cyberhaven-incidents 0.4.0 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/README.md +13 -15
  4. data/cyberhaven-incidents.gemspec +1 -0
  5. data/lib/cyberhaven/incidents/policy.rb +254 -0
  6. data/lib/cyberhaven/incidents/user.rb +203 -301
  7. data/lib/cyberhaven/incidents/version.rb +1 -1
  8. data/lib/cyberhaven/incidents.rb +1 -0
  9. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e1852bcc7cbcbb90acce8ad0a6958b9987b5dc77c81def0f2a3acf9704f5b759
4
- data.tar.gz: 3fc25b31c33f5acd2cfc9977779fadf5df4ccb213680ea971ebfda52edf05602
3
+ metadata.gz: 7985905cb033dfe71fcb962f4be2ea680ca583df1e315fbc636a9beb2b38ec9d
4
+ data.tar.gz: 7d5d1d6b9fe260476a73a6e8ccf3e9cbee1cd5bd5002be83ea8178b5e2b17165
5
5
  SHA512:
6
- metadata.gz: e44d80eaab68028327e398fa3d88ce749d94c9a83876fbb34f6120f9e1f84f6ed8d58e483e17333272beb2f00e495bb315ab49eda46b3b882f0d9fe3f9389004
7
- data.tar.gz: 90c4298aadf9d12d5e81eb35d611c6b0e6a8cef73d260f046664d1e1ddbc72f52241771ccb3ac6b545aaf12679848620b55ac42c8764f1198b80953494066da5
6
+ metadata.gz: ccc5c00bd83dea570da1ba935074e87942b0b253e16ca716d447de05936d7d20b9559bb61bb9abde4fee7389df7d6f1f2e79240f72024fcc90e634382327d581
7
+ data.tar.gz: 672d631b289b7ac1df005c2c988bebcd429bdb77aec2cdfe6d918c56241cf5b0e9f47f3a11347a660c7efb1867ef51c3b14f07b428c348684f63f287920c2d6b
data/CHANGELOG.md CHANGED
@@ -1,4 +1,11 @@
1
1
 
2
+ ## 0.5.0
3
+ Add: Add incidents by policy name
4
+
5
+ ## 0.4.1
6
+ Add: add user csv export
7
+ Fixed: pagination on user events
8
+
2
9
  ## 0.4.0
3
10
  Add: add user incidenetss for status and number of events
4
11
 
data/README.md CHANGED
@@ -38,24 +38,22 @@ Cyberhaven::Incidents::totalIgnoredIncidents
38
38
  Cyberhaven::Incidents::totalInProgressIncidents
39
39
  Cyberhaven::Incidents::totalResolvedIncidents
40
40
 
41
- ## Detailed Incident details by ID
42
- Cyberhaven::Incidents::Id::DetailedJson("#{incidentID}")
43
- Cyberhaven::Incidents::Id::DetailedYaml("#{incidentID}")
44
- Cyberhaven::Incidents::Id::DetailedReport("#{incidentID}")
41
+ ## Detailed Incident by ID
42
+ Cyberhaven::Incidents::Id::DetailedJson("incidentID")
43
+ Cyberhaven::Incidents::Id::DetailedYaml("incidentID")
44
+ Cyberhaven::Incidents::Id::DetailedReport("incidentID")
45
45
 
46
- ## Summaried Incidents details by ID
47
- Cyberhaven::Incidents::Id::SummaryJson("#{incidentID}")
48
- Cyberhaven::Incidents::Id::SummaryYaml("#{incidentID}")
49
- Cyberhaven::Incidents::Id::SummaryReport("#{incidentID}")
46
+ ## Summarized Incident details by ID
47
+ Cyberhaven::Incidents::Id::SummaryJson("incidentID")
48
+ Cyberhaven::Incidents::Id::SummaryYaml("incidentID")
49
+ Cyberhaven::Incidents::Id::SummaryReport("incidentID")
50
50
 
51
51
  ## Incident details by user
52
- puts Cyberhaven::Incidents::User::DetailedRaw("username", "status", numberOfEvents)
53
- puts Cyberhaven::Incidents::User::DetailedJson("username", "status", numberOfEvents)
54
-
55
- #example
56
- puts Cyberhaven::Incidents::User::DetailedJson("joedaily", "unresolved", 100)
57
-
58
- • status options are: "ignored", "in_progress", "resolved", or "unresolved"
52
+ puts Cyberhaven::Incidents::User::TotalIncidents("username")
53
+ puts Cyberhaven::Incidents::User::AllIncidents("username")
54
+ Cyberhaven::Incidents::User::AllIncidentsCSV("username")
55
+ puts Cyberhaven::Incidents::User::AllIncidentsJson("username")
56
+ puts Cyberhaven::Incidents::User::AllIncidentsYaml("username")
59
57
  ```
60
58
 
61
59
  ---
data/cyberhaven-incidents.gemspec CHANGED
@@ -3,6 +3,7 @@
3
3
  require_relative "lib/cyberhaven/incidents/version"
4
4
  require_relative "lib/cyberhaven/incidents/id"
5
5
  require_relative "lib/cyberhaven/incidents/user"
6
+ require_relative "lib/cyberhaven/incidents/policy"
6
7
 
7
8
  Gem::Specification.new do |spec|
8
9
  spec.name = "cyberhaven-incidents"
data/lib/cyberhaven/incidents/policy.rb ADDED
@@ -0,0 +1,254 @@
1
+ # frozen_string_literal: true
2
+
3
+
4
+ require 'etc'
5
+ require 'csv'
6
+
7
+
8
+ module Cyberhaven
9
+ module Incidents
10
+ module Policy
11
+ def self.TotalPolicyIncidents(policyName)
12
+
13
+ $pageToken = "1"
14
+ loop do
15
+ unless $pageToken.empty?
16
+
17
+ if $pageToken == "1"
18
+ $pageToken = ""
19
+ end
20
+
21
+ $query ={
22
+ "filters":{
23
+ "category_names": [
24
+ "#{policyName}"
25
+ ],
26
+ },
27
+ "sort_by": "event_time",
28
+ "page_id": "#{$pageToken}",
29
+ "sort_desc": true
30
+ }.to_json
31
+
32
+ url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
33
+ https = Net::HTTP.new(url.host, url.port)
34
+ https.use_ssl = true
35
+ request = Net::HTTP::Get.new(url)
36
+ request["Content-Type"] = "application/json"
37
+ request["Authorization"] = "Bearer #{$bearerToken}"
38
+ request.body = $query
39
+ response = https.request(request)
40
+ status = response.code
41
+ results = JSON.parse(response.read_body)
42
+
43
+ puts results["total"]
44
+ else
45
+ break
46
+ end
47
+ end
48
+ end
49
+
50
+ def self.AllIncidentsResults(policyName)
51
+
52
+ $incidentArray = []
53
+
54
+ $pageToken = "1"
55
+ loop do
56
+ unless $pageToken.empty?
57
+
58
+ if $pageToken == "1"
59
+ $pageToken = ""
60
+ end
61
+
62
+ $query ={
63
+ "filters":{
64
+ "resolution_statuses":[
65
+ "unresolved", "ignored", "in_progress", "resolved"
66
+ ],
67
+ "category_names": [
68
+ "#{policyName}"
69
+ ],
70
+ },
71
+ "sort_by": "event_time",
72
+ "page_id": "#{$pageToken}",
73
+ "page_size": 1000,
74
+ "sort_desc": true
75
+ }.to_json
76
+
77
+ url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
78
+ https = Net::HTTP.new(url.host, url.port)
79
+ https.use_ssl = true
80
+ request = Net::HTTP::Get.new(url)
81
+ request["Content-Type"] = "application/json"
82
+ request["Authorization"] = "Bearer #{$bearerToken}"
83
+ request.body = $query
84
+ response = https.request(request)
85
+ status = response.code
86
+ results = JSON.parse(response.read_body)
87
+
88
+ $pageToken = results["next_page_id"]
89
+ results["incidents"].each do |item|
90
+ $incidentArray.push(item)
91
+ end
92
+ else
93
+ break
94
+ end
95
+ end
96
+ end
97
+
98
+ def self.AllIncidents(policyName)
99
+ AllIncidentsResults("#{policyName}")
100
+ return $incidentArray
101
+ end
102
+
103
+ def self.AllIncidentsCSV(policyName)
104
+ now_date = DateTime.now
105
+ datetime = now_date.strftime('%Y%m%d')
106
+ $currentUser = ENV['USER']
107
+ $reportPath="/Users/#{$currentUser}/Desktop/#{datetime}_#{policyName}_report.csv"
108
+
109
+ $pageToken = "1"
110
+ $incidentArray = []
111
+
112
+ loop do
113
+ unless $pageToken.empty?
114
+
115
+ if $pageToken == "1"
116
+ $pageToken = ""
117
+ end
118
+
119
+ $query ={
120
+ "filters":{
121
+ "resolution_statuses":[
122
+ "unresolved", "ignored", "in_progress", "resolved"
123
+ ],
124
+ "category_names": [
125
+ "#{policyName}"
126
+ ],
127
+ },
128
+ "page_id": "#{$pageToken}",
129
+ "sort_by": "event_time",
130
+ "page_size": 1000,
131
+ "sort_desc": true
132
+ }.to_json
133
+
134
+ url = URI("https://dailypay.cyberhaven.io/api/rest/v1/incidents/list")
135
+ https = Net::HTTP.new(url.host, url.port)
136
+ https.use_ssl = true
137
+ request = Net::HTTP::Get.new(url)
138
+ request["Content-Type"] = "application/json"
139
+ request["Authorization"] = "Bearer #{$bearerToken}"
140
+ request.body = $query
141
+ response = https.request(request)
142
+ status = response.code
143
+ results = JSON.parse(response.read_body)
144
+
145
+ $pageToken = results["next_page_id"]
146
+ # puts results["total"]
147
+ # puts results["next_page_id"]
148
+
149
+ array = []
150
+ results["incidents"].each do |item|
151
+ $incident_hash = {
152
+ "Event Time" => "#{item["event_time"]}",
153
+ "Trigger Time" => "#{item["trigger_time"]}",
154
+ "ID" => "#{item["id"]}",
155
+ "Incident Risk Score" => "#{item["risk_score"]}",
156
+ "Policy Name" => "#{item["category"]["name"]}",
157
+ "Policy Severity" => "#{item["category"]["severity"]}",
158
+ "User" => "#{item["user"]}",
159
+ "Assignee" => "#{item["assignee"]}",
160
+ "Status" => "#{item["resolution_status"]}",
161
+ "Severity" => "#{item["severity"]}",
162
+ "Dataset Name" => "#{item["dataset"]["name"]}",
163
+ "Category Severity" => "#{item["category"]["severity"]}",
164
+ "File" => "#{item["file"]}",
165
+ "Data Path" => "#{item["data"]["path"]}",
166
+ "Source Path" => "#{item["source_data"]["path"]}",
167
+ "Content Tags" => "#{item["content_tags"]}",
168
+ "Source Path " => "#{item["edge"]["source"]["path"]}",
169
+ "Source Extension" => "#{item["edge"]["source"]["extension"]}",
170
+ "Source Url" => "#{item["edge"]["source"]["url"]}",
171
+ "Source Browser Url" => "#{item["edge"]["source"]["browser_page_url"]}",
172
+ "Source Domain" => "#{item["edge"]["source"]["browser_page_domain"]}",
173
+ "Source Browser Title" => "#{item["edge"]["source"]["browser_page_title"]}",
174
+ "Source Hostname" => "#{item["edge"]["source"]["hostname"]}",
175
+ "Source URI" => "#{item["edge"]["source"]["content_uri"]}",
176
+ "Source Location" => "#{item["edge"]["source"]["location"]}",
177
+ "Source Location Outline" => "#{item["edge"]["source"]["location_outline"]}",
178
+ "Source Category" => "#{item["edge"]["source"]["category"]}",
179
+ "Source Links" => "#{item["edge"]["source"]["links"]}",
180
+ "Source ID" => "#{item["edge"]["source"]["links"]}",
181
+ "Tags Applied" => "#{item["edge"]["source"]["tags_applied"]}",
182
+ "Source Upload URI" => "#{item["edge"]["source"]["content_upload_uri"]}",
183
+ "Source Report URI" => "#{item["edge"]["source"]["content_report_uri"]}",
184
+ "Source Event Type" => "#{item["edge"]["source"]["event_type"]}",
185
+ "Source Sensor Name" => "#{item["edge"]["source"]["sensor_name"]}",
186
+ "Source Local User" => "#{item["edge"]["source"]["local_user_name"]}",
187
+ "Source Local User ID" => "#{item["edge"]["source"]["local_user_sid"]}",
188
+ "Source Local Time" => "#{item["edge"]["source"]["local_time"]}",
189
+ "Source Local Machine" => "#{item["edge"]["source"]["local_machine_name"]}",
190
+ "Source Endpoint ID" => "#{item["edge"]["source"]["endpoint_id"]}",
191
+ "Source Local ID" => "#{item["edge"]["source"]["local_id"]}",
192
+ "Destination Path" => "#{item["edge"]["destination"]["path"]}",
193
+ "Destination Extension" => "#{item["edge"]["destination"]["extension"]}",
194
+ "Destination Upload File ID" => "#{item["edge"]["destination"]["upload_file_id"]}",
195
+ "Destination Browser Page Title" => "#{item["edge"]["destination"]["browser_page_title"]}",
196
+ "Destination Hostname" => "#{item["edge"]["destination"]["hostname"]}",
197
+ "Destination MD5" => "#{item["edge"]["destination"]["md5_hash"]}",
198
+ "Destination File Size" => "#{item["edge"]["destination"]["file_size"]}",
199
+ "Destination Path Components" => "#{item["edge"]["destination"]["path_components"]}",
200
+ "Destination Path Basename" => "#{item["edge"]["destination"]["path_basename"]}",
201
+ "Destination Domain" => "#{item["edge"]["destination"]["domain"]}",
202
+ "Destination URI" => "#{item["edge"]["destination"]["content_uri"]}",
203
+ "Destination Location" => "#{item["edge"]["destination"]["location"]}",
204
+ "Destination Location Outline" => "#{item["edge"]["destination"]["location_outline"]}",
205
+ "Destination Category" => "#{item["edge"]["destination"]["category"]}",
206
+ "Destination Links" => "#{item["edge"]["destination"]["links"]}",
207
+ "Destination Event Type" => "#{item["edge"]["destination"]["event_type"]}",
208
+ "Destination Sensor Name" => "#{item["edge"]["destination"]["sensor_name"]}",
209
+ "Destination Local User" => "#{item["edge"]["destination"]["local_user_name"]}",
210
+ "Destination Local User ID" => "#{item["edge"]["destination"]["local_user_sid"]}",
211
+ "Destination Local Time" => "#{item["edge"]["destination"]["local_time"]}",
212
+ "Destination Local Machine" => "#{item["edge"]["destination"]["local_machine_name"]}",
213
+ "Destination Endpoint ID" => "#{item["edge"]["destination"]["endpoint_id"]}",
214
+ "Destination Local ID" => "#{item["edge"]["destination"]["local_id"]}",
215
+ "Destination Blocked" => "#{item["edge"]["destination"]["blocked"]}",
216
+ "Destination Data Size" => "#{item["edge"]["destination"]["data_size"]}",
217
+ "Destination Google Drive ID" => "#{item["edge"]["destination"]["gdrive_file_id"]}",
218
+ "Destination Cloud Provider" => "#{item["edge"]["destination"]["cloud_provider"]}",
219
+ "Destination Cloud App" => "#{item["edge"]["destination"]["cloud_app"]}",
220
+ "Destination Cloud Account" => "#{item["edge"]["destination"]["cloud_app_account"]}",
221
+ "Destination Scan ID" => "#{item["edge"]["destination"]["dlp_scan_linking_id"]}"
222
+ }
223
+ $incidentArray.push($incident_hash)
224
+ end
225
+ else
226
+ break
227
+ end
228
+ end
229
+
230
+ CSV.open("#{$reportPath}", 'w') do |csv|
231
+ # Write the header based on the keys of the first hash
232
+ csv << $incidentArray.first.keys
233
+
234
+ # Write each hash as a row in the CSV file
235
+ $incidentArray.each do |hash|
236
+ csv << hash.values
237
+ end
238
+ end
239
+ puts "Finished writting report: #{$reportPath}"
240
+ end
241
+
242
+ def self.AllIncidentsJson(policyName)
243
+ AllIncidentsResults("#{policyName}")
244
+ return $incidentArray.to_json
245
+ end
246
+
247
+ def self.AllIncidentsYaml(policyName)
248
+ AllIncidentsResults("#{policyName}")
249
+ return $incidentArray.to_yaml
250
+ end
251
+
252
+ end
253
+ end
254
+ end
data/lib/cyberhaven/incidents/user.rb CHANGED
@@ -1,11 +1,15 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
 
4
+ require 'etc'
5
+ require 'csv'
6
+ # require "set"
7
+
8
+
4
9
  module Cyberhaven
5
10
  module Incidents
6
11
  module User
7
- ## DETAILED VERBOSE ----------------------------------------------------
8
- def self.DetailedRaw(username, status, numberOfEvents)
12
+ def self.TotalIncidents(username)
9
13
 
10
14
  $pageToken = "1"
11
15
  loop do
@@ -17,15 +21,15 @@ module Cyberhaven
17
21
 
18
22
  $query ={
19
23
  "filters":{
20
- "resolution_statuses": [
21
- "#{status}"
22
- ],
24
+ # "resolution_statuses": [
25
+ # "#{status}"
26
+ # ],
23
27
  "users": [
24
28
  "#{username}"
25
29
  ],
26
30
  },
27
31
  "sort_by": "event_time",
28
- "page_size": numberOfEvents,
32
+ "page_id": "#{$pageToken}",
29
33
  "sort_desc": true
30
34
  }.to_json
31
35
 
@@ -40,317 +44,215 @@ module Cyberhaven
40
44
  status = response.code
41
45
  results = JSON.parse(response.read_body)
42
46
 
43
- pageToken = results["next_page_id"]
44
- $data = results["incidents"]
45
- return $data
47
+ puts results["total"]
46
48
  else
47
49
  break
48
50
  end
49
51
  end
50
52
  end
51
-
52
- def self.DetailedJson(username, status, numberOfEvents)
53
- DetailedRaw("#{username}", "#{status}", numberOfEvents)
54
- return $data.to_json
55
- end
56
-
57
- # def self.DetailedYaml(incidentID)
58
- # DetailedRaw("#{incidentID}")
59
- # puts $data.to_yaml
60
- # end
61
-
62
- # def self.DetailedReport(incidentID)
63
- # $query ={
64
- # "filters":{
65
- # "incident_ids": [
66
- # "#{incidentID}"
67
- # ],
68
- # },
69
- # "sort_by": "event_time",
70
- # "page_size": 1,
71
- # "sort_desc": true
72
- # }.to_json
73
53
 
74
- # url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
75
- # https = Net::HTTP.new(url.host, url.port)
76
- # https.use_ssl = true
77
- # request = Net::HTTP::Get.new(url)
78
- # request["Content-Type"] = "application/json"
79
- # request["Authorization"] = "Bearer #{$bearerToken}"
80
- # request.body = $query
81
- # response = https.request(request)
82
- # status = response.code
83
- # results = JSON.parse(response.read_body)
54
+ def self.AllIncidentsResults(username)
55
+
56
+ $incidentArray = []
84
57
 
85
- # results["incidents"].each do |item|
86
- # puts "INCIDENT ID: #{item["id"]}"
87
- # puts " EVENT TIME: #{item["event_time"]}"
88
- # puts " TRIGGER TIME: #{item["trigger_time"]}"
89
- # puts " POLICY NAME: #{item["category"]["name"]}"
90
- # puts " POLICY SEVERITY: #{item["category"]["severity"]}"
91
- # puts " USER: #{item["user"]}"
92
- # puts " STATUS: #{item["resolution_status"]}"
93
- # puts " OUTDATED POLICY: #{item["outdated_policy"]}"
94
- # puts " FILE: #{item["file"]}"
95
- # puts " FILE PATH: #{item["data"]["path"]}"
96
- # puts " SOURCE DATA: #{item["source_data"]["path"]}"
97
- # puts " PERSONAL INFO:"
98
- # if ! item["personal_info"].nil?
99
- # item["personal_info"].each do |personalItem|
100
- # puts " #{personalItem}"
101
- # end
102
- # end
103
- # puts " ASSIGNEE: #{item["assignee"]}"
104
- # puts " CONTENT TAGS: #{item["content_tags"]}"
105
- # puts " RESPONSE: #{item["incident_response"]}"
106
- # puts " REACTION: #{item["incident_reactions"]}"
107
- # puts " ADMIN HISTORY: #{item["admin_history"]}"
108
- # puts " CATEGOERY MODIFIED: #{item["category_last_modified"]}"
109
- # puts " DATASET MODIFIED: #{item["dataset_last_modified"]}"
110
- # puts " ALERT ID: #{item["alert_id"]}"
111
- # puts " SCREENSHOT GUID: #{item["screenshot_guid"]}"
112
- # puts ""
58
+ $pageToken = "1"
59
+ loop do
60
+ unless $pageToken.empty?
113
61
 
114
- # puts " DATASET:"
115
- # puts " ID: #{item["dataset"]["id"]}"
116
- # puts " NAME: #{item["dataset"]["name"]}"
117
- # puts " SENSITIVITY: #{item["dataset"]["sensitivity"]}"
118
- # puts " LAST MODIFIED: #{item["dataset"]["last_modified"]}"
119
- # puts ""
62
+ if $pageToken == "1"
63
+ $pageToken = ""
64
+ end
120
65
 
121
- # puts " POLICY:"
122
- # puts " ID: #{item["category"]["id"]}"
123
- # puts " NAME: #{item["category"]["name"]}"
124
- # puts " SEVERITY: #{item["category"]["severity"]}"
125
- # puts " DATASET IDS: #{item["category"]["dataset_ids"]}"
126
- # puts " EXCLUDE ORIGIN: #{item["category"]["exclude_origin"]}"
127
- # puts " LAST MODIFIED: #{item["category"]["last_modified"]}"
128
- # puts " SELECTION TYPE: #{item["category"]["selection_type"]}"
129
- # puts " RULE:"
130
- # puts " ID: #{item["category"]["rule"]["id"]}"
131
- # puts " STATUS: #{item["category"]["rule"]["status"]}"
132
- # puts " CREATE INCIDENT: #{item["category"]["rule"]["create_incident"]}"
133
- # puts " RECORD SCREENSHOT: #{item["category"]["rule"]["record_screenshots"]}"
134
- # puts " NOTIFY ENABLED: #{item["category"]["rule"]["notify_enabled"]}"
135
- # puts " NOTIFY STATUS: #{item["category"]["rule"]["notify_status"]}"
136
- # puts " NOTIFY EMAIL: #{item["category"]["rule"]["notify_email"]}"
137
- # puts " SHOW TITLE: #{item["category"]["rule"]["show_title"]}"
138
- # puts " SHOW LOGO: #{item["category"]["rule"]["show_logo"]}"
139
- # puts " REQUIRE JUSTIFICATION: #{item["category"]["rule"]["require_justification"]}"
140
- # puts " REQUIRE ACKNOWLEDGEMENT: #{item["category"]["rule"]["should_ack_warning"]}"
141
- # puts " ALLOW REVIEW: #{item["category"]["rule"]["allow_request_review"]}"
142
- # puts " OVERRIDE ENABLED: #{item["category"]["rule"]["override_enabled"]}"
143
- # puts " BLOCKING ACTION: #{item["category"]["rule"]["blocking_action"]}"
144
- # puts " INCIDENT ACTION: #{item["category"]["rule"]["incident_action"]}"
145
- # puts " WARNING MESSAGE:"
146
- # puts " TITLE: #{item["category"]["rule"]["warning_dialog"]["title"]}"
147
- # puts " EXPLANATION: #{item["category"]["rule"]["warning_dialog"]["explanation"]}"
148
- # puts " PLACEHOLDER: #{item["category"]["rule"]["warning_dialog"]["placeholder"]}"
149
- # puts " CHECK TEXT: #{item["category"]["rule"]["warning_dialog"]["check_text"]}"
150
- # puts " REVIEW CHECK TEXT: #{item["category"]["rule"]["warning_dialog"]["review_check_text"]}"
151
- # puts " SUBMIT LABEL: #{item["category"]["rule"]["warning_dialog"]["submit_label"]}"
152
- # puts " ALLOW LABEL: #{item["category"]["rule"]["warning_dialog"]["allow_label"]}"
153
- # puts " BLOCKING MESSAGE:"
154
- # puts " TITLE: #{item["category"]["rule"]["blocking_dialog"]["title"]}"
155
- # puts " EXPLANATION: #{item["category"]["rule"]["blocking_dialog"]["explanation"]}"
156
- # puts " PLACEHOLDER: #{item["category"]["rule"]["blocking_dialog"]["placeholder"]}"
157
- # puts " CHECK TEXT: #{item["category"]["rule"]["blocking_dialog"]["check_text"]}"
158
- # puts " REVIEW CHECK TEXT: #{item["category"]["rule"]["blocking_dialog"]["review_check_text"]}"
159
- # puts " SUBMIT LABEL: #{item["category"]["rule"]["blocking_dialog"]["submit_label"]}"
160
- # puts " ALLOW LABEL: #{item["category"]["rule"]["blocking_dialog"]["allow_label"]}"
161
- # puts ""
162
-
163
- # puts " SOURCE INFORMATION:"
164
- # puts " PATH: #{item["edge"]["source"]["path"]}"
165
- # puts " EXTENSION: #{item["edge"]["source"]["extension"]}"
166
- # puts " URL: #{item["edge"]["source"]["url"]}"
167
- # puts " BROWSER URL: #{item["edge"]["source"]["browser_page_url"]}"
168
- # puts " BROWSER DOMAIN: #{item["edge"]["source"]["browser_page_domain"]}"
169
- # puts " BROWSER TITLE: #{item["edge"]["source"]["browser_page_title"]}"
170
- # puts " HOSTNAME: #{item["edge"]["source"]["hostname"]}"
171
- # puts " URI: #{item["edge"]["source"]["content_uri"]}"
172
- # puts " LOCATION: #{item["edge"]["source"]["location"]}"
173
- # puts " LOCATION OUTLINE: #{item["edge"]["source"]["location_outline"]}"
174
- # puts " CATEGORY: #{item["edge"]["source"]["category"]}"
175
- # puts " LINKS: #{item["edge"]["source"]["links"]}"
176
- # puts " ID: #{item["edge"]["source"]["raw_id"]}"
177
- # puts " TAGS: #{item["edge"]["source"]["tags_applied"]}"
178
- # puts " UPLOAD URI: #{item["edge"]["source"]["content_upload_uri"]}"
179
- # puts " REPORT URI: #{item["edge"]["source"]["content_report_uri"]}"
180
- # puts " TAGS: #{item["edge"]["source"]["tags_applied"]}"
181
- # puts " EVENT TYPE: #{item["edge"]["source"]["event_type"]}"
182
- # puts " SENSOR: #{item["edge"]["source"]["sensor_name"]}"
183
- # puts " USERNAME: #{item["edge"]["source"]["local_user_name"]}"
184
- # puts " USER ID: #{item["edge"]["source"]["local_user_sid"]}"
185
- # puts " LOCAL TIME: #{item["edge"]["source"]["local_time"]}"
186
- # puts " MACHINE NAME: #{item["edge"]["source"]["local_machine_name"]}"
187
- # puts " ENDPIONT ID: #{item["edge"]["source"]["endpoint_id"]}"
188
- # puts " GROUP NAME: #{item["edge"]["source"]["group_name"]}"
189
- # puts " LOCAL ID: #{item["edge"]["source"]["local_id"]}"
190
- # puts " BLOCKED: #{item["edge"]["source"]["blocked"]}"
191
- # puts " DATA SIZE: #{item["edge"]["source"]["data_size"]}"
192
- # puts ""
66
+ $query ={
67
+ "filters":{
68
+ "resolution_statuses":[
69
+ "unresolved", "ignored", "in_progress", "resolved"
70
+ ],
71
+ "users": [
72
+ "#{username}"
73
+ ],
74
+ },
75
+ "sort_by": "event_time",
76
+ "page_id": "#{$pageToken}",
77
+ "page_size": 1000,
78
+ "sort_desc": true
79
+ }.to_json
80
+
81
+ url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
82
+ https = Net::HTTP.new(url.host, url.port)
83
+ https.use_ssl = true
84
+ request = Net::HTTP::Get.new(url)
85
+ request["Content-Type"] = "application/json"
86
+ request["Authorization"] = "Bearer #{$bearerToken}"
87
+ request.body = $query
88
+ response = https.request(request)
89
+ status = response.code
90
+ results = JSON.parse(response.read_body)
91
+
92
+ $pageToken = results["next_page_id"]
93
+ results["incidents"].each do |item|
94
+ $incidentArray.push(item)
95
+ end
96
+ else
97
+ break
98
+ end
99
+ end
100
+ end
193
101
 
194
- # puts " DESTINATION INFORMATION:"
195
- # puts " PATH: #{item["edge"]["destination"]["path"]}"
196
- # puts " EXTENSION: #{item["edge"]["destination"]["extension"]}"
197
- # puts " UPLOAD FILE ID: #{item["edge"]["destination"]["upload_file_id"]}"
198
- # puts " URL: #{item["edge"]["destination"]["url"]}"
199
- # puts " BROWSER TITLE: #{item["edge"]["destination"]["browser_page_title"]}"
200
- # puts " HOSTNAME: #{item["edge"]["destination"]["hostname"]}"
201
- # puts " MD5: #{item["edge"]["destination"]["md5_hash"]}"
202
- # puts " FILE SIZE: #{item["edge"]["destination"]["file_size"]}"
203
- # puts " PATH COMPONENTS: #{item["edge"]["destination"]["path_components"]}"
204
- # puts " BASENAME: #{item["edge"]["destination"]["path_basename"]}"
205
- # puts " DOMAIN COMPONENTS: #{item["edge"]["destination"]["domain_components"]}"
206
- # puts " DOMAIN: #{item["edge"]["destination"]["domain"]}"
207
- # puts " URI: #{item["edge"]["destination"]["content_uri"]}"
208
- # puts " LOCATION: #{item["edge"]["destination"]["location"]}"
209
- # puts " LOCATION OUTLINE: #{item["edge"]["destination"]["location_outline"]}"
210
- # puts " CATEGORY: #{item["edge"]["destination"]["category"]}"
211
- # puts " LINKS: #{item["edge"]["destination"]["links"]}"
212
- # puts " RAW ID: #{item["edge"]["destination"]["raw_id"]}"
213
- # puts " TAGS: #{item["edge"]["destination"]["tags_applied"]}"
214
- # puts " CONTENT UPLOAD URI: #{item["edge"]["destination"]["content_upload_uri"]}"
215
- # puts " CONTENT REPORT URI: #{item["edge"]["destination"]["content_report_uri"]}"
216
- # puts " EVENT TYPE: #{item["edge"]["destination"]["event_type"]}"
217
- # puts " SENSOR: #{item["edge"]["destination"]["sensor_name"]}"
218
- # puts " LOCAL USERNAME: #{item["edge"]["destination"]["local_user_name"]}"
219
- # puts " LOCAL USERID: #{item["edge"]["destination"]["local_user_sid"]}"
220
- # puts " LOCAL TIME: #{item["edge"]["destination"]["local_time"]}"
221
- # puts " LOCAL MACHINE NAME: #{item["edge"]["destination"]["local_machine_name"]}"
222
- # puts " ENDPOINT ID: #{item["edge"]["destination"]["endpoint_id"]}"
223
- # puts " GROUP NAMES: #{item["edge"]["destination"]["group_name"]}"
224
- # puts " BLOCKED: #{item["edge"]["destination"]["blocked"]}"
225
- # puts " DATA SIZE: #{item["edge"]["destination"]["data_size"]}"
226
- # puts " LOCAL ID: #{item["edge"]["destination"]["local_id"]}"
227
- # puts " GDRIVE FILE ID: #{item["edge"]["destination"]["gdrive_file_id"]}"
228
- # puts " CLOUD PROVIDER: #{item["edge"]["destination"]["cloud_provider"]}"
229
- # puts " CLOUD APP: #{item["edge"]["destination"]["cloud_app"]}"
230
- # puts " CLOUD ACCOUNT: #{item["edge"]["destination"]["cloud_app_account"]}"
231
- # puts " DLP SCAN ID: #{item["edge"]["destination"][" dlp_scan_linking_id"]}"
232
- # puts ""
233
- # end
234
- # end
102
+ def self.AllIncidents(username)
103
+ AllIncidentsResults("#{username}")
104
+ return $incidentArray
105
+ end
235
106
 
107
+ def self.AllIncidentsCSV(username)
108
+ now_date = DateTime.now
109
+ datetime = now_date.strftime('%Y%m%d')
110
+ $currentUser = ENV['USER']
111
+ $reportPath="/Users/#{$currentUser}/Desktop/#{datetime}_#{username}_report.csv"
236
112
 
237
- # ## SUMMARIES -----------------------------------------------------------
238
- # def self.SummaryRaw(incidentID)
239
- # $query ={
240
- # "filters":{
241
- # "incident_ids": [
242
- # "#{incidentID}"
243
- # ],
244
- # },
245
- # "sort_by": "event_time",
246
- # "page_size": 1,
247
- # "sort_desc": true
248
- # }.to_json
113
+ $pageToken = "1"
114
+ $incidentArray = []
115
+
116
+ loop do
117
+ unless $pageToken.empty?
249
118
 
250
- # url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
251
- # https = Net::HTTP.new(url.host, url.port)
252
- # https.use_ssl = true
253
- # request = Net::HTTP::Get.new(url)
254
- # request["Content-Type"] = "application/json"
255
- # request["Authorization"] = "Bearer #{$bearerToken}"
256
- # request.body = $query
257
- # response = https.request(request)
258
- # status = response.code
259
- # results = JSON.parse(response.read_body)
260
-
261
- # results["incidents"].each do |item|
262
- # $data = {
263
- # values: {
264
- # "incident_id": " #{item["id"]}".to_s,
265
- # "event_time": " #{item["event_time"]}".to_s,
266
- # "policy_name": "#{item["category"]["name"]}".to_s,
267
- # "policy_severity": " #{item["category"]["severity"]}".to_s,
268
- # "user": "#{item["user"]}".to_s,
269
- # "status": "#{item["resolution_status"]}".to_s,
270
- # "dataset": "#{item["dataset"]["name"]}".to_s,
271
- # "dataset_sensitivity": "#{item["dataset"]["sensitivity"]}".to_i,
272
- # "ploiicy_severity": "#{item["category"]["severity"]}".to_i,
273
- # "create_incident": " #{item["category"]["rule"]["create_incident"]}".to_s,
274
- # "incident_action": "#{item["category"]["rule"]["incident_action"]}".to_s,
275
- # "src_url": "#{item["edge"]["source"]["url"]}".to_s,
276
- # "src_browser_url": "#{item["edge"]["source"]["browser_page_url"]}".to_s,
277
- # "src_browser_domain": " #{item["edge"]["source"]["browser_page_domain"]}".to_s,
278
- # "src_browser_title": "#{item["edge"]["source"]["browser_page_title"]}".to_s,
279
- # "src_location": "#{item["edge"]["destination"]["location"]}".to_s,
280
- # "src_location_outline": "#{item["edge"]["source"]["location_outline"]}".to_s,
281
- # "src_category": "#{item["edge"]["source"]["category"]}".to_s,
282
- # "dst_browser_title": "#{item["edge"]["destination"]["browser_page_title"]}".to_s,
283
- # "dst_basename": "#{item["edge"]["destination"]["path_basename"]}".to_s,
284
- # "dst_domain": "#{item["edge"]["destination"]["domain"]}".to_s,
285
- # "dest_location": "#{item["edge"]["destination"]["location"]}".to_s,
286
- # "dst_location_outline": "#{item["edge"]["destination"]["location_outline"]}".to_s,
287
- # "dst_category": "#{item["edge"]["destination"]["category"]}".to_s,
288
- # "dst_event_type": "#{item["edge"]["destination"]["event_type"]}".to_s,
289
- # "dst_sensor": "#{item["edge"]["destination"]["sensor_name"]}".to_s,
290
- # "dst_local_username": "#{item["edge"]["destination"]["local_user_name"]}".to_s,
291
- # "dst_local_machine_name": "#{item["edge"]["destination"]["local_machine_name"]}".to_s,
292
- # "dst_blocked": "#{item["edge"]["destination"]["blocked"]}".to_s,
293
- # "dst_data_size": "#{item["edge"]["destination"]["data_size"]}".to_s,
294
- # "dst_gdrive_file_id": "#{item["edge"]["destination"]["gdrive_file_id"]}".to_s,
295
- # "dst_cloud_provider": "#{item["edge"]["destination"]["cloud_provider"]}".to_s,
296
- # "dst_cloud_app": "#{item["edge"]["destination"]["cloud_app"]}".to_s,
297
- # "dst_cloud_account": "#{item["edge"]["destination"]["cloud_app_account"]}".to_s,
298
- # }}
299
- # return $data
300
- # end
301
- # end
302
-
303
- # def self.SummaryJson(incidentID)
304
- # SummaryRaw("#{incidentID}")
305
- # puts $data.to_json
306
- # end
119
+ if $pageToken == "1"
120
+ $pageToken = ""
121
+ end
122
+
123
+ $query ={
124
+ "filters":{
125
+ "resolution_statuses":[
126
+ "unresolved", "ignored", "in_progress", "resolved"
127
+ ],
128
+ "users": [
129
+ "#{username}"
130
+ ],
131
+ },
132
+ "page_id": "#{$pageToken}",
133
+ "sort_by": "event_time",
134
+ "page_size": 1000,
135
+ "sort_desc": true
136
+ }.to_json
137
+
138
+ url = URI("https://dailypay.cyberhaven.io/api/rest/v1/incidents/list")
139
+ https = Net::HTTP.new(url.host, url.port)
140
+ https.use_ssl = true
141
+ request = Net::HTTP::Get.new(url)
142
+ request["Content-Type"] = "application/json"
143
+ request["Authorization"] = "Bearer #{$bearerToken}"
144
+ request.body = $query
145
+ response = https.request(request)
146
+ status = response.code
147
+ results = JSON.parse(response.read_body)
148
+
149
+ $pageToken = results["next_page_id"]
150
+ # puts results["total"]
151
+ # puts results["next_page_id"]
307
152
 
308
- # def self.SummaryYaml(incidentID)
309
- # SummaryRaw("#{incidentID}")
310
- # puts $data.to_yaml
311
- # end
153
+ array = []
154
+ results["incidents"].each do |item|
155
+ $incident_hash = {
156
+ "Event Time" => "#{item["event_time"]}",
157
+ "Trigger Time" => "#{item["trigger_time"]}",
158
+ "ID" => "#{item["id"]}",
159
+ "Incident Risk Score" => "#{item["risk_score"]}",
160
+ "Policy Name" => "#{item["category"]["name"]}",
161
+ "Policy Severity" => "#{item["category"]["severity"]}",
162
+ "User" => "#{item["user"]}",
163
+ "Assignee" => "#{item["assignee"]}",
164
+ "Status" => "#{item["resolution_status"]}",
165
+ "Severity" => "#{item["severity"]}",
166
+ "Dataset Name" => "#{item["dataset"]["name"]}",
167
+ "Category Severity" => "#{item["category"]["severity"]}",
168
+ "File" => "#{item["file"]}",
169
+ "Data Path" => "#{item["data"]["path"]}",
170
+ "Source Path" => "#{item["source_data"]["path"]}",
171
+ "Content Tags" => "#{item["content_tags"]}",
172
+ "Source Path " => "#{item["edge"]["source"]["path"]}",
173
+ "Source Extension" => "#{item["edge"]["source"]["extension"]}",
174
+ "Source Url" => "#{item["edge"]["source"]["url"]}",
175
+ "Source Browser Url" => "#{item["edge"]["source"]["browser_page_url"]}",
176
+ "Source Domain" => "#{item["edge"]["source"]["browser_page_domain"]}",
177
+ "Source Browser Title" => "#{item["edge"]["source"]["browser_page_title"]}",
178
+ "Source Hostname" => "#{item["edge"]["source"]["hostname"]}",
179
+ "Source URI" => "#{item["edge"]["source"]["content_uri"]}",
180
+ "Source Location" => "#{item["edge"]["source"]["location"]}",
181
+ "Source Location Outline" => "#{item["edge"]["source"]["location_outline"]}",
182
+ "Source Category" => "#{item["edge"]["source"]["category"]}",
183
+ "Source Links" => "#{item["edge"]["source"]["links"]}",
184
+ "Source ID" => "#{item["edge"]["source"]["links"]}",
185
+ "Tags Applied" => "#{item["edge"]["source"]["tags_applied"]}",
186
+ "Source Upload URI" => "#{item["edge"]["source"]["content_upload_uri"]}",
187
+ "Source Report URI" => "#{item["edge"]["source"]["content_report_uri"]}",
188
+ "Source Event Type" => "#{item["edge"]["source"]["event_type"]}",
189
+ "Source Sensor Name" => "#{item["edge"]["source"]["sensor_name"]}",
190
+ "Source Local User" => "#{item["edge"]["source"]["local_user_name"]}",
191
+ "Source Local User ID" => "#{item["edge"]["source"]["local_user_sid"]}",
192
+ "Source Local Time" => "#{item["edge"]["source"]["local_time"]}",
193
+ "Source Local Machine" => "#{item["edge"]["source"]["local_machine_name"]}",
194
+ "Source Endpoint ID" => "#{item["edge"]["source"]["endpoint_id"]}",
195
+ "Source Local ID" => "#{item["edge"]["source"]["local_id"]}",
196
+ "Destination Path" => "#{item["edge"]["destination"]["path"]}",
197
+ "Destination Extension" => "#{item["edge"]["destination"]["extension"]}",
198
+ "Destination Upload File ID" => "#{item["edge"]["destination"]["upload_file_id"]}",
199
+ "Destination Browser Page Title" => "#{item["edge"]["destination"]["browser_page_title"]}",
200
+ "Destination Hostname" => "#{item["edge"]["destination"]["hostname"]}",
201
+ "Destination MD5" => "#{item["edge"]["destination"]["md5_hash"]}",
202
+ "Destination File Size" => "#{item["edge"]["destination"]["file_size"]}",
203
+ "Destination Path Components" => "#{item["edge"]["destination"]["path_components"]}",
204
+ "Destination Path Basename" => "#{item["edge"]["destination"]["path_basename"]}",
205
+ "Destination Domain" => "#{item["edge"]["destination"]["domain"]}",
206
+ "Destination URI" => "#{item["edge"]["destination"]["content_uri"]}",
207
+ "Destination Location" => "#{item["edge"]["destination"]["location"]}",
208
+ "Destination Location Outline" => "#{item["edge"]["destination"]["location_outline"]}",
209
+ "Destination Category" => "#{item["edge"]["destination"]["category"]}",
210
+ "Destination Links" => "#{item["edge"]["destination"]["links"]}",
211
+ "Destination Event Type" => "#{item["edge"]["destination"]["event_type"]}",
212
+ "Destination Sensor Name" => "#{item["edge"]["destination"]["sensor_name"]}",
213
+ "Destination Local User" => "#{item["edge"]["destination"]["local_user_name"]}",
214
+ "Destination Local User ID" => "#{item["edge"]["destination"]["local_user_sid"]}",
215
+ "Destination Local Time" => "#{item["edge"]["destination"]["local_time"]}",
216
+ "Destination Local Machine" => "#{item["edge"]["destination"]["local_machine_name"]}",
217
+ "Destination Endpoint ID" => "#{item["edge"]["destination"]["endpoint_id"]}",
218
+ "Destination Local ID" => "#{item["edge"]["destination"]["local_id"]}",
219
+ "Destination Blocked" => "#{item["edge"]["destination"]["blocked"]}",
220
+ "Destination Data Size" => "#{item["edge"]["destination"]["data_size"]}",
221
+ "Destination Google Drive ID" => "#{item["edge"]["destination"]["gdrive_file_id"]}",
222
+ "Destination Cloud Provider" => "#{item["edge"]["destination"]["cloud_provider"]}",
223
+ "Destination Cloud App" => "#{item["edge"]["destination"]["cloud_app"]}",
224
+ "Destination Cloud Account" => "#{item["edge"]["destination"]["cloud_app_account"]}",
225
+ "Destination Scan ID" => "#{item["edge"]["destination"]["dlp_scan_linking_id"]}"
226
+ }
227
+ $incidentArray.push($incident_hash)
228
+ end
229
+ else
230
+ break
231
+ end
232
+ end
233
+
234
+ CSV.open("#{$reportPath}", 'w') do |csv|
235
+ # Write the header based on the keys of the first hash
236
+ csv << $incidentArray.first.keys
237
+
238
+ # Write each hash as a row in the CSV file
239
+ $incidentArray.each do |hash|
240
+ csv << hash.values
241
+ end
242
+ end
243
+ puts "Finished writting report: #{$reportPath}"
244
+ end
245
+
246
+ def self.AllIncidentsJson(username)
247
+ AllIncidentsResults("#{username}")
248
+ return $incidentArray.to_json
249
+ end
312
250
 
313
- # def self.SummaryReport(incidentID)
314
- # SummaryRaw("#{incidentID}")
251
+ def self.AllIncidentsYaml(incidentID)
252
+ AllIncidentsResults("#{incidentID}")
253
+ return $incidentArray.to_yaml
254
+ end
315
255
 
316
- # puts "INCIDENT ID: #{$data[:values][:incident_id]}"
317
- # puts " EVENT TIME: #{$data[:values][:event_time]}"
318
- # puts " POLICY NAME: #{$data[:values][:policy_name]}"
319
- # puts " POLICY SEVERITY: #{$data[:values][:policy_severity]}"
320
- # puts " USER: #{$data[:values][:user]}"
321
- # puts " STATUS: #{$data[:values][:status]}"
322
- # puts " DATASET NAME: #{$data[:values][:dataset]}"
323
- # puts " DATASET SENSITIVITY: #{$data[:values][:dataset_sensitivity]}"
324
- # puts " POLICY SEVERITY: #{$data[:values][:ploiicy_severity]}"
325
- # puts " CREATE INCIDENT: #{$data[:values][:create_incident]}"
326
- # puts " INCIDENT ACTION: #{$data[:values][:incident_action]}"
327
- # puts " SOURCE INFORMATION:"
328
- # puts " URL: #{$data[:values][:src_url]}"
329
- # puts " BROWSER URL: #{$data[:values][:src_browser_url]}"
330
- # puts " BROWSER DOMAIN: #{$data[:values][:src_browser_domain]}"
331
- # puts " BROWSER TITLE: #{$data[:values][:src_browser_title]}"
332
- # puts " LOCATION: #{$data[:values][:src_location]}"
333
- # puts " LOCATION OUTLINE: #{$data[:values][:src_location_outline]}"
334
- # puts " CATEGORY: #{$data[:values][:src_category]}"
335
- # puts " DESTINATION INFORMATION:"
336
- # puts " BROWSER TITLE: #{$data[:values][:dst_browser_title]}"
337
- # puts " BASENAME: #{$data[:values][:dst_basename]}"
338
- # puts " DOMAIN: #{$data[:values][:dst_domain]}"
339
- # puts " LOCATION: #{$data[:values][:dest_location]}"
340
- # puts " LOCATION OUTLINE: #{$data[:values][:dst_location_outline]}"
341
- # puts " CATEGORY: #{$data[:values][:dst_category]}"
342
- # puts " EVENT TYPE: #{$data[:values][:dst_event_type]}"
343
- # puts " SENSOR: #{$data[:values][:dst_sensor]}"
344
- # puts " LOCAL USERNAME: #{$data[:values][:dst_local_username]}"
345
- # puts " LOCAL MACHINE NAME: #{$data[:values][:dst_local_machine_name]}"
346
- # puts " BLOCKED: #{$data[:values][:dst_blocked]}"
347
- # puts " DATA SIZE: #{$data[:values][:dst_data_size]}"
348
- # puts " GDRIVE FILE ID: #{$data[:values][:dst_gdrive_file_id]}"
349
- # puts " CLOUD PROVIDER: #{$data[:values][:dst_cloud_provider]}"
350
- # puts " CLOUD APP: #{$data[:values][:dst_cloud_app]}"
351
- # puts " CLOUD ACCOUNT: #{$data[:values][:dst_cloud_account]}"
352
- # end
353
-
354
256
  end
355
257
  end
356
258
  end
data/lib/cyberhaven/incidents/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Cyberhaven
4
4
  module Incidents
5
- VERSION = "0.4.0"
5
+ VERSION = "0.5.0"
6
6
  end
7
7
  end
data/lib/cyberhaven/incidents.rb CHANGED
@@ -9,6 +9,7 @@ require 'base64'
9
9
  require_relative "incidents/version"
10
10
  require_relative "incidents/id"
11
11
  require_relative "incidents/user"
12
+ require_relative "incidents/policy"
12
13
 
13
14
  module Cyberhaven
14
15
  module Incidents
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cyberhaven-incidents
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - nic scott
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-01-05 00:00:00.000000000 Z
11
+ date: 2024-01-20 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description:
14
14
  email:
@@ -24,6 +24,7 @@ files:
24
24
  - cyberhaven-incidents.gemspec
25
25
  - lib/cyberhaven/incidents.rb
26
26
  - lib/cyberhaven/incidents/id.rb
27
+ - lib/cyberhaven/incidents/policy.rb
27
28
  - lib/cyberhaven/incidents/user.rb
28
29
  - lib/cyberhaven/incidents/version.rb
29
30
  - sig/cyberhaven/incidents.rbs