binalyze-air-sdk 1.0.1__py3-none-any.whl

binalyze_air/models/settings.py

@@ -0,0 +1,84 @@
+"""
+Settings API models for the Binalyze AIR SDK.
+"""
+
+from typing import Optional, Dict, Any
+from datetime import datetime
+from enum import Enum
+from pydantic import Field
+
+from ..base import AIRBaseModel
+
+
+class BannerType(str, Enum):
+    """Banner types."""
+    INFO = "info"
+    WARNING = "warning"
+    ERROR = "error"
+    SUCCESS = "success"
+    MAINTENANCE = "maintenance"
+
+
+class BannerPosition(str, Enum):
+    """Banner display positions."""
+    TOP = "top"
+    BOTTOM = "bottom"
+    CENTER = "center"
+
+
+class BannerSettings(AIRBaseModel):
+    """Banner settings model."""
+    
+    id: Optional[str] = None
+    enabled: bool = False
+    title: Optional[str] = None
+    message: str
+    banner_type: BannerType = BannerType.INFO
+    position: BannerPosition = BannerPosition.TOP
+    dismissible: bool = True
+    auto_dismiss: bool = False
+    auto_dismiss_timeout: Optional[int] = None  # seconds
+    show_from: Optional[datetime] = None
+    show_until: Optional[datetime] = None
+    background_color: Optional[str] = None
+    text_color: Optional[str] = None
+    border_color: Optional[str] = None
+    icon: Optional[str] = None
+    link_url: Optional[str] = None
+    link_text: Optional[str] = None
+    target_roles: Optional[list[str]] = None
+    target_organizations: Optional[list[int]] = None
+    created_by: Optional[str] = None
+    created_at: Optional[datetime] = None
+    updated_at: Optional[datetime] = None
+    organization_id: Optional[int] = None
+
+
+class UpdateBannerSettingsRequest(AIRBaseModel):
+    """Request model for updating banner settings with proper API field mapping."""
+    
+    enabled: Optional[bool] = None
+    title: Optional[str] = None
+    message: Optional[str] = None
+    # API expects these exact field names - use aliases to map from Python names to API names
+    users_can_dismiss: Optional[bool] = Field(default=None, alias="usersCanDismiss")
+    color: Optional[str] = None  # API expects: general, info, maintenance, warning, alert
+    display_time_type: Optional[str] = Field(default=None, alias="displayTimeType")  # always or scheduled
+    schedule_times: Optional[Dict[str, Any]] = Field(default=None, alias="scheduleTimes")
+    
+    # Legacy/additional fields (may not be used by current API)
+    banner_type: Optional[BannerType] = None
+    position: Optional[BannerPosition] = None
+    dismissible: Optional[bool] = None
+    auto_dismiss: Optional[bool] = None
+    auto_dismiss_timeout: Optional[int] = None
+    show_from: Optional[datetime] = None
+    show_until: Optional[datetime] = None
+    background_color: Optional[str] = None
+    text_color: Optional[str] = None
+    border_color: Optional[str] = None
+    icon: Optional[str] = None
+    link_url: Optional[str] = None
+    link_text: Optional[str] = None
+    target_roles: Optional[list[str]] = None
+    target_organizations: Optional[list[int]] = None 

binalyze_air/models/tasks.py

@@ -0,0 +1,149 @@
+"""
+Task-related data models for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional, Dict, Any
+from datetime import datetime
+from enum import Enum
+from pydantic import Field
+
+from ..base import AIRBaseModel, Filter
+
+
+class TaskStatus(str, Enum):
+    """Task status."""
+    PENDING = "pending"
+    RUNNING = "running"
+    COMPLETED = "completed"
+    FAILED = "failed"
+    CANCELLED = "cancelled"
+
+
+class TaskType(str, Enum):
+    """Task type."""
+    ACQUISITION = "acquisition"
+    TRIAGE = "triage"
+    ISOLATION = "isolation"
+    REBOOT = "reboot"
+    SHUTDOWN = "shutdown"
+    IMAGE_ACQUISITION = "image-acquisition"
+
+
+class NetworkCaptureConfig(AIRBaseModel):
+    """Network capture configuration."""
+    
+    enabled: bool = False
+    duration: int = 60
+    pcap: Optional[Dict[str, bool]] = None
+    network_flow: Optional[Dict[str, bool]] = Field(default=None, alias="networkFlow")
+
+
+class PlatformEvidenceConfig(AIRBaseModel):
+    """Platform-specific evidence configuration."""
+    
+    evidence_types: List[str] = Field(default=[], alias="evidenceTypes")
+    custom: List[Any] = []
+    network_capture: Optional[NetworkCaptureConfig] = Field(default=None, alias="networkCapture")
+
+
+class SaveLocationConfig(AIRBaseModel):
+    """Save location configuration."""
+    
+    location: str
+    path: str
+    use_most_free_volume: bool = Field(default=False, alias="useMostFreeVolume")
+    volume: str = ""
+    tmp: str = ""
+
+
+class CompressionConfig(AIRBaseModel):
+    """Compression configuration."""
+    
+    enabled: bool = False
+    encryption: Optional[Dict[str, Any]] = None
+
+
+class TaskConfig(AIRBaseModel):
+    """Task configuration."""
+    
+    choice: Optional[str] = None
+    save_to: Optional[Dict[str, SaveLocationConfig]] = Field(default=None, alias="saveTo")
+    cpu: Optional[Dict[str, int]] = None
+    compression: Optional[CompressionConfig] = None
+
+
+class DroneConfig(AIRBaseModel):
+    """Drone (analysis) configuration."""
+    
+    min_score: int = Field(default=0, alias="minScore")
+    auto_pilot: bool = Field(default=False, alias="autoPilot")
+    enabled: bool = False
+    analyzers: List[str] = []
+    keywords: List[str] = []
+
+
+class TaskData(AIRBaseModel):
+    """Task data containing configuration."""
+    
+    profile_id: Optional[str] = Field(default=None, alias="profileId")
+    profile_name: Optional[str] = Field(default=None, alias="profileName")
+    windows: Optional[PlatformEvidenceConfig] = None
+    linux: Optional[PlatformEvidenceConfig] = None
+    config: Optional[TaskConfig] = None
+    drone: Optional[DroneConfig] = None
+
+
+class TaskAssignment(AIRBaseModel):
+    """Task assignment model representing a task assigned to a specific endpoint."""
+    
+    id: str = Field(alias="_id")
+    task_id: str = Field(alias="taskId")
+    name: str
+    type: str
+    endpoint_id: str = Field(alias="endpointId")
+    endpoint_name: str = Field(alias="endpointName")
+    organization_id: int = Field(default=0, alias="organizationId")
+    status: str
+    recurrence: Optional[str] = None
+    progress: int = 0
+    duration: Optional[int] = None
+    durations: Optional[Dict[str, int]] = None
+    case_ids: List[str] = Field(default=[], alias="caseIds")
+    metadata: Optional[Dict[str, Any]] = None
+    created_at: Optional[datetime] = Field(default=None, alias="createdAt")
+    created_by: Optional[str] = Field(default=None, alias="createdBy")
+    updated_at: Optional[datetime] = Field(default=None, alias="updatedAt")
+    response: Optional[Dict[str, Any]] = None
+
+
+class Task(AIRBaseModel):
+    """Task model with proper field aliases for API mapping."""
+    
+    id: str = Field(alias="_id")
+    source: Optional[str] = None
+    total_assigned_endpoints: int = Field(default=0, alias="totalAssignedEndpoints")
+    total_completed_endpoints: int = Field(default=0, alias="totalCompletedEndpoints")
+    total_failed_endpoints: int = Field(default=0, alias="totalFailedEndpoints")
+    total_cancelled_endpoints: int = Field(default=0, alias="totalCancelledEndpoints")
+    is_scheduled: bool = Field(default=False, alias="isScheduled")
+    name: str
+    type: str
+    organization_id: int = Field(default=0, alias="organizationId")
+    status: str
+    created_by: str = Field(alias="createdBy")
+    base_task_id: Optional[str] = Field(default=None, alias="baseTaskId")
+    start_date: Optional[datetime] = Field(default=None, alias="startDate")
+    recurrence: Optional[str] = None
+    created_at: Optional[datetime] = Field(default=None, alias="createdAt")
+    updated_at: Optional[datetime] = Field(default=None, alias="updatedAt")
+    data: Optional[TaskData] = None
+
+
+class TaskFilter(Filter):
+    """Filter for task queries."""
+    
+    name: Optional[str] = None
+    type: Optional[List[str]] = None
+    status: Optional[List[str]] = None
+    created_by: Optional[str] = None
+    is_scheduled: Optional[bool] = None 

binalyze_air/models/triage.py

@@ -0,0 +1,143 @@
+"""
+Triage-related data models for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional, Dict, Any
+from datetime import datetime
+from enum import Enum
+
+from ..base import AIRBaseModel, Filter
+
+
+class TriageStatus(str, Enum):
+    """Triage status."""
+    PENDING = "pending"
+    PROCESSING = "processing"
+    COMPLETED = "completed"
+    FAILED = "failed"
+
+
+class TriageSeverity(str, Enum):
+    """Triage severity level."""
+    LOW = "low"
+    MEDIUM = "medium"
+    HIGH = "high"
+    CRITICAL = "critical"
+
+
+class TriageRuleType(str, Enum):
+    """Triage rule type."""
+    YARA = "yara"
+    SIGMA = "sigma"
+    OSQUERY = "osquery"
+    REGEX = "regex"
+    HASH = "hash"
+    CUSTOM = "custom"
+
+
+class TriageTag(AIRBaseModel):
+    """Triage tag model."""
+    
+    id: str
+    name: str
+    description: Optional[str] = None
+    color: str = "#3498db"
+    created_at: Optional[datetime] = None
+    created_by: str
+    organization_id: int = 0
+    usage_count: int = 0
+
+
+class TriageRule(AIRBaseModel):
+    """Triage rule model."""
+    
+    id: str
+    name: str
+    description: Optional[str] = None
+    type: TriageRuleType
+    rule_content: str
+    enabled: bool = True
+    severity: TriageSeverity = TriageSeverity.MEDIUM
+    tags: List[str] = []
+    search_in: Optional[str] = None
+    organization_id: int = 0
+    organization_ids: List[int] = []
+    created_at: Optional[datetime] = None
+    updated_at: Optional[datetime] = None
+    created_by: str
+    updated_by: Optional[str] = None
+    match_count: int = 0
+    last_match: Optional[datetime] = None
+    deletable: Optional[bool] = None
+
+
+class TriageProfile(AIRBaseModel):
+    """Triage profile model."""
+    
+    id: str
+    name: str
+    description: Optional[str] = None
+    rules: List[str] = []  # Rule IDs
+    auto_apply: bool = False
+    organization_id: int = 0
+    created_at: Optional[datetime] = None
+    updated_at: Optional[datetime] = None
+    created_by: str
+    updated_by: Optional[str] = None
+    usage_count: int = 0
+
+
+class TriageFilter(Filter):
+    """Filter for triage queries."""
+    
+    rule_name: Optional[str] = None
+    rule_type: Optional[List[TriageRuleType]] = None
+    severity: Optional[List[TriageSeverity]] = None
+    status: Optional[List[TriageStatus]] = None
+    tags: Optional[List[str]] = None
+    endpoint_id: Optional[str] = None
+    task_id: Optional[str] = None
+    created_by: Optional[str] = None
+    enabled: Optional[bool] = None
+
+
+class CreateTriageRuleRequest(AIRBaseModel):
+    """Request model for creating a triage rule."""
+    
+    name: str
+    description: Optional[str] = None
+    type: TriageRuleType
+    rule_content: str
+    severity: TriageSeverity = TriageSeverity.MEDIUM
+    tags: List[str] = []
+    organization_id: int = 0
+
+
+class UpdateTriageRuleRequest(AIRBaseModel):
+    """Request model for updating a triage rule."""
+    
+    name: Optional[str] = None
+    description: Optional[str] = None
+    rule_content: Optional[str] = None
+    enabled: Optional[bool] = None
+    severity: Optional[TriageSeverity] = None
+    tags: Optional[List[str]] = None
+
+
+class CreateTriageTagRequest(AIRBaseModel):
+    """Request model for creating a triage tag."""
+    
+    name: str
+    description: Optional[str] = None
+    color: str = "#3498db"
+    organization_id: int = 0
+
+
+class CreateTriageProfileRequest(AIRBaseModel):
+    """Request model for creating a triage profile."""
+    
+    name: str
+    description: Optional[str] = None
+    rules: List[str] = []  # Rule IDs
+    auto_apply: bool = False
+    organization_id: int = 0 

binalyze_air/models/user_management.py

@@ -0,0 +1,97 @@
+"""
+User Management-related data models for the Binalyze AIR SDK.
+"""
+
+from typing import Optional, List, Dict, Any
+from datetime import datetime
+
+from ..base import AIRBaseModel, Filter
+
+
+class UserManagementUser(AIRBaseModel):
+    """User management user model."""
+    
+    id: str
+    username: str
+    email: str
+    firstName: Optional[str] = None
+    lastName: Optional[str] = None
+    organizationId: int
+    role: Optional[str] = None
+    isActive: bool = True
+    createdAt: Optional[datetime] = None
+    updatedAt: Optional[datetime] = None
+
+
+class CreateUserRequest(AIRBaseModel):
+    """Create user request model."""
+    
+    username: str
+    email: str
+    password: str
+    firstName: Optional[str] = None
+    lastName: Optional[str] = None
+    organizationId: int
+    role: Optional[str] = None
+
+
+class UpdateUserRequest(AIRBaseModel):
+    """Update user request model."""
+    
+    username: Optional[str] = None
+    email: Optional[str] = None
+    firstName: Optional[str] = None
+    lastName: Optional[str] = None
+    role: Optional[str] = None
+    isActive: Optional[bool] = None
+
+
+class AIUser(AIRBaseModel):
+    """AI user model."""
+    
+    id: str
+    name: str
+    description: Optional[str] = None
+    capabilities: List[str] = []
+    organizationId: int
+    isActive: bool = True
+
+
+class CreateAIUserRequest(AIRBaseModel):
+    """Create AI user request model."""
+    
+    name: str
+    description: Optional[str] = None
+    capabilities: List[str] = []
+    organizationId: int
+
+
+class APIUser(AIRBaseModel):
+    """API user model."""
+    
+    id: str
+    name: str
+    description: Optional[str] = None
+    permissions: List[str] = []
+    organizationId: int
+    apiKey: Optional[str] = None
+    isActive: bool = True
+
+
+class CreateAPIUserRequest(AIRBaseModel):
+    """Create API user request model."""
+    
+    name: str
+    description: Optional[str] = None
+    permissions: List[str] = []
+    organizationId: int
+
+
+class UserFilter(Filter):
+    """Filter for user queries."""
+    
+    username: Optional[str] = None
+    email: Optional[str] = None
+    role: Optional[str] = None
+    organizationId: Optional[int] = None
+    isActive: Optional[bool] = None 

binalyze_air/models/users.py

@@ -0,0 +1,82 @@
+"""
+Users-related data models for the Binalyze AIR SDK.
+"""
+
+from typing import Optional, List, Dict, Any, Union
+from datetime import datetime
+from pydantic import Field
+
+from ..base import AIRBaseModel, Filter
+
+
+class User(AIRBaseModel):
+    """User model."""
+    
+    id: str = Field(alias="_id")
+    username: str
+    email: str
+    organization_ids: Optional[Union[List[int], str]] = Field(default=None, alias="organizationIds")
+    strategy: Optional[str] = None
+    profile: Optional[Dict[str, str]] = None
+    tfa_enabled: Optional[bool] = Field(default=False, alias="tfaEnabled")
+    first_name: Optional[str] = Field(default=None, alias="firstName")
+    last_name: Optional[str] = Field(default=None, alias="lastName")
+    organization_id: Optional[int] = Field(default=None, alias="organizationId")
+    role: Optional[str] = None
+    is_active: bool = Field(default=True, alias="isActive")
+    created_at: Optional[datetime] = Field(default=None, alias="createdAt")
+    updated_at: Optional[datetime] = Field(default=None, alias="updatedAt")
+
+
+class CreateUserRequest(AIRBaseModel):
+    """Create user request model."""
+    
+    username: str
+    email: str
+    password: str
+    firstName: Optional[str] = None
+    lastName: Optional[str] = None
+    organizationId: int
+    role: Optional[str] = None
+
+
+class UpdateUserRequest(AIRBaseModel):
+    """Update user request model."""
+    
+    username: Optional[str] = None
+    email: Optional[str] = None
+    firstName: Optional[str] = None
+    lastName: Optional[str] = None
+    role: Optional[str] = None
+    isActive: Optional[bool] = None
+
+
+class APIUser(AIRBaseModel):
+    """API user model."""
+    
+    id: str
+    name: str
+    description: Optional[str] = None
+    permissions: List[str] = []
+    organizationId: int
+    apiKey: Optional[str] = None
+    isActive: bool = True
+
+
+class CreateAPIUserRequest(AIRBaseModel):
+    """Create API user request model."""
+    
+    name: str
+    description: Optional[str] = None
+    permissions: List[str] = []
+    organizationId: int
+
+
+class UserFilter(Filter):
+    """Filter for user queries."""
+    
+    username: Optional[str] = None
+    email: Optional[str] = None
+    role: Optional[str] = None
+    organizationId: Optional[int] = None
+    isActive: Optional[bool] = None 

binalyze_air/queries/__init__.py

@@ -0,0 +1,134 @@
+"""
+Query implementations for the Binalyze AIR SDK (CQRS pattern).
+"""
+
+from .assets import (
+    ListAssetsQuery,
+    GetAssetQuery,
+    GetAssetTasksQuery,
+)
+from .cases import (
+    ListCasesQuery,
+    GetCaseQuery,
+    GetCaseActivitiesQuery,
+    GetCaseEndpointsQuery,
+    GetCaseTasksQuery,
+    GetCaseUsersQuery,
+    CheckCaseNameQuery,
+)
+from .tasks import (
+    ListTasksQuery,
+    GetTaskQuery,
+)
+from .acquisitions import (
+    ListAcquisitionProfilesQuery,
+    GetAcquisitionProfileQuery,
+)
+from .policies import (
+    ListPoliciesQuery,
+    GetPolicyQuery,
+    GetPolicyAssignmentsQuery,
+    GetPolicyExecutionsQuery,
+)
+from .organizations import (
+    ListOrganizationsQuery,
+    GetOrganizationQuery,
+    GetOrganizationUsersQuery,
+    GetOrganizationRolesQuery,
+    GetOrganizationLicensesQuery,
+    GetOrganizationSettingsQuery,
+)
+from .triage import (
+    ListTriageRulesQuery,
+    GetTriageRuleQuery,
+    GetTriageResultsQuery,
+    GetTriageMatchesQuery,
+    ListTriageTagsQuery,
+    ListTriageProfilesQuery,
+    GetTriageProfileQuery,
+)
+from .audit import (
+    ListAuditLogsQuery,
+    GetAuditLogQuery,
+    GetAuditSummaryQuery,
+    GetUserActivityQuery,
+    GetSystemEventsQuery,
+    GetAuditRetentionPolicyQuery,
+    ExportAuditLogsQuery,
+)
+from .baseline import (
+    ListBaselinesQuery,
+    GetBaselineQuery,
+    GetBaselineComparisonsQuery,
+    GetBaselineComparisonQuery,
+    ListBaselineProfilesQuery,
+    GetBaselineProfileQuery,
+    GetBaselineSchedulesQuery,
+)
+
+# TODO: Add imports when implementing other endpoints
+
+__all__ = [
+    # Asset queries
+    "ListAssetsQuery",
+    "GetAssetQuery", 
+    "GetAssetTasksQuery",
+    
+    # Case queries
+    "ListCasesQuery",
+    "GetCaseQuery",
+    "GetCaseActivitiesQuery",
+    "GetCaseEndpointsQuery",
+    "GetCaseTasksQuery",
+    "GetCaseUsersQuery",
+    "CheckCaseNameQuery",
+    
+    # Task queries
+    "ListTasksQuery",
+    "GetTaskQuery",
+    
+    # Acquisition queries
+    "ListAcquisitionProfilesQuery",
+    "GetAcquisitionProfileQuery",
+    
+    # Policy queries
+    "ListPoliciesQuery",
+    "GetPolicyQuery",
+    "GetPolicyAssignmentsQuery",
+    "GetPolicyExecutionsQuery",
+    
+    # Organization queries
+    "ListOrganizationsQuery",
+    "GetOrganizationQuery",
+    "GetOrganizationUsersQuery",
+    "GetOrganizationRolesQuery",
+    "GetOrganizationLicensesQuery",
+    "GetOrganizationSettingsQuery",
+    
+    # Triage queries
+    "ListTriageRulesQuery",
+    "GetTriageRuleQuery",
+    "GetTriageResultsQuery",
+    "GetTriageMatchesQuery",
+    "ListTriageTagsQuery",
+    "ListTriageProfilesQuery",
+    "GetTriageProfileQuery",
+    
+    # Audit queries
+    "ListAuditLogsQuery",
+    "GetAuditLogQuery",
+    "GetAuditSummaryQuery",
+    "GetUserActivityQuery",
+    "GetSystemEventsQuery",
+    "GetAuditRetentionPolicyQuery",
+    "ExportAuditLogsQuery",
+    
+    # Baseline queries
+    "ListBaselinesQuery",
+    "GetBaselineQuery",
+    "GetBaselineComparisonsQuery",
+    "GetBaselineComparisonQuery",
+    "ListBaselineProfilesQuery",
+    "GetBaselineProfileQuery",
+    "GetBaselineSchedulesQuery",
+]