crimson-falcon 0.3.0 → 0.4.1

data/lib/crimson-falcon/api/installation_tokens_api.rb

@@ -42,7 +42,7 @@ module Falcon
     # @option opts [Integer] :limit The maximum records to return. [1-1000]. Defaults to 50.
     # @option opts [String] :sort The property to sort by (e.g. timestamp.desc).
     # @option opts [String] :filter The filter expression that should be used to limit the results (e.g., `action:'token_create'`).
-    # @return [MsaQueryResponse]
+    # @return [MsaspecQueryResponse]
     def audit_events_query(opts = {})
       data, _status_code, _headers = audit_events_query_with_http_info(opts)
       data
@@ -54,7 +54,7 @@ module Falcon
     # @option opts [Integer] :limit The maximum records to return. [1-1000]. Defaults to 50.
     # @option opts [String] :sort The property to sort by (e.g. timestamp.desc).
     # @option opts [String] :filter The filter expression that should be used to limit the results (e.g., `action:'token_create'`).
-    # @return [Array<(MsaQueryResponse, Integer, Hash)>] MsaQueryResponse data, response status code and response headers
+    # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers
     def audit_events_query_with_http_info(opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: InstallationTokensApi.audit_events_query ...'
@@ -81,7 +81,7 @@ module Falcon
       post_body = opts[:debug_body]
 
       # return_type
-      return_type = opts[:debug_return_type] || 'MsaQueryResponse'
+      return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'
 
       # auth_names
       auth_names = opts[:debug_auth_names] || ['oauth2']
@@ -285,7 +285,7 @@ module Falcon
     # Deletes a token immediately. To revoke a token, use PATCH /installation-tokens/entities/tokens/v1 instead.
     # @param ids [Array<String>] The token ids to delete.
     # @param [Hash] opts the optional parameters
-    # @return [MsaReplyMetaOnly]
+    # @return [MsaspecResponseFields]
     def tokens_delete(ids, opts = {})
       data, _status_code, _headers = tokens_delete_with_http_info(ids, opts)
       data
@@ -294,7 +294,7 @@ module Falcon
     # Deletes a token immediately. To revoke a token, use PATCH /installation-tokens/entities/tokens/v1 instead.
     # @param ids [Array<String>] The token ids to delete.
     # @param [Hash] opts the optional parameters
-    # @return [Array<(MsaReplyMetaOnly, Integer, Hash)>] MsaReplyMetaOnly data, response status code and response headers
+    # @return [Array<(MsaspecResponseFields, Integer, Hash)>] MsaspecResponseFields data, response status code and response headers
     def tokens_delete_with_http_info(ids, opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: InstallationTokensApi.tokens_delete ...'
@@ -322,7 +322,7 @@ module Falcon
       post_body = opts[:debug_body]
 
       # return_type
-      return_type = opts[:debug_return_type] || 'MsaReplyMetaOnly'
+      return_type = opts[:debug_return_type] || 'MsaspecResponseFields'
 
       # auth_names
       auth_names = opts[:debug_auth_names] || ['oauth2']
@@ -350,7 +350,7 @@ module Falcon
     # @option opts [Integer] :limit The maximum records to return. [1-1000]. Defaults to 50.
     # @option opts [String] :sort The property to sort by (e.g. created_timestamp.desc).
     # @option opts [String] :filter The filter expression that should be used to limit the results (e.g., &#x60;status:&#39;valid&#39;&#x60;).
-    # @return [MsaQueryResponse]
+    # @return [MsaspecQueryResponse]
     def tokens_query(opts = {})
       data, _status_code, _headers = tokens_query_with_http_info(opts)
       data
@@ -362,7 +362,7 @@ module Falcon
     # @option opts [Integer] :limit The maximum records to return. [1-1000]. Defaults to 50.
     # @option opts [String] :sort The property to sort by (e.g. created_timestamp.desc).
     # @option opts [String] :filter The filter expression that should be used to limit the results (e.g., &#x60;status:&#39;valid&#39;&#x60;).
-    # @return [Array<(MsaQueryResponse, Integer, Hash)>] MsaQueryResponse data, response status code and response headers
+    # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers
     def tokens_query_with_http_info(opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: InstallationTokensApi.tokens_query ...'
@@ -389,7 +389,7 @@ module Falcon
       post_body = opts[:debug_body]
 
       # return_type
-      return_type = opts[:debug_return_type] || 'MsaQueryResponse'
+      return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'
 
       # auth_names
       auth_names = opts[:debug_auth_names] || ['oauth2']
@@ -473,7 +473,7 @@ module Falcon
     # @param ids [Array<String>] The token ids to update.
     # @param body [ApiTokenPatchRequestV1]
     # @param [Hash] opts the optional parameters
-    # @return [MsaQueryResponse]
+    # @return [MsaspecQueryResponse]
     def tokens_update(ids, body, opts = {})
       data, _status_code, _headers = tokens_update_with_http_info(ids, body, opts)
       data
@@ -483,7 +483,7 @@ module Falcon
     # @param ids [Array<String>] The token ids to update.
     # @param body [ApiTokenPatchRequestV1]
     # @param [Hash] opts the optional parameters
-    # @return [Array<(MsaQueryResponse, Integer, Hash)>] MsaQueryResponse data, response status code and response headers
+    # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers
     def tokens_update_with_http_info(ids, body, opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: InstallationTokensApi.tokens_update ...'
@@ -520,7 +520,7 @@ module Falcon
       post_body = opts[:debug_body] || @api_client.object_to_http_body(body)
 
       # return_type
-      return_type = opts[:debug_return_type] || 'MsaQueryResponse'
+      return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'
 
       # auth_names
       auth_names = opts[:debug_auth_names] || ['oauth2']

data/lib/crimson-falcon/api/installation_tokens_settings_api.rb

@@ -39,7 +39,7 @@ module Falcon
     # Update installation token settings.
     # @param body [ApiCustomerSettingsPatchRequestV1]
     # @param [Hash] opts the optional parameters
-    # @return [MsaQueryResponse]
+    # @return [MsaspecQueryResponse]
     def customer_settings_update(body, opts = {})
       data, _status_code, _headers = customer_settings_update_with_http_info(body, opts)
       data
@@ -48,7 +48,7 @@ module Falcon
     # Update installation token settings.
     # @param body [ApiCustomerSettingsPatchRequestV1]
     # @param [Hash] opts the optional parameters
-    # @return [Array<(MsaQueryResponse, Integer, Hash)>] MsaQueryResponse data, response status code and response headers
+    # @return [Array<(MsaspecQueryResponse, Integer, Hash)>] MsaspecQueryResponse data, response status code and response headers
     def customer_settings_update_with_http_info(body, opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: InstallationTokensSettingsApi.customer_settings_update ...'
@@ -80,7 +80,7 @@ module Falcon
       post_body = opts[:debug_body] || @api_client.object_to_http_body(body)
 
       # return_type
-      return_type = opts[:debug_return_type] || 'MsaQueryResponse'
+      return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'
 
       # auth_names
       auth_names = opts[:debug_auth_names] || ['oauth2']

data/lib/crimson-falcon/api/intel_api.rb

@@ -998,7 +998,7 @@ module Falcon
     # @option opts [Integer] :offset Set the starting row number to return reports from. Defaults to 0.
     # @option opts [Integer] :limit Set the number of reports to return. The value must be between 1 and 5000.
     # @option opts [String] :sort Order fields in ascending or descending order. Ex: created_date|asc.
-    # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include:  actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.
+    # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include:  actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, malware, malware.community_identifiers, malware.family_name, malware.slug, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.
     # @option opts [String] :q Perform a generic substring search across all fields.
     # @option opts [Array<String>] :fields The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:  \\_\\_\\&lt;collection\\&gt;\\_\\_.  Ex: slug \\_\\_full\\_\\_.  Defaults to \\_\\_basic\\_\\_.
     # @return [DomainNewsResponse]
@@ -1012,7 +1012,7 @@ module Falcon
     # @option opts [Integer] :offset Set the starting row number to return reports from. Defaults to 0.
     # @option opts [Integer] :limit Set the number of reports to return. The value must be between 1 and 5000.
     # @option opts [String] :sort Order fields in ascending or descending order. Ex: created_date|asc.
-    # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include:  actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.
+    # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include:  actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, malware, malware.community_identifiers, malware.family_name, malware.slug, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.
     # @option opts [String] :q Perform a generic substring search across all fields.
     # @option opts [Array<String>] :fields The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like:  \\_\\_\\&lt;collection\\&gt;\\_\\_.  Ex: slug \\_\\_full\\_\\_.  Defaults to \\_\\_basic\\_\\_.
     # @return [Array<(DomainNewsResponse, Integer, Hash)>] DomainNewsResponse data, response status code and response headers
@@ -1071,7 +1071,7 @@ module Falcon
     # @option opts [Integer] :offset Set the starting row number to return report IDs from. Defaults to 0.
     # @option opts [Integer] :limit Set the number of report IDs to return. The value must be between 1 and 5000.
     # @option opts [String] :sort Order fields in ascending or descending order.  Ex: created_date|asc.
-    # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include:  actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.
+    # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include:  actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, malware, malware.community_identifiers, malware.family_name, malware.slug, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.
     # @option opts [String] :q Perform a generic substring search across all fields.
     # @return [MsaQueryResponse]
     def query_intel_report_ids(opts = {})
@@ -1084,7 +1084,7 @@ module Falcon
     # @option opts [Integer] :offset Set the starting row number to return report IDs from. Defaults to 0.
     # @option opts [Integer] :limit Set the number of report IDs to return. The value must be between 1 and 5000.
     # @option opts [String] :sort Order fields in ascending or descending order.  Ex: created_date|asc.
-    # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include:  actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.
+    # @option opts [String] :filter Filter your query by specifying FQL filter parameters. Filter parameters include:  actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, malware, malware.community_identifiers, malware.family_name, malware.slug, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url.
     # @option opts [String] :q Perform a generic substring search across all fields.
     # @return [Array<(MsaQueryResponse, Integer, Hash)>] MsaQueryResponse data, response status code and response headers
     def query_intel_report_ids_with_http_info(opts = {})

data/lib/crimson-falcon/api/ioc_api.rb

@@ -509,6 +509,232 @@ module Falcon
       return data, status_code, headers
     end
 
+    # Get the number of devices the indicator has run on
+    # @param type [String]  The type of the indicator. Valid types include:  sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.  md5: A hex-encoded md5 hash string. Length - min 32, max: 32.  domain: A domain name. Length - min: 1, max: 200.  ipv4: An IPv4 address. Must be a valid IP address.  ipv6: An IPv6 address. Must be a valid IP address.
+    # @param value [String] The string representation of the indicator
+    # @param [Hash] opts the optional parameters
+    # @return [ApiDeviceCountRespV1]
+    def indicator_get_device_count_v1(type, value, opts = {})
+      data, _status_code, _headers = indicator_get_device_count_v1_with_http_info(type, value, opts)
+      data
+    end
+
+    # Get the number of devices the indicator has run on
+    # @param type [String]  The type of the indicator. Valid types include:  sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.  md5: A hex-encoded md5 hash string. Length - min 32, max: 32.  domain: A domain name. Length - min: 1, max: 200.  ipv4: An IPv4 address. Must be a valid IP address.  ipv6: An IPv6 address. Must be a valid IP address.
+    # @param value [String] The string representation of the indicator
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(ApiDeviceCountRespV1, Integer, Hash)>] ApiDeviceCountRespV1 data, response status code and response headers
+    def indicator_get_device_count_v1_with_http_info(type, value, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: IocApi.indicator_get_device_count_v1 ...'
+      end
+      # verify the required parameter 'type' is set
+      if @api_client.config.client_side_validation && type.nil?
+        fail ArgumentError, "Missing the required parameter 'type' when calling IocApi.indicator_get_device_count_v1"
+      end
+      # verify the required parameter 'value' is set
+      if @api_client.config.client_side_validation && value.nil?
+        fail ArgumentError, "Missing the required parameter 'value' when calling IocApi.indicator_get_device_count_v1"
+      end
+      # resource path
+      local_var_path = '/iocs/aggregates/indicators/device-count/v1'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+      query_params[:'type'] = type
+      query_params[:'value'] = value
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'ApiDeviceCountRespV1'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oauth2']
+
+      new_options = opts.merge(
+        :operation => :"IocApi.indicator_get_device_count_v1",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: IocApi#indicator_get_device_count_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Get the IDs of devices the indicator has run on
+    # @param type [String]  The type of the indicator. Valid types include:  sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.  md5: A hex-encoded md5 hash string. Length - min 32, max: 32.  domain: A domain name. Length - min: 1, max: 200.  ipv4: An IPv4 address. Must be a valid IP address.  ipv6: An IPv6 address. Must be a valid IP address.
+    # @param value [String] The string representation of the indicator
+    # @param [Hash] opts the optional parameters
+    # @option opts [String] :limit The maximum number of results to return. Use with the offset parameter to manage pagination of results.
+    # @option opts [String] :offset The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.
+    # @return [ApiDevicesRanOnRespV1]
+    def indicator_get_devices_ran_on_v1(type, value, opts = {})
+      data, _status_code, _headers = indicator_get_devices_ran_on_v1_with_http_info(type, value, opts)
+      data
+    end
+
+    # Get the IDs of devices the indicator has run on
+    # @param type [String]  The type of the indicator. Valid types include:  sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.  md5: A hex-encoded md5 hash string. Length - min 32, max: 32.  domain: A domain name. Length - min: 1, max: 200.  ipv4: An IPv4 address. Must be a valid IP address.  ipv6: An IPv6 address. Must be a valid IP address.
+    # @param value [String] The string representation of the indicator
+    # @param [Hash] opts the optional parameters
+    # @option opts [String] :limit The maximum number of results to return. Use with the offset parameter to manage pagination of results.
+    # @option opts [String] :offset The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.
+    # @return [Array<(ApiDevicesRanOnRespV1, Integer, Hash)>] ApiDevicesRanOnRespV1 data, response status code and response headers
+    def indicator_get_devices_ran_on_v1_with_http_info(type, value, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: IocApi.indicator_get_devices_ran_on_v1 ...'
+      end
+      # verify the required parameter 'type' is set
+      if @api_client.config.client_side_validation && type.nil?
+        fail ArgumentError, "Missing the required parameter 'type' when calling IocApi.indicator_get_devices_ran_on_v1"
+      end
+      # verify the required parameter 'value' is set
+      if @api_client.config.client_side_validation && value.nil?
+        fail ArgumentError, "Missing the required parameter 'value' when calling IocApi.indicator_get_devices_ran_on_v1"
+      end
+      # resource path
+      local_var_path = '/iocs/queries/indicators/devices/v1'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+      query_params[:'type'] = type
+      query_params[:'value'] = value
+      query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
+      query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'ApiDevicesRanOnRespV1'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oauth2']
+
+      new_options = opts.merge(
+        :operation => :"IocApi.indicator_get_devices_ran_on_v1",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: IocApi#indicator_get_devices_ran_on_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Get the number of processes the indicator has run on
+    # @param type [String]  The type of the indicator. Valid types include:  sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.  md5: A hex-encoded md5 hash string. Length - min 32, max: 32.  domain: A domain name. Length - min: 1, max: 200.  ipv4: An IPv4 address. Must be a valid IP address.  ipv6: An IPv6 address. Must be a valid IP address.
+    # @param value [String] The string representation of the indicator
+    # @param device_id [String] Specify a host&#39;s ID to return only processes from that host. Get a host&#39;s ID from GET /devices/queries/devices/v1, the Falcon console, or the Streaming API.
+    # @param [Hash] opts the optional parameters
+    # @option opts [String] :limit The maximum number of results to return. Use with the offset parameter to manage pagination of results.
+    # @option opts [String] :offset The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.
+    # @return [ApiProcessesRanOnRespV1]
+    def indicator_get_processes_ran_on_v1(type, value, device_id, opts = {})
+      data, _status_code, _headers = indicator_get_processes_ran_on_v1_with_http_info(type, value, device_id, opts)
+      data
+    end
+
+    # Get the number of processes the indicator has run on
+    # @param type [String]  The type of the indicator. Valid types include:  sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64.  md5: A hex-encoded md5 hash string. Length - min 32, max: 32.  domain: A domain name. Length - min: 1, max: 200.  ipv4: An IPv4 address. Must be a valid IP address.  ipv6: An IPv6 address. Must be a valid IP address.
+    # @param value [String] The string representation of the indicator
+    # @param device_id [String] Specify a host&#39;s ID to return only processes from that host. Get a host&#39;s ID from GET /devices/queries/devices/v1, the Falcon console, or the Streaming API.
+    # @param [Hash] opts the optional parameters
+    # @option opts [String] :limit The maximum number of results to return. Use with the offset parameter to manage pagination of results.
+    # @option opts [String] :offset The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.
+    # @return [Array<(ApiProcessesRanOnRespV1, Integer, Hash)>] ApiProcessesRanOnRespV1 data, response status code and response headers
+    def indicator_get_processes_ran_on_v1_with_http_info(type, value, device_id, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: IocApi.indicator_get_processes_ran_on_v1 ...'
+      end
+      # verify the required parameter 'type' is set
+      if @api_client.config.client_side_validation && type.nil?
+        fail ArgumentError, "Missing the required parameter 'type' when calling IocApi.indicator_get_processes_ran_on_v1"
+      end
+      # verify the required parameter 'value' is set
+      if @api_client.config.client_side_validation && value.nil?
+        fail ArgumentError, "Missing the required parameter 'value' when calling IocApi.indicator_get_processes_ran_on_v1"
+      end
+      # verify the required parameter 'device_id' is set
+      if @api_client.config.client_side_validation && device_id.nil?
+        fail ArgumentError, "Missing the required parameter 'device_id' when calling IocApi.indicator_get_processes_ran_on_v1"
+      end
+      # resource path
+      local_var_path = '/iocs/queries/indicators/processes/v1'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+      query_params[:'type'] = type
+      query_params[:'value'] = value
+      query_params[:'device_id'] = device_id
+      query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
+      query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'ApiProcessesRanOnRespV1'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oauth2']
+
+      new_options = opts.merge(
+        :operation => :"IocApi.indicator_get_processes_ran_on_v1",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: IocApi#indicator_get_processes_ran_on_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
     # Get Indicators by ids.
     # @param ids [Array<String>] The ids of the Indicators to retrieve
     # @param [Hash] opts the optional parameters