crimson-falcon 0.3.0 → 0.4.0

data/spec/api/filevantage_api_spec.rb

@@ -49,26 +49,189 @@ describe 'FilevantageApi' do
     end
   end
 
+  # unit tests for create_policies
+  # Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.
+  # After they are created, host and rule groups can be assigned, scheduled exclusions can be defined, and policy precedence can be set.
+  # @param body Create a new policy.   * `name` must be between 1 and 100 characters.   * `description` can be between 0 and 500 characters.   * `platform` must be one of `Windows`, `Linux`, or `Mac`   Rule and host group assignment and policy precedence setting is performed via their respective patch end-points.
+  # @param [Hash] opts the optional parameters
+  # @return [PoliciesResponse]
+  describe 'create_policies test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for create_rule_groups
+  # Creates a new rule group of the specified type.
+  # Individual rules can be assigned to a rule group after it has been created.
+  # @param body Create a new rule group of a specific type.   * `name` must be between 1 and 100 characters.   * `type` must be one of `WindowsFiles`, `WindowsRegistry`, `LinuxFiles` or `MacFiles`.   * `description` can be between 0 and 500 characters.   Note: rules are added/removed from rule groups using their dedicated end-points.
+  # @param [Hash] opts the optional parameters
+  # @return [RulegroupsResponse]
+  describe 'create_rule_groups test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for create_rules
+  # Creates a new rule configuration within the specified rule group.
+  # Creates a new rule configuration within the specified rule group.
+  # @param body Create a new rule configuration for the specified rule group.   * `id` is not supported for creation of a rule, the new id of the created rule will be included in the response.   * `rule_group_id` to add the new rule configuration.   * `description` can be between 0 and 500 characters.   * `path` representing the file system or registry path to monitor.     * must be between 1 and 250 characters.      * All paths must end with the path separator, e.g. c:\\windows\\ /usr/bin/    * `severity` to categorize change events produced by this rule; must be one of: `Low`, `Medium`, `High` or `Critical`   * `depth` below the base path to monitor; must be one of: `1`, `2`, `3`, `4`, `5` or `ANY`   * `precedence` - is not supported for creation of a rule, new rules will be added last in precedence order.  Falcon GLOB syntax is supported for the following 6 properties. Allowed rule group configuration is based on the type of rule group the rule group is added to.   * `include` represents the files, directories, registry keys, or registry values that will be monitored.    * `exclude` represents the files, directories, registry keys, or registry values that will `NOT` be monitored.    * `include_users` represents the changes performed by specific users that will be monitored.   * `exclude_users` represents the changes performed by specific users that will `NOT` be monitored.   * `include_processes` represents the changes performed by specific processes that will be monitored.   * `exclude_processes` represents the changes performed by specific processes that will be `NOT` monitored.   * `content_files` represents the files whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern   * `content_registry_values` represents the registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern   * `enable_content_capture`  File system directory monitoring:   * `watch_delete_directory_changes`   * `watch_create_directory_changes`   * `watch_rename_directory_changes`   * `watch_attributes_directory_changes` (`macOS` is not supported at this time)   * `watch_permissions_directory_changes` (`macOS` is not supported at this time)  File system file monitoring:   * `watch_rename_file_changes`   * `watch_write_file_changes`   * `watch_create_file_changes`   * `watch_delete_file_changes`   * `watch_attributes_file_changes` (`macOS` is not supported at this time)   * `watch_permissions_file_changes` (`macOS` is not supported at this time)  Windows registry key and value monitoring:    * `watch_create_key_changes`   * `watch_delete_key_changes`   * `watch_rename_key_changes`   * `watch_set_value_changes`   * `watch_delete_value_changes`   * `watch_create_file_changes`
+  # @param [Hash] opts the optional parameters
+  # @return [RulegroupsRulesResponse]
+  describe 'create_rules test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for create_scheduled_exclusions
+  # Creates a new scheduled exclusion configuration for the provided policy id.
+  # Creates a new scheduled exclusion configuration for the provided policy id.
+  # @param body Create a new scheduled exclusion configuration for the specified policy.      * `policy_id` to add the scheduled exclusion to.   * `name` must be between 1 and 100 characters.   * `description` can be between 0 and 500 characters.   * `users` can be between 0 and 500 characters representing a comma separated list of user to exclude their changes.      *  admin* excludes changes made by all usernames that begin with admin. Falon GLOB syntax is supported.   * `processes` can be between 0 and 500 characters representing a comma separated list of processes to exclude their changes.      * **\\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location.   * `schedule_start` must be provided to indicate the start of the schedule. This date/time must be an rfc3339 formatted string  https://datatracker.ietf.org/doc/html/rfc3339.   * `schedule_end` optionally provided to indicate the end of the schedule. This date/time must be an rfc3339 formatted string  https://datatracker.ietf.org/doc/html/rfc3339.   * `timezone`  must be provided to indicate the TimeZone Name set for the provided `scheduled_start` and `scheduled_end` values. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones.   * `repeated` optionally provided to indicate that the exclusion is applied repeatedly within the `scheduled_start` and `scheduled_end` time.      * `start_time` must be the hour(00-23) and minute(00-59) of the day formatted as `HH:MM`. Required if `all_day` is not set to `true`      * `end_time` must be the hour(00-23) and minute(00-59) of the day formatted as `HH:MM`. Required if `all_day` is not set to `true`      * `all_day` must be `true` or `false` to indicate the exclusion is applied all day.       * `frequency` must be one of `daily`, `weekly` or `monthly`.       * `occurrence` must be one of the following when `frequency` is set to `monthly`:        * `1st`, `2nd`, `3rd`, `4th` or `Last` represents the week.        * `Days` represents specific calendar days.      * `weekly_days` must be one or more of `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` or `Sunday` when `frequency` is set to `weekly` or `frequency` is set to `monthly` and `occurrence` is NOT set to `Days`.       * `monthly_days` must be set to one or more calendar days, between 1 and 31  when `frequency` is set to `monthly` and `occurrence` is set to `Days`.
+  # @param [Hash] opts the optional parameters
+  # @return [ScheduledexclusionsResponse]
+  describe 'create_scheduled_exclusions test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for delete_policies
+  # Deletes 1 or more policies.
+  # Only disabled policies are allowed to be deleted.
+  # @param ids One or more (up to 500) policy ids in the form of `ids=ID1&ids=ID2`
+  # @param [Hash] opts the optional parameters
+  # @return [PoliciesDeleteResponse]
+  describe 'delete_policies test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for delete_rule_groups
+  # Deletes 1 or more rule groups
+  # The rule groups represented by the provided ids and all rules that they contain will be deleted.   Rule groups can only be deleted if they are not assigned to a policy.
+  # @param ids One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`
+  # @param [Hash] opts the optional parameters
+  # @return [RulegroupsDeleteResponse]
+  describe 'delete_rule_groups test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for delete_rules
+  # Deletes 1 or more rules from the specified rule group.
+  # Rules that match a provided id will be deleted from the provided rule group id.
+  # @param rule_group_id The id of the rule group from which the rules will be deleted.
+  # @param ids One or more (up to 500) rule ids in the form of `ids=ID1&ids=ID2`
+  # @param [Hash] opts the optional parameters
+  # @return [MsaspecQueryResponse]
+  describe 'delete_rules test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for delete_scheduled_exclusions
+  # Deletes 1 or more scheduled exclusions from the provided policy id.
+  # Scheduled exclusions that match a provided id will be deleted from the provided policy id.
+  # @param policy_id ID of the policy to delete the scheduled exclusions from.
+  # @param ids One or more (up to 500) scheduled exclusion ids in the form of `ids=ID1&ids=ID2`.
+  # @param [Hash] opts the optional parameters
+  # @return [MsaspecQueryResponse]
+  describe 'delete_scheduled_exclusions test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
   # unit tests for get_changes
   # Retrieve information on changes
   # Retrieve key attributes of Falcon FileVantage changes for the specified ids.
-  # @param ids One or more change ids in the form of ids=ID1&ids=ID2
+  # @param ids One or more change ids in the form of `ids=ID1&ids=ID2`. The maximum number of ids that can be requested at once is `500`.
   # @param [Hash] opts the optional parameters
-  # @return [PublicGetChangesResponse]
+  # @return [ChangesGetChangesResponse]
   describe 'get_changes test' do
     it 'should work' do
       # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
     end
   end
 
+  # unit tests for get_policies
+  # Retrieves the configuration for 1 or more policies.
+  # The configuration of each policy that match the provided id will be returned.
+  # @param ids One or more (up to 500) policy ids in the form of `ids=ID1&ids=ID2`
+  # @param [Hash] opts the optional parameters
+  # @return [PoliciesResponse]
+  describe 'get_policies test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for get_rule_groups
+  # Retrieves the rule group details for 1 or more rule groups.
+  # Full details of each rule group that matches a provided id will be returned in the response
+  # @param ids One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`
+  # @param [Hash] opts the optional parameters
+  # @return [RulegroupsResponse]
+  describe 'get_rule_groups test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for get_rules
+  # Retrieves the configuration for 1 or more rules.
+  # Rules within the provided rule group id that match a provided id will be returned within the response.
+  # @param rule_group_id Rule group from which to retrieve the rule configuration.
+  # @param ids One or more (up to 500) rule ids in the form of `ids=ID1&ids=ID2`.
+  # @param [Hash] opts the optional parameters
+  # @return [RulegroupsRulesResponse]
+  describe 'get_rules test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for get_scheduled_exclusions
+  # Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.
+  # Full details of each each scheduled exclusion that match a provided id will be returned in the response.
+  # @param policy_id The id of the policy to retrieve the scheduled exclusion configurations.
+  # @param ids One or more (up to 500) scheduled exclusion ids in the form of `ids=ID1&ids=ID2`.
+  # @param [Hash] opts the optional parameters
+  # @return [ScheduledexclusionsResponse]
+  describe 'get_scheduled_exclusions test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for high_volume_query_changes
+  # Returns 1 or more change ids
+  # Returns a list of Falcon FileVantage change IDs filtered, sorted and limited by the query parameters provided. It can retrieve an unlimited number of results using multiple requests.
+  # @param [Hash] opts the optional parameters
+  # @option opts [String] :after A pagination token used with the `limit` parameter to manage pagination of results. On your first request don't provide a value for the `after` token. On subsequent requests provide the `after` token value from the previous response to continue pagination from where you left. If the response returns an empty `after` token it means there are no more results to return.
+  # @option opts [Integer] :limit The maximum number of ids to return. Defaults to `100` if not specified. The maximum number of results that can be returned in a single call is `5000`.
+  # @option opts [String] :sort Sort results using options like:  - `action_timestamp` (timestamp of the change occurrence)   Sort either `asc` (ascending) or `desc` (descending). For example: `action_timestamp|asc`. Defaults to `action_timestamp|desc` no value is specified. The full list of allowed sorting options can be reviewed in our API documentation.
+  # @option opts [String] :filter Filter changes using a query in Falcon Query Language (FQL).   Common filter options include:   - `host.name`  - `action_timestamp`   The full list of allowed filter parameters can be reviewed in our API documentation.
+  # @return [ChangesHighVolumeQueryResponse]
+  describe 'high_volume_query_changes test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
   # unit tests for query_changes
-  # Returns one or more change IDs
-  # Returns a list of Falcon FileVantage change IDs filtered, sorted and limited by the query parameters provided
+  # Returns 1 or more change ids
+  # Returns a list of Falcon FileVantage change IDs filtered, sorted and limited by the query parameters provided. Using this endpoint you can retrieve up to `10000` results by using pagination with multiple requests. If you need to retrieve more than `10000` results consider using the `/queries/changes/v3` endpoint
   # @param [Hash] opts the optional parameters
-  # @option opts [Integer] :offset The first change index to return in the response. If not provided it will default to '0'. Use with the `limit` parameter to manage pagination of results.
-  # @option opts [Integer] :limit The maximum number of changes to return in the response (default: 100; max: 500). Use with the `offset` parameter to manage pagination of results
-  # @option opts [String] :sort Sort changes using options like:  - `action_timestamp` (timestamp of the change occurrence)    Sort either `asc` (ascending) or `desc` (descending). For example: `action_timestamp|asc`. The full list of allowed sorting options can be reviewed in our API documentation.
-  # @option opts [String] :filter Filter changes using a query in Falcon Query Language (FQL).   Common filter options include:   - `host.host_name`  - `action_timestamp`   The full list of allowed filter parameters can be reviewed in our API documentation.
+  # @option opts [Integer] :offset The offset to start retrieving records from. Defaults to `0` if not specified.
+  # @option opts [Integer] :limit The maximum number of ids to return. Defaults to `100` if not specified. The maximum number of results that can be returned in a single call is `500`.
+  # @option opts [String] :sort Sort results using options like:  - `action_timestamp` (timestamp of the change occurrence)   Sort either `asc` (ascending) or `desc` (descending). For example: `action_timestamp|asc`. The full list of allowed sorting options can be reviewed in our API documentation.
+  # @option opts [String] :filter Filter changes using a query in Falcon Query Language (FQL).   Common filter options include:   - `host.name`  - `action_timestamp`   The full list of allowed filter parameters can be reviewed in our API documentation.
   # @return [MsaspecQueryResponse]
   describe 'query_changes test' do
     it 'should work' do
@@ -76,4 +239,148 @@ describe 'FilevantageApi' do
     end
   end
 
+  # unit tests for query_policies
+  # Retrieve the ids of all policies that are assigned the provided policy type.
+  # Policy ids will be returned sorted by a `precedence` order of ascending when a `sort` parameter is not provided.
+  # @param type The types of policies to retrieve.   Allowed values are: `Windows`, `Linux` or `Mac`.
+  # @param [Hash] opts the optional parameters
+  # @option opts [Integer] :offset The offset to start retrieving records from. Defaults to 0 if not specified.
+  # @option opts [Integer] :limit The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.
+  # @option opts [String] :sort Sort the returned ids based on one of the following properties:  `precedence`, `created_timestamp` or `modified_timestamp`   Sort either `asc` (ascending) or `desc` (descending);  for example: `precedence|asc`.
+  # @return [MsaspecQueryResponse]
+  describe 'query_policies test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for query_rule_groups
+  # Retrieve the ids of all rule groups that are of the provided rule group type.
+  # Rule group ids will be returned sorted by `created_timestamp` order if a `sort` parameter is not provided
+  # @param type The rule group type to retrieve the ids of.   Allowed values are: `WindowsFiles`, `WindowsRegistry`, `LinuxFiles` or `MacFiles`.
+  # @param [Hash] opts the optional parameters
+  # @option opts [Integer] :offset The offset to start retrieving records from. Defaults to 0 if not specified.
+  # @option opts [Integer] :limit The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.
+  # @option opts [String] :sort Sort the returned ids based on one of the following properties:   `created_timestamp` or `modified_timestamp`   Sort either `asc` (ascending) or `desc` (descending);  for example: `created_timestamp|asc`.
+  # @return [MsaspecQueryResponse]
+  describe 'query_rule_groups test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for query_scheduled_exclusions
+  # Retrieve the ids of all scheduled exclusions contained within the provided policy id.
+  # Retrieve the ids of all scheduled exclusions contained within the provided policy id
+  # @param policy_id The id of the policy from which to retrieve the scheduled exclusion ids.
+  # @param [Hash] opts the optional parameters
+  # @return [MsaspecQueryResponse]
+  describe 'query_scheduled_exclusions test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for update_policies
+  # Updates the general information of the provided policy.
+  # Only name, description, and enabled status of the policy is allowed to be update. Rule and host group assignment is performed via their respective patch end points.
+  # @param body Enables updates to the following fields for an existing policy.    * `id` of the policy to update.   * `name` must be between 1 and 100 characters.   * `description` can be between 0 and 500 characters.   * `platform` may not be modified after the policy is created.   * `enabled` must be one of `true` or `false`.   Rule and host group assignment and policy precedence setting is performed via their respective patch end-points.
+  # @param [Hash] opts the optional parameters
+  # @return [PoliciesResponse]
+  describe 'update_policies test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for update_policy_host_groups
+  # Manage host groups assigned to a policy.
+  # Manage host groups assigned to a policy.
+  # @param policy_id The id of the policy for which to perform the action.
+  # @param action The action to perform with the provided ids, must be one of: `assign` or `unassign`.
+  # @param ids One or more host group ids in the form of `ids=ID1&ids=ID2`
+  # @param [Hash] opts the optional parameters
+  # @return [PoliciesResponse]
+  describe 'update_policy_host_groups test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for update_policy_precedence
+  # Updates the policy precedence for all policies of a specific type.
+  # Requests that do not represent all ids of the provided policy type will not be processed.
+  # @param ids Precedence of the policies for the provided type in the form of `ids=ID1&ids=ID2`
+  # @param type The policy type for which to set the precedence order, must be one of `Windows`, `Linux` or `Mac`.
+  # @param [Hash] opts the optional parameters
+  # @return [PoliciesPrecedenceResponse]
+  describe 'update_policy_precedence test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for update_policy_rule_groups
+  # Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.
+  # Manage the rule groups assigned to the policy.   Rule groups must be of the same type as the policy they are being added:   * `WindowsRegistry` and `WindowsFiles` groups can only be added to a `Windows` policy.   * `LinuxFiles` groups can only be added to a `Linux` policy.   * `MacFiles` groups can only be added to a `Mac` policy.  When setting rule group precedence, the precedence for `all` rule group ids within the policy must be provided.
+  # @param policy_id The id of the policy for which to perform the action.
+  # @param action The action to perform with the provided ids, must be one of: `assign`, `unassign`, or `precedence`.
+  # @param ids One or more rule group ids in the form of ids=ID1&ids=ID2. Note, for the precedence action, precedence is controlled by the order of the ids as they are specified in the request.
+  # @param [Hash] opts the optional parameters
+  # @return [PoliciesResponse]
+  describe 'update_policy_rule_groups test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for update_rule_group_precedence
+  # Updates the rule precedence for all rules in the identified rule group.
+  # The ids for `all` rules contained within the rule group must be specified in the desired precedence order. Requests that do not represent all ids will not be processed.
+  # @param rule_group_id Rule group from which to set the precedence.
+  # @param ids One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`.
+  # @param [Hash] opts the optional parameters
+  # @return [RulegroupsResponse]
+  describe 'update_rule_group_precedence test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for update_rule_groups
+  # Updates the provided rule group.
+  # Provides the ability to update the name and description of the rule group.
+  # @param body Enables updates to the following fields for an existing rule group.    * `id` of the rule group to update.   * `name` must be between 1 and 100 characters.   * `description` can be between 0 and 500 characters.   * `type` may not be modified after the rule group is created.   Note: rules are added/removed from rule groups using their dedicated end-points.
+  # @param [Hash] opts the optional parameters
+  # @return [RulegroupsResponse]
+  describe 'update_rule_groups test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for update_rules
+  # Updates the provided rule configuration within the specified rule group.
+  # The rule must currently exist within the specified rule group.
+  # @param body Update the rule configuration for the specified rule ID and group.   * `id` of the rule to update.   * `rule_group_id` that contains the rule configuration.   * `description` can be between 0 and 500 characters.   * `path` representing the file system or registry path to monitor.     * must be between 1 and 250 characters.      * All paths must end with the path separator, e.g. c:\\windows\\ /usr/bin/    * `severity` to categorize change events produced by this rule; must be one of: `Low`, `Medium`, `High` or `Critical`   * `depth` below the base path to monitor; must be one of: `1`, `2`, `3`, `4`, `5` or `ANY`   * `precedence` is the order in which rules will be evaluated starting with 1. Specifying a precedence value that is already set for another rule in the group will result this rule being placed before that existing rule.  Falcon GLOB syntax is supported for the following 6 properties. Allowed rule group configuration is based on the type of rule group the rule group is added to.   * `include` represents the files, directories, registry keys, or registry values that will be monitored.    * `exclude` represents the files, directories, registry keys, or registry values that will `NOT` be monitored.    * `include_users` represents the changes performed by specific users that will be monitored.   * `exclude_users` represents the changes performed by specific users that will `NOT` be monitored.   * `include_processes` represents the changes performed by specific processes that will be monitored.   * `exclude_processes` represents the changes performed by specific processes that will be `NOT` monitored.   * `content_files` represents the files that will be monitored. Listed files must match the file include pattern and not match the file exclude pattern   * `content_registry_values` represents the registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern   * `enable_content_capture`  File system directory monitoring:   * `watch_delete_directory_changes`   * `watch_create_directory_changes`   * `watch_rename_directory_changes`   * `watch_attributes_directory_changes` (`macOS` is not supported at this time)   * `watch_permissions_directory_changes` (`macOS` is not supported at this time)  File system file monitoring:   * `watch_rename_file_changes`   * `watch_write_file_changes`   * `watch_create_file_changes`   * `watch_delete_file_changes`   * `watch_attributes_file_changes` (`macOS` is not supported at this time)   * `watch_permissions_file_changes` (`macOS` is not supported at this time)  Windows registry key and value monitoring:    * `watch_create_key_changes`   * `watch_delete_key_changes`   * `watch_rename_key_changes`   * `watch_set_value_changes`   * `watch_delete_value_changes`   * `watch_create_file_changes`
+  # @param [Hash] opts the optional parameters
+  # @return [RulegroupsRulesResponse]
+  describe 'update_rules test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for update_scheduled_exclusions
+  # Updates the provided scheduled exclusion configuration within the provided policy.
+  # Updates the provided scheduled exclusion configuration within the provided policy.
+  # @param body Update an existing scheduled exclusion for the specified policy.      * `policy_id` to add the scheduled exclusion to.   * `name` must be between 1 and 100 characters.   * `description` can be between 0 and 500 characters.   * `users` can be between 0 and 500 characters representing a comma separated list of user to exclude their changes.      *  admin* excludes changes made by all usernames that begin with admin. Falon GLOB syntax is supported.   * `processes` can be between 0 and 500 characters representing a comma separated list of processes to exclude their changes.      * **\\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location.   * `schedule_start` must be provided to indicate the start of the schedule. This date/time must be an rfc3339 formatted string  https://datatracker.ietf.org/doc/html/rfc3339.   * `schedule_end` optionally provided to indicate the end of the schedule. This date/time must be an rfc3339 formatted string  https://datatracker.ietf.org/doc/html/rfc3339.   * `timezone`  must be provided to indicate the TimeZone Name set for the provided `scheduled_start` and `scheduled_end` values. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones.   * `repeated` optionally provided to indicate that the exclusion is applied repeatedly within the `scheduled_start` and `scheduled_end` time.      * `start_time` must be the hour(00-23) and minute(00-59) of the day formatted as `HH:MM`. Required if `all_day` is not set to `true`      * `end_time` must be the hour(00-23) and minute(00-59) of the day formatted as `HH:MM`. Required if `all_day` is not set to `true`      * `all_day` must be `true` or `false` to indicate the exclusion is applied all day.       * `frequency` must be one of `daily`, `weekly` or `monthly`.       * `occurrence` must be one of the following when `frequency` is set to `monthly`:        * `1st`, `2nd`, `3rd`, `4th` or `Last` represents the week.        * `Days` represents specific calendar days.      * `weekly_days` must be one or more of `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` or `Sunday` when `frequency` is set to `weekly` or `frequency` is set to `monthly` and `occurrence` is NOT set to `Days`.       * `monthly_days` must be set to one or more calendar days, between 1 and 31  when `frequency` is set to `monthly` and `occurrence` is set to `Days`.
+  # @param [Hash] opts the optional parameters
+  # @return [ScheduledexclusionsResponse]
+  describe 'update_scheduled_exclusions test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
 end

data/spec/api/foundry_logscale_api_spec.rb

@@ -0,0 +1,226 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'spec_helper'
+require 'json'
+
+# Unit tests for Falcon::FoundryLogscaleApi
+# Automatically generated by openapi-generator (https://openapi-generator.tech)
+# Please update as you see appropriate
+describe 'FoundryLogscaleApi' do
+  before do
+    # run before each test
+    @api_instance = Falcon::FoundryLogscaleApi.new
+  end
+
+  after do
+    # run after each test
+  end
+
+  describe 'test an instance of FoundryLogscaleApi' do
+    it 'should create an instance of FoundryLogscaleApi' do
+      expect(@api_instance).to be_instance_of(Falcon::FoundryLogscaleApi)
+    end
+  end
+
+  # unit tests for create_saved_searches_dynamic_execute_alt_v1
+  # Execute a dynamic saved search
+  # @param body
+  # @param [Hash] opts the optional parameters
+  # @option opts [String] :app_id Application ID.
+  # @option opts [Boolean] :include_schema_generation Include generated schemas in the response
+  # @option opts [Boolean] :include_test_data Include test data when executing searches
+  # @option opts [Boolean] :metadata Whether to include metadata in the response
+  # @option opts [String] :mode Mode to execute the query under.
+  # @return [ApidomainQueryResponseWrapperV1]
+  describe 'create_saved_searches_dynamic_execute_alt_v1 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for create_saved_searches_dynamic_execute_v1
+  # Execute a dynamic saved search
+  # @param body
+  # @param [Hash] opts the optional parameters
+  # @option opts [String] :app_id Application ID.
+  # @option opts [Boolean] :include_schema_generation Include generated schemas in the response
+  # @option opts [Boolean] :include_test_data Include test data when executing searches
+  # @option opts [Boolean] :metadata Whether to include metadata in the response
+  # @option opts [String] :mode Mode to execute the query under.
+  # @return [ApidomainQueryResponseWrapperV1]
+  describe 'create_saved_searches_dynamic_execute_v1 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for create_saved_searches_execute_alt_v1
+  # Execute a saved search
+  # @param body
+  # @param [Hash] opts the optional parameters
+  # @option opts [String] :app_id Application ID.
+  # @option opts [Boolean] :detailed Whether to include search field details
+  # @option opts [Boolean] :include_test_data Include test data when executing searches
+  # @option opts [Boolean] :metadata Whether to include metadata in the response
+  # @return [ApidomainQueryResponseWrapperV1]
+  describe 'create_saved_searches_execute_alt_v1 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for create_saved_searches_execute_v1
+  # Execute a saved search
+  # @param body
+  # @param [Hash] opts the optional parameters
+  # @option opts [String] :app_id Application ID.
+  # @option opts [Boolean] :detailed Whether to include search field details
+  # @option opts [Boolean] :include_test_data Include test data when executing searches
+  # @option opts [Boolean] :metadata Whether to include metadata in the response
+  # @return [ApidomainQueryResponseWrapperV1]
+  describe 'create_saved_searches_execute_v1 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for create_saved_searches_ingest_alt_v1
+  # Populate a saved search
+  # @param [Hash] opts the optional parameters
+  # @option opts [String] :app_id Application ID.
+  # @return [ClientDataIngestResponseWrapperV1]
+  describe 'create_saved_searches_ingest_alt_v1 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for create_saved_searches_ingest_v1
+  # Populate a saved search
+  # @param [Hash] opts the optional parameters
+  # @option opts [String] :app_id Application ID.
+  # @return [ClientDataIngestResponseWrapperV1]
+  describe 'create_saved_searches_ingest_v1 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for get_saved_searches_execute_alt_v1
+  # Get the results of a saved search
+  # @param job_id Job ID for a previously executed async query
+  # @param [Hash] opts the optional parameters
+  # @option opts [String] :app_id Application ID.
+  # @option opts [String] :limit Maximum number of records to return.
+  # @option opts [Boolean] :metadata Whether to include metadata in the response
+  # @option opts [String] :offset Starting pagination offset of records to return.
+  # @return [ApidomainQueryResponseWrapperV1]
+  describe 'get_saved_searches_execute_alt_v1 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for get_saved_searches_execute_v1
+  # Get the results of a saved search
+  # @param job_id Job ID for a previously executed async query
+  # @param [Hash] opts the optional parameters
+  # @option opts [String] :app_id Application ID.
+  # @option opts [String] :limit Maximum number of records to return.
+  # @option opts [Boolean] :metadata Whether to include metadata in the response
+  # @option opts [String] :offset Starting pagination offset of records to return.
+  # @return [ApidomainQueryResponseWrapperV1]
+  describe 'get_saved_searches_execute_v1 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for get_saved_searches_job_results_download_alt_v1
+  # Get the results of a saved search as a file
+  # @param job_id Job ID for a previously executed async query
+  # @param [Hash] opts the optional parameters
+  # @option opts [String] :result_format Result Format
+  # @return [File]
+  describe 'get_saved_searches_job_results_download_alt_v1 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for get_saved_searches_job_results_download_v1
+  # Get the results of a saved search as a file
+  # @param job_id Job ID for a previously executed async query
+  # @param [Hash] opts the optional parameters
+  # @option opts [String] :result_format Result Format
+  # @return [File]
+  describe 'get_saved_searches_job_results_download_v1 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for ingest_data_v1
+  # Ingest data into the application repository
+  # @param data_file Data file to ingest
+  # @param [Hash] opts the optional parameters
+  # @option opts [Array<String>] :tag Custom tag for ingested data in the form tag:value
+  # @option opts [String] :tag_source Tag the data with the specified source
+  # @option opts [Boolean] :test_data Tag the data with test-ingest
+  # @return [ClientDataIngestResponseWrapperV1]
+  describe 'ingest_data_v1 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for list_repos_v1
+  # Lists available repositories and views
+  # @param [Hash] opts the optional parameters
+  # @option opts [Boolean] :check_test_data Include whether test data is present in the application repository
+  # @return [ApidomainRepoViewListItemWrapperV1]
+  describe 'list_repos_v1 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+  # unit tests for list_view_v1
+  # List views
+  # @param [Hash] opts the optional parameters
+  # @option opts [Boolean] :check_test_data Include whether test data is present in the application repository
+  # @return [ApidomainRepoViewListItemWrapperV1]
+  describe 'list_view_v1 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
+end

data/spec/api/hosts_api_spec.rb

@@ -50,7 +50,7 @@ describe 'HostsApi' do
   end
 
   # unit tests for entities_perform_action
-  # Performs the specified action on the provided prevention policy IDs.
+  # Performs the specified action on the provided group IDs.
   # @param ids The group ids to act on
   # @param action_name The action to perform.
   # @param body
@@ -63,17 +63,6 @@ describe 'HostsApi' do
     end
   end
 
-  # unit tests for get_device_details
-  # Deprecated: Please use new GET or POST /devices/entities/devices/v2 endpoints.  This endpoint will be removed on or sometime after February 9, 2023.  Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the /devices/queries/devices/v1 endpoint, the Falcon console or the Streaming API
-  # @param ids The host agentIDs used to get details on
-  # @param [Hash] opts the optional parameters
-  # @return [DeviceapiDeviceDetailsResponseSwagger]
-  describe 'get_device_details test' do
-    it 'should work' do
-      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
-    end
-  end
-
   # unit tests for get_device_details_v2
   # Get details on one or more hosts by providing host IDs as a query parameter.  Supports up to a maximum 100 IDs.
   # @param ids The host agentIDs used to get details on
@@ -130,6 +119,17 @@ describe 'HostsApi' do
     end
   end
 
+  # unit tests for query_device_login_history_v2
+  # Retrieve details about recent interactive login sessions for a set of devices powered by the Host Timeline. A max of 10 device ids can be specified
+  # @param body
+  # @param [Hash] opts the optional parameters
+  # @return [DeviceapiLoginHistoryResponseV1]
+  describe 'query_device_login_history_v2 test' do
+    it 'should work' do
+      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+    end
+  end
+
   # unit tests for query_devices_by_filter
   # Search for hosts in your environment by platform, hostname, IP, and other criteria.
   # @param [Hash] opts the optional parameters