PyPI - binalyze-air-sdk - Versions diffs - 1.0.2__py3-none-any.whl → 1.0.3__py3-none-any.whl - Mend

binalyze-air-sdk 1.0.2py3-none-any.whl → 1.0.3py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (142) hide show

binalyze_air/__init__.py +77 -77
binalyze_air/apis/__init__.py +67 -27
binalyze_air/apis/acquisitions.py +107 -0
binalyze_air/apis/api_tokens.py +49 -0
binalyze_air/apis/assets.py +161 -0
binalyze_air/apis/audit_logs.py +26 -0
binalyze_air/apis/{authentication.py → auth.py} +29 -27
binalyze_air/apis/auto_asset_tags.py +79 -75
binalyze_air/apis/backup.py +177 -0
binalyze_air/apis/baseline.py +46 -0
binalyze_air/apis/cases.py +225 -0
binalyze_air/apis/cloud_forensics.py +116 -0
binalyze_air/apis/event_subscription.py +96 -96
binalyze_air/apis/evidence.py +249 -53
binalyze_air/apis/interact.py +153 -36
binalyze_air/apis/investigation_hub.py +234 -0
binalyze_air/apis/license.py +104 -0
binalyze_air/apis/logger.py +83 -0
binalyze_air/apis/multipart_upload.py +201 -0
binalyze_air/apis/notifications.py +115 -0
binalyze_air/apis/organizations.py +267 -0
binalyze_air/apis/params.py +44 -39
binalyze_air/apis/policies.py +186 -0
binalyze_air/apis/preset_filters.py +79 -0
binalyze_air/apis/recent_activities.py +71 -0
binalyze_air/apis/relay_server.py +104 -0
binalyze_air/apis/settings.py +395 -27
binalyze_air/apis/tasks.py +80 -0
binalyze_air/apis/triage.py +197 -0
binalyze_air/apis/user_management.py +183 -74
binalyze_air/apis/webhook_executions.py +50 -0
binalyze_air/apis/webhooks.py +322 -230
binalyze_air/base.py +207 -133
binalyze_air/client.py +217 -1337
binalyze_air/commands/__init__.py +175 -145
binalyze_air/commands/acquisitions.py +661 -387
binalyze_air/commands/api_tokens.py +55 -0
binalyze_air/commands/assets.py +324 -362
binalyze_air/commands/{authentication.py → auth.py} +36 -36
binalyze_air/commands/auto_asset_tags.py +230 -230
binalyze_air/commands/backup.py +47 -0
binalyze_air/commands/baseline.py +32 -396
binalyze_air/commands/cases.py +609 -602
binalyze_air/commands/cloud_forensics.py +88 -0
binalyze_air/commands/event_subscription.py +101 -101
binalyze_air/commands/evidences.py +918 -988
binalyze_air/commands/interact.py +172 -58
binalyze_air/commands/investigation_hub.py +315 -0
binalyze_air/commands/license.py +183 -0
binalyze_air/commands/logger.py +126 -0
binalyze_air/commands/multipart_upload.py +363 -0
binalyze_air/commands/notifications.py +45 -0
binalyze_air/commands/organizations.py +200 -221
binalyze_air/commands/policies.py +175 -203
binalyze_air/commands/preset_filters.py +55 -0
binalyze_air/commands/recent_activities.py +32 -0
binalyze_air/commands/relay_server.py +144 -0
binalyze_air/commands/settings.py +431 -29
binalyze_air/commands/tasks.py +95 -56
binalyze_air/commands/triage.py +224 -360
binalyze_air/commands/user_management.py +351 -126
binalyze_air/commands/webhook_executions.py +77 -0
binalyze_air/config.py +244 -244
binalyze_air/exceptions.py +49 -49
binalyze_air/http_client.py +426 -305
binalyze_air/models/__init__.py +287 -285
binalyze_air/models/acquisitions.py +365 -250
binalyze_air/models/api_tokens.py +73 -0
binalyze_air/models/assets.py +438 -438
binalyze_air/models/audit.py +247 -272
binalyze_air/models/audit_logs.py +14 -0
binalyze_air/models/{authentication.py → auth.py} +69 -69
binalyze_air/models/auto_asset_tags.py +227 -116
binalyze_air/models/backup.py +138 -0
binalyze_air/models/baseline.py +231 -231
binalyze_air/models/cases.py +275 -275
binalyze_air/models/cloud_forensics.py +145 -0
binalyze_air/models/event_subscription.py +170 -171
binalyze_air/models/evidence.py +65 -65
binalyze_air/models/evidences.py +367 -348
binalyze_air/models/interact.py +266 -135
binalyze_air/models/investigation_hub.py +265 -0
binalyze_air/models/license.py +150 -0
binalyze_air/models/logger.py +83 -0
binalyze_air/models/multipart_upload.py +352 -0
binalyze_air/models/notifications.py +138 -0
binalyze_air/models/organizations.py +293 -293
binalyze_air/models/params.py +153 -127
binalyze_air/models/policies.py +260 -249
binalyze_air/models/preset_filters.py +79 -0
binalyze_air/models/recent_activities.py +70 -0
binalyze_air/models/relay_server.py +121 -0
binalyze_air/models/settings.py +538 -84
binalyze_air/models/tasks.py +215 -149
binalyze_air/models/triage.py +141 -142
binalyze_air/models/user_management.py +200 -97
binalyze_air/models/webhook_executions.py +33 -0
binalyze_air/queries/__init__.py +121 -133
binalyze_air/queries/acquisitions.py +155 -155
binalyze_air/queries/api_tokens.py +46 -0
binalyze_air/queries/assets.py +186 -105
binalyze_air/queries/audit.py +400 -416
binalyze_air/queries/{authentication.py → auth.py} +55 -55
binalyze_air/queries/auto_asset_tags.py +59 -59
binalyze_air/queries/backup.py +66 -0
binalyze_air/queries/baseline.py +21 -185
binalyze_air/queries/cases.py +292 -292
binalyze_air/queries/cloud_forensics.py +137 -0
binalyze_air/queries/event_subscription.py +54 -54
binalyze_air/queries/evidence.py +139 -139
binalyze_air/queries/evidences.py +279 -279
binalyze_air/queries/interact.py +140 -28
binalyze_air/queries/investigation_hub.py +329 -0
binalyze_air/queries/license.py +85 -0
binalyze_air/queries/logger.py +58 -0
binalyze_air/queries/multipart_upload.py +180 -0
binalyze_air/queries/notifications.py +71 -0
binalyze_air/queries/organizations.py +222 -222
binalyze_air/queries/params.py +154 -115
binalyze_air/queries/policies.py +149 -149
binalyze_air/queries/preset_filters.py +60 -0
binalyze_air/queries/recent_activities.py +44 -0
binalyze_air/queries/relay_server.py +42 -0
binalyze_air/queries/settings.py +533 -20
binalyze_air/queries/tasks.py +125 -81
binalyze_air/queries/triage.py +230 -230
binalyze_air/queries/user_management.py +193 -83
binalyze_air/queries/webhook_executions.py +39 -0
binalyze_air_sdk-1.0.3.dist-info/METADATA +752 -0
binalyze_air_sdk-1.0.3.dist-info/RECORD +132 -0
{binalyze_air_sdk-1.0.2.dist-info → binalyze_air_sdk-1.0.3.dist-info}/WHEEL +1 -1
binalyze_air/apis/endpoints.py +0 -22
binalyze_air/apis/evidences.py +0 -216
binalyze_air/apis/users.py +0 -68
binalyze_air/commands/users.py +0 -101
binalyze_air/models/endpoints.py +0 -76
binalyze_air/models/users.py +0 -82
binalyze_air/queries/endpoints.py +0 -25
binalyze_air/queries/users.py +0 -69
binalyze_air_sdk-1.0.2.dist-info/METADATA +0 -706
binalyze_air_sdk-1.0.2.dist-info/RECORD +0 -82
{binalyze_air_sdk-1.0.2.dist-info → binalyze_air_sdk-1.0.3.dist-info}/top_level.txt +0 -0

binalyze_air/commands/acquisitions.py CHANGED Viewed

@@ -1,387 +1,661 @@
-"""
-Acquisition-related commands for the Binalyze AIR SDK.
-Fixed to match API documentation exactly.
-"""
-from typing import List, Dict, Any
-from ..base import Command
-from ..models.acquisitions import (
-    AcquisitionTaskRequest, ImageAcquisitionTaskRequest, CreateAcquisitionProfileRequest,
-    CreateAcquisitionRequest, CreateImageAcquisitionRequest
-)
-from ..models.assets import AssetFilter
-from ..http_client import HTTPClient
-class AssignAcquisitionTaskCommand(Command[List[Dict[str, Any]]]):
-    """Command to assign acquisition task - FIXED to match API documentation exactly."""
-    def __init__(self, http_client: HTTPClient, request: AcquisitionTaskRequest):
-        self.http_client = http_client
-        self.request = request
-    def execute(self) -> List[Dict[str, Any]]:
-        """Execute the acquisition task assignment with correct payload structure."""
-        # FIXED: Use proper API payload structure as per documentation
-        payload = {
-            "caseId": self.request.case_id,
-            "acquisitionProfileId": self.request.acquisition_profile_id,
-            "droneConfig": {
-                "autoPilot": self.request.drone_config.auto_pilot if self.request.drone_config else False,
-                "enabled": self.request.drone_config.enabled if self.request.drone_config else False,
-                "analyzers": self.request.drone_config.analyzers if self.request.drone_config else ["bha", "wsa", "aa", "ara"],
-                "keywords": self.request.drone_config.keywords if self.request.drone_config else []
-            },
-            "taskConfig": {
-                "choice": self.request.task_config.choice if self.request.task_config else "use-custom-options",
-                "saveTo": {
-                    "windows": {
-                        "location": "local",
-                        "useMostFreeVolume": True,
-                        "repositoryId": None,
-                        "path": "Binalyze\\AIR\\",
-                        "volume": "C:",
-                        "tmp": "Binalyze\\AIR\\tmp",
-                        "directCollection": False
-                    },
-                    "linux": {
-                        "location": "local",
-                        "useMostFreeVolume": True,
-                        "repositoryId": None,
-                        "path": "opt/binalyze/air",
-                        "tmp": "opt/binalyze/air/tmp",
-                        "directCollection": False
-                    },
-                    "macos": {
-                        "location": "local",
-                        "useMostFreeVolume": False,
-                        "repositoryId": None,
-                        "path": "opt/binalyze/air",
-                        "volume": "/",
-                        "tmp": "opt/binalyze/air/tmp",
-                        "directCollection": False
-                    },
-                    "aix": {
-                        "location": "local",
-                        "useMostFreeVolume": True,
-                        "path": "opt/binalyze/air",
-                        "volume": "/",
-                        "tmp": "opt/binalyze/air/tmp",
-                        "directCollection": False
-                    }
-                },
-                "cpu": self.request.task_config.cpu if self.request.task_config else {"limit": 80},
-                "compression": self.request.task_config.compression if self.request.task_config else {
-                    "enabled": True,
-                    "encryption": {
-                        "enabled": False,
-                        "password": ""
-                    }
-                }
-            },
-            "filter": {
-                "searchTerm": self.request.filter.search_term or "",
-                "name": self.request.filter.name or "",
-                "ipAddress": self.request.filter.ip_address or "",
-                "groupId": self.request.filter.group_id or "",
-                "groupFullPath": self.request.filter.group_full_path or "",
-                "managedStatus": self.request.filter.managed_status or [],
-                "isolationStatus": self.request.filter.isolation_status or [],
-                "platform": self.request.filter.platform or [],
-                "issue": self.request.filter.issue or "",
-                "onlineStatus": self.request.filter.online_status or [],
-                "tags": self.request.filter.tags or [],
-                "version": self.request.filter.version or "",
-                "policy": self.request.filter.policy or "",
-                "includedEndpointIds": self.request.filter.included_endpoint_ids or [],
-                "excludedEndpointIds": self.request.filter.excluded_endpoint_ids or [],
-                "organizationIds": self.request.filter.organization_ids or [0]
-            },
-            "schedulerConfig": {
-                "when": "now"
-            }
-        }
-        # FIXED: Correct endpoint URL
-        response = self.http_client.post("acquisitions/acquire", json_data=payload)
-        return response.get("result", [])
-class CreateAcquisitionCommand(Command[Dict[str, Any]]):
-    """Command to create acquisition task using simplified request - FIXED to match API."""
-    def __init__(self, http_client: HTTPClient, request: CreateAcquisitionRequest):
-        self.http_client = http_client
-        self.request = request
-    def execute(self) -> Dict[str, Any]:
-        """Execute the acquisition task assignment with correct structure."""
-        # FIXED: Use proper filter structure instead of direct filter object
-        payload = {
-            "caseId": getattr(self.request, 'case_id', None),
-            "acquisitionProfileId": self.request.profileId,
-            "droneConfig": {
-                "autoPilot": False,
-                "enabled": False,
-                "analyzers": ["bha", "wsa", "aa", "ara"],
-                "keywords": []
-            },
-            "taskConfig": {
-                "choice": "use-custom-options",
-                "saveTo": {
-                    "windows": {
-                        "location": "local",
-                        "useMostFreeVolume": True,
-                        "repositoryId": None,
-                        "path": "Binalyze\\AIR\\",
-                        "volume": "C:",
-                        "tmp": "Binalyze\\AIR\\tmp",
-                        "directCollection": False
-                    },
-                    "linux": {
-                        "location": "local",
-                        "useMostFreeVolume": True,
-                        "repositoryId": None,
-                        "path": "opt/binalyze/air",
-                        "tmp": "opt/binalyze/air/tmp",
-                        "directCollection": False
-                    },
-                    "macos": {
-                        "location": "local",
-                        "useMostFreeVolume": False,
-                        "repositoryId": None,
-                        "path": "opt/binalyze/air",
-                        "volume": "/",
-                        "tmp": "opt/binalyze/air/tmp",
-                        "directCollection": False
-                    },
-                    "aix": {
-                        "location": "local",
-                        "useMostFreeVolume": True,
-                        "path": "opt/binalyze/air",
-                        "volume": "/",
-                        "tmp": "opt/binalyze/air/tmp",
-                        "directCollection": False
-                    }
-                },
-                "cpu": {
-                    "limit": 80
-                },
-                "compression": {
-                    "enabled": True,
-                    "encryption": {
-                        "enabled": False,
-                        "password": ""
-                    }
-                }
-            },
-            "filter": self.request.filter.to_filter_dict() if isinstance(self.request.filter, AssetFilter) else self.request.filter,
-            "schedulerConfig": {
-                "when": "now"
-            }
-        }
-        if hasattr(self.request, 'name') and self.request.name:
-            payload["taskName"] = self.request.name
-        return self.http_client.post("acquisitions/acquire", json_data=payload)
-class AssignImageAcquisitionTaskCommand(Command[List[Dict[str, Any]]]):
-    """Command to assign image acquisition task - FIXED endpoint URL."""
-    def __init__(self, http_client: HTTPClient, request: ImageAcquisitionTaskRequest):
-        self.http_client = http_client
-        self.request = request
-    def execute(self) -> List[Dict[str, Any]]:
-        """Execute the image acquisition task assignment."""
-        # Convert request to API payload using correct model attributes
-        payload = {
-            "caseId": self.request.case_id,
-            "endpoints": [
-                {
-                    "endpointId": endpoint.endpoint_id,
-                    "volumes": endpoint.volumes
-                }
-                for endpoint in self.request.disk_image_options.endpoints
-            ],
-            "organizationIds": self.request.filter.organization_ids,
-            "startOffset": self.request.disk_image_options.start_offset,
-            "chunkSize": self.request.disk_image_options.chunk_size,
-            "chunkCount": self.request.disk_image_options.chunk_count,
-            "enableCompression": self.request.task_config.compression.get("enabled", False) if self.request.task_config else False,
-            "enableEncryption": self.request.task_config.compression.get("encryption", {}).get("enabled", False) if self.request.task_config else False,
-        }
-        if self.request.task_config and self.request.task_config.compression.get("encryption", {}).get("password"):
-            payload["encryptionPassword"] = self.request.task_config.compression["encryption"]["password"]
-        # FIXED: Correct endpoint URL
-        response = self.http_client.post("acquisitions/acquire/image", json_data=payload)
-        return response.get("result", [])
-class CreateImageAcquisitionCommand(Command[Dict[str, Any]]):
-    """Command to create image acquisition task using simplified request - FIXED structure."""
-    def __init__(self, http_client: HTTPClient, request: CreateImageAcquisitionRequest):
-        self.http_client = http_client
-        self.request = request
-    def execute(self) -> Dict[str, Any]:
-        """Execute the image acquisition task assignment with correct structure."""
-        # Extract repository ID from request if available (for now use a placeholder)
-        # This should be enhanced to get actual repository ID dynamically
-        repository_id = getattr(self.request, 'repository_id', None)
-        # Build the complete payload structure that matches the API specification
-        payload = {
-            "caseId": getattr(self.request, 'case_id', None),
-            "taskConfig": {
-                "choice": "use-custom-options",
-                "saveTo": {
-                    "windows": {
-                        "location": "repository",
-                        "path": "Binalyze\\AIR\\",
-                        "useMostFreeVolume": True,
-                        "repositoryId": repository_id,
-                        "tmp": "Binalyze\\AIR\\tmp",
-                        "directCollection": False
-                    },
-                    "linux": {
-                        "location": "repository",
-                        "path": "opt/binalyze/air",
-                        "useMostFreeVolume": False,
-                        "repositoryId": repository_id,
-                        "tmp": "opt/binalyze/air/tmp",
-                        "directCollection": False
-                    },
-                    "macos": {
-                        "location": "repository",
-                        "path": "opt/binalyze/air",
-                        "useMostFreeVolume": False,
-                        "repositoryId": repository_id,
-                        "tmp": "opt/binalyze/air/tmp",
-                        "directCollection": False
-                    }
-                },
-                "bandwidth": {
-                    "limit": 100000
-                },
-                "compression": {
-                    "enabled": True,
-                    "encryption": {
-                        "enabled": False,
-                        "password": ""
-                    }
-                }
-            },
-            "diskImageOptions": {
-                "imageType": "dd",
-                "chunkSize": 1048576,
-                "chunkCount": 0,
-                "startOffset": 0,
-                "singleFile": False,
-                "endpoints": [
-                    {
-                        "endpointId": "placeholder",  # Will be replaced with actual endpoint IDs
-                        "volumes": ["/"]  # Default volumes, should be replaced with actual volumes
-                    }
-                ]
-            },
-            "filter": self.request.filter.to_filter_dict() if isinstance(self.request.filter, AssetFilter) else self.request.filter,
-            "schedulerConfig": {
-                "when": "now"
-            }
-        }
-        # Extract endpoint IDs from filter and use them in diskImageOptions
-        if isinstance(self.request.filter, dict):
-            included_endpoints = self.request.filter.get('includedEndpointIds', [])
-        else:
-            included_endpoints = getattr(self.request.filter, 'included_endpoint_ids', [])
-        # Get volumes from request or use defaults
-        volumes = getattr(self.request, 'volumes', None) or ["/", "C:"]
-        if included_endpoints:
-            payload["diskImageOptions"]["endpoints"] = [
-                {
-                    "endpointId": endpoint_id,
-                    "volumes": volumes  # Use actual discovered volumes
-                }
-                for endpoint_id in included_endpoints
-            ]
-        if hasattr(self.request, 'name') and self.request.name:
-            payload["taskName"] = self.request.name
-        return self.http_client.post("acquisitions/acquire/image", json_data=payload)
-class CreateAcquisitionProfileCommand(Command[Dict[str, Any]]):
-    """Command to create acquisition profile - FIXED endpoint URL."""
-    def __init__(self, http_client: HTTPClient, request: CreateAcquisitionProfileRequest):
-        self.http_client = http_client
-        self.request = request
-    def execute(self) -> Dict[str, Any]:
-        """Execute the create acquisition profile command."""
-        # Build the payload
-        payload = {
-            "name": self.request.name,
-            "organizationIds": self.request.organization_ids
-        }
-        # Convert platform configuration to API format (snake_case -> camelCase)
-        def convert_platform_to_api(platform_data):
-            if not platform_data:
-                return None
-            api_data = {}
-            if platform_data.get("evidence_list"):
-                api_data["evidenceList"] = platform_data["evidence_list"]
-            if platform_data.get("artifact_list"):
-                api_data["artifactList"] = platform_data["artifact_list"]
-            if platform_data.get("custom_content_profiles") is not None:
-                api_data["customContentProfiles"] = platform_data["custom_content_profiles"]
-            # Convert network capture configuration
-            if platform_data.get("network_capture"):
-                nc = platform_data["network_capture"]
-                api_data["networkCapture"] = {
-                    "enabled": nc.get("enabled", False),
-                    "duration": nc.get("duration", 600),
-                    "pcap": nc.get("pcap", {"enabled": False}),
-                    "networkFlow": nc.get("network_flow", {"enabled": False})
-                }
-            return api_data
-        # Only add platform configurations if they have content
-        if self.request.windows:
-            payload["windows"] = convert_platform_to_api(self.request.windows.model_dump())
-        if self.request.linux:
-            payload["linux"] = convert_platform_to_api(self.request.linux.model_dump())
-        if self.request.macos:
-            payload["macos"] = convert_platform_to_api(self.request.macos.model_dump())
-        if self.request.aix:
-            payload["aix"] = convert_platform_to_api(self.request.aix.model_dump())
-        # Only add eDiscovery if it has content
-        if self.request.e_discovery:
-            payload["eDiscovery"] = self.request.e_discovery
-        if self.request.description:
-            payload["description"] = self.request.description
-        if self.request.artifacts:
-            payload["artifacts"] = self.request.artifacts
-        # FIXED: Correct endpoint URL
-        return self.http_client.post("acquisitions/profiles", json_data=payload)
+"""
+Acquisition-related commands for the Binalyze AIR SDK.
+Fixed to match API documentation exactly.
+"""
+from typing import List, Dict, Any
+from ..base import Command
+from ..models.acquisitions import (
+    AcquisitionTaskRequest, ImageAcquisitionTaskRequest, CreateAcquisitionProfileRequest,
+    CreateAcquisitionRequest, CreateImageAcquisitionRequest
+)
+from ..models.assets import AssetFilter
+from ..http_client import HTTPClient
+class AssignAcquisitionTaskCommand(Command[List[Dict[str, Any]]]):
+    """Command to assign acquisition task - FIXED to match API documentation exactly."""
+    def __init__(self, http_client: HTTPClient, request: AcquisitionTaskRequest):
+        self.http_client = http_client
+        self.request = request
+    def execute(self) -> List[Dict[str, Any]]:
+        """Execute the acquisition task assignment with correct payload structure."""
+        # FIXED: Use proper API payload structure as per documentation
+        payload = {
+            "caseId": self.request.case_id,
+            "acquisitionProfileId": self.request.acquisition_profile_id,
+            "droneConfig": {
+                "autoPilot": self.request.drone_config.auto_pilot if self.request.drone_config else False,
+                "enabled": self.request.drone_config.enabled if self.request.drone_config else False,
+                "analyzers": self.request.drone_config.analyzers if self.request.drone_config else ["bha", "wsa", "aa", "ara"],
+                "keywords": self.request.drone_config.keywords if self.request.drone_config else []
+            },
+            "taskConfig": {
+                "choice": self.request.task_config.choice if self.request.task_config else "use-custom-options",
+                "saveTo": {
+                    "windows": {
+                        "location": "local",
+                        "useMostFreeVolume": True,
+                        "repositoryId": None,
+                        "path": "Binalyze\\AIR\\",
+                        "volume": "C:",
+                        "tmp": "Binalyze\\AIR\\tmp",
+                        "directCollection": False
+                    },
+                    "linux": {
+                        "location": "local",
+                        "useMostFreeVolume": True,
+                        "repositoryId": None,
+                        "path": "opt/binalyze/air",
+                        "tmp": "opt/binalyze/air/tmp",
+                        "directCollection": False
+                    },
+                    "macos": {
+                        "location": "local",
+                        "useMostFreeVolume": False,
+                        "repositoryId": None,
+                        "path": "opt/binalyze/air",
+                        "volume": "/",
+                        "tmp": "opt/binalyze/air/tmp",
+                        "directCollection": False
+                    },
+                    "aix": {
+                        "location": "local",
+                        "useMostFreeVolume": True,
+                        "path": "opt/binalyze/air",
+                        "volume": "/",
+                        "tmp": "opt/binalyze/air/tmp",
+                        "directCollection": False
+                    }
+                },
+                "cpu": self.request.task_config.cpu if self.request.task_config else {"limit": 80},
+                "compression": self.request.task_config.compression if self.request.task_config else {
+                    "enabled": True,
+                    "encryption": {
+                        "enabled": False,
+                        "password": ""
+                    }
+                }
+            },
+            "filter": {
+                "searchTerm": self.request.filter.search_term or "",
+                "name": self.request.filter.name or "",
+                "ipAddress": self.request.filter.ip_address or "",
+                "groupId": self.request.filter.group_id or "",
+                "groupFullPath": self.request.filter.group_full_path or "",
+                "managedStatus": self.request.filter.managed_status or [],
+                "isolationStatus": self.request.filter.isolation_status or [],
+                "platform": self.request.filter.platform or [],
+                "issue": self.request.filter.issue or "",
+                "onlineStatus": self.request.filter.online_status or [],
+                "tags": self.request.filter.tags or [],
+                "version": self.request.filter.version or "",
+                "policy": self.request.filter.policy or "",
+                "includedEndpointIds": self.request.filter.included_endpoint_ids or [],
+                "excludedEndpointIds": self.request.filter.excluded_endpoint_ids or [],
+                "organizationIds": self.request.filter.organization_ids or [0]
+            },
+            "schedulerConfig": {
+                "when": "now"
+            }
+        }
+        # FIXED: Correct endpoint URL
+        response = self.http_client.post("acquisitions/acquire", json_data=payload)
+        return response.get("result", [])
+class CreateAcquisitionCommand(Command[Dict[str, Any]]):
+    """Command to create acquisition task using simplified request - FIXED to match API."""
+    def __init__(self, http_client: HTTPClient, request: CreateAcquisitionRequest):
+        self.http_client = http_client
+        self.request = request
+    def execute(self) -> Dict[str, Any]:
+        """Execute the acquisition task assignment with correct structure."""
+        # FIXED: Use proper filter structure instead of direct filter object
+        payload = {
+            "caseId": getattr(self.request, 'case_id', None),
+            "acquisitionProfileId": self.request.profileId,
+            "droneConfig": {
+                "autoPilot": False,
+                "enabled": False,
+                "analyzers": ["bha", "wsa", "aa", "ara"],
+                "keywords": []
+            },
+            "taskConfig": {
+                "choice": "use-custom-options",
+                "saveTo": {
+                    "windows": {
+                        "location": "local",
+                        "useMostFreeVolume": True,
+                        "repositoryId": None,
+                        "path": "Binalyze\\AIR\\",
+                        "volume": "C:",
+                        "tmp": "Binalyze\\AIR\\tmp",
+                        "directCollection": False
+                    },
+                    "linux": {
+                        "location": "local",
+                        "useMostFreeVolume": True,
+                        "repositoryId": None,
+                        "path": "opt/binalyze/air",
+                        "tmp": "opt/binalyze/air/tmp",
+                        "directCollection": False
+                    },
+                    "macos": {
+                        "location": "local",
+                        "useMostFreeVolume": False,
+                        "repositoryId": None,
+                        "path": "opt/binalyze/air",
+                        "volume": "/",
+                        "tmp": "opt/binalyze/air/tmp",
+                        "directCollection": False
+                    },
+                    "aix": {
+                        "location": "local",
+                        "useMostFreeVolume": True,
+                        "path": "opt/binalyze/air",
+                        "volume": "/",
+                        "tmp": "opt/binalyze/air/tmp",
+                        "directCollection": False
+                    }
+                },
+                "cpu": {
+                    "limit": 80
+                },
+                "compression": {
+                    "enabled": True,
+                    "encryption": {
+                        "enabled": False,
+                        "password": ""
+                    }
+                }
+            },
+            "filter": self.request.filter.to_filter_dict() if isinstance(self.request.filter, AssetFilter) else self.request.filter,
+            "schedulerConfig": {
+                "when": "now"
+            }
+        }
+        if hasattr(self.request, 'name') and self.request.name:
+            payload["taskName"] = self.request.name
+        return self.http_client.post("acquisitions/acquire", json_data=payload)
+class AssignImageAcquisitionTaskCommand(Command[List[Dict[str, Any]]]):
+    """Command to assign image acquisition task by filter."""
+    def __init__(self, http_client: HTTPClient, request: ImageAcquisitionTaskRequest):
+        self.http_client = http_client
+        self.request = request
+    def execute(self) -> List[Dict[str, Any]]:
+        """Execute the image acquisition task assignment."""
+        # Build payload with proper API field names (camelCase)
+        payload = {
+            "caseId": self.request.case_id,
+            "taskConfig": {
+                "choice": self.request.task_config.choice,
+                "saveTo": {},
+                "cpu": self.request.task_config.cpu,
+                "bandwidth": getattr(self.request.task_config, 'bandwidth', {"limit": 100000}),
+                "compression": self.request.task_config.compression
+            },
+            "diskImageOptions": {
+                "startOffset": self.request.disk_image_options.startOffset,
+                "chunkSize": self.request.disk_image_options.chunkSize,
+                "chunkCount": self.request.disk_image_options.chunkCount,
+                "imageType": getattr(self.request.disk_image_options, 'imageType', 'dd'),
+                "singleFile": getattr(self.request.disk_image_options, 'singleFile', False),
+                "endpoints": [
+                    {
+                        "endpointId": ep.endpointId,
+                        "volumes": ep.volumes
+                    }
+                    for ep in self.request.disk_image_options.endpoints
+                ]
+            },
+            "filter": {
+                "searchTerm": getattr(self.request.filter, 'search_term', '') or '',
+                "name": getattr(self.request.filter, 'name', '') or '',
+                "ipAddress": getattr(self.request.filter, 'ip_address', '') or '',
+                "groupId": getattr(self.request.filter, 'group_id', '') or '',
+                "groupFullPath": getattr(self.request.filter, 'group_full_path', '') or '',
+                "managedStatus": getattr(self.request.filter, 'managed_status', []),
+                "isolationStatus": getattr(self.request.filter, 'isolation_status', []),
+                "platform": getattr(self.request.filter, 'platform', []),
+                "issue": getattr(self.request.filter, 'issue', '') or '',
+                "onlineStatus": getattr(self.request.filter, 'online_status', []),
+                "tags": getattr(self.request.filter, 'tags', []),
+                "version": getattr(self.request.filter, 'version', '') or '',
+                "policy": getattr(self.request.filter, 'policy', '') or '',
+                "includedEndpointIds": getattr(self.request.filter, 'included_endpoint_ids', []),
+                "excludedEndpointIds": getattr(self.request.filter, 'excluded_endpoint_ids', []),
+                "organizationIds": getattr(self.request.filter, 'organization_ids', [0])
+            }
+        }
+        # Build saveTo configuration with proper API field names
+        for platform, config in self.request.task_config.save_to.items():
+            if hasattr(config, 'location'):
+                platform_config = {
+                    "location": config.location,
+                    "useMostFreeVolume": config.use_most_free_volume,  # FIXED: camelCase
+                    "path": config.path,
+                    "tmp": config.tmp,
+                    "directCollection": config.direct_collection  # FIXED: camelCase
+                }
+                # Add optional fields with proper names
+                if hasattr(config, 'repository_id') and config.repository_id:
+                    platform_config["repositoryId"] = config.repository_id  # FIXED: camelCase
+                if hasattr(config, 'volume') and config.volume:
+                    platform_config["volume"] = config.volume
+                payload["taskConfig"]["saveTo"][platform] = platform_config
+            else:
+                # Handle dict-based config
+                payload["taskConfig"]["saveTo"][platform] = config
+        # Add scheduler config if present (matching API spec)
+        if hasattr(self.request, 'scheduler_config') and self.request.scheduler_config:
+            payload["schedulerConfig"] = {
+                "when": getattr(self.request.scheduler_config, 'when', 'now')
+            }
+            # Add other scheduler fields if present
+            for field in ['timezone_type', 'timezone', 'start_date', 'recurrence', 'repeat_every', 'repeat_on_week', 'repeat_on_month', 'end_repeat_type', 'end_date', 'limit']:
+                if hasattr(self.request.scheduler_config, field) and getattr(self.request.scheduler_config, field) is not None:
+                    # Convert snake_case to camelCase for API
+                    api_field = field.replace('_', '')
+                    if field == 'timezone_type':
+                        api_field = 'timezoneType'
+                    elif field == 'start_date':
+                        api_field = 'startDate'
+                    elif field == 'repeat_every':
+                        api_field = 'repeatEvery'
+                    elif field == 'repeat_on_week':
+                        api_field = 'repeatOnWeek'
+                    elif field == 'repeat_on_month':
+                        api_field = 'repeatOnMonth'
+                    elif field == 'end_repeat_type':
+                        api_field = 'endRepeatType'
+                    elif field == 'end_date':
+                        api_field = 'endDate'
+                    payload["schedulerConfig"][api_field] = getattr(self.request.scheduler_config, field)
+        else:
+            # Default scheduler config as per API spec
+            payload["schedulerConfig"] = {"when": "now"}
+        response = self.http_client.post("acquisitions/acquire/image", json_data=payload)
+        # Extract result list from response
+        if isinstance(response, dict) and "result" in response:
+            return response["result"] if isinstance(response["result"], list) else [response["result"]]
+        return []
+class CreateImageAcquisitionCommand(Command[Dict[str, Any]]):
+    """Command to create image acquisition task - FIXED with required fields."""
+    def __init__(self, http_client: HTTPClient, request: CreateImageAcquisitionRequest):
+        self.http_client = http_client
+        self.request = request
+    def execute(self) -> Dict[str, Any]:
+        """Execute the image acquisition task creation with proper API structure."""
+        # Build complete payload structure matching API specification
+        payload = {
+            "caseId": getattr(self.request, 'case_id', None)
+        }
+        # Use task_config from request if provided, otherwise use defaults
+        if hasattr(self.request, 'task_config') and self.request.task_config:
+            if isinstance(self.request.task_config, dict):
+                payload["taskConfig"] = self.request.task_config
+            else:
+                payload["taskConfig"] = self.request.task_config.model_dump()
+        else:
+            # Default task config
+            payload["taskConfig"] = {
+                "choice": "use-custom-options",
+                "saveTo": {
+                    "windows": {
+                        "location": "repository",
+                        "path": "Binalyze\\AIR",
+                        "useMostFreeVolume": True,
+                        "repositoryId": "DEFAULT_REPOSITORY_ID",
+                        "tmp": "Binalyze\\AIR\\tmp",
+                        "directCollection": False
+                    },
+                    "linux": {
+                        "location": "repository",
+                        "path": "opt/binalyze/air",
+                        "useMostFreeVolume": False,
+                        "repositoryId": "DEFAULT_REPOSITORY_ID",
+                        "tmp": "opt/binalyze/air/tmp",
+                        "directCollection": False
+                    },
+                    "macos": {
+                        "location": "repository",
+                        "path": "opt/binalyze/air",
+                        "useMostFreeVolume": False,
+                        "repositoryId": "DEFAULT_REPOSITORY_ID",
+                        "tmp": "opt/binalyze/air/tmp",
+                        "directCollection": False
+                    }
+                },
+                "cpu": {"limit": 50},
+                "bandwidth": {"limit": 100000},
+                "compression": {
+                    "enabled": True,
+                    "encryption": {
+                        "enabled": False,
+                        "password": ""
+                    }
+                }
+            }
+        # Use disk_image_options from request if provided, otherwise use defaults
+        if hasattr(self.request, 'disk_image_options') and self.request.disk_image_options:
+            if isinstance(self.request.disk_image_options, dict):
+                payload["diskImageOptions"] = self.request.disk_image_options
+            else:
+                payload["diskImageOptions"] = self.request.disk_image_options.model_dump()
+        else:
+            # Default disk image options
+            payload["diskImageOptions"] = {
+                "chunkSize": 1048576,
+                "chunkCount": 0,
+                "startOffset": 0,
+                "imageType": "dd",
+                "singleFile": False,
+                "endpoints": [{
+                    "endpointId": "SDK_TEST_NONEXISTENT_ENDPOINT",
+                    "volumes": ["/dev/test"]
+                }]
+            }
+        # Use scheduler_config from request if provided, otherwise use default
+        if hasattr(self.request, 'scheduler_config') and self.request.scheduler_config:
+            if isinstance(self.request.scheduler_config, dict):
+                payload["schedulerConfig"] = self.request.scheduler_config
+            else:
+                payload["schedulerConfig"] = self.request.scheduler_config.model_dump()
+        else:
+            payload["schedulerConfig"] = {"when": "now"}
+        # Use the filter from request
+        if hasattr(self.request, 'filter') and self.request.filter:
+            if isinstance(self.request.filter, dict):
+                payload["filter"] = self.request.filter
+            else:
+                payload["filter"] = self.request.filter.model_dump()
+        # Add task name if provided
+        if hasattr(self.request, 'name') and self.request.name:
+            payload["taskName"] = self.request.name
+        return self.http_client.post("acquisitions/acquire/image", json_data=payload)
+class CreateAcquisitionProfileCommand(Command[Dict[str, Any]]):
+    """Command to create acquisition profile - FIXED field conversion."""
+    def __init__(self, http_client: HTTPClient, request: CreateAcquisitionProfileRequest):
+        self.http_client = http_client
+        self.request = request
+    def execute(self) -> Dict[str, Any]:
+        """Execute the create acquisition profile command."""
+        # Build the payload
+        payload = {
+            "name": self.request.name,
+            "organizationIds": self.request.organizationIds if self.request.organizationIds else []
+        }
+        # Convert platform configuration to API format - FIXED conversion logic
+        def convert_platform_to_api(platform_data, platform_name=""):
+            if not platform_data:
+                return None
+            # FIXED: Use model_dump() for reliable field access
+            api_data = platform_data.model_dump()
+            # Remove networkCapture from AIX platform as per API spec
+            if platform_name.lower() == "aix" and "networkCapture" in api_data:
+                del api_data["networkCapture"]
+            return api_data
+        # Add platform configurations with proper platform names
+        if self.request.windows:
+            payload["windows"] = convert_platform_to_api(self.request.windows, "windows")
+        if self.request.linux:
+            payload["linux"] = convert_platform_to_api(self.request.linux, "linux")
+        if self.request.macos:
+            payload["macos"] = convert_platform_to_api(self.request.macos, "macos")
+        if self.request.aix:
+            payload["aix"] = convert_platform_to_api(self.request.aix, "aix")
+        # Handle eDiscovery field if present
+        if hasattr(self.request, 'eDiscovery') and self.request.eDiscovery:
+            # Convert EDiscoveryConfig to the expected dict format for API
+            if hasattr(self.request.eDiscovery, 'patterns'):
+                payload["eDiscovery"] = {
+                    "patterns": [
+                        pattern.model_dump()
+                        for pattern in self.request.eDiscovery.patterns
+                    ]
+                }
+            elif hasattr(self.request.eDiscovery, 'model_dump'):
+                # Handle as pydantic model
+                payload["eDiscovery"] = self.request.eDiscovery.model_dump()
+            elif isinstance(self.request.eDiscovery, dict):
+                # Handle as dictionary
+                payload["eDiscovery"] = self.request.eDiscovery
+        return self.http_client.post("acquisitions/profiles", json_data=payload)
+class UpdateAcquisitionProfileCommand(Command[Dict[str, Any]]):
+    """Command to update acquisition profile by ID - FIXED field conversion."""
+    def __init__(self, http_client: HTTPClient, profile_id: str, request: CreateAcquisitionProfileRequest):
+        self.http_client = http_client
+        self.profile_id = profile_id
+        self.request = request
+    def execute(self) -> Dict[str, Any]:
+        """Execute the update acquisition profile command."""
+        # Build the payload (same structure as create)
+        payload = {
+            "name": self.request.name,
+            "organizationIds": self.request.organizationIds if self.request.organizationIds else []
+        }
+        # Convert platform configuration to API format - FIXED conversion logic
+        def convert_platform_to_api(platform_data, platform_name=""):
+            if not platform_data:
+                return None
+            # FIXED: Use model_dump() for reliable field access
+            api_data = platform_data.model_dump()
+            # Remove networkCapture from AIX platform as per API spec
+            if platform_name.lower() == "aix" and "networkCapture" in api_data:
+                del api_data["networkCapture"]
+            return api_data
+        # Add platform configurations with proper platform names
+        if self.request.windows:
+            payload["windows"] = convert_platform_to_api(self.request.windows, "windows")
+        if self.request.linux:
+            payload["linux"] = convert_platform_to_api(self.request.linux, "linux")
+        if self.request.macos:
+            payload["macos"] = convert_platform_to_api(self.request.macos, "macos")
+        if self.request.aix:
+            payload["aix"] = convert_platform_to_api(self.request.aix, "aix")
+        # Handle eDiscovery field if present
+        if hasattr(self.request, 'eDiscovery') and self.request.eDiscovery:
+            # Convert EDiscoveryConfig to the expected dict format for API
+            if hasattr(self.request.eDiscovery, 'patterns'):
+                payload["eDiscovery"] = {
+                    "patterns": [
+                        pattern.model_dump()
+                        for pattern in self.request.eDiscovery.patterns
+                    ]
+                }
+            elif hasattr(self.request.eDiscovery, 'model_dump'):
+                # Handle as pydantic model
+                payload["eDiscovery"] = self.request.eDiscovery.model_dump()
+            elif isinstance(self.request.eDiscovery, dict):
+                # Handle as dictionary
+                payload["eDiscovery"] = self.request.eDiscovery
+        return self.http_client.put(f"acquisitions/profiles/{self.profile_id}", json_data=payload)
+class DeleteAcquisitionProfileCommand(Command[Dict[str, Any]]):
+    """Command to delete acquisition profile by ID."""
+    def __init__(self, http_client: HTTPClient, profile_id: str):
+        self.http_client = http_client
+        self.profile_id = profile_id
+    def execute(self) -> Dict[str, Any]:
+        """Execute the delete acquisition profile command."""
+        return self.http_client.delete(f"acquisitions/profiles/{self.profile_id}")
+class CreateOffNetworkAcquisitionCommand(Command[Dict[str, Any]]):
+    """Command to create evidence acquisition off-network task."""
+    def __init__(self, http_client: HTTPClient, request: CreateAcquisitionRequest):
+        self.http_client = http_client
+        self.request = request
+    def execute(self) -> Dict[str, Any]:
+        """Execute the off-network acquisition task creation."""
+        # Build payload structure matching the API specification
+        payload = {
+            "caseId": getattr(self.request, 'case_id', None),
+            "acquisitionProfileId": self.request.profileId,
+            "droneConfig": {
+                "autoPilot": False,
+                "enabled": False,
+                "analyzers": ["bha", "wsa", "aa", "ara"],
+                "keywords": []
+            },
+            "eventLogRecordsConfig": {
+                "startDate": None,
+                "endDate": None,
+                "maxEventCount": 1000
+            },
+            "taskConfig": {
+                "choice": "use-custom-options",
+                "saveTo": {
+                    "windows": {
+                        "location": "local",
+                        "useMostFreeVolume": True,
+                        "repositoryId": None,
+                        "path": "Binalyze\\AIR\\",
+                        "volume": "C:",
+                        "tmp": "Binalyze\\AIR\\tmp",
+                        "directCollection": False
+                    },
+                    "linux": {
+                        "location": "local",
+                        "useMostFreeVolume": True,
+                        "repositoryId": None,
+                        "path": "opt/binalyze/air",
+                        "tmp": "opt/binalyze/air/tmp",
+                        "directCollection": False
+                    },
+                    "macos": {
+                        "location": "local",
+                        "useMostFreeVolume": False,
+                        "repositoryId": None,
+                        "path": "opt/binalyze/air",
+                        "volume": "/",
+                        "tmp": "opt/binalyze/air/tmp",
+                        "directCollection": False
+                    },
+                    "aix": {
+                        "location": "local",
+                        "useMostFreeVolume": True,
+                        "path": "opt/binalyze/air",
+                        "volume": "/",
+                        "tmp": "opt/binalyze/air/tmp",
+                        "directCollection": False
+                    }
+                },
+                "cpu": {
+                    "limit": 80
+                },
+                "compression": {
+                    "enabled": True,
+                    "encryption": {
+                        "enabled": False,
+                        "password": ""
+                    }
+                }
+            },
+            "filter": self.request.filter.to_filter_dict() if isinstance(self.request.filter, AssetFilter) else self.request.filter,
+            "schedulerConfig": {
+                "when": "now"
+            }
+        }
+        if hasattr(self.request, 'name') and self.request.name:
+            payload["taskName"] = self.request.name
+        return self.http_client.post("acquisitions/acquire/off-network", json_data=payload)
+class UpdateScheduledEvidenceAcquisitionCommand(Command[Dict[str, Any]]):
+    """Command to update scheduled evidence acquisition."""
+    def __init__(self, http_client: HTTPClient, task_id: str, request: Dict[str, Any]):
+        self.http_client = http_client
+        self.task_id = task_id
+        self.request = request
+    def execute(self) -> Dict[str, Any]:
+        """Execute the update scheduled evidence acquisition command."""
+        return self.http_client.put(f"acquisitions/schedule/evidence-acquisition/{self.task_id}", json_data=self.request)
+class UpdateScheduledImageAcquisitionCommand(Command[Dict[str, Any]]):
+    """Command to update scheduled image acquisition."""
+    def __init__(self, http_client: HTTPClient, task_id: str, request: Dict[str, Any]):
+        self.http_client = http_client
+        self.task_id = task_id
+        self.request = request
+    def execute(self) -> Dict[str, Any]:
+        """Execute the update scheduled image acquisition command."""
+        return self.http_client.put(f"acquisitions/schedule/image-acquisition/{self.task_id}", json_data=self.request)
+class ValidateOsqueryCommand(Command[Dict[str, Any]]):
+    """Command to validate osquery."""
+    def __init__(self, http_client: HTTPClient, request: List[Dict[str, Any]]):
+        self.http_client = http_client
+        self.request = request
+    def execute(self) -> Dict[str, Any]:
+        """Execute the validate osquery command."""
+        return self.http_client.post("acquisitions/profiles/osquery/validate", json_data=self.request)  # type: ignore

binalyze-air-sdk 1.0.2__py3-none-any.whl → 1.0.3__py3-none-any.whl

binalyze-air-sdk 1.0.2py3-none-any.whl → 1.0.3py3-none-any.whl