PyPI - binalyze-air-sdk - Versions diffs - 1.0.2__py3-none-any.whl → 1.0.3__py3-none-any.whl - Mend

binalyze-air-sdk 1.0.2py3-none-any.whl → 1.0.3py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (142) hide show

binalyze_air/__init__.py +77 -77
binalyze_air/apis/__init__.py +67 -27
binalyze_air/apis/acquisitions.py +107 -0
binalyze_air/apis/api_tokens.py +49 -0
binalyze_air/apis/assets.py +161 -0
binalyze_air/apis/audit_logs.py +26 -0
binalyze_air/apis/{authentication.py → auth.py} +29 -27
binalyze_air/apis/auto_asset_tags.py +79 -75
binalyze_air/apis/backup.py +177 -0
binalyze_air/apis/baseline.py +46 -0
binalyze_air/apis/cases.py +225 -0
binalyze_air/apis/cloud_forensics.py +116 -0
binalyze_air/apis/event_subscription.py +96 -96
binalyze_air/apis/evidence.py +249 -53
binalyze_air/apis/interact.py +153 -36
binalyze_air/apis/investigation_hub.py +234 -0
binalyze_air/apis/license.py +104 -0
binalyze_air/apis/logger.py +83 -0
binalyze_air/apis/multipart_upload.py +201 -0
binalyze_air/apis/notifications.py +115 -0
binalyze_air/apis/organizations.py +267 -0
binalyze_air/apis/params.py +44 -39
binalyze_air/apis/policies.py +186 -0
binalyze_air/apis/preset_filters.py +79 -0
binalyze_air/apis/recent_activities.py +71 -0
binalyze_air/apis/relay_server.py +104 -0
binalyze_air/apis/settings.py +395 -27
binalyze_air/apis/tasks.py +80 -0
binalyze_air/apis/triage.py +197 -0
binalyze_air/apis/user_management.py +183 -74
binalyze_air/apis/webhook_executions.py +50 -0
binalyze_air/apis/webhooks.py +322 -230
binalyze_air/base.py +207 -133
binalyze_air/client.py +217 -1337
binalyze_air/commands/__init__.py +175 -145
binalyze_air/commands/acquisitions.py +661 -387
binalyze_air/commands/api_tokens.py +55 -0
binalyze_air/commands/assets.py +324 -362
binalyze_air/commands/{authentication.py → auth.py} +36 -36
binalyze_air/commands/auto_asset_tags.py +230 -230
binalyze_air/commands/backup.py +47 -0
binalyze_air/commands/baseline.py +32 -396
binalyze_air/commands/cases.py +609 -602
binalyze_air/commands/cloud_forensics.py +88 -0
binalyze_air/commands/event_subscription.py +101 -101
binalyze_air/commands/evidences.py +918 -988
binalyze_air/commands/interact.py +172 -58
binalyze_air/commands/investigation_hub.py +315 -0
binalyze_air/commands/license.py +183 -0
binalyze_air/commands/logger.py +126 -0
binalyze_air/commands/multipart_upload.py +363 -0
binalyze_air/commands/notifications.py +45 -0
binalyze_air/commands/organizations.py +200 -221
binalyze_air/commands/policies.py +175 -203
binalyze_air/commands/preset_filters.py +55 -0
binalyze_air/commands/recent_activities.py +32 -0
binalyze_air/commands/relay_server.py +144 -0
binalyze_air/commands/settings.py +431 -29
binalyze_air/commands/tasks.py +95 -56
binalyze_air/commands/triage.py +224 -360
binalyze_air/commands/user_management.py +351 -126
binalyze_air/commands/webhook_executions.py +77 -0
binalyze_air/config.py +244 -244
binalyze_air/exceptions.py +49 -49
binalyze_air/http_client.py +426 -305
binalyze_air/models/__init__.py +287 -285
binalyze_air/models/acquisitions.py +365 -250
binalyze_air/models/api_tokens.py +73 -0
binalyze_air/models/assets.py +438 -438
binalyze_air/models/audit.py +247 -272
binalyze_air/models/audit_logs.py +14 -0
binalyze_air/models/{authentication.py → auth.py} +69 -69
binalyze_air/models/auto_asset_tags.py +227 -116
binalyze_air/models/backup.py +138 -0
binalyze_air/models/baseline.py +231 -231
binalyze_air/models/cases.py +275 -275
binalyze_air/models/cloud_forensics.py +145 -0
binalyze_air/models/event_subscription.py +170 -171
binalyze_air/models/evidence.py +65 -65
binalyze_air/models/evidences.py +367 -348
binalyze_air/models/interact.py +266 -135
binalyze_air/models/investigation_hub.py +265 -0
binalyze_air/models/license.py +150 -0
binalyze_air/models/logger.py +83 -0
binalyze_air/models/multipart_upload.py +352 -0
binalyze_air/models/notifications.py +138 -0
binalyze_air/models/organizations.py +293 -293
binalyze_air/models/params.py +153 -127
binalyze_air/models/policies.py +260 -249
binalyze_air/models/preset_filters.py +79 -0
binalyze_air/models/recent_activities.py +70 -0
binalyze_air/models/relay_server.py +121 -0
binalyze_air/models/settings.py +538 -84
binalyze_air/models/tasks.py +215 -149
binalyze_air/models/triage.py +141 -142
binalyze_air/models/user_management.py +200 -97
binalyze_air/models/webhook_executions.py +33 -0
binalyze_air/queries/__init__.py +121 -133
binalyze_air/queries/acquisitions.py +155 -155
binalyze_air/queries/api_tokens.py +46 -0
binalyze_air/queries/assets.py +186 -105
binalyze_air/queries/audit.py +400 -416
binalyze_air/queries/{authentication.py → auth.py} +55 -55
binalyze_air/queries/auto_asset_tags.py +59 -59
binalyze_air/queries/backup.py +66 -0
binalyze_air/queries/baseline.py +21 -185
binalyze_air/queries/cases.py +292 -292
binalyze_air/queries/cloud_forensics.py +137 -0
binalyze_air/queries/event_subscription.py +54 -54
binalyze_air/queries/evidence.py +139 -139
binalyze_air/queries/evidences.py +279 -279
binalyze_air/queries/interact.py +140 -28
binalyze_air/queries/investigation_hub.py +329 -0
binalyze_air/queries/license.py +85 -0
binalyze_air/queries/logger.py +58 -0
binalyze_air/queries/multipart_upload.py +180 -0
binalyze_air/queries/notifications.py +71 -0
binalyze_air/queries/organizations.py +222 -222
binalyze_air/queries/params.py +154 -115
binalyze_air/queries/policies.py +149 -149
binalyze_air/queries/preset_filters.py +60 -0
binalyze_air/queries/recent_activities.py +44 -0
binalyze_air/queries/relay_server.py +42 -0
binalyze_air/queries/settings.py +533 -20
binalyze_air/queries/tasks.py +125 -81
binalyze_air/queries/triage.py +230 -230
binalyze_air/queries/user_management.py +193 -83
binalyze_air/queries/webhook_executions.py +39 -0
binalyze_air_sdk-1.0.3.dist-info/METADATA +752 -0
binalyze_air_sdk-1.0.3.dist-info/RECORD +132 -0
{binalyze_air_sdk-1.0.2.dist-info → binalyze_air_sdk-1.0.3.dist-info}/WHEEL +1 -1
binalyze_air/apis/endpoints.py +0 -22
binalyze_air/apis/evidences.py +0 -216
binalyze_air/apis/users.py +0 -68
binalyze_air/commands/users.py +0 -101
binalyze_air/models/endpoints.py +0 -76
binalyze_air/models/users.py +0 -82
binalyze_air/queries/endpoints.py +0 -25
binalyze_air/queries/users.py +0 -69
binalyze_air_sdk-1.0.2.dist-info/METADATA +0 -706
binalyze_air_sdk-1.0.2.dist-info/RECORD +0 -82
{binalyze_air_sdk-1.0.2.dist-info → binalyze_air_sdk-1.0.3.dist-info}/top_level.txt +0 -0

binalyze_air/models/acquisitions.py CHANGED Viewed

@@ -1,251 +1,366 @@
-"""
-Acquisition-related data models for the Binalyze AIR SDK.
-"""
-from typing import List, Optional, Dict, Any
-from datetime import datetime
-from ..base import AIRBaseModel, Filter
-class NetworkCaptureConfig(AIRBaseModel):
-    """Network capture configuration."""
-    enabled: bool = False
-    duration: int = 60
-    pcap: Dict[str, bool] = {"enabled": False}
-    network_flow: Dict[str, bool] = {"enabled": False}
-class EDiscoveryPattern(AIRBaseModel):
-    """eDiscovery pattern model."""
-    pattern: str
-    category: str
-class SaveLocationConfig(AIRBaseModel):
-    """Save location configuration."""
-    location: str
-    use_most_free_volume: bool = False
-    repository_id: Optional[str] = None
-    path: str
-    volume: Optional[str] = None
-    tmp: str
-    direct_collection: bool = False
-class TaskConfig(AIRBaseModel):
-    """Task configuration."""
-    choice: str
-    save_to: Dict[str, SaveLocationConfig]
-    cpu: Dict[str, int] = {"limit": 50}
-    compression: Dict[str, Any] = {
-        "enabled": False,
-        "encryption": {"enabled": False, "password": ""}
-    }
-class DroneConfig(AIRBaseModel):
-    """Drone configuration."""
-    auto_pilot: bool = False
-    enabled: bool = False
-    analyzers: List[str] = []
-    keywords: List[str] = []
-class FilterConfig(AIRBaseModel):
-    """Filter configuration for acquisition tasks - matches API specification exactly."""
-    # Basic search and identification
-    search_term: Optional[str] = None
-    name: Optional[str] = None
-    ip_address: Optional[str] = None
-    group_id: Optional[str] = None
-    group_full_path: Optional[str] = None
-    label: Optional[str] = None  # NEW - Missing from API spec
-    # Status filters (arrays as per API)
-    managed_status: List[str] = []
-    isolation_status: List[str] = []
-    platform: List[str] = []
-    issue: Optional[str] = None  # API expects string, not array
-    online_status: List[str] = []
-    # Tags and policies
-    tags: List[str] = []
-    version: Optional[str] = None
-    policy: Optional[str] = None
-    # Endpoint targeting
-    included_endpoint_ids: List[str] = []
-    excluded_endpoint_ids: List[str] = []
-    # Organization and case
-    organization_ids: List[int] = []  # Required by API
-    case_id: Optional[str] = None  # NEW - Missing from API spec
-    # Date/time filters
-    last_seen: Optional[str] = None  # NEW - Missing from API spec (ISO 8601 format)
-    # Cloud provider filters
-    aws_regions: Optional[List[str]] = None  # NEW - Missing from API spec
-    azure_regions: Optional[List[str]] = None  # NEW - Missing from API spec
-class AcquisitionProfilePlatformDetails(AIRBaseModel):
-    """Platform-specific acquisition profile details."""
-    evidence_list: List[str] = []
-    artifact_list: Optional[List[str]] = None
-    custom_content_profiles: List[Any] = []
-    network_capture: Optional[NetworkCaptureConfig] = None
-class AcquisitionProfile(AIRBaseModel):
-    """Acquisition profile model."""
-    id: str
-    name: str
-    organization_ids: List[int] = []
-    created_at: Optional[datetime] = None
-    updated_at: Optional[datetime] = None
-    created_by: str
-    deletable: bool = True
-    artifacts: List[str] = []  # Added for test compatibility
-    # Additional fields from API response
-    average_time: Optional[int] = None
-    last_used_at: Optional[datetime] = None
-    last_used_by: Optional[str] = None
-    has_event_log_records_evidence: Optional[bool] = None
-class AcquisitionProfileDetails(AcquisitionProfile):
-    """Detailed acquisition profile with platform configurations."""
-    windows: Optional[AcquisitionProfilePlatformDetails] = None
-    linux: Optional[AcquisitionProfilePlatformDetails] = None
-    macos: Optional[AcquisitionProfilePlatformDetails] = None
-    aix: Optional[AcquisitionProfilePlatformDetails] = None
-    e_discovery: Optional[Dict[str, List[EDiscoveryPattern]]] = None
-    settings: Optional[Dict[str, Any]] = None  # Added for test compatibility
-class EndpointVolumeConfig(AIRBaseModel):
-    """Endpoint and volume configuration for disk image acquisition."""
-    endpoint_id: str
-    volumes: List[str] = []
-class DiskImageOptions(AIRBaseModel):
-    """Disk image options."""
-    chunk_size: int
-    chunk_count: int
-    start_offset: int
-    endpoints: List[EndpointVolumeConfig] = []
-class AcquisitionTaskRequest(AIRBaseModel):
-    """Acquisition task request."""
-    case_id: str
-    drone_config: DroneConfig
-    task_config: TaskConfig
-    acquisition_profile_id: str
-    filter: FilterConfig
-class ImageAcquisitionTaskRequest(AIRBaseModel):
-    """Image acquisition task request."""
-    case_id: Optional[str] = None
-    task_config: TaskConfig
-    disk_image_options: DiskImageOptions
-    filter: FilterConfig
-class CreateAcquisitionProfileRequest(AIRBaseModel):
-    """Create acquisition profile request."""
-    name: str
-    organization_ids: List[int] = []
-    windows: Optional[AcquisitionProfilePlatformDetails] = None
-    linux: Optional[AcquisitionProfilePlatformDetails] = None
-    macos: Optional[AcquisitionProfilePlatformDetails] = None
-    aix: Optional[AcquisitionProfilePlatformDetails] = None
-    e_discovery: Optional[Dict[str, List[EDiscoveryPattern]]] = None
-    description: Optional[str] = None  # Added for test compatibility
-    artifacts: List[str] = []  # Added for test compatibility
-# Simplified request models for testing
-class CreateAcquisitionRequest(AIRBaseModel):
-    """Simplified acquisition request for testing."""
-    filter: Dict[str, Any]
-    profileId: str
-    name: Optional[str] = None
-class CreateImageAcquisitionRequest(AIRBaseModel):
-    """Simplified image acquisition request for testing."""
-    filter: Dict[str, Any]
-    name: Optional[str] = None
-    fullDisk: bool = False
-    repository_id: Optional[str] = None
-    volumes: Optional[List[str]] = None
-class AcquisitionFilter(Filter):
-    """Filter for acquisition profile queries - matches API specification exactly."""
-    # Search and identification
-    search_term: Optional[str] = None
-    name: Optional[str] = None
-    # Organization parameters
-    organization_ids: Optional[List[int]] = None  # Required by API
-    all_organizations: Optional[bool] = None  # true/false
-    # Profile metadata (for backwards compatibility)
-    created_by: Optional[str] = None
-    deletable: Optional[bool] = None
-    def to_params(self) -> Dict[str, Any]:
-        """Convert filter to API parameters."""
-        params = {}
-        # Pagination parameters (not in filter namespace) - only if set
-        if self.page_number is not None:
-            params["pageNumber"] = self.page_number
-        if self.page_size is not None:
-            params["pageSize"] = self.page_size
-        if self.sort_by is not None:
-            params["sortBy"] = self.sort_by
-        if self.sort_type is not None:
-            params["sortType"] = self.sort_type
-        # Add acquisition-specific filter parameters (use API field names)
-        if self.search_term is not None:
-            params["filter[searchTerm]"] = self.search_term
-        if self.name is not None:
-            params["filter[name]"] = self.name
-        if self.organization_ids is not None:
-            params["filter[organizationIds]"] = ",".join(map(str, self.organization_ids))
-        if self.all_organizations is not None:
-            params["filter[allOrganizations]"] = "true" if self.all_organizations else "false"
-        # Backwards compatibility fields (not in API spec but may be used)
-        if self.created_by is not None:
-            params["filter[createdBy]"] = self.created_by
-        if self.deletable is not None:
-            params["filter[deletable]"] = "true" if self.deletable else "false"
+"""
+Acquisition-related data models for the Binalyze AIR SDK.
+"""
+from typing import List, Optional, Dict, Any
+from datetime import datetime
+from pydantic import Field
+from ..base import AIRBaseModel, Filter
+class NetworkCaptureConfig(AIRBaseModel):
+    """Network capture configuration - matches API specification exactly."""
+    enabled: bool = False
+    duration: int = 60
+    pcap: Dict[str, bool] = {"enabled": False}
+    networkFlow: Dict[str, bool] = {"enabled": False}  # API uses camelCase
+class EDiscoveryPattern(AIRBaseModel):
+    """eDiscovery pattern model."""
+    pattern: str
+    category: str
+class EDiscoveryConfig(AIRBaseModel):
+    """eDiscovery configuration matching API specification exactly."""
+    patterns: List[EDiscoveryPattern] = []
+    def model_dump(self, **kwargs):
+        """Override to serialize patterns under 'edPatterns' key for API."""
+        data = super().model_dump(**kwargs)
+        if 'patterns' in data:
+            data['edPatterns'] = data.pop('patterns')
+        return data
+class SaveLocationConfig(AIRBaseModel):
+    """Save location configuration."""
+    location: str
+    use_most_free_volume: bool = False
+    repository_id: Optional[str] = None
+    path: str
+    volume: Optional[str] = None
+    tmp: str = "tmp"
+    direct_collection: bool = False
+class TaskConfig(AIRBaseModel):
+    """Task configuration."""
+    choice: str
+    save_to: Dict[str, SaveLocationConfig]
+    cpu: Dict[str, int] = {"limit": 50}
+    bandwidth: Optional[Dict[str, int]] = None
+    compression: Dict[str, Any] = {
+        "enabled": False,
+        "encryption": {"enabled": False, "password": ""}
+    }
+class DroneConfig(AIRBaseModel):
+    """Drone configuration."""
+    auto_pilot: bool = False
+    enabled: bool = False
+    analyzers: List[str] = []
+    keywords: List[str] = []
+class FilterConfig(AIRBaseModel):
+    """Filter configuration for acquisition tasks - matches API specification exactly."""
+    # Basic search and identification
+    search_term: Optional[str] = None
+    name: Optional[str] = None
+    ip_address: Optional[str] = None
+    group_id: Optional[str] = None
+    group_full_path: Optional[str] = None
+    label: Optional[str] = None  # NEW - Missing from API spec
+    # Status filters (arrays as per API)
+    managed_status: List[str] = []
+    isolation_status: List[str] = []
+    platform: List[str] = []
+    issue: Optional[str] = None  # API expects string, not array
+    online_status: List[str] = []
+    # Tags and policies
+    tags: List[str] = []
+    version: Optional[str] = None
+    policy: Optional[str] = None
+    # Endpoint targeting
+    included_endpoint_ids: List[str] = []
+    excluded_endpoint_ids: List[str] = []
+    # Organization and case
+    organization_ids: List[int] = []  # Required by API
+    case_id: Optional[str] = None  # NEW - Missing from API spec
+    # Date/time filters
+    last_seen: Optional[str] = None  # NEW - Missing from API spec (ISO 8601 format)
+    # Cloud provider filters
+    aws_regions: Optional[List[str]] = None  # NEW - Missing from API spec
+    azure_regions: Optional[List[str]] = None  # NEW - Missing from API spec
+class AcquisitionProfilePlatformDetails(AIRBaseModel):
+    """Platform-specific acquisition profile details - matches API specification exactly."""
+    evidenceList: List[str] = []  # API uses camelCase
+    artifactList: Optional[List[str]] = None  # API uses camelCase
+    customContentProfiles: List[Any] = []  # API uses camelCase
+    osQueries: List[str] = []  # FIXED: Added missing required field
+    networkCapture: Optional[NetworkCaptureConfig] = None  # API uses camelCase
+    # Windows-specific fields
+    eventLogRecordsConfig: Optional[Dict[str, List[str]]] = None  # FIXED: Added for Windows platform
+    @classmethod
+    def create_windows_config(cls, evidence_list: Optional[List[str]] = None, artifact_list: Optional[List[str]] = None) -> "AcquisitionProfilePlatformDetails":
+        """Create a proper Windows platform configuration with all required fields."""
+        return cls(
+            evidenceList=evidence_list or [],  # FIXED: Empty by default
+            artifactList=artifact_list or [],  # FIXED: Empty by default
+            customContentProfiles=[],
+            osQueries=[],
+            networkCapture=NetworkCaptureConfig(
+                enabled=False,
+                duration=600,
+                pcap={"enabled": False},
+                networkFlow={"enabled": False}
+            ),
+            eventLogRecordsConfig={"types": []}
+        )
+    @classmethod
+    def create_linux_config(cls, evidence_list: Optional[List[str]] = None, artifact_list: Optional[List[str]] = None) -> "AcquisitionProfilePlatformDetails":
+        """Create a proper Linux platform configuration with all required fields."""
+        return cls(
+            evidenceList=evidence_list or [],  # FIXED: Empty by default
+            artifactList=artifact_list or [],  # FIXED: Empty by default
+            customContentProfiles=[],
+            osQueries=[],
+            networkCapture=NetworkCaptureConfig(
+                enabled=False,
+                duration=600,
+                pcap={"enabled": False},
+                networkFlow={"enabled": False}
+            )
+        )
+    @classmethod
+    def create_macos_config(cls, evidence_list: Optional[List[str]] = None, artifact_list: Optional[List[str]] = None) -> "AcquisitionProfilePlatformDetails":
+        """Create a proper macOS platform configuration with all required fields."""
+        return cls(
+            evidenceList=evidence_list or [],  # FIXED: Empty by default
+            artifactList=artifact_list or [],  # FIXED: Empty by default
+            customContentProfiles=[],
+            osQueries=[],
+            networkCapture=NetworkCaptureConfig(
+                enabled=False,
+                duration=600,
+                pcap={"enabled": False},
+                networkFlow={"enabled": False}
+            )
+        )
+class AcquisitionProfileAIXDetails(AIRBaseModel):
+    """AIX-specific acquisition profile details - AIX doesn't support osQueries or networkCapture."""
+    evidenceList: List[str] = []  # API uses camelCase
+    artifactList: Optional[List[str]] = None  # API uses camelCase
+    customContentProfiles: List[Any] = []  # API uses camelCase
+    # Note: AIX doesn't have osQueries, networkCapture, or eventLogRecordsConfig
+    @classmethod
+    def create_aix_config(cls, evidence_list: Optional[List[str]] = None, artifact_list: Optional[List[str]] = None) -> "AcquisitionProfileAIXDetails":
+        """Create a proper AIX platform configuration with all required fields."""
+        return cls(
+            evidenceList=evidence_list or [],  # FIXED: Empty by default
+            artifactList=artifact_list or [],  # FIXED: Empty by default
+            customContentProfiles=[],
+            # Note: AIX doesn't have osQueries or networkCapture
+        )
+class AcquisitionProfile(AIRBaseModel):
+    """Acquisition profile model."""
+    id: str
+    name: str
+    organization_ids: List[int] = []
+    created_at: Optional[datetime] = None
+    updated_at: Optional[datetime] = None
+    created_by: str
+    deletable: bool = True
+    artifacts: List[str] = []  # Added for test compatibility
+    # Additional fields from API response
+    average_time: Optional[int] = None
+    last_used_at: Optional[datetime] = None
+    last_used_by: Optional[str] = None
+    has_event_log_records_evidence: Optional[bool] = None
+class AcquisitionProfileDetails(AcquisitionProfile):
+    """Detailed acquisition profile with platform configurations."""
+    windows: Optional[AcquisitionProfilePlatformDetails] = None
+    linux: Optional[AcquisitionProfilePlatformDetails] = None
+    macos: Optional[AcquisitionProfilePlatformDetails] = None
+    aix: Optional[AcquisitionProfilePlatformDetails] = None
+    e_discovery: Optional[Dict[str, List[EDiscoveryPattern]]] = None
+    settings: Optional[Dict[str, Any]] = None  # Added for test compatibility
+class EndpointVolumeConfig(AIRBaseModel):
+    """Endpoint and volume configuration for disk image acquisition."""
+    endpointId: str  # API uses camelCase
+    volumes: List[str] = []
+class DiskImageOptions(AIRBaseModel):
+    """Disk image options - API field names in camelCase."""
+    chunkSize: int  # API uses camelCase
+    chunkCount: int = 0  # API uses camelCase
+    startOffset: int  # API uses camelCase
+    imageType: str = "dd"  # API uses camelCase
+    singleFile: bool = False  # API uses camelCase
+    endpoints: List[EndpointVolumeConfig] = []
+class SchedulerConfig(AIRBaseModel):
+    """Scheduler configuration for acquisition tasks."""
+    when: str = "now"
+    timezone_type: Optional[str] = None
+    timezone: Optional[str] = None
+    start_date: Optional[int] = None
+    recurrence: Optional[str] = None
+    repeat_every: Optional[int] = None
+    repeat_on_week: Optional[List[str]] = None
+    repeat_on_month: Optional[int] = None
+    end_repeat_type: Optional[str] = None
+    end_date: Optional[int] = None
+    limit: Optional[int] = None
+class AcquisitionTaskRequest(AIRBaseModel):
+    """Acquisition task request."""
+    case_id: str
+    drone_config: DroneConfig
+    task_config: TaskConfig
+    acquisition_profile_id: str
+    filter: FilterConfig
+class ImageAcquisitionTaskRequest(AIRBaseModel):
+    """Image acquisition task request."""
+    case_id: Optional[str] = None
+    task_config: TaskConfig
+    disk_image_options: DiskImageOptions
+    filter: FilterConfig
+    scheduler_config: SchedulerConfig = SchedulerConfig()
+class CreateAcquisitionProfileRequest(AIRBaseModel):
+    """Create acquisition profile request - matches API specification exactly."""
+    name: str
+    organizationIds: List[int] = [0]  # FIXED: Default to [0] instead of []
+    windows: AcquisitionProfilePlatformDetails  # Required by API
+    linux: AcquisitionProfilePlatformDetails   # Required by API
+    macos: AcquisitionProfilePlatformDetails   # Required by API
+    aix: AcquisitionProfileAIXDetails          # FIXED: Use AIX-specific model
+    eDiscovery: EDiscoveryConfig = EDiscoveryConfig(patterns=[
+        EDiscoveryPattern(pattern="**/*.7z", category="Archives")
+    ])  # API requires this field to be non-empty
+# Simplified request models for testing
+class CreateAcquisitionRequest(AIRBaseModel):
+    """Simplified acquisition request for testing."""
+    filter: Dict[str, Any]
+    profileId: str
+    name: Optional[str] = None
+class CreateImageAcquisitionRequest(AIRBaseModel):
+    """Simplified image acquisition request for testing - FIXED with required fields."""
+    filter: Dict[str, Any]
+    name: Optional[str] = None
+    fullDisk: bool = False
+    repository_id: Optional[str] = None
+    volumes: Optional[List[str]] = None
+    # FIXED: Add required fields for image acquisition
+    case_id: Optional[str] = None
+    task_config: Optional[Dict[str, Any]] = None
+    disk_image_options: Optional[Dict[str, Any]] = None
+    scheduler_config: Optional[Dict[str, Any]] = None
+    # API expects imageFormat for disk image type (e.g., dd, e01)
+    image_format: Optional[str] = Field(default=None, alias="imageFormat")
+class AcquisitionFilter(Filter):
+    """Filter for acquisition profile queries - matches API specification exactly."""
+    # Search and identification
+    search_term: Optional[str] = None
+    name: Optional[str] = None
+    # Organization parameters
+    organization_ids: Optional[List[int]] = None  # Required by API
+    all_organizations: Optional[bool] = None  # true/false
+    # Profile metadata (for backwards compatibility)
+    created_by: Optional[str] = None
+    deletable: Optional[bool] = None
+    def to_params(self) -> Dict[str, Any]:
+        """Convert filter to API parameters."""
+        params = {}
+        # Pagination parameters (not in filter namespace) - only if set
+        if self.page_number is not None:
+            params["pageNumber"] = self.page_number
+        if self.page_size is not None:
+            params["pageSize"] = self.page_size
+        if self.sort_by is not None:
+            params["sortBy"] = self.sort_by
+        if self.sort_type is not None:
+            params["sortType"] = self.sort_type
+        # Add acquisition-specific filter parameters (use API field names)
+        if self.search_term is not None:
+            params["filter[searchTerm]"] = self.search_term
+        if self.name is not None:
+            params["filter[name]"] = self.name
+        if self.organization_ids is not None:
+            params["filter[organizationIds]"] = ",".join([str(x) for x in self.organization_ids])
+        if self.all_organizations is not None:
+            params["filter[allOrganizations]"] = "true" if self.all_organizations else "false"
+        # Backwards compatibility fields (not in API spec but may be used)
+        if self.created_by is not None:
+            params["filter[createdBy]"] = self.created_by
+        if self.deletable is not None:
+            params["filter[deletable]"] = "true" if self.deletable else "false"
         return params

binalyze-air-sdk 1.0.2__py3-none-any.whl → 1.0.3__py3-none-any.whl

binalyze-air-sdk 1.0.2py3-none-any.whl → 1.0.3py3-none-any.whl