], - Field(description='CrowdSec analysis of the CVE', title='Crowdsec Analysis'), - ] = None - cwes: Annotated[ - List[CWE], - Field(description='List of CWEs associated with the CVE', title='Cwes'), - ] - events: Annotated[ - Optional[List[CVEEvent]], - Field(description='List of events related to the CVE', title='Events'), - ] = None +class CtiAs(BaseModelSdk): + model_config = ConfigDict( + extra='allow', + ) + as_num: Annotated[str, Field(title='As Num')] + as_name: Annotated[str, Field(title='As Name')] + total_ips: Annotated[int, Field(title='Total Ips')] + + +class CtiBehavior(BaseModelSdk): + model_config = ConfigDict( + extra='allow', + ) + name: Annotated[str, Field(title='Name')] + label: Annotated[str, Field(title='Label')] + description: Annotated[str, Field(title='Description')] + references: Annotated[List[str], Field(title='References')] + total_ips: Annotated[int, Field(title='Total Ips')] -class GetCVEsFilterBy(StrEnum): - IS_PUBLIC = 'is_public' +class CtiCategory(BaseModelSdk): + model_config = ConfigDict( + extra='allow', + ) + name: Annotated[str, Field(title='Name')] + label: Annotated[str, Field(title='Label')] + description: Annotated[str, Field(title='Description')] + total_ips: Annotated[int, Field(title='Total Ips')] -class GetCVEsSortBy(StrEnum): - RULE_RELEASE_DATE = 'rule_release_date' - TRENDING = 'trending' - NB_IPS = 'nb_ips' - NAME = 'name' +class CtiCountry(BaseModelSdk): + model_config = ConfigDict( + extra='allow', + ) + country_short: Annotated[str, Field(title='Country Short')] + total_ips: Annotated[int, Field(title='Total Ips')] -class GetCVEsSortOrder(StrEnum): - ASC = 'asc' - DESC = 'desc' +class CtiIp(BaseModelSdk): + model_config = ConfigDict( + extra='allow', + ) + ip: Annotated[str, Field(title='Ip')] + total_signals_1m: Annotated[int, Field(title='Total Signals 1M')] + reputation: Annotated[Optional[str], Field(title='Reputation')] = 'unknown' -class GetFingerprintRulesResponsePage(BaseModelSdk): - items: Annotated[List[FingerprintRuleSummary], Field(title='Items')] - total: Annotated[int, Field(ge=0, title='Total')] - page: Annotated[int, Field(ge=1, title='Page')] - size: Annotated[int, Field(ge=1, title='Size')] - pages: Annotated[int, Field(ge=0, title='Pages')] - links: Links +class CtiScenario(BaseModelSdk): + model_config = ConfigDict( + extra='allow', + ) + name: Annotated[str, Field(title='Name')] + label: Annotated[str, Field(title='Label')] + description: Annotated[str, Field(title='Description')] + references: Annotated[List[str], Field(title='References')] + total_ips: Annotated[int, Field(title='Total Ips')] -class History(BaseModelSdk): - first_seen: Annotated[ - datetime, Field(description='First seen timestamp', title='First Seen') - ] - last_seen: Annotated[ - datetime, Field(description='Last seen timestamp', title='Last Seen') +class DecisionCreateResponse(BaseModelSdk): + uuid: Annotated[ + str, Field(description='UUID of the created decision', title='Uuid') ] - full_age: Annotated[int, Field(description='Full age in days', title='Full Age')] - days_age: Annotated[int, Field(description='Days age', title='Days Age')] -class IntegrationResponse(BaseModelSdk): - tags: Annotated[Optional[List[str]], Field(title='Tags')] = [] - organization_id: Annotated[str, Field(title='Organization Id')] - created_at: Annotated[ - Optional[datetime], - Field(description='Time the integration was created', title='Created At'), - ] = None - entity_type: Annotated[EntityType, Field(description='Type of the integration')] - id: Annotated[ - Optional[str], Field(description='ID of the integration', title='Id') - ] = None - blocklists: Annotated[ - Optional[List[BlocklistSubscription]], Field(title='Blocklists') - ] = [] - allowlists: Annotated[ - Optional[List[AllowlistSubscription]], Field(title='Allowlists') - ] = [] - cves: Annotated[Optional[List[CVEsubscription]], Field(title='Cves')] = [] - fingerprints: Annotated[ - Optional[List[FingerprintSubscription]], Field(title='Fingerprints') - ] = [] - name: Annotated[str, Field(description='Name of the integration', title='Name')] - updated_at: Annotated[ - Optional[datetime], - Field(description='Last time the integration was updated', title='Updated At'), - ] = None - description: Annotated[ - Optional[str], - Field(description='Description of the integration', title='Description'), - ] = None - output_format: Annotated[ - OutputFormat, Field(description='Output format of the integration') - ] - last_pull: Annotated[ - Optional[datetime], - Field( - description='Last time the integration pulled blocklists', title='Last Pull' - ), - ] = None - pull_limit: Annotated[ - Optional[int], - Field(description='Maximum number of items to pull', title='Pull Limit'), - ] = None - enable_ip_aggregation: Annotated[ - Optional[bool], - Field( - description='Whether to enable IP aggregation into ranges', - title='Enable Ip Aggregation', - ), - ] = False +class DecisionTargetType(StrEnum): + ORG = 'org' + TAG = 'tag' + ENTITY = 'entity' -class IntervalOptions(StrEnum): - HOUR = 'hour' - DAY = 'day' - WEEK = 'week' +class DecisionsSortBy(StrEnum): + CREATED_AT = 'created_at' + EXPIRE_AT = 'expire_at' -class Location(BaseModelSdk): - country: Annotated[ - Optional[str], Field(description='Country code', title='Country') - ] = None - city: Annotated[Optional[str], Field(description='City name', title='City')] = None - latitude: Annotated[ - Optional[float], Field(description='Latitude coordinate', title='Latitude') - ] = None - longitude: Annotated[ - Optional[float], Field(description='Longitude coordinate', title='Longitude') - ] = None +class DecisionsSortOrder(StrEnum): + ASC = 'asc' + DESC = 'desc' -class LookupImpactCVEItem(BaseModelSdk): - id: Annotated[str, Field(description='ID of the CVE', title='Id')] - name: Annotated[str, Field(description='Name of the CVE', title='Name')] - title: Annotated[str, Field(description='Title of the CVE', title='Title')] - affected_components: Annotated[ - List[AffectedComponent], - Field(description='List of affected components', title='Affected Components'), - ] - crowdsec_score: Annotated[ - int, - Field( - description='Live Exploit Tracker score of the CVE', - ge=0, - le=10, - title='Crowdsec Score', - ), - ] - opportunity_score: Annotated[ - Optional[int], - Field( - description="Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", - ge=0, - le=5, - title='Opportunity Score', - ), - ] = 0 - momentum_score: Annotated[ - Optional[int], - Field( - description="Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", - ge=0, - le=5, - title='Momentum Score', - ), - ] = 0 - first_seen: Annotated[ - Optional[datetime], Field(description='First seen date', title='First Seen') - ] = None - last_seen: Annotated[ - Optional[datetime], Field(description='Last seen date', title='Last Seen') - ] = None - nb_ips: Annotated[ - int, Field(description='Number of unique IPs affected', ge=0, title='Nb Ips') - ] - published_date: Annotated[ - datetime, Field(description='Published date of the CVE', title='Published Date') - ] - cvss_score: Annotated[ - Optional[CvssScore], - Field(description='CVSS score of the CVE', title='Cvss Score'), - ] = None - has_public_exploit: Annotated[ - bool, - Field( - description='Indicates if there is a public exploit for the CVE', - title='Has Public Exploit', - ), - ] - rule_release_date: Annotated[ - Optional[datetime], - Field( - description='Release date of the associated detection rule', - title='Rule Release Date', - ), - ] = None - exploitation_phase: Annotated[ - ExploitationPhase, Field(description='Current exploitation phase of the CVE') - ] - adjustment_score: Annotated[ - Optional[AdjustmentScore], - Field( - description='Score adjustments applied to the CVE score based on various factors' - ), - ] = None - hype_score: Annotated[ - Optional[int], - Field( - description='Hype score (raw momentum component)', - ge=0, - le=5, - title='Hype Score', - ), - ] = 0 - tags: Annotated[ - Optional[List[str]], - Field(description='Tags associated with the CVE', title='Tags'), - ] = None - references: Annotated[ - List[str], - Field(description='List of references for the CVE', title='References'), - ] - description: Annotated[ - str, Field(description='Description of the CVE', title='Description') - ] - crowdsec_analysis: Annotated[ - Optional[str], - Field(description='CrowdSec analysis of the CVE', title='Crowdsec Analysis'), - ] = None - cwes: Annotated[ - List[CWE], - Field(description='List of CWEs associated with the CVE', title='Cwes'), - ] - events: Annotated[ - Optional[List[CVEEvent]], - Field(description='List of events related to the CVE', title='Events'), - ] = None - type: Annotated[ - Literal['cve'], Field(description='Resource type', title='Type') - ] = 'cve' +class EntityType(StrEnum): + ORG = 'org' + TAG = 'tag' + ENGINE = 'engine' + FIREWALL_INTEGRATION = 'firewall_integration' + REMEDIATION_COMPONENT_INTEGRATION = 'remediation_component_integration' + REMEDIATION_COMPONENT = 'remediation_component' + LOG_PROCESSOR = 'log_processor' -class LookupImpactFingerprintItem(BaseModelSdk): - id: Annotated[str, Field(description='Fingerprint rule identifier', title='Id')] - name: Annotated[str, Field(description='Fingerprint rule name', title='Name')] - title: Annotated[str, Field(description='Fingerprint rule title', title='Title')] - affected_components: Annotated[ - List[AffectedComponent], - Field(description='List of affected components', title='Affected Components'), - ] - crowdsec_score: Annotated[ - int, - Field( - description='Live Exploit Tracker score for the fingerprint rule', - ge=0, - le=10, - title='Crowdsec Score', - ), - ] - opportunity_score: Annotated[ - Optional[int], - Field(description='Opportunity score', ge=0, le=5, title='Opportunity Score'), - ] = 0 - momentum_score: Annotated[ - Optional[int], - Field(description='Momentum score', ge=0, le=5, title='Momentum Score'), - ] = 0 - first_seen: Annotated[ - Optional[datetime], Field(description='First seen date', title='First Seen') - ] = None - last_seen: Annotated[ - Optional[datetime], Field(description='Last seen date', title='Last Seen') - ] = None - nb_ips: Annotated[ - int, Field(description='Number of unique IPs observed', ge=0, title='Nb Ips') +class InfoResponse(BaseModelSdk): + organization_id: Annotated[ + str, Field(description='The organization ID', title='Organization Id') ] - rule_release_date: Annotated[ - Optional[datetime], + subscription_type: Annotated[ + str, Field( - description='Release date of the fingerprint rule', - title='Rule Release Date', + description='The organization subscription type', title='Subscription Type' ), - ] = None - exploitation_phase: Annotated[ - ExploitationPhase, Field(description='Current exploitation phase') ] - adjustment_score: Annotated[ - Optional[AdjustmentScore], Field(description='Score adjustment details') - ] = None - hype_score: Annotated[ - Optional[int], - Field( - description='Hype score (raw momentum component)', - ge=0, - le=5, - title='Hype Score', - ), - ] = 0 - tags: Annotated[ - Optional[List[str]], - Field(description='Tags associated with the fingerprint rule', title='Tags'), - ] = None - description: Annotated[ - Optional[str], - Field(description='Fingerprint rule description', title='Description'), - ] = None - references: Annotated[ - Optional[List[str]], - Field( - description='Reference links for the fingerprint rule', title='References' - ), - ] = None - crowdsec_analysis: Annotated[ - Optional[str], - Field( - description='CrowdSec analysis for this fingerprint rule', - title='Crowdsec Analysis', - ), - ] = None - events: Annotated[ - Optional[List[CVEEvent]], - Field( - description='List of events related to the fingerprint rule', title='Events' - ), - ] = None - type: Annotated[ - Literal['fingerprint'], Field(description='Resource type', title='Type') - ] = 'fingerprint' - - -class Items(RootModelSdk[Union[LookupImpactCVEItem, LookupImpactFingerprintItem]]): - root: Annotated[ - Union[LookupImpactCVEItem, LookupImpactFingerprintItem], - Field(discriminator='type'), + api_key_name: Annotated[ + str, Field(description='The API key name that is used', title='Api Key Name') ] -class LookupImpactResponsePage(BaseModelSdk): - items: Annotated[List[Items], Field(title='Items')] - total: Annotated[int, Field(ge=0, title='Total')] - page: Annotated[int, Field(ge=1, title='Page')] - size: Annotated[int, Field(ge=1, title='Size')] - pages: Annotated[int, Field(ge=0, title='Pages')] - links: Links - - -class LookupListItem(BaseModelSdk): - value: Annotated[str, Field(description='Lookup entry value', title='Value')] +class MetricUnits(StrEnum): + BYTE = 'byte' + PACKET = 'packet' + REQUEST = 'request' + IP = 'ip' + LINE = 'line' + EVENT = 'event' -class LookupListResponsePage(BaseModelSdk): - items: Annotated[List[LookupListItem], Field(title='Items')] - total: Annotated[int, Field(ge=0, title='Total')] - page: Annotated[int, Field(ge=1, title='Page')] - size: Annotated[int, Field(ge=1, title='Size')] - pages: Annotated[int, Field(ge=0, title='Pages')] - links: Links +class Permission(StrEnum): + READ = 'read' + WRITE = 'write' -class MitreTechnique(BaseModelSdk): - name: Annotated[str, Field(description='MITRE technique ID', title='Name')] - label: Annotated[str, Field(description='MITRE technique label', title='Label')] - description: Annotated[ - str, Field(description='MITRE technique description', title='Description') - ] +class PricingTiers(StrEnum): + FREE = 'free' + PREMIUM = 'premium' + PLATINUM = 'platinum' -class Reference(BaseModelSdk): - name: Annotated[str, Field(description='Reference name', title='Name')] - label: Annotated[str, Field(description='Reference label', title='Label')] - description: Annotated[ - str, Field(description='Reference description', title='Description') +class RemediationMetricsData(BaseModelSdk): + value: Annotated[ + Union[int, float], Field(description='Value of the metric', title='Value') ] - - -class ScoreBreakdown(BaseModelSdk): - aggressiveness: Annotated[ - int, Field(description='Aggressiveness score', title='Aggressiveness') + timestamp: Annotated[ + datetime, Field(description='Timestamp of the metric', title='Timestamp') ] - threat: Annotated[int, Field(description='Threat score', title='Threat')] - trust: Annotated[int, Field(description='Trust score', title='Trust')] - anomaly: Annotated[int, Field(description='Anomaly score', title='Anomaly')] - total: Annotated[int, Field(description='Total score', title='Total')] - -class Scores(BaseModelSdk): - overall: Annotated[ScoreBreakdown, Field(description='Overall scores')] - last_day: Annotated[ScoreBreakdown, Field(description='Last day scores')] - last_week: Annotated[ScoreBreakdown, Field(description='Last week scores')] - last_month: Annotated[ScoreBreakdown, Field(description='Last month scores')] - -class SinceOptions(IntEnum): - INTEGER_1 = 1 - INTEGER_7 = 7 - INTEGER_30 = 30 +class Share(BaseModelSdk): + organization_id: Annotated[str, Field(title='Organization Id')] + permission: Permission -class SubscribeCVEIntegrationRequest(BaseModelSdk): - model_config = ConfigDict( - extra='forbid', - ) - name: Annotated[ - str, Field(description='Name of the integration to subscribe', title='Name') - ] +class SourceType(StrEnum): + USER = 'user' + APIKEY = 'apikey' -class SubscribeFingerprintIntegrationRequest(BaseModelSdk): - model_config = ConfigDict( - extra='forbid', - ) - name: Annotated[ - str, Field(description='Name of the integration to subscribe', title='Name') - ] +class SubscriberEntityType(StrEnum): + ORG = 'org' + TAG = 'tag' + ENGINE = 'engine' + FIREWALL_INTEGRATION = 'firewall_integration' + REMEDIATION_COMPONENT_INTEGRATION = 'remediation_component_integration' -class TimelineItem(BaseModelSdk): - timestamp: Annotated[ - datetime, - Field(description='Timestamp of the timeline event', title='Timestamp'), - ] - count: Annotated[ - int, Field(description='Count of occurrences at the timestamp', title='Count') +class VersionDetail(BaseModelSdk): + deprecated: Annotated[ + Optional[bool], + Field( + description='Indicates whether this version is deprecated.', + title='Deprecated', + ), + ] = False + digest: Annotated[ + str, + Field( + description='The SHA256 digest of the versioned file.', + examples=['Detect FTP bruteforce (vsftpd)'], + title='Digest', + ), ] @@ -874,6 +576,12 @@ class IntegrationsGetIntegrationsQueryParameters(BaseModelSdk): title='Tag', ), ] = None + page: Annotated[ + Optional[int], Field(description='Page number', ge=1, title='Page') + ] = 1 + size: Annotated[ + Optional[int], Field(description='Page size', ge=1, le=100, title='Size') + ] = 50 class IntegrationsGetIntegrationPathParameters(BaseModelSdk): @@ -954,21 +662,7 @@ class IntegrationsGetIntegrationContentStreamPathParameters(BaseModelSdk): ] -class CvesGetCvesQueryParameters(BaseModelSdk): - query: Annotated[ - Optional[str], Field(description='Search query for CVEs', title='Query') - ] = None - sort_by: Annotated[ - Optional[GetCVEsSortBy], Field(description='Field to sort by', title='Sort By') - ] = 'rule_release_date' - sort_order: Annotated[ - Optional[GetCVEsSortOrder], - Field(description='Sort order: ascending or descending', title='Sort Order'), - ] = 'desc' - filters: Annotated[ - Optional[List[GetCVEsFilterBy]], - Field(description='Filters to apply on the CVE list', title='Filters'), - ] = None +class AllowlistsListAllowlistsQueryParameters(BaseModelSdk): page: Annotated[ Optional[int], Field(description='Page number', ge=1, title='Page') ] = 1 @@ -977,33 +671,41 @@ class CvesGetCvesQueryParameters(BaseModelSdk): ] = 50 -class CvesGetCvePathParameters(BaseModelSdk): - cve_id: Annotated[str, Field(title='Cve Id')] +class AllowlistsGetAllowlistPathParameters(BaseModelSdk): + allowlist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Allowlist Id') + ] -class CvesDownloadCveIpsPathParameters(BaseModelSdk): - cve_id: Annotated[str, Field(title='Cve Id')] +class AllowlistsUpdateAllowlistPathParameters(BaseModelSdk): + allowlist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Allowlist Id') + ] -class Since(RootModelSdk[str]): - root: Annotated[ - str, +class AllowlistsDeleteAllowlistQueryParameters(BaseModelSdk): + force: Annotated[ + Optional[bool], Field( - description='Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d', - pattern='^\\d+[hd]$', - title='Since', + description='Force delete the allowlist, even if it has subscribers', + title='Force', ), + ] = False + + +class AllowlistsDeleteAllowlistPathParameters(BaseModelSdk): + allowlist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Allowlist Id') ] -class CvesGetCveIpsDetailsQueryParameters(BaseModelSdk): - since: Annotated[ - Optional[Since], - Field( - description='Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d', - title='Since', - ), - ] = '14d' +class AllowlistsCreateAllowlistItemsPathParameters(BaseModelSdk): + allowlist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Allowlist Id') + ] + + +class AllowlistsGetAllowlistItemsQueryParameters(BaseModelSdk): page: Annotated[ Optional[int], Field(description='Page number', ge=1, title='Page') ] = 1 @@ -1012,15 +714,40 @@ class CvesGetCveIpsDetailsQueryParameters(BaseModelSdk): ] = 50 -class CvesGetCveIpsDetailsPathParameters(BaseModelSdk): - cve_id: Annotated[str, Field(title='Cve Id')] +class AllowlistsGetAllowlistItemsPathParameters(BaseModelSdk): + allowlist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Allowlist Id') + ] + + +class AllowlistsGetAllowlistItemPathParameters(BaseModelSdk): + allowlist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Allowlist Id') + ] + item_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Item Id') + ] + + +class AllowlistsUpdateAllowlistItemPathParameters(BaseModelSdk): + allowlist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Allowlist Id') + ] + item_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Item Id') + ] -class CvesSubscribeIntegrationToCvePathParameters(BaseModelSdk): - cve_id: Annotated[str, Field(title='Cve Id')] +class AllowlistsDeleteAllowlistItemPathParameters(BaseModelSdk): + allowlist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Allowlist Id') + ] + item_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Item Id') + ] -class CvesGetCveSubscribedIntegrationsQueryParameters(BaseModelSdk): +class AllowlistsGetAllowlistSubscribersQueryParameters(BaseModelSdk): page: Annotated[ Optional[int], Field(description='Page number', ge=1, title='Page') ] = 1 @@ -1029,48 +756,56 @@ class CvesGetCveSubscribedIntegrationsQueryParameters(BaseModelSdk): ] = 50 -class CvesGetCveSubscribedIntegrationsPathParameters(BaseModelSdk): - cve_id: Annotated[str, Field(title='Cve Id')] - - -class CvesUnsubscribeIntegrationFromCvePathParameters(BaseModelSdk): - cve_id: Annotated[str, Field(title='Cve Id')] - integration_name: Annotated[str, Field(title='Integration Name')] +class AllowlistsGetAllowlistSubscribersPathParameters(BaseModelSdk): + allowlist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Allowlist Id') + ] -class CvesGetCveTimelineQueryParameters(BaseModelSdk): - since_days: Annotated[ - Optional[SinceOptions], - Field( - description='Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days.' - ), - ] = 7 +class AllowlistsSubscribeAllowlistPathParameters(BaseModelSdk): + allowlist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Allowlist Id') + ] -class CvesGetCveTimelinePathParameters(BaseModelSdk): - cve_id: Annotated[str, Field(title='Cve Id')] +class AllowlistsUnsubscribeAllowlistPathParameters(BaseModelSdk): + allowlist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Allowlist Id') + ] + entity_id: Annotated[str, Field(title='Entity Id')] -class VendorsGetVendorsQueryParameters(BaseModelSdk): - query: Annotated[ - Optional[str], Field(description='Search query for vendors', title='Query') - ] = None +class BlocklistsGetBlocklistsQueryParameters(BaseModelSdk): page: Annotated[ Optional[int], Field(description='Page number', ge=1, title='Page') ] = 1 + page_size: Annotated[ + Optional[int], Field(description='Page size', le=1000, title='Page Size') + ] = 100 + subscribed_only: Annotated[ + Optional[bool], + Field(description='only subscribed blocklists', title='Subscribed Only'), + ] = False + exclude_subscribed: Annotated[ + Optional[bool], + Field(description='exclude subscribed blocklists', title='Exclude Subscribed'), + ] = False + include_filter: Annotated[ + Optional[List[BlocklistIncludeFilters]], + Field( + description='Include blocklists with the specified filters', + title='Include Filter', + ), + ] = ['private', 'shared'] + category: Annotated[ + Optional[List[str]], Field(description='Filter by category', title='Category') + ] = None size: Annotated[ Optional[int], Field(description='Page size', ge=1, le=100, title='Size') ] = 50 -class VendorsGetVendorImpactQueryParameters(BaseModelSdk): - sort_by: Annotated[ - Optional[GetCVEsSortBy], Field(description='Field to sort by', title='Sort By') - ] = 'rule_release_date' - sort_order: Annotated[ - Optional[GetCVEsSortOrder], - Field(description='Sort order: ascending or descending', title='Sort Order'), - ] = 'desc' +class BlocklistsSearchBlocklistQueryParameters(BaseModelSdk): page: Annotated[ Optional[int], Field(description='Page number', ge=1, title='Page') ] = 1 @@ -1079,112 +814,105 @@ class VendorsGetVendorImpactQueryParameters(BaseModelSdk): ] = 50 -class VendorsGetVendorImpactPathParameters(BaseModelSdk): - vendor: Annotated[str, Field(title='Vendor')] +class BlocklistsGetBlocklistPathParameters(BaseModelSdk): + blocklist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Blocklist Id') + ] -class ProductsGetProductsQueryParameters(BaseModelSdk): - query: Annotated[ - Optional[str], Field(description='Search query for products', title='Query') - ] = None - page: Annotated[ - Optional[int], Field(description='Page number', ge=1, title='Page') - ] = 1 - size: Annotated[ - Optional[int], Field(description='Page size', ge=1, le=100, title='Size') - ] = 50 +class BlocklistsUpdateBlocklistPathParameters(BaseModelSdk): + blocklist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Blocklist Id') + ] -class ProductsGetProductImpactQueryParameters(BaseModelSdk): - sort_by: Annotated[ - Optional[GetCVEsSortBy], Field(description='Field to sort by', title='Sort By') - ] = 'rule_release_date' - sort_order: Annotated[ - Optional[GetCVEsSortOrder], - Field(description='Sort order: ascending or descending', title='Sort Order'), - ] = 'desc' - page: Annotated[ - Optional[int], Field(description='Page number', ge=1, title='Page') - ] = 1 - size: Annotated[ - Optional[int], Field(description='Page size', ge=1, le=100, title='Size') - ] = 50 +class BlocklistsDeleteBlocklistQueryParameters(BaseModelSdk): + force: Annotated[ + Optional[bool], + Field( + description='Force delete the blocklist if it is shared or subscribed', + title='Force', + ), + ] = False -class ProductsGetProductImpactPathParameters(BaseModelSdk): - product: Annotated[str, Field(title='Product')] +class BlocklistsDeleteBlocklistPathParameters(BaseModelSdk): + blocklist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Blocklist Id') + ] -class TagsGetTagsQueryParameters(BaseModelSdk): - query: Annotated[ - Optional[str], Field(description='Search query for tags', title='Query') +class BlocklistsUploadBlocklistContentQueryParameters(BaseModelSdk): + expiration: Annotated[ + Optional[datetime], + Field( + description='Blocklist expiration', + examples=['2026-03-19T09:51:24.931060+00:00'], + title='Expiration', + ), ] = None - page: Annotated[ - Optional[int], Field(description='Page number', ge=1, title='Page') - ] = 1 - size: Annotated[ - Optional[int], Field(description='Page size', ge=1, le=100, title='Size') - ] = 50 + ignore_invalid_ips: Annotated[ + Optional[bool], + Field(description='Ignore invalid IPs', title='Ignore Invalid Ips'), + ] = False -class TagsGetTagImpactQueryParameters(BaseModelSdk): - sort_by: Annotated[ - Optional[GetCVEsSortBy], Field(description='Field to sort by', title='Sort By') - ] = 'rule_release_date' - sort_order: Annotated[ - Optional[GetCVEsSortOrder], - Field(description='Sort order: ascending or descending', title='Sort Order'), - ] = 'desc' - page: Annotated[ - Optional[int], Field(description='Page number', ge=1, title='Page') - ] = 1 - size: Annotated[ - Optional[int], Field(description='Page size', ge=1, le=100, title='Size') - ] = 50 +class BlocklistsUploadBlocklistContentPathParameters(BaseModelSdk): + blocklist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Blocklist Id') + ] + + +class BlocklistsAddIpsToBlocklistPathParameters(BaseModelSdk): + blocklist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Blocklist Id') + ] -class TagsGetTagImpactPathParameters(BaseModelSdk): - tag: Annotated[str, Field(title='Tag')] +class BlocklistsOverwriteIpsPathParameters(BaseModelSdk): + blocklist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Blocklist Id') + ] -class FingerprintsGetFingerprintRulesQueryParameters(BaseModelSdk): - query: Annotated[ +class BlocklistsDeleteIpsFromBlocklistPathParameters(BaseModelSdk): + blocklist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Blocklist Id') + ] + + +class BlocklistsDownloadBlocklistContentPathParameters(BaseModelSdk): + blocklist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Blocklist Id') + ] + + +class BlocklistsDownloadBlocklistContentHeadersParameters(BaseModelSdk): + if_modified_since: Annotated[ Optional[str], - Field(description='Search query for fingerprint rules', title='Query'), + Field( + alias='if-modified-since', + description='If_Modified_Since cache control header', + title='If-Modified-Since', + ), ] = None - sort_by: Annotated[ - Optional[GetCVEsSortBy], Field(description='Field to sort by', title='Sort By') - ] = 'rule_release_date' - sort_order: Annotated[ - Optional[GetCVEsSortOrder], - Field(description='Sort order: ascending or descending', title='Sort Order'), - ] = 'desc' - filters: Annotated[ - Optional[List[GetCVEsFilterBy]], + if_none_match: Annotated[ + Optional[str], Field( - description='Filters to apply on the fingerprint rule list', title='Filters' + alias='if-none-match', + description='If_None_Match cache control header', + title='If-None-Match', ), ] = None - page: Annotated[ - Optional[int], Field(description='Page number', ge=1, title='Page') - ] = 1 - size: Annotated[ - Optional[int], Field(description='Page size', ge=1, le=100, title='Size') - ] = 50 -class FingerprintsDownloadFingerprintIpsPathParameters(BaseModelSdk): - fingerprint: Annotated[str, Field(title='Fingerprint')] +class BlocklistsSubscribeBlocklistPathParameters(BaseModelSdk): + blocklist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Blocklist Id') + ] -class FingerprintsGetFingerprintIpsDetailsQueryParameters(BaseModelSdk): - since: Annotated[ - Optional[Since], - Field( - description='Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d', - title='Since', - ), - ] = '14d' +class BlocklistsGetBlocklistSubscribersQueryParameters(BaseModelSdk): page: Annotated[ Optional[int], Field(description='Page number', ge=1, title='Page') ] = 1 @@ -1193,15 +921,67 @@ class FingerprintsGetFingerprintIpsDetailsQueryParameters(BaseModelSdk): ] = 50 -class FingerprintsGetFingerprintIpsDetailsPathParameters(BaseModelSdk): - fingerprint: Annotated[str, Field(title='Fingerprint')] +class BlocklistsGetBlocklistSubscribersPathParameters(BaseModelSdk): + blocklist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Blocklist Id') + ] + + +class BlocklistsUnsubscribeBlocklistPathParameters(BaseModelSdk): + blocklist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Blocklist Id') + ] + entity_id: Annotated[str, Field(title='Entity Id')] + + +class BlocklistsShareBlocklistPathParameters(BaseModelSdk): + blocklist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Blocklist Id') + ] -class FingerprintsSubscribeIntegrationToFingerprintPathParameters(BaseModelSdk): - fingerprint: Annotated[str, Field(title='Fingerprint')] +class BlocklistsUnshareBlocklistPathParameters(BaseModelSdk): + blocklist_id: Annotated[ + str, Field(examples=['5f9d88b9e5c4f5b9a3d3e8b1'], title='Blocklist Id') + ] + unshare_organization_id: Annotated[str, Field(title='Unshare Organization Id')] -class FingerprintsGetFingerprintSubscribedIntegrationsQueryParameters(BaseModelSdk): +class DecisionsGetDecisionsQueryParameters(BaseModelSdk): + instance_ids: Annotated[ + Optional[List[str]], + Field(description='Filter decisions by instance IDs', title='Instance Ids'), + ] = [] + tag_ids: Annotated[ + Optional[List[str]], + Field(description='Filter decisions by tag IDs', title='Tag Ids'), + ] = [] + remediation_types: Annotated[ + Optional[List[str]], + Field( + description='Filter decisions by remediation types', + title='Remediation Types', + ), + ] = [] + ips: Annotated[ + Optional[List[str]], + Field( + description='Filter decisions by IPs (only for IP decisions)', title='Ips' + ), + ] = [] + sort_by: Annotated[ + Optional[DecisionsSortBy], + Field( + description='Field to sort by (e.g., created_at, duration)', title='Sort By' + ), + ] = 'created_at' + sort_order: Annotated[ + Optional[DecisionsSortOrder], + Field( + description="Sort order: 'asc' for ascending, 'desc' for descending", + title='Sort Order', + ), + ] = 'desc' page: Annotated[ Optional[int], Field(description='Page number', ge=1, title='Page') ] = 1 @@ -1210,37 +990,64 @@ class FingerprintsGetFingerprintSubscribedIntegrationsQueryParameters(BaseModelS ] = 50 -class FingerprintsGetFingerprintSubscribedIntegrationsPathParameters(BaseModelSdk): - fingerprint: Annotated[str, Field(title='Fingerprint')] +class MetricsGetMetricsRemediationQueryParameters(BaseModelSdk): + start_date: Annotated[ + Optional[datetime], + Field( + description='Start date of the metrics, default to last day', + title='Start Date', + ), + ] = None + end_date: Annotated[ + Optional[datetime], + Field(description='End date of the metrics', title='End Date'), + ] = None + engine_ids: Annotated[ + Optional[List[str]], Field(description='List of engine ids', title='Engine Ids') + ] = [] + integration_ids: Annotated[ + Optional[List[str]], + Field(description='List of integration ids', title='Integration Ids'), + ] = [] + tags: Annotated[ + Optional[List[str]], Field(description='List of tags', title='Tags') + ] = [] + + +class HubGetIndexQueryParameters(BaseModelSdk): + with_content: Annotated[ + Optional[bool], + Field(description='Include content in the index', title='With Content'), + ] = False -class FingerprintsUnsubscribeIntegrationFromFingerprintPathParameters(BaseModelSdk): - fingerprint: Annotated[str, Field(title='Fingerprint')] - integration_name: Annotated[str, Field(title='Integration Name')] +class HubGetIndexPathParameters(BaseModelSdk): + branch: Annotated[str, Field(title='Branch')] + tenant: Annotated[str, Field(title='Tenant')] -class FingerprintsGetFingerprintTimelineQueryParameters(BaseModelSdk): - since_days: Annotated[ - Optional[SinceOptions], - Field( - description='Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days.' - ), - ] = 7 - interval: Annotated[ - Optional[IntervalOptions], - Field( - description="Interval for aggregating timeline data. Options: 'hour', 'day', 'week'. Default is adapted based on 'since' parameter.", - title='Interval', - ), - ] = None +class HubHeadIndexQueryParameters(BaseModelSdk): + with_content: Annotated[ + Optional[bool], + Field(description='Include content in the index', title='With Content'), + ] = False -class FingerprintsGetFingerprintTimelinePathParameters(BaseModelSdk): - fingerprint: Annotated[str, Field(title='Fingerprint')] +class HubHeadIndexPathParameters(BaseModelSdk): + branch: Annotated[str, Field(title='Branch')] + tenant: Annotated[str, Field(title='Tenant')] -class FingerprintsGetFingerprintRulePathParameters(BaseModelSdk): - fingerprint: Annotated[str, Field(title='Fingerprint')] +class HubGetItemContentPathParameters(BaseModelSdk): + item_path: Annotated[str, Field(title='Item Path')] + branch: Annotated[str, Field(title='Branch')] + tenant: Annotated[str, Field(title='Tenant')] + + +class HubHeadItemContentPathParameters(BaseModelSdk): + item_path: Annotated[str, Field(title='Item Path')] + branch: Annotated[str, Field(title='Branch')] + tenant: Annotated[str, Field(title='Tenant')] class HTTPValidationError(BaseModelSdk): @@ -1578,102 +1385,257 @@ class IntegrationUpdateResponse(BaseModelSdk): ] = None -class CVEResponseBase(BaseModelSdk): - id: Annotated[str, Field(description='ID of the CVE', title='Id')] - name: Annotated[str, Field(description='Name of the CVE', title='Name')] - title: Annotated[str, Field(description='Title of the CVE', title='Title')] - affected_components: Annotated[ - List[AffectedComponent], - Field(description='List of affected components', title='Affected Components'), +class AllowlistSubscriberEntity(BaseModelSdk): + id: Annotated[str, Field(description='Subscriber entity id', title='Id')] + entity_type: SubscriberEntityType + + +class AllowlistSubscriberEntityPage(BaseModelSdk): + items: Annotated[List[AllowlistSubscriberEntity], Field(title='Items')] + total: Annotated[int, Field(ge=0, title='Total')] + page: Annotated[int, Field(ge=1, title='Page')] + size: Annotated[int, Field(ge=1, title='Size')] + pages: Annotated[int, Field(ge=0, title='Pages')] + links: Links + + +class AllowlistSubscribersCount(BaseModelSdk): + entity_type: Annotated[ + SubscriberEntityType, Field(description='Subscriber entity type') ] - crowdsec_score: Annotated[ - int, + count: Annotated[int, Field(description='Subscriber entity count', title='Count')] + + +class AllowlistSubscriptionRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) + ids: Annotated[ + Optional[List[str]], + Field(description='List of subscriber entity id', title='Ids'), + ] = None + entity_type: EntityType + + +class AllowlistUpdateResponse(BaseModelSdk): + id: Annotated[ + str, Field( - description='Live Exploit Tracker score of the CVE', - ge=0, - le=10, - title='Crowdsec Score', + description='ID of the allowlist', + examples=['5f9d88b9e5c4f5b9a3d3e8b1'], + title='Id', ), ] - opportunity_score: Annotated[ - Optional[int], + organization_id: Annotated[ + str, Field(description='ID of the owner organization', title='Organization Id') + ] + name: Annotated[str, Field(description='Name of the allowlist', title='Name')] + description: Annotated[ + Optional[str], + Field(description='Description of the allowlist', title='Description'), + ] = None + created_at: Annotated[ + datetime, + Field(description='Time the allowlist was created', title='Created At'), + ] + updated_at: Annotated[ + Optional[datetime], + Field(description='Time the allowlist was updated', title='Updated At'), + ] = None + from_cti_query: Annotated[ + Optional[str], Field( - description="Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", - ge=0, - le=5, - title='Opportunity Score', + description='CTI query from which the blocklist was created', + title='From Cti Query', ), - ] = 0 - momentum_score: Annotated[ - Optional[int], + ] = None + since: Annotated[ + Optional[str], Field( - description="Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", - ge=0, - le=5, - title='Momentum Score', + description='Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days', + title='Since', ), - ] = 0 - first_seen: Annotated[ - Optional[datetime], Field(description='First seen date', title='First Seen') - ] = None - last_seen: Annotated[ - Optional[datetime], Field(description='Last seen date', title='Last Seen') ] = None - nb_ips: Annotated[ - int, Field(description='Number of unique IPs affected', ge=0, title='Nb Ips') + total_items: Annotated[ + int, Field(description='Number of items in the allowlist', title='Total Items') ] - published_date: Annotated[ - datetime, Field(description='Published date of the CVE', title='Published Date') - ] - cvss_score: Annotated[ - Optional[CvssScore], - Field(description='CVSS score of the CVE', title='Cvss Score'), - ] = None - has_public_exploit: Annotated[ - bool, + subscribers: Annotated[ + Optional[List[AllowlistSubscribersCount]], Field( - description='Indicates if there is a public exploit for the CVE', - title='Has Public Exploit', + description='List of subscribers count by entity type', title='Subscribers' ), + ] = [] + + +class AttacksMetrics(BaseModelSdk): + total: Annotated[ + Union[int, float], Field(description='Total value of the metric', title='Total') ] - rule_release_date: Annotated[ - Optional[datetime], + label: Annotated[ + str, Field( - description='Release date of the associated detection rule', - title='Rule Release Date', + description='Label of the metric which is the attack type', title='Label' ), - ] = None - exploitation_phase: Annotated[ - ExploitationPhase, Field(description='Current exploitation phase of the CVE') ] - adjustment_score: Annotated[ - Optional[AdjustmentScore], + progression: Annotated[ + Optional[int], Field( - description='Score adjustments applied to the CVE score based on various factors' + description='Progression of the metric value from the previous period', + title='Progression', ), ] = None + data: Annotated[ + List[RemediationMetricsData], Field(description='Data points', title='Data') + ] -class GetCVESubscribedIntegrationsResponsePage(BaseModelSdk): - items: Annotated[List[IntegrationResponse], Field(title='Items')] - total: Annotated[int, Field(ge=0, title='Total')] - page: Annotated[int, Field(ge=1, title='Page')] - size: Annotated[int, Field(ge=1, title='Size')] - pages: Annotated[int, Field(ge=0, title='Pages')] - links: Links +class BlocklistContentStats(BaseModelSdk): + model_config = ConfigDict( + extra='allow', + ) + total_seen: Annotated[Optional[int], Field(title='Total Seen')] = 0 + total_fire: Annotated[Optional[int], Field(title='Total Fire')] = 0 + total_seen_1m: Annotated[Optional[int], Field(title='Total Seen 1M')] = 0 + total_in_other_lists: Annotated[ + Optional[int], Field(title='Total In Other Lists') + ] = 0 + total_false_positive: Annotated[ + Optional[int], Field(title='Total False Positive') + ] = 0 + false_positive_removed_by_crowdsec: Annotated[ + Optional[int], Field(title='False Positive Removed By Crowdsec') + ] = 0 + most_present_behaviors: Annotated[ + Optional[List[CtiBehavior]], Field(title='Most Present Behaviors') + ] = [] + most_present_categories: Annotated[ + Optional[List[CtiCategory]], Field(title='Most Present Categories') + ] = [] + most_present_scenarios: Annotated[ + Optional[List[CtiScenario]], Field(title='Most Present Scenarios') + ] = [] + top_as: Annotated[Optional[List[CtiAs]], Field(title='Top As')] = [] + top_attacking_countries: Annotated[ + Optional[List[CtiCountry]], Field(title='Top Attacking Countries') + ] = [] + top_ips: Annotated[Optional[List[CtiIp]], Field(title='Top Ips')] = [] + updated_at: Annotated[Optional[datetime], Field(title='Updated At')] = None -class GetCVEsResponsePage(BaseModelSdk): - items: Annotated[List[CVEResponseBase], Field(title='Items')] - total: Annotated[int, Field(ge=0, title='Total')] - page: Annotated[int, Field(ge=1, title='Page')] - size: Annotated[int, Field(ge=1, title='Size')] - pages: Annotated[int, Field(ge=0, title='Pages')] - links: Links +class BlocklistOrigin(BaseModelSdk): + label: Annotated[str, Field(description='Label of the blocklist', title='Label')] + id: Annotated[str, Field(description='ID of the blocklist', title='Id')] + pricing_tier: Annotated[ + PricingTiers, Field(description='Pricing tier of the blocklist') + ] + + +class BlocklistSearchRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) + page: Annotated[ + Optional[int], Field(description='Page number', ge=1, title='Page') + ] = 1 + page_size: Annotated[ + Optional[int], Field(description='Page size', le=1000, title='Page Size') + ] = 100 + pricing_tiers: Annotated[ + Optional[List[PricingTiers]], + Field(description='Pricing tiers', title='Pricing Tiers'), + ] = [] + query: Annotated[ + Optional[str], Field(description='Search query', title='Query') + ] = '' + targeted_countries: Annotated[ + Optional[List[str]], + Field(description='Targeted countries', title='Targeted Countries'), + ] = [] + classifications: Annotated[ + Optional[List[str]], + Field(description='Classifications', title='Classifications'), + ] = [] + behaviors: Annotated[ + Optional[List[str]], Field(description='Behaviors', title='Behaviors') + ] = [] + min_ips: Annotated[ + Optional[int], Field(description='Minimum number of IPs', ge=0, title='Min Ips') + ] = 0 + sources: Annotated[ + Optional[List[BlocklistSources]], Field(description='Sources', title='Sources') + ] = [] + categories: Annotated[ + Optional[List[str]], Field(description='Categories', title='Categories') + ] = [] + is_private: Annotated[ + Optional[bool], Field(description='Private blocklist', title='Is Private') + ] = None + is_subscribed: Annotated[ + Optional[bool], + Field(description='Subscribed blocklist (None: all)', title='Is Subscribed'), + ] = None + + +class BlocklistShareRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) + organizations: Annotated[ + List[Share], + Field( + description='List of organizations to share the blocklist', + title='Organizations', + ), + ] -class GetFingerprintSubscribedIntegrationsResponsePage(BaseModelSdk): - items: Annotated[List[IntegrationResponse], Field(title='Items')] +class BlocklistStats(BaseModelSdk): + model_config = ConfigDict( + extra='allow', + ) + content_stats: Annotated[Optional[BlocklistContentStats], Field()] = { + 'total_seen': 0, + 'total_fire': 0, + 'total_seen_1m': 0, + 'total_in_other_lists': 0, + 'total_false_positive': 0, + 'false_positive_removed_by_crowdsec': 0, + 'most_present_behaviors': [], + 'most_present_categories': [], + 'most_present_scenarios': [], + 'top_as': [], + 'top_attacking_countries': [], + 'top_ips': [], + } + usage_stats: Optional[BlocklistUsageStats] = { + 'engines_subscribed_directly': 0, + 'engines_subscribed_through_org': 0, + 'engines_subscribed_through_tag': 0, + 'total_subscribed_engines': 0, + 'total_subscribed_organizations': 0, + } + addition_2days: Annotated[Optional[int], Field(title='Addition 2Days')] = 0 + addition_month: Annotated[Optional[int], Field(title='Addition Month')] = 0 + suppression_2days: Annotated[Optional[int], Field(title='Suppression 2Days')] = 0 + suppression_month: Annotated[Optional[int], Field(title='Suppression Month')] = 0 + change_2days_percentage: Annotated[ + Optional[float], Field(title='Change 2Days Percentage') + ] = 0.0 + change_month_percentage: Annotated[ + Optional[float], Field(title='Change Month Percentage') + ] = 0.0 + count: Annotated[Optional[int], Field(title='Count')] = 0 + updated_at: Annotated[Optional[datetime], Field(title='Updated At')] = None + + +class BlocklistSubscriberEntity(BaseModelSdk): + id: Annotated[str, Field(description='Subscriber entity id', title='Id')] + entity_type: SubscriberEntityType + remediation: Annotated[str, Field(description='Remediation', title='Remediation')] + + +class BlocklistSubscriberEntityPage(BaseModelSdk): + items: Annotated[List[BlocklistSubscriberEntity], Field(title='Items')] total: Annotated[int, Field(ge=0, title='Total')] page: Annotated[int, Field(ge=1, title='Page')] size: Annotated[int, Field(ge=1, title='Size')] @@ -1681,83 +1643,804 @@ class GetFingerprintSubscribedIntegrationsResponsePage(BaseModelSdk): links: Links -class IPItem(BaseModelSdk): - ip: Annotated[str, Field(description='IP address', title='Ip')] - reputation: Annotated[ - Optional[str], Field(description='Reputation of the IP', title='Reputation') - ] = None - ip_range: Annotated[ - Optional[str], Field(description='IP range', title='Ip Range') - ] = None - ip_range_score: Annotated[ - Optional[int], Field(description='IP range score', title='Ip Range Score') +class BlocklistSubscribersCount(BaseModelSdk): + entity_type: Annotated[ + SubscriberEntityType, Field(description='Subscriber entity type') + ] + count: Annotated[int, Field(description='Subscriber entity count', title='Count')] + + +class BlocklistSubscriptionRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) + ids: Annotated[ + Optional[List[str]], + Field(description='List of subscriber entity id', title='Ids'), ] = None - ip_range_24: Annotated[ - Optional[str], Field(description='IP range /24', title='Ip Range 24') + entity_type: SubscriberEntityType + remediation: Annotated[ + Optional[str], Field(description='Remediation', title='Remediation') ] = None - ip_range_24_reputation: Annotated[ - Optional[str], - Field(description='IP range /24 reputation', title='Ip Range 24 Reputation'), + + +class DecisionTargetModel(BaseModelSdk): + type: Annotated[ + DecisionTargetType, Field(description='Type of the decision target') + ] + value: Annotated[ + str, Field(description='Value of the decision target', title='Value') + ] + + +class OriginMetrics(BaseModelSdk): + origin: Annotated[ + Optional[Union[BlocklistOrigin, str]], + Field(description='Origin of the metric', title='Origin'), ] = None - ip_range_24_score: Annotated[ - Optional[int], - Field(description='IP range /24 score', title='Ip Range 24 Score'), + data: Annotated[ + List[RemediationMetricsData], Field(description='Data points', title='Data') + ] + + +class PublicBlocklistResponse(BaseModelSdk): + id: Annotated[str, Field(description='Blocklist id', title='Id')] + created_at: Annotated[ + datetime, Field(description='Blocklist creation date', title='Created At') + ] + updated_at: Annotated[ + datetime, Field(description='Blocklist update date', title='Updated At') + ] + name: Annotated[ + str, + Field( + description='Blocklist name, unique within the organization', title='Name' + ), + ] + label: Annotated[ + Optional[str], Field(description='Blocklist human readable name', title='Label') ] = None - as_name: Annotated[Optional[str], Field(description='AS name', title='As Name')] = ( - None - ) - as_num: Annotated[Optional[int], Field(description='AS number', title='As Num')] = ( - None - ) - background_noise_score: Annotated[ + description: Annotated[ + str, Field(description='Blocklist description', title='Description') + ] + references: Annotated[ + Optional[List[str]], + Field(description='Blocklist references', title='References'), + ] = [] + is_private: Annotated[ + bool, + Field( + description='Private blocklist if True or public if False', + title='Is Private', + ), + ] + tags: Annotated[ + Optional[List[str]], Field(description='Classification tags', title='Tags') + ] = [] + pricing_tier: Annotated[ + PricingTiers, Field(description='Pricing tier for Crowdsec blocklists only') + ] + source: Annotated[BlocklistSources, Field(description='Blocklist source')] + stats: Annotated[BlocklistStats, Field(description='Blocklist stats')] + from_cti_query: Annotated[ + Optional[str], + Field( + description='CTI query from which the blocklist was created', + title='From Cti Query', + ), + ] = None + since: Annotated[ + Optional[str], + Field( + description='Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days', + title='Since', + ), + ] = None + shared_with: Annotated[ + Optional[List[Share]], + Field(description='List of organizations shared with', title='Shared With'), + ] = [] + organization_id: Annotated[ + Optional[str], + Field( + description="Blocklists owner's organization id", title='Organization Id' + ), + ] = None + subscribers: Annotated[ + Optional[List[BlocklistSubscribersCount]], + Field( + description='List of subscribers to the blocklist. Only subscribers belonging to your organization are returned', + title='Subscribers', + ), + ] = [] + categories: Annotated[ + Optional[List[BlocklistCategory]], + Field(description='List of categories for the blocklist', title='Categories'), + ] = [] + + +class PublicBlocklistResponsePage(BaseModelSdk): + items: Annotated[List[PublicBlocklistResponse], Field(title='Items')] + total: Annotated[int, Field(ge=0, title='Total')] + page: Annotated[int, Field(ge=1, title='Page')] + size: Annotated[int, Field(ge=1, title='Size')] + pages: Annotated[int, Field(ge=0, title='Pages')] + links: Links + + +class RemediationMetrics(BaseModelSdk): + total: Annotated[ + Union[int, float], Field(description='Total value of the metric', title='Total') + ] + unit: Annotated[MetricUnits, Field(description='Unit of the metric')] + progression: Annotated[ Optional[int], - Field(description='Background noise score', title='Background Noise Score'), + Field( + description='Progression of the metric value from the previous period', + title='Progression', + ), ] = None - background_noise: Annotated[ + data: Annotated[ + List[OriginMetrics], Field(description='Data points per origin', title='Data') + ] + + +class SourceInfo(BaseModelSdk): + source_type: Annotated[ + SourceType, + Field(description='The source type that created the allowlist entry'), + ] + identifier: Annotated[ + str, + Field( + description='The source identifier that created the allowlist entry', + title='Identifier', + ), + ] + + +class AppsecConfigIndex(BaseModelSdk): + content: Annotated[ Optional[str], - Field(description='Background noise level', title='Background Noise'), + Field( + description='The YAML content of the item, in plaintext.', + examples=[ + 'type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: "Detect FTP bruteforce (vsftpd)"\nfilter: evt.Meta.log_type == \'ftp_failed_auth\'\nleakspeed: "10s"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: "ftp:bruteforce"\n label: "VSFTPD Bruteforce"\n remediation: true\n service: vsftpd' + ], + title='Content', + ), ] = None - confidence: Annotated[ - Optional[str], Field(description='Confidence level', title='Confidence') + description: Annotated[ + Optional[str], + Field( + description='A short, plaintext description of the item', + title='Description', + ), ] = None - location: Annotated[ - Optional[Location], Field(description='IP location information') + labels: Annotated[ + Optional[Dict[str, Union[str, List[str], int]]], + Field( + description='Classification labels for the item', + examples=[ + { + 'behavior': 'ftp:bruteforce', + 'classification': ['attack.T1110'], + 'confidence': 3, + 'label': 'VSFTPD Bruteforce', + 'remediation': True, + 'service': 'vsftpd', + 'spoofable': 0, + } + ], + title='Labels', + ), ] = None - reverse_dns: Annotated[ - Optional[str], Field(description='Reverse DNS', title='Reverse Dns') + path: Annotated[ + Optional[str], + Field( + description="Relative path to the item's YAML content", + examples=['scenarios/crowdsecurity/vsftpd-bf.yaml'], + title='Path', + ), ] = None - behaviors: Annotated[ - Optional[List[Behavior]], - Field(description='List of behaviors', title='Behaviors'), + references: Annotated[ + Optional[List[str]], + Field( + description='List of references to external resources', title='References' + ), + ] = None + version: Annotated[ + Optional[str], + Field( + description='Current version of the collection', + examples=['0.2'], + title='Version', + ), + ] = None + versions: Annotated[ + Optional[Dict[str, VersionDetail]], + Field( + description="A dictionary where each key is a version number (e.g., '0.1', '0.2')", + examples=[ + { + '0.1': { + 'deprecated': False, + 'digest': '3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1', + }, + '0.2': { + 'deprecated': False, + 'digest': 'd1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91', + }, + } + ], + title='Versions', + ), + ] = None + + +class AppsecRuleIndex(BaseModelSdk): + content: Annotated[ + Optional[str], + Field( + description='The YAML content of the item, in plaintext.', + examples=[ + 'type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: "Detect FTP bruteforce (vsftpd)"\nfilter: evt.Meta.log_type == \'ftp_failed_auth\'\nleakspeed: "10s"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: "ftp:bruteforce"\n label: "VSFTPD Bruteforce"\n remediation: true\n service: vsftpd' + ], + title='Content', + ), + ] = None + description: Annotated[ + Optional[str], + Field( + description='A short, plaintext description of the item', + title='Description', + ), + ] = None + labels: Annotated[ + Optional[Dict[str, Union[str, List[str], int]]], + Field( + description='Classification labels for the item', + examples=[ + { + 'behavior': 'ftp:bruteforce', + 'classification': ['attack.T1110'], + 'confidence': 3, + 'label': 'VSFTPD Bruteforce', + 'remediation': True, + 'service': 'vsftpd', + 'spoofable': 0, + } + ], + title='Labels', + ), + ] = None + path: Annotated[ + Optional[str], + Field( + description="Relative path to the item's YAML content", + examples=['scenarios/crowdsecurity/vsftpd-bf.yaml'], + title='Path', + ), ] = None references: Annotated[ - Optional[List[Reference]], - Field(description='List of references', title='References'), + Optional[List[str]], + Field( + description='List of references to external resources', title='References' + ), ] = None - history: Annotated[Optional[History], Field(description='Historical data')] = None - classifications: Annotated[ - Optional[Classifications], Field(description='Classification data') + version: Annotated[ + Optional[str], + Field( + description='Current version of the collection', + examples=['0.2'], + title='Version', + ), ] = None - mitre_techniques: Annotated[ - Optional[List[MitreTechnique]], - Field(description='MITRE techniques', title='Mitre Techniques'), + versions: Annotated[ + Optional[Dict[str, VersionDetail]], + Field( + description="A dictionary where each key is a version number (e.g., '0.1', '0.2')", + examples=[ + { + '0.1': { + 'deprecated': False, + 'digest': '3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1', + }, + '0.2': { + 'deprecated': False, + 'digest': 'd1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91', + }, + } + ], + title='Versions', + ), ] = None - cves: Annotated[ - Optional[List[str]], Field(description='List of CVEs', title='Cves') + + +class CollectionIndex(BaseModelSdk): + appsec_configs: Annotated[ + Optional[List[str]], + Field( + alias='appsec-configs', + description='List of appsec-configs', + title='Appsec-Configs', + ), + ] = None + appsec_rules: Annotated[ + Optional[List[str]], + Field( + alias='appsec-rules', + description='List of appsec-rules', + title='Appsec-Rules', + ), + ] = None + collections: Annotated[ + Optional[List[str]], + Field(description='List of collections', title='Collections'), + ] = None + content: Annotated[ + Optional[str], + Field( + description='The YAML content of the item, in plaintext.', + examples=[ + 'type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: "Detect FTP bruteforce (vsftpd)"\nfilter: evt.Meta.log_type == \'ftp_failed_auth\'\nleakspeed: "10s"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: "ftp:bruteforce"\n label: "VSFTPD Bruteforce"\n remediation: true\n service: vsftpd' + ], + title='Content', + ), + ] = None + contexts: Annotated[ + Optional[List[str]], Field(description='List of contexts', title='Contexts') + ] = None + description: Annotated[ + Optional[str], + Field( + description='A short, plaintext description of the item', + title='Description', + ), + ] = None + labels: Annotated[ + Optional[Dict[str, Union[str, List[str], int]]], + Field( + description='Classification labels for the item', + examples=[ + { + 'behavior': 'ftp:bruteforce', + 'classification': ['attack.T1110'], + 'confidence': 3, + 'label': 'VSFTPD Bruteforce', + 'remediation': True, + 'service': 'vsftpd', + 'spoofable': 0, + } + ], + title='Labels', + ), + ] = None + parsers: Annotated[ + Optional[List[str]], Field(description='List of parsers', title='Parsers') + ] = None + path: Annotated[ + Optional[str], + Field( + description="Relative path to the item's YAML content", + examples=['scenarios/crowdsecurity/vsftpd-bf.yaml'], + title='Path', + ), + ] = None + postoverflows: Annotated[ + Optional[List[str]], + Field(description='List of postoverflows', title='Postoverflows'), + ] = None + references: Annotated[ + Optional[List[str]], + Field( + description='List of references to external resources', title='References' + ), + ] = None + scenarios: Annotated[ + Optional[List[str]], Field(description='List of scenarios', title='Scenarios') + ] = None + version: Annotated[ + Optional[str], + Field( + description='Current version of the collection', + examples=['0.2'], + title='Version', + ), + ] = None + versions: Annotated[ + Optional[Dict[str, VersionDetail]], + Field( + description="A dictionary where each key is a version number (e.g., '0.1', '0.2')", + examples=[ + { + '0.1': { + 'deprecated': False, + 'digest': '3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1', + }, + '0.2': { + 'deprecated': False, + 'digest': 'd1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91', + }, + } + ], + title='Versions', + ), + ] = None + + +class ContextIndex(BaseModelSdk): + content: Annotated[ + Optional[str], + Field( + description='The YAML content of the item, in plaintext.', + examples=[ + 'type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: "Detect FTP bruteforce (vsftpd)"\nfilter: evt.Meta.log_type == \'ftp_failed_auth\'\nleakspeed: "10s"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: "ftp:bruteforce"\n label: "VSFTPD Bruteforce"\n remediation: true\n service: vsftpd' + ], + title='Content', + ), ] = None - attack_details: Annotated[ - Optional[List[AttackDetail]], - Field(description='Attack details', title='Attack Details'), + description: Annotated[ + Optional[str], + Field( + description='A short, plaintext description of the item', + title='Description', + ), ] = None - target_countries: Annotated[ - Optional[Dict[str, int]], - Field(description='Target countries', title='Target Countries'), + labels: Annotated[ + Optional[Dict[str, Union[str, List[str], int]]], + Field( + description='Classification labels for the item', + examples=[ + { + 'behavior': 'ftp:bruteforce', + 'classification': ['attack.T1110'], + 'confidence': 3, + 'label': 'VSFTPD Bruteforce', + 'remediation': True, + 'service': 'vsftpd', + 'spoofable': 0, + } + ], + title='Labels', + ), + ] = None + path: Annotated[ + Optional[str], + Field( + description="Relative path to the item's YAML content", + examples=['scenarios/crowdsecurity/vsftpd-bf.yaml'], + title='Path', + ), + ] = None + references: Annotated[ + Optional[List[str]], + Field( + description='List of references to external resources', title='References' + ), + ] = None + version: Annotated[ + Optional[str], + Field( + description='Current version of the collection', + examples=['0.2'], + title='Version', + ), + ] = None + versions: Annotated[ + Optional[Dict[str, VersionDetail]], + Field( + description="A dictionary where each key is a version number (e.g., '0.1', '0.2')", + examples=[ + { + '0.1': { + 'deprecated': False, + 'digest': '3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1', + }, + '0.2': { + 'deprecated': False, + 'digest': 'd1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91', + }, + } + ], + title='Versions', + ), ] = None - scores: Annotated[Optional[Scores], Field(description='Scoring information')] = None -class GetCVEIPsResponsePage(BaseModelSdk): - items: Annotated[List[IPItem], Field(title='Items')] +class ParserIndex(BaseModelSdk): + content: Annotated[ + Optional[str], + Field( + description='The YAML content of the item, in plaintext.', + examples=[ + 'type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: "Detect FTP bruteforce (vsftpd)"\nfilter: evt.Meta.log_type == \'ftp_failed_auth\'\nleakspeed: "10s"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: "ftp:bruteforce"\n label: "VSFTPD Bruteforce"\n remediation: true\n service: vsftpd' + ], + title='Content', + ), + ] = None + description: Annotated[ + Optional[str], + Field( + description='A short, plaintext description of the item', + title='Description', + ), + ] = None + labels: Annotated[ + Optional[Dict[str, Union[str, List[str], int]]], + Field( + description='Classification labels for the item', + examples=[ + { + 'behavior': 'ftp:bruteforce', + 'classification': ['attack.T1110'], + 'confidence': 3, + 'label': 'VSFTPD Bruteforce', + 'remediation': True, + 'service': 'vsftpd', + 'spoofable': 0, + } + ], + title='Labels', + ), + ] = None + path: Annotated[ + Optional[str], + Field( + description="Relative path to the item's YAML content", + examples=['scenarios/crowdsecurity/vsftpd-bf.yaml'], + title='Path', + ), + ] = None + references: Annotated[ + Optional[List[str]], + Field( + description='List of references to external resources', title='References' + ), + ] = None + stage: Annotated[str, Field(description='The stage of the parser', title='Stage')] + version: Annotated[ + Optional[str], + Field( + description='Current version of the collection', + examples=['0.2'], + title='Version', + ), + ] = None + versions: Annotated[ + Optional[Dict[str, VersionDetail]], + Field( + description="A dictionary where each key is a version number (e.g., '0.1', '0.2')", + examples=[ + { + '0.1': { + 'deprecated': False, + 'digest': '3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1', + }, + '0.2': { + 'deprecated': False, + 'digest': 'd1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91', + }, + } + ], + title='Versions', + ), + ] = None + + +class PostoverflowIndex(BaseModelSdk): + content: Annotated[ + Optional[str], + Field( + description='The YAML content of the item, in plaintext.', + examples=[ + 'type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: "Detect FTP bruteforce (vsftpd)"\nfilter: evt.Meta.log_type == \'ftp_failed_auth\'\nleakspeed: "10s"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: "ftp:bruteforce"\n label: "VSFTPD Bruteforce"\n remediation: true\n service: vsftpd' + ], + title='Content', + ), + ] = None + description: Annotated[ + Optional[str], + Field( + description='A short, plaintext description of the item', + title='Description', + ), + ] = None + labels: Annotated[ + Optional[Dict[str, Union[str, List[str], int]]], + Field( + description='Classification labels for the item', + examples=[ + { + 'behavior': 'ftp:bruteforce', + 'classification': ['attack.T1110'], + 'confidence': 3, + 'label': 'VSFTPD Bruteforce', + 'remediation': True, + 'service': 'vsftpd', + 'spoofable': 0, + } + ], + title='Labels', + ), + ] = None + path: Annotated[ + Optional[str], + Field( + description="Relative path to the item's YAML content", + examples=['scenarios/crowdsecurity/vsftpd-bf.yaml'], + title='Path', + ), + ] = None + references: Annotated[ + Optional[List[str]], + Field( + description='List of references to external resources', title='References' + ), + ] = None + stage: Annotated[ + str, Field(description='The stage of the postoverflow', title='Stage') + ] + version: Annotated[ + Optional[str], + Field( + description='Current version of the collection', + examples=['0.2'], + title='Version', + ), + ] = None + versions: Annotated[ + Optional[Dict[str, VersionDetail]], + Field( + description="A dictionary where each key is a version number (e.g., '0.1', '0.2')", + examples=[ + { + '0.1': { + 'deprecated': False, + 'digest': '3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1', + }, + '0.2': { + 'deprecated': False, + 'digest': 'd1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91', + }, + } + ], + title='Versions', + ), + ] = None + + +class ScenarioIndex(BaseModelSdk): + content: Annotated[ + Optional[str], + Field( + description='The YAML content of the item, in plaintext.', + examples=[ + 'type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: "Detect FTP bruteforce (vsftpd)"\nfilter: evt.Meta.log_type == \'ftp_failed_auth\'\nleakspeed: "10s"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: "ftp:bruteforce"\n label: "VSFTPD Bruteforce"\n remediation: true\n service: vsftpd' + ], + title='Content', + ), + ] = None + description: Annotated[ + Optional[str], + Field( + description='A short, plaintext description of the item', + title='Description', + ), + ] = None + labels: Annotated[ + Optional[Dict[str, Union[str, List[str], int]]], + Field( + description='Classification labels for the item', + examples=[ + { + 'behavior': 'ftp:bruteforce', + 'classification': ['attack.T1110'], + 'confidence': 3, + 'label': 'VSFTPD Bruteforce', + 'remediation': True, + 'service': 'vsftpd', + 'spoofable': 0, + } + ], + title='Labels', + ), + ] = None + path: Annotated[ + Optional[str], + Field( + description="Relative path to the item's YAML content", + examples=['scenarios/crowdsecurity/vsftpd-bf.yaml'], + title='Path', + ), + ] = None + references: Annotated[ + Optional[List[str]], + Field( + description='List of references to external resources', title='References' + ), + ] = None + version: Annotated[ + Optional[str], + Field( + description='Current version of the collection', + examples=['0.2'], + title='Version', + ), + ] = None + versions: Annotated[ + Optional[Dict[str, VersionDetail]], + Field( + description="A dictionary where each key is a version number (e.g., '0.1', '0.2')", + examples=[ + { + '0.1': { + 'deprecated': False, + 'digest': '3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1', + }, + '0.2': { + 'deprecated': False, + 'digest': 'd1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91', + }, + } + ], + title='Versions', + ), + ] = None + + +class AllowlistGetItemsResponse(BaseModelSdk): + id: Annotated[ + str, + Field( + description='ID of the allowlist entry', + examples=['5f9d88b9e5c4f5b9a3d3e8b1'], + title='Id', + ), + ] + allowlist_id: Annotated[ + str, + Field( + description='ID of the allowlist', + examples=['5f9d88b9e5c4f5b9a3d3e8b1'], + title='Allowlist Id', + ), + ] + description: Annotated[ + str, + Field( + description='Description of the allowlist entry', + min_length=1, + title='Description', + ), + ] + scope: Annotated[AllowlistScope, Field(description='Scope of the allowlist entry')] + value: Annotated[ + str, Field(description='Value of the allowlist entry', title='Value') + ] + created_at: Annotated[ + datetime, + Field(description='Time the allowlist entry was created', title='Created At'), + ] + updated_at: Annotated[ + Optional[datetime], + Field(description='Time the allowlist entry was updated', title='Updated At'), + ] = None + created_by: Annotated[ + SourceInfo, Field(description='The source user who created the allowlist entry') + ] + updated_by: Annotated[ + Optional[SourceInfo], + Field(description='The source user who updated the allowlist entry'), + ] = None + expiration: Annotated[ + Optional[datetime], + Field(description='Time the allowlist entry will expire', title='Expiration'), + ] = None + + +class AllowlistGetItemsResponsePage(BaseModelSdk): + items: Annotated[List[AllowlistGetItemsResponse], Field(title='Items')] total: Annotated[int, Field(ge=0, title='Total')] page: Annotated[int, Field(ge=1, title='Page')] size: Annotated[int, Field(ge=1, title='Size')] @@ -1765,10 +2448,274 @@ class GetCVEIPsResponsePage(BaseModelSdk): links: Links -class GetFingerprintIPsResponsePage(BaseModelSdk): - items: Annotated[List[IPItem], Field(title='Items')] +class AllowlistGetResponse(BaseModelSdk): + id: Annotated[ + str, + Field( + description='ID of the allowlist', + examples=['5f9d88b9e5c4f5b9a3d3e8b1'], + title='Id', + ), + ] + organization_id: Annotated[ + str, Field(description='ID of the owner organization', title='Organization Id') + ] + name: Annotated[str, Field(description='Name of the allowlist', title='Name')] + description: Annotated[ + Optional[str], + Field(description='Description of the allowlist', title='Description'), + ] = None + created_at: Annotated[ + datetime, + Field(description='Time the allowlist was created', title='Created At'), + ] + updated_at: Annotated[ + Optional[datetime], + Field(description='Time the allowlist was updated', title='Updated At'), + ] = None + from_cti_query: Annotated[ + Optional[str], + Field( + description='CTI query from which the blocklist was created', + title='From Cti Query', + ), + ] = None + since: Annotated[ + Optional[str], + Field( + description='Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days', + title='Since', + ), + ] = None + total_items: Annotated[ + int, Field(description='Number of items in the allowlist', title='Total Items') + ] + subscribers: Annotated[ + Optional[List[AllowlistSubscribersCount]], + Field( + description='List of subscribers count by entity type', title='Subscribers' + ), + ] = [] + + +class AllowlistGetResponsePage(BaseModelSdk): + items: Annotated[List[AllowlistGetResponse], Field(title='Items')] total: Annotated[int, Field(ge=0, title='Total')] page: Annotated[int, Field(ge=1, title='Page')] size: Annotated[int, Field(ge=1, title='Size')] pages: Annotated[int, Field(ge=0, title='Pages')] links: Links + + +class AllowlistItemUpdateResponse(BaseModelSdk): + id: Annotated[ + str, + Field( + description='ID of the allowlist entry', + examples=['5f9d88b9e5c4f5b9a3d3e8b1'], + title='Id', + ), + ] + allowlist_id: Annotated[ + str, + Field( + description='ID of the allowlist', + examples=['5f9d88b9e5c4f5b9a3d3e8b1'], + title='Allowlist Id', + ), + ] + description: Annotated[ + str, + Field( + description='Description of the allowlist entry', + min_length=1, + title='Description', + ), + ] + scope: Annotated[AllowlistScope, Field(description='Scope of the allowlist entry')] + value: Annotated[ + str, Field(description='Value of the allowlist entry', title='Value') + ] + created_at: Annotated[ + datetime, + Field(description='Time the allowlist entry was created', title='Created At'), + ] + updated_at: Annotated[ + datetime, + Field(description='Time the allowlist entry was updated', title='Updated At'), + ] + created_by: Annotated[ + SourceInfo, Field(description='The source user who created the allowlist entry') + ] + updated_by: Annotated[ + SourceInfo, Field(description='The source user who updated the allowlist entry') + ] + expiration: Annotated[ + Optional[datetime], + Field(description='Time the allowlist entry will expire', title='Expiration'), + ] = None + + +class ComputedSavedMetrics(BaseModelSdk): + log_lines: Annotated[ + Optional[List[RemediationMetrics]], + Field(description='estimated log lines saved', title='Log Lines'), + ] = [] + storage: Annotated[ + Optional[List[RemediationMetrics]], + Field(description='estimated storage saved', title='Storage'), + ] = [] + egress_traffic: Annotated[ + Optional[List[RemediationMetrics]], + Field(description='estimated egress traffic saved', title='Egress Traffic'), + ] = [] + + +class DecisionCreateRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) + created_at: Annotated[Optional[datetime], Field(title='Created At')] = None + uuid: Annotated[ + Optional[str], Field(description='UUID of the decision', title='Uuid') + ] = None + id: Annotated[ + Optional[int], Field(description='ID of the decision', title='Id') + ] = None + duration: Annotated[ + str, Field(description='Duration of the decision', title='Duration') + ] + origin: Annotated[str, Field(description='Origin of the decision', title='Origin')] + scenario: Annotated[ + str, Field(description='Scenario of the decision', title='Scenario') + ] + scope: Annotated[str, Field(description='Scope of the decision', title='Scope')] + type: Annotated[str, Field(description='Type of the decision', title='Type')] + value: Annotated[str, Field(description='Value of the decision', title='Value')] + country: Annotated[ + Optional[str], + Field(description='Country associated with the decision', title='Country'), + ] = None + as_name: Annotated[ + Optional[str], + Field(description='AS name associated with the decision', title='As Name'), + ] = None + as_num: Annotated[ + Optional[int], + Field(description='AS number associated with the decision', title='As Num'), + ] = None + city: Annotated[ + Optional[str], + Field(description='City associated with the decision', title='City'), + ] = None + latitude: Annotated[ + Optional[float], + Field(description='Latitude associated with the decision', title='Latitude'), + ] = None + longitude: Annotated[ + Optional[float], + Field(description='Longitude associated with the decision', title='Longitude'), + ] = None + target: Annotated[DecisionTargetModel, Field(description='Target of the decision')] + + +class DecisionResponse(BaseModelSdk): + created_at: Annotated[Optional[datetime], Field(title='Created At')] = None + uuid: Annotated[str, Field(description='UUID of the decision', title='Uuid')] + id: Annotated[int, Field(description='ID of the decision', title='Id')] + duration: Annotated[ + str, Field(description='Duration of the decision', title='Duration') + ] + origin: Annotated[str, Field(description='Origin of the decision', title='Origin')] + scenario: Annotated[ + str, Field(description='Scenario of the decision', title='Scenario') + ] + scope: Annotated[str, Field(description='Scope of the decision', title='Scope')] + type: Annotated[str, Field(description='Type of the decision', title='Type')] + value: Annotated[str, Field(description='Value of the decision', title='Value')] + country: Annotated[ + Optional[str], + Field(description='Country associated with the decision', title='Country'), + ] = None + as_name: Annotated[ + Optional[str], + Field(description='AS name associated with the decision', title='As Name'), + ] = None + as_num: Annotated[ + Optional[int], + Field(description='AS number associated with the decision', title='As Num'), + ] = None + city: Annotated[ + Optional[str], + Field(description='City associated with the decision', title='City'), + ] = None + latitude: Annotated[ + Optional[float], + Field(description='Latitude associated with the decision', title='Latitude'), + ] = None + longitude: Annotated[ + Optional[float], + Field(description='Longitude associated with the decision', title='Longitude'), + ] = None + target: Annotated[DecisionTargetModel, Field(description='Target of the decision')] + + +class DecisionsGetResponsePage(BaseModelSdk): + items: Annotated[List[DecisionResponse], Field(title='Items')] + total: Annotated[int, Field(ge=0, title='Total')] + page: Annotated[int, Field(ge=1, title='Page')] + size: Annotated[int, Field(ge=1, title='Size')] + pages: Annotated[int, Field(ge=0, title='Pages')] + links: Links + + +class RawMetrics(BaseModelSdk): + dropped: Annotated[ + Optional[List[RemediationMetrics]], + Field(description='dropped metrics', title='Dropped'), + ] = [] + processed: Annotated[ + Optional[List[RemediationMetrics]], + Field(description='processed metrics', title='Processed'), + ] = [] + + +class Index(BaseModelSdk): + appsec_configs: Annotated[ + Optional[Dict[str, AppsecConfigIndex]], + Field(alias='appsec-configs', title='Appsec-Configs'), + ] = None + appsec_rules: Annotated[ + Optional[Dict[str, AppsecRuleIndex]], + Field(alias='appsec-rules', title='Appsec-Rules'), + ] = None + collections: Annotated[ + Optional[Dict[str, CollectionIndex]], Field(title='Collections') + ] = None + contexts: Annotated[Optional[Dict[str, ContextIndex]], Field(title='Contexts')] = ( + None + ) + parsers: Annotated[Optional[Dict[str, ParserIndex]], Field(title='Parsers')] = None + postoverflows: Annotated[ + Optional[Dict[str, PostoverflowIndex]], Field(title='Postoverflows') + ] = None + scenarios: Annotated[ + Optional[Dict[str, ScenarioIndex]], Field(title='Scenarios') + ] = None + + +class ComputedMetrics(BaseModelSdk): + saved: Annotated[ComputedSavedMetrics, Field(description='estimated saved metrics')] + dropped: Annotated[ + Optional[List[RemediationMetrics]], + Field(description='estimated dropped metrics', title='Dropped'), + ] = [] + prevented: Annotated[ + Optional[List[AttacksMetrics]], + Field(description='prevented attacks metrics', title='Prevented'), + ] = [] + + +class GetRemediationMetricsResponse(BaseModelSdk): + raw: Annotated[RawMetrics, Field(description='Raw metrics data')] + computed: Annotated[ComputedMetrics, Field(description='Computed metrics data')] diff --git a/crowdsec_tracker_api/services/__pycache__/__init__.cpython-311.pyc b/crowdsec_tracker_api/services/__pycache__/__init__.cpython-311.pyc index 031bdb7d0eae45a1fed0bcf1318710282ae9beff..5fed2e6ef042e6bb5b5cbf0ee2137a8408aa4082 100644 GIT binary patch delta 24 ecmaFE_=b^tIWI340}v$t-93>zhS79lMhgI0=LdHH delta 24 ecmaFE_=b^tIWI340}!y^oI8;_hS6kVMhgH_c?Q@3 diff --git a/crowdsec_tracker_api/services/allowlists.py b/crowdsec_tracker_api/services/allowlists.py new file mode 100644 index 0000000..988a012 --- /dev/null +++ b/crowdsec_tracker_api/services/allowlists.py @@ -0,0 +1,320 @@ +import json +from types import NoneType +from typing import Optional, Union, Annotated + +from ..models import * +from ..base_model import Page, Service +from pydantic import BaseModel, Field +from pydantic.fields import FieldInfo +from httpx import Auth +from ..http_client import HttpClient + +class Allowlists(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.116.3") + + def list_allowlists( + self, + page: int = 1, + size: int = 50, + )-> AllowlistGetResponsePage: + endpoint_url = "/allowlists" + loc = locals() + headers = {} + params = json.loads( + AllowlistsListAllowlistsQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = {} + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return AllowlistGetResponsePage(_client=self, **response.json()) + + def create_allowlist( + self, + request: AllowlistCreateRequest, + )-> AllowlistCreateResponse: + endpoint_url = "/allowlists" + loc = locals() + headers = {} + params = {} + path_params = {} + + payload = json.loads( + request.model_dump_json( + exclude_none=True + ) + ) if "request" in loc else None + response = self.http_client.post( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=payload + ) + + return AllowlistCreateResponse(**response.json()) + + def get_allowlist( + self, + allowlist_id: str, + )-> AllowlistGetResponse: + endpoint_url = "/allowlists/{allowlist_id}" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + AllowlistsGetAllowlistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return AllowlistGetResponse(**response.json()) + + def delete_allowlist( + self, + allowlist_id: str, + force: bool = False, + ): + endpoint_url = "/allowlists/{allowlist_id}" + loc = locals() + headers = {} + params = json.loads( + AllowlistsDeleteAllowlistQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = json.loads( + AllowlistsDeleteAllowlistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.delete( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return None + + def update_allowlist( + self, + request: AllowlistUpdateRequest, + allowlist_id: str, + )-> AllowlistUpdateResponse: + endpoint_url = "/allowlists/{allowlist_id}" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + AllowlistsUpdateAllowlistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.patch( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=json.loads( + request.model_dump_json( + exclude_unset=True + ) + ) + ) + + return AllowlistUpdateResponse(**response.json()) + + def get_allowlist_items( + self, + allowlist_id: str, + page: int = 1, + size: int = 50, + )-> AllowlistGetItemsResponsePage: + endpoint_url = "/allowlists/{allowlist_id}/items" + loc = locals() + headers = {} + params = json.loads( + AllowlistsGetAllowlistItemsQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = json.loads( + AllowlistsGetAllowlistItemsPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return AllowlistGetItemsResponsePage(_client=self, **response.json()) + + def create_allowlist_items( + self, + request: AllowlistItemsCreateRequest, + allowlist_id: str, + ): + endpoint_url = "/allowlists/{allowlist_id}/items" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + AllowlistsCreateAllowlistItemsPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + payload = json.loads( + request.model_dump_json( + exclude_none=True + ) + ) if "request" in loc else None + response = self.http_client.post( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=payload + ) + + return None + + def get_allowlist_item( + self, + allowlist_id: str, + item_id: str, + )-> AllowlistGetItemsResponse: + endpoint_url = "/allowlists/{allowlist_id}/items/{item_id}" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + AllowlistsGetAllowlistItemPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return AllowlistGetItemsResponse(**response.json()) + + def delete_allowlist_item( + self, + allowlist_id: str, + item_id: str, + ): + endpoint_url = "/allowlists/{allowlist_id}/items/{item_id}" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + AllowlistsDeleteAllowlistItemPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.delete( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return None + + def update_allowlist_item( + self, + request: AllowlistItemUpdateRequest, + allowlist_id: str, + item_id: str, + )-> AllowlistItemUpdateResponse: + endpoint_url = "/allowlists/{allowlist_id}/items/{item_id}" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + AllowlistsUpdateAllowlistItemPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.patch( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=json.loads( + request.model_dump_json( + exclude_unset=True + ) + ) + ) + + return AllowlistItemUpdateResponse(**response.json()) + + def get_allowlist_subscribers( + self, + allowlist_id: str, + page: int = 1, + size: int = 50, + )-> AllowlistSubscriberEntityPage: + endpoint_url = "/allowlists/{allowlist_id}/subscribers" + loc = locals() + headers = {} + params = json.loads( + AllowlistsGetAllowlistSubscribersQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = json.loads( + AllowlistsGetAllowlistSubscribersPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return AllowlistSubscriberEntityPage(_client=self, **response.json()) + + def subscribe_allowlist( + self, + request: AllowlistSubscriptionRequest, + allowlist_id: str, + )-> AllowlistSubscriptionResponse: + endpoint_url = "/allowlists/{allowlist_id}/subscribers" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + AllowlistsSubscribeAllowlistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + payload = json.loads( + request.model_dump_json( + exclude_none=True + ) + ) if "request" in loc else None + response = self.http_client.post( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=payload + ) + + return AllowlistSubscriptionResponse(**response.json()) + + def unsubscribe_allowlist( + self, + allowlist_id: str, + entity_id: str, + ): + endpoint_url = "/allowlists/{allowlist_id}/subscribers/{entity_id}" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + AllowlistsUnsubscribeAllowlistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.delete( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return None + \ No newline at end of file diff --git a/crowdsec_tracker_api/services/blocklists.py b/crowdsec_tracker_api/services/blocklists.py new file mode 100644 index 0000000..8841ce7 --- /dev/null +++ b/crowdsec_tracker_api/services/blocklists.py @@ -0,0 +1,383 @@ +import json +from types import NoneType +from typing import Optional, Union, Annotated + +from ..models import * +from ..base_model import Page, Service +from pydantic import BaseModel, Field +from pydantic.fields import FieldInfo +from httpx import Auth +from ..http_client import HttpClient + +class Blocklists(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.116.3") + + def get_blocklists( + self, + page: int = 1, + page_size: int = 100, + subscribed_only: bool = False, + exclude_subscribed: bool = False, + include_filter: list[BlocklistIncludeFilters] = ['private', 'shared'], + category: Optional[list[str]] = None, + size: int = 50, + )-> PublicBlocklistResponsePage: + endpoint_url = "/blocklists" + loc = locals() + headers = {} + params = json.loads( + BlocklistsGetBlocklistsQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = {} + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return PublicBlocklistResponsePage(_client=self, **response.json()) + + def create_blocklist( + self, + request: BlocklistCreateRequest, + )-> PublicBlocklistResponse: + endpoint_url = "/blocklists" + loc = locals() + headers = {} + params = {} + path_params = {} + + payload = json.loads( + request.model_dump_json( + exclude_none=True + ) + ) if "request" in loc else None + response = self.http_client.post( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=payload + ) + + return PublicBlocklistResponse(**response.json()) + + def search_blocklist( + self, + request: BlocklistSearchRequest, + page: int = 1, + size: int = 50, + )-> PublicBlocklistResponsePage: + endpoint_url = "/blocklists/search" + loc = locals() + headers = {} + params = json.loads( + BlocklistsSearchBlocklistQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = {} + + payload = json.loads( + request.model_dump_json( + exclude_none=True + ) + ) if "request" in loc else None + response = self.http_client.post( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=payload + ) + + return PublicBlocklistResponsePage(_client=self, **response.json()) + + def get_blocklist( + self, + blocklist_id: str, + )-> PublicBlocklistResponse: + endpoint_url = "/blocklists/{blocklist_id}" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + BlocklistsGetBlocklistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return PublicBlocklistResponse(**response.json()) + + def delete_blocklist( + self, + blocklist_id: str, + force: bool = False, + ): + endpoint_url = "/blocklists/{blocklist_id}" + loc = locals() + headers = {} + params = json.loads( + BlocklistsDeleteBlocklistQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = json.loads( + BlocklistsDeleteBlocklistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.delete( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return None + + def update_blocklist( + self, + request: BlocklistUpdateRequest, + blocklist_id: str, + )-> PublicBlocklistResponse: + endpoint_url = "/blocklists/{blocklist_id}" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + BlocklistsUpdateBlocklistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.patch( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=json.loads( + request.model_dump_json( + exclude_unset=True + ) + ) + ) + + return PublicBlocklistResponse(**response.json()) + + def add_ips_to_blocklist( + self, + request: BlocklistAddIPsRequest, + blocklist_id: str, + ): + endpoint_url = "/blocklists/{blocklist_id}/ips" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + BlocklistsAddIpsToBlocklistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + payload = json.loads( + request.model_dump_json( + exclude_none=True + ) + ) if "request" in loc else None + response = self.http_client.post( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=payload + ) + + return None + + def overwrite_ips( + self, + request: BlocklistAddIPsRequest, + blocklist_id: str, + ): + endpoint_url = "/blocklists/{blocklist_id}/ips/bulk_overwrite" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + BlocklistsOverwriteIpsPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + payload = json.loads( + request.model_dump_json( + exclude_none=True + ) + ) if "request" in loc else None + response = self.http_client.post( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=payload + ) + + return None + + def delete_ips_from_blocklist( + self, + request: BlocklistDeleteIPsRequest, + blocklist_id: str, + ): + endpoint_url = "/blocklists/{blocklist_id}/ips/delete" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + BlocklistsDeleteIpsFromBlocklistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + payload = json.loads( + request.model_dump_json( + exclude_none=True + ) + ) if "request" in loc else None + response = self.http_client.post( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=payload + ) + + return None + + def download_blocklist_content( + self, + blocklist_id: str, + if_modified_since: Optional[str] = None, + if_none_match: Optional[str] = None, + )-> str: + endpoint_url = "/blocklists/{blocklist_id}/download" + loc = locals() + headers = json.loads( + BlocklistsDownloadBlocklistContentHeadersParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + params = {} + path_params = json.loads( + BlocklistsDownloadBlocklistContentPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return response.text + + def get_blocklist_subscribers( + self, + blocklist_id: str, + page: int = 1, + size: int = 50, + )-> BlocklistSubscriberEntityPage: + endpoint_url = "/blocklists/{blocklist_id}/subscribers" + loc = locals() + headers = {} + params = json.loads( + BlocklistsGetBlocklistSubscribersQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = json.loads( + BlocklistsGetBlocklistSubscribersPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return BlocklistSubscriberEntityPage(_client=self, **response.json()) + + def subscribe_blocklist( + self, + request: BlocklistSubscriptionRequest, + blocklist_id: str, + )-> BlocklistSubscriptionResponse: + endpoint_url = "/blocklists/{blocklist_id}/subscribers" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + BlocklistsSubscribeBlocklistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + payload = json.loads( + request.model_dump_json( + exclude_none=True + ) + ) if "request" in loc else None + response = self.http_client.post( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=payload + ) + + return BlocklistSubscriptionResponse(**response.json()) + + def unsubscribe_blocklist( + self, + blocklist_id: str, + entity_id: str, + ): + endpoint_url = "/blocklists/{blocklist_id}/subscribers/{entity_id}" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + BlocklistsUnsubscribeBlocklistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.delete( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return None + + def share_blocklist( + self, + request: BlocklistShareRequest, + blocklist_id: str, + ): + endpoint_url = "/blocklists/{blocklist_id}/shares" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + BlocklistsShareBlocklistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + payload = json.loads( + request.model_dump_json( + exclude_none=True + ) + ) if "request" in loc else None + response = self.http_client.post( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=payload + ) + + return None + + def unshare_blocklist( + self, + blocklist_id: str, + unshare_organization_id: str, + ): + endpoint_url = "/blocklists/{blocklist_id}/shares/{unshare_organization_id}" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + BlocklistsUnshareBlocklistPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.delete( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return None + \ No newline at end of file diff --git a/crowdsec_tracker_api/services/decisions.py b/crowdsec_tracker_api/services/decisions.py new file mode 100644 index 0000000..79ee650 --- /dev/null +++ b/crowdsec_tracker_api/services/decisions.py @@ -0,0 +1,63 @@ +import json +from types import NoneType +from typing import Optional, Union, Annotated + +from ..models import * +from ..base_model import Page, Service +from pydantic import BaseModel, Field +from pydantic.fields import FieldInfo +from httpx import Auth +from ..http_client import HttpClient + +class Decisions(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.116.3") + + def get_decisions( + self, + instance_ids: list[str] = [], + tag_ids: list[str] = [], + remediation_types: list[str] = [], + ips: list[str] = [], + sort_by: Optional[DecisionsSortBy] = DecisionsSortBy("created_at"), + sort_order: Optional[DecisionsSortOrder] = DecisionsSortOrder("desc"), + page: int = 1, + size: int = 50, + )-> DecisionsGetResponsePage: + endpoint_url = "/decisions" + loc = locals() + headers = {} + params = json.loads( + DecisionsGetDecisionsQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = {} + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return DecisionsGetResponsePage(_client=self, **response.json()) + + def create_decision( + self, + request: DecisionCreateRequest, + )-> DecisionCreateResponse: + endpoint_url = "/decisions" + loc = locals() + headers = {} + params = {} + path_params = {} + + payload = json.loads( + request.model_dump_json( + exclude_none=True + ) + ) if "request" in loc else None + response = self.http_client.post( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=payload + ) + + return DecisionCreateResponse(**response.json()) + \ No newline at end of file diff --git a/crowdsec_tracker_api/services/hub.py b/crowdsec_tracker_api/services/hub.py new file mode 100644 index 0000000..b7e1519 --- /dev/null +++ b/crowdsec_tracker_api/services/hub.py @@ -0,0 +1,63 @@ +import json +from types import NoneType +from typing import Optional, Union, Annotated + +from ..models import * +from ..base_model import Page, Service +from pydantic import BaseModel, Field +from pydantic.fields import FieldInfo +from httpx import Auth +from ..http_client import HttpClient + +class Hub(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.116.3") + + def get_index( + self, + branch: str, + tenant: str, + with_content: bool = False, + )-> Index: + endpoint_url = "/hub/index/{tenant}/{branch}/.index.json" + loc = locals() + headers = {} + params = json.loads( + HubGetIndexQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = json.loads( + HubGetIndexPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return Index(**response.json()) + + def get_item_content( + self, + item_path: str, + branch: str, + tenant: str, + ): + endpoint_url = "/hub/index/{tenant}/{branch}/{item_path}" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + HubGetItemContentPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return None + \ No newline at end of file diff --git a/crowdsec_tracker_api/services/info.py b/crowdsec_tracker_api/services/info.py new file mode 100644 index 0000000..3694e52 --- /dev/null +++ b/crowdsec_tracker_api/services/info.py @@ -0,0 +1,30 @@ +import json +from types import NoneType +from typing import Optional, Union, Annotated + +from ..models import * +from ..base_model import Page, Service +from pydantic import BaseModel, Field +from pydantic.fields import FieldInfo +from httpx import Auth +from ..http_client import HttpClient + +class Info(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.116.3") + + def get_info( + self, + )-> InfoResponse: + endpoint_url = "/info" + loc = locals() + headers = {} + params = {} + path_params = {} + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return InfoResponse(**response.json()) + \ No newline at end of file diff --git a/crowdsec_tracker_api/services/integrations.py b/crowdsec_tracker_api/services/integrations.py index 46ed4a7..2673b7c 100644 --- a/crowdsec_tracker_api/services/integrations.py +++ b/crowdsec_tracker_api/services/integrations.py @@ -11,11 +11,13 @@ class Integrations(Service): def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: - super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.108.1") + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.116.3") def get_integrations( self, tag: Optional[list[str]] = None, + page: int = 1, + size: int = 50, )-> IntegrationGetResponsePage: endpoint_url = "/integrations" loc = locals() diff --git a/crowdsec_tracker_api/services/metrics.py b/crowdsec_tracker_api/services/metrics.py new file mode 100644 index 0000000..cdfd2a1 --- /dev/null +++ b/crowdsec_tracker_api/services/metrics.py @@ -0,0 +1,39 @@ +import json +from types import NoneType +from typing import Optional, Union, Annotated + +from ..models import * +from ..base_model import Page, Service +from pydantic import BaseModel, Field +from pydantic.fields import FieldInfo +from httpx import Auth +from ..http_client import HttpClient + +class Metrics(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.116.3") + + def get_metrics_remediation( + self, + start_date: str, + end_date: str, + engine_ids: list[str] = [], + integration_ids: list[str] = [], + tags: list[str] = [], + )-> GetRemediationMetricsResponse: + endpoint_url = "/metrics/remediation" + loc = locals() + headers = {} + params = json.loads( + MetricsGetMetricsRemediationQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = {} + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return GetRemediationMetricsResponse(**response.json()) + \ No newline at end of file diff --git a/doc/Allowlists.md b/doc/Allowlists.md new file mode 100644 index 0000000..a3f9362 --- /dev/null +++ b/doc/Allowlists.md @@ -0,0 +1,530 @@ + + +# Allowlists Methods +| Method | Description | +| ------ | ----------- | +| [list_allowlists](#list_allowlists) | List all allowlists for an organization | +| [create_allowlist](#create_allowlist) | Create a new allowlist for an organization | +| [get_allowlist](#get_allowlist) | Get an allowlist by ID | +| [delete_allowlist](#delete_allowlist) | Delete an allowlist by ID | +| [update_allowlist](#update_allowlist) | Update an allowlist by ID | +| [get_allowlist_items](#get_allowlist_items) | Get items in an allowlist | +| [create_allowlist_items](#create_allowlist_items) | Create items for an allowlist | +| [get_allowlist_item](#get_allowlist_item) | Get an allowlist item by ID | +| [delete_allowlist_item](#delete_allowlist_item) | Delete an allowlist item by ID | +| [update_allowlist_item](#update_allowlist_item) | Update an allowlist item by ID | +| [get_allowlist_subscribers](#get_allowlist_subscribers) | Get subscribers of an allowlist | +| [subscribe_allowlist](#subscribe_allowlist) | Subscribe to an allowlist | +| [unsubscribe_allowlist](#unsubscribe_allowlist) | Unsubscribe from an allowlist | + +## **list_allowlists** +### List all allowlists for an organization +- Endpoint: `/allowlists` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | +### Returns: +[AllowlistGetResponsePage](./Models.md#allowlistgetresponsepage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Allowlists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Allowlists(auth=auth) +try: + response = client.list_allowlists( + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **create_allowlist** +### Create a new allowlist for an organization +- Endpoint: `/allowlists` +- Method: `POST` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [AllowlistCreateRequest](./Models.md#allowlistcreaterequest) | Request body | Yes | - | +### Returns: +[AllowlistCreateResponse](./Models.md#allowlistcreateresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Allowlists, + ApiKeyAuth, + AllowlistCreateRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Allowlists(auth=auth) +request = AllowlistCreateRequest( + name=None, + description=None, +) +try: + response = client.create_allowlist( + request=request, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_allowlist** +### Get an allowlist by ID +- Endpoint: `/allowlists/{allowlist_id}` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| allowlist_id | str | | True | | +### Returns: +[AllowlistGetResponse](./Models.md#allowlistgetresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Allowlist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Allowlists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Allowlists(auth=auth) +try: + response = client.get_allowlist( + allowlist_id='allowlist_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **delete_allowlist** +### Delete an allowlist by ID +- Endpoint: `/allowlists/{allowlist_id}` +- Method: `DELETE` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| allowlist_id | str | | True | | +| force | bool | Force delete the allowlist, even if it has subscribers | False | False | +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Allowlist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Allowlists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Allowlists(auth=auth) +try: + response = client.delete_allowlist( + allowlist_id='allowlist_id', + force=True, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **update_allowlist** +### Update an allowlist by ID +- Endpoint: `/allowlists/{allowlist_id}` +- Method: `PATCH` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [AllowlistUpdateRequest](./Models.md#allowlistupdaterequest) | Request body | Yes | - | +| allowlist_id | str | | True | | +### Returns: +[AllowlistUpdateResponse](./Models.md#allowlistupdateresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Allowlist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Allowlists, + ApiKeyAuth, + AllowlistUpdateRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Allowlists(auth=auth) +request = AllowlistUpdateRequest( + name=None, + description=None, +) +try: + response = client.update_allowlist( + request=request, + allowlist_id='allowlist_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_allowlist_items** +### Get items in an allowlist +- Endpoint: `/allowlists/{allowlist_id}/items` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| allowlist_id | str | | True | | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | +### Returns: +[AllowlistGetItemsResponsePage](./Models.md#allowlistgetitemsresponsepage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Allowlist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Allowlists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Allowlists(auth=auth) +try: + response = client.get_allowlist_items( + allowlist_id='allowlist_id', + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **create_allowlist_items** +### Create items for an allowlist +- Endpoint: `/allowlists/{allowlist_id}/items` +- Method: `POST` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [AllowlistItemsCreateRequest](./Models.md#allowlistitemscreaterequest) | Request body | Yes | - | +| allowlist_id | str | | True | | +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Allowlist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Allowlists, + ApiKeyAuth, + AllowlistItemsCreateRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Allowlists(auth=auth) +request = AllowlistItemsCreateRequest( + items=None, + description=None, + expiration=None, +) +try: + response = client.create_allowlist_items( + request=request, + allowlist_id='allowlist_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_allowlist_item** +### Get an allowlist item by ID +- Endpoint: `/allowlists/{allowlist_id}/items/{item_id}` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| allowlist_id | str | | True | | +| item_id | str | | True | | +### Returns: +[AllowlistGetItemsResponse](./Models.md#allowlistgetitemsresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Allowlist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Allowlists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Allowlists(auth=auth) +try: + response = client.get_allowlist_item( + allowlist_id='allowlist_id', + item_id='item_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **delete_allowlist_item** +### Delete an allowlist item by ID +- Endpoint: `/allowlists/{allowlist_id}/items/{item_id}` +- Method: `DELETE` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| allowlist_id | str | | True | | +| item_id | str | | True | | +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Allowlist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Allowlists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Allowlists(auth=auth) +try: + response = client.delete_allowlist_item( + allowlist_id='allowlist_id', + item_id='item_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **update_allowlist_item** +### Update an allowlist item by ID +- Endpoint: `/allowlists/{allowlist_id}/items/{item_id}` +- Method: `PATCH` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [AllowlistItemUpdateRequest](./Models.md#allowlistitemupdaterequest) | Request body | Yes | - | +| allowlist_id | str | | True | | +| item_id | str | | True | | +### Returns: +[AllowlistItemUpdateResponse](./Models.md#allowlistitemupdateresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Allowlist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Allowlists, + ApiKeyAuth, + AllowlistItemUpdateRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Allowlists(auth=auth) +request = AllowlistItemUpdateRequest( + description=None, + expiration=None, +) +try: + response = client.update_allowlist_item( + request=request, + allowlist_id='allowlist_id', + item_id='item_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_allowlist_subscribers** +### Get subscribers of an allowlist +- Endpoint: `/allowlists/{allowlist_id}/subscribers` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| allowlist_id | str | | True | | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | +### Returns: +[AllowlistSubscriberEntityPage](./Models.md#allowlistsubscriberentitypage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Allowlist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Allowlists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Allowlists(auth=auth) +try: + response = client.get_allowlist_subscribers( + allowlist_id='allowlist_id', + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **subscribe_allowlist** +### Subscribe to an allowlist +- Endpoint: `/allowlists/{allowlist_id}/subscribers` +- Method: `POST` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [AllowlistSubscriptionRequest](./Models.md#allowlistsubscriptionrequest) | Request body | Yes | - | +| allowlist_id | str | | True | | +### Returns: +[AllowlistSubscriptionResponse](./Models.md#allowlistsubscriptionresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Allowlist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Allowlists, + ApiKeyAuth, + AllowlistSubscriptionRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Allowlists(auth=auth) +request = AllowlistSubscriptionRequest( + ids=None, + entity_type=None, +) +try: + response = client.subscribe_allowlist( + request=request, + allowlist_id='allowlist_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **unsubscribe_allowlist** +### Unsubscribe from an allowlist +- Endpoint: `/allowlists/{allowlist_id}/subscribers/{entity_id}` +- Method: `DELETE` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| allowlist_id | str | | True | | +| entity_id | str | | True | | +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Allowlist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Allowlists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Allowlists(auth=auth) +try: + response = client.unsubscribe_allowlist( + allowlist_id='allowlist_id', + entity_id='entity_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + diff --git a/doc/Blocklists.md b/doc/Blocklists.md new file mode 100644 index 0000000..a39e0a9 --- /dev/null +++ b/doc/Blocklists.md @@ -0,0 +1,656 @@ + + +# Blocklists Methods +| Method | Description | +| ------ | ----------- | +| [get_blocklists](#get_blocklists) | Get multiple blocklists. Only blocklists owned by your organization, shared with your organization or public blocklists are returned. Filters and pagination are available as query parameters. | +| [create_blocklist](#create_blocklist) | Create a new blocklist owned by your organization. The name must be unique within your organization. The list will only be visible to your organization and organizations you shared the blocklist with. This operation is submitted to quotas | +| [search_blocklist](#search_blocklist) | Search blocklists | +| [get_blocklist](#get_blocklist) | Get the details of a blocklist by ID. The content of the blocklist is not returned. | +| [delete_blocklist](#delete_blocklist) | Delete a blocklist by ID. If the blocklist is shared with other organizations or it has subscriptions, the operation will fail. If you want to force delete the blocklist, you can use the force query parameter, so the blocklists will be unshared / unsubscribed. | +| [update_blocklist](#update_blocklist) | Update a blocklist's details by ID. It is not possible to update the blocklist content using this operation. | +| [add_ips_to_blocklist](#add_ips_to_blocklist) | Add IPs to a blocklist. If an IP is already in the blocklist, its expiration will be updated with the new expiration. | +| [overwrite_ips](#overwrite_ips) | Overwrite blocklist content | +| [delete_ips_from_blocklist](#delete_ips_from_blocklist) | Delete IPs from a blocklist | +| [download_blocklist_content](#download_blocklist_content) | Download blocklist content as a list of ips as plain text separated by new lines. The response will include the ETag header for cache control. If_Modified_Since and If_None_Match cache control headers are supported for conditional requests. | +| [get_blocklist_subscribers](#get_blocklist_subscribers) | Get blocklist subscribers within your organization. | +| [subscribe_blocklist](#subscribe_blocklist) | Subscribe to a blocklist with a remediation type. If the entity type is the full organization or a Tag, all the engines belonging to the organization or the Tag will be subscribed and new engines that will join the organization or the Tag will also be automatically subscribed. If the subscription has been done on an organization or Tag you cannot unsubscribe individual engines. In case of errors for some subscribers, the operation will still succeed for the entities that were successfully subscribed and you'll have the list of errors in the operation's result. This operation is submitted to quotas. | +| [unsubscribe_blocklist](#unsubscribe_blocklist) | Unsubscribe from a blocklist. You cannot unsubscribe individual engines if the subscription has been done on an organization or Tag. | +| [share_blocklist](#share_blocklist) | Share a blocklist with other organizations given their IDs. The blocklist must be owned by your organization. You can give read-only access or read-write access to the blocklist. Sharing a blocklist will not automatically subscribe the shared organizations to the blocklist. | +| [unshare_blocklist](#unshare_blocklist) | Unshare a blocklist with other organizations. If the blocklist is subscribed by the organization, the operation will fail.Use force query parameter to unshare a blocklist even if subscriptions exists. | + +## **get_blocklists** +### Get multiple blocklists. Only blocklists owned by your organization, shared with your organization or public blocklists are returned. Filters and pagination are available as query parameters. +- Endpoint: `/blocklists` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| page | int | Page number | False | 1 | +| page_size | int | Page size | False | 100 | +| subscribed_only | bool | only subscribed blocklists | False | False | +| exclude_subscribed | bool | exclude subscribed blocklists | False | False | +| include_filter | list[BlocklistIncludeFilters] | Include blocklists with the specified filters | False | ['private', 'shared'] | +| category | Optional[list[str]] | Filter by category | False | None | +| size | int | Page size | False | 50 | +### Returns: +[PublicBlocklistResponsePage](./Models.md#publicblocklistresponsepage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +try: + response = client.get_blocklists( + page=1, + page_size=100, + subscribed_only=True, + exclude_subscribed=True, + include_filter=['private', 'shared'], + category=None, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **create_blocklist** +### Create a new blocklist owned by your organization. The name must be unique within your organization. The list will only be visible to your organization and organizations you shared the blocklist with. This operation is submitted to quotas +- Endpoint: `/blocklists` +- Method: `POST` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [BlocklistCreateRequest](./Models.md#blocklistcreaterequest) | Request body | Yes | - | +### Returns: +[PublicBlocklistResponse](./Models.md#publicblocklistresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 409 | Blocklist already exists | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, + BlocklistCreateRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +request = BlocklistCreateRequest( + name=None, + label=None, + description=None, + references=None, + tags=None, +) +try: + response = client.create_blocklist( + request=request, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **search_blocklist** +### Search blocklists +- Endpoint: `/blocklists/search` +- Method: `POST` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [BlocklistSearchRequest](./Models.md#blocklistsearchrequest) | Request body | Yes | - | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | +### Returns: +[PublicBlocklistResponsePage](./Models.md#publicblocklistresponsepage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, + BlocklistSearchRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +request = BlocklistSearchRequest( + page=None, + page_size=None, + pricing_tiers=None, + query=None, + targeted_countries=None, + classifications=None, + behaviors=None, + min_ips=None, + sources=None, + categories=None, + is_private=None, + is_subscribed=None, +) +try: + response = client.search_blocklist( + request=request, + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_blocklist** +### Get the details of a blocklist by ID. The content of the blocklist is not returned. +- Endpoint: `/blocklists/{blocklist_id}` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| blocklist_id | str | | True | | +### Returns: +[PublicBlocklistResponse](./Models.md#publicblocklistresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Blocklist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +try: + response = client.get_blocklist( + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **delete_blocklist** +### Delete a blocklist by ID. If the blocklist is shared with other organizations or it has subscriptions, the operation will fail. If you want to force delete the blocklist, you can use the force query parameter, so the blocklists will be unshared / unsubscribed. +- Endpoint: `/blocklists/{blocklist_id}` +- Method: `DELETE` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| blocklist_id | str | | True | | +| force | bool | Force delete the blocklist if it is shared or subscribed | False | False | +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Blocklist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +try: + response = client.delete_blocklist( + blocklist_id='sample-blocklist-id', + force=True, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **update_blocklist** +### Update a blocklist's details by ID. It is not possible to update the blocklist content using this operation. +- Endpoint: `/blocklists/{blocklist_id}` +- Method: `PATCH` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [BlocklistUpdateRequest](./Models.md#blocklistupdaterequest) | Request body | Yes | - | +| blocklist_id | str | | True | | +### Returns: +[PublicBlocklistResponse](./Models.md#publicblocklistresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 403 | Blocklist is read-only | +| 404 | Blocklist not found | +| 500 | Internal server error | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, + BlocklistUpdateRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +request = BlocklistUpdateRequest( + label=None, + description=None, + references=None, + tags=None, + from_cti_query=None, + since=None, +) +try: + response = client.update_blocklist( + request=request, + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **add_ips_to_blocklist** +### Add IPs to a blocklist. If an IP is already in the blocklist, its expiration will be updated with the new expiration. +- Endpoint: `/blocklists/{blocklist_id}/ips` +- Method: `POST` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [BlocklistAddIPsRequest](./Models.md#blocklistaddipsrequest) | Request body | Yes | - | +| blocklist_id | str | | True | | +### Errors: +| Code | Description | +| ---- | ----------- | +| 403 | Blocklist is read-only | +| 404 | Blocklist not found | +| 412 | Payload too large for one operation, limit is 20000 IPs per request | +| 500 | Internal server error | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, + BlocklistAddIPsRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +request = BlocklistAddIPsRequest( + ips=None, + expiration=None, +) +try: + response = client.add_ips_to_blocklist( + request=request, + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **overwrite_ips** +### Overwrite blocklist content +- Endpoint: `/blocklists/{blocklist_id}/ips/bulk_overwrite` +- Method: `POST` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [BlocklistAddIPsRequest](./Models.md#blocklistaddipsrequest) | Request body | Yes | - | +| blocklist_id | str | | True | | +### Errors: +| Code | Description | +| ---- | ----------- | +| 403 | Blocklist is read-only | +| 404 | Blocklist not found | +| 412 | Payload too large for one operation, limit is 20000 IPs per request | +| 500 | Internal server error | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, + BlocklistAddIPsRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +request = BlocklistAddIPsRequest( + ips=None, + expiration=None, +) +try: + response = client.overwrite_ips( + request=request, + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **delete_ips_from_blocklist** +### Delete IPs from a blocklist +- Endpoint: `/blocklists/{blocklist_id}/ips/delete` +- Method: `POST` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [BlocklistDeleteIPsRequest](./Models.md#blocklistdeleteipsrequest) | Request body | Yes | - | +| blocklist_id | str | | True | | +### Errors: +| Code | Description | +| ---- | ----------- | +| 403 | Blocklist is read-only | +| 404 | Blocklist not found | +| 500 | Internal server error | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, + BlocklistDeleteIPsRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +request = BlocklistDeleteIPsRequest( + ips=None, +) +try: + response = client.delete_ips_from_blocklist( + request=request, + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **download_blocklist_content** +### Download blocklist content as a list of ips as plain text separated by new lines. The response will include the ETag header for cache control. If_Modified_Since and If_None_Match cache control headers are supported for conditional requests. +- Endpoint: `/blocklists/{blocklist_id}/download` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| blocklist_id | str | | True | | +| if_modified_since | Optional[str] | If_Modified_Since cache control header | False | None | +| if_none_match | Optional[str] | If_None_Match cache control header | False | None | +### Returns: +[str](./Models.md#str) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Blocklist not found | +| 204 | Blocklist is empty | +| 500 | Internal server error | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +try: + response = client.download_blocklist_content( + blocklist_id='sample-blocklist-id', + if_modified_since=None, + if_none_match=None, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_blocklist_subscribers** +### Get blocklist subscribers within your organization. +- Endpoint: `/blocklists/{blocklist_id}/subscribers` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| blocklist_id | str | | True | | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | +### Returns: +[BlocklistSubscriberEntityPage](./Models.md#blocklistsubscriberentitypage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Blocklist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +try: + response = client.get_blocklist_subscribers( + blocklist_id='sample-blocklist-id', + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **subscribe_blocklist** +### Subscribe to a blocklist with a remediation type. If the entity type is the full organization or a Tag, all the engines belonging to the organization or the Tag will be subscribed and new engines that will join the organization or the Tag will also be automatically subscribed. If the subscription has been done on an organization or Tag you cannot unsubscribe individual engines. In case of errors for some subscribers, the operation will still succeed for the entities that were successfully subscribed and you'll have the list of errors in the operation's result. This operation is submitted to quotas. +- Endpoint: `/blocklists/{blocklist_id}/subscribers` +- Method: `POST` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [BlocklistSubscriptionRequest](./Models.md#blocklistsubscriptionrequest) | Request body | Yes | - | +| blocklist_id | str | | True | | +### Returns: +[BlocklistSubscriptionResponse](./Models.md#blocklistsubscriptionresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Blocklist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, + BlocklistSubscriptionRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +request = BlocklistSubscriptionRequest( + ids=None, + entity_type=None, + remediation=None, +) +try: + response = client.subscribe_blocklist( + request=request, + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **unsubscribe_blocklist** +### Unsubscribe from a blocklist. You cannot unsubscribe individual engines if the subscription has been done on an organization or Tag. +- Endpoint: `/blocklists/{blocklist_id}/subscribers/{entity_id}` +- Method: `DELETE` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| blocklist_id | str | | True | | +| entity_id | str | | True | | +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Blocklist not found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +try: + response = client.unsubscribe_blocklist( + blocklist_id='sample-blocklist-id', + entity_id='entity_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **share_blocklist** +### Share a blocklist with other organizations given their IDs. The blocklist must be owned by your organization. You can give read-only access or read-write access to the blocklist. Sharing a blocklist will not automatically subscribe the shared organizations to the blocklist. +- Endpoint: `/blocklists/{blocklist_id}/shares` +- Method: `POST` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [BlocklistShareRequest](./Models.md#blocklistsharerequest) | Request body | Yes | - | +| blocklist_id | str | | True | | +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Blocklist not found | +| 409 | Blocklist is not private | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, + BlocklistShareRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +request = BlocklistShareRequest( + organizations=None, +) +try: + response = client.share_blocklist( + request=request, + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **unshare_blocklist** +### Unshare a blocklist with other organizations. If the blocklist is subscribed by the organization, the operation will fail.Use force query parameter to unshare a blocklist even if subscriptions exists. +- Endpoint: `/blocklists/{blocklist_id}/shares/{unshare_organization_id}` +- Method: `DELETE` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| blocklist_id | str | | True | | +| unshare_organization_id | str | | True | | +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Blocklist not found | +| 409 | Blocklist is not private | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Blocklists, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Blocklists(auth=auth) +try: + response = client.unshare_blocklist( + blocklist_id='sample-blocklist-id', + unshare_organization_id='unshare_organization_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + diff --git a/doc/Cves.md b/doc/Cves.md deleted file mode 100644 index fad591b..0000000 --- a/doc/Cves.md +++ /dev/null @@ -1,328 +0,0 @@ - - -# Cves Methods -| Method | Description | -| ------ | ----------- | -| [get_cves](#get_cves) | Get a paginated list of CVEs that CrowdSec is tracking | -| [get_cve](#get_cve) | Get information about a specific CVE ID | -| [download_cve_ips](#download_cve_ips) | Download the list of IPs exploiting a specific CVE ID in raw format | -| [get_cve_ips_details](#get_cve_ips_details) | Get detailed information about IPs exploiting a specific CVE ID | -| [get_cve_subscribed_integrations](#get_cve_subscribed_integrations) | Get the list of integrations subscribed to a specific CVE ID | -| [subscribe_integration_to_cve](#subscribe_integration_to_cve) | Subscribe an integration to receive threats related to a specific CVE ID | -| [unsubscribe_integration_from_cve](#unsubscribe_integration_from_cve) | Unsubscribe an integration from receiving threats related to a specific CVE ID | -| [get_cve_timeline](#get_cve_timeline) | Get timeline data of occurrences for a specific CVE ID | - -## **get_cves** -### Get a paginated list of CVEs that CrowdSec is tracking -- Endpoint: `/cves` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| query | Optional[str] | Search query for CVEs | False | None | -| sort_by | Optional[GetCVEsSortBy] | Field to sort by | False | GetCVEsSortBy("rule_release_date") | -| sort_order | Optional[GetCVEsSortOrder] | Sort order: ascending or descending | False | GetCVEsSortOrder("desc") | -| filters | Optional[list[GetCVEsFilterBy]] | Filters to apply on the CVE list | False | None | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[GetCVEsResponsePage](./Models.md#getcvesresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Cves, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Cves(auth=auth) -try: - response = client.get_cves( - query=None, - sort_by=rule_release_date, - sort_order=desc, - filters=None, - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **get_cve** -### Get information about a specific CVE ID -- Endpoint: `/cves/{cve_id}` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| cve_id | str | | True | | -### Returns: -[GetCVEResponse](./Models.md#getcveresponse) -### Errors: -| Code | Description | -| ---- | ----------- | -| 404 | CVE Not Found | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Cves, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Cves(auth=auth) -try: - response = client.get_cve( - cve_id='cve_id', - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **download_cve_ips** -### Download the list of IPs exploiting a specific CVE ID in raw format -- Endpoint: `/cves/{cve_id}/ips-download` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| cve_id | str | | True | | -### Returns: -[str](./Models.md#str) -### Errors: -| Code | Description | -| ---- | ----------- | -| 404 | CVE Not Found | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Cves, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Cves(auth=auth) -try: - response = client.download_cve_ips( - cve_id='cve_id', - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **get_cve_ips_details** -### Get detailed information about IPs exploiting a specific CVE ID -- Endpoint: `/cves/{cve_id}/ips-details` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| cve_id | str | | True | | -| since | Optional[str] | Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d | False | "14d" | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[GetCVEIPsResponsePage](./Models.md#getcveipsresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 404 | CVE Not Found | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Cves, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Cves(auth=auth) -try: - response = client.get_cve_ips_details( - cve_id='cve_id', - since=14d, - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **get_cve_subscribed_integrations** -### Get the list of integrations subscribed to a specific CVE ID -- Endpoint: `/cves/{cve_id}/integrations` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| cve_id | str | | True | | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[GetCVESubscribedIntegrationsResponsePage](./Models.md#getcvesubscribedintegrationsresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 404 | CVE Not Found | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Cves, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Cves(auth=auth) -try: - response = client.get_cve_subscribed_integrations( - cve_id='cve_id', - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **subscribe_integration_to_cve** -### Subscribe an integration to receive threats related to a specific CVE ID -- Endpoint: `/cves/{cve_id}/integrations` -- Method: `POST` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| request | [SubscribeCVEIntegrationRequest](./Models.md#subscribecveintegrationrequest) | Request body | Yes | - | -| cve_id | str | | True | | -### Errors: -| Code | Description | -| ---- | ----------- | -| 404 | Integration Not Found | -| 400 | CVE Already Subscribed | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Cves, - ApiKeyAuth, - SubscribeCVEIntegrationRequest, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Cves(auth=auth) -request = SubscribeCVEIntegrationRequest( - name=None, -) -try: - response = client.subscribe_integration_to_cve( - request=request, - cve_id='cve_id', - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **unsubscribe_integration_from_cve** -### Unsubscribe an integration from receiving threats related to a specific CVE ID -- Endpoint: `/cves/{cve_id}/integrations/{integration_name}` -- Method: `DELETE` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| cve_id | str | | True | | -| integration_name | str | | True | | -### Errors: -| Code | Description | -| ---- | ----------- | -| 404 | Integration Not Found | -| 400 | CVE Already Unsubscribed | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Cves, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Cves(auth=auth) -try: - response = client.unsubscribe_integration_from_cve( - cve_id='cve_id', - integration_name='integration_name', - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **get_cve_timeline** -### Get timeline data of occurrences for a specific CVE ID -- Endpoint: `/cves/{cve_id}/timeline` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| cve_id | str | | True | | -| since_days | SinceOptions | Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days. | False | | -### Returns: -[list[TimelineItem]](./Models.md#list[timelineitem]) -### Errors: -| Code | Description | -| ---- | ----------- | -| 404 | CVE Not Found | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Cves, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Cves(auth=auth) -try: - response = client.get_cve_timeline( - cve_id='cve_id', - since_days=None, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - diff --git a/doc/Decisions.md b/doc/Decisions.md new file mode 100644 index 0000000..d07bf31 --- /dev/null +++ b/doc/Decisions.md @@ -0,0 +1,113 @@ + + +# Decisions Methods +| Method | Description | +| ------ | ----------- | +| [get_decisions](#get_decisions) | Get decisions | +| [create_decision](#create_decision) | Create a new decision. | + +## **get_decisions** +### Get decisions +- Endpoint: `/decisions` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| instance_ids | list[str] | Filter decisions by instance IDs | False | [] | +| tag_ids | list[str] | Filter decisions by tag IDs | False | [] | +| remediation_types | list[str] | Filter decisions by remediation types | False | [] | +| ips | list[str] | Filter decisions by IPs (only for IP decisions) | False | [] | +| sort_by | Optional[DecisionsSortBy] | Field to sort by (e.g., created_at, duration) | False | DecisionsSortBy("created_at") | +| sort_order | Optional[DecisionsSortOrder] | Sort order: 'asc' for ascending, 'desc' for descending | False | DecisionsSortOrder("desc") | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | +### Returns: +[DecisionsGetResponsePage](./Models.md#decisionsgetresponsepage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | Not found | +| 500 | Internal server error | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Decisions, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Decisions(auth=auth) +try: + response = client.get_decisions( + instance_ids=['sample-item'], + tag_ids=['sample-item'], + remediation_types=['sample-item'], + ips=['sample-item'], + sort_by=created_at, + sort_order=desc, + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **create_decision** +### Create a new decision. +- Endpoint: `/decisions` +- Method: `POST` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [DecisionCreateRequest](./Models.md#decisioncreaterequest) | Request body | Yes | - | +### Returns: +[DecisionCreateResponse](./Models.md#decisioncreateresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 409 | Conflict: Decision value is in allowlists; cannot create decision. | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Decisions, + ApiKeyAuth, + DecisionCreateRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Decisions(auth=auth) +request = DecisionCreateRequest( + created_at=None, + uuid=None, + id=None, + duration=None, + origin=None, + scenario=None, + scope=None, + type=None, + value=None, + country=None, + as_name=None, + as_num=None, + city=None, + latitude=None, + longitude=None, + target=None, +) +try: + response = client.create_decision( + request=request, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + diff --git a/doc/Fingerprints.md b/doc/Fingerprints.md deleted file mode 100644 index 4a4e862..0000000 --- a/doc/Fingerprints.md +++ /dev/null @@ -1,321 +0,0 @@ - - -# Fingerprints Methods -| Method | Description | -| ------ | ----------- | -| [get_fingerprint_rules](#get_fingerprint_rules) | Get a paginated list of fingerprint rules | -| [download_fingerprint_ips](#download_fingerprint_ips) | Download the list of IPs exploiting a specific fingerprint rule in raw format | -| [get_fingerprint_ips_details](#get_fingerprint_ips_details) | Get detailed information about IPs exploiting a specific fingerprint rule | -| [get_fingerprint_subscribed_integrations](#get_fingerprint_subscribed_integrations) | Get the list of integrations subscribed to a specific fingerprint rule | -| [subscribe_integration_to_fingerprint](#subscribe_integration_to_fingerprint) | Subscribe an integration to receive threats related to a specific fingerprint rule | -| [unsubscribe_integration_from_fingerprint](#unsubscribe_integration_from_fingerprint) | Unsubscribe an integration from receiving threats related to a specific fingerprint rule | -| [get_fingerprint_timeline](#get_fingerprint_timeline) | Get timeline data of occurrences for a specific fingerprint rule | -| [get_fingerprint_rule](#get_fingerprint_rule) | Get information about a specific fingerprint rule | - -## **get_fingerprint_rules** -### Get a paginated list of fingerprint rules -- Endpoint: `/fingerprints` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| query | Optional[str] | Search query for fingerprint rules | False | None | -| sort_by | Optional[GetCVEsSortBy] | Field to sort by | False | GetCVEsSortBy("rule_release_date") | -| sort_order | Optional[GetCVEsSortOrder] | Sort order: ascending or descending | False | GetCVEsSortOrder("desc") | -| filters | Optional[list[GetCVEsFilterBy]] | Filters to apply on the fingerprint rule list | False | None | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[GetFingerprintRulesResponsePage](./Models.md#getfingerprintrulesresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Fingerprints, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Fingerprints(auth=auth) -try: - response = client.get_fingerprint_rules( - query=None, - sort_by=rule_release_date, - sort_order=desc, - filters=None, - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **download_fingerprint_ips** -### Download the list of IPs exploiting a specific fingerprint rule in raw format -- Endpoint: `/fingerprints/{fingerprint}/ips-download` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| fingerprint | str | | True | | -### Returns: -[str](./Models.md#str) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Fingerprints, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Fingerprints(auth=auth) -try: - response = client.download_fingerprint_ips( - fingerprint='fingerprint', - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **get_fingerprint_ips_details** -### Get detailed information about IPs exploiting a specific fingerprint rule -- Endpoint: `/fingerprints/{fingerprint}/ips-details` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| fingerprint | str | | True | | -| since | Optional[str] | Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d | False | "14d" | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[GetFingerprintIPsResponsePage](./Models.md#getfingerprintipsresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Fingerprints, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Fingerprints(auth=auth) -try: - response = client.get_fingerprint_ips_details( - fingerprint='fingerprint', - since=14d, - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **get_fingerprint_subscribed_integrations** -### Get the list of integrations subscribed to a specific fingerprint rule -- Endpoint: `/fingerprints/{fingerprint}/integrations` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| fingerprint | str | | True | | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[GetFingerprintSubscribedIntegrationsResponsePage](./Models.md#getfingerprintsubscribedintegrationsresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Fingerprints, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Fingerprints(auth=auth) -try: - response = client.get_fingerprint_subscribed_integrations( - fingerprint='fingerprint', - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **subscribe_integration_to_fingerprint** -### Subscribe an integration to receive threats related to a specific fingerprint rule -- Endpoint: `/fingerprints/{fingerprint}/integrations` -- Method: `POST` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| request | [SubscribeFingerprintIntegrationRequest](./Models.md#subscribefingerprintintegrationrequest) | Request body | Yes | - | -| fingerprint | str | | True | | -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Fingerprints, - ApiKeyAuth, - SubscribeFingerprintIntegrationRequest, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Fingerprints(auth=auth) -request = SubscribeFingerprintIntegrationRequest( - name=None, -) -try: - response = client.subscribe_integration_to_fingerprint( - request=request, - fingerprint='fingerprint', - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **unsubscribe_integration_from_fingerprint** -### Unsubscribe an integration from receiving threats related to a specific fingerprint rule -- Endpoint: `/fingerprints/{fingerprint}/integrations/{integration_name}` -- Method: `DELETE` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| fingerprint | str | | True | | -| integration_name | str | | True | | -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Fingerprints, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Fingerprints(auth=auth) -try: - response = client.unsubscribe_integration_from_fingerprint( - fingerprint='fingerprint', - integration_name='integration_name', - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **get_fingerprint_timeline** -### Get timeline data of occurrences for a specific fingerprint rule -- Endpoint: `/fingerprints/{fingerprint}/timeline` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| fingerprint | str | | True | | -| since_days | SinceOptions | Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days. | False | | -| interval | Optional[IntervalOptions] | Interval for aggregating timeline data. Options: 'hour', 'day', 'week'. Default is adapted based on 'since' parameter. | False | None | -### Returns: -[list[FingerprintTimelineItem]](./Models.md#list[fingerprinttimelineitem]) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Fingerprints, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Fingerprints(auth=auth) -try: - response = client.get_fingerprint_timeline( - fingerprint='fingerprint', - since_days=None, - interval=None, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **get_fingerprint_rule** -### Get information about a specific fingerprint rule -- Endpoint: `/fingerprints/{fingerprint}` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| fingerprint | str | | True | | -### Returns: -[FingerprintRuleResponse](./Models.md#fingerprintruleresponse) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Fingerprints, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Fingerprints(auth=auth) -try: - response = client.get_fingerprint_rule( - fingerprint='fingerprint', - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - diff --git a/doc/Hub.md b/doc/Hub.md new file mode 100644 index 0000000..9c10d85 --- /dev/null +++ b/doc/Hub.md @@ -0,0 +1,172 @@ + + +# Hub Methods +| Method | Description | +| ------ | ----------- | +| [get_index](#get_index) | Get a (minimized) index file for 'cscli hub update'. May or may not include unused fields +(content, long descriptions, labels...) or redundant ones (author, name). | +| [head_index](#head_index) | This endpoint returns cache-related headers for the index file without the full content. +It is useful for validating cache, checking resource freshness, and managing client-side +cache expiration policies. No body content is returned. | +| [get_item_content](#get_item_content) | Get an item's content from its path. This is usually a YAML file. | +| [head_item_content](#head_item_content) | This endpoint returns cache-related headers for an item's content. It is useful for validating +cache, checking resource freshness, and managing client-side cache expiration policies. No body +content is returned. | + +## **get_index** +### Get a (minimized) index file for 'cscli hub update'. May or may not include unused fields +(content, long descriptions, labels...) or redundant ones (author, name). +- Endpoint: `/hub/index/{tenant}/{branch}/.index.json` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| branch | str | | True | | +| tenant | str | | True | | +| with_content | bool | Include content in the index | False | False | +### Returns: +[Index](./Models.md#index) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Hub, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Hub(auth=auth) +try: + response = client.get_index( + branch='branch', + tenant='tenant', + with_content=True, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **head_index** +### This endpoint returns cache-related headers for the index file without the full content. +It is useful for validating cache, checking resource freshness, and managing client-side +cache expiration policies. No body content is returned. +- Endpoint: `/hub/index/{tenant}/{branch}/.index.json` +- Method: `HEAD` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| branch | str | | True | | +| tenant | str | | True | | +| with_content | bool | Include content in the index | False | False | +### Returns: +[Index](./Models.md#index) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Hub, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Hub(auth=auth) +try: + response = client.head_index( + branch='branch', + tenant='tenant', + with_content=True, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_item_content** +### Get an item's content from its path. This is usually a YAML file. +- Endpoint: `/hub/index/{tenant}/{branch}/{item_path}` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| item_path | str | | True | | +| branch | str | | True | | +| tenant | str | | True | | +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | No content field | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Hub, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Hub(auth=auth) +try: + response = client.get_item_content( + item_path='item_path', + branch='branch', + tenant='tenant', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **head_item_content** +### This endpoint returns cache-related headers for an item's content. It is useful for validating +cache, checking resource freshness, and managing client-side cache expiration policies. No body +content is returned. +- Endpoint: `/hub/index/{tenant}/{branch}/{item_path}` +- Method: `HEAD` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| item_path | str | | True | | +| branch | str | | True | | +| tenant | str | | True | | +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Hub, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Hub(auth=auth) +try: + response = client.head_item_content( + item_path='item_path', + branch='branch', + tenant='tenant', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + diff --git a/doc/Info.md b/doc/Info.md new file mode 100644 index 0000000..9cedc0c --- /dev/null +++ b/doc/Info.md @@ -0,0 +1,35 @@ + + +# Info Methods +| Method | Description | +| ------ | ----------- | +| [get_info](#get_info) | Get the current user and organization informations | + +## **get_info** +### Get the current user and organization informations +- Endpoint: `/info` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +### Returns: +[InfoResponse](./Models.md#inforesponse) +### Usage + +```python +from crowdsec_tracker_api import ( + Info, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Info(auth=auth) +try: + response = client.get_info( + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + diff --git a/doc/Integrations.md b/doc/Integrations.md index 987126d..04a7b66 100644 --- a/doc/Integrations.md +++ b/doc/Integrations.md @@ -21,6 +21,8 @@ | Parameter | Type | Description | Required | Default | | --------- | ---- | ----------- | -------- | ------- | | tag | Optional[list[str]] | List of tags associated with the integrations (any of) | False | None | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | ### Returns: [IntegrationGetResponsePage](./Models.md#integrationgetresponsepage) ### Errors: @@ -40,6 +42,8 @@ client = Integrations(auth=auth) try: response = client.get_integrations( tag=None, + page=1, + size=50, ) print(response) except HTTPStatusError as e: diff --git a/doc/Metrics.md b/doc/Metrics.md new file mode 100644 index 0000000..29a69bd --- /dev/null +++ b/doc/Metrics.md @@ -0,0 +1,49 @@ + + +# Metrics Methods +| Method | Description | +| ------ | ----------- | +| [get_metrics_remediation](#get_metrics_remediation) | Get remediation metrics | + +## **get_metrics_remediation** +### Get remediation metrics +- Endpoint: `/metrics/remediation` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| start_date | str | Start date of the metrics, default to last day | False | | +| end_date | str | End date of the metrics | False | | +| engine_ids | list[str] | List of engine ids | False | [] | +| integration_ids | list[str] | List of integration ids | False | [] | +| tags | list[str] | List of tags | False | [] | +### Returns: +[GetRemediationMetricsResponse](./Models.md#getremediationmetricsresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Metrics, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Metrics(auth=auth) +try: + response = client.get_metrics_remediation( + start_date='start_date', + end_date='end_date', + engine_ids=['sample-item'], + integration_ids=['sample-item'], + tags=['sample-item'], + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + diff --git a/doc/Models.md b/doc/Models.md index 9909bfb..70e39e0 100644 --- a/doc/Models.md +++ b/doc/Models.md @@ -19,12 +19,14 @@ username, password # **BlocklistSubscription** ## Required: -id +id, name, label ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| | id | str | None || | remediation | Optional[str] | None || +| name | str | None || +| label | str | None || # **CVESubscription** ## Required: @@ -40,7 +42,7 @@ id ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| id | str | None || +| id | str | Fingerprint ID || # **HTTPValidationError** ## Properties @@ -195,545 +197,829 @@ loc, msg, type | msg | str | None || | type | str | None || -# **AdjustmentScore** +# **AllowlistCreateRequest** ## Required: -total, recency, low_info +name ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| total | int | Total score adjustment || -| recency | int | Recency score adjustment || -| low_info | int | Low information score adjustment || +| name | str | Name of the allowlist || +| description | Optional[str] | Description of the allowlist || -# **AffectedComponent** +# **AllowlistCreateResponse** +## Required: +id, organization_id, name, created_at, total_items ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| vendor | Optional[str] | Vendor of the affected component || -| product | Optional[str] | Product name of the affected component || +| id | str | ID of the allowlist || +| organization_id | str | ID of the owner organization || +| name | str | Name of the allowlist || +| description | str | Description of the allowlist || +| created_at | str | Time the allowlist was created || +| updated_at | Optional[str] | Time the allowlist was updated || +| from_cti_query | Optional[str] | CTI query from which the blocklist was created || +| since | Optional[str] | Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days || +| total_items | int | Number of items in the allowlist || -# **AllowlistSubscription** +# **AllowlistGetItemsResponse** ## Required: -id +id, allowlist_id, description, scope, value, created_at, created_by ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| id | str | None || +| id | str | ID of the allowlist entry || +| allowlist_id | str | ID of the allowlist || +| description | str | Description of the allowlist entry || +| scope | AllowlistScope | None || +| value | Union[str, str] | Value of the allowlist entry || +| created_at | str | Time the allowlist entry was created || +| updated_at | Optional[str] | Time the allowlist entry was updated || +| created_by | SourceInfo | None || +| updated_by | Optional[SourceInfo] | The source user who updated the allowlist entry || +| expiration | Optional[str] | Time the allowlist entry will expire || -# **AttackDetail** +# **AllowlistGetItemsResponsePage** ## Required: -name, label, description +items, total, page, size, pages, links ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| name | str | Attack detail name || -| label | str | Attack detail label || -| description | str | Attack detail description || -| references | list[str] | Attack detail references || +| items | list[AllowlistGetItemsResponse] | None || +| total | int | None || +| page | int | None || +| size | int | None || +| pages | int | None || +| links | Links | None || -# **Behavior** +# **AllowlistGetResponse** ## Required: -name, label, description +id, organization_id, name, created_at, total_items ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| name | str | Behavior name || -| label | str | Behavior label || -| description | str | Behavior description || +| id | str | ID of the allowlist || +| organization_id | str | ID of the owner organization || +| name | str | Name of the allowlist || +| description | str | Description of the allowlist || +| created_at | str | Time the allowlist was created || +| updated_at | Optional[str] | Time the allowlist was updated || +| from_cti_query | Optional[str] | CTI query from which the blocklist was created || +| since | Optional[str] | Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days || +| total_items | int | Number of items in the allowlist || +| subscribers | list[AllowlistSubscribersCount] | List of subscribers count by entity type || -# **CVEEvent** +# **AllowlistGetResponsePage** ## Required: -date, description, label, name +items, total, page, size, pages, links ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| date | str | Date of the event || -| description | str | Description of the event || -| label | str | Label of the event || -| name | str | Name of the event || +| items | list[AllowlistGetResponse] | None || +| total | int | None || +| page | int | None || +| size | int | None || +| pages | int | None || +| links | Links | None || + +# **AllowlistItemUpdateRequest** +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| description | str | Description of the allowlist entry || +| expiration | Optional[str] | Time the allowlist entry will expire || -# **CVEResponseBase** +# **AllowlistItemUpdateResponse** ## Required: -id, name, title, affected_components, crowdsec_score, nb_ips, published_date, has_public_exploit, exploitation_phase +id, allowlist_id, description, scope, value, created_at, updated_at, created_by, updated_by ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| id | str | ID of the CVE || -| name | str | Name of the CVE || -| title | str | Title of the CVE || -| affected_components | list[AffectedComponent] | List of affected components || -| crowdsec_score | int | Live Exploit Tracker score of the CVE || -| opportunity_score | int | Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5) || -| momentum_score | int | Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5) || -| first_seen | Optional[str] | First seen date || -| last_seen | Optional[str] | Last seen date || -| nb_ips | int | Number of unique IPs affected || -| published_date | str | Published date of the CVE || -| cvss_score | Optional[float] | CVSS score of the CVE || -| has_public_exploit | bool | Indicates if there is a public exploit for the CVE || -| rule_release_date | Optional[str] | Release date of the associated detection rule || -| exploitation_phase | ExploitationPhase | None || -| adjustment_score | Optional[AdjustmentScore] | Score adjustments applied to the CVE score based on various factors || +| id | str | ID of the allowlist entry || +| allowlist_id | str | ID of the allowlist || +| description | str | Description of the allowlist entry || +| scope | AllowlistScope | None || +| value | Union[str, str] | Value of the allowlist entry || +| created_at | str | Time the allowlist entry was created || +| updated_at | str | Time the allowlist entry was updated || +| created_by | SourceInfo | None || +| updated_by | SourceInfo | None || +| expiration | Optional[str] | Time the allowlist entry will expire || -# **CVEsubscription** +# **AllowlistItemsCreateRequest** ## Required: -id +items, description ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| id | str | None || +| items | list[Union[str, str]] | List of values to add to the allowlist || +| description | str | Description of the allowlist entry || +| expiration | Optional[str] | Time the allowlist entry will expire || + +# **AllowlistScope** +## Enum: +IP, RANGE -# **CWE** +# **AllowlistSubscriberEntity** ## Required: -name, label, description +id, entity_type ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| name | str | Name of the CWE || -| label | str | Label of the CWE || -| description | str | Description of the CWE || +| id | str | Subscriber entity id || +| entity_type | SubscriberEntityType | None || -# **Classification** +# **AllowlistSubscriberEntityPage** ## Required: -name, label, description +items, total, page, size, pages, links ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| name | str | Classification name || -| label | str | Classification label || -| description | str | Classification description || +| items | list[AllowlistSubscriberEntity] | None || +| total | int | None || +| page | int | None || +| size | int | None || +| pages | int | None || +| links | Links | None || -# **Classifications** +# **AllowlistSubscribersCount** +## Required: +entity_type, count ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| false_positives | list[Classification] | False positive classifications || -| classifications | list[Classification] | Main classifications || +| entity_type | SubscriberEntityType | None || +| count | int | Subscriber entity count || -# **EntityType** -## Enum: -ORG, TAG, ENGINE, FIREWALL_INTEGRATION, REMEDIATION_COMPONENT_INTEGRATION, REMEDIATION_COMPONENT, LOG_PROCESSOR +# **AllowlistSubscriptionRequest** +## Required: +entity_type +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| ids | list[str] | List of subscriber entity id || +| entity_type | EntityType | None || -# **ExploitationPhase** +# **AllowlistSubscriptionResponse** ## Required: -name, label, description +updated, errors +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| updated | Optional[list[str]] | List of updated allowlist ids || +| errors | Optional[list[object]] | List of errors if any || + +# **AllowlistUpdateRequest** ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| name | str | Name of the exploitation phase || -| label | str | Label of the exploitation phase || -| description | str | Description of the exploitation phase || +| name | Optional[str] | Name of the allowlist || +| description | Optional[str] | Description of the allowlist || -# **FingerprintRuleResponse** +# **AllowlistUpdateResponse** ## Required: -id, name, title, affected_components, crowdsec_score, nb_ips, exploitation_phase +id, organization_id, name, created_at, total_items ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| id | str | Fingerprint rule identifier || -| name | str | Fingerprint rule name || -| title | str | Fingerprint rule title || -| affected_components | list[AffectedComponent] | List of affected components || -| crowdsec_score | int | Live Exploit Tracker score for the fingerprint rule || -| opportunity_score | int | Opportunity score || -| momentum_score | int | Momentum score || -| first_seen | Optional[str] | First seen date || -| last_seen | Optional[str] | Last seen date || -| nb_ips | int | Number of unique IPs observed || -| rule_release_date | Optional[str] | Release date of the fingerprint rule || -| exploitation_phase | ExploitationPhase | None || -| adjustment_score | Optional[AdjustmentScore] | Score adjustment details || -| hype_score | int | Hype score (raw momentum component) || -| tags | list[str] | Tags associated with the fingerprint rule || -| description | Optional[str] | Fingerprint rule description || -| references | list[str] | Reference links for the fingerprint rule || -| crowdsec_analysis | Optional[str] | CrowdSec analysis for this fingerprint rule || -| events | list[CVEEvent] | List of events related to the fingerprint rule || +| id | str | ID of the allowlist || +| organization_id | str | ID of the owner organization || +| name | str | Name of the allowlist || +| description | str | Description of the allowlist || +| created_at | str | Time the allowlist was created || +| updated_at | Optional[str] | Time the allowlist was updated || +| from_cti_query | Optional[str] | CTI query from which the blocklist was created || +| since | Optional[str] | Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days || +| total_items | int | Number of items in the allowlist || +| subscribers | list[AllowlistSubscribersCount] | List of subscribers count by entity type || -# **FingerprintRuleSummary** +# **AttacksMetrics** ## Required: -id, name, title, affected_components, crowdsec_score, nb_ips, exploitation_phase +total, label, progression, data ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| id | str | Fingerprint rule identifier || -| name | str | Fingerprint rule name || -| title | str | Fingerprint rule title || -| affected_components | list[AffectedComponent] | List of affected components || -| crowdsec_score | int | Live Exploit Tracker score for the fingerprint rule || -| opportunity_score | int | Opportunity score || -| momentum_score | int | Momentum score || -| first_seen | Optional[str] | First seen date || -| last_seen | Optional[str] | Last seen date || -| nb_ips | int | Number of unique IPs observed || -| rule_release_date | Optional[str] | Release date of the fingerprint rule || -| exploitation_phase | ExploitationPhase | None || -| adjustment_score | Optional[AdjustmentScore] | Score adjustment details || +| total | Union[int, float] | Total value of the metric || +| label | str | Label of the metric which is the attack type || +| progression | Optional[int] | Progression of the metric value from the previous period || +| data | list[RemediationMetricsData] | Data points || -# **FingerprintTimelineItem** +# **BlocklistAddIPsRequest** ## Required: -timestamp, count +ips ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| timestamp | str | Timestamp of the timeline event || -| count | int | Count of occurrences at the timestamp || +| ips | list[str] | List of IPs or networks || +| expiration | str | Expiration date || -# **GetCVEIPsResponsePage** +# **BlocklistCategory** ## Required: -items, total, page, size, pages, links +name, label, description, priority ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| items | list[IPItem] | None || -| total | int | None || -| page | int | None || -| size | int | None || -| pages | int | None || -| links | Links | None || +| name | str | None || +| label | str | None || +| description | str | None || +| priority | int | None || -# **GetCVEResponse** -## Required: -id, name, title, affected_components, crowdsec_score, nb_ips, published_date, has_public_exploit, exploitation_phase, references, description, crowdsec_analysis, cwes -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| id | str | ID of the CVE || -| name | str | Name of the CVE || -| title | str | Title of the CVE || -| affected_components | list[AffectedComponent] | List of affected components || -| crowdsec_score | int | Live Exploit Tracker score of the CVE || -| opportunity_score | int | Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5) || -| momentum_score | int | Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5) || -| first_seen | Optional[str] | First seen date || -| last_seen | Optional[str] | Last seen date || -| nb_ips | int | Number of unique IPs affected || -| published_date | str | Published date of the CVE || -| cvss_score | Optional[float] | CVSS score of the CVE || -| has_public_exploit | bool | Indicates if there is a public exploit for the CVE || -| rule_release_date | Optional[str] | Release date of the associated detection rule || -| exploitation_phase | ExploitationPhase | None || -| adjustment_score | Optional[AdjustmentScore] | Score adjustments applied to the CVE score based on various factors || -| hype_score | int | Hype score (raw momentum component) || -| tags | list[str] | Tags associated with the CVE || -| references | list[str] | List of references for the CVE || -| description | str | Description of the CVE || -| crowdsec_analysis | Optional[str] | CrowdSec analysis of the CVE || -| cwes | list[CWE] | List of CWEs associated with the CVE || -| events | list[CVEEvent] | List of events related to the CVE || - -# **GetCVESubscribedIntegrationsResponsePage** +# **BlocklistContentStats** +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| total_seen | int | None || +| total_fire | int | None || +| total_seen_1m | int | None || +| total_in_other_lists | int | None || +| total_false_positive | int | None || +| false_positive_removed_by_crowdsec | int | None || +| most_present_behaviors | list[CtiBehavior] | None || +| most_present_categories | list[CtiCategory] | None || +| most_present_scenarios | list[CtiScenario] | None || +| top_as | list[CtiAs] | None || +| top_attacking_countries | list[CtiCountry] | None || +| top_ips | list[CtiIp] | None || +| updated_at | Optional[str] | None || + +# **BlocklistCreateRequest** ## Required: -items, total, page, size, pages, links +name, description ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| items | list[IntegrationResponse] | None || -| total | int | None || -| page | int | None || -| size | int | None || -| pages | int | None || -| links | Links | None || +| name | str | Blocklist name, must be unique within the organization || +| label | str | Blocklist human readable name (Default: name) || +| description | str | Blocklist description || +| references | list[str] | Useful references on the list's origins || +| tags | list[str] | Classification tags || + +# **BlocklistDeleteIPsRequest** +## Required: +ips +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| ips | list[str] | List of IPs or networks || -# **GetCVEsFilterBy** +# **BlocklistIncludeFilters** ## Enum: -IS_PUBLIC +PUBLIC, PRIVATE, SHARED, ALL -# **GetCVEsResponsePage** +# **BlocklistOrigin** ## Required: -items, total, page, size, pages, links +label, id, pricing_tier ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| items | list[CVEResponseBase] | None || -| total | int | None || -| page | int | None || -| size | int | None || -| pages | int | None || -| links | Links | None || +| label | str | Label of the blocklist || +| id | str | ID of the blocklist || +| pricing_tier | PricingTiers | None || -# **GetCVEsSortBy** -## Enum: -RULE_RELEASE_DATE, TRENDING, NB_IPS, NAME +# **BlocklistSearchRequest** +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| page | int | Page number || +| page_size | int | Page size || +| pricing_tiers | list[PricingTiers] | Pricing tiers || +| query | str | Search query || +| targeted_countries | list[str] | Targeted countries || +| classifications | list[str] | Classifications || +| behaviors | list[str] | Behaviors || +| min_ips | int | Minimum number of IPs || +| sources | list[BlocklistSources] | Sources || +| categories | list[str] | Categories || +| is_private | Optional[bool] | Private blocklist || +| is_subscribed | Optional[bool] | Subscribed blocklist (None: all) || + +# **BlocklistShareRequest** +## Required: +organizations +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| organizations | list[Share] | List of organizations to share the blocklist || -# **GetCVEsSortOrder** +# **BlocklistSources** ## Enum: -ASC, DESC +CROWDSEC, THIRD_PARTY, CUSTOM -# **GetFingerprintIPsResponsePage** +# **BlocklistStats** +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| content_stats | BlocklistContentStats | None || +| usage_stats | Optional[BlocklistUsageStats] | None || +| addition_2days | int | None || +| addition_month | int | None || +| suppression_2days | int | None || +| suppression_month | int | None || +| change_2days_percentage | float | None || +| change_month_percentage | float | None || +| count | int | None || +| updated_at | Optional[str] | None || + +# **BlocklistSubscriberEntity** ## Required: -items, total, page, size, pages, links +id, entity_type, remediation ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| items | list[IPItem] | None || -| total | int | None || -| page | int | None || -| size | int | None || -| pages | int | None || -| links | Links | None || +| id | str | Subscriber entity id || +| entity_type | SubscriberEntityType | None || +| remediation | str | Remediation || -# **GetFingerprintRulesResponsePage** +# **BlocklistSubscriberEntityPage** ## Required: items, total, page, size, pages, links ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| items | list[FingerprintRuleSummary] | None || +| items | list[BlocklistSubscriberEntity] | None || | total | int | None || | page | int | None || | size | int | None || | pages | int | None || | links | Links | None || -# **GetFingerprintSubscribedIntegrationsResponsePage** +# **BlocklistSubscribersCount** ## Required: -items, total, page, size, pages, links +entity_type, count ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| items | list[IntegrationResponse] | None || -| total | int | None || -| page | int | None || -| size | int | None || -| pages | int | None || -| links | Links | None || +| entity_type | SubscriberEntityType | None || +| count | int | Subscriber entity count || -# **History** +# **BlocklistSubscriptionRequest** ## Required: -first_seen, last_seen, full_age, days_age +entity_type ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| first_seen | str | First seen timestamp || -| last_seen | str | Last seen timestamp || -| full_age | int | Full age in days || -| days_age | int | Days age || +| ids | list[str] | List of subscriber entity id || +| entity_type | SubscriberEntityType | None || +| remediation | Optional[str] | Remediation || -# **IPItem** +# **BlocklistSubscriptionResponse** ## Required: -ip +updated, errors +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| updated | Optional[list[str]] | List of updated blocklist ids || +| errors | Optional[list[object]] | List of errors if any || + +# **BlocklistUpdateRequest** +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| label | str | Blocklist human readable name || +| description | str | Blocklist description || +| references | list[str] | Blocklist references || +| tags | list[str] | Blocklist tags || +| from_cti_query | str | CTI query (doc link available soon) || +| since | str | Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days || + +# **BlocklistUsageStats** ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| ip | str | IP address || -| reputation | Optional[str] | Reputation of the IP || -| ip_range | Optional[str] | IP range || -| ip_range_score | Optional[int] | IP range score || -| ip_range_24 | Optional[str] | IP range /24 || -| ip_range_24_reputation | Optional[str] | IP range /24 reputation || -| ip_range_24_score | Optional[int] | IP range /24 score || -| as_name | Optional[str] | AS name || -| as_num | Optional[int] | AS number || -| background_noise_score | Optional[int] | Background noise score || -| background_noise | Optional[str] | Background noise level || -| confidence | Optional[str] | Confidence level || -| location | Optional[Location] | IP location information || -| reverse_dns | Optional[str] | Reverse DNS || -| behaviors | list[Behavior] | List of behaviors || -| references | list[Reference] | List of references || -| history | Optional[History] | Historical data || -| classifications | Optional[Classifications] | Classification data || -| mitre_techniques | list[MitreTechnique] | MITRE techniques || -| cves | list[str] | List of CVEs || -| attack_details | list[AttackDetail] | Attack details || -| target_countries | Target Countries | Target countries || -| scores | Optional[Scores] | Scoring information || +| engines_subscribed_directly | int | None || +| engines_subscribed_through_org | int | None || +| engines_subscribed_through_tag | int | None || +| total_subscribed_engines | int | None || +| total_subscribed_organizations | int | None || +| updated_at | Optional[str] | None || -# **IntegrationResponse** +# **Body_uploadBlocklistContent** ## Required: -organization_id, entity_type, name, output_format +file ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| tags | list[str] | None || -| organization_id | str | None || -| created_at | str | Time the integration was created || -| entity_type | EntityType | None || -| id | str | ID of the integration || -| blocklists | list[BlocklistSubscription] | None || -| allowlists | list[AllowlistSubscription] | None || -| cves | list[CVEsubscription] | None || -| fingerprints | list[FingerprintSubscription] | None || -| name | str | Name of the integration || -| updated_at | str | Last time the integration was updated || -| description | Optional[str] | Description of the integration || -| output_format | OutputFormat | None || -| last_pull | Optional[str] | Last time the integration pulled blocklists || -| pull_limit | Optional[int] | Maximum number of items to pull || -| enable_ip_aggregation | bool | Whether to enable IP aggregation into ranges || +| file | str | Blocklist file in txt format || -# **IntervalOptions** +# **ComputedMetrics** +## Required: +saved +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| saved | ComputedSavedMetrics | None || +| dropped | list[RemediationMetrics] | estimated dropped metrics || +| prevented | list[AttacksMetrics] | prevented attacks metrics || + +# **ComputedSavedMetrics** +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| log_lines | list[RemediationMetrics] | estimated log lines saved || +| storage | list[RemediationMetrics] | estimated storage saved || +| egress_traffic | list[RemediationMetrics] | estimated egress traffic saved || + +# **CtiAs** +## Required: +as_num, as_name, total_ips +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| as_num | str | None || +| as_name | str | None || +| total_ips | int | None || + +# **CtiBehavior** +## Required: +name, label, description, references, total_ips +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| name | str | None || +| label | str | None || +| description | str | None || +| references | list[str] | None || +| total_ips | int | None || + +# **CtiCategory** +## Required: +name, label, description, total_ips +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| name | str | None || +| label | str | None || +| description | str | None || +| total_ips | int | None || + +# **CtiCountry** +## Required: +country_short, total_ips +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| country_short | str | None || +| total_ips | int | None || + +# **CtiIp** +## Required: +ip, total_signals_1m +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| ip | str | None || +| total_signals_1m | int | None || +| reputation | str | None || + +# **CtiScenario** +## Required: +name, label, description, references, total_ips +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| name | str | None || +| label | str | None || +| description | str | None || +| references | list[str] | None || +| total_ips | int | None || + +# **DecisionCreateRequest** +## Required: +duration, origin, scenario, scope, type, value, target +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| created_at | str | None || +| uuid | Optional[str] | UUID of the decision || +| id | Optional[int] | ID of the decision || +| duration | str | Duration of the decision || +| origin | str | Origin of the decision || +| scenario | str | Scenario of the decision || +| scope | str | Scope of the decision || +| type | str | Type of the decision || +| value | str | Value of the decision || +| country | Optional[str] | Country associated with the decision || +| as_name | Optional[str] | AS name associated with the decision || +| as_num | Optional[int] | AS number associated with the decision || +| city | Optional[str] | City associated with the decision || +| latitude | Optional[float] | Latitude associated with the decision || +| longitude | Optional[float] | Longitude associated with the decision || +| target | DecisionTargetModel | None || + +# **DecisionCreateResponse** +## Required: +uuid +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| uuid | str | UUID of the created decision || + +# **DecisionResponse** +## Required: +uuid, id, duration, origin, scenario, scope, type, value, target +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| created_at | str | None || +| uuid | str | UUID of the decision || +| id | int | ID of the decision || +| duration | str | Duration of the decision || +| origin | str | Origin of the decision || +| scenario | str | Scenario of the decision || +| scope | str | Scope of the decision || +| type | str | Type of the decision || +| value | str | Value of the decision || +| country | Optional[str] | Country associated with the decision || +| as_name | Optional[str] | AS name associated with the decision || +| as_num | Optional[int] | AS number associated with the decision || +| city | Optional[str] | City associated with the decision || +| latitude | Optional[float] | Latitude associated with the decision || +| longitude | Optional[float] | Longitude associated with the decision || +| target | DecisionTargetModel | None || + +# **DecisionTargetModel** +## Required: +type, value +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| type | DecisionTargetType | None || +| value | str | Value of the decision target || + +# **DecisionTargetType** ## Enum: -HOUR, DAY, WEEK - -# **Location** -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| country | Optional[str] | Country code || -| city | Optional[str] | City name || -| latitude | Optional[float] | Latitude coordinate || -| longitude | Optional[float] | Longitude coordinate || - -# **LookupImpactCVEItem** -## Required: -id, name, title, affected_components, crowdsec_score, nb_ips, published_date, has_public_exploit, exploitation_phase, references, description, crowdsec_analysis, cwes -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| id | str | ID of the CVE || -| name | str | Name of the CVE || -| title | str | Title of the CVE || -| affected_components | list[AffectedComponent] | List of affected components || -| crowdsec_score | int | Live Exploit Tracker score of the CVE || -| opportunity_score | int | Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5) || -| momentum_score | int | Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5) || -| first_seen | Optional[str] | First seen date || -| last_seen | Optional[str] | Last seen date || -| nb_ips | int | Number of unique IPs affected || -| published_date | str | Published date of the CVE || -| cvss_score | Optional[float] | CVSS score of the CVE || -| has_public_exploit | bool | Indicates if there is a public exploit for the CVE || -| rule_release_date | Optional[str] | Release date of the associated detection rule || -| exploitation_phase | ExploitationPhase | None || -| adjustment_score | Optional[AdjustmentScore] | Score adjustments applied to the CVE score based on various factors || -| hype_score | int | Hype score (raw momentum component) || -| tags | list[str] | Tags associated with the CVE || -| references | list[str] | List of references for the CVE || -| description | str | Description of the CVE || -| crowdsec_analysis | Optional[str] | CrowdSec analysis of the CVE || -| cwes | list[CWE] | List of CWEs associated with the CVE || -| events | list[CVEEvent] | List of events related to the CVE || -| type | str | Resource type || - -# **LookupImpactFingerprintItem** -## Required: -id, name, title, affected_components, crowdsec_score, nb_ips, exploitation_phase -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| id | str | Fingerprint rule identifier || -| name | str | Fingerprint rule name || -| title | str | Fingerprint rule title || -| affected_components | list[AffectedComponent] | List of affected components || -| crowdsec_score | int | Live Exploit Tracker score for the fingerprint rule || -| opportunity_score | int | Opportunity score || -| momentum_score | int | Momentum score || -| first_seen | Optional[str] | First seen date || -| last_seen | Optional[str] | Last seen date || -| nb_ips | int | Number of unique IPs observed || -| rule_release_date | Optional[str] | Release date of the fingerprint rule || -| exploitation_phase | ExploitationPhase | None || -| adjustment_score | Optional[AdjustmentScore] | Score adjustment details || -| hype_score | int | Hype score (raw momentum component) || -| tags | list[str] | Tags associated with the fingerprint rule || -| description | Optional[str] | Fingerprint rule description || -| references | list[str] | Reference links for the fingerprint rule || -| crowdsec_analysis | Optional[str] | CrowdSec analysis for this fingerprint rule || -| events | list[CVEEvent] | List of events related to the fingerprint rule || -| type | str | Resource type || - -# **LookupImpactResponsePage** +ORG, TAG, ENTITY + +# **DecisionsGetResponsePage** ## Required: items, total, page, size, pages, links ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| items | list[Annotated[Union[LookupImpactCVEItem, LookupImpactFingerprintItem], Field(discriminator='type')]] | None || +| items | list[DecisionResponse] | None || | total | int | None || | page | int | None || | size | int | None || | pages | int | None || | links | Links | None || -# **LookupListItem** +# **DecisionsSortBy** +## Enum: +CREATED_AT, EXPIRE_AT + +# **DecisionsSortOrder** +## Enum: +ASC, DESC + +# **EntityType** +## Enum: +ORG, TAG, ENGINE, FIREWALL_INTEGRATION, REMEDIATION_COMPONENT_INTEGRATION, REMEDIATION_COMPONENT, LOG_PROCESSOR + +# **GetRemediationMetricsResponse** +## Required: +raw, computed +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| raw | RawMetrics | None || +| computed | ComputedMetrics | None || + +# **InfoResponse** +## Required: +organization_id, subscription_type, api_key_name +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| organization_id | str | The organization ID || +| subscription_type | str | The organization subscription type || +| api_key_name | str | The API key name that is used || + +# **MetricUnits** +## Enum: +BYTE, PACKET, REQUEST, IP, LINE, EVENT + +# **OriginMetrics** ## Required: -value +origin, data ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| value | str | Lookup entry value || +| origin | Optional[BlocklistOrigin, str] | Origin of the metric || +| data | list[RemediationMetricsData] | Data points || + +# **Permission** +## Enum: +READ, WRITE -# **LookupListResponsePage** +# **PricingTiers** +## Enum: +FREE, PREMIUM, PLATINUM + +# **PublicBlocklistResponse** +## Required: +id, created_at, updated_at, name, description, is_private, pricing_tier, source, stats +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| id | str | Blocklist id || +| created_at | str | Blocklist creation date || +| updated_at | str | Blocklist update date || +| name | str | Blocklist name, unique within the organization || +| label | str | Blocklist human readable name || +| description | str | Blocklist description || +| references | list[str] | Blocklist references || +| is_private | bool | Private blocklist if True or public if False || +| tags | list[str] | Classification tags || +| pricing_tier | PricingTiers | None || +| source | BlocklistSources | None || +| stats | BlocklistStats | None || +| from_cti_query | Optional[str] | CTI query from which the blocklist was created || +| since | Optional[str] | Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days || +| shared_with | list[Share] | List of organizations shared with || +| organization_id | Optional[str] | Blocklists owner's organization id || +| subscribers | list[BlocklistSubscribersCount] | List of subscribers to the blocklist. Only subscribers belonging to your organization are returned || +| categories | list[BlocklistCategory] | List of categories for the blocklist || + +# **PublicBlocklistResponsePage** ## Required: items, total, page, size, pages, links ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| items | list[LookupListItem] | None || +| items | list[PublicBlocklistResponse] | None || | total | int | None || | page | int | None || | size | int | None || | pages | int | None || | links | Links | None || -# **MitreTechnique** +# **RawMetrics** +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| dropped | list[RemediationMetrics] | dropped metrics || +| processed | list[RemediationMetrics] | processed metrics || + +# **RemediationMetrics** ## Required: -name, label, description +total, unit, progression, data ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| name | str | MITRE technique ID || -| label | str | MITRE technique label || -| description | str | MITRE technique description || +| total | Union[int, float] | Total value of the metric || +| unit | MetricUnits | None || +| progression | Optional[int] | Progression of the metric value from the previous period || +| data | list[OriginMetrics] | Data points per origin || -# **Reference** +# **RemediationMetricsData** ## Required: -name, label, description +value, timestamp ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| name | str | Reference name || -| label | str | Reference label || -| description | str | Reference description || +| value | Union[int, float] | Value of the metric || +| timestamp | str | Timestamp of the metric || -# **ScoreBreakdown** +# **Share** ## Required: -aggressiveness, threat, trust, anomaly, total +organization_id, permission ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| aggressiveness | int | Aggressiveness score || -| threat | int | Threat score || -| trust | int | Trust score || -| anomaly | int | Anomaly score || -| total | int | Total score || +| organization_id | str | None || +| permission | Permission | None || -# **Scores** +# **SourceInfo** ## Required: -overall, last_day, last_week, last_month +source_type, identifier +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| source_type | SourceType | None || +| identifier | str | The source identifier that created the allowlist entry || + +# **SourceType** +## Enum: +USER, APIKEY + +# **SubscriberEntityType** +## Enum: +ORG, TAG, ENGINE, FIREWALL_INTEGRATION, REMEDIATION_COMPONENT_INTEGRATION + +# **AppsecConfigIndex** +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| content | Optional[str] | The YAML content of the item, in plaintext. || +| description | Optional[str] | A short, plaintext description of the item || +| labels | Optional[object] | Classification labels for the item || +| path | Optional[str] | Relative path to the item's YAML content || +| references | Optional[list[str]] | List of references to external resources || +| version | Optional[str] | Current version of the collection || +| versions | Optional[object] | A dictionary where each key is a version number (e.g., '0.1', '0.2') || + +# **AppsecRuleIndex** +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| content | Optional[str] | The YAML content of the item, in plaintext. || +| description | Optional[str] | A short, plaintext description of the item || +| labels | Optional[object] | Classification labels for the item || +| path | Optional[str] | Relative path to the item's YAML content || +| references | Optional[list[str]] | List of references to external resources || +| version | Optional[str] | Current version of the collection || +| versions | Optional[object] | A dictionary where each key is a version number (e.g., '0.1', '0.2') || + +# **CollectionIndex** ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| overall | ScoreBreakdown | None || -| last_day | ScoreBreakdown | None || -| last_week | ScoreBreakdown | None || -| last_month | ScoreBreakdown | None || +| appsec-configs | Optional[list[str]] | List of appsec-configs || +| appsec-rules | Optional[list[str]] | List of appsec-rules || +| collections | Optional[list[str]] | List of collections || +| content | Optional[str] | The YAML content of the item, in plaintext. || +| contexts | Optional[list[str]] | List of contexts || +| description | Optional[str] | A short, plaintext description of the item || +| labels | Optional[object] | Classification labels for the item || +| parsers | Optional[list[str]] | List of parsers || +| path | Optional[str] | Relative path to the item's YAML content || +| postoverflows | Optional[list[str]] | List of postoverflows || +| references | Optional[list[str]] | List of references to external resources || +| scenarios | Optional[list[str]] | List of scenarios || +| version | Optional[str] | Current version of the collection || +| versions | Optional[object] | A dictionary where each key is a version number (e.g., '0.1', '0.2') || -# **SinceOptions** +# **ContextIndex** +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| content | Optional[str] | The YAML content of the item, in plaintext. || +| description | Optional[str] | A short, plaintext description of the item || +| labels | Optional[object] | Classification labels for the item || +| path | Optional[str] | Relative path to the item's YAML content || +| references | Optional[list[str]] | List of references to external resources || +| version | Optional[str] | Current version of the collection || +| versions | Optional[object] | A dictionary where each key is a version number (e.g., '0.1', '0.2') || -# **SubscribeCVEIntegrationRequest** +# **Index** +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| appsec-configs | Appsec-Configs | None || +| appsec-rules | Appsec-Rules | None || +| collections | Collections | None || +| contexts | Contexts | None || +| parsers | Parsers | None || +| postoverflows | Postoverflows | None || +| scenarios | Scenarios | None || + +# **ParserIndex** ## Required: -name +stage ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| name | str | Name of the integration to subscribe || +| content | Optional[str] | The YAML content of the item, in plaintext. || +| description | Optional[str] | A short, plaintext description of the item || +| labels | Optional[object] | Classification labels for the item || +| path | Optional[str] | Relative path to the item's YAML content || +| references | Optional[list[str]] | List of references to external resources || +| stage | str | The stage of the parser || +| version | Optional[str] | Current version of the collection || +| versions | Optional[object] | A dictionary where each key is a version number (e.g., '0.1', '0.2') || -# **SubscribeFingerprintIntegrationRequest** +# **PostoverflowIndex** ## Required: -name +stage +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| content | Optional[str] | The YAML content of the item, in plaintext. || +| description | Optional[str] | A short, plaintext description of the item || +| labels | Optional[object] | Classification labels for the item || +| path | Optional[str] | Relative path to the item's YAML content || +| references | Optional[list[str]] | List of references to external resources || +| stage | str | The stage of the postoverflow || +| version | Optional[str] | Current version of the collection || +| versions | Optional[object] | A dictionary where each key is a version number (e.g., '0.1', '0.2') || + +# **ScenarioIndex** ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| name | str | Name of the integration to subscribe || +| content | Optional[str] | The YAML content of the item, in plaintext. || +| description | Optional[str] | A short, plaintext description of the item || +| labels | Optional[object] | Classification labels for the item || +| path | Optional[str] | Relative path to the item's YAML content || +| references | Optional[list[str]] | List of references to external resources || +| version | Optional[str] | Current version of the collection || +| versions | Optional[object] | A dictionary where each key is a version number (e.g., '0.1', '0.2') || -# **TimelineItem** +# **VersionDetail** ## Required: -timestamp, count +digest ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| timestamp | str | Timestamp of the timeline event || -| count | int | Count of occurrences at the timestamp || \ No newline at end of file +| deprecated | Optional[bool] | Indicates whether this version is deprecated. || +| digest | str | The SHA256 digest of the versioned file. || \ No newline at end of file diff --git a/doc/Products.md b/doc/Products.md deleted file mode 100644 index 945b3e5..0000000 --- a/doc/Products.md +++ /dev/null @@ -1,89 +0,0 @@ - - -# Products Methods -| Method | Description | -| ------ | ----------- | -| [get_products](#get_products) | Get a paginated list of products | -| [get_product_impact](#get_product_impact) | Get CVE and fingerprint rules affecting a product | - -## **get_products** -### Get a paginated list of products -- Endpoint: `/products` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| query | Optional[str] | Search query for products | False | None | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[LookupListResponsePage](./Models.md#lookuplistresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Products, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Products(auth=auth) -try: - response = client.get_products( - query=None, - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **get_product_impact** -### Get CVE and fingerprint rules affecting a product -- Endpoint: `/products/{product}` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| product | str | | True | | -| sort_by | Optional[GetCVEsSortBy] | Field to sort by | False | GetCVEsSortBy("rule_release_date") | -| sort_order | Optional[GetCVEsSortOrder] | Sort order: ascending or descending | False | GetCVEsSortOrder("desc") | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[LookupImpactResponsePage](./Models.md#lookupimpactresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Products, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Products(auth=auth) -try: - response = client.get_product_impact( - product='product', - sort_by=rule_release_date, - sort_order=desc, - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - diff --git a/doc/README.md b/doc/README.md index 1127917..9597ed7 100644 --- a/doc/README.md +++ b/doc/README.md @@ -13,15 +13,17 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [Integrations](./Integrations.md) -[Cves](./Cves.md) +[Allowlists](./Allowlists.md) -[Vendors](./Vendors.md) +[Blocklists](./Blocklists.md) -[Products](./Products.md) +[Decisions](./Decisions.md) -[Tags](./Tags.md) +[Info](./Info.md) -[Fingerprints](./Fingerprints.md) +[Metrics](./Metrics.md) + +[Hub](./Hub.md) ## API Endpoint models @@ -59,90 +61,158 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [ValidationError](./Models.md#validationerror) -[AdjustmentScore](./Models.md#adjustmentscore) +[AllowlistCreateRequest](./Models.md#allowlistcreaterequest) -[AffectedComponent](./Models.md#affectedcomponent) +[AllowlistCreateResponse](./Models.md#allowlistcreateresponse) -[AllowlistSubscription](./Models.md#allowlistsubscription) +[AllowlistGetItemsResponse](./Models.md#allowlistgetitemsresponse) -[AttackDetail](./Models.md#attackdetail) +[AllowlistGetItemsResponsePage](./Models.md#allowlistgetitemsresponsepage) -[Behavior](./Models.md#behavior) +[AllowlistGetResponse](./Models.md#allowlistgetresponse) -[CVEEvent](./Models.md#cveevent) +[AllowlistGetResponsePage](./Models.md#allowlistgetresponsepage) -[CVEResponseBase](./Models.md#cveresponsebase) +[AllowlistItemUpdateRequest](./Models.md#allowlistitemupdaterequest) -[CVEsubscription](./Models.md#cvesubscription) +[AllowlistItemUpdateResponse](./Models.md#allowlistitemupdateresponse) -[CWE](./Models.md#cwe) +[AllowlistItemsCreateRequest](./Models.md#allowlistitemscreaterequest) -[Classification](./Models.md#classification) +[AllowlistScope](./Models.md#allowlistscope) -[Classifications](./Models.md#classifications) +[AllowlistSubscriberEntity](./Models.md#allowlistsubscriberentity) -[EntityType](./Models.md#entitytype) +[AllowlistSubscriberEntityPage](./Models.md#allowlistsubscriberentitypage) + +[AllowlistSubscribersCount](./Models.md#allowlistsubscriberscount) + +[AllowlistSubscriptionRequest](./Models.md#allowlistsubscriptionrequest) + +[AllowlistSubscriptionResponse](./Models.md#allowlistsubscriptionresponse) + +[AllowlistUpdateRequest](./Models.md#allowlistupdaterequest) + +[AllowlistUpdateResponse](./Models.md#allowlistupdateresponse) + +[AttacksMetrics](./Models.md#attacksmetrics) + +[BlocklistAddIPsRequest](./Models.md#blocklistaddipsrequest) + +[BlocklistCategory](./Models.md#blocklistcategory) + +[BlocklistContentStats](./Models.md#blocklistcontentstats) + +[BlocklistCreateRequest](./Models.md#blocklistcreaterequest) + +[BlocklistDeleteIPsRequest](./Models.md#blocklistdeleteipsrequest) + +[BlocklistIncludeFilters](./Models.md#blocklistincludefilters) + +[BlocklistOrigin](./Models.md#blocklistorigin) + +[BlocklistSearchRequest](./Models.md#blocklistsearchrequest) + +[BlocklistShareRequest](./Models.md#blocklistsharerequest) + +[BlocklistSources](./Models.md#blocklistsources) + +[BlocklistStats](./Models.md#blockliststats) -[ExploitationPhase](./Models.md#exploitationphase) +[BlocklistSubscriberEntity](./Models.md#blocklistsubscriberentity) -[FingerprintRuleResponse](./Models.md#fingerprintruleresponse) +[BlocklistSubscriberEntityPage](./Models.md#blocklistsubscriberentitypage) -[FingerprintRuleSummary](./Models.md#fingerprintrulesummary) +[BlocklistSubscribersCount](./Models.md#blocklistsubscriberscount) -[FingerprintTimelineItem](./Models.md#fingerprinttimelineitem) +[BlocklistSubscriptionRequest](./Models.md#blocklistsubscriptionrequest) -[GetCVEIPsResponsePage](./Models.md#getcveipsresponsepage) +[BlocklistSubscriptionResponse](./Models.md#blocklistsubscriptionresponse) -[GetCVEResponse](./Models.md#getcveresponse) +[BlocklistUpdateRequest](./Models.md#blocklistupdaterequest) -[GetCVESubscribedIntegrationsResponsePage](./Models.md#getcvesubscribedintegrationsresponsepage) +[BlocklistUsageStats](./Models.md#blocklistusagestats) -[GetCVEsFilterBy](./Models.md#getcvesfilterby) +[Body_uploadBlocklistContent](./Models.md#body_uploadblocklistcontent) + +[ComputedMetrics](./Models.md#computedmetrics) + +[ComputedSavedMetrics](./Models.md#computedsavedmetrics) + +[CtiAs](./Models.md#ctias) + +[CtiBehavior](./Models.md#ctibehavior) + +[CtiCategory](./Models.md#cticategory) + +[CtiCountry](./Models.md#cticountry) + +[CtiIp](./Models.md#ctiip) + +[CtiScenario](./Models.md#ctiscenario) + +[DecisionCreateRequest](./Models.md#decisioncreaterequest) + +[DecisionCreateResponse](./Models.md#decisioncreateresponse) + +[DecisionResponse](./Models.md#decisionresponse) + +[DecisionTargetModel](./Models.md#decisiontargetmodel) + +[DecisionTargetType](./Models.md#decisiontargettype) + +[DecisionsGetResponsePage](./Models.md#decisionsgetresponsepage) + +[DecisionsSortBy](./Models.md#decisionssortby) + +[DecisionsSortOrder](./Models.md#decisionssortorder) + +[EntityType](./Models.md#entitytype) -[GetCVEsResponsePage](./Models.md#getcvesresponsepage) +[GetRemediationMetricsResponse](./Models.md#getremediationmetricsresponse) -[GetCVEsSortBy](./Models.md#getcvessortby) +[InfoResponse](./Models.md#inforesponse) -[GetCVEsSortOrder](./Models.md#getcvessortorder) +[MetricUnits](./Models.md#metricunits) -[GetFingerprintIPsResponsePage](./Models.md#getfingerprintipsresponsepage) +[OriginMetrics](./Models.md#originmetrics) -[GetFingerprintRulesResponsePage](./Models.md#getfingerprintrulesresponsepage) +[Permission](./Models.md#permission) -[GetFingerprintSubscribedIntegrationsResponsePage](./Models.md#getfingerprintsubscribedintegrationsresponsepage) +[PricingTiers](./Models.md#pricingtiers) -[History](./Models.md#history) +[PublicBlocklistResponse](./Models.md#publicblocklistresponse) -[IPItem](./Models.md#ipitem) +[PublicBlocklistResponsePage](./Models.md#publicblocklistresponsepage) -[IntegrationResponse](./Models.md#integrationresponse) +[RawMetrics](./Models.md#rawmetrics) -[IntervalOptions](./Models.md#intervaloptions) +[RemediationMetrics](./Models.md#remediationmetrics) -[Location](./Models.md#location) +[RemediationMetricsData](./Models.md#remediationmetricsdata) -[LookupImpactCVEItem](./Models.md#lookupimpactcveitem) +[Share](./Models.md#share) -[LookupImpactFingerprintItem](./Models.md#lookupimpactfingerprintitem) +[SourceInfo](./Models.md#sourceinfo) -[LookupImpactResponsePage](./Models.md#lookupimpactresponsepage) +[SourceType](./Models.md#sourcetype) -[LookupListItem](./Models.md#lookuplistitem) +[SubscriberEntityType](./Models.md#subscriberentitytype) -[LookupListResponsePage](./Models.md#lookuplistresponsepage) +[AppsecConfigIndex](./Models.md#appsecconfigindex) -[MitreTechnique](./Models.md#mitretechnique) +[AppsecRuleIndex](./Models.md#appsecruleindex) -[Reference](./Models.md#reference) +[CollectionIndex](./Models.md#collectionindex) -[ScoreBreakdown](./Models.md#scorebreakdown) +[ContextIndex](./Models.md#contextindex) -[Scores](./Models.md#scores) +[Index](./Models.md#index) -[SinceOptions](./Models.md#sinceoptions) +[ParserIndex](./Models.md#parserindex) -[SubscribeCVEIntegrationRequest](./Models.md#subscribecveintegrationrequest) +[PostoverflowIndex](./Models.md#postoverflowindex) -[SubscribeFingerprintIntegrationRequest](./Models.md#subscribefingerprintintegrationrequest) +[ScenarioIndex](./Models.md#scenarioindex) -[TimelineItem](./Models.md#timelineitem) \ No newline at end of file +[VersionDetail](./Models.md#versiondetail) \ No newline at end of file diff --git a/doc/Tags.md b/doc/Tags.md deleted file mode 100644 index afca4ce..0000000 --- a/doc/Tags.md +++ /dev/null @@ -1,89 +0,0 @@ - - -# Tags Methods -| Method | Description | -| ------ | ----------- | -| [get_tags](#get_tags) | Get a paginated list of tags | -| [get_tag_impact](#get_tag_impact) | Get CVE and fingerprint rules affecting a tag | - -## **get_tags** -### Get a paginated list of tags -- Endpoint: `/tags` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| query | Optional[str] | Search query for tags | False | None | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[LookupListResponsePage](./Models.md#lookuplistresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Tags, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Tags(auth=auth) -try: - response = client.get_tags( - query=None, - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **get_tag_impact** -### Get CVE and fingerprint rules affecting a tag -- Endpoint: `/tags/{tag}` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| tag | str | | True | | -| sort_by | Optional[GetCVEsSortBy] | Field to sort by | False | GetCVEsSortBy("rule_release_date") | -| sort_order | Optional[GetCVEsSortOrder] | Sort order: ascending or descending | False | GetCVEsSortOrder("desc") | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[LookupImpactResponsePage](./Models.md#lookupimpactresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Tags, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Tags(auth=auth) -try: - response = client.get_tag_impact( - tag='tag', - sort_by=rule_release_date, - sort_order=desc, - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - diff --git a/doc/Vendors.md b/doc/Vendors.md deleted file mode 100644 index 67129ed..0000000 --- a/doc/Vendors.md +++ /dev/null @@ -1,89 +0,0 @@ - - -# Vendors Methods -| Method | Description | -| ------ | ----------- | -| [get_vendors](#get_vendors) | Get a paginated list of vendors | -| [get_vendor_impact](#get_vendor_impact) | Get CVE and fingerprint rules affecting a vendor | - -## **get_vendors** -### Get a paginated list of vendors -- Endpoint: `/vendors` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| query | Optional[str] | Search query for vendors | False | None | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[LookupListResponsePage](./Models.md#lookuplistresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Vendors, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Vendors(auth=auth) -try: - response = client.get_vendors( - query=None, - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **get_vendor_impact** -### Get CVE and fingerprint rules affecting a vendor -- Endpoint: `/vendors/{vendor}` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| vendor | str | | True | | -| sort_by | Optional[GetCVEsSortBy] | Field to sort by | False | GetCVEsSortBy("rule_release_date") | -| sort_order | Optional[GetCVEsSortOrder] | Sort order: ascending or descending | False | GetCVEsSortOrder("desc") | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[LookupImpactResponsePage](./Models.md#lookupimpactresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Vendors, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Vendors(auth=auth) -try: - response = client.get_vendor_impact( - vendor='vendor', - sort_by=rule_release_date, - sort_order=desc, - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - diff --git a/let-openapi.json b/let-openapi.json index 1fee82c..55e0edd 100644 --- a/let-openapi.json +++ b/let-openapi.json @@ -1 +1 @@ -{"openapi": "3.1.0", "info": {"title": "LET API", "description": "This is the API to manage Crowdsec Live Exploit Tracker service", "contact": {"name": "CrowdSec", "url": "https://crowdsec.net/", "email": "info@crowdsec.net"}, "version": "1.108.1"}, "paths": {"/integrations": {"post": {"tags": ["Integrations"], "summary": "Create Integration", "description": "Create an integration to a firewall or remediation component, owned by your organization. The name should be unique within the organization. This operation is submitted to quotas.", "operationId": "createIntegration", "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationCreateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Integrations"], "summary": "Get Integrations", "description": "Get integrations owned by your organization", "operationId": "getIntegrations", "parameters": [{"name": "tag", "in": "query", "required": false, "schema": {"anyOf": [{"type": "array", "items": {"type": "string"}}, {"type": "null"}], "description": "List of tags associated with the integrations (any of)", "title": "Tag"}, "description": "List of tags associated with the integrations (any of)"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationGetResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}": {"get": {"tags": ["Integrations"], "summary": "Get Integration", "description": "Get an integration by ID", "operationId": "getIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationGetResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Integrations"], "summary": "Update Integration", "description": "Update the integration details", "operationId": "updateIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationUpdateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Integrations"], "summary": "Delete Integration", "description": "Delete the integration by ID", "operationId": "deleteIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}, {"name": "force", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Force delete the integration even if it has active subscriptions (it will unsubscribe from all lists)", "default": false, "title": "Force"}, "description": "Force delete the integration even if it has active subscriptions (it will unsubscribe from all lists)"}], "responses": {"204": {"description": "Successful Response"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}/content": {"head": {"tags": ["Integrations"], "summary": "Head Integration Content", "description": "Check if the integration has content", "operationId": "headIntegrationContent", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Integrations"], "summary": "Get Integration Content", "description": "Get the ips associated to the integration in plain text format. The content can be paginated to accomodate limits in firewalls.", "operationId": "getIntegrationContent", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number to return", "default": 1, "title": "Page"}, "description": "Page number to return"}, {"name": "page_size", "in": "query", "required": false, "schema": {"anyOf": [{"type": "integer", "minimum": 10000}, {"type": "null"}], "description": "Maximum number of items to return, 0 means no limit (default), should be greater than 10000", "title": "Page Size"}, "description": "Maximum number of items to return, 0 means no limit (default), should be greater than 10000"}, {"name": "pull_limit", "in": "query", "required": false, "schema": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit"}}, {"name": "enable_ip_aggregation", "in": "query", "required": false, "schema": {"type": "boolean", "default": false, "title": "Enable Ip Aggregation"}}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}/v1/decisions/stream": {"get": {"tags": ["Integrations"], "summary": "Get Integration Content Stream", "description": "Get the ips associated to the integration in a format compatible with a remediation component. As for the remediation components, you can fetch the full content with startup=true or only the changes since the last pull", "operationId": "getIntegrationContentStream", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}, {"name": "startup", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Set to true if it's the first run to fetch all the content, otherwise only changes since the last pull.", "default": false, "title": "Startup"}, "description": "Set to true if it's the first run to fetch all the content, otherwise only changes since the last pull."}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves": {"get": {"tags": ["Cves"], "summary": "Get list of CVEs CrowdSec is tracking", "description": "Get a paginated list of CVEs that CrowdSec is tracking", "operationId": "getCves", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for CVEs", "title": "Query"}, "description": "Search query for CVEs"}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "filters", "in": "query", "required": false, "schema": {"anyOf": [{"type": "array", "items": {"$ref": "#/components/schemas/GetCVEsFilterBy"}}, {"type": "null"}], "description": "Filters to apply on the CVE list", "title": "Filters"}, "description": "Filters to apply on the CVE list"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVEsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}": {"get": {"tags": ["Cves"], "summary": "Get CVE ID informations", "description": "Get information about a specific CVE ID", "operationId": "getCve", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVEResponse"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/ips-download": {"get": {"tags": ["Cves"], "summary": "Download IPs exploiting a CVE ID (raw)", "description": "Download the list of IPs exploiting a specific CVE ID in raw format", "operationId": "downloadCveIps", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/ips-details": {"get": {"tags": ["Cves"], "summary": "Get IPs details exploiting a CVE ID", "description": "Get detailed information about IPs exploiting a specific CVE ID", "operationId": "getCveIpsDetails", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "since", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "pattern": "^\\d+[hd]$"}, {"type": "null"}], "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d", "default": "14d", "title": "Since"}, "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVEIPsResponsePage"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/integrations": {"post": {"tags": ["Cves"], "summary": "Subscribe an integration to a CVE ID", "description": "Subscribe an integration to receive threats related to a specific CVE ID", "operationId": "subscribeIntegrationToCve", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SubscribeCVEIntegrationRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration Not Found"}, "400": {"description": "CVE Already Subscribed"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Cves"], "summary": "Get subscribed integrations for a CVE ID", "description": "Get the list of integrations subscribed to a specific CVE ID", "operationId": "getCveSubscribedIntegrations", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVESubscribedIntegrationsResponsePage"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/integrations/{integration_name}": {"delete": {"tags": ["Cves"], "summary": "Unsubscribe an integration from a CVE ID", "description": "Unsubscribe an integration from receiving threats related to a specific CVE ID", "operationId": "unsubscribeIntegrationFromCve", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "integration_name", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Name"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration Not Found"}, "400": {"description": "CVE Already Unsubscribed"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/timeline": {"get": {"tags": ["Cves"], "summary": "Get timeline data for a CVE ID", "description": "Get timeline data of occurrences for a specific CVE ID", "operationId": "getCveTimeline", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "since_days", "in": "query", "required": false, "schema": {"$ref": "#/components/schemas/SinceOptions", "description": "Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days.", "default": 7}, "description": "Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days."}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"type": "array", "items": {"$ref": "#/components/schemas/TimelineItem"}, "title": "Response Getcvetimeline"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/vendors": {"get": {"tags": ["Vendors"], "summary": "Get list of vendors", "description": "Get a paginated list of vendors", "operationId": "getVendors", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for vendors", "title": "Query"}, "description": "Search query for vendors"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupListResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/vendors/{vendor}": {"get": {"tags": ["Vendors"], "summary": "Get vendor impact", "description": "Get CVE and fingerprint rules affecting a vendor", "operationId": "getVendorImpact", "parameters": [{"name": "vendor", "in": "path", "required": true, "schema": {"type": "string", "title": "Vendor"}}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupImpactResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/products": {"get": {"tags": ["Products"], "summary": "Get list of products", "description": "Get a paginated list of products", "operationId": "getProducts", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for products", "title": "Query"}, "description": "Search query for products"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupListResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/products/{product}": {"get": {"tags": ["Products"], "summary": "Get product impact", "description": "Get CVE and fingerprint rules affecting a product", "operationId": "getProductImpact", "parameters": [{"name": "product", "in": "path", "required": true, "schema": {"type": "string", "title": "Product"}}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupImpactResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/tags": {"get": {"tags": ["Tags"], "summary": "Get list of tags", "description": "Get a paginated list of tags", "operationId": "getTags", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for tags", "title": "Query"}, "description": "Search query for tags"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupListResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/tags/{tag}": {"get": {"tags": ["Tags"], "summary": "Get tag impact", "description": "Get CVE and fingerprint rules affecting a tag", "operationId": "getTagImpact", "parameters": [{"name": "tag", "in": "path", "required": true, "schema": {"type": "string", "title": "Tag"}}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupImpactResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints": {"get": {"tags": ["Fingerprints"], "summary": "Get list of fingerprint rules", "description": "Get a paginated list of fingerprint rules", "operationId": "getFingerprintRules", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for fingerprint rules", "title": "Query"}, "description": "Search query for fingerprint rules"}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "filters", "in": "query", "required": false, "schema": {"anyOf": [{"type": "array", "items": {"$ref": "#/components/schemas/GetCVEsFilterBy"}}, {"type": "null"}], "description": "Filters to apply on the fingerprint rule list", "title": "Filters"}, "description": "Filters to apply on the fingerprint rule list"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetFingerprintRulesResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/ips-download": {"get": {"tags": ["Fingerprints"], "summary": "Download IPs exploiting a fingerprint rule (raw)", "description": "Download the list of IPs exploiting a specific fingerprint rule in raw format", "operationId": "downloadFingerprintIps", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/ips-details": {"get": {"tags": ["Fingerprints"], "summary": "Get IP details exploiting a fingerprint rule", "description": "Get detailed information about IPs exploiting a specific fingerprint rule", "operationId": "getFingerprintIpsDetails", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}, {"name": "since", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "pattern": "^\\d+[hd]$"}, {"type": "null"}], "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d", "default": "14d", "title": "Since"}, "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetFingerprintIPsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/integrations": {"post": {"tags": ["Fingerprints"], "summary": "Subscribe an integration to a fingerprint rule", "description": "Subscribe an integration to receive threats related to a specific fingerprint rule", "operationId": "subscribeIntegrationToFingerprint", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SubscribeFingerprintIntegrationRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Fingerprints"], "summary": "Get subscribed integrations for a fingerprint rule", "description": "Get the list of integrations subscribed to a specific fingerprint rule", "operationId": "getFingerprintSubscribedIntegrations", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetFingerprintSubscribedIntegrationsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/integrations/{integration_name}": {"delete": {"tags": ["Fingerprints"], "summary": "Unsubscribe an integration from a fingerprint rule", "description": "Unsubscribe an integration from receiving threats related to a specific fingerprint rule", "operationId": "unsubscribeIntegrationFromFingerprint", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}, {"name": "integration_name", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Name"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/timeline": {"get": {"tags": ["Fingerprints"], "summary": "Get timeline data for a fingerprint rule", "description": "Get timeline data of occurrences for a specific fingerprint rule", "operationId": "getFingerprintTimeline", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}, {"name": "since_days", "in": "query", "required": false, "schema": {"$ref": "#/components/schemas/SinceOptions", "description": "Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days.", "default": 7}, "description": "Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days."}, {"name": "interval", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/IntervalOptions"}, {"type": "null"}], "description": "Interval for aggregating timeline data. Options: 'hour', 'day', 'week'. Default is adapted based on 'since' parameter.", "title": "Interval"}, "description": "Interval for aggregating timeline data. Options: 'hour', 'day', 'week'. Default is adapted based on 'since' parameter."}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"type": "array", "items": {"$ref": "#/components/schemas/FingerprintTimelineItem"}, "title": "Response Getfingerprinttimeline"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}": {"get": {"tags": ["Fingerprints"], "summary": "Get fingerprint rule information", "description": "Get information about a specific fingerprint rule", "operationId": "getFingerprintRule", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/FingerprintRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}}, "components": {"schemas": {"ApiKeyCredentials": {"properties": {"api_key": {"type": "string", "title": "Api Key", "description": "API key for the integration"}}, "type": "object", "required": ["api_key"], "title": "ApiKeyCredentials"}, "BasicAuthCredentials": {"properties": {"username": {"type": "string", "title": "Username", "description": "Basic auth username for the integration"}, "password": {"type": "string", "title": "Password", "description": "Basic auth password for the integration"}}, "type": "object", "required": ["username", "password"], "title": "BasicAuthCredentials"}, "BlocklistSubscription": {"properties": {"id": {"type": "string", "title": "Id"}, "remediation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Remediation"}}, "type": "object", "required": ["id"], "title": "BlocklistSubscription"}, "CVESubscription": {"properties": {"id": {"type": "string", "title": "Id", "description": "CVE ID"}}, "type": "object", "required": ["id"], "title": "CVESubscription"}, "FingerprintSubscription": {"properties": {"id": {"type": "string", "title": "Id"}}, "type": "object", "required": ["id"], "title": "FingerprintSubscription"}, "HTTPValidationError": {"properties": {"detail": {"items": {"$ref": "#/components/schemas/ValidationError"}, "type": "array", "title": "Detail"}}, "type": "object", "title": "HTTPValidationError"}, "IntegrationCreateRequest": {"properties": {"name": {"type": "string", "minLength": 1, "title": "Name", "description": "Name of the integration"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Description of the integration"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "additionalProperties": false, "type": "object", "required": ["name", "entity_type", "output_format"], "title": "IntegrationCreateRequest"}, "IntegrationCreateResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "description": "Fingerprints that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}, "credentials": {"anyOf": [{"$ref": "#/components/schemas/ApiKeyCredentials"}, {"$ref": "#/components/schemas/BasicAuthCredentials"}], "title": "Credentials", "description": "Credentials that were generated for the integration"}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "fingerprints", "endpoint", "credentials"], "title": "IntegrationCreateResponse"}, "IntegrationGetResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "description": "Fingerprints that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "fingerprints", "endpoint"], "title": "IntegrationGetResponse"}, "IntegrationGetResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IntegrationGetResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "IntegrationGetResponsePage"}, "IntegrationType": {"type": "string", "enum": ["firewall_integration", "remediation_component_integration"], "title": "IntegrationType"}, "IntegrationUpdateRequest": {"properties": {"name": {"type": "string", "minLength": 1, "title": "Name", "description": "New name"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "New description"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "New output format"}, "regenerate_credentials": {"type": "boolean", "title": "Regenerate Credentials", "description": "Regenerate credentials for the integration"}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "additionalProperties": false, "type": "object", "title": "IntegrationUpdateRequest"}, "IntegrationUpdateResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "description": "Fingerprints that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}, "credentials": {"anyOf": [{"$ref": "#/components/schemas/ApiKeyCredentials"}, {"$ref": "#/components/schemas/BasicAuthCredentials"}, {"type": "null"}], "title": "Credentials", "description": "Credentials for the integration"}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "fingerprints", "endpoint"], "title": "IntegrationUpdateResponse"}, "Links": {"properties": {"first": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "First", "examples": ["/api/v1/users?limit=1&offset1"]}, "last": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Last", "examples": ["/api/v1/users?limit=1&offset1"]}, "self": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Self", "examples": ["/api/v1/users?limit=1&offset1"]}, "next": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Next", "examples": ["/api/v1/users?limit=1&offset1"]}, "prev": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Prev", "examples": ["/api/v1/users?limit=1&offset1"]}}, "type": "object", "title": "Links"}, "OutputFormat": {"type": "string", "enum": ["plain_text", "f5", "remediation_component", "fortigate", "paloalto", "checkpoint", "cisco", "juniper", "mikrotik", "pfsense", "opnsense", "sophos"], "title": "OutputFormat"}, "Stats": {"properties": {"count": {"type": "integer", "title": "Count", "description": "Number of total blocklists items the integration will pull"}}, "type": "object", "required": ["count"], "title": "Stats"}, "ValidationError": {"properties": {"loc": {"items": {"anyOf": [{"type": "string"}, {"type": "integer"}]}, "type": "array", "title": "Location"}, "msg": {"type": "string", "title": "Message"}, "type": {"type": "string", "title": "Error Type"}}, "type": "object", "required": ["loc", "msg", "type"], "title": "ValidationError"}, "AdjustmentScore": {"properties": {"total": {"type": "integer", "title": "Total", "description": "Total score adjustment"}, "recency": {"type": "integer", "title": "Recency", "description": "Recency score adjustment"}, "low_info": {"type": "integer", "title": "Low Info", "description": "Low information score adjustment"}}, "type": "object", "required": ["total", "recency", "low_info"], "title": "AdjustmentScore"}, "AffectedComponent": {"properties": {"vendor": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Vendor", "description": "Vendor of the affected component"}, "product": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Product", "description": "Product name of the affected component"}}, "type": "object", "title": "AffectedComponent", "description": "Affected Component in a CVE"}, "AllowlistSubscription": {"properties": {"id": {"type": "string", "title": "Id"}}, "type": "object", "required": ["id"], "title": "AllowlistSubscription"}, "AttackDetail": {"properties": {"name": {"type": "string", "title": "Name", "description": "Attack detail name"}, "label": {"type": "string", "title": "Label", "description": "Attack detail label"}, "description": {"type": "string", "title": "Description", "description": "Attack detail description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Attack detail references"}}, "type": "object", "required": ["name", "label", "description"], "title": "AttackDetail"}, "Behavior": {"properties": {"name": {"type": "string", "title": "Name", "description": "Behavior name"}, "label": {"type": "string", "title": "Label", "description": "Behavior label"}, "description": {"type": "string", "title": "Description", "description": "Behavior description"}}, "type": "object", "required": ["name", "label", "description"], "title": "Behavior"}, "CVEEvent": {"properties": {"date": {"type": "string", "format": "date-time", "title": "Date", "description": "Date of the event"}, "description": {"type": "string", "title": "Description", "description": "Description of the event"}, "label": {"type": "string", "title": "Label", "description": "Label of the event"}, "name": {"type": "string", "title": "Name", "description": "Name of the event"}}, "type": "object", "required": ["date", "description", "label", "name"], "title": "CVEEvent", "description": "CVE Event Information"}, "CVEResponseBase": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the CVE"}, "name": {"type": "string", "title": "Name", "description": "Name of the CVE"}, "title": {"type": "string", "title": "Title", "description": "Title of the CVE"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score of the CVE"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs affected"}, "published_date": {"type": "string", "format": "date-time", "title": "Published Date", "description": "Published date of the CVE"}, "cvss_score": {"anyOf": [{"type": "number", "maximum": 10.0, "minimum": 0.0}, {"type": "null"}], "title": "Cvss Score", "description": "CVSS score of the CVE"}, "has_public_exploit": {"type": "boolean", "title": "Has Public Exploit", "description": "Indicates if there is a public exploit for the CVE"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the associated detection rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase of the CVE"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustments applied to the CVE score based on various factors"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "published_date", "has_public_exploit", "exploitation_phase"], "title": "CVEResponseBase", "description": "GET CVE ID Response"}, "CVEsubscription": {"properties": {"id": {"type": "string", "title": "Id"}}, "type": "object", "required": ["id"], "title": "CVEsubscription"}, "CWE": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the CWE"}, "label": {"type": "string", "title": "Label", "description": "Label of the CWE"}, "description": {"type": "string", "title": "Description", "description": "Description of the CWE"}}, "type": "object", "required": ["name", "label", "description"], "title": "CWE", "description": "CWE Information"}, "Classification": {"properties": {"name": {"type": "string", "title": "Name", "description": "Classification name"}, "label": {"type": "string", "title": "Label", "description": "Classification label"}, "description": {"type": "string", "title": "Description", "description": "Classification description"}}, "type": "object", "required": ["name", "label", "description"], "title": "Classification"}, "Classifications": {"properties": {"false_positives": {"items": {"$ref": "#/components/schemas/Classification"}, "type": "array", "title": "False Positives", "description": "False positive classifications"}, "classifications": {"items": {"$ref": "#/components/schemas/Classification"}, "type": "array", "title": "Classifications", "description": "Main classifications"}}, "type": "object", "title": "Classifications"}, "EntityType": {"type": "string", "enum": ["org", "tag", "engine", "firewall_integration", "remediation_component_integration", "remediation_component", "log_processor"], "title": "EntityType"}, "ExploitationPhase": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the exploitation phase"}, "label": {"type": "string", "title": "Label", "description": "Label of the exploitation phase"}, "description": {"type": "string", "title": "Description", "description": "Description of the exploitation phase"}}, "type": "object", "required": ["name", "label", "description"], "title": "ExploitationPhase"}, "FingerprintRuleResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "Fingerprint rule identifier"}, "name": {"type": "string", "title": "Name", "description": "Fingerprint rule name"}, "title": {"type": "string", "title": "Title", "description": "Fingerprint rule title"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score for the fingerprint rule"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs observed"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the fingerprint rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustment details"}, "hype_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Hype Score", "description": "Hype score (raw momentum component)", "default": 0}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the fingerprint rule"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Fingerprint rule description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Reference links for the fingerprint rule"}, "crowdsec_analysis": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Crowdsec Analysis", "description": "CrowdSec analysis for this fingerprint rule"}, "events": {"items": {"$ref": "#/components/schemas/CVEEvent"}, "type": "array", "title": "Events", "description": "List of events related to the fingerprint rule"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "exploitation_phase"], "title": "FingerprintRuleResponse"}, "FingerprintRuleSummary": {"properties": {"id": {"type": "string", "title": "Id", "description": "Fingerprint rule identifier"}, "name": {"type": "string", "title": "Name", "description": "Fingerprint rule name"}, "title": {"type": "string", "title": "Title", "description": "Fingerprint rule title"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score for the fingerprint rule"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs observed"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the fingerprint rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustment details"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "exploitation_phase"], "title": "FingerprintRuleSummary"}, "FingerprintTimelineItem": {"properties": {"timestamp": {"type": "string", "format": "date-time", "title": "Timestamp", "description": "Timestamp of the timeline event"}, "count": {"type": "integer", "title": "Count", "description": "Count of occurrences at the timestamp"}}, "type": "object", "required": ["timestamp", "count"], "title": "FingerprintTimelineItem"}, "GetCVEIPsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IPItem"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetCVEIPsResponsePage"}, "GetCVEResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the CVE"}, "name": {"type": "string", "title": "Name", "description": "Name of the CVE"}, "title": {"type": "string", "title": "Title", "description": "Title of the CVE"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score of the CVE"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs affected"}, "published_date": {"type": "string", "format": "date-time", "title": "Published Date", "description": "Published date of the CVE"}, "cvss_score": {"anyOf": [{"type": "number", "maximum": 10.0, "minimum": 0.0}, {"type": "null"}], "title": "Cvss Score", "description": "CVSS score of the CVE"}, "has_public_exploit": {"type": "boolean", "title": "Has Public Exploit", "description": "Indicates if there is a public exploit for the CVE"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the associated detection rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase of the CVE"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustments applied to the CVE score based on various factors"}, "hype_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Hype Score", "description": "Hype score (raw momentum component)", "default": 0}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the CVE"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "List of references for the CVE"}, "description": {"type": "string", "title": "Description", "description": "Description of the CVE"}, "crowdsec_analysis": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Crowdsec Analysis", "description": "CrowdSec analysis of the CVE"}, "cwes": {"items": {"$ref": "#/components/schemas/CWE"}, "type": "array", "title": "Cwes", "description": "List of CWEs associated with the CVE"}, "events": {"items": {"$ref": "#/components/schemas/CVEEvent"}, "type": "array", "title": "Events", "description": "List of events related to the CVE"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "published_date", "has_public_exploit", "exploitation_phase", "references", "description", "crowdsec_analysis", "cwes"], "title": "GetCVEResponse"}, "GetCVESubscribedIntegrationsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IntegrationResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetCVESubscribedIntegrationsResponsePage"}, "GetCVEsFilterBy": {"type": "string", "enum": ["is_public"], "title": "GetCVEsFilterBy"}, "GetCVEsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/CVEResponseBase"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetCVEsResponsePage"}, "GetCVEsSortBy": {"type": "string", "enum": ["rule_release_date", "trending", "nb_ips", "name"], "title": "GetCVEsSortBy"}, "GetCVEsSortOrder": {"type": "string", "enum": ["asc", "desc"], "title": "GetCVEsSortOrder"}, "GetFingerprintIPsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IPItem"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetFingerprintIPsResponsePage"}, "GetFingerprintRulesResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/FingerprintRuleSummary"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetFingerprintRulesResponsePage"}, "GetFingerprintSubscribedIntegrationsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IntegrationResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetFingerprintSubscribedIntegrationsResponsePage"}, "History": {"properties": {"first_seen": {"type": "string", "format": "date-time", "title": "First Seen", "description": "First seen timestamp"}, "last_seen": {"type": "string", "format": "date-time", "title": "Last Seen", "description": "Last seen timestamp"}, "full_age": {"type": "integer", "title": "Full Age", "description": "Full age in days"}, "days_age": {"type": "integer", "title": "Days Age", "description": "Days age"}}, "type": "object", "required": ["first_seen", "last_seen", "full_age", "days_age"], "title": "History"}, "IPItem": {"properties": {"ip": {"type": "string", "title": "Ip", "description": "IP address"}, "reputation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Reputation", "description": "Reputation of the IP"}, "ip_range": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip Range", "description": "IP range"}, "ip_range_score": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Ip Range Score", "description": "IP range score"}, "ip_range_24": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip Range 24", "description": "IP range /24"}, "ip_range_24_reputation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip Range 24 Reputation", "description": "IP range /24 reputation"}, "ip_range_24_score": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Ip Range 24 Score", "description": "IP range /24 score"}, "as_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "As Name", "description": "AS name"}, "as_num": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "As Num", "description": "AS number"}, "background_noise_score": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Background Noise Score", "description": "Background noise score"}, "background_noise": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Background Noise", "description": "Background noise level"}, "confidence": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Confidence", "description": "Confidence level"}, "location": {"anyOf": [{"$ref": "#/components/schemas/Location"}, {"type": "null"}], "description": "IP location information"}, "reverse_dns": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Reverse Dns", "description": "Reverse DNS"}, "behaviors": {"items": {"$ref": "#/components/schemas/Behavior"}, "type": "array", "title": "Behaviors", "description": "List of behaviors"}, "references": {"items": {"$ref": "#/components/schemas/Reference"}, "type": "array", "title": "References", "description": "List of references"}, "history": {"anyOf": [{"$ref": "#/components/schemas/History"}, {"type": "null"}], "description": "Historical data"}, "classifications": {"anyOf": [{"$ref": "#/components/schemas/Classifications"}, {"type": "null"}], "description": "Classification data"}, "mitre_techniques": {"items": {"$ref": "#/components/schemas/MitreTechnique"}, "type": "array", "title": "Mitre Techniques", "description": "MITRE techniques"}, "cves": {"items": {"type": "string"}, "type": "array", "title": "Cves", "description": "List of CVEs"}, "attack_details": {"items": {"$ref": "#/components/schemas/AttackDetail"}, "type": "array", "title": "Attack Details", "description": "Attack details"}, "target_countries": {"additionalProperties": {"type": "integer"}, "type": "object", "title": "Target Countries", "description": "Target countries"}, "scores": {"anyOf": [{"$ref": "#/components/schemas/Scores"}, {"type": "null"}], "description": "Scoring information"}}, "type": "object", "required": ["ip"], "title": "IPItem"}, "IntegrationResponse": {"properties": {"tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "default": []}, "organization_id": {"type": "string", "title": "Organization Id"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "entity_type": {"$ref": "#/components/schemas/EntityType", "description": "Type of the integration"}, "id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "default": []}, "allowlists": {"items": {"$ref": "#/components/schemas/AllowlistSubscription"}, "type": "array", "title": "Allowlists", "default": []}, "cves": {"items": {"$ref": "#/components/schemas/CVEsubscription"}, "type": "array", "title": "Cves", "default": []}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "default": []}, "name": {"type": "string", "title": "Name", "description": "Name of the integration"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Description of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "type": "object", "required": ["organization_id", "entity_type", "name", "output_format"], "title": "IntegrationResponse"}, "IntervalOptions": {"type": "string", "enum": ["hour", "day", "week"], "title": "IntervalOptions"}, "Location": {"properties": {"country": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Country", "description": "Country code"}, "city": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "City", "description": "City name"}, "latitude": {"anyOf": [{"type": "number"}, {"type": "null"}], "title": "Latitude", "description": "Latitude coordinate"}, "longitude": {"anyOf": [{"type": "number"}, {"type": "null"}], "title": "Longitude", "description": "Longitude coordinate"}}, "type": "object", "title": "Location"}, "LookupImpactCVEItem": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the CVE"}, "name": {"type": "string", "title": "Name", "description": "Name of the CVE"}, "title": {"type": "string", "title": "Title", "description": "Title of the CVE"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score of the CVE"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs affected"}, "published_date": {"type": "string", "format": "date-time", "title": "Published Date", "description": "Published date of the CVE"}, "cvss_score": {"anyOf": [{"type": "number", "maximum": 10.0, "minimum": 0.0}, {"type": "null"}], "title": "Cvss Score", "description": "CVSS score of the CVE"}, "has_public_exploit": {"type": "boolean", "title": "Has Public Exploit", "description": "Indicates if there is a public exploit for the CVE"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the associated detection rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase of the CVE"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustments applied to the CVE score based on various factors"}, "hype_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Hype Score", "description": "Hype score (raw momentum component)", "default": 0}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the CVE"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "List of references for the CVE"}, "description": {"type": "string", "title": "Description", "description": "Description of the CVE"}, "crowdsec_analysis": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Crowdsec Analysis", "description": "CrowdSec analysis of the CVE"}, "cwes": {"items": {"$ref": "#/components/schemas/CWE"}, "type": "array", "title": "Cwes", "description": "List of CWEs associated with the CVE"}, "events": {"items": {"$ref": "#/components/schemas/CVEEvent"}, "type": "array", "title": "Events", "description": "List of events related to the CVE"}, "type": {"type": "string", "const": "cve", "title": "Type", "description": "Resource type", "default": "cve"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "published_date", "has_public_exploit", "exploitation_phase", "references", "description", "crowdsec_analysis", "cwes"], "title": "LookupImpactCVEItem"}, "LookupImpactFingerprintItem": {"properties": {"id": {"type": "string", "title": "Id", "description": "Fingerprint rule identifier"}, "name": {"type": "string", "title": "Name", "description": "Fingerprint rule name"}, "title": {"type": "string", "title": "Title", "description": "Fingerprint rule title"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score for the fingerprint rule"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs observed"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the fingerprint rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustment details"}, "hype_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Hype Score", "description": "Hype score (raw momentum component)", "default": 0}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the fingerprint rule"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Fingerprint rule description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Reference links for the fingerprint rule"}, "crowdsec_analysis": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Crowdsec Analysis", "description": "CrowdSec analysis for this fingerprint rule"}, "events": {"items": {"$ref": "#/components/schemas/CVEEvent"}, "type": "array", "title": "Events", "description": "List of events related to the fingerprint rule"}, "type": {"type": "string", "const": "fingerprint", "title": "Type", "description": "Resource type", "default": "fingerprint"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "exploitation_phase"], "title": "LookupImpactFingerprintItem"}, "LookupImpactResponsePage": {"properties": {"items": {"items": {"oneOf": [{"$ref": "#/components/schemas/LookupImpactCVEItem"}, {"$ref": "#/components/schemas/LookupImpactFingerprintItem"}], "discriminator": {"propertyName": "type", "mapping": {"cve": "#/components/schemas/LookupImpactCVEItem", "fingerprint": "#/components/schemas/LookupImpactFingerprintItem"}}}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "LookupImpactResponsePage"}, "LookupListItem": {"properties": {"value": {"type": "string", "title": "Value", "description": "Lookup entry value"}}, "type": "object", "required": ["value"], "title": "LookupListItem"}, "LookupListResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/LookupListItem"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "LookupListResponsePage"}, "MitreTechnique": {"properties": {"name": {"type": "string", "title": "Name", "description": "MITRE technique ID"}, "label": {"type": "string", "title": "Label", "description": "MITRE technique label"}, "description": {"type": "string", "title": "Description", "description": "MITRE technique description"}}, "type": "object", "required": ["name", "label", "description"], "title": "MitreTechnique"}, "Reference": {"properties": {"name": {"type": "string", "title": "Name", "description": "Reference name"}, "label": {"type": "string", "title": "Label", "description": "Reference label"}, "description": {"type": "string", "title": "Description", "description": "Reference description"}}, "type": "object", "required": ["name", "label", "description"], "title": "Reference"}, "ScoreBreakdown": {"properties": {"aggressiveness": {"type": "integer", "title": "Aggressiveness", "description": "Aggressiveness score"}, "threat": {"type": "integer", "title": "Threat", "description": "Threat score"}, "trust": {"type": "integer", "title": "Trust", "description": "Trust score"}, "anomaly": {"type": "integer", "title": "Anomaly", "description": "Anomaly score"}, "total": {"type": "integer", "title": "Total", "description": "Total score"}}, "type": "object", "required": ["aggressiveness", "threat", "trust", "anomaly", "total"], "title": "ScoreBreakdown"}, "Scores": {"properties": {"overall": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Overall scores"}, "last_day": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Last day scores"}, "last_week": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Last week scores"}, "last_month": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Last month scores"}}, "type": "object", "required": ["overall", "last_day", "last_week", "last_month"], "title": "Scores"}, "SinceOptions": {"type": "integer", "enum": [1, 7, 30], "title": "SinceOptions"}, "SubscribeCVEIntegrationRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the integration to subscribe"}}, "additionalProperties": false, "type": "object", "required": ["name"], "title": "SubscribeCVEIntegrationRequest"}, "SubscribeFingerprintIntegrationRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the integration to subscribe"}}, "additionalProperties": false, "type": "object", "required": ["name"], "title": "SubscribeFingerprintIntegrationRequest"}, "TimelineItem": {"properties": {"timestamp": {"type": "string", "format": "date-time", "title": "Timestamp", "description": "Timestamp of the timeline event"}, "count": {"type": "integer", "title": "Count", "description": "Count of occurrences at the timestamp"}}, "type": "object", "required": ["timestamp", "count"], "title": "TimelineItem"}}, "securitySchemes": {"ApiKeyAuth": {"type": "apiKey", "in": "header", "name": "x-api-key", "description": "If integration key is provided, can also work to get integration content"}, "BasicAuth": {"type": "http", "scheme": "basic", "description": "Basic Auth for integration content endpoint only"}}}, "security": [{"ApiKeyAuth": []}, {"BasicAuth": []}], "servers": [{"url": "https://admin.api.crowdsec.net/v1", "description": "Production server"}]} \ No newline at end of file +{"openapi": "3.1.0", "info": {"title": "LET API", "description": "This is the API to manage Crowdsec Live Exploit Tracker service", "contact": {"name": "CrowdSec", "url": "https://crowdsec.net/", "email": "info@crowdsec.net"}, "version": "1.116.3"}, "paths": {"/integrations": {"post": {"tags": ["Integrations"], "summary": "Create Integration", "description": "Create an integration to a firewall or remediation component, owned by your organization. The name should be unique within the organization. This operation is submitted to quotas.", "operationId": "createIntegration", "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationCreateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Integrations"], "summary": "Get Integrations", "description": "Get integrations owned by your organization", "operationId": "getIntegrations", "parameters": [{"name": "tag", "in": "query", "required": false, "schema": {"anyOf": [{"type": "array", "items": {"type": "string"}}, {"type": "null"}], "description": "List of tags associated with the integrations (any of)", "title": "Tag"}, "description": "List of tags associated with the integrations (any of)"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationGetResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}": {"get": {"tags": ["Integrations"], "summary": "Get Integration", "description": "Get an integration by ID", "operationId": "getIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationGetResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Integrations"], "summary": "Update Integration", "description": "Update the integration details", "operationId": "updateIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationUpdateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Integrations"], "summary": "Delete Integration", "description": "Delete the integration by ID", "operationId": "deleteIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}, {"name": "force", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Force delete the integration even if it has active subscriptions (it will unsubscribe from all lists)", "default": false, "title": "Force"}, "description": "Force delete the integration even if it has active subscriptions (it will unsubscribe from all lists)"}], "responses": {"204": {"description": "Successful Response"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}/content": {"head": {"tags": ["Integrations"], "summary": "Head Integration Content", "description": "Check if the integration has content", "operationId": "headIntegrationContent", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Integrations"], "summary": "Get Integration Content", "description": "Get the ips associated to the integration in plain text format. The content can be paginated to accomodate limits in firewalls.", "operationId": "getIntegrationContent", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number to return", "default": 1, "title": "Page"}, "description": "Page number to return"}, {"name": "page_size", "in": "query", "required": false, "schema": {"anyOf": [{"type": "integer", "minimum": 10000}, {"type": "null"}], "description": "Maximum number of items to return, 0 means no limit (default), should be greater than 10000", "title": "Page Size"}, "description": "Maximum number of items to return, 0 means no limit (default), should be greater than 10000"}, {"name": "pull_limit", "in": "query", "required": false, "schema": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit"}}, {"name": "enable_ip_aggregation", "in": "query", "required": false, "schema": {"type": "boolean", "default": false, "title": "Enable Ip Aggregation"}}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}/v1/decisions/stream": {"get": {"tags": ["Integrations"], "summary": "Get Integration Content Stream", "description": "Get the ips associated to the integration in a format compatible with a remediation component. As for the remediation components, you can fetch the full content with startup=true or only the changes since the last pull", "operationId": "getIntegrationContentStream", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}, {"name": "startup", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Set to true if it's the first run to fetch all the content, otherwise only changes since the last pull.", "default": false, "title": "Startup"}, "description": "Set to true if it's the first run to fetch all the content, otherwise only changes since the last pull."}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists": {"post": {"tags": ["Allowlists"], "summary": "Create Allowlist", "description": "Create a new allowlist for an organization", "operationId": "createAllowlist", "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistCreateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Allowlists"], "summary": "List Allowlists", "description": "List all allowlists for an organization", "operationId": "listAllowlists", "parameters": [{"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistGetResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}": {"get": {"tags": ["Allowlists"], "summary": "Get Allowlist", "description": "Get an allowlist by ID", "operationId": "getAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistGetResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Allowlists"], "summary": "Update Allowlist", "description": "Update an allowlist by ID", "operationId": "updateAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistUpdateResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Allowlists"], "summary": "Delete Allowlist", "description": "Delete an allowlist by ID", "operationId": "deleteAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "force", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Force delete the allowlist, even if it has subscribers", "default": false, "title": "Force"}, "description": "Force delete the allowlist, even if it has subscribers"}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}/items": {"post": {"tags": ["Allowlists"], "summary": "Create Allowlist Items", "description": "Create items for an allowlist", "operationId": "createAllowlistItems", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistItemsCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Allowlists"], "summary": "Get Allowlist Items", "description": "Get items in an allowlist", "operationId": "getAllowlistItems", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistGetItemsResponsePage"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}/items/{item_id}": {"get": {"tags": ["Allowlists"], "summary": "Get Allowlist Item", "description": "Get an allowlist item by ID", "operationId": "getAllowlistItem", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "item_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Item Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistGetItemsResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Allowlists"], "summary": "Update Allowlist Item", "description": "Update an allowlist item by ID", "operationId": "updateAllowlistItem", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "item_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Item Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistItemUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistItemUpdateResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Allowlists"], "summary": "Delete Allowlist Item", "description": "Delete an allowlist item by ID", "operationId": "deleteAllowlistItem", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "item_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Item Id"}}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}/subscribers": {"get": {"tags": ["Allowlists"], "summary": "Get Allowlist Subscribers", "description": "Get subscribers of an allowlist", "operationId": "getAllowlistSubscribers", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistSubscriberEntityPage"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "post": {"tags": ["Allowlists"], "summary": "Subscribe Allowlist", "description": "Subscribe to an allowlist", "operationId": "subscribeAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistSubscriptionRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistSubscriptionResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}/subscribers/{entity_id}": {"delete": {"tags": ["Allowlists"], "summary": "Unsubscribe Allowlist", "description": "Unsubscribe from an allowlist", "operationId": "unsubscribeAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "entity_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Entity Id"}}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists": {"post": {"tags": ["Blocklists"], "summary": "Create Blocklist", "description": "Create a new blocklist owned by your organization. The name must be unique within your organization. The list will only be visible to your organization and organizations you shared the blocklist with. This operation is submitted to quotas", "operationId": "createBlocklist", "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponse"}}}}, "409": {"description": "Blocklist already exists"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Blocklists"], "summary": "Get Blocklists", "description": "Get multiple blocklists. Only blocklists owned by your organization, shared with your organization or public blocklists are returned. Filters and pagination are available as query parameters.", "operationId": "getBlocklists", "parameters": [{"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "page_size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 1000, "description": "Page size", "default": 100, "title": "Page Size"}, "description": "Page size"}, {"name": "subscribed_only", "in": "query", "required": false, "schema": {"type": "boolean", "description": "only subscribed blocklists", "default": false, "title": "Subscribed Only"}, "description": "only subscribed blocklists"}, {"name": "exclude_subscribed", "in": "query", "required": false, "schema": {"type": "boolean", "description": "exclude subscribed blocklists", "default": false, "title": "Exclude Subscribed"}, "description": "exclude subscribed blocklists"}, {"name": "include_filter", "in": "query", "required": false, "schema": {"type": "array", "items": {"$ref": "#/components/schemas/BlocklistIncludeFilters"}, "description": "Include blocklists with the specified filters", "default": ["private", "shared"], "title": "Include Filter"}, "description": "Include blocklists with the specified filters"}, {"name": "category", "in": "query", "required": false, "schema": {"anyOf": [{"type": "array", "items": {"type": "string"}}, {"type": "null"}], "description": "Filter by category", "title": "Category"}, "description": "Filter by category"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/search": {"post": {"tags": ["Blocklists"], "summary": "Search Blocklists", "description": "Search blocklists", "operationId": "searchBlocklist", "parameters": [{"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistSearchRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}": {"get": {"tags": ["Blocklists"], "summary": "Get Blocklist", "description": "Get the details of a blocklist by ID. The content of the blocklist is not returned.", "operationId": "getBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponse"}}}}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Blocklists"], "summary": "Update Blocklist", "description": "Update a blocklist's details by ID. It is not possible to update the blocklist content using this operation.", "operationId": "updateBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponse"}}}}, "403": {"description": "Blocklist is read-only"}, "404": {"description": "Blocklist not found"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Blocklists"], "summary": "Delete Blocklist", "description": "Delete a blocklist by ID. If the blocklist is shared with other organizations or it has subscriptions, the operation will fail. If you want to force delete the blocklist, you can use the force query parameter, so the blocklists will be unshared / unsubscribed.", "operationId": "deleteBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "force", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Force delete the blocklist if it is shared or subscribed", "default": false, "title": "Force"}, "description": "Force delete the blocklist if it is shared or subscribed"}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/upload": {"post": {"tags": ["Blocklists"], "summary": "Upload Blocklist Content", "description": "Upload a blocklist. The file must be in txt format with one IP per line. This operation will overwrite the existing blocklist content.", "operationId": "uploadBlocklistContent", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "expiration", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "description": "Blocklist expiration", "examples": ["2026-03-19T09:51:24.931060+00:00"], "title": "Expiration"}, "description": "Blocklist expiration"}, {"name": "ignore_invalid_ips", "in": "query", "required": false, "schema": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "description": "Ignore invalid IPs", "default": false, "title": "Ignore Invalid Ips"}, "description": "Ignore invalid IPs"}], "requestBody": {"required": true, "content": {"multipart/form-data": {"schema": {"$ref": "#/components/schemas/Body_uploadBlocklistContent"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "400": {"description": "Invalid IP in blocklist file content"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/ips": {"post": {"tags": ["Blocklists"], "summary": "Add Ips To Blocklist", "description": "Add IPs to a blocklist. If an IP is already in the blocklist, its expiration will be updated with the new expiration.", "operationId": "addIpsToBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistAddIPsRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "403": {"description": "Blocklist is read-only"}, "404": {"description": "Blocklist not found"}, "412": {"description": "Payload too large for one operation, limit is 20000 IPs per request"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/ips/bulk_overwrite": {"post": {"tags": ["Blocklists"], "summary": "Bulk Overwrite Blocklist Ips", "description": "Overwrite blocklist content", "operationId": "overwriteIps", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistAddIPsRequest"}}}}, "responses": {"202": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "403": {"description": "Blocklist is read-only"}, "404": {"description": "Blocklist not found"}, "412": {"description": "Payload too large for one operation, limit is 20000 IPs per request"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/ips/delete": {"post": {"tags": ["Blocklists"], "summary": "Delete Ips From Blocklist", "description": "Delete IPs from a blocklist", "operationId": "deleteIpsFromBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistDeleteIPsRequest"}}}}, "responses": {"204": {"description": "Successful Response"}, "403": {"description": "Blocklist is read-only"}, "404": {"description": "Blocklist not found"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/download": {"get": {"tags": ["Blocklists"], "summary": "Download Blocklist Content", "description": "Download blocklist content as a list of ips as plain text separated by new lines. The response will include the ETag header for cache control. If_Modified_Since and If_None_Match cache control headers are supported for conditional requests.", "operationId": "downloadBlocklistContent", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "if-modified-since", "in": "header", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "If_Modified_Since cache control header", "title": "If-Modified-Since"}, "description": "If_Modified_Since cache control header"}, {"name": "if-none-match", "in": "header", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "If_None_Match cache control header", "title": "If-None-Match"}, "description": "If_None_Match cache control header"}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "404": {"description": "Blocklist not found"}, "204": {"description": "Blocklist is empty"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/subscribers": {"post": {"tags": ["Blocklists"], "summary": "Subscribe Blocklist", "description": "Subscribe to a blocklist with a remediation type. If the entity type is the full organization or a Tag, all the engines belonging to the organization or the Tag will be subscribed and new engines that will join the organization or the Tag will also be automatically subscribed. If the subscription has been done on an organization or Tag you cannot unsubscribe individual engines. In case of errors for some subscribers, the operation will still succeed for the entities that were successfully subscribed and you'll have the list of errors in the operation's result. This operation is submitted to quotas.", "operationId": "subscribeBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistSubscriptionRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistSubscriptionResponse"}}}}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Blocklists"], "summary": "Get Blocklist Subscribers", "description": "Get blocklist subscribers within your organization.", "operationId": "getBlocklistSubscribers", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistSubscriberEntityPage"}}}}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/subscribers/{entity_id}": {"delete": {"tags": ["Blocklists"], "summary": "Unsubscribe Blocklist", "description": "Unsubscribe from a blocklist. You cannot unsubscribe individual engines if the subscription has been done on an organization or Tag.", "operationId": "unsubscribeBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "entity_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Entity Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/shares": {"post": {"tags": ["Blocklists"], "summary": "Share Blocklist", "description": "Share a blocklist with other organizations given their IDs. The blocklist must be owned by your organization. You can give read-only access or read-write access to the blocklist. Sharing a blocklist will not automatically subscribe the shared organizations to the blocklist.", "operationId": "shareBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistShareRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Blocklist not found"}, "409": {"description": "Blocklist is not private"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/shares/{unshare_organization_id}": {"delete": {"tags": ["Blocklists"], "summary": "Unshare Blocklist", "description": "Unshare a blocklist with other organizations. If the blocklist is subscribed by the organization, the operation will fail.Use force query parameter to unshare a blocklist even if subscriptions exists.", "operationId": "unshareBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "unshare_organization_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Unshare Organization Id"}}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Blocklist not found"}, "409": {"description": "Blocklist is not private"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/decisions": {"get": {"tags": ["Decisions"], "summary": "Get Decisions", "description": "Get decisions", "operationId": "getDecisions", "parameters": [{"name": "instance_ids", "in": "query", "required": false, "schema": {"type": "array", "items": {"type": "string"}, "description": "Filter decisions by instance IDs", "default": [], "title": "Instance Ids"}, "description": "Filter decisions by instance IDs"}, {"name": "tag_ids", "in": "query", "required": false, "schema": {"type": "array", "items": {"type": "string"}, "description": "Filter decisions by tag IDs", "default": [], "title": "Tag Ids"}, "description": "Filter decisions by tag IDs"}, {"name": "remediation_types", "in": "query", "required": false, "schema": {"type": "array", "items": {"type": "string"}, "description": "Filter decisions by remediation types", "default": [], "title": "Remediation Types"}, "description": "Filter decisions by remediation types"}, {"name": "ips", "in": "query", "required": false, "schema": {"type": "array", "items": {"type": "string"}, "description": "Filter decisions by IPs (only for IP decisions)", "default": [], "title": "Ips"}, "description": "Filter decisions by IPs (only for IP decisions)"}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/DecisionsSortBy"}, {"type": "null"}], "description": "Field to sort by (e.g., created_at, duration)", "default": "created_at", "title": "Sort By"}, "description": "Field to sort by (e.g., created_at, duration)"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/DecisionsSortOrder"}, {"type": "null"}], "description": "Sort order: 'asc' for ascending, 'desc' for descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: 'asc' for ascending, 'desc' for descending"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DecisionsGetResponsePage"}}}}, "404": {"description": "Not found"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "post": {"tags": ["Decisions"], "summary": "Create Decision", "description": "Create a new decision.", "operationId": "createDecision", "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DecisionCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DecisionCreateResponse"}}}}, "409": {"description": "Conflict: Decision value is in allowlists; cannot create decision."}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/info": {"get": {"tags": ["Info"], "summary": "Get Me Info", "description": "Get the current user and organization informations", "operationId": "getInfo", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/InfoResponse"}}}}}}}, "/metrics/remediation": {"get": {"tags": ["Metrics"], "summary": "Get Metrics Remediation", "description": "Get remediation metrics", "operationId": "getMetricsRemediation", "parameters": [{"name": "start_date", "in": "query", "required": false, "schema": {"type": "string", "format": "date-time", "description": "Start date of the metrics, default to last day", "title": "Start Date"}, "description": "Start date of the metrics, default to last day"}, {"name": "end_date", "in": "query", "required": false, "schema": {"type": "string", "format": "date-time", "description": "End date of the metrics", "title": "End Date"}, "description": "End date of the metrics"}, {"name": "engine_ids", "in": "query", "required": false, "schema": {"type": "array", "items": {"type": "string"}, "description": "List of engine ids", "default": [], "title": "Engine Ids"}, "description": "List of engine ids"}, {"name": "integration_ids", "in": "query", "required": false, "schema": {"type": "array", "items": {"type": "string"}, "description": "List of integration ids", "default": [], "title": "Integration Ids"}, "description": "List of integration ids"}, {"name": "tags", "in": "query", "required": false, "schema": {"type": "array", "items": {"type": "string"}, "description": "List of tags", "default": [], "title": "Tags"}, "description": "List of tags"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRemediationMetricsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/hub/index/{tenant}/{branch}/.index.json": {"get": {"description": "Get a (minimized) index file for 'cscli hub update'. May or may not include unused fields\n(content, long descriptions, labels...) or redundant ones (author, name).", "operationId": "getIndex", "parameters": [{"in": "path", "name": "branch", "required": true, "schema": {"title": "Branch", "type": "string"}}, {"in": "path", "name": "tenant", "required": true, "schema": {"title": "Tenant", "type": "string"}}, {"description": "Include content in the index", "in": "query", "name": "with_content", "required": false, "schema": {"default": false, "description": "Include content in the index", "title": "With Content", "type": "boolean"}}], "responses": {"200": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/Index"}}}, "description": "Successful Response"}, "422": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}, "description": "Validation Error"}}, "summary": "Get a minimized index file (crowdsec only)", "tags": ["Hub"]}, "head": {"description": "This endpoint returns cache-related headers for the index file without the full content.\nIt is useful for validating cache, checking resource freshness, and managing client-side\ncache expiration policies. No body content is returned.", "operationId": "headIndex", "parameters": [{"in": "path", "name": "branch", "required": true, "schema": {"title": "Branch", "type": "string"}}, {"in": "path", "name": "tenant", "required": true, "schema": {"title": "Tenant", "type": "string"}}, {"description": "Include content in the index", "in": "query", "name": "with_content", "required": false, "schema": {"default": false, "description": "Include content in the index", "title": "With Content", "type": "boolean"}}], "responses": {"200": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/Index"}}}, "description": "Successful Response"}, "422": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}, "description": "Validation Error"}}, "summary": "Check cache control headers for the index file", "tags": ["Hub"]}}, "/hub/index/{tenant}/{branch}/{item_path}": {"get": {"description": "Get an item's content from its path. This is usually a YAML file.", "operationId": "getItemContent", "parameters": [{"in": "path", "name": "item_path", "required": true, "schema": {"title": "Item Path", "type": "string"}}, {"in": "path", "name": "branch", "required": true, "schema": {"title": "Branch", "type": "string"}}, {"in": "path", "name": "tenant", "required": true, "schema": {"title": "Tenant", "type": "string"}}], "responses": {"200": {"content": {"application/json": {"schema": {}}}, "description": "Successful Response"}, "404": {"description": "No content field"}, "422": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}, "description": "Validation Error"}}, "summary": "Get an item's content (crowdsec only)", "tags": ["Hub"]}, "head": {"description": "This endpoint returns cache-related headers for an item's content. It is useful for validating\ncache, checking resource freshness, and managing client-side cache expiration policies. No body\ncontent is returned.", "operationId": "headItemContent", "parameters": [{"in": "path", "name": "item_path", "required": true, "schema": {"title": "Item Path", "type": "string"}}, {"in": "path", "name": "branch", "required": true, "schema": {"title": "Branch", "type": "string"}}, {"in": "path", "name": "tenant", "required": true, "schema": {"title": "Tenant", "type": "string"}}], "responses": {"200": {"content": {"application/json": {"schema": {}}}, "description": "Successful Response"}, "422": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}, "description": "Validation Error"}}, "summary": "Check cache control headers for an item's content", "tags": ["Hub"]}}}, "components": {"schemas": {"ApiKeyCredentials": {"properties": {"api_key": {"type": "string", "title": "Api Key", "description": "API key for the integration"}}, "type": "object", "required": ["api_key"], "title": "ApiKeyCredentials"}, "BasicAuthCredentials": {"properties": {"username": {"type": "string", "title": "Username", "description": "Basic auth username for the integration"}, "password": {"type": "string", "title": "Password", "description": "Basic auth password for the integration"}}, "type": "object", "required": ["username", "password"], "title": "BasicAuthCredentials"}, "BlocklistSubscription": {"properties": {"id": {"type": "string", "title": "Id"}, "remediation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Remediation"}, "name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}}, "type": "object", "required": ["id", "name", "label"], "title": "BlocklistSubscription"}, "CVESubscription": {"properties": {"id": {"type": "string", "title": "Id", "description": "CVE ID"}}, "type": "object", "required": ["id"], "title": "CVESubscription"}, "FingerprintSubscription": {"properties": {"id": {"type": "string", "title": "Id", "description": "Fingerprint ID"}}, "type": "object", "required": ["id"], "title": "FingerprintSubscription"}, "HTTPValidationError": {"properties": {"detail": {"items": {"$ref": "#/components/schemas/ValidationError"}, "title": "Detail", "type": "array"}}, "title": "HTTPValidationError", "type": "object"}, "IntegrationCreateRequest": {"properties": {"name": {"type": "string", "minLength": 1, "title": "Name", "description": "Name of the integration"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Description of the integration"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "additionalProperties": false, "type": "object", "required": ["name", "entity_type", "output_format"], "title": "IntegrationCreateRequest"}, "IntegrationCreateResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "description": "Fingerprints that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}, "credentials": {"anyOf": [{"$ref": "#/components/schemas/ApiKeyCredentials"}, {"$ref": "#/components/schemas/BasicAuthCredentials"}], "title": "Credentials", "description": "Credentials that were generated for the integration"}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "fingerprints", "endpoint", "credentials"], "title": "IntegrationCreateResponse"}, "IntegrationGetResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "description": "Fingerprints that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "fingerprints", "endpoint"], "title": "IntegrationGetResponse"}, "IntegrationGetResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IntegrationGetResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "IntegrationGetResponsePage"}, "IntegrationType": {"type": "string", "enum": ["firewall_integration", "remediation_component_integration"], "title": "IntegrationType"}, "IntegrationUpdateRequest": {"properties": {"name": {"type": "string", "minLength": 1, "title": "Name", "description": "New name"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "New description"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "New output format"}, "regenerate_credentials": {"type": "boolean", "title": "Regenerate Credentials", "description": "Regenerate credentials for the integration"}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "additionalProperties": false, "type": "object", "title": "IntegrationUpdateRequest"}, "IntegrationUpdateResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "description": "Fingerprints that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}, "credentials": {"anyOf": [{"$ref": "#/components/schemas/ApiKeyCredentials"}, {"$ref": "#/components/schemas/BasicAuthCredentials"}, {"type": "null"}], "title": "Credentials", "description": "Credentials for the integration"}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "fingerprints", "endpoint"], "title": "IntegrationUpdateResponse"}, "Links": {"properties": {"first": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "First", "examples": ["/api/v1/users?limit=1&offset1"]}, "last": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Last", "examples": ["/api/v1/users?limit=1&offset1"]}, "self": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Self", "examples": ["/api/v1/users?limit=1&offset1"]}, "next": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Next", "examples": ["/api/v1/users?limit=1&offset1"]}, "prev": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Prev", "examples": ["/api/v1/users?limit=1&offset1"]}}, "type": "object", "title": "Links"}, "OutputFormat": {"type": "string", "enum": ["plain_text", "f5", "remediation_component", "fortigate", "paloalto", "checkpoint", "cisco", "juniper", "mikrotik", "pfsense", "opnsense", "sophos"], "title": "OutputFormat"}, "Stats": {"properties": {"count": {"type": "integer", "title": "Count", "description": "Number of total blocklists items the integration will pull"}}, "type": "object", "required": ["count"], "title": "Stats"}, "ValidationError": {"properties": {"loc": {"items": {"anyOf": [{"type": "string"}, {"type": "integer"}]}, "title": "Location", "type": "array"}, "msg": {"title": "Message", "type": "string"}, "type": {"title": "Error Type", "type": "string"}}, "required": ["loc", "msg", "type"], "title": "ValidationError", "type": "object"}, "AllowlistCreateRequest": {"properties": {"name": {"type": "string", "maxLength": 200, "minLength": 1, "title": "Name", "description": "Name of the allowlist"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Description of the allowlist"}}, "additionalProperties": false, "type": "object", "required": ["name"], "title": "AllowlistCreateRequest"}, "AllowlistCreateResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "name": {"type": "string", "title": "Name", "description": "Name of the allowlist"}, "description": {"type": "string", "title": "Description", "description": "Description of the allowlist"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist was created"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At", "description": "Time the allowlist was updated"}, "from_cti_query": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "From Cti Query", "description": "CTI query from which the blocklist was created"}, "since": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}, "total_items": {"type": "integer", "title": "Total Items", "description": "Number of items in the allowlist"}}, "type": "object", "required": ["id", "organization_id", "name", "created_at", "total_items"], "title": "AllowlistCreateResponse"}, "AllowlistGetItemsResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist entry", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "allowlist_id": {"type": "string", "format": "ObjectId", "title": "Allowlist Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Description of the allowlist entry"}, "scope": {"$ref": "#/components/schemas/AllowlistScope", "description": "Scope of the allowlist entry"}, "value": {"anyOf": [{"type": "string", "format": "ipvanyaddress"}, {"type": "string", "format": "ipvanynetwork"}], "title": "Value", "description": "Value of the allowlist entry"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist entry was created"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At", "description": "Time the allowlist entry was updated"}, "created_by": {"$ref": "#/components/schemas/SourceInfo", "description": "The source user who created the allowlist entry"}, "updated_by": {"anyOf": [{"$ref": "#/components/schemas/SourceInfo"}, {"type": "null"}], "description": "The source user who updated the allowlist entry"}, "expiration": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Expiration", "description": "Time the allowlist entry will expire"}}, "type": "object", "required": ["id", "allowlist_id", "description", "scope", "value", "created_at", "created_by"], "title": "AllowlistGetItemsResponse"}, "AllowlistGetItemsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/AllowlistGetItemsResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "AllowlistGetItemsResponsePage"}, "AllowlistGetResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "name": {"type": "string", "title": "Name", "description": "Name of the allowlist"}, "description": {"type": "string", "title": "Description", "description": "Description of the allowlist"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist was created"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At", "description": "Time the allowlist was updated"}, "from_cti_query": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "From Cti Query", "description": "CTI query from which the blocklist was created"}, "since": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}, "total_items": {"type": "integer", "title": "Total Items", "description": "Number of items in the allowlist"}, "subscribers": {"items": {"$ref": "#/components/schemas/AllowlistSubscribersCount"}, "type": "array", "title": "Subscribers", "description": "List of subscribers count by entity type", "default": []}}, "type": "object", "required": ["id", "organization_id", "name", "created_at", "total_items"], "title": "AllowlistGetResponse"}, "AllowlistGetResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/AllowlistGetResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "AllowlistGetResponsePage"}, "AllowlistItemUpdateRequest": {"properties": {"description": {"type": "string", "title": "Description", "description": "Description of the allowlist entry"}, "expiration": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Expiration", "description": "Time the allowlist entry will expire"}}, "additionalProperties": false, "type": "object", "title": "AllowlistItemUpdateRequest"}, "AllowlistItemUpdateResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist entry", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "allowlist_id": {"type": "string", "format": "ObjectId", "title": "Allowlist Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Description of the allowlist entry"}, "scope": {"$ref": "#/components/schemas/AllowlistScope", "description": "Scope of the allowlist entry"}, "value": {"anyOf": [{"type": "string", "format": "ipvanyaddress"}, {"type": "string", "format": "ipvanynetwork"}], "title": "Value", "description": "Value of the allowlist entry"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist entry was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Time the allowlist entry was updated"}, "created_by": {"$ref": "#/components/schemas/SourceInfo", "description": "The source user who created the allowlist entry"}, "updated_by": {"$ref": "#/components/schemas/SourceInfo", "description": "The source user who updated the allowlist entry"}, "expiration": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Expiration", "description": "Time the allowlist entry will expire"}}, "type": "object", "required": ["id", "allowlist_id", "description", "scope", "value", "created_at", "updated_at", "created_by", "updated_by"], "title": "AllowlistItemUpdateResponse"}, "AllowlistItemsCreateRequest": {"properties": {"items": {"items": {"anyOf": [{"type": "string", "format": "ipvanyaddress"}, {"type": "string", "format": "ipvanynetwork"}]}, "type": "array", "title": "Items", "description": "List of values to add to the allowlist"}, "description": {"type": "string", "title": "Description", "description": "Description of the allowlist entry"}, "expiration": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Expiration", "description": "Time the allowlist entry will expire"}}, "additionalProperties": false, "type": "object", "required": ["items", "description"], "title": "AllowlistItemsCreateRequest"}, "AllowlistScope": {"type": "string", "enum": ["ip", "range"], "title": "AllowlistScope"}, "AllowlistSubscriberEntity": {"properties": {"id": {"type": "string", "title": "Id", "description": "Subscriber entity id"}, "entity_type": {"$ref": "#/components/schemas/SubscriberEntityType"}}, "type": "object", "required": ["id", "entity_type"], "title": "AllowlistSubscriberEntity"}, "AllowlistSubscriberEntityPage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/AllowlistSubscriberEntity"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "AllowlistSubscriberEntityPage"}, "AllowlistSubscribersCount": {"properties": {"entity_type": {"$ref": "#/components/schemas/SubscriberEntityType", "description": "Subscriber entity type"}, "count": {"type": "integer", "title": "Count", "description": "Subscriber entity count"}}, "type": "object", "required": ["entity_type", "count"], "title": "AllowlistSubscribersCount"}, "AllowlistSubscriptionRequest": {"properties": {"ids": {"items": {"type": "string"}, "type": "array", "title": "Ids", "description": "List of subscriber entity id"}, "entity_type": {"$ref": "#/components/schemas/EntityType"}}, "additionalProperties": false, "type": "object", "required": ["entity_type"], "title": "AllowlistSubscriptionRequest"}, "AllowlistSubscriptionResponse": {"properties": {"updated": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Updated", "description": "List of updated allowlist ids", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "errors": {"anyOf": [{"items": {"additionalProperties": {"type": "string"}, "type": "object"}, "type": "array"}, {"type": "null"}], "title": "Errors", "description": "List of errors if any", "examples": [{"5f9d88b9e5c4f5b9a3d3e8b1": "error message"}]}}, "type": "object", "required": ["updated", "errors"], "title": "AllowlistSubscriptionResponse"}, "AllowlistUpdateRequest": {"properties": {"name": {"anyOf": [{"type": "string", "maxLength": 200, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "Name of the allowlist"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Description of the allowlist"}}, "additionalProperties": false, "type": "object", "title": "AllowlistUpdateRequest"}, "AllowlistUpdateResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "name": {"type": "string", "title": "Name", "description": "Name of the allowlist"}, "description": {"type": "string", "title": "Description", "description": "Description of the allowlist"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist was created"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At", "description": "Time the allowlist was updated"}, "from_cti_query": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "From Cti Query", "description": "CTI query from which the blocklist was created"}, "since": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}, "total_items": {"type": "integer", "title": "Total Items", "description": "Number of items in the allowlist"}, "subscribers": {"items": {"$ref": "#/components/schemas/AllowlistSubscribersCount"}, "type": "array", "title": "Subscribers", "description": "List of subscribers count by entity type", "default": []}}, "type": "object", "required": ["id", "organization_id", "name", "created_at", "total_items"], "title": "AllowlistUpdateResponse"}, "AttacksMetrics": {"properties": {"total": {"anyOf": [{"type": "integer"}, {"type": "number"}], "title": "Total", "description": "Total value of the metric"}, "label": {"type": "string", "title": "Label", "description": "Label of the metric which is the attack type"}, "progression": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Progression", "description": "Progression of the metric value from the previous period"}, "data": {"items": {"$ref": "#/components/schemas/RemediationMetricsData"}, "type": "array", "title": "Data", "description": "Data points"}}, "type": "object", "required": ["total", "label", "progression", "data"], "title": "AttacksMetrics"}, "BlocklistAddIPsRequest": {"properties": {"ips": {"items": {"type": "string"}, "type": "array", "title": "Ips", "description": "List of IPs or networks"}, "expiration": {"type": "string", "format": "date-time", "title": "Expiration", "description": "Expiration date", "examples": ["2030-01-01T00:00:00.000Z"]}}, "additionalProperties": false, "type": "object", "required": ["ips"], "title": "BlocklistAddIPsRequest"}, "BlocklistCategory": {"properties": {"name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}, "description": {"type": "string", "title": "Description"}, "priority": {"type": "integer", "title": "Priority"}}, "type": "object", "required": ["name", "label", "description", "priority"], "title": "BlocklistCategory"}, "BlocklistContentStats": {"properties": {"total_seen": {"type": "integer", "title": "Total Seen", "default": 0}, "total_fire": {"type": "integer", "title": "Total Fire", "default": 0}, "total_seen_1m": {"type": "integer", "title": "Total Seen 1M", "default": 0}, "total_in_other_lists": {"type": "integer", "title": "Total In Other Lists", "default": 0}, "total_false_positive": {"type": "integer", "title": "Total False Positive", "default": 0}, "false_positive_removed_by_crowdsec": {"type": "integer", "title": "False Positive Removed By Crowdsec", "default": 0}, "most_present_behaviors": {"items": {"$ref": "#/components/schemas/CtiBehavior"}, "type": "array", "title": "Most Present Behaviors", "default": []}, "most_present_categories": {"items": {"$ref": "#/components/schemas/CtiCategory"}, "type": "array", "title": "Most Present Categories", "default": []}, "most_present_scenarios": {"items": {"$ref": "#/components/schemas/CtiScenario"}, "type": "array", "title": "Most Present Scenarios", "default": []}, "top_as": {"items": {"$ref": "#/components/schemas/CtiAs"}, "type": "array", "title": "Top As", "default": []}, "top_attacking_countries": {"items": {"$ref": "#/components/schemas/CtiCountry"}, "type": "array", "title": "Top Attacking Countries", "default": []}, "top_ips": {"items": {"$ref": "#/components/schemas/CtiIp"}, "type": "array", "title": "Top Ips", "default": []}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "additionalProperties": true, "type": "object", "title": "BlocklistContentStats"}, "BlocklistCreateRequest": {"properties": {"name": {"type": "string", "maxLength": 200, "minLength": 1, "title": "Name", "description": "Blocklist name, must be unique within the organization"}, "label": {"type": "string", "title": "Label", "description": "Blocklist human readable name (Default: name)"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Blocklist description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Useful references on the list's origins", "default": []}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Classification tags", "default": []}}, "additionalProperties": false, "type": "object", "required": ["name", "description"], "title": "BlocklistCreateRequest"}, "BlocklistDeleteIPsRequest": {"properties": {"ips": {"items": {"type": "string"}, "type": "array", "title": "Ips", "description": "List of IPs or networks"}}, "additionalProperties": false, "type": "object", "required": ["ips"], "title": "BlocklistDeleteIPsRequest"}, "BlocklistIncludeFilters": {"type": "string", "enum": ["public", "private", "shared", "all"], "title": "BlocklistIncludeFilters"}, "BlocklistOrigin": {"properties": {"label": {"type": "string", "title": "Label", "description": "Label of the blocklist"}, "id": {"type": "string", "title": "Id", "description": "ID of the blocklist"}, "pricing_tier": {"$ref": "#/components/schemas/PricingTiers", "description": "Pricing tier of the blocklist"}}, "type": "object", "required": ["label", "id", "pricing_tier"], "title": "BlocklistOrigin"}, "BlocklistSearchRequest": {"properties": {"page": {"type": "integer", "minimum": 1.0, "title": "Page", "description": "Page number", "default": 1}, "page_size": {"type": "integer", "maximum": 1000.0, "title": "Page Size", "description": "Page size", "default": 100}, "pricing_tiers": {"items": {"$ref": "#/components/schemas/PricingTiers"}, "type": "array", "title": "Pricing Tiers", "description": "Pricing tiers", "default": []}, "query": {"type": "string", "title": "Query", "description": "Search query", "default": ""}, "targeted_countries": {"items": {"type": "string"}, "type": "array", "title": "Targeted Countries", "description": "Targeted countries", "default": []}, "classifications": {"items": {"type": "string"}, "type": "array", "title": "Classifications", "description": "Classifications", "default": []}, "behaviors": {"items": {"type": "string"}, "type": "array", "title": "Behaviors", "description": "Behaviors", "default": []}, "min_ips": {"type": "integer", "minimum": 0.0, "title": "Min Ips", "description": "Minimum number of IPs", "default": 0}, "sources": {"items": {"$ref": "#/components/schemas/BlocklistSources"}, "type": "array", "title": "Sources", "description": "Sources", "default": []}, "categories": {"items": {"type": "string"}, "type": "array", "title": "Categories", "description": "Categories", "default": []}, "is_private": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Is Private", "description": "Private blocklist"}, "is_subscribed": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Is Subscribed", "description": "Subscribed blocklist (None: all)"}}, "additionalProperties": false, "type": "object", "title": "BlocklistSearchRequest"}, "BlocklistShareRequest": {"properties": {"organizations": {"items": {"$ref": "#/components/schemas/Share"}, "type": "array", "title": "Organizations", "description": "List of organizations to share the blocklist"}}, "additionalProperties": false, "type": "object", "required": ["organizations"], "title": "BlocklistShareRequest"}, "BlocklistSources": {"type": "string", "enum": ["crowdsec", "third_party", "custom"], "title": "BlocklistSources"}, "BlocklistStats": {"properties": {"content_stats": {"$ref": "#/components/schemas/BlocklistContentStats", "default": {"total_seen": 0, "total_fire": 0, "total_seen_1m": 0, "total_in_other_lists": 0, "total_false_positive": 0, "false_positive_removed_by_crowdsec": 0, "most_present_behaviors": [], "most_present_categories": [], "most_present_scenarios": [], "top_as": [], "top_attacking_countries": [], "top_ips": []}}, "usage_stats": {"anyOf": [{"$ref": "#/components/schemas/BlocklistUsageStats"}, {"type": "null"}], "default": {"engines_subscribed_directly": 0, "engines_subscribed_through_org": 0, "engines_subscribed_through_tag": 0, "total_subscribed_engines": 0, "total_subscribed_organizations": 0}}, "addition_2days": {"type": "integer", "title": "Addition 2Days", "default": 0}, "addition_month": {"type": "integer", "title": "Addition Month", "default": 0}, "suppression_2days": {"type": "integer", "title": "Suppression 2Days", "default": 0}, "suppression_month": {"type": "integer", "title": "Suppression Month", "default": 0}, "change_2days_percentage": {"type": "number", "title": "Change 2Days Percentage", "default": 0.0}, "change_month_percentage": {"type": "number", "title": "Change Month Percentage", "default": 0.0}, "count": {"type": "integer", "title": "Count", "default": 0}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "additionalProperties": true, "type": "object", "title": "BlocklistStats"}, "BlocklistSubscriberEntity": {"properties": {"id": {"type": "string", "title": "Id", "description": "Subscriber entity id"}, "entity_type": {"$ref": "#/components/schemas/SubscriberEntityType"}, "remediation": {"type": "string", "title": "Remediation", "description": "Remediation"}}, "type": "object", "required": ["id", "entity_type", "remediation"], "title": "BlocklistSubscriberEntity"}, "BlocklistSubscriberEntityPage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/BlocklistSubscriberEntity"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "BlocklistSubscriberEntityPage"}, "BlocklistSubscribersCount": {"properties": {"entity_type": {"$ref": "#/components/schemas/SubscriberEntityType", "description": "Subscriber entity type"}, "count": {"type": "integer", "title": "Count", "description": "Subscriber entity count"}}, "type": "object", "required": ["entity_type", "count"], "title": "BlocklistSubscribersCount"}, "BlocklistSubscriptionRequest": {"properties": {"ids": {"items": {"type": "string"}, "type": "array", "title": "Ids", "description": "List of subscriber entity id"}, "entity_type": {"$ref": "#/components/schemas/SubscriberEntityType"}, "remediation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Remediation", "description": "Remediation"}}, "additionalProperties": false, "type": "object", "required": ["entity_type"], "title": "BlocklistSubscriptionRequest"}, "BlocklistSubscriptionResponse": {"properties": {"updated": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Updated", "description": "List of updated blocklist ids", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "errors": {"anyOf": [{"items": {"additionalProperties": {"type": "string"}, "type": "object"}, "type": "array"}, {"type": "null"}], "title": "Errors", "description": "List of errors if any", "examples": [{"5f9d88b9e5c4f5b9a3d3e8b1": "error message"}]}}, "type": "object", "required": ["updated", "errors"], "title": "BlocklistSubscriptionResponse"}, "BlocklistUpdateRequest": {"properties": {"label": {"type": "string", "title": "Label", "description": "Blocklist human readable name"}, "description": {"type": "string", "title": "Description", "description": "Blocklist description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Blocklist references"}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Blocklist tags"}, "from_cti_query": {"type": "string", "title": "From Cti Query", "description": "CTI query (doc link available soon)"}, "since": {"type": "string", "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}}, "additionalProperties": false, "type": "object", "title": "BlocklistUpdateRequest"}, "BlocklistUsageStats": {"properties": {"engines_subscribed_directly": {"type": "integer", "title": "Engines Subscribed Directly", "default": 0}, "engines_subscribed_through_org": {"type": "integer", "title": "Engines Subscribed Through Org", "default": 0}, "engines_subscribed_through_tag": {"type": "integer", "title": "Engines Subscribed Through Tag", "default": 0}, "total_subscribed_engines": {"type": "integer", "title": "Total Subscribed Engines", "default": 0}, "total_subscribed_organizations": {"type": "integer", "title": "Total Subscribed Organizations", "default": 0}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "additionalProperties": true, "type": "object", "title": "BlocklistUsageStats"}, "Body_uploadBlocklistContent": {"properties": {"file": {"type": "string", "format": "binary", "title": "File", "description": "Blocklist file in txt format"}}, "type": "object", "required": ["file"], "title": "Body_uploadBlocklistContent"}, "ComputedMetrics": {"properties": {"saved": {"$ref": "#/components/schemas/ComputedSavedMetrics", "description": "estimated saved metrics"}, "dropped": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Dropped", "description": "estimated dropped metrics", "default": []}, "prevented": {"items": {"$ref": "#/components/schemas/AttacksMetrics"}, "type": "array", "title": "Prevented", "description": "prevented attacks metrics", "default": []}}, "type": "object", "required": ["saved"], "title": "ComputedMetrics"}, "ComputedSavedMetrics": {"properties": {"log_lines": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Log Lines", "description": "estimated log lines saved", "default": []}, "storage": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Storage", "description": "estimated storage saved", "default": []}, "egress_traffic": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Egress Traffic", "description": "estimated egress traffic saved", "default": []}}, "type": "object", "title": "ComputedSavedMetrics"}, "CtiAs": {"properties": {"as_num": {"type": "string", "title": "As Num"}, "as_name": {"type": "string", "title": "As Name"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["as_num", "as_name", "total_ips"], "title": "CtiAs"}, "CtiBehavior": {"properties": {"name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}, "description": {"type": "string", "title": "Description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["name", "label", "description", "references", "total_ips"], "title": "CtiBehavior"}, "CtiCategory": {"properties": {"name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}, "description": {"type": "string", "title": "Description"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["name", "label", "description", "total_ips"], "title": "CtiCategory"}, "CtiCountry": {"properties": {"country_short": {"type": "string", "title": "Country Short"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["country_short", "total_ips"], "title": "CtiCountry"}, "CtiIp": {"properties": {"ip": {"type": "string", "title": "Ip"}, "total_signals_1m": {"type": "integer", "title": "Total Signals 1M"}, "reputation": {"type": "string", "title": "Reputation", "default": "unknown"}}, "additionalProperties": true, "type": "object", "required": ["ip", "total_signals_1m"], "title": "CtiIp"}, "CtiScenario": {"properties": {"name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}, "description": {"type": "string", "title": "Description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["name", "label", "description", "references", "total_ips"], "title": "CtiScenario"}, "DecisionCreateRequest": {"properties": {"created_at": {"type": "string", "format": "date-time", "title": "Created At"}, "uuid": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Uuid", "description": "UUID of the decision"}, "id": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Id", "description": "ID of the decision"}, "duration": {"type": "string", "title": "Duration", "description": "Duration of the decision"}, "origin": {"type": "string", "title": "Origin", "description": "Origin of the decision"}, "scenario": {"type": "string", "title": "Scenario", "description": "Scenario of the decision"}, "scope": {"type": "string", "title": "Scope", "description": "Scope of the decision"}, "type": {"type": "string", "title": "Type", "description": "Type of the decision"}, "value": {"type": "string", "title": "Value", "description": "Value of the decision"}, "country": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Country", "description": "Country associated with the decision"}, "as_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "As Name", "description": "AS name associated with the decision"}, "as_num": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "As Num", "description": "AS number associated with the decision"}, "city": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "City", "description": "City associated with the decision"}, "latitude": {"anyOf": [{"type": "number"}, {"type": "null"}], "title": "Latitude", "description": "Latitude associated with the decision"}, "longitude": {"anyOf": [{"type": "number"}, {"type": "null"}], "title": "Longitude", "description": "Longitude associated with the decision"}, "target": {"$ref": "#/components/schemas/DecisionTargetModel", "description": "Target of the decision"}}, "additionalProperties": false, "type": "object", "required": ["duration", "origin", "scenario", "scope", "type", "value", "target"], "title": "DecisionCreateRequest"}, "DecisionCreateResponse": {"properties": {"uuid": {"type": "string", "title": "Uuid", "description": "UUID of the created decision"}}, "type": "object", "required": ["uuid"], "title": "DecisionCreateResponse"}, "DecisionResponse": {"properties": {"created_at": {"type": "string", "format": "date-time", "title": "Created At"}, "uuid": {"type": "string", "title": "Uuid", "description": "UUID of the decision"}, "id": {"type": "integer", "title": "Id", "description": "ID of the decision"}, "duration": {"type": "string", "title": "Duration", "description": "Duration of the decision"}, "origin": {"type": "string", "title": "Origin", "description": "Origin of the decision"}, "scenario": {"type": "string", "title": "Scenario", "description": "Scenario of the decision"}, "scope": {"type": "string", "title": "Scope", "description": "Scope of the decision"}, "type": {"type": "string", "title": "Type", "description": "Type of the decision"}, "value": {"type": "string", "title": "Value", "description": "Value of the decision"}, "country": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Country", "description": "Country associated with the decision"}, "as_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "As Name", "description": "AS name associated with the decision"}, "as_num": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "As Num", "description": "AS number associated with the decision"}, "city": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "City", "description": "City associated with the decision"}, "latitude": {"anyOf": [{"type": "number"}, {"type": "null"}], "title": "Latitude", "description": "Latitude associated with the decision"}, "longitude": {"anyOf": [{"type": "number"}, {"type": "null"}], "title": "Longitude", "description": "Longitude associated with the decision"}, "target": {"$ref": "#/components/schemas/DecisionTargetModel", "description": "Target of the decision"}}, "type": "object", "required": ["uuid", "id", "duration", "origin", "scenario", "scope", "type", "value", "target"], "title": "DecisionResponse"}, "DecisionTargetModel": {"properties": {"type": {"$ref": "#/components/schemas/DecisionTargetType", "description": "Type of the decision target"}, "value": {"type": "string", "title": "Value", "description": "Value of the decision target"}}, "type": "object", "required": ["type", "value"], "title": "DecisionTargetModel"}, "DecisionTargetType": {"type": "string", "enum": ["org", "tag", "entity"], "title": "DecisionTargetType"}, "DecisionsGetResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/DecisionResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "DecisionsGetResponsePage"}, "DecisionsSortBy": {"type": "string", "enum": ["created_at", "expire_at"], "title": "DecisionsSortBy"}, "DecisionsSortOrder": {"type": "string", "enum": ["asc", "desc"], "title": "DecisionsSortOrder"}, "EntityType": {"type": "string", "enum": ["org", "tag", "engine", "firewall_integration", "remediation_component_integration", "remediation_component", "log_processor"], "title": "EntityType"}, "GetRemediationMetricsResponse": {"properties": {"raw": {"$ref": "#/components/schemas/RawMetrics", "description": "Raw metrics data"}, "computed": {"$ref": "#/components/schemas/ComputedMetrics", "description": "Computed metrics data"}}, "type": "object", "required": ["raw", "computed"], "title": "GetRemediationMetricsResponse"}, "InfoResponse": {"properties": {"organization_id": {"type": "string", "title": "Organization Id", "description": "The organization ID"}, "subscription_type": {"type": "string", "title": "Subscription Type", "description": "The organization subscription type"}, "api_key_name": {"type": "string", "title": "Api Key Name", "description": "The API key name that is used"}}, "type": "object", "required": ["organization_id", "subscription_type", "api_key_name"], "title": "InfoResponse"}, "MetricUnits": {"type": "string", "enum": ["byte", "packet", "request", "ip", "line", "event"], "title": "MetricUnits"}, "OriginMetrics": {"properties": {"origin": {"anyOf": [{"$ref": "#/components/schemas/BlocklistOrigin"}, {"type": "string"}, {"type": "null"}], "title": "Origin", "description": "Origin of the metric"}, "data": {"items": {"$ref": "#/components/schemas/RemediationMetricsData"}, "type": "array", "title": "Data", "description": "Data points"}}, "type": "object", "required": ["origin", "data"], "title": "OriginMetrics"}, "Permission": {"type": "string", "enum": ["read", "write"], "title": "Permission"}, "PricingTiers": {"type": "string", "enum": ["free", "premium", "platinum"], "title": "PricingTiers"}, "PublicBlocklistResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "Blocklist id"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Blocklist creation date"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Blocklist update date"}, "name": {"type": "string", "title": "Name", "description": "Blocklist name, unique within the organization"}, "label": {"type": "string", "title": "Label", "description": "Blocklist human readable name"}, "description": {"type": "string", "title": "Description", "description": "Blocklist description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Blocklist references", "default": []}, "is_private": {"type": "boolean", "title": "Is Private", "description": "Private blocklist if True or public if False"}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Classification tags", "default": []}, "pricing_tier": {"$ref": "#/components/schemas/PricingTiers", "description": "Pricing tier for Crowdsec blocklists only"}, "source": {"$ref": "#/components/schemas/BlocklistSources", "description": "Blocklist source"}, "stats": {"$ref": "#/components/schemas/BlocklistStats", "description": "Blocklist stats"}, "from_cti_query": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "From Cti Query", "description": "CTI query from which the blocklist was created"}, "since": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}, "shared_with": {"items": {"$ref": "#/components/schemas/Share"}, "type": "array", "title": "Shared With", "description": "List of organizations shared with", "default": []}, "organization_id": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Organization Id", "description": "Blocklists owner's organization id"}, "subscribers": {"items": {"$ref": "#/components/schemas/BlocklistSubscribersCount"}, "type": "array", "title": "Subscribers", "description": "List of subscribers to the blocklist. Only subscribers belonging to your organization are returned", "default": []}, "categories": {"items": {"$ref": "#/components/schemas/BlocklistCategory"}, "type": "array", "title": "Categories", "description": "List of categories for the blocklist", "default": []}}, "type": "object", "required": ["id", "created_at", "updated_at", "name", "description", "is_private", "pricing_tier", "source", "stats"], "title": "PublicBlocklistResponse"}, "PublicBlocklistResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/PublicBlocklistResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "PublicBlocklistResponsePage"}, "RawMetrics": {"properties": {"dropped": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Dropped", "description": "dropped metrics", "default": []}, "processed": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Processed", "description": "processed metrics", "default": []}}, "type": "object", "title": "RawMetrics"}, "RemediationMetrics": {"properties": {"total": {"anyOf": [{"type": "integer"}, {"type": "number"}], "title": "Total", "description": "Total value of the metric"}, "unit": {"$ref": "#/components/schemas/MetricUnits", "description": "Unit of the metric"}, "progression": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Progression", "description": "Progression of the metric value from the previous period"}, "data": {"items": {"$ref": "#/components/schemas/OriginMetrics"}, "type": "array", "title": "Data", "description": "Data points per origin"}}, "type": "object", "required": ["total", "unit", "progression", "data"], "title": "RemediationMetrics"}, "RemediationMetricsData": {"properties": {"value": {"anyOf": [{"type": "integer"}, {"type": "number"}], "title": "Value", "description": "Value of the metric"}, "timestamp": {"type": "string", "format": "date-time", "title": "Timestamp", "description": "Timestamp of the metric"}}, "type": "object", "required": ["value", "timestamp"], "title": "RemediationMetricsData"}, "Share": {"properties": {"organization_id": {"type": "string", "title": "Organization Id"}, "permission": {"$ref": "#/components/schemas/Permission"}}, "type": "object", "required": ["organization_id", "permission"], "title": "Share"}, "SourceInfo": {"properties": {"source_type": {"$ref": "#/components/schemas/SourceType", "description": "The source type that created the allowlist entry"}, "identifier": {"type": "string", "title": "Identifier", "description": "The source identifier that created the allowlist entry"}}, "type": "object", "required": ["source_type", "identifier"], "title": "SourceInfo"}, "SourceType": {"type": "string", "enum": ["user", "apikey"], "title": "SourceType"}, "SubscriberEntityType": {"type": "string", "enum": ["org", "tag", "engine", "firewall_integration", "remediation_component_integration"], "title": "SubscriberEntityType"}, "AppsecConfigIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "AppsecConfigIndex", "type": "object"}, "AppsecRuleIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "AppsecRuleIndex", "type": "object"}, "CollectionIndex": {"properties": {"appsec-configs": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of appsec-configs", "title": "Appsec-Configs"}, "appsec-rules": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of appsec-rules", "title": "Appsec-Rules"}, "collections": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of collections", "title": "Collections"}, "content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "contexts": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of contexts", "title": "Contexts"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "parsers": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of parsers", "title": "Parsers"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "postoverflows": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of postoverflows", "title": "Postoverflows"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "scenarios": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of scenarios", "title": "Scenarios"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "CollectionIndex", "type": "object"}, "ContextIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "ContextIndex", "type": "object"}, "Index": {"description": "Index document served to crowdsec/cscli.", "properties": {"appsec-configs": {"additionalProperties": {"$ref": "#/components/schemas/AppsecConfigIndex"}, "title": "Appsec-Configs", "type": "object"}, "appsec-rules": {"additionalProperties": {"$ref": "#/components/schemas/AppsecRuleIndex"}, "title": "Appsec-Rules", "type": "object"}, "collections": {"additionalProperties": {"$ref": "#/components/schemas/CollectionIndex"}, "title": "Collections", "type": "object"}, "contexts": {"additionalProperties": {"$ref": "#/components/schemas/ContextIndex"}, "title": "Contexts", "type": "object"}, "parsers": {"additionalProperties": {"$ref": "#/components/schemas/ParserIndex"}, "title": "Parsers", "type": "object"}, "postoverflows": {"additionalProperties": {"$ref": "#/components/schemas/PostoverflowIndex"}, "title": "Postoverflows", "type": "object"}, "scenarios": {"additionalProperties": {"$ref": "#/components/schemas/ScenarioIndex"}, "title": "Scenarios", "type": "object"}}, "title": "Index", "type": "object"}, "ParserIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "stage": {"description": "The stage of the parser", "title": "Stage", "type": "string"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "required": ["stage"], "title": "ParserIndex", "type": "object"}, "PostoverflowIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "stage": {"description": "The stage of the postoverflow", "title": "Stage", "type": "string"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "required": ["stage"], "title": "PostoverflowIndex", "type": "object"}, "ScenarioIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "ScenarioIndex", "type": "object"}, "VersionDetail": {"properties": {"deprecated": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "default": false, "description": "Indicates whether this version is deprecated.", "title": "Deprecated"}, "digest": {"description": "The SHA256 digest of the versioned file.", "examples": ["Detect FTP bruteforce (vsftpd)"], "title": "Digest", "type": "string"}}, "required": ["digest"], "title": "VersionDetail", "type": "object"}}, "securitySchemes": {"ApiKeyAuth": {"type": "apiKey", "in": "header", "name": "x-api-key", "description": "If integration key is provided, can also work to get integration content"}, "BasicAuth": {"type": "http", "scheme": "basic", "description": "Basic Auth for integration content endpoint only"}}}, "security": [{"ApiKeyAuth": []}, {"BasicAuth": []}], "servers": [{"url": "https://admin.api.crowdsec.net/v1", "description": "Production server"}]} \ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index f3f7494..4c3e960 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "crowdsec_tracker_api" -version = "1.108.1" +version = "1.116.3" license = { text = "MIT" } authors = [ { name="crowdsec", email="info@crowdsec.net" }