@censys/platform-sdk 0.10.3 → 0.10.4

package/sdk/threathunting.js

@@ -19,7 +19,7 @@ class ThreatHunting extends sdks_js_1.ClientSDK {
      * CensEye: Create a pivot analysis job
      *
      * @remarks
-     * Create an asynchronous CensEye pivot analysis job for a host, web property, or certificate. The job extracts [default pivot fields](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#default-pivot-fields) from the target asset and counts matching documents for each field-value pair. Poll the job status endpoint to track progress, then retrieve results when complete.<br><br>To use this endpoint, your organization must have access to the Threat Hunting module.<br><br>This endpoint costs 44 credits to execute for a host, 28 credits to execute for a web property, and 7 credits to execute for a certificate.
+     * Create an asynchronous CensEye pivot analysis job for a host, web property, or certificate. The job extracts default pivot fields from the target asset and counts matching documents for each field-value pair. Poll the job status endpoint to track progress, then retrieve results when complete.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module.
      */
     async createCenseyeJob(request, options) {
         return (0, fp_js_1.unwrapAsync)((0, threatHuntingCreateCenseyeJob_js_1.threatHuntingCreateCenseyeJob)(this, request, options));
@@ -28,7 +28,7 @@ class ThreatHunting extends sdks_js_1.ClientSDK {
      * CensEye: Get job status
      *
      * @remarks
-     * Retrieve the current status of a CensEye pivot analysis job. Use this to poll for completion before fetching results.<br><br>To use this endpoint, your organization must have access to the Threat Hunting module.
+     * Retrieve the current status of a CensEye pivot analysis job. Use this to poll for completion before fetching results.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module.
      */
     async getCenseyeJob(request, options) {
         return (0, fp_js_1.unwrapAsync)((0, threatHuntingGetCenseyeJob_js_1.threatHuntingGetCenseyeJob)(this, request, options));
@@ -37,7 +37,7 @@ class ThreatHunting extends sdks_js_1.ClientSDK {
      * CensEye: Get job results
      *
      * @remarks
-     * Retrieve the results of a completed CensEye pivot analysis job. Each result contains a count and the field-value pairs that were analyzed. Results may be empty if the job is still running.<br><br>Results are paginated. Use the `next_page_token` from the response to fetch subsequent pages.<br><br>To use this endpoint, your organization must have access to the Threat Hunting module.
+     * Retrieve the results of a completed CensEye pivot analysis job. Each result contains a count and the field-value pairs that were analyzed. Results may be empty if the job is still running.<br><br>Results are paginated. Use the `next_page_token` from the response to fetch subsequent pages.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module.
      */
     async getCenseyeJobResults(request, options) {
         return (0, fp_js_1.unwrapAsync)((0, threatHuntingGetCenseyeJobResults_js_1.threatHuntingGetCenseyeJobResults)(this, request, options));
@@ -46,7 +46,7 @@ class ThreatHunting extends sdks_js_1.ClientSDK {
      * Get host history for a certificate
      *
      * @remarks
-     * Retrieve the historical observations of hosts associated with a certificate. This is useful for threat hunting, detection engineering, and timeline generation. Certificate history is also visible to Threat Hunting users in the Platform UI on the [certificate timeline](https://docs.censys.com/docs/platform-threat-hunting-use-cert-history-to-build-better-detections#/).<br><br>You can define a specific time frame of interest. If you do not specify a time frame, this endpoint will search the historical dataset that is available to your account. You may also filter results by port and transport protocol.<br><br>This endpoint is available to organizations that have access to the Threat Hunting module. It costs 5 credits per page of results.
+     * Retrieve the historical observations of hosts associated with a certificate. This is useful for threat hunting, detection engineering, and timeline generation. Certificate history is also visible to Adversary Investigation users in the Platform UI on the [certificate timeline](https://docs.censys.com/docs/platform-threat-hunting-use-cert-history-to-build-better-detections#/).<br><br>You can define a specific time frame of interest. If you do not specify a time frame, this endpoint will search the historical dataset that is available to your account. You may also filter results by port and transport protocol.<br><br>This endpoint is available to organizations that have access to the Adversary Investigation module. It costs 5 credits per page of results.
      */
     async getHostObservationsWithCertificate(request, options) {
         return (0, fp_js_1.unwrapAsync)((0, threatHuntingGetHostObservationsWithCertificate_js_1.threatHuntingGetHostObservationsWithCertificate)(this, request, options));
@@ -55,7 +55,7 @@ class ThreatHunting extends sdks_js_1.ClientSDK {
      * Live Discovery: Initiate a new scan
      *
      * @remarks
-     * Initiate a scan to look for a currently unobserved service at a specific IP and port (`ip:port`) or hostname and port (`hostname:port`). This is equivalent to the [Live Discovery](https://docs.censys.com/docs/platform-threat-hunting-use-live-scan-and-rescan-to-validate-infrastructure#/) feature available in the UI, but you can also target web properties in addition to hosts.<br><br>The scan may take several minutes to complete. The response will contain a scan ID that you can use to [monitor the scan's status](https://docs.censys.com/reference/v3-threathunting-scans-get#/). After the scan completes, perform a lookup on the target asset to retrieve detailed scan information.<br><br>This endpoint is available to organizations that have access to the Threat Hunting module. It costs 15 credits to execute this endpoint.
+     * Initiate a scan to look for a currently unobserved service at a specific IP and port (`ip:port`) or hostname and port (`hostname:port`). This is equivalent to the [Live Discovery](https://docs.censys.com/docs/platform-threat-hunting-use-live-scan-and-rescan-to-validate-infrastructure#/) feature available in the UI, but you can also target web properties in addition to hosts.<br><br>The scan may take several minutes to complete. The response will contain a scan ID that you can use to [monitor the scan's status](https://docs.censys.com/reference/v3-threathunting-scans-get#/). After the scan completes, perform a lookup on the target asset to retrieve detailed scan information.<br><br>This endpoint is available to organizations that have access to the Adversary Investigation module. It costs 15 credits to execute this endpoint.
      */
     async createTrackedScan(request, options) {
         return (0, fp_js_1.unwrapAsync)((0, threatHuntingCreateTrackedScan_js_1.threatHuntingCreateTrackedScan)(this, request, options));
@@ -73,7 +73,7 @@ class ThreatHunting extends sdks_js_1.ClientSDK {
      * List active threats
      *
      * @remarks
-     * Retrieve a list of active threats observed by Censys by aggregating threat IDs across hosts and web properties. Threats are active if their fingerprint has been identified on hosts or web properties by Censys scans. This information is also available on the [Explore Threats page in the Platform web UI](https://platform.censys.io/threats).<br><br>This endpoint is available to organizations that have access to the Threat Hunting module.
+     * Retrieve a list of active threats observed by Censys by aggregating threat IDs across hosts and web properties. Threats are active if their fingerprint has been identified on hosts or web properties by Censys scans. This information is also available on the [Explore Threats page in the Platform web UI](https://platform.censys.io/threats).<br><br>This endpoint is available to organizations that have access to the Adversary Investigation module.
      */
     async listThreats(request, options) {
         return (0, fp_js_1.unwrapAsync)((0, threatHuntingListThreats_js_1.threatHuntingListThreats)(this, request, options));
@@ -82,7 +82,7 @@ class ThreatHunting extends sdks_js_1.ClientSDK {
      * CensEye: Retrieve value counts to discover pivots
      *
      * @remarks
-     * Get counts of web assets for specific field-value pairs and combinations of field-value pairs. This is similar to the [CensEye functionality](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#/) available in the Platform web UI, but it allows you to define specific fields of interest rather than the [default fields](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#default-pivot-fields) leveraged by the tool in the UI.<br><br>Each array can only target fields within the same nested object and may contain at most 5 field-value pairs. For example, you can combine `host.services.port=80` and `host.services.protocol=SSH` in the same array, but you cannot combine `host.services.port=80` and `host.location.country="United States"` in the same array. You can input multiple arrays of objects in each API call.<br><br>To use this endpoint, your organization must have access to the Threat Hunting Module. This endpoint costs 1 credit per count condition (array of objects) included in the API call.
+     * Get counts of web assets for specific field-value pairs and combinations of field-value pairs. This is similar to the [CensEye functionality](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#/) available in the Platform web UI, but it allows you to define specific fields of interest rather than the [default fields](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#default-pivot-fields) leveraged by the tool in the UI.<br><br>Each array can only target fields within the same nested object and may contain at most 5 field-value pairs. For example, you can combine `host.services.port=80` and `host.services.protocol=SSH` in the same array, but you cannot combine `host.services.port=80` and `host.location.country="United States"` in the same array. You can input multiple arrays of objects in each API call.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module. This endpoint costs 1 credit per count condition (array of objects) included in the API call.
      */
     async valueCounts(request, options) {
         return (0, fp_js_1.unwrapAsync)((0, threatHuntingValueCounts_js_1.threatHuntingValueCounts)(this, request, options));

package/src/funcs/threatHuntingCreateCenseyeJob.ts

@@ -29,7 +29,7 @@ import { Result } from "../types/fp.js";
  * CensEye: Create a pivot analysis job
  *
  * @remarks
- * Create an asynchronous CensEye pivot analysis job for a host, web property, or certificate. The job extracts [default pivot fields](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#default-pivot-fields) from the target asset and counts matching documents for each field-value pair. Poll the job status endpoint to track progress, then retrieve results when complete.<br><br>To use this endpoint, your organization must have access to the Threat Hunting module.<br><br>This endpoint costs 44 credits to execute for a host, 28 credits to execute for a web property, and 7 credits to execute for a certificate.
+ * Create an asynchronous CensEye pivot analysis job for a host, web property, or certificate. The job extracts default pivot fields from the target asset and counts matching documents for each field-value pair. Poll the job status endpoint to track progress, then retrieve results when complete.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module.
  */
 export function threatHuntingCreateCenseyeJob(
   client: SDKCore,

package/src/funcs/threatHuntingCreateTrackedScan.ts

@@ -29,7 +29,7 @@ import { Result } from "../types/fp.js";
  * Live Discovery: Initiate a new scan
  *
  * @remarks
- * Initiate a scan to look for a currently unobserved service at a specific IP and port (`ip:port`) or hostname and port (`hostname:port`). This is equivalent to the [Live Discovery](https://docs.censys.com/docs/platform-threat-hunting-use-live-scan-and-rescan-to-validate-infrastructure#/) feature available in the UI, but you can also target web properties in addition to hosts.<br><br>The scan may take several minutes to complete. The response will contain a scan ID that you can use to [monitor the scan's status](https://docs.censys.com/reference/v3-threathunting-scans-get#/). After the scan completes, perform a lookup on the target asset to retrieve detailed scan information.<br><br>This endpoint is available to organizations that have access to the Threat Hunting module. It costs 15 credits to execute this endpoint.
+ * Initiate a scan to look for a currently unobserved service at a specific IP and port (`ip:port`) or hostname and port (`hostname:port`). This is equivalent to the [Live Discovery](https://docs.censys.com/docs/platform-threat-hunting-use-live-scan-and-rescan-to-validate-infrastructure#/) feature available in the UI, but you can also target web properties in addition to hosts.<br><br>The scan may take several minutes to complete. The response will contain a scan ID that you can use to [monitor the scan's status](https://docs.censys.com/reference/v3-threathunting-scans-get#/). After the scan completes, perform a lookup on the target asset to retrieve detailed scan information.<br><br>This endpoint is available to organizations that have access to the Adversary Investigation module. It costs 15 credits to execute this endpoint.
  */
 export function threatHuntingCreateTrackedScan(
   client: SDKCore,

package/src/funcs/threatHuntingGetCenseyeJob.ts

@@ -29,7 +29,7 @@ import { Result } from "../types/fp.js";
  * CensEye: Get job status
  *
  * @remarks
- * Retrieve the current status of a CensEye pivot analysis job. Use this to poll for completion before fetching results.<br><br>To use this endpoint, your organization must have access to the Threat Hunting module.
+ * Retrieve the current status of a CensEye pivot analysis job. Use this to poll for completion before fetching results.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module.
  */
 export function threatHuntingGetCenseyeJob(
   client: SDKCore,

package/src/funcs/threatHuntingGetCenseyeJobResults.ts

@@ -29,7 +29,7 @@ import { Result } from "../types/fp.js";
  * CensEye: Get job results
  *
  * @remarks
- * Retrieve the results of a completed CensEye pivot analysis job. Each result contains a count and the field-value pairs that were analyzed. Results may be empty if the job is still running.<br><br>Results are paginated. Use the `next_page_token` from the response to fetch subsequent pages.<br><br>To use this endpoint, your organization must have access to the Threat Hunting module.
+ * Retrieve the results of a completed CensEye pivot analysis job. Each result contains a count and the field-value pairs that were analyzed. Results may be empty if the job is still running.<br><br>Results are paginated. Use the `next_page_token` from the response to fetch subsequent pages.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module.
  */
 export function threatHuntingGetCenseyeJobResults(
   client: SDKCore,

package/src/funcs/threatHuntingGetHostObservationsWithCertificate.ts

@@ -29,7 +29,7 @@ import { Result } from "../types/fp.js";
  * Get host history for a certificate
  *
  * @remarks
- * Retrieve the historical observations of hosts associated with a certificate. This is useful for threat hunting, detection engineering, and timeline generation. Certificate history is also visible to Threat Hunting users in the Platform UI on the [certificate timeline](https://docs.censys.com/docs/platform-threat-hunting-use-cert-history-to-build-better-detections#/).<br><br>You can define a specific time frame of interest. If you do not specify a time frame, this endpoint will search the historical dataset that is available to your account. You may also filter results by port and transport protocol.<br><br>This endpoint is available to organizations that have access to the Threat Hunting module. It costs 5 credits per page of results.
+ * Retrieve the historical observations of hosts associated with a certificate. This is useful for threat hunting, detection engineering, and timeline generation. Certificate history is also visible to Adversary Investigation users in the Platform UI on the [certificate timeline](https://docs.censys.com/docs/platform-threat-hunting-use-cert-history-to-build-better-detections#/).<br><br>You can define a specific time frame of interest. If you do not specify a time frame, this endpoint will search the historical dataset that is available to your account. You may also filter results by port and transport protocol.<br><br>This endpoint is available to organizations that have access to the Adversary Investigation module. It costs 5 credits per page of results.
  */
 export function threatHuntingGetHostObservationsWithCertificate(
   client: SDKCore,

package/src/funcs/threatHuntingListThreats.ts

@@ -29,7 +29,7 @@ import { Result } from "../types/fp.js";
  * List active threats
  *
  * @remarks
- * Retrieve a list of active threats observed by Censys by aggregating threat IDs across hosts and web properties. Threats are active if their fingerprint has been identified on hosts or web properties by Censys scans. This information is also available on the [Explore Threats page in the Platform web UI](https://platform.censys.io/threats).<br><br>This endpoint is available to organizations that have access to the Threat Hunting module.
+ * Retrieve a list of active threats observed by Censys by aggregating threat IDs across hosts and web properties. Threats are active if their fingerprint has been identified on hosts or web properties by Censys scans. This information is also available on the [Explore Threats page in the Platform web UI](https://platform.censys.io/threats).<br><br>This endpoint is available to organizations that have access to the Adversary Investigation module.
  */
 export function threatHuntingListThreats(
   client: SDKCore,

package/src/funcs/threatHuntingValueCounts.ts

@@ -29,7 +29,7 @@ import { Result } from "../types/fp.js";
  * CensEye: Retrieve value counts to discover pivots
  *
  * @remarks
- * Get counts of web assets for specific field-value pairs and combinations of field-value pairs. This is similar to the [CensEye functionality](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#/) available in the Platform web UI, but it allows you to define specific fields of interest rather than the [default fields](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#default-pivot-fields) leveraged by the tool in the UI.<br><br>Each array can only target fields within the same nested object and may contain at most 5 field-value pairs. For example, you can combine `host.services.port=80` and `host.services.protocol=SSH` in the same array, but you cannot combine `host.services.port=80` and `host.location.country="United States"` in the same array. You can input multiple arrays of objects in each API call.<br><br>To use this endpoint, your organization must have access to the Threat Hunting Module. This endpoint costs 1 credit per count condition (array of objects) included in the API call.
+ * Get counts of web assets for specific field-value pairs and combinations of field-value pairs. This is similar to the [CensEye functionality](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#/) available in the Platform web UI, but it allows you to define specific fields of interest rather than the [default fields](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#default-pivot-fields) leveraged by the tool in the UI.<br><br>Each array can only target fields within the same nested object and may contain at most 5 field-value pairs. For example, you can combine `host.services.port=80` and `host.services.protocol=SSH` in the same array, but you cannot combine `host.services.port=80` and `host.location.country="United States"` in the same array. You can input multiple arrays of objects in each API call.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module. This endpoint costs 1 credit per count condition (array of objects) included in the API call.
  */
 export function threatHuntingValueCounts(
   client: SDKCore,

package/src/lib/config.ts

@@ -65,9 +65,9 @@ export function serverURLFromOptions(options: SDKOptions): URL | null {
 
 export const SDK_METADATA = {
   language: "typescript",
-  openapiDocVersion: "1.0.88",
-  sdkVersion: "0.10.3",
+  openapiDocVersion: "1.0.89",
+  sdkVersion: "0.10.4",
   genVersion: "2.879.1",
   userAgent:
-    "speakeasy-sdk/typescript 0.10.3 2.879.1 1.0.88 @censys/platform-sdk",
+    "speakeasy-sdk/typescript 0.10.4 2.879.1 1.0.89 @censys/platform-sdk",
 } as const;

package/src/sdk/adversaryinvestigation.ts

@@ -0,0 +1,138 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+
+import { threatHuntingCreateCenseyeJob } from "../funcs/threatHuntingCreateCenseyeJob.js";
+import { threatHuntingCreateTrackedScan } from "../funcs/threatHuntingCreateTrackedScan.js";
+import { threatHuntingGetCenseyeJob } from "../funcs/threatHuntingGetCenseyeJob.js";
+import { threatHuntingGetCenseyeJobResults } from "../funcs/threatHuntingGetCenseyeJobResults.js";
+import { threatHuntingGetHostObservationsWithCertificate } from "../funcs/threatHuntingGetHostObservationsWithCertificate.js";
+import { threatHuntingListThreats } from "../funcs/threatHuntingListThreats.js";
+import { threatHuntingValueCounts } from "../funcs/threatHuntingValueCounts.js";
+import { ClientSDK, RequestOptions } from "../lib/sdks.js";
+import * as operations from "../models/operations/index.js";
+import { unwrapAsync } from "../types/fp.js";
+
+export class AdversaryInvestigation extends ClientSDK {
+  /**
+   * CensEye: Create a pivot analysis job
+   *
+   * @remarks
+   * Create an asynchronous CensEye pivot analysis job for a host, web property, or certificate. The job extracts default pivot fields from the target asset and counts matching documents for each field-value pair. Poll the job status endpoint to track progress, then retrieve results when complete.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module.
+   */
+  async createCenseyeJob(
+    request: operations.V3ThreathuntingCenseyeJobsCreateRequest,
+    options?: RequestOptions,
+  ): Promise<operations.V3ThreathuntingCenseyeJobsCreateResponse> {
+    return unwrapAsync(threatHuntingCreateCenseyeJob(
+      this,
+      request,
+      options,
+    ));
+  }
+
+  /**
+   * CensEye: Get job status
+   *
+   * @remarks
+   * Retrieve the current status of a CensEye pivot analysis job. Use this to poll for completion before fetching results.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module.
+   */
+  async getCenseyeJob(
+    request: operations.V3ThreathuntingCenseyeJobsGetRequest,
+    options?: RequestOptions,
+  ): Promise<operations.V3ThreathuntingCenseyeJobsGetResponse> {
+    return unwrapAsync(threatHuntingGetCenseyeJob(
+      this,
+      request,
+      options,
+    ));
+  }
+
+  /**
+   * CensEye: Get job results
+   *
+   * @remarks
+   * Retrieve the results of a completed CensEye pivot analysis job. Each result contains a count and the field-value pairs that were analyzed. Results may be empty if the job is still running.<br><br>Results are paginated. Use the `next_page_token` from the response to fetch subsequent pages.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module.
+   */
+  async getCenseyeJobResults(
+    request: operations.V3ThreathuntingCenseyeJobResultsRequest,
+    options?: RequestOptions,
+  ): Promise<operations.V3ThreathuntingCenseyeJobResultsResponse> {
+    return unwrapAsync(threatHuntingGetCenseyeJobResults(
+      this,
+      request,
+      options,
+    ));
+  }
+
+  /**
+   * Get host history for a certificate
+   *
+   * @remarks
+   * Retrieve the historical observations of hosts associated with a certificate. This is useful for threat hunting, detection engineering, and timeline generation. Certificate history is also visible to Adversary Investigation users in the Platform UI on the [certificate timeline](https://docs.censys.com/docs/platform-threat-hunting-use-cert-history-to-build-better-detections#/).<br><br>You can define a specific time frame of interest. If you do not specify a time frame, this endpoint will search the historical dataset that is available to your account. You may also filter results by port and transport protocol.<br><br>This endpoint is available to organizations that have access to the Adversary Investigation module. It costs 5 credits per page of results.
+   */
+  async getHostObservationsWithCertificate(
+    request:
+      operations.V3ThreathuntingGetHostObservationsWithCertificateRequest,
+    options?: RequestOptions,
+  ): Promise<
+    operations.V3ThreathuntingGetHostObservationsWithCertificateResponse
+  > {
+    return unwrapAsync(threatHuntingGetHostObservationsWithCertificate(
+      this,
+      request,
+      options,
+    ));
+  }
+
+  /**
+   * Live Discovery: Initiate a new scan
+   *
+   * @remarks
+   * Initiate a scan to look for a currently unobserved service at a specific IP and port (`ip:port`) or hostname and port (`hostname:port`). This is equivalent to the [Live Discovery](https://docs.censys.com/docs/platform-threat-hunting-use-live-scan-and-rescan-to-validate-infrastructure#/) feature available in the UI, but you can also target web properties in addition to hosts.<br><br>The scan may take several minutes to complete. The response will contain a scan ID that you can use to [monitor the scan's status](https://docs.censys.com/reference/v3-threathunting-scans-get#/). After the scan completes, perform a lookup on the target asset to retrieve detailed scan information.<br><br>This endpoint is available to organizations that have access to the Adversary Investigation module. It costs 15 credits to execute this endpoint.
+   */
+  async createTrackedScan(
+    request: operations.V3ThreathuntingScansDiscoveryRequest,
+    options?: RequestOptions,
+  ): Promise<operations.V3ThreathuntingScansDiscoveryResponse> {
+    return unwrapAsync(threatHuntingCreateTrackedScan(
+      this,
+      request,
+      options,
+    ));
+  }
+
+  /**
+   * List active threats
+   *
+   * @remarks
+   * Retrieve a list of active threats observed by Censys by aggregating threat IDs across hosts and web properties. Threats are active if their fingerprint has been identified on hosts or web properties by Censys scans. This information is also available on the [Explore Threats page in the Platform web UI](https://platform.censys.io/threats).<br><br>This endpoint is available to organizations that have access to the Adversary Investigation module.
+   */
+  async listThreats(
+    request: operations.V3ThreathuntingThreatsListRequest,
+    options?: RequestOptions,
+  ): Promise<operations.V3ThreathuntingThreatsListResponse> {
+    return unwrapAsync(threatHuntingListThreats(
+      this,
+      request,
+      options,
+    ));
+  }
+
+  /**
+   * CensEye: Retrieve value counts to discover pivots
+   *
+   * @remarks
+   * Get counts of web assets for specific field-value pairs and combinations of field-value pairs. This is similar to the [CensEye functionality](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#/) available in the Platform web UI, but it allows you to define specific fields of interest rather than the [default fields](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#default-pivot-fields) leveraged by the tool in the UI.<br><br>Each array can only target fields within the same nested object and may contain at most 5 field-value pairs. For example, you can combine `host.services.port=80` and `host.services.protocol=SSH` in the same array, but you cannot combine `host.services.port=80` and `host.location.country="United States"` in the same array. You can input multiple arrays of objects in each API call.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module. This endpoint costs 1 credit per count condition (array of objects) included in the API call.
+   */
+  async valueCounts(
+    request: operations.V3ThreathuntingValueCountsRequest,
+    options?: RequestOptions,
+  ): Promise<operations.V3ThreathuntingValueCountsResponse> {
+    return unwrapAsync(threatHuntingValueCounts(
+      this,
+      request,
+      options,
+    ));
+  }
+}

package/src/sdk/sdk.ts

@@ -4,6 +4,7 @@
 
 import { ClientSDK } from "../lib/sdks.js";
 import { AccountManagement } from "./accountmanagement.js";
+import { AdversaryInvestigation } from "./adversaryinvestigation.js";
 import { Collections } from "./collections.js";
 import { GlobalData } from "./globaldata.js";
 import { ThreatHunting } from "./threathunting.js";
@@ -28,4 +29,11 @@ export class SDK extends ClientSDK {
   get threatHunting(): ThreatHunting {
     return (this._threatHunting ??= new ThreatHunting(this._options));
   }
+
+  private _adversaryInvestigation?: AdversaryInvestigation;
+  get adversaryInvestigation(): AdversaryInvestigation {
+    return (this._adversaryInvestigation ??= new AdversaryInvestigation(
+      this._options,
+    ));
+  }
 }

package/src/sdk/threathunting.ts

@@ -19,7 +19,7 @@ export class ThreatHunting extends ClientSDK {
    * CensEye: Create a pivot analysis job
    *
    * @remarks
-   * Create an asynchronous CensEye pivot analysis job for a host, web property, or certificate. The job extracts [default pivot fields](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#default-pivot-fields) from the target asset and counts matching documents for each field-value pair. Poll the job status endpoint to track progress, then retrieve results when complete.<br><br>To use this endpoint, your organization must have access to the Threat Hunting module.<br><br>This endpoint costs 44 credits to execute for a host, 28 credits to execute for a web property, and 7 credits to execute for a certificate.
+   * Create an asynchronous CensEye pivot analysis job for a host, web property, or certificate. The job extracts default pivot fields from the target asset and counts matching documents for each field-value pair. Poll the job status endpoint to track progress, then retrieve results when complete.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module.
    */
   async createCenseyeJob(
     request: operations.V3ThreathuntingCenseyeJobsCreateRequest,
@@ -36,7 +36,7 @@ export class ThreatHunting extends ClientSDK {
    * CensEye: Get job status
    *
    * @remarks
-   * Retrieve the current status of a CensEye pivot analysis job. Use this to poll for completion before fetching results.<br><br>To use this endpoint, your organization must have access to the Threat Hunting module.
+   * Retrieve the current status of a CensEye pivot analysis job. Use this to poll for completion before fetching results.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module.
    */
   async getCenseyeJob(
     request: operations.V3ThreathuntingCenseyeJobsGetRequest,
@@ -53,7 +53,7 @@ export class ThreatHunting extends ClientSDK {
    * CensEye: Get job results
    *
    * @remarks
-   * Retrieve the results of a completed CensEye pivot analysis job. Each result contains a count and the field-value pairs that were analyzed. Results may be empty if the job is still running.<br><br>Results are paginated. Use the `next_page_token` from the response to fetch subsequent pages.<br><br>To use this endpoint, your organization must have access to the Threat Hunting module.
+   * Retrieve the results of a completed CensEye pivot analysis job. Each result contains a count and the field-value pairs that were analyzed. Results may be empty if the job is still running.<br><br>Results are paginated. Use the `next_page_token` from the response to fetch subsequent pages.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module.
    */
   async getCenseyeJobResults(
     request: operations.V3ThreathuntingCenseyeJobResultsRequest,
@@ -70,7 +70,7 @@ export class ThreatHunting extends ClientSDK {
    * Get host history for a certificate
    *
    * @remarks
-   * Retrieve the historical observations of hosts associated with a certificate. This is useful for threat hunting, detection engineering, and timeline generation. Certificate history is also visible to Threat Hunting users in the Platform UI on the [certificate timeline](https://docs.censys.com/docs/platform-threat-hunting-use-cert-history-to-build-better-detections#/).<br><br>You can define a specific time frame of interest. If you do not specify a time frame, this endpoint will search the historical dataset that is available to your account. You may also filter results by port and transport protocol.<br><br>This endpoint is available to organizations that have access to the Threat Hunting module. It costs 5 credits per page of results.
+   * Retrieve the historical observations of hosts associated with a certificate. This is useful for threat hunting, detection engineering, and timeline generation. Certificate history is also visible to Adversary Investigation users in the Platform UI on the [certificate timeline](https://docs.censys.com/docs/platform-threat-hunting-use-cert-history-to-build-better-detections#/).<br><br>You can define a specific time frame of interest. If you do not specify a time frame, this endpoint will search the historical dataset that is available to your account. You may also filter results by port and transport protocol.<br><br>This endpoint is available to organizations that have access to the Adversary Investigation module. It costs 5 credits per page of results.
    */
   async getHostObservationsWithCertificate(
     request:
@@ -90,7 +90,7 @@ export class ThreatHunting extends ClientSDK {
    * Live Discovery: Initiate a new scan
    *
    * @remarks
-   * Initiate a scan to look for a currently unobserved service at a specific IP and port (`ip:port`) or hostname and port (`hostname:port`). This is equivalent to the [Live Discovery](https://docs.censys.com/docs/platform-threat-hunting-use-live-scan-and-rescan-to-validate-infrastructure#/) feature available in the UI, but you can also target web properties in addition to hosts.<br><br>The scan may take several minutes to complete. The response will contain a scan ID that you can use to [monitor the scan's status](https://docs.censys.com/reference/v3-threathunting-scans-get#/). After the scan completes, perform a lookup on the target asset to retrieve detailed scan information.<br><br>This endpoint is available to organizations that have access to the Threat Hunting module. It costs 15 credits to execute this endpoint.
+   * Initiate a scan to look for a currently unobserved service at a specific IP and port (`ip:port`) or hostname and port (`hostname:port`). This is equivalent to the [Live Discovery](https://docs.censys.com/docs/platform-threat-hunting-use-live-scan-and-rescan-to-validate-infrastructure#/) feature available in the UI, but you can also target web properties in addition to hosts.<br><br>The scan may take several minutes to complete. The response will contain a scan ID that you can use to [monitor the scan's status](https://docs.censys.com/reference/v3-threathunting-scans-get#/). After the scan completes, perform a lookup on the target asset to retrieve detailed scan information.<br><br>This endpoint is available to organizations that have access to the Adversary Investigation module. It costs 15 credits to execute this endpoint.
    */
   async createTrackedScan(
     request: operations.V3ThreathuntingScansDiscoveryRequest,
@@ -124,7 +124,7 @@ export class ThreatHunting extends ClientSDK {
    * List active threats
    *
    * @remarks
-   * Retrieve a list of active threats observed by Censys by aggregating threat IDs across hosts and web properties. Threats are active if their fingerprint has been identified on hosts or web properties by Censys scans. This information is also available on the [Explore Threats page in the Platform web UI](https://platform.censys.io/threats).<br><br>This endpoint is available to organizations that have access to the Threat Hunting module.
+   * Retrieve a list of active threats observed by Censys by aggregating threat IDs across hosts and web properties. Threats are active if their fingerprint has been identified on hosts or web properties by Censys scans. This information is also available on the [Explore Threats page in the Platform web UI](https://platform.censys.io/threats).<br><br>This endpoint is available to organizations that have access to the Adversary Investigation module.
    */
   async listThreats(
     request: operations.V3ThreathuntingThreatsListRequest,
@@ -141,7 +141,7 @@ export class ThreatHunting extends ClientSDK {
    * CensEye: Retrieve value counts to discover pivots
    *
    * @remarks
-   * Get counts of web assets for specific field-value pairs and combinations of field-value pairs. This is similar to the [CensEye functionality](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#/) available in the Platform web UI, but it allows you to define specific fields of interest rather than the [default fields](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#default-pivot-fields) leveraged by the tool in the UI.<br><br>Each array can only target fields within the same nested object and may contain at most 5 field-value pairs. For example, you can combine `host.services.port=80` and `host.services.protocol=SSH` in the same array, but you cannot combine `host.services.port=80` and `host.location.country="United States"` in the same array. You can input multiple arrays of objects in each API call.<br><br>To use this endpoint, your organization must have access to the Threat Hunting Module. This endpoint costs 1 credit per count condition (array of objects) included in the API call.
+   * Get counts of web assets for specific field-value pairs and combinations of field-value pairs. This is similar to the [CensEye functionality](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#/) available in the Platform web UI, but it allows you to define specific fields of interest rather than the [default fields](https://docs.censys.com/docs/platform-threat-hunting-use-censeye-to-build-detections#default-pivot-fields) leveraged by the tool in the UI.<br><br>Each array can only target fields within the same nested object and may contain at most 5 field-value pairs. For example, you can combine `host.services.port=80` and `host.services.protocol=SSH` in the same array, but you cannot combine `host.services.port=80` and `host.location.country="United States"` in the same array. You can input multiple arrays of objects in each API call.<br><br>To use this endpoint, your organization must have access to the Adversary Investigation module. This endpoint costs 1 credit per count condition (array of objects) included in the API call.
    */
   async valueCounts(
     request: operations.V3ThreathuntingValueCountsRequest,