crimson-falcon 1.1.0 → 1.2.0

data/lib/crimson-falcon/api/falcon_container_image.rb

@@ -226,6 +226,61 @@ module Falcon
       return data, status_code, headers
     end
 
+    # Get headers for POST request for image scan inventory
+    # @param [Hash] opts the optional parameters
+    # @return [nil]
+    def head_image_scan_inventory(opts = {})
+      head_image_scan_inventory_with_http_info(opts)
+      nil
+    end
+
+    # Get headers for POST request for image scan inventory
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers
+    def head_image_scan_inventory_with_http_info(opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: FalconContainerImage.head_image_scan_inventory ...'
+      end
+      # resource path
+      local_var_path = '/image-assessment/entities/image-inventory/v1'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type]
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oauth2']
+
+      new_options = opts.merge(
+        :operation => :"FalconContainerImage.head_image_scan_inventory",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:HEAD, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: FalconContainerImage#head_image_scan_inventory\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
     # Launch an export job of a Container Security resource. Maximum of 1 job in progress per resource
     # @param body [ExportsLaunchExportRequest] Supported resources: - &#x60;assets.clusters&#x60; - &#x60;assets.containers&#x60; - &#x60;assets.deployments&#x60; - &#x60;assets.images&#x60; - &#x60;assets.namespaces&#x60; - &#x60;assets.nodes&#x60; - &#x60;assets.pods&#x60; - &#x60;images.images-assessment-detections-expanded&#x60; - &#x60;images.images-assessment-expanded&#x60; - &#x60;images.images-assessment-vulnerabilities-expanded&#x60; - &#x60;images.images-assessment&#x60; - &#x60;images.images-detections&#x60; - &#x60;images.packages&#x60; - &#x60;images.vulnerabilities&#x60; - &#x60;investigate.container-alerts&#x60; - &#x60;investigate.drift-indicators&#x60; - &#x60;investigate.kubernetes-ioms&#x60; - &#x60;investigate.runtime-detections&#x60; - &#x60;investigate.unidentified-containers&#x60; - &#x60;network.events&#x60; - &#x60;policies.exclusions&#x60;
     # @param [Hash] opts the optional parameters
@@ -292,6 +347,72 @@ module Falcon
       return data, status_code, headers
     end
 
+    # Post image scan inventory
+    # @param body [ModelsInventoryScanRequestType]
+    # @param [Hash] opts the optional parameters
+    # @return [nil]
+    def post_image_scan_inventory(body, opts = {})
+      post_image_scan_inventory_with_http_info(body, opts)
+      nil
+    end
+
+    # Post image scan inventory
+    # @param body [ModelsInventoryScanRequestType]
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers
+    def post_image_scan_inventory_with_http_info(body, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: FalconContainerImage.post_image_scan_inventory ...'
+      end
+      # verify the required parameter 'body' is set
+      if @api_client.config.client_side_validation && body.nil?
+        fail ArgumentError, "Missing the required parameter 'body' when calling FalconContainerImage.post_image_scan_inventory"
+      end
+      # resource path
+      local_var_path = '/image-assessment/entities/image-inventory/v1'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+      # HTTP header 'Content-Type'
+      content_type = @api_client.select_header_content_type(['application/json'])
+      if !content_type.nil?
+        header_params['Content-Type'] = content_type
+      end
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(body)
+
+      # return_type
+      return_type = opts[:debug_return_type]
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oauth2']
+
+      new_options = opts.merge(
+        :operation => :"FalconContainerImage.post_image_scan_inventory",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: FalconContainerImage#post_image_scan_inventory\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
     # Query export jobs entities
     # @param [Hash] opts the optional parameters
     # @option opts [String] :filter Filter exports using a query in Falcon Query Language (FQL). Only the last 100 jobs are returned. Supported filter fields: - &#x60;resource&#x60; - &#x60;status&#x60;

data/lib/crimson-falcon/api/identity_protection.rb

@@ -76,7 +76,7 @@ module Falcon
 
       # query parameters
       query_params = opts[:query_params] || {}
-      query_params[:'ids'] = @api_client.build_collection_param(ids, :csv)
+      query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)
 
       # header parameters
       header_params = opts[:header_params] || {}
@@ -153,7 +153,7 @@ module Falcon
 
       # query parameters
       query_params = opts[:query_params] || {}
-      query_params[:'ids'] = @api_client.build_collection_param(ids, :csv)
+      query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)
 
       # header parameters
       header_params = opts[:header_params] || {}

data/lib/crimson-falcon/api/integration_builder.rb

@@ -0,0 +1,313 @@
+=begin
+Crimson Falcon - Ruby Client SDK
+
+Code auto-generated by OpenAPI Generator; DO NOT EDIT.
+
+MIT License
+
+Copyright (c) 2023 Crowdstrike
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=end
+
+require 'cgi'
+
+module Falcon
+  class IntegrationBuilder
+    attr_accessor :api_client
+
+    def initialize(api_client = ApiClient.default)
+      @api_client = api_client
+    end
+    # POST Data Upload Transaction Completion
+    # Make a close transaction call after uploading the data
+    # @param id [String] Integration ID
+    # @param [Hash] opts the optional parameters
+    # @return [GetEndTransaction]
+    def integration_builder_end_transaction_v3(id, opts = {})
+      data, _status_code, _headers = integration_builder_end_transaction_v3_with_http_info(id, opts)
+      data
+    end
+
+    # POST Data Upload Transaction Completion
+    # Make a close transaction call after uploading the data
+    # @param id [String] Integration ID
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(GetEndTransaction, Integer, Hash)>] GetEndTransaction data, response status code and response headers
+    def integration_builder_end_transaction_v3_with_http_info(id, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: IntegrationBuilder.integration_builder_end_transaction_v3 ...'
+      end
+      # verify the required parameter 'id' is set
+      if @api_client.config.client_side_validation && id.nil?
+        fail ArgumentError, "Missing the required parameter 'id' when calling IntegrationBuilder.integration_builder_end_transaction_v3"
+      end
+      # resource path
+      local_var_path = '/saas-security/entities/custom-integration-close/v3'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+      query_params[:'id'] = id
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'GetEndTransaction'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oauth2']
+
+      new_options = opts.merge(
+        :operation => :"IntegrationBuilder.integration_builder_end_transaction_v3",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: IntegrationBuilder#integration_builder_end_transaction_v3\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # GET Status
+    # Get transaction status for a custom integration
+    # @param id [String] Integration ID
+    # @param [Hash] opts the optional parameters
+    # @return [GetTransactionStatus]
+    def integration_builder_get_status_v3(id, opts = {})
+      data, _status_code, _headers = integration_builder_get_status_v3_with_http_info(id, opts)
+      data
+    end
+
+    # GET Status
+    # Get transaction status for a custom integration
+    # @param id [String] Integration ID
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(GetTransactionStatus, Integer, Hash)>] GetTransactionStatus data, response status code and response headers
+    def integration_builder_get_status_v3_with_http_info(id, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: IntegrationBuilder.integration_builder_get_status_v3 ...'
+      end
+      # verify the required parameter 'id' is set
+      if @api_client.config.client_side_validation && id.nil?
+        fail ArgumentError, "Missing the required parameter 'id' when calling IntegrationBuilder.integration_builder_get_status_v3"
+      end
+      # resource path
+      local_var_path = '/saas-security/entities/custom-integration-status/v3'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+      query_params[:'id'] = id
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'GetTransactionStatus'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oauth2']
+
+      new_options = opts.merge(
+        :operation => :"IntegrationBuilder.integration_builder_get_status_v3",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: IntegrationBuilder#integration_builder_get_status_v3\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Reset
+    # Make a reset call to a custom integration
+    # @param id [String] Integration ID
+    # @param [Hash] opts the optional parameters
+    # @return [GetTransactionStatus]
+    def integration_builder_reset_v3(id, opts = {})
+      data, _status_code, _headers = integration_builder_reset_v3_with_http_info(id, opts)
+      data
+    end
+
+    # Reset
+    # Make a reset call to a custom integration
+    # @param id [String] Integration ID
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(GetTransactionStatus, Integer, Hash)>] GetTransactionStatus data, response status code and response headers
+    def integration_builder_reset_v3_with_http_info(id, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: IntegrationBuilder.integration_builder_reset_v3 ...'
+      end
+      # verify the required parameter 'id' is set
+      if @api_client.config.client_side_validation && id.nil?
+        fail ArgumentError, "Missing the required parameter 'id' when calling IntegrationBuilder.integration_builder_reset_v3"
+      end
+      # resource path
+      local_var_path = '/saas-security/entities/custom-integration-reset/v3'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+      query_params[:'id'] = id
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'GetTransactionStatus'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oauth2']
+
+      new_options = opts.merge(
+        :operation => :"IntegrationBuilder.integration_builder_reset_v3",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: IntegrationBuilder#integration_builder_reset_v3\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # POST Upload
+    # Send data to a specific source in a custom integration
+    # @param id [String] Integration ID
+    # @param source_id [String] Source ID
+    # @param data [UploadDataRequest]
+    # @param [Hash] opts the optional parameters
+    # @return [UploadDataResponse]
+    def integration_builder_upload_v3(id, source_id, data, opts = {})
+      data, _status_code, _headers = integration_builder_upload_v3_with_http_info(id, source_id, data, opts)
+      data
+    end
+
+    # POST Upload
+    # Send data to a specific source in a custom integration
+    # @param id [String] Integration ID
+    # @param source_id [String] Source ID
+    # @param data [UploadDataRequest]
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(UploadDataResponse, Integer, Hash)>] UploadDataResponse data, response status code and response headers
+    def integration_builder_upload_v3_with_http_info(id, source_id, data, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: IntegrationBuilder.integration_builder_upload_v3 ...'
+      end
+      # verify the required parameter 'id' is set
+      if @api_client.config.client_side_validation && id.nil?
+        fail ArgumentError, "Missing the required parameter 'id' when calling IntegrationBuilder.integration_builder_upload_v3"
+      end
+      # verify the required parameter 'source_id' is set
+      if @api_client.config.client_side_validation && source_id.nil?
+        fail ArgumentError, "Missing the required parameter 'source_id' when calling IntegrationBuilder.integration_builder_upload_v3"
+      end
+      # verify the required parameter 'data' is set
+      if @api_client.config.client_side_validation && data.nil?
+        fail ArgumentError, "Missing the required parameter 'data' when calling IntegrationBuilder.integration_builder_upload_v3"
+      end
+      # resource path
+      local_var_path = '/saas-security/entities/custom-integration-upload/v3'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+      query_params[:'id'] = id
+      query_params[:'source_id'] = source_id
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+      # HTTP header 'Content-Type'
+      content_type = @api_client.select_header_content_type(['application/json'])
+      if !content_type.nil?
+        header_params['Content-Type'] = content_type
+      end
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(data)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'UploadDataResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oauth2']
+
+      new_options = opts.merge(
+        :operation => :"IntegrationBuilder.integration_builder_upload_v3",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: IntegrationBuilder#integration_builder_upload_v3\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+  end
+end

data/lib/crimson-falcon/api/intel.rb

@@ -1432,6 +1432,79 @@ module Falcon
       return data, status_code, headers
     end
 
+    # Get malware entities that match provided FQL filters.
+    # @param [Hash] opts the optional parameters
+    # @option opts [Integer] :offset Set the starting row number to return malware IDs from. Defaults to 0.
+    # @option opts [Integer] :limit Set the number of malware IDs to return. The value must be between 1 and 5000.
+    # @option opts [String] :sort Order fields in ascending or descending order.  Ex: created_date|asc.
+    # @option opts [String] :filter Filter your query by specifying FQL filter parameters.
+    # @option opts [String] :q Perform a generic substring search across all fields.
+    # @option opts [Array<String>] :fields The fields to return
+    # @return [DomainMalwareResponse]
+    def query_malware_entities(opts = {})
+      data, _status_code, _headers = query_malware_entities_with_http_info(opts)
+      data
+    end
+
+    # Get malware entities that match provided FQL filters.
+    # @param [Hash] opts the optional parameters
+    # @option opts [Integer] :offset Set the starting row number to return malware IDs from. Defaults to 0.
+    # @option opts [Integer] :limit Set the number of malware IDs to return. The value must be between 1 and 5000.
+    # @option opts [String] :sort Order fields in ascending or descending order.  Ex: created_date|asc.
+    # @option opts [String] :filter Filter your query by specifying FQL filter parameters.
+    # @option opts [String] :q Perform a generic substring search across all fields.
+    # @option opts [Array<String>] :fields The fields to return
+    # @return [Array<(DomainMalwareResponse, Integer, Hash)>] DomainMalwareResponse data, response status code and response headers
+    def query_malware_entities_with_http_info(opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: Intel.query_malware_entities ...'
+      end
+      # resource path
+      local_var_path = '/intel/combined/malware/v1'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+      query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
+      query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
+      query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
+      query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
+      query_params[:'q'] = opts[:'q'] if !opts[:'q'].nil?
+      query_params[:'fields'] = @api_client.build_collection_param(opts[:'fields'], :multi) if !opts[:'fields'].nil?
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'DomainMalwareResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oauth2']
+
+      new_options = opts.merge(
+        :operation => :"Intel.query_malware_entities",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: Intel#query_malware_entities\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
     # Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071
     # @param [Hash] opts the optional parameters
     # @option opts [String] :id The actor ID(derived from the actor&#39;s name) for which to retrieve a list of attacks, for example: fancy-bear. Only one value is allowed

data/lib/crimson-falcon/api/intelligence_indicator_graph.rb

@@ -36,29 +36,31 @@ module Falcon
     def initialize(api_client = ApiClient.default)
       @api_client = api_client
     end
-    # Get aggregates for indicators based on requests
-    # @param body [RestapiIndicatorsAggregatesRequest]
+    # Get indicators based on their value.
+    # Look up intelligence data for multiple indicators. Supports various indicator types including domains, IP addresses, and file hashes (MD5, SHA1, SHA256). Provide up to 100 indicators in a single request.
+    # @param body [RestapiIndicatorsLookupRequest]
     # @param [Hash] opts the optional parameters
-    # @return [RestapiIndicatorsAggregatesResponse]
-    def get_indicator_aggregates(body, opts = {})
-      data, _status_code, _headers = get_indicator_aggregates_with_http_info(body, opts)
+    # @return [RestapiLookupIndicatorResponse]
+    def lookup_indicators(body, opts = {})
+      data, _status_code, _headers = lookup_indicators_with_http_info(body, opts)
       data
     end
 
-    # Get aggregates for indicators based on requests
-    # @param body [RestapiIndicatorsAggregatesRequest]
+    # Get indicators based on their value.
+    # Look up intelligence data for multiple indicators. Supports various indicator types including domains, IP addresses, and file hashes (MD5, SHA1, SHA256). Provide up to 100 indicators in a single request.
+    # @param body [RestapiIndicatorsLookupRequest]
     # @param [Hash] opts the optional parameters
-    # @return [Array<(RestapiIndicatorsAggregatesResponse, Integer, Hash)>] RestapiIndicatorsAggregatesResponse data, response status code and response headers
-    def get_indicator_aggregates_with_http_info(body, opts = {})
+    # @return [Array<(RestapiLookupIndicatorResponse, Integer, Hash)>] RestapiLookupIndicatorResponse data, response status code and response headers
+    def lookup_indicators_with_http_info(body, opts = {})
       if @api_client.config.debugging
-        @api_client.config.logger.debug 'Calling API: IntelligenceIndicatorGraph.get_indicator_aggregates ...'
+        @api_client.config.logger.debug 'Calling API: IntelligenceIndicatorGraph.lookup_indicators ...'
       end
       # verify the required parameter 'body' is set
       if @api_client.config.client_side_validation && body.nil?
-        fail ArgumentError, "Missing the required parameter 'body' when calling IntelligenceIndicatorGraph.get_indicator_aggregates"
+        fail ArgumentError, "Missing the required parameter 'body' when calling IntelligenceIndicatorGraph.lookup_indicators"
       end
       # resource path
-      local_var_path = '/intelligence/aggregates/indicators/v1'
+      local_var_path = '/intelligence/combined/lookup-indicators/v1'
 
       # query parameters
       query_params = opts[:query_params] || {}
@@ -80,13 +82,13 @@ module Falcon
       post_body = opts[:debug_body] || @api_client.object_to_http_body(body)
 
       # return_type
-      return_type = opts[:debug_return_type] || 'RestapiIndicatorsAggregatesResponse'
+      return_type = opts[:debug_return_type] || 'RestapiLookupIndicatorResponse'
 
       # auth_names
       auth_names = opts[:debug_auth_names] || ['oauth2']
 
       new_options = opts.merge(
-        :operation => :"IntelligenceIndicatorGraph.get_indicator_aggregates",
+        :operation => :"IntelligenceIndicatorGraph.lookup_indicators",
         :header_params => header_params,
         :query_params => query_params,
         :form_params => form_params,
@@ -97,7 +99,7 @@ module Falcon
 
       data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
       if @api_client.config.debugging
-        @api_client.config.logger.debug "API called: IntelligenceIndicatorGraph#get_indicator_aggregates\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+        @api_client.config.logger.debug "API called: IntelligenceIndicatorGraph#lookup_indicators\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
       end
       return data, status_code, headers
     end
@@ -105,6 +107,8 @@ module Falcon
     # Search indicators based on FQL filter.
     # @param body [RestapiIndicatorsQueryRequest]
     # @param [Hash] opts the optional parameters
+    # @option opts [String] :sort Parameter to specify the order(field examples: FileDetails.SHA256, URLDetails.URL, PublishDate, MaliciousConfidence) Ex: &#39;PublishDate|asc&#39;.
+    # @option opts [String] :filter FQL query specifying the filter parameters.
     # @option opts [Integer] :limit Limit
     # @option opts [String] :offset Offset
     # @return [RestapiIndicatorResponse]
@@ -116,6 +120,8 @@ module Falcon
     # Search indicators based on FQL filter.
     # @param body [RestapiIndicatorsQueryRequest]
     # @param [Hash] opts the optional parameters
+    # @option opts [String] :sort Parameter to specify the order(field examples: FileDetails.SHA256, URLDetails.URL, PublishDate, MaliciousConfidence) Ex: &#39;PublishDate|asc&#39;.
+    # @option opts [String] :filter FQL query specifying the filter parameters.
     # @option opts [Integer] :limit Limit
     # @option opts [String] :offset Offset
     # @return [Array<(RestapiIndicatorResponse, Integer, Hash)>] RestapiIndicatorResponse data, response status code and response headers
@@ -132,6 +138,8 @@ module Falcon
 
       # query parameters
       query_params = opts[:query_params] || {}
+      query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
+      query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
       query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
       query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?