crimson-falcon 0.4.0 → 0.5.0

data/lib/crimson-falcon/api/real_time_response_admin_api.rb

@@ -37,7 +37,7 @@ module Falcon
       @api_client = api_client
     end
     # Batch executes a RTR administrator command across the hosts mapped to the given batch ID.
-    # @param body [DomainBatchExecuteCommandRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `put` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `run` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on.  Received from `/real-time-response/combined/batch-init-session/v1`. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`optional_hosts`** List of a subset of hosts we want to run the command on.  If this list is supplied, only these hosts will receive the command.
+    # @param body [DomainBatchExecuteCommandRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/documentation/page/b8c1738c/real-time-response-and-network-containment#k893b7c0): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `put` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `run` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on.  Received from `/real-time-response/combined/batch-init-session/v1`. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`optional_hosts`** List of a subset of hosts we want to run the command on.  If this list is supplied, only these hosts will receive the command.
     # @param [Hash] opts the optional parameters
     # @option opts [Integer] :timeout Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 5 minutes. (default to 30)
     # @option opts [String] :timeout_duration Timeout duration for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 5 minutes. (default to '30s')
@@ -49,7 +49,7 @@ module Falcon
     end
 
     # Batch executes a RTR administrator command across the hosts mapped to the given batch ID.
-    # @param body [DomainBatchExecuteCommandRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `put` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `run` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on.  Received from `/real-time-response/combined/batch-init-session/v1`. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`optional_hosts`** List of a subset of hosts we want to run the command on.  If this list is supplied, only these hosts will receive the command.
+    # @param body [DomainBatchExecuteCommandRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/documentation/page/b8c1738c/real-time-response-and-network-containment#k893b7c0): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `put` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `run` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on.  Received from `/real-time-response/combined/batch-init-session/v1`. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`optional_hosts`** List of a subset of hosts we want to run the command on.  If this list is supplied, only these hosts will receive the command.
     # @param [Hash] opts the optional parameters
     # @option opts [Integer] :timeout Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 5 minutes. (default to 30)
     # @option opts [String] :timeout_duration Timeout duration for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 5 minutes. (default to '30s')
@@ -490,7 +490,7 @@ module Falcon
     end
 
     # Execute a RTR administrator command on a single host.
-    # @param body [DomainCommandExecuteRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `put` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `run` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  Required values.  The rest of the fields are unused. **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`session_id`** RTR session ID to run the command on
+    # @param body [DomainCommandExecuteRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/documentation/page/b8c1738c/real-time-response-and-network-containment#k893b7c0): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `put` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `run` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  Required values.  The rest of the fields are unused. **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`session_id`** RTR session ID to run the command on
     # @param [Hash] opts the optional parameters
     # @return [DomainCommandExecuteResponseWrapper]
     def r_tr_execute_admin_command(body, opts = {})
@@ -499,7 +499,7 @@ module Falcon
     end
 
     # Execute a RTR administrator command on a single host.
-    # @param body [DomainCommandExecuteRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `put` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `run` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  Required values.  The rest of the fields are unused. **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`session_id`** RTR session ID to run the command on
+    # @param body [DomainCommandExecuteRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/documentation/page/b8c1738c/real-time-response-and-network-containment#k893b7c0): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `put` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `run` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  Required values.  The rest of the fields are unused. **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`session_id`** RTR session ID to run the command on
     # @param [Hash] opts the optional parameters
     # @return [Array<(DomainCommandExecuteResponseWrapper, Integer, Hash)>] DomainCommandExecuteResponseWrapper data, response status code and response headers
     def r_tr_execute_admin_command_with_http_info(body, opts = {})

data/lib/crimson-falcon/api/real_time_response_api.rb

@@ -37,7 +37,7 @@ module Falcon
       @api_client = api_client
     end
     # Batch executes a RTR active-responder command across the hosts mapped to the given batch ID.
-    # @param body [DomainBatchExecuteCommandRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on.  Received from `/real-time-response/combined/batch-init-session/v1`. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`optional_hosts`** List of a subset of hosts we want to run the command on.  If this list is supplied, only these hosts will receive the command.
+    # @param body [DomainBatchExecuteCommandRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/documentation/page/b8c1738c/real-time-response-and-network-containment#k893b7c0): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on.  Received from `/real-time-response/combined/batch-init-session/v1`. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`optional_hosts`** List of a subset of hosts we want to run the command on.  If this list is supplied, only these hosts will receive the command.
     # @param [Hash] opts the optional parameters
     # @option opts [Integer] :timeout Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 5 minutes. (default to 30)
     # @option opts [String] :timeout_duration Timeout duration for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 5 minutes. (default to '30s')
@@ -49,7 +49,7 @@ module Falcon
     end
 
     # Batch executes a RTR active-responder command across the hosts mapped to the given batch ID.
-    # @param body [DomainBatchExecuteCommandRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on.  Received from `/real-time-response/combined/batch-init-session/v1`. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`optional_hosts`** List of a subset of hosts we want to run the command on.  If this list is supplied, only these hosts will receive the command.
+    # @param body [DomainBatchExecuteCommandRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/documentation/page/b8c1738c/real-time-response-and-network-containment#k893b7c0): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on.  Received from `/real-time-response/combined/batch-init-session/v1`. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`optional_hosts`** List of a subset of hosts we want to run the command on.  If this list is supplied, only these hosts will receive the command.
     # @param [Hash] opts the optional parameters
     # @option opts [Integer] :timeout Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 5 minutes. (default to 30)
     # @option opts [String] :timeout_duration Timeout duration for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 5 minutes. (default to '30s')
@@ -112,7 +112,7 @@ module Falcon
     end
 
     # Batch executes a RTR read-only command across the hosts mapped to the given batch ID.
-    # @param body [DomainBatchExecuteCommandRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `env` - `eventlog` - `filehash` - `getsid` - `help` - `history` - `ipconfig` - `ls` - `mount` - `netstat` - `ps` - `reg query`  **`base_command`** read-only command type we are going to execute, for example: `ls` or `cd`.  Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on.  Received from `/real-time-response/combined/batch-init-session/v1`. **`command_string`** Full command string for the command. For example  `cd C:\\some_directory` **`optional_hosts`** List of a subset of hosts we want to run the command on.  If this list is supplied, only these hosts will receive the command.
+    # @param body [DomainBatchExecuteCommandRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/documentation/page/b8c1738c/real-time-response-and-network-containment#k893b7c0): - `cat` - `cd` - `clear` - `env` - `eventlog` - `filehash` - `getsid` - `help` - `history` - `ipconfig` - `ls` - `mount` - `netstat` - `ps` - `reg query`  **`base_command`** read-only command type we are going to execute, for example: `ls` or `cd`.  Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on.  Received from `/real-time-response/combined/batch-init-session/v1`. **`command_string`** Full command string for the command. For example  `cd C:\\some_directory` **`optional_hosts`** List of a subset of hosts we want to run the command on.  If this list is supplied, only these hosts will receive the command.
     # @param [Hash] opts the optional parameters
     # @option opts [Integer] :timeout Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 5 minutes. (default to 30)
     # @option opts [String] :timeout_duration Timeout duration for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 5 minutes. (default to '30s')
@@ -124,7 +124,7 @@ module Falcon
     end
 
     # Batch executes a RTR read-only command across the hosts mapped to the given batch ID.
-    # @param body [DomainBatchExecuteCommandRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `env` - `eventlog` - `filehash` - `getsid` - `help` - `history` - `ipconfig` - `ls` - `mount` - `netstat` - `ps` - `reg query`  **`base_command`** read-only command type we are going to execute, for example: `ls` or `cd`.  Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on.  Received from `/real-time-response/combined/batch-init-session/v1`. **`command_string`** Full command string for the command. For example  `cd C:\\some_directory` **`optional_hosts`** List of a subset of hosts we want to run the command on.  If this list is supplied, only these hosts will receive the command.
+    # @param body [DomainBatchExecuteCommandRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/documentation/page/b8c1738c/real-time-response-and-network-containment#k893b7c0): - `cat` - `cd` - `clear` - `env` - `eventlog` - `filehash` - `getsid` - `help` - `history` - `ipconfig` - `ls` - `mount` - `netstat` - `ps` - `reg query`  **`base_command`** read-only command type we are going to execute, for example: `ls` or `cd`.  Refer to the RTR documentation for the full list of commands. **`batch_id`** Batch ID to execute the command on.  Received from `/real-time-response/combined/batch-init-session/v1`. **`command_string`** Full command string for the command. For example  `cd C:\\some_directory` **`optional_hosts`** List of a subset of hosts we want to run the command on.  If this list is supplied, only these hosts will receive the command.
     # @param [Hash] opts the optional parameters
     # @option opts [Integer] :timeout Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 5 minutes. (default to 30)
     # @option opts [String] :timeout_duration Timeout duration for how long to wait for the request in duration syntax. Example, `10s`. Valid units: `ns, us, ms, s, m, h`. Maximum is 5 minutes. (default to '30s')
@@ -950,7 +950,7 @@ module Falcon
     end
 
     # Execute an active responder command on a single host.
-    # @param body [DomainCommandExecuteRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  Required values.  The rest of the fields are unused. **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`session_id`** RTR session ID to run the command on
+    # @param body [DomainCommandExecuteRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/documentation/page/b8c1738c/real-time-response-and-network-containment#k893b7c0): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  Required values.  The rest of the fields are unused. **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`session_id`** RTR session ID to run the command on
     # @param [Hash] opts the optional parameters
     # @return [DomainCommandExecuteResponseWrapper]
     def r_tr_execute_active_responder_command(body, opts = {})
@@ -959,7 +959,7 @@ module Falcon
     end
 
     # Execute an active responder command on a single host.
-    # @param body [DomainCommandExecuteRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  Required values.  The rest of the fields are unused. **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`session_id`** RTR session ID to run the command on
+    # @param body [DomainCommandExecuteRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/documentation/page/b8c1738c/real-time-response-and-network-containment#k893b7c0): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip`  Required values.  The rest of the fields are unused. **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`.  Refer to the RTR documentation for the full list of commands. **`command_string`** Full command string for the command. For example  `get some_file.txt` **`session_id`** RTR session ID to run the command on
     # @param [Hash] opts the optional parameters
     # @return [Array<(DomainCommandExecuteResponseWrapper, Integer, Hash)>] DomainCommandExecuteResponseWrapper data, response status code and response headers
     def r_tr_execute_active_responder_command_with_http_info(body, opts = {})
@@ -1016,7 +1016,7 @@ module Falcon
     end
 
     # Execute a command on a single host.
-    # @param body [DomainCommandExecuteRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - &#x60;cat&#x60; - &#x60;cd&#x60; - &#x60;clear&#x60; - &#x60;env&#x60; - &#x60;eventlog&#x60; - &#x60;filehash&#x60; - &#x60;getsid&#x60; - &#x60;help&#x60; - &#x60;history&#x60; - &#x60;ipconfig&#x60; - &#x60;ls&#x60; - &#x60;mount&#x60; - &#x60;netstat&#x60; - &#x60;ps&#x60; - &#x60;reg query&#x60;  Required values.  The rest of the fields are unused. **&#x60;base_command&#x60;** read-only command type we are going to execute, for example: &#x60;ls&#x60; or &#x60;cd&#x60;.  Refer to the RTR documentation for the full list of commands. **&#x60;command_string&#x60;** Full command string for the command. For example  &#x60;cd C:\\some_directory&#x60; **&#x60;session_id&#x60;** RTR session ID to run the command on
+    # @param body [DomainCommandExecuteRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/documentation/page/b8c1738c/real-time-response-and-network-containment#k893b7c0): - &#x60;cat&#x60; - &#x60;cd&#x60; - &#x60;clear&#x60; - &#x60;env&#x60; - &#x60;eventlog&#x60; - &#x60;filehash&#x60; - &#x60;getsid&#x60; - &#x60;help&#x60; - &#x60;history&#x60; - &#x60;ipconfig&#x60; - &#x60;ls&#x60; - &#x60;mount&#x60; - &#x60;netstat&#x60; - &#x60;ps&#x60; - &#x60;reg query&#x60;  Required values.  The rest of the fields are unused. **&#x60;base_command&#x60;** read-only command type we are going to execute, for example: &#x60;ls&#x60; or &#x60;cd&#x60;.  Refer to the RTR documentation for the full list of commands. **&#x60;command_string&#x60;** Full command string for the command. For example  &#x60;cd C:\\some_directory&#x60; **&#x60;session_id&#x60;** RTR session ID to run the command on
     # @param [Hash] opts the optional parameters
     # @return [DomainCommandExecuteResponseWrapper]
     def r_tr_execute_command(body, opts = {})
@@ -1025,7 +1025,7 @@ module Falcon
     end
 
     # Execute a command on a single host.
-    # @param body [DomainCommandExecuteRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - &#x60;cat&#x60; - &#x60;cd&#x60; - &#x60;clear&#x60; - &#x60;env&#x60; - &#x60;eventlog&#x60; - &#x60;filehash&#x60; - &#x60;getsid&#x60; - &#x60;help&#x60; - &#x60;history&#x60; - &#x60;ipconfig&#x60; - &#x60;ls&#x60; - &#x60;mount&#x60; - &#x60;netstat&#x60; - &#x60;ps&#x60; - &#x60;reg query&#x60;  Required values.  The rest of the fields are unused. **&#x60;base_command&#x60;** read-only command type we are going to execute, for example: &#x60;ls&#x60; or &#x60;cd&#x60;.  Refer to the RTR documentation for the full list of commands. **&#x60;command_string&#x60;** Full command string for the command. For example  &#x60;cd C:\\some_directory&#x60; **&#x60;session_id&#x60;** RTR session ID to run the command on
+    # @param body [DomainCommandExecuteRequest] Use this endpoint to run these [real time response commands](https://falcon.crowdstrike.com/documentation/page/b8c1738c/real-time-response-and-network-containment#k893b7c0): - &#x60;cat&#x60; - &#x60;cd&#x60; - &#x60;clear&#x60; - &#x60;env&#x60; - &#x60;eventlog&#x60; - &#x60;filehash&#x60; - &#x60;getsid&#x60; - &#x60;help&#x60; - &#x60;history&#x60; - &#x60;ipconfig&#x60; - &#x60;ls&#x60; - &#x60;mount&#x60; - &#x60;netstat&#x60; - &#x60;ps&#x60; - &#x60;reg query&#x60;  Required values.  The rest of the fields are unused. **&#x60;base_command&#x60;** read-only command type we are going to execute, for example: &#x60;ls&#x60; or &#x60;cd&#x60;.  Refer to the RTR documentation for the full list of commands. **&#x60;command_string&#x60;** Full command string for the command. For example  &#x60;cd C:\\some_directory&#x60; **&#x60;session_id&#x60;** RTR session ID to run the command on
     # @param [Hash] opts the optional parameters
     # @return [Array<(DomainCommandExecuteResponseWrapper, Integer, Hash)>] DomainCommandExecuteResponseWrapper data, response status code and response headers
     def r_tr_execute_command_with_http_info(body, opts = {})
@@ -1086,7 +1086,7 @@ module Falcon
     # @param sha256 [String] Extracted SHA256 (e.g. &#39;efa256a96af3b556cd3fc9d8b1cf587d72807d7805ced441e8149fc279db422b&#39;)
     # @param [Hash] opts the optional parameters
     # @option opts [String] :filename Filename to use for the archive name and the file within the archive.
-    # @return [Array<Integer>]
+    # @return [File]
     def r_tr_get_extracted_file_contents(session_id, sha256, opts = {})
       data, _status_code, _headers = r_tr_get_extracted_file_contents_with_http_info(session_id, sha256, opts)
       data
@@ -1097,7 +1097,7 @@ module Falcon
     # @param sha256 [String] Extracted SHA256 (e.g. &#39;efa256a96af3b556cd3fc9d8b1cf587d72807d7805ced441e8149fc279db422b&#39;)
     # @param [Hash] opts the optional parameters
     # @option opts [String] :filename Filename to use for the archive name and the file within the archive.
-    # @return [Array<(Array<Integer>, Integer, Hash)>] Array<Integer> data, response status code and response headers
+    # @return [Array<(File, Integer, Hash)>] File data, response status code and response headers
     def r_tr_get_extracted_file_contents_with_http_info(session_id, sha256, opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: RealTimeResponseApi.r_tr_get_extracted_file_contents ...'
@@ -1131,7 +1131,7 @@ module Falcon
       post_body = opts[:debug_body]
 
       # return_type
-      return_type = opts[:debug_return_type] || 'Array<Integer>'
+      return_type = opts[:debug_return_type] || 'File'
 
       # auth_names
       auth_names = opts[:debug_auth_names] || ['oauth2']

data/lib/crimson-falcon/api/recon_api.rb

@@ -772,7 +772,7 @@ module Falcon
       # header parameters
       header_params = opts[:header_params] || {}
       # HTTP header 'Accept' (if needed)
-      header_params['Accept'] = @api_client.select_header_accept(['application/octet-stream'])
+      header_params['Accept'] = @api_client.select_header_accept(['application/octet-stream', 'application/json'])
 
       # form parameters
       form_params = opts[:form_params] || {}
@@ -803,7 +803,8 @@ module Falcon
       return data, status_code, headers
     end
 
-    # Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match.This endpoint will return translated notification content. The only target language available is English. A single notification can be translated per request
+    # Get detailed notifications based on their IDs. These include the translated raw intelligence content that generated the match or part of it.
+    # Get detailed notifications based on their IDs. These include the translated raw intelligence content that generated the match or part of it. This API endpoint will return translated notification content. The only target language available is English. A single notification can be translated per request. In case the item's content is only partial, a URL is provided under the resource's 'details.full_content_url' path, but the content available at this URL will be the original one.
     # @param ids [Array<String>] Notification IDs.
     # @param [Hash] opts the optional parameters
     # @return [DomainNotificationDetailsResponseV1]
@@ -812,7 +813,8 @@ module Falcon
       data
     end
 
-    # Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match.This endpoint will return translated notification content. The only target language available is English. A single notification can be translated per request
+    # Get detailed notifications based on their IDs. These include the translated raw intelligence content that generated the match or part of it.
+    # Get detailed notifications based on their IDs. These include the translated raw intelligence content that generated the match or part of it. This API endpoint will return translated notification content. The only target language available is English. A single notification can be translated per request. In case the item&#39;s content is only partial, a URL is provided under the resource&#39;s &#39;details.full_content_url&#39; path, but the content available at this URL will be the original one.
     # @param ids [Array<String>] Notification IDs.
     # @param [Hash] opts the optional parameters
     # @return [Array<(DomainNotificationDetailsResponseV1, Integer, Hash)>] DomainNotificationDetailsResponseV1 data, response status code and response headers
@@ -865,7 +867,8 @@ module Falcon
       return data, status_code, headers
     end
 
-    # Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match.
+    # Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match or part of it.
+    # Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match or part of it. In case the content is only partial, a URL is provided under the resource's 'details.full_content_url' path. When present, use this URL to retrieve the full raw text content of the item. Please note this URL has a limited TTL. To get a fresh valid one, perform a new call to this API endpoint.
     # @param ids [Array<String>] Notification IDs.
     # @param [Hash] opts the optional parameters
     # @return [DomainNotificationDetailsResponseV1]
@@ -874,7 +877,8 @@ module Falcon
       data
     end
 
-    # Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match.
+    # Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match or part of it.
+    # Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match or part of it. In case the content is only partial, a URL is provided under the resource&#39;s &#39;details.full_content_url&#39; path. When present, use this URL to retrieve the full raw text content of the item. Please note this URL has a limited TTL. To get a fresh valid one, perform a new call to this API endpoint.
     # @param ids [Array<String>] Notification IDs.
     # @param [Hash] opts the optional parameters
     # @return [Array<(DomainNotificationDetailsResponseV1, Integer, Hash)>] DomainNotificationDetailsResponseV1 data, response status code and response headers
@@ -1482,6 +1486,7 @@ module Falcon
     # @option opts [String] :sort Possible order by fields: created_timestamp, last_updated_timestamp. Ex: &#x60;last_updated_timestamp|desc&#x60;.
     # @option opts [String] :filter FQL query to filter rules by. Possible filter properties are: [id cid user_uuid topic priority permissions status filter breach_monitoring_enabled substring_matching_enabled created_timestamp last_updated_timestamp].
     # @option opts [String] :q Free text search across all indexed fields.
+    # @option opts [String] :secondary_sort Possible order by fields: created_timestamp, last_updated_timestamp. Ex: &#x60;last_updated_timestamp|desc&#x60;.
     # @return [DomainRuleQueryResponseV1]
     def query_rules_v1(opts = {})
       data, _status_code, _headers = query_rules_v1_with_http_info(opts)
@@ -1495,6 +1500,7 @@ module Falcon
     # @option opts [String] :sort Possible order by fields: created_timestamp, last_updated_timestamp. Ex: &#x60;last_updated_timestamp|desc&#x60;.
     # @option opts [String] :filter FQL query to filter rules by. Possible filter properties are: [id cid user_uuid topic priority permissions status filter breach_monitoring_enabled substring_matching_enabled created_timestamp last_updated_timestamp].
     # @option opts [String] :q Free text search across all indexed fields.
+    # @option opts [String] :secondary_sort Possible order by fields: created_timestamp, last_updated_timestamp. Ex: &#x60;last_updated_timestamp|desc&#x60;.
     # @return [Array<(DomainRuleQueryResponseV1, Integer, Hash)>] DomainRuleQueryResponseV1 data, response status code and response headers
     def query_rules_v1_with_http_info(opts = {})
       if @api_client.config.debugging
@@ -1518,6 +1524,7 @@ module Falcon
       query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
       query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
       query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?
+      query_params[:'secondarySort'] = opts[:'secondary_sort'] if !opts[:'secondary_sort'].nil?
 
       # header parameters
       header_params = opts[:header_params] || {}

data/lib/crimson-falcon/api/report_executions_api.rb

@@ -36,19 +36,19 @@ module Falcon
     def initialize(api_client = ApiClient.default)
       @api_client = api_client
     end
-    # Get report entity download
+    # Get report entity download. Returns either a JSON object or a CSV string.
     # @param ids [String] The report_execution id to download
     # @param [Hash] opts the optional parameters
-    # @return [Array<Integer>]
+    # @return [Object]
     def report_executions_download_get(ids, opts = {})
       data, _status_code, _headers = report_executions_download_get_with_http_info(ids, opts)
       data
     end
 
-    # Get report entity download
+    # Get report entity download. Returns either a JSON object or a CSV string.
     # @param ids [String] The report_execution id to download
     # @param [Hash] opts the optional parameters
-    # @return [Array<(Array<Integer>, Integer, Hash)>] Array<Integer> data, response status code and response headers
+    # @return [Array<(Object, Integer, Hash)>] Object data, response status code and response headers
     def report_executions_download_get_with_http_info(ids, opts = {})
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ReportExecutionsApi.report_executions_download_get ...'
@@ -67,7 +67,7 @@ module Falcon
       # header parameters
       header_params = opts[:header_params] || {}
       # HTTP header 'Accept' (if needed)
-      header_params['Accept'] = @api_client.select_header_accept(['*/*'])
+      header_params['Accept'] = @api_client.select_header_accept(['*/*', 'application/json', 'text/csv'])
 
       # form parameters
       form_params = opts[:form_params] || {}
@@ -76,7 +76,7 @@ module Falcon
       post_body = opts[:debug_body]
 
       # return_type
-      return_type = opts[:debug_return_type] || 'Array<Integer>'
+      return_type = opts[:debug_return_type] || 'Object'
 
       # auth_names
       auth_names = opts[:debug_auth_names] || ['oauth2']