zanshin 1.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 1e4c4177cdf64faab3875bd1fe144c21284530f211812969e0bd3ec5ab438d56
+  data.tar.gz: abd2455541e409bb6a018f12ba3e644fd32132ebd221f927f257a26d1e81e3b1
+SHA512:
+  metadata.gz: 0ca6218cf76d9642937df5f15b68c2bec389cd147bc68af25aa2969dcd6a42e3c2722d1fe56a54db17844de2e9222b29b10e6386d2fa152ee243e952001330c9
+  data.tar.gz: fea40647b2780b2059188a477e4644426903164429bc5ae951f69950d78697cb080ca0634da6b6d306e16396fda12012b905b83d1e3d15b2d0e03f246c6d96d1

data/LICENSE.md

@@ -0,0 +1,20 @@
+Copyright (c) 2022 Tenchi Security.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,135 @@
+[![Gem Version](https://badge.fury.io/rb/zanshin.svg)](https://badge.fury.io/rb/zanshin)
+
+# Zanshin Ruby SDK
+
+This Ruby gem contains an SDK to interact with the [API of the Zanshin](https://api.zanshin.tenchisecurity.com) from [Tenchi Security](https://www.tenchisecurity.com).
+
+## Installation
+
+Install the gem and add to the application's Gemfile by executing:
+
+```shell
+bundle add zanshin
+```
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+```shell
+gem install zanshin
+```
+
+## Setting up Credentials
+
+There are three ways that the SDK handles credentials. The order of evaluation is:
+- [**1st** Client Parameters](#client-parameters)
+- [**2nd** Environment Variables](#environment-variables)
+- [**3rd** Config File](#config-file)
+
+### Client Parameters
+
+When calling the `Client` class, you can pass the values API Key(`api_key`), API URL(`api_url`), User Agent(`user_agent`) and Proxy URL(`proxy_url`) you want to use as below:
+
+```ruby
+client = Zanshin::SDK::Client.new(api_key: "my_zanshin_api_key")
+puts client.get_me
+```
+
+> These values will overwrite anything you set as Environment Variables or in the Config File.
+
+### Environment Variables
+
+You can use the following Environment Variables to configure Zanshin SDK:
+- `ZANSHIN_API_KEY`: Will setup your Zanshin credentials
+- `ZANSHIN_API_URL`: Will define the API URL. Default is `https://api.zanshin.tenchisecurity.com`
+- `ZANSHIN_USER_AGENT`: If you want to overwrite the User Agent when calling Zanshin API (The value passed will be concatenated to the SDK's default value `Zanshin Ruby SDK 1.0.0`)
+- `HTTP_PROXY | HTTPS_PROXY`: Zanshin SDK uses `Net::HTTP` under the hood, checkout the [Net::HTTP RDoc](https://ruby-doc.org/stdlib-3.1.2/libdoc/net/http/rdoc/Net/HTTP.html) section of their documentation for more use cases
+
+#### Example
+
+```shell
+export ZANSHIN_API_KEY="my_zanshin_api_key"
+```
+
+> These Environment Variables will overwrite anything you set on the Config File.
+
+### Config File
+
+This `Ruby SDK` was built to be used under the same conditions as the [Python SDK](https://github.com/tenchi-security/zanshin-sdk-python), so the configuration file is in the format created by the Python [RawConfigParser](https://docs.python.org/3/library/configparser.html#configparser.RawConfigParser) class.
+
+The file is located at `~/.tenchi/config`, where `~` is the [current user's home directory](https://docs.python.org/3/library/pathlib.html#pathlib.Path.home).
+
+Each section is treated as a configuration profile, and the SDK will look for a section called `default` if another is not explicitly selected.
+
+These are the supported options:
+
+* `api_key` (required) which contains the Zanshin API key obtained at the [Zanshin web portal](https://zanshin.tenchisecurity.com/my-profile).
+* `api_url` (optional) directs the SDK to use a different API endpoint than the default (https://api.zanshin.tenchisecurity.com).
+* `user_agent` (optional) allows you to override the default user-agent header used by the SDK when making API requests (The value passed will be concatenated to the SDK's default value `Zanshin Ruby SDK 1.0.0`).
+* `proxy_url` (optional) directs the SDK to use a Proxy.
+
+This is what a minimal configuration file looks like:
+```ini
+[default]
+api_key=my_zanshin_api_key
+```
+
+## The SDK
+
+```ruby
+  client = Zanshin::SDK::Client.new
+  client.get_me 
+```
+
+## Usage
+
+### Create instance
+```ruby
+  client = Zanshin::SDK::Client.new # loads API key from the "default" profile in ~/.tenchi/config
+```
+
+### Get logged user info
+```ruby
+  client.get_me # calls /me API endpoint
+```
+
+### Get logged user info
+
+Methods with prefix `iter_*` return an [Enumerator](https://ruby-doc.org/core-2.6/Enumerator.html), you can use it however you want, in this example we use `to_a` to convert the Enumerator into an Array.
+```ruby
+  client.iter_organizations.to_a # calls /organizations API endpoint
+```
+
+## Support
+
+If you are a Zanshin customer and have any questions regarding the use of the service, its API or this SDK package, please get in touch via e-mail at `support@tenchisecurity.com` or via the support widget on the [Zanshin Portal](https://zanshin.tenchisecurity.com).
+
+## Development
+
+After checking out the repo, run `bundle install` to install dependencies. Then, run `bundle exec rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at `https://github.com/tenchi-security/zanshin-sdk-ruby`. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/tenchi-security/zanshin-sdk-ruby/blob/main/CODE_OF_CONDUCT.md).
+
+## Unit Test
+
+Currently, the Unit Test only checks if the API call was made in the way it should, after implementing the input validations the tests will be better.
+
+## TODO
+
+- Input validation
+- Coverage badge
+- File Persistent Alerts Iterator
+- Onboard Scan Targets (AWS)
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the `Zanshin Ruby SDK` project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/tenchi-security/zanshin-sdk-ruby/blob/main/CODE_OF_CONDUCT.md).
+
+## Changelog
+
+See [CHANGELOG](https://github.com/tenchi-security/zanshin-sdk-ruby/blob/main/CHANGELOG.md) for a list of changes.

data/lib/zanshin/account.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+module Zanshin
+  module SDK
+    # Zanshin SDK Account
+    module Account
+      ###################################################
+      # Account
+      ###################################################
+
+      # Returns the details of the user account that owns the API key used by this Connection instance
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/getMe)
+      #
+      # @return an Object representing the user
+      def get_me
+        @http.request('GET', '/me')
+      end
+
+      ###################################################
+      # Account Invites
+      ###################################################
+
+      # Invites Enumerator of current logged user
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/getInvites)
+      #
+      # @return an Invites Enumerator object
+      def iter_invites
+        Enumerator.new do |yielder|
+          @http.request('GET', '/me/invites').each do |e|
+            yielder.yield e
+          end
+        end
+      end
+
+      # Gets a specific invitation details, it only works if the invitation was made for the current logged user
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/getInviteById)
+      #
+      # @param invite_id [UUID] of the invite
+      #
+      # @return an Object representing the invite
+      def get_invite(invite_id)
+        @http.request('GET', "/me/invites/#{validate_uuid(invite_id)}")
+      end
+
+      # Accepts an invitation with the informed ID, it only works if the user accepting the invitation is the user that
+      #   received the invitation
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/acceptInviteById)
+      #
+      # @param invite_id [UUID] of the invite
+      #
+      # @return an Object representing the organization of this invite
+      def accept_invite(invite_id)
+        @http.request('POST', "/me/invites/#{validate_uuid(invite_id)}/accept")
+      end
+
+      ###################################################
+      # Account API key
+      ###################################################
+
+      # API keys Enumerator of current logged user
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/getMyApiKeys)
+      #
+      # @return an API keys Enumerator object
+      def iter_api_keys
+        Enumerator.new do |yielder|
+          @http.request('GET', '/me/apikeys').each do |e|
+            yielder.yield e
+          end
+        end
+      end
+
+      # Creates a new API key for the current logged user, API Keys can be used to interact with the zanshin api
+      #   directly on behalf of that user
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/createApiKeys)
+      #
+      # @param name [String] of your new API key
+      #
+      # @return an Object representing the user api key
+      def create_api_key(name)
+        body = {}
+        body['name'] = name
+        @http.request('POST', '/me/apikeys', body)
+      end
+
+      # Deletes a given API key by its id, it will only work if the informed ID belongs to the current logged user
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/deleteApiKey)
+      #
+      # @param api_key_id [UUID] of your new API key
+      #
+      # @return a Boolean with result
+      def delete_api_key(api_key_id)
+        @http.request('DELETE', "/me/apikeys/#{validate_uuid(api_key_id)}")
+      end
+    end
+  end
+end

data/lib/zanshin/alerts.rb

@@ -0,0 +1,368 @@
+# frozen_string_literal: true
+
+module Zanshin
+  module SDK
+    # Zanshin SDK Alerts
+    module Alerts
+      ###################################################
+      # Alerts
+      ###################################################
+
+      # Alerts Enumerator of an organization by loading them, transparently paginating on the API
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/listAllAlert)
+      #
+      # @param organization_id [UUID] of the organization
+      # @param scan_target_ids [Array<UUID>] Optional list of scan target IDs to list alerts from, defaults to all
+      # @param rule [String] to filter alerts from (rule), not passing the field will fetch all
+      # @param states [Array<'OPEN', 'ACTIVE', 'IN_PROGRESS', 'RISK_ACCEPTED', 'CLOSED'>] Optional list of states to
+      #   filter returned alerts, defaults to all
+      # @param severities [Array<'CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO'>] optional list of severities to filter
+      #   returned alerts, defaults to all
+      # @param page_size [Integer] the number of alerts to load from the API at a time
+      # @param language ['en-US', 'pt-BR'] Language of the rule will be returned
+      # @param created_at_start [String] Search alerts by creation date - greater or equals than
+      # @param created_at_end [String] Search alerts by creation date - less or equals than
+      # @param updated_at_start [String] Search alerts by update date - greater or equals than
+      # @param updated_at_end [String] Search alerts by update date - less or equals than
+      #
+      # @return an Alerts Enumerator object
+      def iter_alerts(organization_id,
+                      scan_target_ids: [],
+                      rule: nil,
+                      states: nil,
+                      severities: nil,
+                      page_size: 100,
+                      language: nil,
+                      created_at_start: nil,
+                      created_at_end: nil,
+                      updated_at_start: nil,
+                      updated_at_end: nil)
+        body = {
+          'organizationId' => validate_uuid(organization_id),
+          'page' => 0,
+          'pageSize' => page_size,
+          'scanTargetIds' => scan_target_ids.each { |scan_target_id| validate_uuid(scan_target_id) },
+          'rule' => rule,
+          'states' => states,
+          'severities' => severities,
+          'lang' => language,
+          'CreatedAtStart' => created_at_start,
+          'CreatedAtEnd' => created_at_end,
+          'UpdatedAtStart' => updated_at_start,
+          'UpdatedAtEnd' => updated_at_end
+        }
+
+        Enumerator.new do |yielder|
+          loop do
+            body['page'] += 1
+            data = @http.request('POST', '/alerts', body.compact)
+            data['data'].each do |e|
+              yielder.yield e
+            end
+            break if body['page'] == (data['total'] / body['pageSize']).ceil
+          end
+        end
+      end
+
+      # Alerts Following Enumerator over the following alerts froms organizations being followed by
+      #   transparently paginating on the API
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/listFollowingAlerts)
+      #
+      # @param organization_id [UUID] of the organization
+      # @param following_ids [Array<UUID>] Optional list of IDs of organizations you are following to
+      #   list alerts from, defaults to all
+      # @param rule [String] to filter alerts from (rule), not passing the field will fetch all
+      # @param states [Array<'OPEN', 'ACTIVE', 'IN_PROGRESS', 'RISK_ACCEPTED', 'CLOSED'>] Optional list of states to
+      #   filter returned alerts, defaults to all
+      # @param severities [Array<'CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO'>] optional list of severities to filter
+      #   returned alerts, defaults to all
+      # @param page_size [Integer] the number of alerts to load from the API at a time
+      # @param language ['en-US', 'pt-BR'] Language of the rule will be returned
+      # @param created_at_start [String] Search alerts by creation date - greater or equals than
+      # @param created_at_end [String] Search alerts by creation date - less or equals than
+      # @param updated_at_start [String] Search alerts by update date - greater or equals than
+      # @param updated_at_end [String] Search alerts by update date - less or equals than
+      #
+      # @return an Alerts Enumerator object
+      def iter_following_alerts(organization_id,
+                                following_ids: [],
+                                rule: nil,
+                                states: nil,
+                                severities: nil,
+                                page_size: 100,
+                                language: nil,
+                                created_at_start: nil,
+                                created_at_end: nil,
+                                updated_at_start: nil,
+                                updated_at_end: nil)
+        body = {
+          'organizationId' => validate_uuid(organization_id),
+          'page' => 0,
+          'pageSize' => page_size,
+          'followingIds' => following_ids.each { |following_id| validate_uuid(following_id) },
+          'rule' => rule,
+          'states' => states,
+          'severities' => severities,
+          'lang' => language,
+          'CreatedAtStart' => created_at_start,
+          'CreatedAtEnd' => created_at_end,
+          'UpdatedAtStart' => updated_at_start,
+          'UpdatedAtEnd' => updated_at_end
+        }
+
+        Enumerator.new do |yielder|
+          loop do
+            body['page'] += 1
+            data = @http.request('POST', '/alerts/following', body.compact)
+            data['data'].each do |e|
+              yielder.yield e
+            end
+            break if body['page'] == (data['total'] / body['pageSize']).ceil
+          end
+        end
+      end
+
+      # Alerts History Enumerator of an organization by loading them, transparently paginating on the API
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/listAllAlertsHistory)
+      #
+      # @param organization_id [UUID] of the organization
+      # @param scan_target_ids [Array<UUID>] Optional list of scan target IDs to list alerts from, defaults to all
+      # @param page_size [Integer] the number of alerts to load from the API at a time
+      # @param language ['en-US', 'pt-BR'] Language of the rule will be returned
+      # @param cursor [String] Alert Cursor of the last alert consumed, when this value is passed, subsequent
+      #   alert histories will be returned
+      #
+      # @return an Alerts History Enumerator object
+      def iter_alerts_history(organization_id,
+                              scan_target_ids: [],
+                              page_size: 100,
+                              language: nil,
+                              cursor: nil)
+        body = {
+          'organizationId' => validate_uuid(organization_id),
+          'page' => 0,
+          'pageSize' => page_size,
+          'scanTargetIds' => scan_target_ids.each { |scan_target_id| validate_uuid(scan_target_id) },
+          'lang' => language,
+          'cursor' => cursor
+        }
+
+        Enumerator.new do |yielder|
+          loop do
+            body['page'] += 1
+            data = @http.request('POST', '/alerts/history', body.compact)
+            break if data['data'].empty?
+
+            body['cursor'] = data['data'].last['cursor']
+            data['data'].each do |e|
+              yielder.yield e
+            end
+          end
+        end
+      end
+
+      # Alerts Following History Enumerator of an organization by loading them, transparently paginating on the API
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/listAllAlertsHistoryFollowing)
+      #
+      # @param organization_id [UUID] of the organization
+      # @param following_ids [Array<UUID>] Optional list of IDs of organizations you are following to
+      #   list alerts from, defaults to all
+      # @param page_size [Integer] the number of alerts to load from the API at a time
+      # @param language ['en-US', 'pt-BR'] Language of the rule will be returned
+      # @param cursor [String] Alert Cursor of the last alert consumed, when this value is passed, subsequent
+      #   alert histories will be returned
+      #
+      # @return an Alerts Following History Enumerator object
+      def iter_alerts_following_history(organization_id,
+                                        following_ids: [],
+                                        page_size: 100,
+                                        language: nil,
+                                        cursor: nil)
+        body = {
+          'organizationId' => validate_uuid(organization_id),
+          'page' => 0,
+          'pageSize' => page_size,
+          'followingIds' => following_ids.each { |following_id| validate_uuid(following_id) },
+          'lang' => language,
+          'cursor' => cursor
+        }
+
+        Enumerator.new do |yielder|
+          loop do
+            body['page'] += 1
+            data = @http.request('POST', '/alerts/history/following', body.compact)
+            break if data['data'].empty?
+
+            body['cursor'] = data['data'].last['cursor']
+            data['data'].each do |e|
+              yielder.yield e
+            end
+          end
+        end
+      end
+
+      # Grouped Alerts Enumerator of an organization by loading them, transparently paginating on the API
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/listAllAlertRules)
+      #
+      # @param organization_id [UUID] of the organization
+      # @param scan_target_ids [Array<UUID>] Optional list of scan target IDs to list alerts from, defaults to all
+      # @param states [Array<'OPEN', 'ACTIVE', 'IN_PROGRESS', 'RISK_ACCEPTED', 'CLOSED'>] Optional list of states to
+      #   filter returned alerts, defaults to all
+      # @param severities [Array<'CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO'>] optional list of severities to filter
+      #   returned alerts, defaults to all
+      # @param page_size [Integer] the number of alerts to load from the API at a time
+      #
+      # @return an Grouped Alerts Enumerator object
+      def iter_grouped_alerts(organization_id,
+                              scan_target_ids: [],
+                              states: nil,
+                              severities: nil,
+                              page_size: 100)
+        body = {
+          'organizationId' => validate_uuid(organization_id),
+          'page' => 0,
+          'pageSize' => page_size,
+          'scanTargetIds' => scan_target_ids.each { |scan_target_id| validate_uuid(scan_target_id) },
+          'states' => states,
+          'severities' => severities
+        }
+
+        Enumerator.new do |yielder|
+          loop do
+            body['page'] += 1
+            data = @http.request('POST', '/alerts/rules', body.compact)
+            data['data'].each do |e|
+              yielder.yield e
+            end
+            break if body['page'] == (data['total'] / body['pageSize']).ceil
+          end
+        end
+      end
+
+      # Grouped Alerts Following Enumerator of an organization by loading them, transparently paginating on the API
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/listAllAlertRulesFollowing)
+      #
+      # @param organization_id [UUID] of the organization
+      # @param following_ids [Array<UUID>] Optional list of IDs of organizations you are following to
+      #   list alerts from, defaults to all
+      # @param states [Array<'OPEN', 'ACTIVE', 'IN_PROGRESS', 'RISK_ACCEPTED', 'CLOSED'>] Optional list of states to
+      #   filter returned alerts, defaults to all
+      # @param severities [Array<'CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO'>] optional list of severities to filter
+      #   returned alerts, defaults to all
+      # @param page_size [Integer] the number of alerts to load from the API at a time
+      #
+      # @return an Grouped Alerts Following Enumerator object
+      def iter_grouped_following_alerts(organization_id,
+                                        following_ids: [],
+                                        states: nil,
+                                        severities: nil,
+                                        page_size: 100)
+        body = {
+          'organizationId' => validate_uuid(organization_id),
+          'page' => 0,
+          'pageSize' => page_size,
+          'followingIds' => following_ids.each { |following_id| validate_uuid(following_id) },
+          'states' => states,
+          'severities' => severities
+        }
+
+        Enumerator.new do |yielder|
+          loop do
+            body['page'] += 1
+            data = @http.request('POST', '/alerts/rules/following', body.compact)
+            data['data'].each do |e|
+              yielder.yield e
+            end
+            break if body['page'] == (data['total'] / body['pageSize']).ceil
+          end
+        end
+      end
+
+      # Returns the detailed object that describes an alert
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/getAlertById)
+      #
+      # @param alert_id [UUID] of the alert
+      #
+      # @return a Object representing the alert
+      def get_alert(alert_id)
+        @http.request('GET', "/alerts/#{validate_uuid(alert_id)}")
+      end
+
+      # Alert History Enumerator over the history of an alert
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/listAllAlertHistory)
+      #
+      # @param alert_id [UUID] of the alert
+      #
+      # @return an Alert History Enumerator object
+      def iter_alert_history(alert_id)
+        Enumerator.new do |yielder|
+          @http.request('GET', "/alerts/#{validate_uuid(alert_id)}/history").each do |e|
+            yielder.yield e
+          end
+        end
+      end
+
+      # Alert Comments Enumerator over the comment of an alert
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/listAllAlertComments)
+      #
+      # @param alert_id [UUID] of the alert
+      #
+      # @return an Alert Comments Enumerator object
+      def iter_alert_comments(alert_id)
+        Enumerator.new do |yielder|
+          @http.request('GET', "/alerts/#{validate_uuid(alert_id)}/comments").each do |e|
+            yielder.yield e
+          end
+        end
+      end
+
+      # Update alert
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/editOrganizationScanTargetAlertById)
+      #
+      # @param organization_id [UUID] of the organization
+      # @param scan_target_id [UUID] of the scan target
+      # @param alert_id [UUID] of the alert
+      # @param state ['OPEN', 'ACTIVE', 'IN_PROGRESS', 'RISK_ACCEPTED']
+      # @param labels [Array<String>] Optional labels to alert
+      # @param comment [String] Accepted and required only when change :state to 'IN_PROGRESS'
+      #
+      # @return a Object representing the alert updated
+      def update_alert(organization_id, scan_target_id, alert_id, state = nil, labels = nil, comment = nil)
+        body = {
+          'state' => state,
+          'labels' => labels,
+          'comment' => comment
+        }
+
+        @http.request(
+          'PUT',
+          "/organizations/#{validate_uuid(organization_id)}/scantargets/#{
+            validate_uuid(scan_target_id)}/alerts/#{validate_uuid(alert_id)}",
+          body.compact
+        )
+      end
+
+      # Create comment in alert
+      # [#reference](https://api.zanshin.tenchisecurity.com/#operation/listAllAlertComments)
+      #
+      # @param organization_id [UUID] of the organization
+      # @param scan_target_id [UUID] of the scan target
+      # @param alert_id [UUID] of the alert
+      # @param comment [String] in HTML format
+      #
+      # @return a Object representing the alert comment
+      def create_alert_comment(organization_id, scan_target_id, alert_id, comment)
+        body = {
+          'comment' => comment
+        }
+
+        @http.request(
+          'POST',
+          "/organizations/#{validate_uuid(organization_id)}/scantargets/#{
+            validate_uuid(scan_target_id)}/alerts/#{validate_uuid(alert_id)}/comments",
+          body.compact
+        )
+      end
+    end
+  end
+end