binalyze-air-sdk 1.0.1__py3-none-any.whl

binalyze_air/models/audit.py

@@ -0,0 +1,273 @@
+"""
+Audit-related data models for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional, Dict, Any
+from datetime import datetime
+from enum import Enum
+
+from ..base import AIRBaseModel, Filter
+
+
+class AuditLevel(str, Enum):
+    """Audit log level."""
+    INFO = "info"
+    WARNING = "warning"
+    ERROR = "error"
+    CRITICAL = "critical"
+
+
+class AuditCategory(str, Enum):
+    """Audit event category."""
+    AUTHENTICATION = "authentication"
+    AUTHORIZATION = "authorization"
+    DATA_ACCESS = "data_access"
+    SYSTEM_CHANGE = "system_change"
+    USER_ACTION = "user_action"
+    API_CALL = "api_call"
+    POLICY_EXECUTION = "policy_execution"
+    TASK_EXECUTION = "task_execution"
+
+
+class AuditAction(str, Enum):
+    """Audit action type."""
+    CREATE = "create"
+    READ = "read"
+    UPDATE = "update"
+    DELETE = "delete"
+    EXECUTE = "execute"
+    LOGIN = "login"
+    LOGOUT = "logout"
+    DOWNLOAD = "download"
+    UPLOAD = "upload"
+
+
+class AuditLog(AIRBaseModel):
+    """Audit log model."""
+    
+    id: str
+    timestamp: datetime
+    user_id: Optional[str] = None
+    username: Optional[str] = None
+    organization_id: int = 0
+    category: AuditCategory
+    action: AuditAction
+    resource_type: str
+    resource_id: Optional[str] = None
+    resource_name: Optional[str] = None
+    level: AuditLevel = AuditLevel.INFO
+    message: str
+    details: Dict[str, Any] = {}
+    ip_address: Optional[str] = None
+    user_agent: Optional[str] = None
+    session_id: Optional[str] = None
+    correlation_id: Optional[str] = None
+    success: bool = True
+    error_code: Optional[str] = None
+    duration: Optional[int] = None  # milliseconds
+    tags: List[str] = []
+
+
+class AuditSummary(AIRBaseModel):
+    """Audit summary model."""
+    
+    organization_id: int
+    date: datetime
+    total_events: int = 0
+    successful_events: int = 0
+    failed_events: int = 0
+    authentication_events: int = 0
+    authorization_events: int = 0
+    data_access_events: int = 0
+    system_change_events: int = 0
+    user_action_events: int = 0
+    api_call_events: int = 0
+    unique_users: int = 0
+    unique_ips: int = 0
+    top_users: List[Dict[str, Any]] = []
+    top_actions: List[Dict[str, Any]] = []
+    error_summary: List[Dict[str, Any]] = []
+
+
+class AuditUserActivity(AIRBaseModel):
+    """User activity audit model."""
+    
+    user_id: str
+    username: str
+    organization_id: int
+    date: datetime
+    login_count: int = 0
+    action_count: int = 0
+    failed_login_count: int = 0
+    last_login: Optional[datetime] = None
+    last_action: Optional[datetime] = None
+    unique_ips: List[str] = []
+    actions_by_category: Dict[str, int] = {}
+    risk_score: float = 0.0
+
+
+class AuditSystemEvent(AIRBaseModel):
+    """System event audit model."""
+    
+    id: str
+    timestamp: datetime
+    event_type: str
+    severity: AuditLevel
+    component: str
+    message: str
+    details: Dict[str, Any] = {}
+    organization_id: int = 0
+    resolved: bool = False
+    resolved_by: Optional[str] = None
+    resolved_at: Optional[datetime] = None
+
+
+class AuditLogsFilter(Filter):
+    """Filter for audit logs queries - matches NEW API specification exactly (POST with JSON body)."""
+    
+    # Search and identification
+    search_term: Optional[str] = None
+    name: Optional[str] = None
+    
+    # Audit log specific filters
+    type: Optional[str] = None  # audit log type filter (changed from List[str] to str)
+    performed_by: Optional[str] = None  # user who performed the action
+    endpoint_name: Optional[str] = None  # endpoint name filter
+    
+    # NEW PARAMETERS from updated API spec
+    event_source: Optional[str] = None  # NEW: event source filter
+    occurred_at: Optional[str] = None  # NEW: timestamp filter
+    data_filter: Optional[str] = None  # NEW: data filtering capability
+    
+    # Organization parameters - changed to single int instead of list
+    organization_ids: Optional[int] = None  # Changed from List[int] to int (API expects single number)
+    all_organizations: Optional[bool] = None  # true/false
+    
+    def to_json_body(self) -> Dict[str, Any]:
+        """Convert filter to JSON body for POST request - NEW API FORMAT."""
+        body = {}
+        
+        # Pagination parameters (top level in body)
+        if self.page_number is not None:
+            body["pageNumber"] = self.page_number
+        if self.page_size is not None:
+            body["pageSize"] = self.page_size
+        if self.sort_by is not None:
+            body["sortBy"] = self.sort_by
+        if self.sort_type is not None:
+            body["sortType"] = self.sort_type
+        
+        # Filter object (nested in body)
+        filter_obj = {}
+        
+        if self.search_term is not None:
+            filter_obj["searchTerm"] = self.search_term
+        if self.name is not None:
+            filter_obj["name"] = self.name
+        if self.type is not None:
+            filter_obj["type"] = self.type
+        if self.performed_by is not None:
+            filter_obj["performedBy"] = self.performed_by
+        if self.endpoint_name is not None:
+            filter_obj["endpointName"] = self.endpoint_name
+        
+        # NEW PARAMETERS
+        if self.event_source is not None:
+            filter_obj["eventSource"] = self.event_source
+        if self.occurred_at is not None:
+            filter_obj["occurredAt"] = self.occurred_at
+        if self.data_filter is not None:
+            filter_obj["dataFilter"] = self.data_filter
+        
+        # Organization parameters
+        if self.organization_ids is not None:
+            filter_obj["organizationIds"] = self.organization_ids
+        if self.all_organizations is not None:
+            filter_obj["allOrganizations"] = self.all_organizations
+        
+        # Only add filter object if it has content
+        if filter_obj:
+            body["filter"] = filter_obj
+        
+        return body
+    
+    def to_params(self) -> Dict[str, Any]:
+        """DEPRECATED: Convert filter to query parameters - kept for backward compatibility."""
+        # Keep the old method for backward compatibility but mark as deprecated
+        import warnings
+        warnings.warn(
+            "to_params() is deprecated for audit logs. Use to_json_body() for new POST-based API.",
+            DeprecationWarning,
+            stacklevel=2
+        )
+        
+        params = {}
+        
+        # Pagination parameters (not in filter namespace) - only if set
+        if self.page_number is not None:
+            params["pageNumber"] = self.page_number
+        if self.page_size is not None:
+            params["pageSize"] = self.page_size
+        if self.sort_by is not None:
+            params["sortBy"] = self.sort_by
+        if self.sort_type is not None:
+            params["sortType"] = self.sort_type
+        
+        # Add audit-specific filter parameters (use API field names)
+        if self.search_term is not None:
+            params["filter[searchTerm]"] = self.search_term
+        if self.name is not None:
+            params["filter[name]"] = self.name
+        if self.type is not None:
+            params["filter[type]"] = self.type
+        if self.performed_by is not None:
+            params["filter[performedBy]"] = self.performed_by
+        if self.endpoint_name is not None:
+            params["filter[endpointName]"] = self.endpoint_name
+        if self.organization_ids is not None:
+            params["filter[organizationIds]"] = str(self.organization_ids)
+        if self.all_organizations is not None:
+            params["filter[allOrganizations]"] = "true" if self.all_organizations else "false"
+        
+        return params
+
+
+class AuditFilter(Filter):
+    """Filter for audit queries."""
+    
+    user_id: Optional[str] = None
+    username: Optional[str] = None
+    category: Optional[List[AuditCategory]] = None
+    action: Optional[List[AuditAction]] = None
+    level: Optional[List[AuditLevel]] = None
+    resource_type: Optional[str] = None
+    resource_id: Optional[str] = None
+    ip_address: Optional[str] = None
+    success: Optional[bool] = None
+    start_date: Optional[datetime] = None
+    end_date: Optional[datetime] = None
+    tags: Optional[List[str]] = None
+    correlation_id: Optional[str] = None
+
+
+class AuditExportRequest(AIRBaseModel):
+    """Request model for exporting audit logs."""
+    
+    filter_params: AuditFilter
+    format: str = "json"  # json, csv, excel
+    include_details: bool = True
+    organization_ids: List[int] = []
+
+
+class AuditRetentionPolicy(AIRBaseModel):
+    """Audit retention policy model."""
+    
+    organization_id: int
+    retention_days: int = 365
+    auto_archive: bool = True
+    archive_location: Optional[str] = None
+    compress_archives: bool = True
+    delete_after_archive: bool = False
+    created_at: Optional[datetime] = None
+    updated_at: Optional[datetime] = None
+    created_by: str 

binalyze_air/models/authentication.py

@@ -0,0 +1,70 @@
+"""
+Authentication-related data models for the Binalyze AIR SDK.
+"""
+
+from typing import Optional, List, Dict, Any
+from datetime import datetime
+from pydantic import Field
+
+from ..base import AIRBaseModel
+
+
+class UserProfile(AIRBaseModel):
+    """User profile information."""
+    name: Optional[str] = None
+    surname: Optional[str] = None
+    department: Optional[str] = None
+
+
+class UserRole(AIRBaseModel):
+    """User role information."""
+    id: Optional[str] = Field(alias="_id", default=None)
+    name: str
+    tag: str
+    created_at: Optional[str] = Field(alias="createdAt", default=None)
+    updated_at: Optional[str] = Field(alias="updatedAt", default=None)
+    created_by: Optional[str] = Field(alias="createdBy", default=None)
+    privilege_types: List[str] = Field(alias="privilegeTypes", default_factory=list)
+
+
+class User(AIRBaseModel):
+    """User model."""
+    
+    id: str = Field(alias="_id")
+    username: str
+    email: str
+    organization_ids: Optional[str] = Field(alias="organizationIds", default=None)  # Can be "ALL"
+    strategy: Optional[str] = None
+    profile: Optional[UserProfile] = None
+    privileges: List[str] = Field(default_factory=list)
+    roles: List[UserRole] = Field(default_factory=list)
+    tfa_enabled: bool = Field(alias="tfaEnabled", default=False)
+    created_at: Optional[str] = Field(alias="createdAt", default=None)
+    updated_at: Optional[str] = Field(alias="updatedAt", default=None)
+    has_password: bool = Field(alias="hasPassword", default=False)
+    photo: Optional[str] = None
+    groups: List[Any] = Field(default_factory=list)
+    user_flow_user_signature: Optional[str] = Field(alias="userFlowUserSignature", default=None)
+    user_flow_group_signature: Optional[str] = Field(alias="userFlowGroupSignature", default=None)
+
+
+class AuthStatus(AIRBaseModel):
+    """Authentication status model - matches actual API response."""
+    
+    # The API doesn't return authenticated field, we derive it from success
+    authenticated: bool = True  # Default to True since if we get a response, we're authenticated
+    user: Optional[User] = None
+    
+
+class LoginRequest(AIRBaseModel):
+    """Login request model."""
+    
+    username: str
+    password: str
+
+
+class LoginResponse(AIRBaseModel):
+    """Login response model."""
+    
+    access_token: str = Field(alias="accessToken")
+    refresh_token: str = Field(alias="refreshToken") 

binalyze_air/models/auto_asset_tags.py

@@ -0,0 +1,117 @@
+"""
+Auto Asset Tags-related data models for the Binalyze AIR SDK.
+"""
+
+from typing import Optional, List, Dict, Any
+from datetime import datetime
+from pydantic import Field
+from pydantic import ConfigDict
+
+from ..base import AIRBaseModel, Filter
+
+
+class AutoAssetTag(AIRBaseModel):
+    """Auto asset tag model."""
+    
+    id: str = Field(alias="_id")
+    tag: str
+    linux_conditions: Optional[Dict[str, Any]] = Field(alias="linuxConditions", default=None)
+    windows_conditions: Optional[Dict[str, Any]] = Field(alias="windowsConditions", default=None)
+    macos_conditions: Optional[Dict[str, Any]] = Field(alias="macosConditions", default=None)
+    organization_ids: Optional[List[int]] = Field(alias="organizationIds", default_factory=list)
+    created_at: Optional[datetime] = Field(alias="createdAt", default=None)
+    updated_at: Optional[datetime] = Field(alias="updatedAt", default=None)
+    created_by: Optional[str] = Field(alias="createdBy", default=None)
+    updated_by: Optional[str] = Field(alias="updatedBy", default=None)
+
+
+class CreateAutoAssetTagRequest(AIRBaseModel):
+    """Create auto asset tag request model."""
+    
+    model_config = ConfigDict(populate_by_name=True)
+    
+    tag: str
+    linux_conditions: Optional[Dict[str, Any]] = Field(default=None, alias="linuxConditions")
+    windows_conditions: Optional[Dict[str, Any]] = Field(default=None, alias="windowsConditions")
+    macos_conditions: Optional[Dict[str, Any]] = Field(default=None, alias="macosConditions")
+    organization_ids: List[int] = Field(default_factory=list, alias="organizationIds")
+
+
+class UpdateAutoAssetTagRequest(AIRBaseModel):
+    """Update auto asset tag request model."""
+    
+    model_config = ConfigDict(populate_by_name=True)
+    
+    tag: Optional[str] = None
+    linux_conditions: Optional[Dict[str, Any]] = Field(default=None, alias="linuxConditions")
+    windows_conditions: Optional[Dict[str, Any]] = Field(default=None, alias="windowsConditions")
+    macos_conditions: Optional[Dict[str, Any]] = Field(default=None, alias="macosConditions")
+
+
+class StartTaggingRequest(AIRBaseModel):
+    """Start tagging process request model."""
+    
+    filter: Dict[str, Any]
+    schedulerConfig: Dict[str, Any]
+
+
+class TaggingResult(AIRBaseModel):
+    """Tagging process result model."""
+    
+    taskId: str
+    message: str
+    processedTags: int
+    affectedAssets: int
+
+
+class TaggingTask(AIRBaseModel):
+    """Individual tagging task result from start tagging API."""
+    
+    task_id: str = Field(alias="_id")
+    name: str = Field(alias="name")
+
+
+class TaggingResponse(AIRBaseModel):
+    """Response from start tagging API containing list of tasks."""
+    
+    tasks: List[TaggingTask] = []
+    
+    @classmethod
+    def from_api_result(cls, result_list: List[Dict[str, Any]]) -> 'TaggingResponse':
+        """Create TaggingResponse from API result list."""
+        if not isinstance(result_list, list):
+            raise ValueError("API result must be a list")
+        
+        tasks = [TaggingTask(**task) for task in result_list]
+        return cls(tasks=tasks)
+    
+    @property
+    def task_count(self) -> int:
+        """Get the number of tasks created."""
+        return len(self.tasks)
+    
+    def get_task_ids(self) -> List[str]:
+        """Get list of all task IDs."""
+        return [task.task_id for task in self.tasks]
+
+
+class AutoAssetTagFilter(Filter):
+    """Filter for auto asset tag queries."""
+    
+    tag: Optional[str] = None
+    organization_ids: Optional[List[int]] = None
+    search_term: Optional[str] = None
+    
+    def to_params(self) -> Dict[str, Any]:
+        """Convert filter to API parameters with proper field name mapping."""
+        params = super().to_params()
+        
+        # Convert organization_ids to organizationIds for API compatibility
+        if "filter[organization_ids]" in params:
+            params["filter[organizationIds]"] = params.pop("filter[organization_ids]")
+        
+        # Convert search_term to searchTerm for API compatibility
+        if "filter[search_term]" in params:
+            params["filter[searchTerm]"] = params.pop("filter[search_term]")
+            
+        return params 

binalyze_air/models/baseline.py

@@ -0,0 +1,232 @@
+"""
+Baseline-related data models for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional, Dict, Any
+from datetime import datetime
+from enum import Enum
+from pydantic import Field
+
+from ..base import AIRBaseModel, Filter
+
+
+class BaselineStatus(str, Enum):
+    """Baseline status."""
+    ACTIVE = "active"
+    INACTIVE = "inactive"
+    CREATING = "creating"
+    FAILED = "failed"
+
+
+class BaselineType(str, Enum):
+    """Baseline type."""
+    SYSTEM = "system"
+    SECURITY = "security"
+    CUSTOM = "custom"
+    COMPLIANCE = "compliance"
+
+
+class ComparisonStatus(str, Enum):
+    """Comparison status."""
+    PENDING = "pending"
+    RUNNING = "running"
+    COMPLETED = "completed"
+    FAILED = "failed"
+
+
+class ChangeType(str, Enum):
+    """Type of change detected."""
+    ADDED = "added"
+    REMOVED = "removed"
+    MODIFIED = "modified"
+    MOVED = "moved"
+
+
+class BaselineItem(AIRBaseModel):
+    """Individual baseline item."""
+    
+    id: str
+    path: str
+    item_type: str  # file, registry, service, process, etc.
+    hash: Optional[str] = None
+    size: Optional[int] = None
+    permissions: Optional[str] = None
+    owner: Optional[str] = None
+    created_at: Optional[datetime] = None
+    modified_at: Optional[datetime] = None
+    attributes: Dict[str, Any] = {}
+    metadata: Dict[str, Any] = {}
+
+
+class Baseline(AIRBaseModel):
+    """Baseline model."""
+    
+    id: str = Field(alias="_id")
+    name: str
+    description: Optional[str] = None
+    type: BaselineType
+    status: BaselineStatus = BaselineStatus.CREATING
+    endpoint_id: str = Field(alias="endpointId")
+    endpoint_name: str = Field(alias="endpointName")
+    organization_id: int = Field(default=0, alias="organizationId")
+    created_at: Optional[datetime] = Field(default=None, alias="createdAt")
+    updated_at: Optional[datetime] = Field(default=None, alias="updatedAt")
+    created_by: str = Field(alias="createdBy")
+    item_count: int = Field(default=0, alias="itemCount")
+    file_count: int = Field(default=0, alias="fileCount")
+    registry_count: int = Field(default=0, alias="registryCount")
+    service_count: int = Field(default=0, alias="serviceCount")
+    process_count: int = Field(default=0, alias="processCount")
+    network_connection_count: int = Field(default=0, alias="networkConnectionCount")
+    tags: List[str] = []
+    profile_id: Optional[str] = Field(default=None, alias="profileId")
+    profile_name: Optional[str] = Field(default=None, alias="profileName")
+    last_comparison: Optional[datetime] = Field(default=None, alias="lastComparison")
+    comparison_count: int = Field(default=0, alias="comparisonCount")
+
+
+class BaselineProfile(AIRBaseModel):
+    """Baseline profile model."""
+    
+    id: str = Field(alias="_id")
+    name: str
+    description: Optional[str] = None
+    organization_id: int = Field(default=0, alias="organizationId")
+    include_files: bool = Field(default=True, alias="includeFiles")
+    include_registry: bool = Field(default=True, alias="includeRegistry")
+    include_services: bool = Field(default=True, alias="includeServices")
+    include_processes: bool = Field(default=False, alias="includeProcesses")
+    include_network: bool = Field(default=False, alias="includeNetwork")
+    file_patterns: List[str] = Field(default=[], alias="filePatterns")
+    exclude_patterns: List[str] = Field(default=[], alias="excludePatterns")
+    registry_keys: List[str] = Field(default=[], alias="registryKeys")
+    custom_checks: List[Dict[str, Any]] = Field(default=[], alias="customChecks")
+    created_at: Optional[datetime] = Field(default=None, alias="createdAt")
+    updated_at: Optional[datetime] = Field(default=None, alias="updatedAt")
+    created_by: str = Field(alias="createdBy")
+    is_default: bool = Field(default=False, alias="isDefault")
+    usage_count: int = Field(default=0, alias="usageCount")
+
+
+class BaselineChange(AIRBaseModel):
+    """Baseline change detection model."""
+    
+    id: str = Field(alias="_id")
+    comparison_id: str = Field(alias="comparisonId")
+    change_type: ChangeType = Field(alias="changeType")
+    item_type: str = Field(alias="itemType")
+    path: str
+    old_value: Optional[Dict[str, Any]] = Field(default=None, alias="oldValue")
+    new_value: Optional[Dict[str, Any]] = Field(default=None, alias="newValue")
+    severity: str = "medium"  # low, medium, high, critical
+    category: str
+    description: str
+    detected_at: datetime = Field(alias="detectedAt")
+    risk_score: float = Field(default=0.0, alias="riskScore")
+
+
+class BaselineComparison(AIRBaseModel):
+    """Baseline comparison result model."""
+    
+    id: str = Field(alias="_id")
+    baseline_id: str = Field(alias="baselineId")
+    baseline_name: str = Field(alias="baselineName")
+    endpoint_id: str = Field(alias="endpointId")
+    endpoint_name: str = Field(alias="endpointName")
+    status: ComparisonStatus
+    started_at: Optional[datetime] = Field(default=None, alias="startedAt")
+    completed_at: Optional[datetime] = Field(default=None, alias="completedAt")
+    duration: Optional[int] = None  # seconds
+    total_changes: int = Field(default=0, alias="totalChanges")
+    added_items: int = Field(default=0, alias="addedItems")
+    removed_items: int = Field(default=0, alias="removedItems")
+    modified_items: int = Field(default=0, alias="modifiedItems")
+    moved_items: int = Field(default=0, alias="movedItems")
+    high_risk_changes: int = Field(default=0, alias="highRiskChanges")
+    medium_risk_changes: int = Field(default=0, alias="mediumRiskChanges")
+    low_risk_changes: int = Field(default=0, alias="lowRiskChanges")
+    changes: List[BaselineChange] = []
+    organization_id: int = Field(default=0, alias="organizationId")
+    triggered_by: str = Field(alias="triggeredBy")
+    error_message: Optional[str] = Field(default=None, alias="errorMessage")
+
+
+class BaselineSchedule(AIRBaseModel):
+    """Baseline comparison schedule model."""
+    
+    id: str = Field(alias="_id")
+    baseline_id: str = Field(alias="baselineId")
+    name: str
+    enabled: bool = True
+    frequency: str  # daily, weekly, monthly
+    time_of_day: str = Field(alias="timeOfDay")  # HH:MM format
+    day_of_week: Optional[int] = Field(default=None, alias="dayOfWeek")  # 0-6, Monday=0
+    day_of_month: Optional[int] = Field(default=None, alias="dayOfMonth")  # 1-31
+    next_run: Optional[datetime] = Field(default=None, alias="nextRun")
+    last_run: Optional[datetime] = Field(default=None, alias="lastRun")
+    created_at: Optional[datetime] = Field(default=None, alias="createdAt")
+    created_by: str = Field(alias="createdBy")
+    notification_enabled: bool = Field(default=True, alias="notificationEnabled")
+    notification_threshold: int = Field(default=10, alias="notificationThreshold")  # minimum changes to notify
+
+
+class BaselineFilter(Filter):
+    """Filter for baseline queries."""
+    
+    name: Optional[str] = None
+    type: Optional[List[BaselineType]] = None
+    status: Optional[List[BaselineStatus]] = None
+    endpoint_id: Optional[str] = None
+    endpoint_name: Optional[str] = None
+    created_by: Optional[str] = None
+    tags: Optional[List[str]] = None
+    profile_id: Optional[str] = None
+    has_recent_comparison: Optional[bool] = None
+
+
+class CreateBaselineRequest(AIRBaseModel):
+    """Request model for creating a baseline."""
+    
+    name: str
+    description: Optional[str] = None
+    type: BaselineType = BaselineType.SYSTEM
+    endpoint_id: str
+    profile_id: Optional[str] = None
+    tags: List[str] = []
+    organization_id: int = 0
+
+
+class UpdateBaselineRequest(AIRBaseModel):
+    """Request model for updating a baseline."""
+    
+    name: Optional[str] = None
+    description: Optional[str] = None
+    status: Optional[BaselineStatus] = None
+    tags: Optional[List[str]] = None
+
+
+class CreateBaselineProfileRequest(AIRBaseModel):
+    """Request model for creating a baseline profile."""
+    
+    name: str
+    description: Optional[str] = None
+    include_files: bool = True
+    include_registry: bool = True
+    include_services: bool = True
+    include_processes: bool = False
+    include_network: bool = False
+    file_patterns: List[str] = []
+    exclude_patterns: List[str] = []
+    registry_keys: List[str] = []
+    custom_checks: List[Dict[str, Any]] = []
+    organization_id: int = 0
+
+
+class CompareBaselineRequest(AIRBaseModel):
+    """Request model for comparing baselines."""
+    
+    baseline_id: str
+    endpoint_ids: Optional[List[str]] = None  # If None, use baseline's endpoint
+    profile_id: Optional[str] = None  # Override baseline's profile
+    include_low_risk: bool = True
+    generate_report: bool = True