binalyze-air-sdk 1.0.1__py3-none-any.whl → 1.0.3__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- binalyze_air/__init__.py +77 -77
- binalyze_air/apis/__init__.py +67 -27
- binalyze_air/apis/acquisitions.py +107 -0
- binalyze_air/apis/api_tokens.py +49 -0
- binalyze_air/apis/assets.py +161 -0
- binalyze_air/apis/audit_logs.py +26 -0
- binalyze_air/apis/{authentication.py → auth.py} +29 -27
- binalyze_air/apis/auto_asset_tags.py +79 -75
- binalyze_air/apis/backup.py +177 -0
- binalyze_air/apis/baseline.py +46 -0
- binalyze_air/apis/cases.py +225 -0
- binalyze_air/apis/cloud_forensics.py +116 -0
- binalyze_air/apis/event_subscription.py +96 -96
- binalyze_air/apis/evidence.py +249 -53
- binalyze_air/apis/interact.py +153 -36
- binalyze_air/apis/investigation_hub.py +234 -0
- binalyze_air/apis/license.py +104 -0
- binalyze_air/apis/logger.py +83 -0
- binalyze_air/apis/multipart_upload.py +201 -0
- binalyze_air/apis/notifications.py +115 -0
- binalyze_air/apis/organizations.py +267 -0
- binalyze_air/apis/params.py +44 -39
- binalyze_air/apis/policies.py +186 -0
- binalyze_air/apis/preset_filters.py +79 -0
- binalyze_air/apis/recent_activities.py +71 -0
- binalyze_air/apis/relay_server.py +104 -0
- binalyze_air/apis/settings.py +395 -27
- binalyze_air/apis/tasks.py +80 -0
- binalyze_air/apis/triage.py +197 -0
- binalyze_air/apis/user_management.py +183 -74
- binalyze_air/apis/webhook_executions.py +50 -0
- binalyze_air/apis/webhooks.py +322 -230
- binalyze_air/base.py +207 -133
- binalyze_air/client.py +217 -1337
- binalyze_air/commands/__init__.py +175 -145
- binalyze_air/commands/acquisitions.py +661 -387
- binalyze_air/commands/api_tokens.py +55 -0
- binalyze_air/commands/assets.py +324 -362
- binalyze_air/commands/{authentication.py → auth.py} +36 -36
- binalyze_air/commands/auto_asset_tags.py +230 -230
- binalyze_air/commands/backup.py +47 -0
- binalyze_air/commands/baseline.py +32 -396
- binalyze_air/commands/cases.py +609 -602
- binalyze_air/commands/cloud_forensics.py +88 -0
- binalyze_air/commands/event_subscription.py +101 -101
- binalyze_air/commands/evidences.py +918 -988
- binalyze_air/commands/interact.py +172 -58
- binalyze_air/commands/investigation_hub.py +315 -0
- binalyze_air/commands/license.py +183 -0
- binalyze_air/commands/logger.py +126 -0
- binalyze_air/commands/multipart_upload.py +363 -0
- binalyze_air/commands/notifications.py +45 -0
- binalyze_air/commands/organizations.py +200 -221
- binalyze_air/commands/policies.py +175 -203
- binalyze_air/commands/preset_filters.py +55 -0
- binalyze_air/commands/recent_activities.py +32 -0
- binalyze_air/commands/relay_server.py +144 -0
- binalyze_air/commands/settings.py +431 -29
- binalyze_air/commands/tasks.py +95 -56
- binalyze_air/commands/triage.py +224 -360
- binalyze_air/commands/user_management.py +351 -126
- binalyze_air/commands/webhook_executions.py +77 -0
- binalyze_air/config.py +244 -244
- binalyze_air/exceptions.py +49 -49
- binalyze_air/http_client.py +426 -305
- binalyze_air/models/__init__.py +287 -285
- binalyze_air/models/acquisitions.py +365 -250
- binalyze_air/models/api_tokens.py +73 -0
- binalyze_air/models/assets.py +438 -438
- binalyze_air/models/audit.py +247 -272
- binalyze_air/models/audit_logs.py +14 -0
- binalyze_air/models/{authentication.py → auth.py} +69 -69
- binalyze_air/models/auto_asset_tags.py +227 -116
- binalyze_air/models/backup.py +138 -0
- binalyze_air/models/baseline.py +231 -231
- binalyze_air/models/cases.py +275 -275
- binalyze_air/models/cloud_forensics.py +145 -0
- binalyze_air/models/event_subscription.py +170 -171
- binalyze_air/models/evidence.py +65 -65
- binalyze_air/models/evidences.py +367 -348
- binalyze_air/models/interact.py +266 -135
- binalyze_air/models/investigation_hub.py +265 -0
- binalyze_air/models/license.py +150 -0
- binalyze_air/models/logger.py +83 -0
- binalyze_air/models/multipart_upload.py +352 -0
- binalyze_air/models/notifications.py +138 -0
- binalyze_air/models/organizations.py +293 -293
- binalyze_air/models/params.py +153 -127
- binalyze_air/models/policies.py +260 -249
- binalyze_air/models/preset_filters.py +79 -0
- binalyze_air/models/recent_activities.py +70 -0
- binalyze_air/models/relay_server.py +121 -0
- binalyze_air/models/settings.py +538 -84
- binalyze_air/models/tasks.py +215 -149
- binalyze_air/models/triage.py +141 -142
- binalyze_air/models/user_management.py +200 -97
- binalyze_air/models/webhook_executions.py +33 -0
- binalyze_air/queries/__init__.py +121 -133
- binalyze_air/queries/acquisitions.py +155 -155
- binalyze_air/queries/api_tokens.py +46 -0
- binalyze_air/queries/assets.py +186 -105
- binalyze_air/queries/audit.py +400 -416
- binalyze_air/queries/{authentication.py → auth.py} +55 -55
- binalyze_air/queries/auto_asset_tags.py +59 -59
- binalyze_air/queries/backup.py +66 -0
- binalyze_air/queries/baseline.py +21 -185
- binalyze_air/queries/cases.py +292 -292
- binalyze_air/queries/cloud_forensics.py +137 -0
- binalyze_air/queries/event_subscription.py +54 -54
- binalyze_air/queries/evidence.py +139 -139
- binalyze_air/queries/evidences.py +279 -279
- binalyze_air/queries/interact.py +140 -28
- binalyze_air/queries/investigation_hub.py +329 -0
- binalyze_air/queries/license.py +85 -0
- binalyze_air/queries/logger.py +58 -0
- binalyze_air/queries/multipart_upload.py +180 -0
- binalyze_air/queries/notifications.py +71 -0
- binalyze_air/queries/organizations.py +222 -222
- binalyze_air/queries/params.py +154 -115
- binalyze_air/queries/policies.py +149 -149
- binalyze_air/queries/preset_filters.py +60 -0
- binalyze_air/queries/recent_activities.py +44 -0
- binalyze_air/queries/relay_server.py +42 -0
- binalyze_air/queries/settings.py +533 -20
- binalyze_air/queries/tasks.py +125 -81
- binalyze_air/queries/triage.py +230 -230
- binalyze_air/queries/user_management.py +193 -83
- binalyze_air/queries/webhook_executions.py +39 -0
- binalyze_air_sdk-1.0.3.dist-info/METADATA +752 -0
- binalyze_air_sdk-1.0.3.dist-info/RECORD +132 -0
- {binalyze_air_sdk-1.0.1.dist-info → binalyze_air_sdk-1.0.3.dist-info}/WHEEL +1 -1
- binalyze_air/apis/endpoints.py +0 -22
- binalyze_air/apis/evidences.py +0 -216
- binalyze_air/apis/users.py +0 -68
- binalyze_air/commands/users.py +0 -101
- binalyze_air/models/endpoints.py +0 -76
- binalyze_air/models/users.py +0 -82
- binalyze_air/queries/endpoints.py +0 -25
- binalyze_air/queries/users.py +0 -69
- binalyze_air_sdk-1.0.1.dist-info/METADATA +0 -635
- binalyze_air_sdk-1.0.1.dist-info/RECORD +0 -82
- {binalyze_air_sdk-1.0.1.dist-info → binalyze_air_sdk-1.0.3.dist-info}/top_level.txt +0 -0
binalyze_air/models/params.py
CHANGED
|
@@ -1,128 +1,154 @@
|
|
|
1
|
-
"""
|
|
2
|
-
Params API models for the Binalyze AIR SDK.
|
|
3
|
-
"""
|
|
4
|
-
|
|
5
|
-
from typing import List, Optional, Dict, Any
|
|
6
|
-
from enum import Enum
|
|
7
|
-
from pydantic import Field
|
|
8
|
-
|
|
9
|
-
from ..base import AIRBaseModel
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
class ArtifactType(str, Enum):
|
|
13
|
-
"""Acquisition artifact types."""
|
|
14
|
-
FILE = "file"
|
|
15
|
-
REGISTRY = "registry"
|
|
16
|
-
MEMORY = "memory"
|
|
17
|
-
NETWORK = "network"
|
|
18
|
-
PROCESS = "process"
|
|
19
|
-
EVENT_LOG = "event_log"
|
|
20
|
-
PREFETCH = "prefetch"
|
|
21
|
-
BROWSER = "browser"
|
|
22
|
-
SYSTEM = "system"
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
class ArtifactCategory(str, Enum):
|
|
26
|
-
"""Artifact categories."""
|
|
27
|
-
FORENSICS = "forensics"
|
|
28
|
-
MALWARE = "malware"
|
|
29
|
-
NETWORK = "network"
|
|
30
|
-
SYSTEM = "system"
|
|
31
|
-
BROWSER = "browser"
|
|
32
|
-
EMAIL = "email"
|
|
33
|
-
CHAT = "chat"
|
|
34
|
-
CLOUD = "cloud"
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
class Platform(str, Enum):
|
|
38
|
-
"""Supported platforms."""
|
|
39
|
-
WINDOWS = "windows"
|
|
40
|
-
LINUX = "linux"
|
|
41
|
-
DARWIN = "darwin"
|
|
42
|
-
MACOS = "macos"
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
class AcquisitionArtifact(AIRBaseModel):
|
|
46
|
-
"""Acquisition artifact model based on API response structure."""
|
|
47
|
-
|
|
48
|
-
name: str
|
|
49
|
-
desc: str = Field(alias="desc")
|
|
50
|
-
type: str = Field(alias="type")
|
|
51
|
-
|
|
52
|
-
# Additional fields for SDK processing
|
|
53
|
-
group: Optional[str] = None
|
|
54
|
-
platform: Optional[str] = None
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
class EDiscoveryPattern(AIRBaseModel):
|
|
58
|
-
"""E-Discovery pattern model based on API response structure."""
|
|
59
|
-
|
|
60
|
-
name: str
|
|
61
|
-
pattern: str
|
|
62
|
-
|
|
63
|
-
# Additional fields for SDK processing
|
|
64
|
-
category: Optional[str] = None
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
class AcquisitionEvidence(AIRBaseModel):
|
|
68
|
-
"""Acquisition evidence model based on API response structure."""
|
|
69
|
-
|
|
70
|
-
name: str
|
|
71
|
-
desc: str = Field(alias="desc")
|
|
72
|
-
type: str = Field(alias="type")
|
|
73
|
-
|
|
74
|
-
# Additional fields for SDK processing
|
|
75
|
-
group: Optional[str] = None
|
|
76
|
-
platform: Optional[str] = None
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
class DroneAnalyzer(AIRBaseModel):
|
|
80
|
-
"""Drone analyzer model with proper field mapping."""
|
|
81
|
-
|
|
82
|
-
id: str = Field(alias="Id")
|
|
83
|
-
name: str = Field(alias="Name")
|
|
84
|
-
default_enabled: bool = Field(alias="DefaultEnabled")
|
|
85
|
-
platforms: List[str] = Field(default=[], alias="Platforms")
|
|
86
|
-
o_ses: List[str] = Field(default=[], alias="OSes")
|
|
87
|
-
|
|
88
|
-
# Computed properties can be added as methods if needed
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
#
|
|
92
|
-
class
|
|
93
|
-
"""
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
1
|
+
"""
|
|
2
|
+
Params API models for the Binalyze AIR SDK.
|
|
3
|
+
"""
|
|
4
|
+
|
|
5
|
+
from typing import List, Optional, Dict, Any
|
|
6
|
+
from enum import Enum
|
|
7
|
+
from pydantic import Field
|
|
8
|
+
|
|
9
|
+
from ..base import AIRBaseModel
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
class ArtifactType(str, Enum):
|
|
13
|
+
"""Acquisition artifact types."""
|
|
14
|
+
FILE = "file"
|
|
15
|
+
REGISTRY = "registry"
|
|
16
|
+
MEMORY = "memory"
|
|
17
|
+
NETWORK = "network"
|
|
18
|
+
PROCESS = "process"
|
|
19
|
+
EVENT_LOG = "event_log"
|
|
20
|
+
PREFETCH = "prefetch"
|
|
21
|
+
BROWSER = "browser"
|
|
22
|
+
SYSTEM = "system"
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
class ArtifactCategory(str, Enum):
|
|
26
|
+
"""Artifact categories."""
|
|
27
|
+
FORENSICS = "forensics"
|
|
28
|
+
MALWARE = "malware"
|
|
29
|
+
NETWORK = "network"
|
|
30
|
+
SYSTEM = "system"
|
|
31
|
+
BROWSER = "browser"
|
|
32
|
+
EMAIL = "email"
|
|
33
|
+
CHAT = "chat"
|
|
34
|
+
CLOUD = "cloud"
|
|
35
|
+
|
|
36
|
+
|
|
37
|
+
class Platform(str, Enum):
|
|
38
|
+
"""Supported platforms."""
|
|
39
|
+
WINDOWS = "windows"
|
|
40
|
+
LINUX = "linux"
|
|
41
|
+
DARWIN = "darwin"
|
|
42
|
+
MACOS = "macos"
|
|
43
|
+
|
|
44
|
+
|
|
45
|
+
class AcquisitionArtifact(AIRBaseModel):
|
|
46
|
+
"""Acquisition artifact model based on API response structure."""
|
|
47
|
+
|
|
48
|
+
name: str
|
|
49
|
+
desc: str = Field(alias="desc")
|
|
50
|
+
type: str = Field(alias="type")
|
|
51
|
+
|
|
52
|
+
# Additional fields for SDK processing
|
|
53
|
+
group: Optional[str] = None
|
|
54
|
+
platform: Optional[str] = None
|
|
55
|
+
|
|
56
|
+
|
|
57
|
+
class EDiscoveryPattern(AIRBaseModel):
|
|
58
|
+
"""E-Discovery pattern model based on API response structure."""
|
|
59
|
+
|
|
60
|
+
name: str
|
|
61
|
+
pattern: str
|
|
62
|
+
|
|
63
|
+
# Additional fields for SDK processing
|
|
64
|
+
category: Optional[str] = None
|
|
65
|
+
|
|
66
|
+
|
|
67
|
+
class AcquisitionEvidence(AIRBaseModel):
|
|
68
|
+
"""Acquisition evidence model based on API response structure."""
|
|
69
|
+
|
|
70
|
+
name: str
|
|
71
|
+
desc: str = Field(alias="desc")
|
|
72
|
+
type: str = Field(alias="type")
|
|
73
|
+
|
|
74
|
+
# Additional fields for SDK processing
|
|
75
|
+
group: Optional[str] = None
|
|
76
|
+
platform: Optional[str] = None
|
|
77
|
+
|
|
78
|
+
|
|
79
|
+
class DroneAnalyzer(AIRBaseModel):
|
|
80
|
+
"""Drone analyzer model with proper field mapping."""
|
|
81
|
+
|
|
82
|
+
id: str = Field(alias="Id")
|
|
83
|
+
name: str = Field(alias="Name")
|
|
84
|
+
default_enabled: bool = Field(alias="DefaultEnabled")
|
|
85
|
+
platforms: List[str] = Field(default=[], alias="Platforms")
|
|
86
|
+
o_ses: List[str] = Field(default=[], alias="OSes")
|
|
87
|
+
|
|
88
|
+
# Computed properties can be added as methods if needed
|
|
89
|
+
|
|
90
|
+
|
|
91
|
+
# MITRE Attack models
|
|
92
|
+
class MitreAttackTactic(AIRBaseModel):
|
|
93
|
+
"""MITRE ATT&CK tactic model."""
|
|
94
|
+
|
|
95
|
+
id: str
|
|
96
|
+
name: str
|
|
97
|
+
url: str
|
|
98
|
+
|
|
99
|
+
|
|
100
|
+
class MitreAttackTechnique(AIRBaseModel):
|
|
101
|
+
"""MITRE ATT&CK technique model."""
|
|
102
|
+
|
|
103
|
+
id: str
|
|
104
|
+
name: str
|
|
105
|
+
url: str
|
|
106
|
+
sub_techniques: Optional[List[str]] = Field(default=[], alias="subTechniques")
|
|
107
|
+
parent_technique: Optional[str] = Field(default=None, alias="parentTechnique")
|
|
108
|
+
|
|
109
|
+
|
|
110
|
+
class MitreAttackResponse(AIRBaseModel):
|
|
111
|
+
"""MITRE ATT&CK response structure - matches actual API response format."""
|
|
112
|
+
|
|
113
|
+
tactics: Dict[str, MitreAttackTactic]
|
|
114
|
+
techniques: Dict[str, MitreAttackTechnique]
|
|
115
|
+
|
|
116
|
+
|
|
117
|
+
# API Response wrapper models for structured responses
|
|
118
|
+
class AcquisitionArtifactGroup(AIRBaseModel):
|
|
119
|
+
"""Group of acquisition artifacts."""
|
|
120
|
+
|
|
121
|
+
group: str
|
|
122
|
+
items: List[AcquisitionArtifact]
|
|
123
|
+
|
|
124
|
+
|
|
125
|
+
class AcquisitionArtifactsResponse(AIRBaseModel):
|
|
126
|
+
"""Full response structure for acquisition artifacts."""
|
|
127
|
+
|
|
128
|
+
windows: List[AcquisitionArtifactGroup] = []
|
|
129
|
+
linux: List[AcquisitionArtifactGroup] = []
|
|
130
|
+
macos: List[AcquisitionArtifactGroup] = []
|
|
131
|
+
aix: List[AcquisitionArtifactGroup] = []
|
|
132
|
+
|
|
133
|
+
|
|
134
|
+
class EDiscoveryCategory(AIRBaseModel):
|
|
135
|
+
"""E-Discovery pattern category."""
|
|
136
|
+
|
|
137
|
+
category: str
|
|
138
|
+
applications: List[EDiscoveryPattern]
|
|
139
|
+
|
|
140
|
+
|
|
141
|
+
class AcquisitionEvidenceGroup(AIRBaseModel):
|
|
142
|
+
"""Group of acquisition evidences."""
|
|
143
|
+
|
|
144
|
+
group: str
|
|
145
|
+
items: List[AcquisitionEvidence]
|
|
146
|
+
|
|
147
|
+
|
|
148
|
+
class AcquisitionEvidencesResponse(AIRBaseModel):
|
|
149
|
+
"""Full response structure for acquisition evidences."""
|
|
150
|
+
|
|
151
|
+
windows: List[AcquisitionEvidenceGroup] = []
|
|
152
|
+
linux: List[AcquisitionEvidenceGroup] = []
|
|
153
|
+
macos: List[AcquisitionEvidenceGroup] = []
|
|
128
154
|
aix: List[AcquisitionEvidenceGroup] = []
|