cyberhaven-incidents 0.4.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e1852bcc7cbcbb90acce8ad0a6958b9987b5dc77c81def0f2a3acf9704f5b759
+  data.tar.gz: 3fc25b31c33f5acd2cfc9977779fadf5df4ccb213680ea971ebfda52edf05602
+SHA512:
+  metadata.gz: e44d80eaab68028327e398fa3d88ce749d94c9a83876fbb34f6120f9e1f84f6ed8d58e483e17333272beb2f00e495bb315ab49eda46b3b882f0d9fe3f9389004
+  data.tar.gz: 90c4298aadf9d12d5e81eb35d611c6b0e6a8cef73d260f046664d1e1ddbc72f52241771ccb3ac6b545aaf12679848620b55ac42c8764f1198b80953494066da5

data/CHANGELOG.md

@@ -0,0 +1,32 @@
+
+## 0.4.0
+Add: add user incidenetss for status and number of events
+
+## 0.3.1
+Add: add json and yaml output formats for detailed view
+
+
+## 0.3.0
+Add: add json and yaml output formats for summary view
+
+## 0.2.5
+Add: incident totals for status'
+
+
+## 0.2.4
+Add: output in raw json
+
+## 0.2.3
+Add: split incident by ID into id.rb
+
+## 0.2.2
+Add: get incident details (verbose raw output)
+Add: get incident summary (formatted output)
+
+
+## 0.2.0
+Add: get incident details by incident id
+
+
+## 0.1.0
+- Initial Build

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 nic scott
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,63 @@
+# Cyberhaven::Incidents
+
+
+## Summary
+A ruby gem to interact with the Cyberhaven incident API. Tested on Cyberhaven version 23.11.
+
+---
+## Installation
+
+`sudo gem install cyberhaven-incidents`
+
+---
+## Usage
+
+In order to run Cyberhaven Incidents, you are required to add these two variables to the top of your file, under the require `cyberhaven-incidents` line.
+
+```ruby
+#!/usr/bin/ruby
+
+require "cyberhaven-incidents"
+
+## UPDATE THESE VARIABLES ------------------------------------------------------
+$refreshToken = "API-REFRESH-TOKEN"
+$deployment = "company.cyberhaven.io"
+```
+
+---
+## Example Commands
+
+```ruby
+## COMMANDS ########################################
+Cyberhaven::Incidents::getBearerToken
+
+## Incident Totals
+Cyberhaven::Incidents::totalIncidents
+Cyberhaven::Incidents::totalUnresolvedIncidents
+Cyberhaven::Incidents::totalIgnoredIncidents
+Cyberhaven::Incidents::totalInProgressIncidents
+Cyberhaven::Incidents::totalResolvedIncidents
+
+## Detailed Incident details by ID
+Cyberhaven::Incidents::Id::DetailedJson("#{incidentID}")
+Cyberhaven::Incidents::Id::DetailedYaml("#{incidentID}")
+Cyberhaven::Incidents::Id::DetailedReport("#{incidentID}")
+
+## Summaried Incidents details by ID
+Cyberhaven::Incidents::Id::SummaryJson("#{incidentID}")
+Cyberhaven::Incidents::Id::SummaryYaml("#{incidentID}")
+Cyberhaven::Incidents::Id::SummaryReport("#{incidentID}")
+
+## Incident details by user
+puts Cyberhaven::Incidents::User::DetailedRaw("username", "status", numberOfEvents)
+puts Cyberhaven::Incidents::User::DetailedJson("username", "status", numberOfEvents)
+
+#example
+puts Cyberhaven::Incidents::User::DetailedJson("joedaily", "unresolved", 100)
+
+• status options are: "ignored", "in_progress", "resolved", or "unresolved"
+```
+
+---
+## Reference
+https://storage.googleapis.com/cyberhaven-docs/redoc-static.html#/paths/~1api~1rest~1v1~1incidents~1list/post*

data/Rakefile

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+task default: %i[]

data/cyberhaven-incidents.gemspec

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require_relative "lib/cyberhaven/incidents/version"
+require_relative "lib/cyberhaven/incidents/id"
+require_relative "lib/cyberhaven/incidents/user"
+
+Gem::Specification.new do |spec|
+  spec.name = "cyberhaven-incidents"
+  spec.version = Cyberhaven::Incidents::VERSION
+  spec.authors = ["nic scott"]
+  spec.email = ["nls.inbox@gmail.com"]
+
+  spec.summary = "A ruby gem that interacts with the Cyberhaven Incident API"
+  spec.homepage = "https://github.com/nlscott/cyberhaven-incidents"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 2.6.0"
+
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (File.expand_path(f) == __FILE__) ||
+        f.start_with?(*%w[bin/ test/ spec/ features/ .git .circleci appveyor Gemfile])
+    end
+  end
+
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+end

data/lib/cyberhaven/incidents/id.rb

@@ -0,0 +1,338 @@
+# frozen_string_literal: true
+
+
+module Cyberhaven
+  module Incidents
+    module Id
+        ## DETAILED VERBOSE ----------------------------------------------------
+        def self.DetailedRaw(incidentID)
+            $query ={
+                "filters":{
+                    "incident_ids": [
+                        "#{incidentID}"
+                    ],
+                },
+                "sort_by": "event_time",
+                "page_size": 1,
+                "sort_desc": true
+            }.to_json
+    
+            url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
+            https = Net::HTTP.new(url.host, url.port)
+            https.use_ssl = true
+            request = Net::HTTP::Get.new(url)
+            request["Content-Type"] = "application/json"
+            request["Authorization"] = "Bearer #{$bearerToken}"
+            request.body = $query
+            response = https.request(request)
+            status = response.code
+            results = JSON.parse(response.read_body)
+
+            $data = results["incidents"]
+        end
+
+        def self.DetailedJson(incidentID)
+            DetailedRaw("#{incidentID}")
+            puts $data.to_json
+        end
+
+        def self.DetailedYaml(incidentID)
+            DetailedRaw("#{incidentID}")
+            puts $data.to_yaml
+        end
+
+        def self.DetailedReport(incidentID)
+            $query ={
+                "filters":{
+                    "incident_ids": [
+                        "#{incidentID}"
+                    ],
+                },
+                "sort_by": "event_time",
+                "page_size": 1,
+                "sort_desc": true
+            }.to_json
+        
+            url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
+            https = Net::HTTP.new(url.host, url.port)
+            https.use_ssl = true
+            request = Net::HTTP::Get.new(url)
+            request["Content-Type"] = "application/json"
+            request["Authorization"] = "Bearer #{$bearerToken}"
+            request.body = $query
+            response = https.request(request)
+            status = response.code
+            results = JSON.parse(response.read_body)
+            
+            results["incidents"].each do |item|
+                puts "INCIDENT ID: #{item["id"]}"
+                puts "  EVENT TIME: #{item["event_time"]}"
+                puts "  TRIGGER TIME: #{item["trigger_time"]}"
+                puts "  POLICY NAME: #{item["category"]["name"]}"
+                puts "  POLICY SEVERITY: #{item["category"]["severity"]}"
+                puts "  USER: #{item["user"]}"
+                puts "  STATUS: #{item["resolution_status"]}"
+                puts "  OUTDATED POLICY: #{item["outdated_policy"]}"
+                puts "  FILE: #{item["file"]}"
+                puts "  FILE PATH: #{item["data"]["path"]}"
+                puts "  SOURCE DATA: #{item["source_data"]["path"]}"
+                puts "  PERSONAL INFO:"
+                if ! item["personal_info"].nil?
+                    item["personal_info"].each do |personalItem|
+                        puts "    #{personalItem}"
+                    end
+                end
+                puts "  ASSIGNEE: #{item["assignee"]}"
+                puts "  CONTENT TAGS: #{item["content_tags"]}"
+                puts "  RESPONSE: #{item["incident_response"]}"
+                puts "  REACTION: #{item["incident_reactions"]}"
+                puts "  ADMIN HISTORY: #{item["admin_history"]}"
+                puts "  CATEGOERY MODIFIED: #{item["category_last_modified"]}"
+                puts "  DATASET MODIFIED: #{item["dataset_last_modified"]}"
+                puts "  ALERT ID: #{item["alert_id"]}"
+                puts "  SCREENSHOT GUID: #{item["screenshot_guid"]}"
+                puts ""
+        
+                puts "  DATASET:"
+                puts "    ID: #{item["dataset"]["id"]}"
+                puts "    NAME: #{item["dataset"]["name"]}"
+                puts "    SENSITIVITY: #{item["dataset"]["sensitivity"]}"
+                puts "    LAST MODIFIED: #{item["dataset"]["last_modified"]}"
+                puts ""
+
+                puts "  POLICY:"
+                puts "    ID: #{item["category"]["id"]}"
+                puts "    NAME: #{item["category"]["name"]}"
+                puts "    SEVERITY: #{item["category"]["severity"]}"
+                puts "    DATASET IDS: #{item["category"]["dataset_ids"]}"
+                puts "    EXCLUDE ORIGIN: #{item["category"]["exclude_origin"]}"
+                puts "    LAST MODIFIED: #{item["category"]["last_modified"]}"
+                puts "    SELECTION TYPE: #{item["category"]["selection_type"]}"
+                puts "    RULE:"
+                puts "      ID: #{item["category"]["rule"]["id"]}"
+                puts "      STATUS: #{item["category"]["rule"]["status"]}"
+                puts "      CREATE INCIDENT: #{item["category"]["rule"]["create_incident"]}"
+                puts "      RECORD SCREENSHOT: #{item["category"]["rule"]["record_screenshots"]}"
+                puts "      NOTIFY ENABLED: #{item["category"]["rule"]["notify_enabled"]}"
+                puts "      NOTIFY STATUS: #{item["category"]["rule"]["notify_status"]}"
+                puts "      NOTIFY EMAIL: #{item["category"]["rule"]["notify_email"]}"
+                puts "      SHOW TITLE: #{item["category"]["rule"]["show_title"]}"
+                puts "      SHOW LOGO: #{item["category"]["rule"]["show_logo"]}"
+                puts "      REQUIRE JUSTIFICATION: #{item["category"]["rule"]["require_justification"]}"
+                puts "      REQUIRE ACKNOWLEDGEMENT: #{item["category"]["rule"]["should_ack_warning"]}"
+                puts "      ALLOW REVIEW: #{item["category"]["rule"]["allow_request_review"]}"
+                puts "      OVERRIDE ENABLED: #{item["category"]["rule"]["override_enabled"]}"
+                puts "      BLOCKING ACTION: #{item["category"]["rule"]["blocking_action"]}"
+                puts "      INCIDENT ACTION: #{item["category"]["rule"]["incident_action"]}"
+                puts "      WARNING MESSAGE:"
+                puts "        TITLE: #{item["category"]["rule"]["warning_dialog"]["title"]}"
+                puts "        EXPLANATION: #{item["category"]["rule"]["warning_dialog"]["explanation"]}"
+                puts "        PLACEHOLDER: #{item["category"]["rule"]["warning_dialog"]["placeholder"]}"
+                puts "        CHECK TEXT: #{item["category"]["rule"]["warning_dialog"]["check_text"]}"
+                puts "        REVIEW CHECK TEXT: #{item["category"]["rule"]["warning_dialog"]["review_check_text"]}"
+                puts "        SUBMIT LABEL: #{item["category"]["rule"]["warning_dialog"]["submit_label"]}"
+                puts "        ALLOW LABEL: #{item["category"]["rule"]["warning_dialog"]["allow_label"]}"
+                puts "      BLOCKING MESSAGE:"
+                puts "        TITLE: #{item["category"]["rule"]["blocking_dialog"]["title"]}"
+                puts "        EXPLANATION: #{item["category"]["rule"]["blocking_dialog"]["explanation"]}"
+                puts "        PLACEHOLDER: #{item["category"]["rule"]["blocking_dialog"]["placeholder"]}"
+                puts "        CHECK TEXT: #{item["category"]["rule"]["blocking_dialog"]["check_text"]}"
+                puts "        REVIEW CHECK TEXT: #{item["category"]["rule"]["blocking_dialog"]["review_check_text"]}"
+                puts "        SUBMIT LABEL: #{item["category"]["rule"]["blocking_dialog"]["submit_label"]}"
+                puts "        ALLOW LABEL: #{item["category"]["rule"]["blocking_dialog"]["allow_label"]}"
+                puts ""
+                
+                puts "  SOURCE INFORMATION:"
+                puts "    PATH: #{item["edge"]["source"]["path"]}"
+                puts "    EXTENSION: #{item["edge"]["source"]["extension"]}"
+                puts "    URL: #{item["edge"]["source"]["url"]}"
+                puts "    BROWSER URL: #{item["edge"]["source"]["browser_page_url"]}"
+                puts "    BROWSER DOMAIN: #{item["edge"]["source"]["browser_page_domain"]}"
+                puts "    BROWSER TITLE: #{item["edge"]["source"]["browser_page_title"]}"
+                puts "    HOSTNAME: #{item["edge"]["source"]["hostname"]}"
+                puts "    URI: #{item["edge"]["source"]["content_uri"]}"
+                puts "    LOCATION: #{item["edge"]["source"]["location"]}"
+                puts "    LOCATION OUTLINE: #{item["edge"]["source"]["location_outline"]}"
+                puts "    CATEGORY: #{item["edge"]["source"]["category"]}"
+                puts "    LINKS: #{item["edge"]["source"]["links"]}"
+                puts "    ID: #{item["edge"]["source"]["raw_id"]}"
+                puts "    TAGS: #{item["edge"]["source"]["tags_applied"]}"
+                puts "    UPLOAD URI: #{item["edge"]["source"]["content_upload_uri"]}"
+                puts "    REPORT URI: #{item["edge"]["source"]["content_report_uri"]}"
+                puts "    TAGS: #{item["edge"]["source"]["tags_applied"]}"
+                puts "    EVENT TYPE: #{item["edge"]["source"]["event_type"]}"
+                puts "    SENSOR: #{item["edge"]["source"]["sensor_name"]}"
+                puts "    USERNAME: #{item["edge"]["source"]["local_user_name"]}"
+                puts "    USER ID: #{item["edge"]["source"]["local_user_sid"]}"
+                puts "    LOCAL TIME: #{item["edge"]["source"]["local_time"]}"
+                puts "    MACHINE NAME: #{item["edge"]["source"]["local_machine_name"]}"
+                puts "    ENDPIONT ID: #{item["edge"]["source"]["endpoint_id"]}"
+                puts "    GROUP NAME: #{item["edge"]["source"]["group_name"]}"
+                puts "    LOCAL ID: #{item["edge"]["source"]["local_id"]}"
+                puts "    BLOCKED: #{item["edge"]["source"]["blocked"]}"
+                puts "    DATA SIZE: #{item["edge"]["source"]["data_size"]}"
+                puts ""
+
+                puts "  DESTINATION INFORMATION:"
+                puts "    PATH: #{item["edge"]["destination"]["path"]}"
+                puts "    EXTENSION: #{item["edge"]["destination"]["extension"]}"
+                puts "    UPLOAD FILE ID: #{item["edge"]["destination"]["upload_file_id"]}"
+                puts "    URL: #{item["edge"]["destination"]["url"]}"
+                puts "    BROWSER TITLE: #{item["edge"]["destination"]["browser_page_title"]}"
+                puts "    HOSTNAME: #{item["edge"]["destination"]["hostname"]}"
+                puts "    MD5: #{item["edge"]["destination"]["md5_hash"]}"
+                puts "    FILE SIZE: #{item["edge"]["destination"]["file_size"]}"
+                puts "    PATH COMPONENTS: #{item["edge"]["destination"]["path_components"]}"
+                puts "    BASENAME: #{item["edge"]["destination"]["path_basename"]}"
+                puts "    DOMAIN COMPONENTS: #{item["edge"]["destination"]["domain_components"]}"
+                puts "    DOMAIN: #{item["edge"]["destination"]["domain"]}"
+                puts "    URI: #{item["edge"]["destination"]["content_uri"]}"
+                puts "    LOCATION: #{item["edge"]["destination"]["location"]}"
+                puts "    LOCATION OUTLINE: #{item["edge"]["destination"]["location_outline"]}"
+                puts "    CATEGORY: #{item["edge"]["destination"]["category"]}"
+                puts "    LINKS: #{item["edge"]["destination"]["links"]}"
+                puts "    RAW ID: #{item["edge"]["destination"]["raw_id"]}"
+                puts "    TAGS: #{item["edge"]["destination"]["tags_applied"]}"
+                puts "    CONTENT UPLOAD URI: #{item["edge"]["destination"]["content_upload_uri"]}"
+                puts "    CONTENT REPORT URI: #{item["edge"]["destination"]["content_report_uri"]}"
+                puts "    EVENT TYPE: #{item["edge"]["destination"]["event_type"]}"
+                puts "    SENSOR: #{item["edge"]["destination"]["sensor_name"]}"
+                puts "    LOCAL USERNAME: #{item["edge"]["destination"]["local_user_name"]}"
+                puts "    LOCAL USERID: #{item["edge"]["destination"]["local_user_sid"]}"
+                puts "    LOCAL TIME: #{item["edge"]["destination"]["local_time"]}"
+                puts "    LOCAL MACHINE NAME: #{item["edge"]["destination"]["local_machine_name"]}"
+                puts "    ENDPOINT ID: #{item["edge"]["destination"]["endpoint_id"]}"
+                puts "    GROUP NAMES: #{item["edge"]["destination"]["group_name"]}"
+                puts "    BLOCKED: #{item["edge"]["destination"]["blocked"]}"
+                puts "    DATA SIZE: #{item["edge"]["destination"]["data_size"]}"
+                puts "    LOCAL ID: #{item["edge"]["destination"]["local_id"]}"
+                puts "    GDRIVE FILE ID: #{item["edge"]["destination"]["gdrive_file_id"]}"
+                puts "    CLOUD PROVIDER: #{item["edge"]["destination"]["cloud_provider"]}"
+                puts "    CLOUD APP: #{item["edge"]["destination"]["cloud_app"]}"
+                puts "    CLOUD ACCOUNT: #{item["edge"]["destination"]["cloud_app_account"]}"
+                puts "    DLP SCAN ID: #{item["edge"]["destination"]["  dlp_scan_linking_id"]}"
+                puts ""
+            end
+        end
+
+    
+        ## SUMMARIES -----------------------------------------------------------
+        def self.SummaryRaw(incidentID)
+            $query ={
+                "filters":{
+                    "incident_ids": [
+                        "#{incidentID}"
+                    ],
+                },
+                "sort_by": "event_time",
+                "page_size": 1,
+                "sort_desc": true
+            }.to_json
+        
+            url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
+            https = Net::HTTP.new(url.host, url.port)
+            https.use_ssl = true
+            request = Net::HTTP::Get.new(url)
+            request["Content-Type"] = "application/json"
+            request["Authorization"] = "Bearer #{$bearerToken}"
+            request.body = $query
+            response = https.request(request)
+            status = response.code
+            results = JSON.parse(response.read_body)
+            
+            results["incidents"].each do |item|
+            $data = {
+                values: { 
+                "incident_id": " #{item["id"]}".to_s,
+                "event_time": " #{item["event_time"]}".to_s,
+                "policy_name": "#{item["category"]["name"]}".to_s,
+                "policy_severity": " #{item["category"]["severity"]}".to_s,
+                "user": "#{item["user"]}".to_s,
+                "status": "#{item["resolution_status"]}".to_s,
+                "dataset": "#{item["dataset"]["name"]}".to_s,
+                "dataset_sensitivity": "#{item["dataset"]["sensitivity"]}".to_i,
+                "ploiicy_severity": "#{item["category"]["severity"]}".to_i,
+                "create_incident": " #{item["category"]["rule"]["create_incident"]}".to_s,
+                "incident_action": "#{item["category"]["rule"]["incident_action"]}".to_s,
+                "src_url": "#{item["edge"]["source"]["url"]}".to_s,
+                "src_browser_url": "#{item["edge"]["source"]["browser_page_url"]}".to_s,
+                "src_browser_domain": " #{item["edge"]["source"]["browser_page_domain"]}".to_s,
+                "src_browser_title": "#{item["edge"]["source"]["browser_page_title"]}".to_s,
+                "src_location": "#{item["edge"]["destination"]["location"]}".to_s,
+                "src_location_outline": "#{item["edge"]["source"]["location_outline"]}".to_s,
+                "src_category": "#{item["edge"]["source"]["category"]}".to_s,
+                "dst_browser_title": "#{item["edge"]["destination"]["browser_page_title"]}".to_s,
+                "dst_basename": "#{item["edge"]["destination"]["path_basename"]}".to_s,
+                "dst_domain": "#{item["edge"]["destination"]["domain"]}".to_s,
+                "dest_location": "#{item["edge"]["destination"]["location"]}".to_s,
+                "dst_location_outline": "#{item["edge"]["destination"]["location_outline"]}".to_s,
+                "dst_category": "#{item["edge"]["destination"]["category"]}".to_s,
+                "dst_event_type": "#{item["edge"]["destination"]["event_type"]}".to_s,
+                "dst_sensor": "#{item["edge"]["destination"]["sensor_name"]}".to_s,
+                "dst_local_username": "#{item["edge"]["destination"]["local_user_name"]}".to_s,
+                "dst_local_machine_name": "#{item["edge"]["destination"]["local_machine_name"]}".to_s,
+                "dst_blocked": "#{item["edge"]["destination"]["blocked"]}".to_s,
+                "dst_data_size": "#{item["edge"]["destination"]["data_size"]}".to_s,
+                "dst_gdrive_file_id": "#{item["edge"]["destination"]["gdrive_file_id"]}".to_s,
+                "dst_cloud_provider": "#{item["edge"]["destination"]["cloud_provider"]}".to_s,
+                "dst_cloud_app": "#{item["edge"]["destination"]["cloud_app"]}".to_s,
+                "dst_cloud_account": "#{item["edge"]["destination"]["cloud_app_account"]}".to_s,
+                }}
+                return $data
+            end
+        end
+
+        def self.SummaryJson(incidentID)
+            SummaryRaw("#{incidentID}")
+            puts $data.to_json
+        end
+        
+        def self.SummaryYaml(incidentID)
+            SummaryRaw("#{incidentID}")
+            puts $data.to_yaml
+        end
+
+        def self.SummaryReport(incidentID)
+            SummaryRaw("#{incidentID}")
+
+            puts "Incident ID: #{$data[:values][:incident_id]}"
+            puts "  Event Time: #{$data[:values][:event_time]}" 
+            puts "  Policy Name: #{$data[:values][:policy_name]}" 
+            puts "  Policy Severity: #{$data[:values][:policy_severity]}"
+            puts "  User: #{$data[:values][:user]}"
+            puts "  Status: #{$data[:values][:status]}"
+            puts "  Dataset Name: #{$data[:values][:dataset]}"
+            puts "  Dataset Sensitivity: #{$data[:values][:dataset_sensitivity]}"
+            puts "  Policy Severity: #{$data[:values][:ploiicy_severity]}"
+            puts "  Create Incident: #{$data[:values][:create_incident]}"
+            puts "  Incident Action: #{$data[:values][:incident_action]}"
+            puts "  Source Information:"
+            puts "    Url: #{$data[:values][:src_url]}"
+            puts "    Browser Url: #{$data[:values][:src_browser_url]}"
+            puts "    Browser Domain: #{$data[:values][:src_browser_domain]}"
+            puts "    Browser Title: #{$data[:values][:src_browser_title]}"
+            puts "    Location: #{$data[:values][:src_location]}"
+            puts "    Location Outline: #{$data[:values][:src_location_outline]}"
+            puts "    Category: #{$data[:values][:src_category]}"
+            puts "  Destination Information:"
+            puts "    Browser Title: #{$data[:values][:dst_browser_title]}"
+            puts "    Basename: #{$data[:values][:dst_basename]}"
+            puts "    Domain: #{$data[:values][:dst_domain]}"
+            puts "    Location: #{$data[:values][:dest_location]}"
+            puts "    Location Outline: #{$data[:values][:dst_location_outline]}"
+            puts "    Category: #{$data[:values][:dst_category]}"
+            puts "    Event Type: #{$data[:values][:dst_event_type]}"
+            puts "    Sensor: #{$data[:values][:dst_sensor]}"
+            puts "    Local Username: #{$data[:values][:dst_local_username]}"
+            puts "    Local Machine Name: #{$data[:values][:dst_local_machine_name]}"
+            puts "    Blocked: #{$data[:values][:dst_blocked]}"
+            puts "    Data Size: #{$data[:values][:dst_data_size]}"
+            puts "    Google Drive File ID: #{$data[:values][:dst_gdrive_file_id]}"
+            puts "    Cloud Provider: #{$data[:values][:dst_cloud_provider]}"
+            puts "    Cloud App: #{$data[:values][:dst_cloud_app]}"
+            puts "    Cloud Account: #{$data[:values][:dst_cloud_account]}"
+        end
+    
+    end
+  end
+end

data/lib/cyberhaven/incidents/user.rb

@@ -0,0 +1,356 @@
+# frozen_string_literal: true
+
+
+module Cyberhaven
+  module Incidents
+    module User
+        ## DETAILED VERBOSE ----------------------------------------------------
+        def self.DetailedRaw(username, status, numberOfEvents)
+            
+            $pageToken = "1"
+            loop do
+                unless $pageToken.empty?
+        
+                    if $pageToken == "1"
+                        $pageToken = ""
+                    end
+
+                    $query ={
+                        "filters":{
+                            "resolution_statuses": [
+                                "#{status}"
+                            ],
+                            "users": [
+                                "#{username}"
+                            ],
+                        },
+                        "sort_by": "event_time",
+                        "page_size": numberOfEvents,
+                        "sort_desc": true
+                    }.to_json
+            
+                    url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
+                    https = Net::HTTP.new(url.host, url.port)
+                    https.use_ssl = true
+                    request = Net::HTTP::Get.new(url)
+                    request["Content-Type"] = "application/json"
+                    request["Authorization"] = "Bearer #{$bearerToken}"
+                    request.body = $query
+                    response = https.request(request)
+                    status = response.code
+                    results = JSON.parse(response.read_body)
+
+                    pageToken = results["next_page_id"]
+                    $data = results["incidents"]
+                    return $data
+                else
+                    break
+                end
+            end
+        end
+
+        def self.DetailedJson(username, status, numberOfEvents)
+            DetailedRaw("#{username}", "#{status}", numberOfEvents)
+            return $data.to_json
+        end
+
+        # def self.DetailedYaml(incidentID)
+        #     DetailedRaw("#{incidentID}")
+        #     puts $data.to_yaml
+        # end
+
+        # def self.DetailedReport(incidentID)
+        #     $query ={
+        #         "filters":{
+        #             "incident_ids": [
+        #                 "#{incidentID}"
+        #             ],
+        #         },
+        #         "sort_by": "event_time",
+        #         "page_size": 1,
+        #         "sort_desc": true
+        #     }.to_json
+        
+        #     url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
+        #     https = Net::HTTP.new(url.host, url.port)
+        #     https.use_ssl = true
+        #     request = Net::HTTP::Get.new(url)
+        #     request["Content-Type"] = "application/json"
+        #     request["Authorization"] = "Bearer #{$bearerToken}"
+        #     request.body = $query
+        #     response = https.request(request)
+        #     status = response.code
+        #     results = JSON.parse(response.read_body)
+            
+        #     results["incidents"].each do |item|
+        #         puts "INCIDENT ID: #{item["id"]}"
+        #         puts "  EVENT TIME: #{item["event_time"]}"
+        #         puts "  TRIGGER TIME: #{item["trigger_time"]}"
+        #         puts "  POLICY NAME: #{item["category"]["name"]}"
+        #         puts "  POLICY SEVERITY: #{item["category"]["severity"]}"
+        #         puts "  USER: #{item["user"]}"
+        #         puts "  STATUS: #{item["resolution_status"]}"
+        #         puts "  OUTDATED POLICY: #{item["outdated_policy"]}"
+        #         puts "  FILE: #{item["file"]}"
+        #         puts "  FILE PATH: #{item["data"]["path"]}"
+        #         puts "  SOURCE DATA: #{item["source_data"]["path"]}"
+        #         puts "  PERSONAL INFO:"
+        #         if ! item["personal_info"].nil?
+        #             item["personal_info"].each do |personalItem|
+        #                 puts "    #{personalItem}"
+        #             end
+        #         end
+        #         puts "  ASSIGNEE: #{item["assignee"]}"
+        #         puts "  CONTENT TAGS: #{item["content_tags"]}"
+        #         puts "  RESPONSE: #{item["incident_response"]}"
+        #         puts "  REACTION: #{item["incident_reactions"]}"
+        #         puts "  ADMIN HISTORY: #{item["admin_history"]}"
+        #         puts "  CATEGOERY MODIFIED: #{item["category_last_modified"]}"
+        #         puts "  DATASET MODIFIED: #{item["dataset_last_modified"]}"
+        #         puts "  ALERT ID: #{item["alert_id"]}"
+        #         puts "  SCREENSHOT GUID: #{item["screenshot_guid"]}"
+        #         puts ""
+        
+        #         puts "  DATASET:"
+        #         puts "    ID: #{item["dataset"]["id"]}"
+        #         puts "    NAME: #{item["dataset"]["name"]}"
+        #         puts "    SENSITIVITY: #{item["dataset"]["sensitivity"]}"
+        #         puts "    LAST MODIFIED: #{item["dataset"]["last_modified"]}"
+        #         puts ""
+
+        #         puts "  POLICY:"
+        #         puts "    ID: #{item["category"]["id"]}"
+        #         puts "    NAME: #{item["category"]["name"]}"
+        #         puts "    SEVERITY: #{item["category"]["severity"]}"
+        #         puts "    DATASET IDS: #{item["category"]["dataset_ids"]}"
+        #         puts "    EXCLUDE ORIGIN: #{item["category"]["exclude_origin"]}"
+        #         puts "    LAST MODIFIED: #{item["category"]["last_modified"]}"
+        #         puts "    SELECTION TYPE: #{item["category"]["selection_type"]}"
+        #         puts "    RULE:"
+        #         puts "      ID: #{item["category"]["rule"]["id"]}"
+        #         puts "      STATUS: #{item["category"]["rule"]["status"]}"
+        #         puts "      CREATE INCIDENT: #{item["category"]["rule"]["create_incident"]}"
+        #         puts "      RECORD SCREENSHOT: #{item["category"]["rule"]["record_screenshots"]}"
+        #         puts "      NOTIFY ENABLED: #{item["category"]["rule"]["notify_enabled"]}"
+        #         puts "      NOTIFY STATUS: #{item["category"]["rule"]["notify_status"]}"
+        #         puts "      NOTIFY EMAIL: #{item["category"]["rule"]["notify_email"]}"
+        #         puts "      SHOW TITLE: #{item["category"]["rule"]["show_title"]}"
+        #         puts "      SHOW LOGO: #{item["category"]["rule"]["show_logo"]}"
+        #         puts "      REQUIRE JUSTIFICATION: #{item["category"]["rule"]["require_justification"]}"
+        #         puts "      REQUIRE ACKNOWLEDGEMENT: #{item["category"]["rule"]["should_ack_warning"]}"
+        #         puts "      ALLOW REVIEW: #{item["category"]["rule"]["allow_request_review"]}"
+        #         puts "      OVERRIDE ENABLED: #{item["category"]["rule"]["override_enabled"]}"
+        #         puts "      BLOCKING ACTION: #{item["category"]["rule"]["blocking_action"]}"
+        #         puts "      INCIDENT ACTION: #{item["category"]["rule"]["incident_action"]}"
+        #         puts "      WARNING MESSAGE:"
+        #         puts "        TITLE: #{item["category"]["rule"]["warning_dialog"]["title"]}"
+        #         puts "        EXPLANATION: #{item["category"]["rule"]["warning_dialog"]["explanation"]}"
+        #         puts "        PLACEHOLDER: #{item["category"]["rule"]["warning_dialog"]["placeholder"]}"
+        #         puts "        CHECK TEXT: #{item["category"]["rule"]["warning_dialog"]["check_text"]}"
+        #         puts "        REVIEW CHECK TEXT: #{item["category"]["rule"]["warning_dialog"]["review_check_text"]}"
+        #         puts "        SUBMIT LABEL: #{item["category"]["rule"]["warning_dialog"]["submit_label"]}"
+        #         puts "        ALLOW LABEL: #{item["category"]["rule"]["warning_dialog"]["allow_label"]}"
+        #         puts "      BLOCKING MESSAGE:"
+        #         puts "        TITLE: #{item["category"]["rule"]["blocking_dialog"]["title"]}"
+        #         puts "        EXPLANATION: #{item["category"]["rule"]["blocking_dialog"]["explanation"]}"
+        #         puts "        PLACEHOLDER: #{item["category"]["rule"]["blocking_dialog"]["placeholder"]}"
+        #         puts "        CHECK TEXT: #{item["category"]["rule"]["blocking_dialog"]["check_text"]}"
+        #         puts "        REVIEW CHECK TEXT: #{item["category"]["rule"]["blocking_dialog"]["review_check_text"]}"
+        #         puts "        SUBMIT LABEL: #{item["category"]["rule"]["blocking_dialog"]["submit_label"]}"
+        #         puts "        ALLOW LABEL: #{item["category"]["rule"]["blocking_dialog"]["allow_label"]}"
+        #         puts ""
+                
+        #         puts "  SOURCE INFORMATION:"
+        #         puts "    PATH: #{item["edge"]["source"]["path"]}"
+        #         puts "    EXTENSION: #{item["edge"]["source"]["extension"]}"
+        #         puts "    URL: #{item["edge"]["source"]["url"]}"
+        #         puts "    BROWSER URL: #{item["edge"]["source"]["browser_page_url"]}"
+        #         puts "    BROWSER DOMAIN: #{item["edge"]["source"]["browser_page_domain"]}"
+        #         puts "    BROWSER TITLE: #{item["edge"]["source"]["browser_page_title"]}"
+        #         puts "    HOSTNAME: #{item["edge"]["source"]["hostname"]}"
+        #         puts "    URI: #{item["edge"]["source"]["content_uri"]}"
+        #         puts "    LOCATION: #{item["edge"]["source"]["location"]}"
+        #         puts "    LOCATION OUTLINE: #{item["edge"]["source"]["location_outline"]}"
+        #         puts "    CATEGORY: #{item["edge"]["source"]["category"]}"
+        #         puts "    LINKS: #{item["edge"]["source"]["links"]}"
+        #         puts "    ID: #{item["edge"]["source"]["raw_id"]}"
+        #         puts "    TAGS: #{item["edge"]["source"]["tags_applied"]}"
+        #         puts "    UPLOAD URI: #{item["edge"]["source"]["content_upload_uri"]}"
+        #         puts "    REPORT URI: #{item["edge"]["source"]["content_report_uri"]}"
+        #         puts "    TAGS: #{item["edge"]["source"]["tags_applied"]}"
+        #         puts "    EVENT TYPE: #{item["edge"]["source"]["event_type"]}"
+        #         puts "    SENSOR: #{item["edge"]["source"]["sensor_name"]}"
+        #         puts "    USERNAME: #{item["edge"]["source"]["local_user_name"]}"
+        #         puts "    USER ID: #{item["edge"]["source"]["local_user_sid"]}"
+        #         puts "    LOCAL TIME: #{item["edge"]["source"]["local_time"]}"
+        #         puts "    MACHINE NAME: #{item["edge"]["source"]["local_machine_name"]}"
+        #         puts "    ENDPIONT ID: #{item["edge"]["source"]["endpoint_id"]}"
+        #         puts "    GROUP NAME: #{item["edge"]["source"]["group_name"]}"
+        #         puts "    LOCAL ID: #{item["edge"]["source"]["local_id"]}"
+        #         puts "    BLOCKED: #{item["edge"]["source"]["blocked"]}"
+        #         puts "    DATA SIZE: #{item["edge"]["source"]["data_size"]}"
+        #         puts ""
+
+        #         puts "  DESTINATION INFORMATION:"
+        #         puts "    PATH: #{item["edge"]["destination"]["path"]}"
+        #         puts "    EXTENSION: #{item["edge"]["destination"]["extension"]}"
+        #         puts "    UPLOAD FILE ID: #{item["edge"]["destination"]["upload_file_id"]}"
+        #         puts "    URL: #{item["edge"]["destination"]["url"]}"
+        #         puts "    BROWSER TITLE: #{item["edge"]["destination"]["browser_page_title"]}"
+        #         puts "    HOSTNAME: #{item["edge"]["destination"]["hostname"]}"
+        #         puts "    MD5: #{item["edge"]["destination"]["md5_hash"]}"
+        #         puts "    FILE SIZE: #{item["edge"]["destination"]["file_size"]}"
+        #         puts "    PATH COMPONENTS: #{item["edge"]["destination"]["path_components"]}"
+        #         puts "    BASENAME: #{item["edge"]["destination"]["path_basename"]}"
+        #         puts "    DOMAIN COMPONENTS: #{item["edge"]["destination"]["domain_components"]}"
+        #         puts "    DOMAIN: #{item["edge"]["destination"]["domain"]}"
+        #         puts "    URI: #{item["edge"]["destination"]["content_uri"]}"
+        #         puts "    LOCATION: #{item["edge"]["destination"]["location"]}"
+        #         puts "    LOCATION OUTLINE: #{item["edge"]["destination"]["location_outline"]}"
+        #         puts "    CATEGORY: #{item["edge"]["destination"]["category"]}"
+        #         puts "    LINKS: #{item["edge"]["destination"]["links"]}"
+        #         puts "    RAW ID: #{item["edge"]["destination"]["raw_id"]}"
+        #         puts "    TAGS: #{item["edge"]["destination"]["tags_applied"]}"
+        #         puts "    CONTENT UPLOAD URI: #{item["edge"]["destination"]["content_upload_uri"]}"
+        #         puts "    CONTENT REPORT URI: #{item["edge"]["destination"]["content_report_uri"]}"
+        #         puts "    EVENT TYPE: #{item["edge"]["destination"]["event_type"]}"
+        #         puts "    SENSOR: #{item["edge"]["destination"]["sensor_name"]}"
+        #         puts "    LOCAL USERNAME: #{item["edge"]["destination"]["local_user_name"]}"
+        #         puts "    LOCAL USERID: #{item["edge"]["destination"]["local_user_sid"]}"
+        #         puts "    LOCAL TIME: #{item["edge"]["destination"]["local_time"]}"
+        #         puts "    LOCAL MACHINE NAME: #{item["edge"]["destination"]["local_machine_name"]}"
+        #         puts "    ENDPOINT ID: #{item["edge"]["destination"]["endpoint_id"]}"
+        #         puts "    GROUP NAMES: #{item["edge"]["destination"]["group_name"]}"
+        #         puts "    BLOCKED: #{item["edge"]["destination"]["blocked"]}"
+        #         puts "    DATA SIZE: #{item["edge"]["destination"]["data_size"]}"
+        #         puts "    LOCAL ID: #{item["edge"]["destination"]["local_id"]}"
+        #         puts "    GDRIVE FILE ID: #{item["edge"]["destination"]["gdrive_file_id"]}"
+        #         puts "    CLOUD PROVIDER: #{item["edge"]["destination"]["cloud_provider"]}"
+        #         puts "    CLOUD APP: #{item["edge"]["destination"]["cloud_app"]}"
+        #         puts "    CLOUD ACCOUNT: #{item["edge"]["destination"]["cloud_app_account"]}"
+        #         puts "    DLP SCAN ID: #{item["edge"]["destination"]["  dlp_scan_linking_id"]}"
+        #         puts ""
+        #     end
+        # end
+
+    
+        # ## SUMMARIES -----------------------------------------------------------
+        # def self.SummaryRaw(incidentID)
+        #     $query ={
+        #         "filters":{
+        #             "incident_ids": [
+        #                 "#{incidentID}"
+        #             ],
+        #         },
+        #         "sort_by": "event_time",
+        #         "page_size": 1,
+        #         "sort_desc": true
+        #     }.to_json
+        
+        #     url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
+        #     https = Net::HTTP.new(url.host, url.port)
+        #     https.use_ssl = true
+        #     request = Net::HTTP::Get.new(url)
+        #     request["Content-Type"] = "application/json"
+        #     request["Authorization"] = "Bearer #{$bearerToken}"
+        #     request.body = $query
+        #     response = https.request(request)
+        #     status = response.code
+        #     results = JSON.parse(response.read_body)
+            
+        #     results["incidents"].each do |item|
+        #     $data = {
+        #         values: { 
+        #         "incident_id": " #{item["id"]}".to_s,
+        #         "event_time": " #{item["event_time"]}".to_s,
+        #         "policy_name": "#{item["category"]["name"]}".to_s,
+        #         "policy_severity": " #{item["category"]["severity"]}".to_s,
+        #         "user": "#{item["user"]}".to_s,
+        #         "status": "#{item["resolution_status"]}".to_s,
+        #         "dataset": "#{item["dataset"]["name"]}".to_s,
+        #         "dataset_sensitivity": "#{item["dataset"]["sensitivity"]}".to_i,
+        #         "ploiicy_severity": "#{item["category"]["severity"]}".to_i,
+        #         "create_incident": " #{item["category"]["rule"]["create_incident"]}".to_s,
+        #         "incident_action": "#{item["category"]["rule"]["incident_action"]}".to_s,
+        #         "src_url": "#{item["edge"]["source"]["url"]}".to_s,
+        #         "src_browser_url": "#{item["edge"]["source"]["browser_page_url"]}".to_s,
+        #         "src_browser_domain": " #{item["edge"]["source"]["browser_page_domain"]}".to_s,
+        #         "src_browser_title": "#{item["edge"]["source"]["browser_page_title"]}".to_s,
+        #         "src_location": "#{item["edge"]["destination"]["location"]}".to_s,
+        #         "src_location_outline": "#{item["edge"]["source"]["location_outline"]}".to_s,
+        #         "src_category": "#{item["edge"]["source"]["category"]}".to_s,
+        #         "dst_browser_title": "#{item["edge"]["destination"]["browser_page_title"]}".to_s,
+        #         "dst_basename": "#{item["edge"]["destination"]["path_basename"]}".to_s,
+        #         "dst_domain": "#{item["edge"]["destination"]["domain"]}".to_s,
+        #         "dest_location": "#{item["edge"]["destination"]["location"]}".to_s,
+        #         "dst_location_outline": "#{item["edge"]["destination"]["location_outline"]}".to_s,
+        #         "dst_category": "#{item["edge"]["destination"]["category"]}".to_s,
+        #         "dst_event_type": "#{item["edge"]["destination"]["event_type"]}".to_s,
+        #         "dst_sensor": "#{item["edge"]["destination"]["sensor_name"]}".to_s,
+        #         "dst_local_username": "#{item["edge"]["destination"]["local_user_name"]}".to_s,
+        #         "dst_local_machine_name": "#{item["edge"]["destination"]["local_machine_name"]}".to_s,
+        #         "dst_blocked": "#{item["edge"]["destination"]["blocked"]}".to_s,
+        #         "dst_data_size": "#{item["edge"]["destination"]["data_size"]}".to_s,
+        #         "dst_gdrive_file_id": "#{item["edge"]["destination"]["gdrive_file_id"]}".to_s,
+        #         "dst_cloud_provider": "#{item["edge"]["destination"]["cloud_provider"]}".to_s,
+        #         "dst_cloud_app": "#{item["edge"]["destination"]["cloud_app"]}".to_s,
+        #         "dst_cloud_account": "#{item["edge"]["destination"]["cloud_app_account"]}".to_s,
+        #         }}
+        #         return $data
+        #     end
+        # end
+
+        # def self.SummaryJson(incidentID)
+        #     SummaryRaw("#{incidentID}")
+        #     puts $data.to_json
+        # end
+        
+        # def self.SummaryYaml(incidentID)
+        #     SummaryRaw("#{incidentID}")
+        #     puts $data.to_yaml
+        # end
+
+        # def self.SummaryReport(incidentID)
+        #     SummaryRaw("#{incidentID}")
+
+        #     puts "INCIDENT ID: #{$data[:values][:incident_id]}"
+        #     puts "  EVENT TIME: #{$data[:values][:event_time]}" 
+        #     puts "  POLICY NAME: #{$data[:values][:policy_name]}" 
+        #     puts "  POLICY SEVERITY: #{$data[:values][:policy_severity]}"
+        #     puts "  USER: #{$data[:values][:user]}"
+        #     puts "  STATUS: #{$data[:values][:status]}"
+        #     puts "  DATASET NAME: #{$data[:values][:dataset]}"
+        #     puts "  DATASET SENSITIVITY: #{$data[:values][:dataset_sensitivity]}"
+        #     puts "  POLICY SEVERITY: #{$data[:values][:ploiicy_severity]}"
+        #     puts "  CREATE INCIDENT: #{$data[:values][:create_incident]}"
+        #     puts "  INCIDENT ACTION: #{$data[:values][:incident_action]}"
+        #     puts "  SOURCE INFORMATION:"
+        #     puts "    URL: #{$data[:values][:src_url]}"
+        #     puts "    BROWSER URL: #{$data[:values][:src_browser_url]}"
+        #     puts "    BROWSER DOMAIN: #{$data[:values][:src_browser_domain]}"
+        #     puts "    BROWSER TITLE: #{$data[:values][:src_browser_title]}"
+        #     puts "    LOCATION: #{$data[:values][:src_location]}"
+        #     puts "    LOCATION OUTLINE: #{$data[:values][:src_location_outline]}"
+        #     puts "    CATEGORY: #{$data[:values][:src_category]}"
+        #     puts "  DESTINATION INFORMATION:"
+        #     puts "    BROWSER TITLE: #{$data[:values][:dst_browser_title]}"
+        #     puts "    BASENAME: #{$data[:values][:dst_basename]}"
+        #     puts "    DOMAIN: #{$data[:values][:dst_domain]}"
+        #     puts "    LOCATION: #{$data[:values][:dest_location]}"
+        #     puts "    LOCATION OUTLINE: #{$data[:values][:dst_location_outline]}"
+        #     puts "    CATEGORY: #{$data[:values][:dst_category]}"
+        #     puts "    EVENT TYPE: #{$data[:values][:dst_event_type]}"
+        #     puts "    SENSOR: #{$data[:values][:dst_sensor]}"
+        #     puts "    LOCAL USERNAME: #{$data[:values][:dst_local_username]}"
+        #     puts "    LOCAL MACHINE NAME: #{$data[:values][:dst_local_machine_name]}"
+        #     puts "    BLOCKED: #{$data[:values][:dst_blocked]}"
+        #     puts "    DATA SIZE: #{$data[:values][:dst_data_size]}"
+        #     puts "    GDRIVE FILE ID: #{$data[:values][:dst_gdrive_file_id]}"
+        #     puts "    CLOUD PROVIDER: #{$data[:values][:dst_cloud_provider]}"
+        #     puts "    CLOUD APP: #{$data[:values][:dst_cloud_app]}"
+        #     puts "    CLOUD ACCOUNT: #{$data[:values][:dst_cloud_account]}"
+        # end
+    
+    end
+  end
+end

data/lib/cyberhaven/incidents/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Cyberhaven
+  module Incidents
+    VERSION = "0.4.0"
+  end
+end

data/lib/cyberhaven/incidents.rb

@@ -0,0 +1,139 @@
+# frozen_string_literal: true
+
+require "uri"
+require "json"
+require 'yaml'
+require "net/http"
+require 'openssl'
+require 'base64'
+require_relative "incidents/version"
+require_relative "incidents/id"
+require_relative "incidents/user"
+
+module Cyberhaven
+  module Incidents
+
+    def self.getBearerToken
+      decode = Base64.decode64("#{$refreshToken}")
+      $query = decode
+  
+      url = URI("https://#{$deployment}/user-management/auth/token")
+      https = Net::HTTP.new(url.host, url.port)
+      https.use_ssl = true
+      request = Net::HTTP::Post.new(url)
+      request["Content-Type"] = "application/json"
+      request.body = $query
+      response = https.request(request)
+      $bearerToken =  response.read_body.strip
+    end
+
+    def self.totalIncidents
+      url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
+      https = Net::HTTP.new(url.host, url.port)
+      https.use_ssl = true
+      request = Net::HTTP::Get.new(url)
+      request["Content-Type"] = "application/json"
+      request["Authorization"] = "Bearer #{$bearerToken}"
+      request.body = JSON.dump({})
+      response = https.request(request)
+      status = response.code
+      results = JSON.parse(response.read_body)
+      puts results["total"].to_i
+    end
+
+    def self.totalUnresolvedIncidents
+      $query ={
+        "filters":{
+          "resolution_statuses":[
+              "unresolved"
+          ],
+        },
+          "page_size": 1,
+      }.to_json
+  
+      url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
+      https = Net::HTTP.new(url.host, url.port)
+      https.use_ssl = true
+      request = Net::HTTP::Get.new(url)
+      request["Content-Type"] = "application/json"
+      request["Authorization"] = "Bearer #{$bearerToken}"
+      request.body = $query
+      response = https.request(request)
+      status = response.code
+      results = JSON.parse(response.read_body)
+      puts results["total"].to_i
+    end
+
+    def self.totalIgnoredIncidents
+      $query ={
+        "filters":{
+            "resolution_statuses":[
+                "ignored"
+            ]
+        },
+        "sort_by": "event_time",
+        "page_size": 1,
+        "sort_desc": true
+      }.to_json
+  
+      url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
+      https = Net::HTTP.new(url.host, url.port)
+      https.use_ssl = true
+      request = Net::HTTP::Get.new(url)
+      request["Content-Type"] = "application/json"
+      request["Authorization"] = "Bearer #{$bearerToken}"
+      request.body = $query
+      response = https.request(request)
+      status = response.code
+      results = JSON.parse(response.read_body)
+      puts results["total"].to_i
+    end
+
+    def self.totalInProgressIncidents
+      $query ={
+        "filters":{
+          "resolution_statuses":[
+              "in_progress"
+          ],
+        },
+          "page_size": 100,
+      }.to_json
+  
+      url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
+      https = Net::HTTP.new(url.host, url.port)
+      https.use_ssl = true
+      request = Net::HTTP::Get.new(url)
+      request["Content-Type"] = "application/json"
+      request["Authorization"] = "Bearer #{$bearerToken}"
+      request.body = $query
+      response = https.request(request)
+      status = response.code
+      results = JSON.parse(response.read_body)  
+      puts results["total"].to_i
+    end
+
+    def self.totalResolvedIncidents
+      $query ={
+        "filters":{
+          "resolution_statuses":[
+              "resolved"
+          ],
+        },
+          "page_size": 100,
+      }.to_json
+  
+      url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
+      https = Net::HTTP.new(url.host, url.port)
+      https.use_ssl = true
+      request = Net::HTTP::Get.new(url)
+      request["Content-Type"] = "application/json"
+      request["Authorization"] = "Bearer #{$bearerToken}"
+      request.body = $query
+      response = https.request(request)
+      status = response.code
+      results = JSON.parse(response.read_body)
+      puts results["total"].to_i
+    end
+
+  end
+end

data/sig/cyberhaven/incidents.rbs

@@ -0,0 +1,6 @@
+module Cyberhaven
+  module Incidents
+    VERSION: String
+    # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+  end
+end

metadata

@@ -0,0 +1,53 @@
+--- !ruby/object:Gem::Specification
+name: cyberhaven-incidents
+version: !ruby/object:Gem::Version
+  version: 0.4.0
+platform: ruby
+authors:
+- nic scott
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2024-01-05 00:00:00.000000000 Z
+dependencies: []
+description: 
+email:
+- nls.inbox@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- cyberhaven-incidents.gemspec
+- lib/cyberhaven/incidents.rb
+- lib/cyberhaven/incidents/id.rb
+- lib/cyberhaven/incidents/user.rb
+- lib/cyberhaven/incidents/version.rb
+- sig/cyberhaven/incidents.rbs
+homepage: https://github.com/nlscott/cyberhaven-incidents
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.3
+signing_key: 
+specification_version: 4
+summary: A ruby gem that interacts with the Cyberhaven Incident API
+test_files: []