binalyze-air-sdk 1.0.1__py3-none-any.whl

binalyze_air/models/organizations.py

@@ -0,0 +1,294 @@
+"""
+Organization-related data models for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional, Dict, Any, Union
+from datetime import datetime
+from enum import Enum
+from pydantic import Field
+
+from ..base import AIRBaseModel, Filter
+
+
+class OrganizationStatus(str, Enum):
+    """Organization status."""
+    ACTIVE = "active"
+    SUSPENDED = "suspended"
+    INACTIVE = "inactive"
+
+
+class UserRoleType(str, Enum):
+    """User role type in organization."""
+    ADMIN = "admin"
+    USER = "user"
+    VIEWER = "viewer"
+    ANALYST = "analyst"
+
+
+class FilterOption(AIRBaseModel):
+    """Filter option model for API response metadata."""
+    
+    name: str
+    type: str  # text, select, etc.
+    options: List[Any] = []
+    filter_url: Optional[str] = Field(default=None, alias="filterUrl")
+
+
+class Organization(AIRBaseModel):
+    """Organization model with complete field mapping."""
+    
+    id: int = Field(alias="_id")
+    name: str
+    note: Optional[str] = None
+    owner: Optional[str] = None
+    is_default: bool = Field(default=False, alias="isDefault")
+    shareable_deployment_enabled: bool = Field(default=True, alias="shareableDeploymentEnabled")
+    deployment_token: Optional[str] = Field(default=None, alias="deploymentToken")
+    contact: Dict[str, Any] = {}
+    total_endpoints: int = Field(default=0, alias="totalEndpoints")
+    tags: List[str] = []
+    statistics: Optional[Dict[str, Any]] = None  # Organization statistics
+    created_at: Optional[datetime] = Field(default=None, alias="createdAt")
+    updated_at: Optional[datetime] = Field(default=None, alias="updatedAt")
+
+
+class UserProfile(AIRBaseModel):
+    """User profile information."""
+    
+    name: Optional[str] = None
+    surname: Optional[str] = None
+    department: Optional[str] = None
+
+
+class UserGroup(AIRBaseModel):
+    """User group information."""
+    
+    id: str
+    name: str
+    organization_ids: List[int] = Field(default=[], alias="organizationIds")
+
+
+class UserRole(AIRBaseModel):
+    """User role information with full privileges."""
+    
+    id: str = Field(alias="_id")
+    name: str
+    tag: str
+    created_by: str = Field(alias="createdBy")
+    privileges: List[str] = []
+    privilege_types: List[str] = Field(default=[], alias="privilegeTypes")
+    created_at: Optional[datetime] = Field(default=None, alias="createdAt")
+    updated_at: Optional[datetime] = Field(default=None, alias="updatedAt")
+
+
+class OrganizationUser(AIRBaseModel):
+    """Enhanced organization user model with complete field mapping."""
+    
+    # Core fields
+    id: str = Field(alias="_id")
+    email: str
+    username: str
+    strategy: Optional[str] = None
+    
+    # Profile information
+    profile: Optional[UserProfile] = None
+    
+    # Role and permission information
+    roles: List[UserRole] = []
+    groups: List[UserGroup] = []
+    
+    # Organization and permission data
+    organization_ids: Optional[Union[str, List[int]]] = Field(default=None, alias="organizationIds")  # Can be "ALL" or list
+    
+    # Boolean flags
+    has_password: bool = Field(default=False, alias="hasPassword")
+    tfa_enabled: bool = Field(default=False, alias="tfaEnabled")
+    is_authorized_for_all_organizations: bool = Field(default=False, alias="isAuthorizedForAllOrganizations")
+    is_global_admin: bool = Field(default=False, alias="isGlobalAdmin")
+    is_organization_admin: bool = Field(default=False, alias="isOrganizationAdmin")
+    is_not_in_organizations: bool = Field(default=False, alias="isNotInOrganizations")
+    
+    # Timestamps
+    created_at: Optional[datetime] = Field(default=None, alias="createdAt")
+    updated_at: Optional[datetime] = Field(default=None, alias="updatedAt")
+    
+    # Legacy fields for backward compatibility
+    first_name: Optional[str] = None
+    last_name: Optional[str] = None
+    role: Optional[str] = None
+    organization_id: Optional[int] = None
+    last_login: Optional[datetime] = None
+    is_active: bool = True
+    permissions: List[str] = []
+
+
+class OrganizationUsersPaginatedResponse(AIRBaseModel):
+    """Complete paginated response for organization users endpoint."""
+    
+    entities: List[OrganizationUser]
+    filters: List[FilterOption] = []
+    sortables: List[str] = []
+    total_entity_count: int = Field(default=0, alias="totalEntityCount")
+    current_page: int = Field(default=1, alias="currentPage")
+    page_size: int = Field(default=10, alias="pageSize")
+    previous_page: int = Field(default=0, alias="previousPage")
+    total_page_count: int = Field(default=1, alias="totalPageCount")
+    next_page: int = Field(default=2, alias="nextPage")
+
+
+class OrganizationRole(AIRBaseModel):
+    """Organization role model."""
+    
+    id: str
+    name: str
+    description: Optional[str] = None
+    organization_id: int
+    permissions: List[str] = []
+    created_at: Optional[datetime] = None
+    updated_at: Optional[datetime] = None
+    created_by: Optional[str] = None
+    is_system: bool = False
+    user_count: int = 0
+
+
+class OrganizationLicense(AIRBaseModel):
+    """Organization license model."""
+    
+    id: str
+    organization_id: int
+    license_type: str
+    total_licenses: int = 0
+    used_licenses: int = 0
+    valid_from: Optional[datetime] = None
+    valid_until: Optional[datetime] = None
+    features: List[str] = []
+    is_active: bool = True
+
+
+class OrganizationSettings(AIRBaseModel):
+    """Organization settings model."""
+    
+    organization_id: int
+    retention_policy: Dict[str, Any] = {}
+    security_settings: Dict[str, Any] = {}
+    notification_settings: Dict[str, Any] = {}
+    api_settings: Dict[str, Any] = {}
+    custom_settings: Dict[str, Any] = {}
+
+
+class OrganizationFilter(Filter):
+    """Filter for organization queries with complete parameter support."""
+    
+    name: Optional[str] = None
+    search_term: Optional[str] = None
+    
+    def to_params(self) -> Dict[str, Any]:
+        """Convert filter to API parameters."""
+        params = {}
+        if self.name:
+            params["filter[name]"] = self.name
+        if self.search_term:
+            params["filter[searchTerm]"] = self.search_term
+        return params
+
+
+class OrganizationsPaginatedResponse(AIRBaseModel):
+    """Complete paginated response for organizations list endpoint."""
+    
+    entities: List[Organization]
+    filters: List[FilterOption] = []
+    sortables: List[str] = []
+    total_entity_count: int = Field(default=0, alias="totalEntityCount")
+    current_page: int = Field(default=1, alias="currentPage")
+    page_size: int = Field(default=10, alias="pageSize")
+    previous_page: int = Field(default=0, alias="previousPage")
+    total_page_count: int = Field(default=1, alias="totalPageCount")
+    next_page: int = Field(default=2, alias="nextPage")
+
+
+# Request models for organization operations
+class CreateOrganizationRequest(AIRBaseModel):
+    """Create organization request model with complete field mapping."""
+    
+    name: str
+    shareable_deployment_enabled: bool = Field(default=True, alias="shareableDeploymentEnabled")
+    note: Optional[str] = None
+    contact: Optional[Dict[str, Any]] = None
+    tags: Optional[List[str]] = None
+
+
+class UpdateOrganizationRequest(AIRBaseModel):
+    """Update organization request model with complete field mapping."""
+    
+    name: Optional[str] = None
+    note: Optional[str] = None
+    owner: Optional[str] = None  # Added missing owner field
+    contact: Optional[Dict[str, Any]] = None
+    tags: Optional[List[str]] = None
+
+
+class AddUserToOrganizationRequest(AIRBaseModel):
+    """Add user to organization request model."""
+    
+    user_id: str
+    email: str
+    username: str
+    role: Optional[str] = None
+
+
+class AssignUsersToOrganizationRequest(AIRBaseModel):
+    """Assign multiple users to organization request model."""
+    
+    user_ids: List[str] = Field(alias="userIds")
+
+
+class AddTagsToOrganizationRequest(AIRBaseModel):
+    """Add tags to organization request model."""
+    
+    tags: List[str]
+
+
+class DeleteTagsFromOrganizationRequest(AIRBaseModel):
+    """Delete tags from organization request model."""
+    
+    tags: List[str]
+
+
+class UpdateShareableDeploymentSettingsRequest(AIRBaseModel):
+    """Update shareable deployment settings request model."""
+    
+    status: bool
+
+
+class UpdateDeploymentTokenRequest(AIRBaseModel):
+    """Update deployment token request model."""
+    
+    # Empty request body - the API generates a new token automatically
+    pass
+
+
+class CheckOrganizationNameExistsResponse(AIRBaseModel):
+    """Response model for checking if organization name exists."""
+    
+    success: bool
+    result: bool
+    status_code: int = Field(alias="statusCode")
+    errors: List[str] = []
+
+
+class ShareableDeploymentInfoResponse(AIRBaseModel):
+    """Response model for shareable deployment information."""
+    
+    success: bool
+    result: Optional[Dict[str, Any]] = None
+    status_code: int = Field(alias="statusCode")
+    errors: List[str] = []
+
+
+class DeploymentTokenUpdateResponse(AIRBaseModel):
+    """Response model for deployment token update."""
+    
+    success: bool
+    result: Optional[Dict[str, str]] = None  # Contains new token
+    status_code: int = Field(alias="statusCode")
+    errors: List[str] = [] 

binalyze_air/models/params.py

@@ -0,0 +1,128 @@
+"""
+Params API models for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional, Dict, Any
+from enum import Enum
+from pydantic import Field
+
+from ..base import AIRBaseModel
+
+
+class ArtifactType(str, Enum):
+    """Acquisition artifact types."""
+    FILE = "file"
+    REGISTRY = "registry"
+    MEMORY = "memory"
+    NETWORK = "network"
+    PROCESS = "process"
+    EVENT_LOG = "event_log"
+    PREFETCH = "prefetch"
+    BROWSER = "browser"
+    SYSTEM = "system"
+
+
+class ArtifactCategory(str, Enum):
+    """Artifact categories."""
+    FORENSICS = "forensics"
+    MALWARE = "malware"
+    NETWORK = "network"
+    SYSTEM = "system"
+    BROWSER = "browser"
+    EMAIL = "email"
+    CHAT = "chat"
+    CLOUD = "cloud"
+
+
+class Platform(str, Enum):
+    """Supported platforms."""
+    WINDOWS = "windows"
+    LINUX = "linux"
+    DARWIN = "darwin"
+    MACOS = "macos"
+
+
+class AcquisitionArtifact(AIRBaseModel):
+    """Acquisition artifact model based on API response structure."""
+    
+    name: str
+    desc: str = Field(alias="desc")
+    type: str = Field(alias="type")
+    
+    # Additional fields for SDK processing
+    group: Optional[str] = None
+    platform: Optional[str] = None
+
+
+class EDiscoveryPattern(AIRBaseModel):
+    """E-Discovery pattern model based on API response structure."""
+    
+    name: str
+    pattern: str
+    
+    # Additional fields for SDK processing  
+    category: Optional[str] = None
+
+
+class AcquisitionEvidence(AIRBaseModel):
+    """Acquisition evidence model based on API response structure."""
+    
+    name: str
+    desc: str = Field(alias="desc")
+    type: str = Field(alias="type")
+    
+    # Additional fields for SDK processing
+    group: Optional[str] = None
+    platform: Optional[str] = None
+
+
+class DroneAnalyzer(AIRBaseModel):
+    """Drone analyzer model with proper field mapping."""
+    
+    id: str = Field(alias="Id")
+    name: str = Field(alias="Name")
+    default_enabled: bool = Field(alias="DefaultEnabled")
+    platforms: List[str] = Field(default=[], alias="Platforms")
+    o_ses: List[str] = Field(default=[], alias="OSes")
+    
+    # Computed properties can be added as methods if needed
+
+
+# API Response wrapper models for structured responses
+class AcquisitionArtifactGroup(AIRBaseModel):
+    """Group of acquisition artifacts."""
+    
+    group: str
+    items: List[AcquisitionArtifact]
+
+
+class AcquisitionArtifactsResponse(AIRBaseModel):
+    """Full response structure for acquisition artifacts."""
+    
+    windows: List[AcquisitionArtifactGroup] = []
+    linux: List[AcquisitionArtifactGroup] = []
+    macos: List[AcquisitionArtifactGroup] = []
+    aix: List[AcquisitionArtifactGroup] = []
+
+
+class EDiscoveryCategory(AIRBaseModel):
+    """E-Discovery pattern category."""
+    
+    category: str
+    applications: List[EDiscoveryPattern]
+
+
+class AcquisitionEvidenceGroup(AIRBaseModel):
+    """Group of acquisition evidences."""
+    
+    group: str  
+    items: List[AcquisitionEvidence]
+
+
+class AcquisitionEvidencesResponse(AIRBaseModel):
+    """Full response structure for acquisition evidences."""
+    
+    windows: List[AcquisitionEvidenceGroup] = []
+    linux: List[AcquisitionEvidenceGroup] = []
+    macos: List[AcquisitionEvidenceGroup] = []
+    aix: List[AcquisitionEvidenceGroup] = [] 

binalyze_air/models/policies.py

@@ -0,0 +1,250 @@
+"""
+Policy-related data models for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional, Dict, Any
+from datetime import datetime
+from enum import Enum
+from pydantic import Field
+
+from ..base import AIRBaseModel, Filter, PaginatedResponse
+
+
+class PolicyType(str, Enum):
+    """Policy type."""
+    ACQUISITION = "acquisition"
+    SECURITY = "security"
+    COMPLIANCE = "compliance"
+    CUSTOM = "custom"
+
+
+class PolicyStatus(str, Enum):
+    """Policy status."""
+    ACTIVE = "active"
+    INACTIVE = "inactive"
+    DRAFT = "draft"
+
+
+class PolicyCondition(AIRBaseModel):
+    """Policy condition model based on API structure."""
+    
+    # For leaf conditions
+    field: Optional[str] = None
+    operator: Optional[str] = None
+    value: Optional[Any] = None
+    
+    # For nested conditions (when this is a group)
+    conditions: Optional[List['PolicyCondition']] = None
+
+
+class PolicyAction(AIRBaseModel):
+    """Policy action model."""
+    
+    type: str
+    parameters: Dict[str, Any] = {}
+    enabled: bool = True
+
+
+class PolicyRule(AIRBaseModel):
+    """Policy rule model."""
+    
+    id: str
+    name: str
+    description: Optional[str] = None
+    conditions: List[PolicyCondition] = []
+    actions: List[PolicyAction] = []
+    enabled: bool = True
+    priority: int = 0
+
+
+class PolicyFilterStructure(AIRBaseModel):
+    """Policy filter model based on API structure."""
+    
+    operator: str
+    conditions: List[PolicyCondition]
+
+
+class PolicyCpuSettings(AIRBaseModel):
+    """Policy CPU settings."""
+    
+    limit: int
+
+
+class PolicySaveToSettings(AIRBaseModel):
+    """Policy save-to settings for a platform."""
+    
+    location: str
+    path: Optional[str] = None
+    repository_id: Optional[str] = Field(default=None, alias="repositoryId")
+    use_most_free_volume: bool = Field(default=True, alias="useMostFreeVolume")
+    volume: Optional[str] = None
+    tmp: Optional[str] = None
+
+
+class PolicySaveTo(AIRBaseModel):
+    """Policy save-to settings for all platforms."""
+    
+    windows: Optional[PolicySaveToSettings] = None
+    linux: Optional[PolicySaveToSettings] = None
+    macos: Optional[PolicySaveToSettings] = None
+
+
+class PolicyEncryption(AIRBaseModel):
+    """Policy encryption settings."""
+    
+    enabled: bool
+    password: Optional[str] = None
+
+
+class PolicyCompression(AIRBaseModel):
+    """Policy compression settings."""
+    
+    enabled: bool
+    encryption: Optional[PolicyEncryption] = None
+
+
+class PolicySendTo(AIRBaseModel):
+    """Policy send-to settings."""
+    
+    location: str
+    repository_id: Optional[str] = Field(default=None, alias="repositoryId")
+
+
+class Policy(AIRBaseModel):
+    """Policy model based on API response structure."""
+    
+    id: str = Field(alias="_id")
+    name: str
+    organization_ids: List[int] = Field(default=[], alias="organizationIds")
+    default: Optional[bool] = None
+    order: Optional[int] = None
+    created_by: Optional[str] = Field(default=None, alias="createdBy")
+    updated_at: Optional[datetime] = Field(default=None, alias="updatedAt")
+    
+    # Policy configuration
+    filter: Optional[PolicyFilterStructure] = None
+    cpu: Optional[PolicyCpuSettings] = None
+    save_to: Optional[PolicySaveTo] = Field(default=None, alias="saveTo")
+    send_to: Optional[PolicySendTo] = Field(default=None, alias="sendTo")
+    compression: Optional[PolicyCompression] = None
+    
+    # Optional fields that may be present
+    bandwidth: Optional[Dict[str, Any]] = None
+    disk_space: Optional[Dict[str, Any]] = Field(default=None, alias="diskSpace")
+    triage_local_drives_only: Optional[Dict[str, Any]] = Field(default=None, alias="triageLocalDrivesOnly")
+    isolation_allowed_ips: Optional[List[str]] = Field(default=None, alias="isolationAllowedIps")
+    isolation_allowed_processes: Optional[List[str]] = Field(default=None, alias="isolationAllowedProcesses")
+
+
+class PolicyPriority(AIRBaseModel):
+    """Policy priority update model."""
+    
+    id: str = Field(alias="_id")
+    order: int
+
+
+class PolicyMatchStats(AIRBaseModel):
+    """Policy match statistics model."""
+    
+    total_matches: int = Field(alias="totalMatches")
+    policy_matches: List[Dict[str, Any]] = Field(default=[], alias="policyMatches")
+
+
+class PolicyAssignment(AIRBaseModel):
+    """Policy assignment model."""
+    
+    id: str
+    policy_id: str
+    endpoint_id: str
+    assigned_at: Optional[datetime] = None
+    assigned_by: str
+    status: str = "active"
+
+
+class PolicyExecution(AIRBaseModel):
+    """Policy execution result model."""
+    
+    id: str
+    policy_id: str
+    endpoint_id: str
+    executed_at: Optional[datetime] = None
+    status: str
+    result: Dict[str, Any] = {}
+    errors: List[str] = []
+    duration: Optional[int] = None
+
+
+class CreatePolicyRequest(AIRBaseModel):
+    """Request model for creating a policy."""
+    
+    name: str
+    organization_ids: List[int] = Field(alias="organizationIds")
+    filter: PolicyFilterStructure
+    cpu: PolicyCpuSettings
+    save_to: PolicySaveTo = Field(alias="saveTo")
+    send_to: PolicySendTo = Field(alias="sendTo")
+    compression: PolicyCompression
+    
+    # Optional fields
+    bandwidth: Optional[Dict[str, Any]] = None
+    disk_space: Optional[Dict[str, Any]] = Field(default=None, alias="diskSpace")
+    triage_local_drives_only: Optional[Dict[str, Any]] = Field(default=None, alias="triageLocalDrivesOnly")
+    isolation_allowed_ips: Optional[List[str]] = Field(default=None, alias="isolationAllowedIps")
+    isolation_allowed_processes: Optional[List[str]] = Field(default=None, alias="isolationAllowedProcesses")
+
+
+class UpdatePolicyRequest(AIRBaseModel):
+    """Request model for updating a policy."""
+    
+    name: Optional[str] = None
+    organization_ids: Optional[List[int]] = Field(default=None, alias="organizationIds")
+    filter: Optional[PolicyFilterStructure] = None
+    cpu: Optional[PolicyCpuSettings] = None
+    save_to: Optional[PolicySaveTo] = Field(default=None, alias="saveTo")
+    send_to: Optional[PolicySendTo] = Field(default=None, alias="sendTo")
+    compression: Optional[PolicyCompression] = None
+    
+    # Optional fields
+    bandwidth: Optional[Dict[str, Any]] = None
+    disk_space: Optional[Dict[str, Any]] = Field(default=None, alias="diskSpace")
+    triage_local_drives_only: Optional[Dict[str, Any]] = Field(default=None, alias="triageLocalDrivesOnly")
+    isolation_allowed_ips: Optional[List[str]] = Field(default=None, alias="isolationAllowedIps")
+    isolation_allowed_processes: Optional[List[str]] = Field(default=None, alias="isolationAllowedProcesses")
+
+
+class UpdatePoliciesPrioritiesRequest(AIRBaseModel):
+    """Request model for updating policy priorities."""
+    
+    policies: List[PolicyPriority]
+
+
+class PolicyFilter(Filter):
+    """Filter for policy queries."""
+    
+    organization_ids: Optional[List[int]] = None
+    
+    def to_params(self) -> Dict[str, Any]:
+        """Convert filter to query parameters."""
+        params = {}
+        if self.organization_ids:
+            params["filter[organizationIds]"] = ",".join(map(str, self.organization_ids))
+        return params
+
+
+class PoliciesPaginatedResponse(PaginatedResponse[Policy]):
+    """Paginated response for policies."""
+    
+    # Add field aliases for pagination fields
+    total_entity_count: int = Field(alias="totalEntityCount")
+    current_page: int = Field(alias="currentPage")
+    page_size: int = Field(alias="pageSize")
+    total_page_count: int = Field(alias="totalPageCount")
+
+
+class AssignPolicyRequest(AIRBaseModel):
+    """Request model for assigning policy to endpoints."""
+    
+    policy_id: str
+    endpoint_ids: List[str] = []
+    organization_ids: List[int] = []
+    filter_params: Optional[Dict[str, Any]] = None